| | Healthcare and Public Health Sector Cyber Notification Joint CISA-FBI Cybersecurity Advisory on Sophisticated Spearphishing Campaign June 1, 2021
| | | |
| | | Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to an ongoing Spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact—a legitimate email marketing software company—to spoof a U.S. government organization and distribute links to malicious URLs.
In response, CISA and the FBI have released Joint Cybersecurity Advisory AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs and Malware Analysis Report MAR-10339794-1.v1, providing tactics, techniques, and procedures (TTPs); downloadable indicators of compromise (IOCs); and recommended mitigations.
CISA strongly encourages organizations to review AA21-148A and MAR-10339794-1.v1 and apply the necessary mitigations. | | Comments and Questions If you have comments or questions, send an email to CIP@hhs.gov. The CIP team will work to answer your inquiries or connect you to the proper entity. | | Traffic Light Protocol (TLP) Designation: WHITE | | TLP: WHITE information may be distributed without restriction.
| | | . Disclaimer: ASPR provides the above sources of information for the convenience of the HPH Sector community and is not responsible for the availability or content of the information or tools provided, nor does ASPR endorse, warrant or guarantee the products, services or information described or offered. It is the responsibility of the user to determine the usefulness and applicability of the information provided.
|
| | | | | | | |
