User Overview
USCYBERCOM Cybersecurity Alert 
Followers and Following
Followers
Following
Tweet Stats
Analysed 73 tweets, tweets from the last 116 weeks.
Tweets Day of Week (UTC)
Tweets Hour of Day (UTC)
Key:
Tweets
Retweets
Quotes
Replies
Tweets Day and Hour Heatmap (UTC)
| Top Applications | Count | % |
|---|---|---|
|
|
64 | 87.7% |
|
|
4 | 5.5% |
|
|
2 | 2.7% |
|
|
2 | 2.7% |
|
|
1 | 1.4% |
| Top Tweet Types | Count | % |
|---|---|---|
| Quote | 34 | 46.6% |
| Tweet | 20 | 27.4% |
| Retweet | 19 | 26.0% |
| Reply | 6 | 8.2% |
| Top Content Types | Count | % |
|---|---|---|
| URL | 53 | 72.6% |
| Photo | 7 | 9.6% |
| Most Retweeted Users | Count | % |
|---|---|---|
 @US_CYBERCOM - U.S. Cyber Command
|
7 | 36.8% |
 @USCERT_gov - US-CERT
|
6 | 31.6% |
 @NSACyber - NSA Cyber
|
3 | 15.8% |
 @MsftSecIntel - Microsoft Security Intelligence
|
1 | 5.3% |
 @JRoosen - Joseph Roosen
|
1 | 5.3% |
 @FBI - FBI
|
1 | 5.3% |
| More | ||
| Less | ||
| Most Quoted Users | Count | % |
|---|---|---|
|
@NSACyber - NSA Cyber
|
5 | 14.7% |
 @TheJusticeDept - Justice Department
|
4 | 11.8% |
|
@USCERT_gov - US-CERT
|
3 | 8.8% |
 @CISAgov - Cybersecurity and Infrastructure Security Agency
|
3 | 8.8% |
 @NCSCgov - NCSC
|
3 | 8.8% |
|
@US_CYBERCOM - U.S. Cyber Command
|
2 | 5.9% |
 @CNMF_CyberAlert - USCYBERCOM Cybersecurity Alert
|
2 | 5.9% |
 @Unit42_Intel - Unit 42
|
1 | 2.9% |
 @RGB_Lights - Rob Joyce
|
1 | 2.9% |
 @FireEye - FireEye
|
1 | 2.9% |
 @NSAGov - NSA/CSS
|
1 | 2.9% |
 @CrowdStrike - CrowdStrike
|
1 | 2.9% |
 @RFJ_USA - Rewards for Justice
|
1 | 2.9% |
 @StateDept - Department of State
|
1 | 2.9% |
 @ODNIgov - Office of the DNI
|
1 | 2.9% |
 @F5 - F5
|
1 | 2.9% |
 @SecPompeo - Secretary Pompeo
|
1 | 2.9% |
 @Graphika_NYC - Graphika
|
1 | 2.9% |
 @TwitterSafety - Twitter Safety
|
1 | 2.9% |
| More | ||
| Less | ||
| Most Replied to Users | Count | % |
|---|---|---|
|
@CNMF_CyberAlert - USCYBERCOM Cybersecurity Alert
|
3 | 60.0% |
 @thechrisharrod - Chris Harrod
|
1 | 20.0% |
 @joshlemon - Josh Lemon
|
1 | 20.0% |
| Top Hashtags | Count | % |
|---|---|---|
| #dprk | 6 | 8.2% |
| #cybersecurity | 5 | 6.8% |
| #cnmf | 5 | 6.8% |
| #icymi | 4 | 5.5% |
| #malware | 4 | 5.5% |
| #solarwinds | 2 | 2.7% |
| #slothfulmedia | 2 | 2.7% |
| #fastcash | 2 | 2.7% |
| #eccentricbandwagon | 2 | 2.7% |
| #vivaciousgift | 2 | 2.7% |
| #northkorea | 2 | 2.7% |
| More | ||
| Less | ||
| Top Words | Count | % |
|---|---|---|
| cyber | 19 | 26.0% |
| malware | 17 | 23.3% |
| actors | 14 | 19.2% |
| released | 13 | 17.8% |
| cve | 9 | 12.3% |
| malicious | 9 | 12.3% |
| used | 8 | 11.0% |
| foreign | 8 | 11.0% |
| attributed | 7 | 9.6% |
| russian | 7 | 9.6% |
| samples | 7 | 9.6% |
| chinese | 6 | 8.2% |
| activity | 6 | 8.2% |
| targeting | 6 | 8.2% |
| advisory | 6 | 8.2% |
| immediately | 5 | 6.8% |
