User Overview
USCYBERCOM Cybersecurity Alert 
Followers and Following
Followers
Following
Tweet Stats
Analysed 85 tweets, tweets from the last 168 weeks.
Tweets Day of Week (UTC)
Tweets Hour of Day (UTC)
Key:
Tweets
Retweets
Quotes
Replies
Tweets Day and Hour Heatmap (UTC)
| Top Applications | Count | % |
|---|---|---|
|
|
75 | 88.2% |
|
|
5 | 5.9% |
|
|
2 | 2.4% |
|
|
2 | 2.4% |
|
|
1 | 1.2% |
| Top Tweet Types | Count | % |
|---|---|---|
| Quote | 38 | 44.7% |
| Tweet | 22 | 25.9% |
| Retweet | 21 | 24.7% |
| Reply | 10 | 11.8% |
| Top Content Types | Count | % |
|---|---|---|
| URL | 61 | 71.8% |
| Photo | 8 | 9.4% |
| Most Retweeted Users | Count | % |
|---|---|---|
|
7 | 33.3% |
|
|
6 | 28.6% |
|
|
3 | 14.3% |
|
|
1 | 4.8% |
|
|
1 | 4.8% |
|
|
1 | 4.8% |
|
|
1 | 4.8% |
|
|
1 | 4.8% |
| More | ||
| Less | ||
| Most Quoted Users | Count | % |
|---|---|---|
|
|
5 | 13.5% |
|
|
4 | 10.8% |
|
|
4 | 10.8% |
|
|
4 | 10.8% |
|
|
3 | 8.1% |
|
|
2 | 5.4% |
|
|
2 | 5.4% |
|
|
2 | 5.4% |
|
|
1 | 2.7% |
|
|
1 | 2.7% |
|
|
1 | 2.7% |
|
|
1 | 2.7% |
|
|
1 | 2.7% |
|
|
1 | 2.7% |
|
|
1 | 2.7% |
|
|
1 | 2.7% |
|
|
1 | 2.7% |
|
|
1 | 2.7% |
|
|
1 | 2.7% |
| More | ||
| Less | ||
| Most Replied to Users | Count | % |
|---|---|---|
|
|
7 | 77.8% |
|
|
1 | 11.1% |
|
|
1 | 11.1% |
| Top Hashtags | Count | % |
|---|---|---|
| #dprk | 6 | 7.1% |
| #cybersecurity | 5 | 5.9% |
| #cnmf | 5 | 5.9% |
| #icymi | 4 | 4.7% |
| #malware | 4 | 4.7% |
| #cyber | 2 | 2.4% |
| #muddywater | 2 | 2.4% |
| #solarwinds | 2 | 2.4% |
| #slothfulmedia | 2 | 2.4% |
| #fastcash | 2 | 2.4% |
| #eccentricbandwagon | 2 | 2.4% |
| #vivaciousgift | 2 | 2.4% |
| #northkorea | 2 | 2.4% |
| More | ||
| Less | ||
| Top Words | Count | % |
|---|---|---|
| cyber | 22 | 25.9% |
| malware | 22 | 25.9% |
| actors | 18 | 21.2% |
| malicious | 13 | 15.3% |
| released | 13 | 15.3% |
| russian | 9 | 10.6% |
| samples | 9 | 10.6% |
| activity | 9 | 10.6% |
| used | 9 | 10.6% |
| attributed | 9 | 10.6% |
| cve | 9 | 10.6% |
| targeting | 8 | 9.4% |
| foreign | 8 | 9.4% |
| advisory | 7 | 8.2% |
| using | 7 | 8.2% |
| iranian | 6 | 7.1% |
| including | 6 | 7.1% |
| networks | 6 | 7.1% |
| chinese | 6 | 7.1% |
| vulnerabilities | 5 | 5.9% |
| operations | 5 | 5.9% |
| government | 5 | 5.9% |
| partners | 5 | 5.9% |
| systems | 5 | 5.9% |
| conduct | 5 | 5.9% |
| immediately | 5 | 5.9% |
| exchange | 5 | 5.9% |
| efforts | 5 | 5.9% |
| targeted | 4 | 4.7% |
| infrastructure | 4 | 4.7% |
| compromise | 4 | 4.7% |
| iocs | 4 | 4.7% |
| cybersecurity | 4 | 4.7% |
| recently | 4 | 4.7% |
| analysis | 4 | 4.7% |
| likely | 4 | 4.7% |
| svr | 4 | 4.7% |
| implant | 4 | 4.7% |
| korean | 4 | 4.7% |
| remote | 4 | 4.7% |
| dprk | 4 | 4.7% |
| exploiting | 3 | 3.5% |
| critical | 3 | 3.5% |
| individuals | 3 | 3.5% |
| ukrainian | 3 | 3.5% |
| potential | 3 | 3.5% |
| security | 3 | 3.5% |
| associated | 3 | 3.5% |
| supply | 3 | 3.5% |
| espionage | 3 | 3.5% |
| More | ||
| Less | ||
| Top Emojis | Count | % |
|---|---|---|
| 🚨 E0.6 Police Car Light | 3 | 3.5% |
| 💰 E0.6 Money Bag | 2 | 2.4% |
| ⚠ Warning Sign | 2 | 2.4% |
Tweets
