User Overview

Followers and Following

Followers
Following
Trendsmap

History

Total Followers - Last Year
Daily Follower Change - Last Year
Daily Tweets - Last Year

Tweet Stats

Analysed 85 tweets, tweets from the last 168 weeks.
Tweets Day of Week (UTC)
Tweets Hour of Day (UTC)
Key:
Tweets
Retweets
Quotes
Replies
Tweets Day and Hour Heatmap (UTC)

Tweets

Last 50 tweets from @CNMF_CyberAlert
REWARD! 💰Up to $10M 💰for information on Iranian malicious #cyber actors AHMADI, KHATIBI & NICKAEIN. They targeted U.S. critical infrastructure and compromised hundreds of computer networks across the U.S. and abroad. GOT A TIP? Contact RFJ today! ow.ly/4NzM50KHhC1
 
“This multi-partner advisory highlights how Iranian cyber actors are exploiting vulnerabilities, targeting a broad range of entities including U.S. & partner critical infrastructure, & using accesses for ransom operations."- US Army Maj Gen Hartman, Cyber National Mission Force
With several partners across the world, we published an advisory highlighting the continued malicious exploitation of known vulnerabilities by APT actors affiliated with the Iranian Government’s IRGC. Read the advisory: go.dhs.gov/Z3q pic.twitter.com/nk9OnhdkyP
 
.@RFJ_USA is seeking info on individuals linked to #Conti aka Wizard Spider, a Russian government-linked ransomware group that has targeted US/Western CIKR. Offer is up to $10 million for info leading to the identity or location of these actors.
The U.S. Government reveals the face of a Conti associate for the first time! We’re trying to put a name with the face!

To the guy in the photo: Imagine how many cool hats you could buy with $10 million dollars!

Write to us via our Tor-based tip line: …m65flqy6irivtflruqfc5ep7eiodiad.onion pic.twitter.com/28BgYXYRy2
 
In reply to @CNMF_CyberAlert
🚨🤝We are publicly disclosing these IOCs from our Ukrainian partners @servicessu to highlight potential compromises & enable collective security. We continue to have a strong partnership in cybersecurity between our two nations. 🇺🇦🇺🇸 virustotal.com/gui/file/6662e…
Replying to @CNMF_CyberAlert
The Ukrainian SBU @servicessu discovered several types of malware in their country & analyzed the samples to identify indicators of compromise-- the list includes 20 novel IOCs in various formats. More here: github.com/CYBERCOM-Malwa…
 
🇺🇦🇺🇸Ukrainian partners are actively sharing malicious activity with us to bolster collective cybersecurity, as we share w/them. Thanks to close collaboration with @servicessu, we are disclosing IOCs associated w/malware recently found in Ukrainian networks pastebin.com/PCK97yjc
Replying to @CNMF_CyberAlert
🚨🤝We are publicly disclosing these IOCs from our Ukrainian partners @servicessu to highlight potential compromises & enable collective security. We continue to have a strong partnership in cybersecurity between our two nations. 🇺🇦🇺🇸 virustotal.com/gui/file/6662e…
 
🇺🇦🇺🇸Ukrainian partners are actively sharing malicious activity with us to bolster collective cybersecurity, as we share w/them. Thanks to close collaboration with @servicessu, we are disclosing IOCs associated w/malware recently found in Ukrainian networks pastebin.com/PCK97yjc
 
Russian cyber actors targeted US and international ICS/SCADA and energy facilities, attempting to cause damage to systems and supply chains. Today, @FBI & @DoJ announced criminal charges against four MCAs, most from FSB Center 16, for targeting civilian critical infrastructure.
Today, @TheJusticeDept unsealed charges against four Russian government actors for their roles in separate malicious #cyber campaigns targeting the U.S. energy sector. go.usa.gov/xzG9V
 
🚨Mitigate Iranian MOIS cyber actor #MuddyWater's suite of tools with joint Malware Analysis Report. Malware used for espionage & more--exposed & attributed in Jan ‘22 to Iran's Ministry of Intel & Security here: Virustotal.com/en/user/CYBERC…. @FBI @NSACyber @GCHQ @US_CYBERCOM @CISAgov
💧 .@CISAgov, @FBI, @CNMF_CyberAlert, @NCSC, and @NSACyber have issued a joint advisory detailing malicious cyber activities conducted by Iranian government-sponsored APT actors known as #MuddyWater. Learn more at go.usa.gov/xzcp4 #Cybersecurity #InfoSec #CyberSquad pic.twitter.com/PpikNb7IXF
 
Review this blog and check your networks for IOCs related to this ongoing malicious activity. Actionable threat sharing among public-private partners makes a difference against adversary intrusions. Good work by all involved! unit42.paloaltonetworks.com/manageengine-g…
 
In reply to @CNMF_CyberAlert
MOIS hacker group MuddyWater is using open-source code for malware. These samples are indicators that a network has been compromised.
Replying to @CNMF_CyberAlert
MuddyWater and other Iranian MOIS APTs are using DNS tunneling to communicate to its C2 infrastructure; if you see this on your network, look for suspicious outbound traffic.
 
