<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-name:"List Paragraph\,Dot pt\,F5 List Paragraph\,List Paragraph1\,No Spacing1\,List Paragraph Char Char Char\,Indicator Text\,Colorful List - Accent 11\,Numbered Para 1\,Bullet 1\,Bullet Points\,List Paragraph2\,MAIN CONTENT\,Normal numbered\,Issue Action POC\,3\,Bullet\,F5\,\5217";
mso-style-priority:34;
mso-style-link:"List Paragraph Char\,Dot pt Char\,F5 List Paragraph Char\,List Paragraph1 Char\,No Spacing1 Char\,List Paragraph Char Char Char Char\,Indicator Text Char\,Colorful List - Accent 11 Char\,Numbered Para 1 Char\,Bullet 1 Char\,Bullet Points Char\,List Paragraph2 Char";
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-name:"List Paragraph\,Dot pt\,F5 List Paragraph\,List Paragraph1\,No Spacing1\,List Paragraph Char Char Char\,Indicator Text\,Colorful List - Accent 11\,Numbered Para 1\,Bullet 1\,Bullet Points\,List Paragraph2\,MAIN CONTENT\,Normal numbered\,Issue Action POC\,3\,Bullet\,F5\,\5217Cx";
mso-style-priority:34;
mso-style-link:"List Paragraph Char\,Dot pt Char\,F5 List Paragraph Char\,List Paragraph1 Char\,No Spacing1 Char\,List Paragraph Char Char Char Char\,Indicator Text Char\,Colorful List - Accent 11 Char\,Numbered Para 1 Char\,Bullet 1 Char\,Bullet Points Char\,List Paragraph2 Char";
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-name:"List Paragraph\,Dot pt\,F5 List Paragraph\,List Paragraph1\,No Spacing1\,List Paragraph Char Char Char\,Indicator Text\,Colorful List - Accent 11\,Numbered Para 1\,Bullet 1\,Bullet Points\,List Paragraph2\,MAIN CONTENT\,Normal numbered\,Issue Action POC\,3\,Bullet\,F5\,\5217Cx";
mso-style-priority:34;
mso-style-link:"List Paragraph Char\,Dot pt Char\,F5 List Paragraph Char\,List Paragraph1 Char\,No Spacing1 Char\,List Paragraph Char Char Char Char\,Indicator Text Char\,Colorful List - Accent 11 Char\,Numbered Para 1 Char\,Bullet 1 Char\,Bullet Points Char\,List Paragraph2 Char";
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-name:"List Paragraph\,Dot pt\,F5 List Paragraph\,List Paragraph1\,No Spacing1\,List Paragraph Char Char Char\,Indicator Text\,Colorful List - Accent 11\,Numbered Para 1\,Bullet 1\,Bullet Points\,List Paragraph2\,MAIN CONTENT\,Normal numbered\,Issue Action POC\,3\,Bullet\,F5\,\5217Cx";
mso-style-priority:34;
mso-style-link:"List Paragraph Char\,Dot pt Char\,F5 List Paragraph Char\,List Paragraph1 Char\,No Spacing1 Char\,List Paragraph Char Char Char Char\,Indicator Text Char\,Colorful List - Accent 11 Char\,Numbered Para 1 Char\,Bullet 1 Char\,Bullet Points Char\,List Paragraph2 Char";
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.ListParagraphChar
{mso-style-name:"List Paragraph Char\,Dot pt Char\,F5 List Paragraph Char\,List Paragraph1 Char\,No Spacing1 Char\,List Paragraph Char Char Char Char\,Indicator Text Char\,Colorful List - Accent 11 Char\,Numbered Para 1 Char\,Bullet 1 Char\,Bullet Points Char\,List Paragraph2 Char";
mso-style-priority:34;
mso-style-link:"List Paragraph\,Dot pt\,F5 List Paragraph\,List Paragraph1\,No Spacing1\,List Paragraph Char Char Char\,Indicator Text\,Colorful List - Accent 11\,Numbered Para 1\,Bullet 1\,Bullet Points\,List Paragraph2\,MAIN CONTENT\,Normal numbered\,Issue Action POC\,3\,Bullet\,F5\,\5217";
font-family:"Calibri",sans-serif;}
p.paragraph, li.paragraph, div.paragraph
{mso-style-name:paragraph;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.normaltextrun
{mso-style-name:normaltextrun;}
span.eop
{mso-style-name:eop;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:391084185;
mso-list-type:hybrid;
mso-list-template-ids:-1399266102 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:2024284888;
mso-list-template-ids:-12677508;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">For Your Situational Awareness (FYSA)</span><o:p></o:p></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span style="color:#333333"><o:p> </o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span class="normaltextrun"><span style="font-size:11.0pt">To raise awareness of the risks to—and improve the cyber protection of—critical infrastructure, CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well
as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS: </span></span><span class="eop"><span style="font-size:11.0pt"> </span></span><span style="font-size:11.0pt"><o:p></o:p></span></p>