REWARD! 💰Up to $10M 💰for information on Iranian malicious #cyber actors AHMADI, KHATIBI & NICKAEIN. They targeted U.S. critical infrastructure and compromised hundreds of computer networks across the U.S. and abroad. GOT A TIP? Contact RFJ today! ow.ly/4NzM50KHhC1
“This multi-partner advisory highlights how Iranian cyber actors are exploiting vulnerabilities, targeting a broad range of entities including U.S. & partner critical infrastructure, & using accesses for ransom operations."- US Army Maj Gen Hartman, Cyber National Mission Force
With several partners across the world, we published an advisory highlighting the continued malicious exploitation of known vulnerabilities by APT actors affiliated with the Iranian Government’s IRGC. Read the advisory: go.dhs.gov/Z3q pic.twitter.com/nk9OnhdkyP
The U.S. Government reveals the face of a Conti associate for the first time! We’re trying to put a name with the face!
To the guy in the photo: Imagine how many cool hats you could buy with $10 million dollars!
Write to us via our Tor-based tip line: …m65flqy6irivtflruqfc5ep7eiodiad.onion pic.twitter.com/28BgYXYRy2
To the guy in the photo: Imagine how many cool hats you could buy with $10 million dollars!
Write to us via our Tor-based tip line: …m65flqy6irivtflruqfc5ep7eiodiad.onion pic.twitter.com/28BgYXYRy2
🚨🤝We are publicly disclosing these IOCs from our Ukrainian partners @servicessu to highlight potential compromises & enable collective security. We continue to have a strong partnership in cybersecurity between our two nations. 🇺🇦🇺🇸 virustotal.com/gui/file/6662e…
🇺🇦🇺🇸Ukrainian partners are actively sharing malicious activity with us to bolster collective cybersecurity, as we share w/them. Thanks to close collaboration with @servicessu, we are disclosing IOCs associated w/malware recently found in Ukrainian networks pastebin.com/PCK97yjc
🇺🇦🇺🇸Ukrainian partners are actively sharing malicious activity with us to bolster collective cybersecurity, as we share w/them. Thanks to close collaboration with @servicessu, we are disclosing IOCs associated w/malware recently found in Ukrainian networks pastebin.com/PCK97yjc
Today, @TheJusticeDept unsealed charges against four Russian government actors for their roles in separate malicious #cyber campaigns targeting the U.S. energy sector. go.usa.gov/xzG9V
🚨Mitigate Iranian MOIS cyber actor #MuddyWater's suite of tools with joint Malware Analysis Report. Malware used for espionage & more--exposed & attributed in Jan ‘22 to Iran's Ministry of Intel & Security here: Virustotal.com/en/user/CYBERC…. @FBI @NSACyber @GCHQ @US_CYBERCOM @CISAgov
💧 .@CISAgov, @FBI, @CNMF_CyberAlert, @NCSC, and @NSACyber have issued a joint advisory detailing malicious cyber activities conducted by Iranian government-sponsored APT actors known as #MuddyWater. Learn more at go.usa.gov/xzcp4 #Cybersecurity #InfoSec #CyberSquad pic.twitter.com/PpikNb7IXF
Review this blog and check your networks for IOCs related to this ongoing malicious activity. Actionable threat sharing among public-private partners makes a difference against adversary intrusions. Good work by all involved! unit42.paloaltonetworks.com/manageengine-g…
MOIS hacker group MuddyWater is using open-source code for malware. These samples are indicators that a network has been compromised.