Iranian MOIS hacker group #MuddyWater is using a suite of malware to conduct espionage and malicious activity. If you see two or more of these malware on your network, you may have MuddyWater on it: Virustotal.com/en/user/CYBERC…. Attributed through @NCIJTF @FBI
Replying to @CNMF_CyberAlert
MOIS hacker group MuddyWater is using open-source code for malware. These samples are indicators that a network has been compromised.
 
Iranian MOIS hacker group #MuddyWater is using a suite of malware to conduct espionage and malicious activity. If you see two or more of these malware on your network, you may have MuddyWater on it: Virustotal.com/en/user/CYBERC…. Attributed through @NCIJTF @FBI
 
🚨 Active scanning of Apache HTTP Server CVE-2021-41773 & CVE-2021-42013 is ongoing and expected to accelerate, likely leading to exploitation. Please patch immediately if you haven’t already—this cannot wait until after the weekend. Read more: us-cert.cisa.gov/ncas/current-a…
 
Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already— this cannot wait until after the weekend.
 
Three common sources of compromise in #Kubernetes are supply chain risks, malicious threat actors, and insider threats. #KnowingIsHalfTheBattle💪

#KubernetesClusters #Cybersecurity #OpenSource
NSA and @CISAgov share Kubernetes configurations and recommendations to harden environments against compromise. Understanding the options for building and maintaining a secure Kubernetes cluster is key to protecting your data & resources. nsa.gov/News-Features/… pic.twitter.com/qAMFAlx7ek
 
NEW: Valuable insight released from @NSAGov @CISAgov @FBI on almost 100 Chinese Tactics, Techniques and Procedures.
We collaborated with @CISAgov & @FBI on our #cybersecurity advisory, detailing Chinese state-sponsored actor #TTPs used against U.S. and allied networks. For a thorough understanding of this cyberthreat, read our overview, observed TTPs & mitigations. nsa.gov/news-features/… pic.twitter.com/AezXxddInV
 
Exploitation in the wild has been observed (h/t @GossiTheDog). Please patch immediately!
.@CISAgov is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation. Learn more at go.usa.gov/x6bA5.
 
Do you have that #FridayFeeling you’re being hacked? Read @CISAgov’s Best Practices for @MITREattack Mapping to better understand adversary behavior and defend your networks. go.usa.gov/x6bxs
 
Updated eviction guidance released by @CISAgov. Follow these steps to effectively remove known APT actor from networks.
🚨 We have released eviction guidance related to the ongoing SolarWinds Orion incident and related campaign activities affecting U.S. government agency networks, CI entities, and private sector organizations.

View our updated guidance: go.usa.gov/xHHFv pic.twitter.com/BkAoPgczwY
 
#ICYMI @NSACyber released a Potential Threat Vectors to 5G Infrastructure analysis paper along with partners @ODNIgov, @CISAgov & industry to enhance understanding of risks introduced by #5G.
nsa.gov/news-features/…
 
Excellent report from @CISAgov and @FBI highlighting SVR tactics, including recent shift to third-party access mechanisms.
"Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders" -- Joint Cybersecurity Advisory today from @FBI, @DHSgov, and @CISAgov. See: us-cert.cisa.gov/sites/default/… pic.twitter.com/5F5MyJ7OLO
 
.@CISAgov, @FBI, @CNMF_CyberAlert link Russian SVR/APT 29 actors to network infiltration through #SolarWinds supply chain compromise and GoldenSAML exploitation of M365. Read the report here: us-cert.cisa.gov/ncas/analysis-… pic.twitter.com/AeSEtWUVwQ
Replying to @CNMF_CyberAlert
.@CNMF_Cyberalert, @CISAGov released 8 files attributed to Russian SVR/APT 29. Upload includes new malware variants of GoldMax, GoldFinder, Sibot and associated files which were used to compromise a single victim network. #SolarWinds virustotal.com/en/user/CYBERC…
 
