TLP:AMBER

IACI_Logo

National Cyber Awareness System (NCAS) Alerts

The National Cyber Awareness System (NCAS) offers a variety of information for users with varied technical expertise.

Alerts provide timely information about current security issues, vulnerabilities, and exploits. This page serves as a reference to the NCAS Alerts, their summary, and a link to the technical and remediation information on the Cybersecurity & Infrastructure Security Agency (CISA) website.

IACI captures these alerts and then processes them through its Malware Information Sharing Platform (MISP) instance to extract actionable, relevant IOCs for our partners.


(Click any "More Info" button to retrieve more information about the associated NCAS alert)

NCAS NAMEALERT TITLEDATE PUBLISHEDLAST UPDATEACTION
AA24-131A#StopRansomware: Black Basta2024-05-10 09:02:212024-05-10 09:02:21
AA24-109A#StopRansomware: Akira Ransomware2024-04-17 12:23:112024-04-17 12:23:11
AA24-060BThreat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways2024-02-21 15:30:032024-02-21 15:30:03
AA24-060A#StopRansomware: Phobos Ransomware2024-02-26 09:51:342024-02-26 09:51:34
AA24-057ASVR Cyber Actors Adapt Tactics for Initial Cloud Access2024-02-23 12:37:532024-02-23 12:37:53
AA24-046AThreat Actor Leverages Compromised Account of Former Employee to Access State Government Organization2024-02-14 15:19:252024-02-14 15:19:25
AA24-038APRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure2024-02-01 15:37:412024-02-01 15:37:41
AA24-016AKnown Indicators of Compromise Associated with Androxgh0st Malware2024-01-12 12:13:512024-01-12 12:13:51
AA23-353A#StopRansomware: ALPHV Blackcat2023-12-19 09:31:042023-12-19 09:31:04
AA23-352A#StopRansomware: Play Ransomware2023-12-11 17:41:432023-12-11 17:41:43
AA23-349AEnhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment2023-12-13 19:24:482023-12-13 19:24:48
AA23-347ARussian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally2023-12-12 12:33:192023-12-12 12:33:19
AA23-341ARussian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns2023-12-06 15:18:572023-12-06 15:18:57
AA23-339AThreat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers2023-12-04 13:05:062023-12-04 13:05:06
AA23-335AIRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities2023-12-01 17:21:582023-12-01 17:21:58
AA23-325A#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability2023-11-21 08:50:482023-11-21 08:50:48
AA23-320AScattered Spider2023-11-15 09:55:522023-11-15 09:55:52
AA23-319A#StopRansomware: Rhysida Ransomware2023-11-14 11:45:072023-11-14 11:45:07
AA23-289AThreat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks2023-10-13 16:48:382023-10-13 16:48:38
AA23-284A#StopRansomware: AvosLocker Ransomware (Update)2023-10-10 11:46:582023-10-10 11:46:58
AA23-278ANSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations2023-10-02 15:42:242023-10-02 15:42:24
AA23-270APeople's Republic of China-Linked Cyber Actors Hide in Router Firmware2023-09-26 15:45:202023-09-26 15:45:20
AA23-263A#StopRansomware: Snatch Ransomware2023-09-18 17:27:042023-09-18 17:27:04
AA23-250AMultiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-424752023-09-06 13:03:372023-09-06 13:03:37
AA23-242AIdentification and Disruption of QakBot Infrastructure2023-08-29 15:28:472023-08-29 15:28:47
AA23-215A2022 Top Routinely Exploited Vulnerabilities2023-08-02 14:57:422023-08-02 14:57:42
AA23-213AThreat Actors Exploiting Ivanti EPMM Vulnerabilities2023-08-01 10:42:592023-08-01 10:42:59
AA23-208APreventing Web Application Access Control Abuse2023-07-26 17:10:392023-07-26 17:10:39
AA23-201AThreat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells2023-07-20 15:28:572023-07-20 15:28:57
AA23-193AEnhanced Monitoring to Detect APT Activity Targeting Outlook Online2023-07-11 17:55:002023-07-11 17:55:00
AA23-187AIncreased Truebot Activity Infects U.S. and Canada Based Networks2023-07-05 17:30:072023-07-05 17:30:07
AA23-165AUnderstanding Ransomware Threat Actors: LockBit2023-06-12 12:22:282023-06-12 12:22:28
AA23-158A#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability2023-06-06 16:58:322023-06-06 16:58:32
AA23-144APeople's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection2023-05-23 14:06:332023-05-23 14:06:33
AA23-136A#StopRansomware: BianLian Ransomware Group2023-05-15 12:29:372023-05-15 12:29:37
AA23-131AMalicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG2023-05-10 17:35:232023-05-10 17:35:23
AA23-108APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers2023-04-17 16:32:462023-04-17 16:32:46
AA23-075A#StopRansomware: LockBit 3.02023-03-15 15:20:172023-03-15 15:20:17
AA23-074AThreat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server2023-03-13 13:57:572023-03-13 13:57:57
AA23-061A#StopRansomware: Royal Ransomware2023-02-24 12:30:432023-02-24 12:30:43
AA23-059ACISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks2023-02-24 14:04:052023-02-24 14:04:05
AA23-040A#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities2023-02-09 18:00:002023-02-10 12:00:00
AA23-039AESXiArgs Ransomware Virtual Machine Recovery Guidance2023-02-08 16:14:502023-02-08 16:14:50
AA23-025AProtecting Against Malicious Use of Remote Monitoring and Management Software2023-01-25 17:55:002023-01-26 12:00:00
AA22-335A#StopRansomware: Cuba Ransomware2022-12-01 18:04:012023-01-05 12:00:00
AA22-321A#StopRansomware: Hive Ransomware2022-11-17 17:00:002022-11-25 12:00:00
AA22-320AIranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester2022-11-16 15:04:032022-11-25 12:00:00
AA22-294A#StopRansomware: Daixin Team2022-10-21 14:29:152022-10-26 12:00:00
AA22-279ATop CVEs Actively Exploited By Peoples Republic of China State-Sponsored Cyber Actors2022-10-06 17:08:512022-10-06 17:08:51
AA22-277AImpacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization2022-10-04 17:58:002022-10-05 12:00:00
AA22-265AControl System Defense2022-09-22 12:55:582022-09-22 12:55:58