Iranian MOIS hacker group #MuddyWater is using a suite of malware to conduct espionage and malicious activity. If you see two or more of these malware on your network, you may have MuddyWater on it: Virustotal.com/en/user/CYBERC…. Attributed through @NCIJTF @FBI
Iranian MOIS hacker group #MuddyWater is using a suite of malware to conduct espionage and malicious activity. If you see two or more of these malware on your network, you may have MuddyWater on it: Virustotal.com/en/user/CYBERC…. Attributed through @NCIJTF @FBI
🚨 Active scanning of Apache HTTP Server CVE-2021-41773 & CVE-2021-42013 is ongoing and expected to accelerate, likely leading to exploitation. Please patch immediately if you haven’t already—this cannot wait until after the weekend. Read more: us-cert.cisa.gov/ncas/current-a…
Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already— this cannot wait until after the weekend.
Three common sources of compromise in #Kubernetes are supply chain risks, malicious threat actors, and insider threats. #KnowingIsHalfTheBattle💪
#KubernetesClusters #Cybersecurity #OpenSource
#KubernetesClusters #Cybersecurity #OpenSource
NSA and @CISAgov share Kubernetes configurations and recommendations to harden environments against compromise. Understanding the options for building and maintaining a secure Kubernetes cluster is key to protecting your data & resources. nsa.gov/News-Features/… pic.twitter.com/qAMFAlx7ek
We collaborated with @CISAgov & @FBI on our #cybersecurity advisory, detailing Chinese state-sponsored actor #TTPs used against U.S. and allied networks. For a thorough understanding of this cyberthreat, read our overview, observed TTPs & mitigations. nsa.gov/news-features/… pic.twitter.com/AezXxddInV
Exploitation in the wild has been observed (h/t @GossiTheDog). Please patch immediately!
.@CISAgov is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation. Learn more at go.usa.gov/x6bA5.
Do you have that #FridayFeeling you’re being hacked? Read @CISAgov’s Best Practices for @MITREattack Mapping to better understand adversary behavior and defend your networks. go.usa.gov/x6bxs
Updated eviction guidance released by @CISAgov. Follow these steps to effectively remove known APT actor from networks.
🚨 We have released eviction guidance related to the ongoing SolarWinds Orion incident and related campaign activities affecting U.S. government agency networks, CI entities, and private sector organizations.
View our updated guidance: go.usa.gov/xHHFv pic.twitter.com/BkAoPgczwY
View our updated guidance: go.usa.gov/xHHFv pic.twitter.com/BkAoPgczwY
"Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders" -- Joint Cybersecurity Advisory today from @FBI, @DHSgov, and @CISAgov. See: us-cert.cisa.gov/sites/default/… pic.twitter.com/5F5MyJ7OLO
.@CISAgov, @FBI, @CNMF_CyberAlert link Russian SVR/APT 29 actors to network infiltration through #SolarWinds supply chain compromise and GoldenSAML exploitation of M365. Read the report here: us-cert.cisa.gov/ncas/analysis-… pic.twitter.com/AeSEtWUVwQ
.@CISAgov, @FBI, @CNMF_CyberAlert link Russian SVR/APT 29 actors to network infiltration through #SolarWinds supply chain compromise and GoldenSAML exploitation of M365. Read the report here: us-cert.cisa.gov/ncas/analysis-…
Russian Foreign Intelligence Service (SVR) cyber actors are exploiting five publicly known vulnerabilities to target U.S. and allied critical networks. Review our joint #cybersecurity guidance with @CISAgov and @FBI and apply the mitigations to stop them: nsa.gov/News-Features/…
Microsoft has released #security updates for #vulnerabilities found in Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.
