AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services

Original release date: January 13, 2021SummaryThis Analysis Report uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor…

Comments Off on AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services

AR20-303B: MAR-10310246-1.v1 – ZEBROCY Backdoor

Original release date: October 29, 2020DescriptionNotification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind…

Comments Off on AR20-303B: MAR-10310246-1.v1 – ZEBROCY Backdoor

AR20-303A: MAR-10310246-2.v1 – PowerShell Script: ComRAT

Original release date: October 29, 2020Description Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any…

Comments Off on AR20-303A: MAR-10310246-2.v1 – PowerShell Script: ComRAT

AR20-268A: Federal Agency Compromised by Malicious Cyber Actor

Original release date: September 24, 2020SummaryThis Analysis Report uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor…

Comments Off on AR20-268A: Federal Agency Compromised by Malicious Cyber Actor

AR20-259A: MAR-10297887-1.v1 – Iranian Web Shells

Original release date: September 15, 2020Description Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any…

Comments Off on AR20-259A: MAR-10297887-1.v1 – Iranian Web Shells