| including | 5 | 6.8% |
| exchange | 5 | 6.8% |
| efforts | 5 | 6.8% |
| likely | 4 | 5.5% |
| networks | 4 | 5.5% |
| svr | 4 | 5.5% |
| vulnerabilities | 4 | 5.5% |
| conduct | 4 | 5.5% |
| operations | 4 | 5.5% |
| implant | 4 | 5.5% |
| korean | 4 | 5.5% |
| remote | 4 | 5.5% |
| dprk | 4 | 5.5% |
| systems | 4 | 5.5% |
| government | 4 | 5.5% |
| exploitation | 3 | 4.1% |
| patch | 3 | 4.1% |
| compromise | 3 | 4.1% |
| being | 3 | 4.1% |
| analysis | 3 | 4.1% |
| partners | 3 | 4.1% |
| intelligence | 3 | 4.1% |
| service | 3 | 4.1% |
| using | 3 | 4.1% |
| multiple | 3 | 4.1% |
| millions | 3 | 4.1% |
| vulnerability | 3 | 4.1% |
| sponsored | 3 | 4.1% |
| identified | 3 | 4.1% |
| recently | 3 | 4.1% |
| charged | 3 | 4.1% |
| russia | 3 | 4.1% |
| activities | 3 | 4.1% |
| funds | 3 | 4.1% |
| More | ||
| Less | ||
| Top Emojis | Count | % |
|---|---|---|
| ⚠ Warning Sign | 2 | 2.7% |
Tweets
🚨 Active scanning of Apache HTTP Server CVE-2021-41773 & CVE-2021-42013 is ongoing and expected to accelerate, likely leading to exploitation. Please patch immediately if you haven’t already—this cannot wait until after the weekend. Read more: us-cert.cisa.gov/ncas/current-a…
Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already— this cannot wait until after the weekend.
Three common sources of compromise in #Kubernetes are supply chain risks, malicious threat actors, and insider threats. #KnowingIsHalfTheBattle💪
#KubernetesClusters #Cybersecurity #OpenSource
#KubernetesClusters #Cybersecurity #OpenSource
NSA and @CISAgov share Kubernetes configurations and recommendations to harden environments against compromise. Understanding the options for building and maintaining a secure Kubernetes cluster is key to protecting your data & resources. nsa.gov/News-Features/… pic.twitter.com/qAMFAlx7ek
We collaborated with @CISAgov & @FBI on our #cybersecurity advisory, detailing Chinese state-sponsored actor #TTPs used against U.S. and allied networks. For a thorough understanding of this cyberthreat, read our overview, observed TTPs & mitigations. nsa.gov/news-features/… pic.twitter.com/AezXxddInV
Exploitation in the wild has been observed (h/t @GossiTheDog). Please patch immediately!
.@CISAgov is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation. Learn more at go.usa.gov/x6bA5.
Do you have that #FridayFeeling you’re being hacked? Read @CISAgov’s Best Practices for @MITREattack Mapping to better understand adversary behavior and defend your networks. go.usa.gov/x6bxs
Updated eviction guidance released by @CISAgov. Follow these steps to effectively remove known APT actor from networks.
🚨 We have released eviction guidance related to the ongoing SolarWinds Orion incident and related campaign activities affecting U.S. government agency networks, CI entities, and private sector organizations.