NSA urges applying critical Microsoft patches released today, as exploitation of these #vulnerabilities could allow persistent access and control of enterprise networks.
msrc-blog.microsoft.com/2021/04/13/apr…
msrc-blog.microsoft.com/2021/04/13/apr…
APT actors are scanning for vulnerabilities with Fortinet FortiOS to gain access to multiple government, commercial, and technology services networks – read our joint cybersecurity advisory with the @FBI: go.usa.gov/xHx4D pic.twitter.com/tm0Jwd5Xgm
“Foreign malign influence is an enduring challenge facing our country,” said Director of National Intelligence Avril Haines. “These efforts by U.S. adversaries seek to exacerbate divisions and undermine confidence in our democratic institutions." @ODNIgov odni.gov/index.php/news…
Microsoft has released a new, one-click mitigation tool, the Microsoft Exchange On-Premises Mitigation Tool, to help customers who do not have dedicated security or IT teams to apply security updates for Microsoft Exchange Server. Learn more: msft.it/6015VKNpL
❗ NEWLY ISSUED GUIDANCE is available on @CISAgov’s Microsoft Exchange Vulnerabilities web page. Visit go.usa.gov/xsyVk to review the latest guidance and resources from Microsoft for remediating the exploitation of Exchange vulnerabilities.
#Cybersecurity #InfoSec #IT
#Cybersecurity #InfoSec #IT
Anyone that has Exchange on-prem exposed to the internet on 80/443 should consider checking into CVE-2021-27065 immediately. I received the patch KB5000871 & installed at 16:30EST but still saw a box popped. Box was hit on the 28th of Feb so this HAS been happening awhile. 1 of 2
Patches released by @MsftSecIntel for multiple Exchange #CVE. Immediate action is critical, as some are currently being exploited in the wild. Exploits enable unauthenticated RCE when chained. microsoft.com/security/blog/…
@CISAgov, @FBI, & @USTreasury released a joint cybersecurity alert summarizing malicious cyber activity by #DPRK APT #LazarusGroup using #AppleJeus #malware to target individuals, #cryptocurrency exchanges and financial service companies.
go.usa.gov/xsTjH
go.usa.gov/xsTjH
⚠️ North Korean cyber actors are using #AppleJeus #malware variants to carry out an ongoing cryptocurrency theft scheme. Our joint advisory with the @FBI & @USTreasury gives details behind seven identified versions: go.usa.gov/xsTjH. #Cybersecurity #InfoSec #HIDDENCOBRA pic.twitter.com/2nG4V0dGYT
#BendyBear malware suspected to have compromised several East Asian governments through actions similar to BlackTech #WaterBear incidents in the past
Today, we exposed "BendyBear," one of the most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an APT, says the Unit 42 researcher who analyzed it. bit.ly/3aH1ABi pic.twitter.com/xHdul07MZM
Multiple agencies collaborated to untether victim computers from #Emotet, effectively disrupting the botnet responsible for hundreds of millions of dollars in damage worldwide. Great job!
One of the world’s most dangerous malware botnet #Emotet disrupted in international cyber operation
@USAO_MDNC @FBI @FBICharlotte @Europol @Eurojust @bka @PolitieLE @GStA_FFM_ZIT
justice.gov/opa/pr/emotet-…
@USAO_MDNC @FBI @FBICharlotte @Europol @Eurojust @bka @PolitieLE @GStA_FFM_ZIT
justice.gov/opa/pr/emotet-…
We recommend applying patches as soon as available. This is a far more dangerous #Sudo vulnerability than seen in the rescent past.
Got Root? You do now with CVE-2021-3156 privilege escalation in SUDO. Exploitable Heap-based buffer overflow in a utility that is available in almost all major linux/unix OS versions.
Russian state-sponsored cyber actors are exploiting #vulnerability CVE-2020-4006 affecting VMware Workspace ONE Access.
Russian state-sponsored cyber actors are exploiting #vulnerability CVE-2020-4006 affecting VMware Workspace ONE Access. We recommend patching immediately. Read our latest #cybersecurity advisory for details, including detection and mitigation actions: nsa.gov/News-Features/…
"The National Cyber Force is a joint Defence and @GCHQ capability, giving the UK a world class ability to conduct cyber operations." -Defence Secretary Ben Wallace
gchq.gov.uk/news/national-…
gchq.gov.uk/news/national-…
.@US_CYBERCOM warmly welcomes our newest partners in cyber operations: the UK National Cyber Force. We look forward to working with the NCF against cyber threats.