.@CISAgov, @FBI, @CNMF_CyberAlert link Russian SVR/APT 29 actors to network infiltration through #SolarWinds supply chain compromise and GoldenSAML exploitation of M365. Read the report here: us-cert.cisa.gov/ncas/analysis-…
 
Russian Foreign Intelligence Service (SVR) cyber actors are exploiting five publicly known vulnerabilities to target U.S. and allied critical networks. Review our joint #cybersecurity guidance with @CISAgov and @FBI and apply the mitigations to stop them: nsa.gov/News-Features/…
 
Microsoft has released #security updates for #vulnerabilities found in Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.
NSA urges applying critical Microsoft patches released today, as exploitation of these #vulnerabilities could allow persistent access and control of enterprise networks.
msrc-blog.microsoft.com/2021/04/13/apr…
 
.@FBI and @CISAgov have information indicating APT actors are using multiple CVEs to exploit Fortinet
FortiOS vulnerabilities. Recommend immediate action.
APT actors are scanning for vulnerabilities with Fortinet FortiOS to gain access to multiple government, commercial, and technology services networks – read our joint cybersecurity advisory with the @FBI: go.usa.gov/xHx4D pic.twitter.com/tm0Jwd5Xgm
 
“Foreign malign influence is an enduring challenge facing our country,” said Director of National Intelligence Avril Haines. “These efforts by U.S. adversaries seek to exacerbate divisions and undermine confidence in our democratic institutions." @ODNIgov odni.gov/index.php/news…
 
Microsoft has released a new, one-click mitigation tool, the Microsoft Exchange On-Premises Mitigation Tool, to help customers who do not have dedicated security or IT teams to apply security updates for Microsoft Exchange Server. Learn more: msft.it/6015VKNpL
 
❗ NEWLY ISSUED GUIDANCE is available on @CISAgov’s Microsoft Exchange Vulnerabilities web page. Visit go.usa.gov/xsyVk to review the latest guidance and resources from Microsoft for remediating the exploitation of Exchange vulnerabilities.
#Cybersecurity #InfoSec #IT
 
Anyone that has Exchange on-prem exposed to the internet on 80/443 should consider checking into CVE-2021-27065 immediately. I received the patch KB5000871 & installed at 16:30EST but still saw a box popped. Box was hit on the 28th of Feb so this HAS been happening awhile. 1 of 2
 
Patches released by @MsftSecIntel for multiple Exchange #CVE. Immediate action is critical, as some are currently being exploited in the wild. Exploits enable unauthenticated RCE when chained. microsoft.com/security/blog/…
 
In reply to @CISAgov
@CISAgov, @FBI, & @USTreasury released a joint cybersecurity alert summarizing malicious cyber activity by #DPRK APT #LazarusGroup using #AppleJeus #malware to target individuals, #cryptocurrency exchanges and financial service companies.

go.usa.gov/xsTjH
⚠️ North Korean cyber actors are using #AppleJeus #malware variants to carry out an ongoing cryptocurrency theft scheme. Our joint advisory with the @FBI & @USTreasury gives details behind seven identified versions: go.usa.gov/xsTjH. #Cybersecurity #InfoSec #HIDDENCOBRA pic.twitter.com/2nG4V0dGYT
 
#BendyBear malware suspected to have compromised several East Asian governments through actions similar to BlackTech #WaterBear incidents in the past
Today, we exposed "BendyBear," one of the most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an APT, says the Unit 42 researcher who analyzed it. bit.ly/3aH1ABi pic.twitter.com/xHdul07MZM
 
Multiple agencies collaborated to untether victim computers from #Emotet, effectively disrupting the botnet responsible for hundreds of millions of dollars in damage worldwide. Great job!
One of the world’s most dangerous malware botnet #Emotet disrupted in international cyber operation

@USAO_MDNC @FBI @FBICharlotte @Europol @Eurojust @bka @PolitieLE @GStA_FFM_ZIT

justice.gov/opa/pr/emotet-…
 
 
We recommend applying patches as soon as available. This is a far more dangerous #Sudo vulnerability than seen in the rescent past.
Got Root? You do now with CVE-2021-3156 privilege escalation in SUDO. Exploitable Heap-based buffer overflow in a utility that is available in almost all major linux/unix OS versions.
 
