FBI, CISA Release IoCs for Phobos Ransomware
Threat actors using the malware have infected systems within government, healthcare, and other critical infrastructure organizations since at least 2019.
Stay informed on the FBI's latest cyber security operations, threats, and safety tips. Your source for up-to-date FBI infosec news and insights.
Search across headline titles and summaries.
Background for this topic.
Federal Bureau of Investigation (FBI) is the United States’ principal federal law-enforcement agency and a domestic intelligence authority. In cybersecurity, it investigates cybercrime, digital intrusion, online fraud, and espionage; works with victims and other agencies; and may support disruption operations, prosecutions, or public warnings. FBI references in security news often concern indictments, infrastructure seizures, malware or intrusion advisories, and requests for victim cooperation.
Practitioners can report suspected internet crime through the FBI’s Internet Crime Complaint Center (IC3) or contact a local FBI field office, while preserving relevant logs, messages, and other evidence. FBI engagement can provide threat intelligence, such as indicators of compromise or information about attacker infrastructure, and may affect evidence handling and legal processes. It does not replace containment, recovery, breach assessment, or privacy and regulatory notifications required of the affected organization.
Threat actors using the malware have infected systems within government, healthcare, and other critical infrastructure organizations since at least 2019.
Agent Robert K. Tripp on FBI's Approach to Deepfakes, Nation-State Election ThreatsThe U.S. presidential election is still eight months away, but the FBI is already seeing its share of cyberattacks, nation-state threats and AI-generated deepfakes. According to FBI Agent Robert K. Tripp, "We're no longer considering threats as a what-if situation; it's happening now."
The routers were hijacked to steal credentials, proxy traffic, and host phishing pages and custom tools
The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month
Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. [...]
Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. [...]
After Operation Cronos, LockBit Leader LockBitSupp's Vows to Continue HackingRussian-speaking ransomware operation LockBit reestablished a dark web leak site Saturday afternoon, posting a lengthy screed apparently authored by its leader, who vowed not to retreat from the criminal underground world. The FBI had no comment.
The FBI's takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a ransom. LockBit claims the cache includes documents tied to the county's ongoing criminal prosecution of former President Trump, but court watchers say teaser documents published by the crime gang suggest a total leak of the Fulton County data could put lives at risk and jeopardize a number of other criminal trials.