UPDATE: Ongoing Malicious Cyber Activity Against U.S. Government and Private Sector Entities

UPDATE: The United States Department of Homeland Security, in collaboration with the Federal Bureau of Investigation and other partners, has released a second Joint Indicator Bulletin (JIB) through secure channels. Confirmed members of the cybersecurity community of practice, which may include critical infrastructure owners and operators, systems administrators, and information security practitioners, may request a copy of this second bulletin by contacting soc@us-cert.gov with the subject “JIB Request,” and including the requestor’s name and affiliation.

Various cyber actors have engaged in malicious activity against U.S. Government and private sector entities. The apparent objective of this activity has been the theft of intellectual property, trade secrets, and other sensitive business information. The malicious actors have employed a variety of techniques to infiltrate targeted organizations, establish a foothold, penetrate throughout the targets’ networks, and steal confidential or proprietary data. The United States Department of Homeland Security, in collaboration with the Federal Bureau of Investigation and other partners, has released a Joint Indicator Bulletin (JIB) through secure channels. This JIB contains cyber threat indicators that will enable public and private sector critical infrastructure partners to take action to mitigate adverse impacts from this activity and protect their sensitive information.

This traffic light protocol green JIB contains internet protocol addresses, domain names, and malware indicators associated with malicious data exfiltration activity. Confirmed members of the cybersecurity community of practice, which may include critical infrastructure owners and operators, systems administrators, and information security practitioners, may request a copy of this bulletin by contacting soc@us-cert.gov with the subject “JIB Request,” and including the requestor’s name and affiliation.