Russian state-sponsored cyber actors are exploiting #vulnerability CVE-2020-4006 affecting VMware Workspace ONE Access.
Russian state-sponsored cyber actors are exploiting #vulnerability CVE-2020-4006 affecting VMware Workspace ONE Access. We recommend patching immediately. Read our latest #cybersecurity advisory for details, including detection and mitigation actions: nsa.gov/News-Features/…
 
"The National Cyber Force is a joint Defence and @GCHQ capability, giving the UK a world class ability to conduct cyber operations." -Defence Secretary Ben Wallace

gchq.gov.uk/news/national-…
.@US_CYBERCOM warmly welcomes our newest partners in cyber operations: the UK National Cyber Force. We look forward to working with the NCF against cyber threats.
 
⚠️ New malware variant – Zebrocy – identified by @CISAgov and @CNMF_CyberAlert. Learn more at go.usa.gov/x7jbu.
#Zebrocy #Cybersecurity #InfoSec #Malware
 
.@CNMF_CyberAlert and @CISAgov identified #Zebrocy implant used to target victims in Eastern Europe and Central Asia, including embassies and ministries of foreign affairs.

View samples on @CNMF_CyberAlert's Virus Total: virustotal.com/en/user/CYBERC… and MAR at us-cert.cisa.gov/ncas/analysis-…
 
⚠️ New malware variant – ComRAT – identified by @CISAgov and @CNMF_CyberAlert. Learn more at go.usa.gov/x7jj4.
#ComRAT #Cybersecurity #InfoSec #Malware
 
An implant dropper dubbed #ComRATv4 recently attributed by @CISAgov and @FBI to Russian sponsored APT, Turla. It was likely used to target ministries of foreign affairs and national parliament.

@CNMF_CyberAlert continues to disclose #malware samples on: virustotal.com/en/user/CYBERC…
 
The public and private sectors are united against ransomware, especially those actors targeting medical facilities during a pandemic. This report is just one example of the work being done to address the current threat.
 
.@CNMF_CyberAlert, @CISAgov and @FBI released the Kimsuky Cybersecurity Advisory, a summary of #DPRK malicious cyber acitivity posing as Google, Yahoo mail services, and South Korean reporters, targeting Japan, South Korea, and the United States.

us-cert.cisa.gov/ncas/alerts/aa…
 
.U.S. networks are constantly being scanned, targeted, and exploited by Chinese state-sponsored cyber actors. Take action and mitigate against these exploits used in their hacking operations.
 
In reply to @FBI
@FBI & @TheJusticeDept charged 6 Russian GRU officers (Unit 74455 #Sandworm) for carrying out cyber-attacks against innocent victims as recent as the 2019 cyber-attack against the country of Georgia, 2018 Olympic Destroyer malware, & 2017 global #NotPetya malware campaign.
 
The #SlothfulMedia implant has the ability to run commands, kill processes, invoke a remote shell, add and delete registry values, take screen shots and interact with the file system.

For more info see @CISAgov's MAR us-cert.cisa.gov/ncas/analysis-…
🚨 @CISAgov and @CNMF_CyberAlert have a released a Malware Analysis Report on SLOTHFULMEDIA—this remote access trojan is used by a sophisticated cyber actor. Check out the report at go.usa.gov/xGAg3 for more information, including #IOCs.
#Malware #Cybersecurity #InfoSec pic.twitter.com/bxFapjDsdU
 
A relatively new implant, which we have dubbed #SlothfulMedia, has been used to target victims in a number of countries, including: India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine.

See more on @US_CYBERCOM's Virus Total page: virustotal.com/gui/file/64d78…
 
Hackers Said Pourkarim Arabi, Mohammad Reza Espargham and Mohammad Bayati charged for engaging in a computer intrusion campaign targeting aerospace and satellite industries to steal sensitive info on behalf of the IRCG.

Visit @TheJusticeDept for more: justice.gov/opa/pr/state-s…
 
.@FBI and @TheJusticeDept charged 2 Chinese Nationals and arrested 2 individuals in Malaysia involved in APT-41 malicious cyber activities.
Seven International Cyber Defendants, Including "Apt41" Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally
justice.gov/opa/pr/seven-i…
 
 
For access to this functionality a Trendsmap Explore subscription is required.

A Trendsmap Explore subscription provides full access to all available timeframes

Find out more

Thanks for trying our Trendsmap Pro demo.

For continued access, and to utliise the full functionality available, you'll need to subscribe to a Trendsmap Pro subscription.

Find out more

This account is already logged in to Trendsmap.
Your subscription allows access for one user. If you require access for more users, you can create additional subscriptions.
Please Contact us if you are interested in discussing discounts for 3+ users for your organisation, or have any other queries.