A Joint Cybersecurity Advisory from CISA, FBI and NSA: Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
As we have mentioned a few times here at OODA Loop, we are very discerning in our amplification of US-CERT e-mail notifications. Emergency Directives and Joint Cybersecurity Advisories (CSAs) are the exceptions. The Joint CSA released today by CISA, the FBI, and the NSA is very much aligned with our coverage of the current tension in Ukraine and the role of cyber and information threat vectors in gray-zone conflicts. Following are the details of the Joint CSA.
Five Eyes Issue Joint Log4Shell Advisory: “Agencies Strongly Urge All Organizations Take Immediate Action to Protect their Networks”
The Five Eyes intelligence allies – government agencies in the United States, United Kingdom, Australia, Canada, and New Zealand – issued a joint Cybersecurity advisory (CSA) days before the Christmas holiday, offering guidance for the Apache Log4j vulnerability worldwide. Nation-states and ransomware gangs are already starting to exploit the vulnerabilities, including Log4Shell (part of the Log4j software library).
Joint Cybersecurity Advisory Released by CISA, FBI, AUS CSC and UK NCSC Regarding Iranian Government-Sponsored APT
An advanced persistent threat (APT) group since March of 2021, has been exploiting Fortinet vulnerabilities and, since October 2021, a Microsoft Exchange ProxyShell vulnerability “to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.” This joint cybersecurity advisory is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC).
The Joint Cybersecurity Advisory was released this morning at approx. 11 AM EST.