⚠️ New malware variant – Zebrocy – identified by @CISAgov and @CNMF_CyberAlert. Learn more at go.usa.gov/x7jbu.
#Zebrocy #Cybersecurity #InfoSec #Malware
#Zebrocy #Cybersecurity #InfoSec #Malware
.@CNMF_CyberAlert and @CISAgov identified #Zebrocy implant used to target victims in Eastern Europe and Central Asia, including embassies and ministries of foreign affairs.
View samples on @CNMF_CyberAlert's Virus Total: virustotal.com/en/user/CYBERC… and MAR at us-cert.cisa.gov/ncas/analysis-…
View samples on @CNMF_CyberAlert's Virus Total: virustotal.com/en/user/CYBERC… and MAR at us-cert.cisa.gov/ncas/analysis-…
⚠️ New malware variant – ComRAT – identified by @CISAgov and @CNMF_CyberAlert. Learn more at go.usa.gov/x7jj4.
#ComRAT #Cybersecurity #InfoSec #Malware
#ComRAT #Cybersecurity #InfoSec #Malware
An implant dropper dubbed #ComRATv4 recently attributed by @CISAgov and @FBI to Russian sponsored APT, Turla. It was likely used to target ministries of foreign affairs and national parliament.
@CNMF_CyberAlert continues to disclose #malware samples on: virustotal.com/en/user/CYBERC…
@CNMF_CyberAlert continues to disclose #malware samples on: virustotal.com/en/user/CYBERC…
The public and private sectors are united against ransomware, especially those actors targeting medical facilities during a pandemic. This report is just one example of the work being done to address the current threat.
.@CNMF_CyberAlert, @CISAgov and @FBI released the Kimsuky Cybersecurity Advisory, a summary of #DPRK malicious cyber acitivity posing as Google, Yahoo mail services, and South Korean reporters, targeting Japan, South Korea, and the United States.
us-cert.cisa.gov/ncas/alerts/aa…
us-cert.cisa.gov/ncas/alerts/aa…
.U.S. networks are constantly being scanned, targeted, and exploited by Chinese state-sponsored cyber actors. Take action and mitigate against these exploits used in their hacking operations.
@FBI & @TheJusticeDept charged 6 Russian GRU officers (Unit 74455 #Sandworm) for carrying out cyber-attacks against innocent victims as recent as the 2019 cyber-attack against the country of Georgia, 2018 Olympic Destroyer malware, & 2017 global #NotPetya malware campaign.
The #SlothfulMedia implant has the ability to run commands, kill processes, invoke a remote shell, add and delete registry values, take screen shots and interact with the file system.
For more info see @CISAgov's MAR us-cert.cisa.gov/ncas/analysis-…
For more info see @CISAgov's MAR us-cert.cisa.gov/ncas/analysis-…
🚨 @CISAgov and @CNMF_CyberAlert have a released a Malware Analysis Report on SLOTHFULMEDIA—this remote access trojan is used by a sophisticated cyber actor. Check out the report at go.usa.gov/xGAg3 for more information, including #IOCs.
#Malware #Cybersecurity #InfoSec pic.twitter.com/bxFapjDsdU
#Malware #Cybersecurity #InfoSec pic.twitter.com/bxFapjDsdU
A relatively new implant, which we have dubbed #SlothfulMedia, has been used to target victims in a number of countries, including: India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine.
See more on @US_CYBERCOM's Virus Total page: virustotal.com/gui/file/64d78…
See more on @US_CYBERCOM's Virus Total page: virustotal.com/gui/file/64d78…
Hackers Said Pourkarim Arabi, Mohammad Reza Espargham and Mohammad Bayati charged for engaging in a computer intrusion campaign targeting aerospace and satellite industries to steal sensitive info on behalf of the IRCG.
Visit @TheJusticeDept for more: justice.gov/opa/pr/state-s…
Visit @TheJusticeDept for more: justice.gov/opa/pr/state-s…
.@FBI and @TheJusticeDept charged 2 Chinese Nationals and arrested 2 individuals in Malaysia involved in APT-41 malicious cyber activities.
Seven International Cyber Defendants, Including "Apt41" Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally
justice.gov/opa/pr/seven-i…
justice.gov/opa/pr/seven-i…
