Major Incidents

Incident Response Blog: Cyber Incidents in Ukraine

As Russian forces take military action in Ukraine, cybersecurity companies are reporting various cyber attacks targeting organizations within Ukraine, such as government agencies and critical infrastructure companies, and organizations outside of the country that provide services to Ukraine. Additionally, the U.S. government has warned organizations to prepare for any cyber…

Major Incidents

Incident Response Blog: Log4j

A zero-day vulnerability (CVE-2021-44228) has been discovered in Apache Log4j. Apache Log4j is a java-based logging utility. It is widely used in cloud and enterprise software services. Exploit code has been shared publicly and multiple actors are attempting to exploit the vulnerability. The vulnerability has the potential to allow…

CTA News

CTA’s Giant-Sized Anniversary Issue – Early Share #500

When you read superhero comics, you know something exciting is going to happen when you get an issue with a milestone number, like 100, 250, or 500. Those anniversary issues are always giant-sized and start or end a huge storyline (like Amazing Spider-Man #300, when Venom first appears and Spidey…

Major Incidents

Incident Response Blog: REvil Ransomware Campaign Targeting Kaseya VSA Customers

On Friday, 2 July, CTA members became aware of a ransomware campaign targeting Kaseya’s VSA product. VSA is used by Managed Service Providers (MSPs) to monitor and manage information technology for their clients, provide automation, and assist with software patch management. In this incident, an affiliate of REvil leveraged a…

CTA News

Updating the 2020 Summer Olympics Threat Assessment

The Cyber Threat Alliance (CTA) released our first threat assessment focusing on the 2020 Summer Olympics in Tokyo way back in February 2020. Around the release date, we were seeing stories of a novel coronavirus beginning to spread. Some of us were starting to get concerned about it here in…

CTA News

CTA: A Trusted Environment

The Cyber Threat Alliance (CTA) Sharing Model relies on our organization’s status as a trusted environment for all of our private-sector members, as well as public sector and civil society partners. That trust also allows us to do so much more. The fact that all of CTA’s private-sector…

Major Incidents

Incident Response Blog: Exploitation of Microsoft Exchange Vulnerabilities

During recent weeks, cybersecurity providers, businesses, governments, and other organizations have been responding to the publicization of four zero-day vulnerabilities affecting Microsoft Exchange Servers (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). On March 2, Microsoft released emergency, out-of-band security updates to address these vulnerabilities, which affect a…

Major Incidents

Incident Response Blog: SUNBURST / SolarWinds

On December 13, FireEye and Microsoft released information regarding a newly discovered nation-state campaign actors leveraging access to the SolarWinds Orion Platform. The SolarWinds Orion Platform is used for IT infrastructure management in many government agencies and corporate networks. Nation-state actors compromised the SolarWinds supply chain to trojanize…

CTA News

Early Sharing: Timely Collaboration for Stronger Cybersecurity Defense

At the heart of the Cyber Threat Alliance (CTA) is a commitment to improve cybersecurity defenses across the global information ecosystem. Our sharing of automated threat intelligence and collective engagement on unique cyber threats are critical aspects of this mission. Over time, CTA’s early sharing program has grown to be…

CTA News

2020 Summer Olympics Threat Assessment

This blog is authored by Neil Jenkins (CTA) and Kendall McKay (Cisco Talos, and lead author on the Threat Assessment) Today, the Cyber Threat Alliance (CTA) released the 2020 Summer Olympics Threat Assessment (updated April 2021), our first event-specific threat report focused on cyber risks to this…