Announcements

On February 17, 2021, CISA, the Federal Bureau of Investigation, and the Department of the Treasury identified malware and other indicators of compromise used by the North Korean government to facilitate the theft of cryptocurrency—referred to by the U.S. Government as “AppleJeus.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information, visit https://us-cert.cisa.gov/northkorea.

On October 28, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) released a joint cybersecurity advisory on current ransomware activity and how to prevent and respond to ransomware attacks.

On October 27, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Cyber Command Cyber National Mission Force (CNMF) released a new joint cybersecurity advisory on tactics, techniques, and procedures (TTPs) used by North Korean advanced persistent threat (APT) group Kimsuky. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information, visit https://us-cert.cisa.gov/northkorea.

On September 30, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) released a joint Ransomware Guide on how to prevent and respond to ransomware attacks. For more information, visit https://www.cisa.gov/publication/ransomware-guide.

On September 14, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) issued an advisory about Chinese Ministry of State Security (MSS)-affiliated cyber threat actors targeting U.S. government agencies. For more information, visit https://us-cert.cisa.gov/china.

On September 1, 2020, the Cybersecurity and Infrastructure Security Agency (CISA)—in collaboration with the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom—released a joint advisory on technical approaches to uncovering and remediating malicious activity. For more information, visit https://us-cert.cisa.gov/ncas/alerts/aa20-245a. 

On August 26, 2020, the Cybersecurity Security and Infrastructure Security Agency (CISA), the Department of the Treasury, the Federal Bureau of Investigation, and U.S. Cyber Command identified malware and other indicators of compromise used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to the group behind this activity as BeagleBoyz, a subset of HIDDEN COBRA.

On August 19, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released one new Malware Analysis Report (MAR) on malware used by North Korean actors. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information, visit https://www.us-cert.gov/NorthKorea.

On August 3, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD), released a new Malware Analysis Report (MAR) on malware used by the Chinese government. For more information, visit https://us-cert.cisa.gov/china.

On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD), released three new Malware Analysis Reports (MARs) on malware used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information, visit https://www.us-cert.gov/NorthKorea.