National Cyber Awareness System (NCAS) Alerts
The National Cyber Awareness System (NCAS) offers a variety of information for users with varied technical expertise.
Alerts provide timely information about current security issues, vulnerabilities, and exploits. This page serves as a reference
to the NCAS Alerts, their summary, and a link to the technical and remediation information on the Cybersecurity & Infrastructure
Security Agency (CISA) website.
IACI captures these alerts and then processes them through its Malware Information Sharing Platform (MISP) instance to extract
actionable, relevant IOCs for our partners.
NCAS NAME | ALERT TITLE | DATE PUBLISHED | LAST UPDATE | ACTION |
---|---|---|---|---|
AA24-131A | #StopRansomware: Black Basta | 2024-05-10 09:02:21 | 2024-05-10 09:02:21 | |
AA24-109A | #StopRansomware: Akira Ransomware | 2024-04-17 12:23:11 | 2024-04-17 12:23:11 | |
AA24-060B | Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways | 2024-02-21 15:30:03 | 2024-02-21 15:30:03 | |
AA24-060A | #StopRansomware: Phobos Ransomware | 2024-02-26 09:51:34 | 2024-02-26 09:51:34 | |
AA24-057A | SVR Cyber Actors Adapt Tactics for Initial Cloud Access | 2024-02-23 12:37:53 | 2024-02-23 12:37:53 | |
AA24-046A | Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization | 2024-02-14 15:19:25 | 2024-02-14 15:19:25 | |
AA24-038A | PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure | 2024-02-01 15:37:41 | 2024-02-01 15:37:41 | |
AA24-016A | Known Indicators of Compromise Associated with Androxgh0st Malware | 2024-01-12 12:13:51 | 2024-01-12 12:13:51 | |
AA23-353A | #StopRansomware: ALPHV Blackcat | 2023-12-19 09:31:04 | 2023-12-19 09:31:04 | |
AA23-352A | #StopRansomware: Play Ransomware | 2023-12-11 17:41:43 | 2023-12-11 17:41:43 | |
AA23-349A | Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment | 2023-12-13 19:24:48 | 2023-12-13 19:24:48 | |
AA23-347A | Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally | 2023-12-12 12:33:19 | 2023-12-12 12:33:19 | |
AA23-341A | Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns | 2023-12-06 15:18:57 | 2023-12-06 15:18:57 | |
AA23-339A | Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | 2023-12-04 13:05:06 | 2023-12-04 13:05:06 | |
AA23-335A | IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities | 2023-12-01 17:21:58 | 2023-12-01 17:21:58 | |
AA23-325A | #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability | 2023-11-21 08:50:48 | 2023-11-21 08:50:48 | |
AA23-320A | Scattered Spider | 2023-11-15 09:55:52 | 2023-11-15 09:55:52 | |
AA23-319A | #StopRansomware: Rhysida Ransomware | 2023-11-14 11:45:07 | 2023-11-14 11:45:07 | |
AA23-289A | Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks | 2023-10-13 16:48:38 | 2023-10-13 16:48:38 | |
AA23-284A | #StopRansomware: AvosLocker Ransomware (Update) | 2023-10-10 11:46:58 | 2023-10-10 11:46:58 | |
AA23-278A | NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations | 2023-10-02 15:42:24 | 2023-10-02 15:42:24 | |
AA23-270A | People's Republic of China-Linked Cyber Actors Hide in Router Firmware | 2023-09-26 15:45:20 | 2023-09-26 15:45:20 | |
AA23-263A | #StopRansomware: Snatch Ransomware | 2023-09-18 17:27:04 | 2023-09-18 17:27:04 | |
AA23-250A | Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | 2023-09-06 13:03:37 | 2023-09-06 13:03:37 | |
AA23-242A | Identification and Disruption of QakBot Infrastructure | 2023-08-29 15:28:47 | 2023-08-29 15:28:47 | |
AA23-215A | 2022 Top Routinely Exploited Vulnerabilities | 2023-08-02 14:57:42 | 2023-08-02 14:57:42 | |
AA23-213A | Threat Actors Exploiting Ivanti EPMM Vulnerabilities | 2023-08-01 10:42:59 | 2023-08-01 10:42:59 | |
AA23-208A | Preventing Web Application Access Control Abuse | 2023-07-26 17:10:39 | 2023-07-26 17:10:39 | |
AA23-201A | Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells | 2023-07-20 15:28:57 | 2023-07-20 15:28:57 | |
AA23-193A | Enhanced Monitoring to Detect APT Activity Targeting Outlook Online | 2023-07-11 17:55:00 | 2023-07-11 17:55:00 | |
AA23-187A | Increased Truebot Activity Infects U.S. and Canada Based Networks | 2023-07-05 17:30:07 | 2023-07-05 17:30:07 | |
AA23-165A | Understanding Ransomware Threat Actors: LockBit | 2023-06-12 12:22:28 | 2023-06-12 12:22:28 | |
AA23-158A | #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability | 2023-06-06 16:58:32 | 2023-06-06 16:58:32 | |
AA23-144A | People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection | 2023-05-23 14:06:33 | 2023-05-23 14:06:33 | |
AA23-136A | #StopRansomware: BianLian Ransomware Group | 2023-05-15 12:29:37 | 2023-05-15 12:29:37 | |
AA23-131A | Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG | 2023-05-10 17:35:23 | 2023-05-10 17:35:23 | |
AA23-108 | APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers | 2023-04-17 16:32:46 | 2023-04-17 16:32:46 | |
AA23-075A | #StopRansomware: LockBit 3.0 | 2023-03-15 15:20:17 | 2023-03-15 15:20:17 | |
AA23-074A | Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server | 2023-03-13 13:57:57 | 2023-03-13 13:57:57 | |
AA23-061A | #StopRansomware: Royal Ransomware | 2023-02-24 12:30:43 | 2023-02-24 12:30:43 | |
AA23-059A | CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | 2023-02-24 14:04:05 | 2023-02-24 14:04:05 | |
AA23-040A | #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities | 2023-02-09 18:00:00 | 2023-02-10 12:00:00 | |
AA23-039A | ESXiArgs Ransomware Virtual Machine Recovery Guidance | 2023-02-08 16:14:50 | 2023-02-08 16:14:50 | |
AA23-025A | Protecting Against Malicious Use of Remote Monitoring and Management Software | 2023-01-25 17:55:00 | 2023-01-26 12:00:00 | |
AA22-335A | #StopRansomware: Cuba Ransomware | 2022-12-01 18:04:01 | 2023-01-05 12:00:00 | |
AA22-321A | #StopRansomware: Hive Ransomware | 2022-11-17 17:00:00 | 2022-11-25 12:00:00 | |
AA22-320A | Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester | 2022-11-16 15:04:03 | 2022-11-25 12:00:00 | |
AA22-294A | #StopRansomware: Daixin Team | 2022-10-21 14:29:15 | 2022-10-26 12:00:00 | |
AA22-279A | Top CVEs Actively Exploited By Peoples Republic of China State-Sponsored Cyber Actors | 2022-10-06 17:08:51 | 2022-10-06 17:08:51 | |
AA22-277A | Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization | 2022-10-04 17:58:00 | 2022-10-05 12:00:00 | |
AA22-265A | Control System Defense | 2022-09-22 12:55:58 | 2022-09-22 12:55:58 |