View our updated guidance: go.usa.gov/xHHFv pic.twitter.com/BkAoPgczwY
View our updated guidance: go.usa.gov/xHHFv pic.twitter.com/BkAoPgczwY
"Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders" -- Joint Cybersecurity Advisory today from @FBI, @DHSgov, and @CISAgov. See: us-cert.cisa.gov/sites/default/… pic.twitter.com/5F5MyJ7OLO
.@CISAgov, @FBI, @CNMF_CyberAlert link Russian SVR/APT 29 actors to network infiltration through #SolarWinds supply chain compromise and GoldenSAML exploitation of M365. Read the report here: us-cert.cisa.gov/ncas/analysis-… pic.twitter.com/AeSEtWUVwQ
.@CISAgov, @FBI, @CNMF_CyberAlert link Russian SVR/APT 29 actors to network infiltration through #SolarWinds supply chain compromise and GoldenSAML exploitation of M365. Read the report here: us-cert.cisa.gov/ncas/analysis-…
Russian Foreign Intelligence Service (SVR) cyber actors are exploiting five publicly known vulnerabilities to target U.S. and allied critical networks. Review our joint #cybersecurity guidance with @CISAgov and @FBI and apply the mitigations to stop them: nsa.gov/News-Features/…
Microsoft has released #security updates for #vulnerabilities found in Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.
NSA urges applying critical Microsoft patches released today, as exploitation of these #vulnerabilities could allow persistent access and control of enterprise networks.
msrc-blog.microsoft.com/2021/04/13/apr…
msrc-blog.microsoft.com/2021/04/13/apr…
APT actors are scanning for vulnerabilities with Fortinet FortiOS to gain access to multiple government, commercial, and technology services networks – read our joint cybersecurity advisory with the @FBI: go.usa.gov/xHx4D pic.twitter.com/tm0Jwd5Xgm
“Foreign malign influence is an enduring challenge facing our country,” said Director of National Intelligence Avril Haines. “These efforts by U.S. adversaries seek to exacerbate divisions and undermine confidence in our democratic institutions." @ODNIgov odni.gov/index.php/news…
Microsoft has released a new, one-click mitigation tool, the Microsoft Exchange On-Premises Mitigation Tool, to help customers who do not have dedicated security or IT teams to apply security updates for Microsoft Exchange Server. Learn more: msft.it/6015VKNpL
❗ NEWLY ISSUED GUIDANCE is available on @CISAgov’s Microsoft Exchange Vulnerabilities web page. Visit go.usa.gov/xsyVk to review the latest guidance and resources from Microsoft for remediating the exploitation of Exchange vulnerabilities.
#Cybersecurity #InfoSec #IT
#Cybersecurity #InfoSec #IT
Anyone that has Exchange on-prem exposed to the internet on 80/443 should consider checking into CVE-2021-27065 immediately. I received the patch KB5000871 & installed at 16:30EST but still saw a box popped. Box was hit on the 28th of Feb so this HAS been happening awhile. 1 of 2
Patches released by @MsftSecIntel for multiple Exchange #CVE. Immediate action is critical, as some are currently being exploited in the wild. Exploits enable unauthenticated RCE when chained. microsoft.com/security/blog/…
@CISAgov, @FBI, & @USTreasury released a joint cybersecurity alert summarizing malicious cyber activity by #DPRK APT #LazarusGroup using #AppleJeus #malware to target individuals, #cryptocurrency exchanges and financial service companies.
go.usa.gov/xsTjH
go.usa.gov/xsTjH
⚠️ North Korean cyber actors are using #AppleJeus #malware variants to carry out an ongoing cryptocurrency theft scheme. Our joint advisory with the @FBI & @USTreasury gives details behind seven identified versions: go.usa.gov/xsTjH. #Cybersecurity #InfoSec #HIDDENCOBRA pic.twitter.com/2nG4V0dGYT
#BendyBear malware suspected to have compromised several East Asian governments through actions similar to BlackTech #WaterBear incidents in the past
Today, we exposed "BendyBear," one of the most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an APT, says the Unit 42 researcher who analyzed it. bit.ly/3aH1ABi pic.twitter.com/xHdul07MZM
Multiple agencies collaborated to untether victim computers from #Emotet, effectively disrupting the botnet responsible for hundreds of millions of dollars in damage worldwide. Great job!
