<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Aptos;}
@font-face
{font-family:FluentSystemIcons;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:568611784;
mso-list-type:hybrid;
mso-list-template-ids:267285072 316073424 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Aptos",sans-serif;
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:black">Happy Monday!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">I wanted to share some recent threat intel with you all.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif;mso-ligatures:none">Kevin Galusha, CISSP</span></b><span style="mso-ligatures:none"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;mso-ligatures:none">Cybersecurity Architect</span><span style="mso-ligatures:none"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;mso-ligatures:none">Clackamas County Technology Services</span><span style="mso-ligatures:none"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;mso-ligatures:none">(503)723-4960</span><span style="mso-ligatures:none"><o:p></o:p></span></p>
<p class="MsoNormal"><u><span style="font-family:"Arial",sans-serif;color:#0563C1;mso-ligatures:none"><a href="mailto:KGalusha@clackamas.us"><span style="color:#0563C1">KGalusha@clackamas.us</span></a></span></u><span style="mso-ligatures:none"><o:p></o:p></span></p>
<p class="MsoNormal"><u><span style="font-family:"Arial",sans-serif;color:#0563C1;mso-ligatures:none"><a href="http://www.clackamas.us/"><span style="color:#0563C1">www.clackamas.us</span></a></span></u><span style="mso-ligatures:none"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<div style="mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;padding:0in 0in 1.0pt 0in">
<p class="MsoNormal" style="border:none;padding:0in"><span style="color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">The following advisory is </span><b><span style="color:#C82613">UNCLASSIFIED//FOR OFFICIAL USE ONLY</span></b><span style="color:black">:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;background:white;min-width: 100%" id="table_0">
<tbody>
<tr>
<td style="padding:3.75pt 0in 3.75pt 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;min-width: 100%">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal" style="text-align:justify;line-height:18.0pt"><span style="font-size:13.0pt;color:#262626">(<i>U)
</i></span><span style="font-size:13.0pt;color:black">The attached Commonwealth Fusion Center (CFC) Massachusetts Cybersecurity Program (MCP) Cyber Intelligence Brief is being provided to assist agencies and organizations in guarding against the persistent
malicious actions of cybercriminals.</span><span style="font-size:13.0pt"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;background:white;min-width: 100%">
<tbody>
<tr>
<td style="padding:3.75pt 0in 3.75pt 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;min-width: 100%">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal" style="text-align:justify;line-height:18.0pt"><i><span style="font-size:13.0pt;color:black">(U//FOUO)</span></i><span style="font-size:13.0pt;color:black"> As part of the ongoing conflict with Iran, open-sources are reporting that Iranian
state-sponsored cyberoperations are still active and is targeting US critical infrastructure. According to open-source reporting and active threat intelligence, Pro-Iranian threat actor Ababil of Minab has claimed responsibility for cyberattacks against Los
Angeles County Metro Transit Authority (LACMTA) and GPS Services provider VYNCS.</span><span style="font-size:13.0pt;color:black"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;background:white;min-width: 100%" id="table_1">
<tbody>
<tr>
<td style="padding:3.75pt 0in 3.75pt 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;min-width: 100%">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal" style="text-align:justify;line-height:18.0pt"><i><span style="font-size:13.0pt;color:black">(U//FOUO)</span></i><span style="font-size:13.0pt;color:black"> The Iranian Advanced Persistent Threat (ATP) group has been identified through posts
on their Telegram Channel and a Clearnet Website. The name is a combination of two locations in Iran. Minab is a city in Iran that was highlighted during missile strikes on February 28. A girls’ elementary school in Minab was struck by a missile and resulted
in the death of 180 children. Ababil is a drone (HESA Ababil-3) that is stationed on an airstrip in Minab. Ababil is mentioned in the Quran as a miraculous bird that dropped stones on their enemies. The City of Minab is located on the Strait of Hormuz.</span><span style="font-size:13.0pt;color:black"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;background:white;min-width: 100%">
<tbody>
<tr>
<td style="padding:3.75pt 0in 3.75pt 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;min-width: 100%">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal" style="text-align:justify;line-height:18.0pt"><i><span style="font-size:13.0pt;color:black">(U//FOUO)</span></i><span style="font-size:13.0pt;color:black"> According to Dataminr, Ababil of Minab claimed to have attacked LA County Metro
IT systems including administrative access to VMware vCenter Server environment. Open-source reporting stated this cyber-attack required LA Metro Transit to take down internal systems which caused delays to patrons adding funds to their metro cards. Message
boards showing departure and arrival times for trains and buses were not operational.</span><span style="font-size:13.0pt;color:black"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;background:white;min-width: 100%">
<tbody>
<tr>
<td style="padding:3.75pt 0in 3.75pt 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;min-width: 100%">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal" style="text-align:justify;line-height:18.0pt"><i><span style="font-size:13.0pt;color:black">(U)</span></i><span style="font-size:13.0pt;color:black"> The attached Cyber Intelligence Brief contains additional details, recommendations, and
references.</span><span style="font-size:13.0pt;color:black"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="1006" style="width:754.5pt;background:white;min-width: 100%">
<tbody>
<tr>
<td style="padding:11.25pt 0in 3.75pt 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="1006" style="width:754.5pt;min-width: 100%">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal" style="text-align:justify;line-height:18.0pt"><b><i><span style="font-size:13.0pt;font-family:"Arial",sans-serif;color:black">The information contained in these products are marked
</span></i></b><b><i><span style="font-size:13.0pt;font-family:"Arial",sans-serif;color:red">UNCLASSIFIED//FOR OFFICIAL USE ONLY (U//FOUO) and U//FOUO/REL TO USA, FVEY.</span></i></b><b><i><span style="font-size:13.0pt;font-family:"Arial",sans-serif;color:black"> It
contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). It is to be controlled, stored, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO information and
is not to be released to the public, the media, or other personnel who do not have a valid need to know without prior approval of an authorized DHS official.</span></i></b><span style="font-size:13.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="background:white"><span style="font-size:15.0pt;font-family:"FluentSystemIcons",serif;color:white;background:#424242"></span><span style="font-size:15.0pt;font-family:"FluentSystemIcons",serif"><o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="1006" style="width:754.5pt;background:white;min-width: 100%">
<tbody>
<tr>
<td style="padding:3.75pt 0in 3.75pt 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="1006" style="width:754.5pt;background:#013C77;min-width: 100%">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal" align="center" style="text-align:center;background:#00082C">
<b><span style="font-size:15.0pt;font-family:"Arial",sans-serif;color:red">UNCLASSIFIED//FOR OFFICIAL USE ONLY</span></b><span style="font-size:15.0pt;font-family:"Arial",sans-serif;color:red"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-ligatures:none"> </span><o:p></o:p></p>
</div>
</body>
</html>