USCYBERCOM Cybersecurity Alert

Chinese state-sponsored actors are targeting global telecommunications and other critical infrastructure orgs. We’ve joined others worldwide to call these actors out and publish hunting & mitigation guidance to reduce this ongoing threat. media.defense.gov/2025/Aug/22/20…

Yesterday at #RSAC 2025, FBI Assistant Director Bryan Vorndran warned about the threat from North Korean remote IT workers, who gain employment with US companies to generate revenue for Pyongyang, exfiltrate proprietary and sensitive data, and conduct data extortion.

We joined @FBI @NSAGov & @NCSC to outline TTPs used by Russia's SVR (APT29) to target defense, tech & finance sectors globally. They scan for unpatched systems, gain access, and pivot to connected networks. Read the CSA for ways to protect your networks: ic3.gov/Media/News/202…

🚨We partnered with @FBI @USTreasury & @NCSC to expose cyber threats from Iran’s IRGC, targeting gov't, think tanks, journalists, activists, lobbyists & election officials' personal social accounts. ⚠️Stay informed: ic3.gov/Media/News/202…

Today CNMF joined @FBI @NSA & partners 🇬🇧🇦🇺🇨🇦🇳🇿 to issue a joint advisory on foreign state-sponsored actors using IoT devices to create a botnet positioned for malicious cyber activities. Read the full advisory, to include mitigation actions, here: media.defense.gov/2024/Sep/18/20…

We joined US & international partners 🇳🇱🇨🇿🇩🇪🇪🇪🇱🇻🇺🇦🇨🇦🇦🇺🇬🇧 to issue a Cybersecurity Advisory on malware used by Russian-state affiliated cyber actors for espionage, theft/leakage of sensitive info & sabotage/data destruction. Read the full advisory here: ic3.gov/Media/News/202…

Read the FBI's full CSA report and take actions today to mitigate malicious cyber activity: media.defense.gov/2024/Jul/25/20…

@FBI, CNMF, and our interagency & international partners 🇰🇷🇬🇧 warn of a North Korean-aligned intrusion conducting global ransomware attacks to raise revenue for the regime and cyber espionage

We joined @FBI @AIVD with Dutch & Canadian partners to warn of Russian state-sponsored actors using covert Meliorator software for disinformation campaigns. Read the FBI's CSA & take actions to improve your cybersecurity posture against this activity. ic3.gov/Media/News/202…

We joined US and international partners to publish a cybersecurity advisory highlighting Russian state-sponsored actor APT28’s compromise of EdgeRouters globally. Read more, to include actions users can take to keep APT28 out of their networks, here: media.defense.gov/2024/Feb/27/20…

Russian-state linked cyber actor APT29 is adapting their tradecraft as more organizations move to the cloud. CNMF joined FVEY 🇬🇧🇦🇺🇨🇦🇳🇿🇺🇸 partners to expose the group’s TTPs & provide mitigation strategies. Read the CSA here: ncsc.gov.uk/files/Advisory…

CNMF joined US & international partners @NCSC, @CyberGovAU, @cybercentre_ca, @CISAgov, @FBI, @NSACyber & NCSC-NZ, releasing a joint CSA highlighting Russian-state actor Star Blizzard’s global spear-phishing campaigns & TTPs. Read the full advisory here: ncsc.gov.uk/pdfs/news/star…

Read more about it here: cybercom.mil/Media/News/Art…

U.S. defensive cyber operators recently returned from @US_CYBERCOM’s second #DefendForward mission to #Lithuania where they hunted on key networks in close collaboration with @Lithuanian_MOD. #PartnershipsMatter because we are #StrongerTogether

@CISAgov @FBI @CISACyber @US_CYBERCOM Nation-state APTs used unauthorized admin credentials to move laterally within an organization’s networks. Take action today to protect your networks! Follow the mitigation actions outlined by @CISAgov & @FBI in the CSA: cisa.gov/news-events/cy…

Multiple nation-state APT actors are scanning internet-facing apps for vulnerabilities that can be easily exploited. Read the @CISAgov & @FBI advisory: cisa.gov/news-events/cy… @CISACyber @US_CYBERCOM

Russian intel FSB Center 16 has been using "Snake" implant as a cyber espionage tool for long-term intel collect against media, education, small businesses & CIKR in 50+ countries. Read the US/Allied Cybersecurity Advisory here: media.defense.gov/2023/May/09/20…

Make sure to save all your answers for the final #MathStatMonth challenge released 26 April. Best of luck to all!

It's #MathStatMonth and the #cybersecurity workforce from @DeptofDefense’s CNMF, along with private sector partners, created a series of crypto, steganography, and word challenges to flex your skills. github.com/CNMF-Puzzles/C…

“This multi-partner advisory highlights how Iranian cyber actors are exploiting vulnerabilities, targeting a broad range of entities including U.S. & partner critical infrastructure, & using accesses for ransom operations."- US Army Maj Gen Hartman, Cyber National Mission Force