One of the world’s most dangerous malware botnet #Emotet disrupted in international cyber operation
@USAO_MDNC @FBI @FBICharlotte @Europol @Eurojust @bka @PolitieLE @GStA_FFM_ZIT
justice.gov/opa/pr/emotet-…
@USAO_MDNC @FBI @FBICharlotte @Europol @Eurojust @bka @PolitieLE @GStA_FFM_ZIT
justice.gov/opa/pr/emotet-…
We recommend applying patches as soon as available. This is a far more dangerous #Sudo vulnerability than seen in the rescent past.
Got Root? You do now with CVE-2021-3156 privilege escalation in SUDO. Exploitable Heap-based buffer overflow in a utility that is available in almost all major linux/unix OS versions.
Russian state-sponsored cyber actors are exploiting #vulnerability CVE-2020-4006 affecting VMware Workspace ONE Access.
Russian state-sponsored cyber actors are exploiting #vulnerability CVE-2020-4006 affecting VMware Workspace ONE Access. We recommend patching immediately. Read our latest #cybersecurity advisory for details, including detection and mitigation actions: nsa.gov/News-Features/…
"The National Cyber Force is a joint Defence and @GCHQ capability, giving the UK a world class ability to conduct cyber operations." -Defence Secretary Ben Wallace
gchq.gov.uk/news/national-…
gchq.gov.uk/news/national-…
.@US_CYBERCOM warmly welcomes our newest partners in cyber operations: the UK National Cyber Force. We look forward to working with the NCF against cyber threats.
⚠️ New malware variant – Zebrocy – identified by @CISAgov and @CNMF_CyberAlert. Learn more at go.usa.gov/x7jbu.
#Zebrocy #Cybersecurity #InfoSec #Malware
#Zebrocy #Cybersecurity #InfoSec #Malware
.@CNMF_CyberAlert and @CISAgov identified #Zebrocy implant used to target victims in Eastern Europe and Central Asia, including embassies and ministries of foreign affairs.
View samples on @CNMF_CyberAlert's Virus Total: virustotal.com/en/user/CYBERC… and MAR at us-cert.cisa.gov/ncas/analysis-…
View samples on @CNMF_CyberAlert's Virus Total: virustotal.com/en/user/CYBERC… and MAR at us-cert.cisa.gov/ncas/analysis-…
⚠️ New malware variant – ComRAT – identified by @CISAgov and @CNMF_CyberAlert. Learn more at go.usa.gov/x7jj4.
#ComRAT #Cybersecurity #InfoSec #Malware
#ComRAT #Cybersecurity #InfoSec #Malware
An implant dropper dubbed #ComRATv4 recently attributed by @CISAgov and @FBI to Russian sponsored APT, Turla. It was likely used to target ministries of foreign affairs and national parliament.
@CNMF_CyberAlert continues to disclose #malware samples on: virustotal.com/en/user/CYBERC…
@CNMF_CyberAlert continues to disclose #malware samples on: virustotal.com/en/user/CYBERC…
The public and private sectors are united against ransomware, especially those actors targeting medical facilities during a pandemic. This report is just one example of the work being done to address the current threat.
.@CNMF_CyberAlert, @CISAgov and @FBI released the Kimsuky Cybersecurity Advisory, a summary of #DPRK malicious cyber acitivity posing as Google, Yahoo mail services, and South Korean reporters, targeting Japan, South Korea, and the United States.
us-cert.cisa.gov/ncas/alerts/aa…
us-cert.cisa.gov/ncas/alerts/aa…
.U.S. networks are constantly being scanned, targeted, and exploited by Chinese state-sponsored cyber actors. Take action and mitigate against these exploits used in their hacking operations.
