[CDP-development] FYSA - CISA Releases Important Updates to Historical Cyber Campaigns Targeting ICS

ALBIN Cinnamon S * DAS Cinnamon.S.ALBIN at oregon.gov
Tue Jul 20 12:52:41 PDT 2021 

For Your Situational Awareness (FYSA)



To raise awareness of the risks to-and improve the cyber protection of-critical infrastructure, CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS:



*       Joint Cybersecurity Advisory 2011 Gas Pipeline Sector Intrusion Campaign<https://us-cert.cisa.gov/ncas/alerts/aa21-201a>]  Note: CISA released the initial version of this publication to affected stakeholders in 2012.

*       Updated - 2012 ICS Joint Security Awareness Report: Shamoon/DistTrack Malware (Update B)<https://us-cert.cisa.gov/ics/jsar/JSAR-12-241-01B>

*       Updated - 2014 ICS Advisory: ICS Focused Malware - Havex<https://us-cert.cisa.gov/ics/advisories/ICSA-14-178-01>

*       Updated - 2014 ICS Alert: Ongoing Sophisticated Malware Campaign Compromising ICS (Update E)<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-14-281-01B>

*       Updated - 2016 ICS Alert: Cyber-Attack Against Ukrainian Critical Infrastructure<https://us-cert.cisa.gov/ics/alerts/IR-ALERT-H-16-056-01>

*       Updated - 2017 Technical Alert: CrashOverride Malware
<https://us-cert.cisa.gov/ncas/alerts/TA17-163A>

CISA urges critical infrastructure owners and operators to review the publications listed above and apply the mitigations in Joint CISA-FBI CSA (AA21-201A) Gas Pipeline Intrusion Campaign, 2011-2013<https://us-cert.cisa.gov/ncas/alerts/aa21-201a>. CISA also encourages owners and operators to review AR-17-20045: Enhanced Analysis of Malicious Cyber Activity<https://us-cert.cisa.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf>. These products contain threat actor tactics, techniques, and procedures (TTPs); technical indicators; and forensic analysis that critical infrastructure owners and operators can use to reduce their organizations' exposure to cyber threats.



Although these publications detail historical activity, the TTPs remain relevant to help network defenders protect against intrusions. CISA published a Current Activity about this release that can be found here<https://us-cert.gov/ncas/current-activity/2021/07/20/significant-historical-cyber-intrusion-campaigns-targeting-ics>.


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671 Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D77D3B.DDFF5680]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20210720/237341c7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20210720/237341c7/attachment-0001.png>

More information about the CDP-development mailing list