<p class="MsoListParagraphCxSpFirst" style="user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<span style="font-size:11.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoListParagraphCxSpMiddle" style="text-indent:-.25in;mso-list:l0 level1 lfo3">
<![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Times New Roman",serif">Joint Cybersecurity Advisory
<a href="https://us-cert.cisa.gov/ncas/alerts/aa21-201a">2011 Gas Pipeline Sector Intrusion Campaign</a>]<b> Note:
</b>CISA released the initial version of this publication to affected stakeholders in 2012.</span><span style="font-size:11.0pt;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
<p class="MsoListParagraphCxSpMiddle" style="text-indent:-.25in;mso-list:l0 level1 lfo3">
<![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Times New Roman",serif">Updated – 2012 ICS Joint Security Awareness Report:
<a href="https://us-cert.cisa.gov/ics/jsar/JSAR-12-241-01B">Shamoon/DistTrack Malware (Update B)</a><o:p></o:p></span></p>
<p class="MsoListParagraphCxSpMiddle" style="text-indent:-.25in;mso-list:l0 level1 lfo3">
<![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Times New Roman",serif">Updated – 2014 ICS Advisory:
<a href="https://us-cert.cisa.gov/ics/advisories/ICSA-14-178-01">ICS Focused Malware – Havex</a><o:p></o:p></span></p>
<p class="MsoListParagraphCxSpMiddle" style="text-indent:-.25in;mso-list:l0 level1 lfo3">
<![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Times New Roman",serif">Updated – 2014 ICS Alert:
<a href="https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-14-281-01B">Ongoing Sophisticated Malware Campaign Compromising ICS (Update E)</a><o:p></o:p></span></p>
<p class="MsoListParagraphCxSpMiddle" style="text-indent:-.25in;mso-list:l0 level1 lfo3">
<![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Times New Roman",serif">Updated – 2016 ICS Alert:
<a href="https://us-cert.cisa.gov/ics/alerts/IR-ALERT-H-16-056-01">Cyber-Attack Against Ukrainian Critical Infrastructure</a><o:p></o:p></span></p>
<p class="MsoListParagraphCxSpLast" style="text-indent:-.25in;mso-list:l0 level1 lfo3">
<![if !supportLists]><span style="font-size:11.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Times New Roman",serif">Updated – 2017 Technical Alert:
<a href="https://us-cert.cisa.gov/ncas/alerts/TA17-163A">CrashOverride Malware<span style="color:windowtext;text-decoration:none"><br>
</span></a><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span class="normaltextrun"><span style="font-size:11.0pt">CISA urges critical infrastructure owners and operators to review the publications listed above and apply the mitigations in Joint CISA-FBI CSA
<a href="https://us-cert.cisa.gov/ncas/alerts/aa21-201a">(AA21-201A) Gas Pipeline Intrusion Campaign, 2011-2013</a>. CISA also encourages owners and operators to review </span></span><span style="font-size:11.0pt"><a href="https://us-cert.cisa.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf">AR-17-20045:
Enhanced Analysis of Malicious Cyber Activity</a><span class="normaltextrun">. These products</span> contain threat actor tactics, techniques, and procedures (TTPs); technical indicators; and forensic analysis that critical infrastructure owners and operators
can use to reduce their organizations’ exposure to cyber threats. <b><o:p></o:p></b></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span class="normaltextrun"><o:p> </o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span class="normaltextrun"><span style="font-size:11.0pt">Although these publications detail historical activity, the TTPs remain relevant to help network defenders protect against intrusions.</span></span><span class="eop"><span style="font-size:11.0pt"> CISA
published a Current Activity about this release that can be found <a href="https://us-cert.gov/ncas/current-activity/2021/07/20/significant-historical-cyber-intrusion-campaigns-targeting-ics">
here</a>. </span><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671 Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image001.png@01D77D3B.DDFF5680"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
</div>
</body>
</html>