@FBI & @TheJusticeDept charged 6 Russian GRU officers (Unit 74455 #Sandworm) for carrying out cyber-attacks against innocent victims as recent as the 2019 cyber-attack against the country of Georgia, 2018 Olympic Destroyer malware, & 2017 global #NotPetya malware campaign.
The #SlothfulMedia implant has the ability to run commands, kill processes, invoke a remote shell, add and delete registry values, take screen shots and interact with the file system.
For more info see @CISAgov's MAR us-cert.cisa.gov/ncas/analysis-…
For more info see @CISAgov's MAR us-cert.cisa.gov/ncas/analysis-…
🚨 @CISAgov and @CNMF_CyberAlert have a released a Malware Analysis Report on SLOTHFULMEDIA—this remote access trojan is used by a sophisticated cyber actor. Check out the report at go.usa.gov/xGAg3 for more information, including #IOCs.
#Malware #Cybersecurity #InfoSec pic.twitter.com/bxFapjDsdU
#Malware #Cybersecurity #InfoSec pic.twitter.com/bxFapjDsdU
A relatively new implant, which we have dubbed #SlothfulMedia, has been used to target victims in a number of countries, including: India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine.
See more on @US_CYBERCOM's Virus Total page: virustotal.com/gui/file/64d78…
See more on @US_CYBERCOM's Virus Total page: virustotal.com/gui/file/64d78…
Hackers Said Pourkarim Arabi, Mohammad Reza Espargham and Mohammad Bayati charged for engaging in a computer intrusion campaign targeting aerospace and satellite industries to steal sensitive info on behalf of the IRCG.
Visit @TheJusticeDept for more: justice.gov/opa/pr/state-s…
Visit @TheJusticeDept for more: justice.gov/opa/pr/state-s…
.@FBI and @TheJusticeDept charged 2 Chinese Nationals and arrested 2 individuals in Malaysia involved in APT-41 malicious cyber activities.
Seven International Cyber Defendants, Including "Apt41" Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally
justice.gov/opa/pr/seven-i…
justice.gov/opa/pr/seven-i…
PIONEER KITTEN's reckless actions, recently uncovered by
@CrowdStrike.
As reported, Iranian Gov't-aligned actors attempted to steal user credentials and sell network access to generate funds despite likely negative impacts to potential intelligence collection.
@CrowdStrike.
As reported, Iranian Gov't-aligned actors attempted to steal user credentials and sell network access to generate funds despite likely negative impacts to potential intelligence collection.
Learn about #cyber threat activity in July 2020 from PIONEER KITTEN, an Iran-based adversary with a suspected nexus to the Iranian government -- this adversary focuses on gaining access to entities that have sensitive intelligence information. bit.ly/2EHAL3W pic.twitter.com/GtJ52JGNNi
#ICYMI 2 new samples of #FASTCASH and 9, recently attributed, samples of DPRK's #ECCENTRICBANDWAGON and #VIVACIOUSGIFT malware uploaded to Virus Total.
For more infomation go to @US_CYBERCOM's virustotal.com/en/user/CYBERC… #HIDDENCOBRA #cybersecurity
For more infomation go to @US_CYBERCOM's virustotal.com/en/user/CYBERC… #HIDDENCOBRA #cybersecurity
Millions in cryptocurrency stolen and laundered through Chinese over-the-counter (OTC) cryptocurrency traders.
@US_CYBERCOM enbled @TheJusticeDept and partners to disrupt North Korean actors' efforts to illicitly generate revenue, imposing money and access costs on #DPRK
@US_CYBERCOM enbled @TheJusticeDept and partners to disrupt North Korean actors' efforts to illicitly generate revenue, imposing money and access costs on #DPRK
United States Files Complaint to Forfeit 280 Cryptocurrency Accounts Tied to Hacks of Two Exchanges by North Korean Actors justice.gov/opa/pr/united-…
North Korean cyber actors are using #malware variants to conduct an ATM cash-out scheme to steal money from banking systems. Read more about the threat in a joint press release the #FBI, @CISAgov, @USTreasury, and @US_CYBERCOM published at ow.ly/fIaP50B9Tx5.
