27 Jan 2022

FBI warns over Iranian cyber group, tells organizations to up their defenses

The FBI has issued an alert regarding the activities, tools, and tactics of an Iranian threat group. The intended purpose of the warning was to give US organizations the tips to defend themselves against the group’s malicious cyber activities. In October 2021, the US District Court for the Southern District

Read More
11 Jan 2022

A Joint Cybersecurity Advisory from CISA, FBI and NSA: Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

As we have mentioned a few times here at OODA Loop, we are very discerning in our amplification of US-CERT e-mail notifications.  Emergency Directives and Joint Cybersecurity Advisories (CSAs) are the exceptions.   The Joint CSA released today by CISA, the FBI, and the NSA is very much aligned with our coverage of the current tension in Ukraine and the role of cyber and information threat vectors in gray-zone conflicts. Following are the details of the Joint CSA.

Read More
10 Jan 2022

Cyber criminals are mailing out USB drives that install ransomware

According to the FBI, a cybercrime group has been attempting to compromise devices via thumb drives. The malicious group has been mailing out USB thumb drives, hoping that recipients will fall for the trick and plug them into their devices, effectively installing ransomware on their networks. The drives reportedly contain

Read More
06 Dec 2021

Cuba ransomware group hit 49 critical infrastructure organizations

Last Friday, the FBI released a new notice regarding the Cuba ransomware, stating that a threat group has attacked 49 entities spanning five different critical infrastructure sectors. The FBI also noted that the group has likely made at least $43.9 million in ransom payments. The threat group deploying the Hancitor

Read More
14 Nov 2021

FBI server sending fake emails taken offline and fixed, no data impacted

The FBI has addressed an incident over the weekend in which fake emails were sent due to a misconfiguration in its Law Enforcement Enterprise Portal (LEEP). The misconfiguration allowed emails to be sent from an official domain, ic.fbi.gov. According to the FBI, LEEP is an IT infrastructure used by the

Read More
03 Sep 2021

FBI Warns Food and Agriculture Firms of Ransomware Threat

The Federal Bureau of Investigation (FBI) has released a warning alerting companies in the food and agricultural sector that they are at high risk for ransomware. This is partially due to corporate attack surfaces expanding, according to the bureau. The notification stated that the sectors contain critical infrastructures that could

Read More
01 Sep 2021

FBI, CISA warn of potential cyberattacks over Labor Day weekend

The FBI and Cybersecurity and Infrastructure Security Agency have released a joint advisory warning of potential cyberattacks over Labor Day weekend. The agencies noted that cyberattackers have launched dozens of devastating attacks over long weekends in past years. They urged organizations to take extra steps to secure their systems and

Read More
26 Aug 2021

Glitch Exposed Data of Alleged Treaty Violator to FBI

A software program flaw allegedly resulted in private data belonging to a treaty violator being exposed to unauthorized FBI agents for months. The Palantir program was reportedly exploited by at least three FBI employees to view data belonging to US citizen and Singapore resident Virgil Griffith. Griffith is a former

Read More
25 Aug 2021

FBI Issues Ransomware Group Flash Alert

The FBI recently released a flash warning due to the recent activities of an organized cyber-criminal gang referred to as the OnePercent Group. In the alert, which was published on Monday, the FBI stated that the group has been targeting US companies since November 2020. OnePercent uses the threat emulation

Read More
17 Aug 2021

Misconfigured Server Leaks US Terror Watchlist

Bob Diachenko, head of security research for Comparitech, stated that he discovered a configuration error that leaked a secret watchlist of suspected terrorists maintained by the FBI. Diachenko stated that he discovered the Terrorist Screening Center (TSC) list on July 19. The server was not fixed for several weeks despite

Read More