#CNMF’s collaborative analysis supported @US_CYBERCOM, @TheJusticeDept, @USTreasury, and @CISAgov efforts to expose BeagleBoyz illegal cyber activity targeting the international banking system, since 2015.
For more info on these malware samples visit: virustotal.com/en/user/CYBERC…
For more info on these malware samples visit: virustotal.com/en/user/CYBERC…
BeagleBoyz malicous cyber operations used #FASTCASH, #ECCENTRICBANDWAGON and #VIVACIOUSGIFT #malware to steal💰millions of dollars from international banks to fund the North Korean regime.
Read more about FASTCash 2.0 on us-cert.cisa.gov/ncas/alerts/aa…
#Infosec #Cybersecurity pic.twitter.com/oNGPglyAhr
Read more about FASTCash 2.0 on us-cert.cisa.gov/ncas/alerts/aa…
#Infosec #Cybersecurity pic.twitter.com/oNGPglyAhr
BeagleBoyz malicous cyber operations used #FASTCASH, #ECCENTRICBANDWAGON and #VIVACIOUSGIFT #malware to steal💰millions of dollars from international banks to fund the North Korean regime.
Read more about FASTCash 2.0 on us-cert.cisa.gov/ncas/alerts/aa…
#Infosec #Cybersecurity
Read more about FASTCash 2.0 on us-cert.cisa.gov/ncas/alerts/aa…
#Infosec #Cybersecurity
GRU 85th #FancyBear or #APT28 leverages Drovorub to ensure stealthy, persistent access on high-value Linux systems. Detection methodologies in the advisory should be implemented with urgency.
The Russian GRU 85th GTsSS, sometimes publicly known as #APT28 or #FancyBear, is using a previously undisclosed #Linux malware called Drovorub for cyber espionage operations.
For full details and mitigations, review our #cybersecurity advisory with @FBI: nsa.gov/news-features/… pic.twitter.com/sxkkuJhsg4
For full details and mitigations, review our #cybersecurity advisory with @FBI: nsa.gov/news-features/… pic.twitter.com/sxkkuJhsg4
.@StateDept is offering up to $10M, if you have information leading to the identification or location of any person who, acting at the direction of a foreign government, interferes with US elections.
#protect2020 #election2020
#protect2020 #election2020
To provide information, text Rewards for Justice via Telegram, Signal, or WhatsApp at 001-202-999-5113, or, at @RFJ_Election_Bot on Telegram. pic.twitter.com/hQ8fMZQAVJ
#RussiaDisinfo has created an ecosystem of disinformation meant to deceive and confuse, but the GEC at the @StateDept and the whole USG refuses to accept this weaponizing of information and is exposing their malicious intent in a new report.
state.gov/russias-pillar…
state.gov/russias-pillar…
.@SecPompeo discusses the @realDonaldTrump administration’s work to secure our democracy. pic.twitter.com/VXiYj2TihF
China’s #Taidoor malware has been compromising systems since 2008.
For more info on Taidoor, see @CISAgov and @FBI’s MAR us-cert.cisa.gov/ncas/analysis-…
and @US_CYBERCOM’s Virus Total. virustotal.com/en/user/CYBERC…
For more info on Taidoor, see @CISAgov and @FBI’s MAR us-cert.cisa.gov/ncas/analysis-…
and @US_CYBERCOM’s Virus Total. virustotal.com/en/user/CYBERC…
CVE-2020-10713 poses significant risk to Linux and Windows systems. Follow the mitigations in our #Cybersecurity Advisory to protect against this GRUB2 #BootHole vulnerability. nsa.gov/news-features/…
Keep following #CNMF for more malware disclosures, adversary attribution and exposure of malign cyber activity…coming soon! #Defend2020 #SecureElections
With our IC counterparts we will strive to update Americans on the evolving election threat landscape. “We’re currently concerned with China, Russia, and Iran.” –Ms. Pierson @ODNIgov
