The resources below relate to recent cybersecurity attacks and related issues. The Department of Financial Institutions urges all regulated entities and individuals to stay abreast of developments related to these attacks and any implications they may have for your business. DFI will update this page as new resources become available.

Last Updated May 20, 2021

NSCS, CISA, FBI and NSA

• May 7, 2021 – Joint Advisory: Further TTPs Associated with SVR Cyber Actors
  

Onapsis

• April 6, 2021 - Active Cyberattacks on Mission-Critical SAP Applications

FBI

• March 23, 2021 – CU-000143-MW Mamba Ransomware Weaponizing DiskCryptor
  
• March 17, 2021 – 20210307-001 Business Email Compromise Actors Targeting State, Local, Tribal, and Territorial Governments, Straining Resources
  
• March 10, 2021 – AA21-069A Joint Cybersecurity Advisory: Compromise of Microsoft Exchange Server
• March 10, 2021 – 210310-001 Malicious Actors Almost Certainly Will Leverage Synthetic Content for Cyber and Foreign Influence Operations
  

Kentucky Department of Financial Institutions

• Jan. 13, 2021 – DFI Reminds Firms to Contact Regulators with Issues Related to SolarWinds Breach
  

Cyber Unified Coordination Group

• Jan. 5, 2021 – Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI)
• Dec. 16, 2020 – Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI)
  

U.S. Cybersecurity & Infrastructure Security Agency (CISA)

• Ransomware Guidance and Resources
  
• May 14, 2021 – Emergency Directive (ED) 21-01 Supplemental Direction Version 4: Mitigate SolarWinds Orion Code Compromise
  
• May 14, 2021 – Analysis Report (AR21-134AA) Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise
• Revised May 14, 2021 | Original March 9, 2021 – Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise
• May 7 2021 – Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise
• May 11, 2021 – Alert (AA21-131A) Darkside Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
• Revised April 21, 2021 | Original April 20, 2021 – Alert (AA21-110A) Exploitation of Pulse Connect Secure Vulnerabilitie
• April 15, 2021 | Malware Analysis Report (AR21-105A) MAR-10327841-1.v1 - SUNSHUTTLE
  
• Revised April 15, 2021 | Original Jan. 8, 2021 – Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
• Revised April 14, 2021 | Original March 3, 3031 –Alert (AA21-062A) Mitigate Microsoft Exchange Server Vulnerabilities
• April 13, 2021 – 21-02 Mitigate Microsoft Exchange Server Vulnerabilities: Supplement Direction Version 2
  
• March 31, 2021 – 21-02 Mitigate Microsoft Exchange Server Vulnerabilities: Supplemental Direction
  
• Revised March 31, 2021 Original March 2, 2021- AA21-062A - Mitigate Microsoft Exchange Server Vulnerabilities
  
• March 10, 2021 – AA21-069A Joint Cybersecurity Advisory: Compromise of Microsoft Exchange Server
• March 9, 2021 CISA Insights: Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise: Risk Decisions for Leaders
• March 8, 2021 – Remediating Microsoft Exchange Vulnerabilities
• March 5, 2021 – Microsoft Releases Alternative Mitigations for Exchange Server Vulnerabilities
  
• March 2021 – Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
• Supply Chain Compromise
  
• Feb. 8, 2021 – Malware Analysis Report (AR21-039B) – MAR-103201115-1.v1 - TEARDROP
  
• Feb. 8, 2021 – Malware Analysis Report (AR21-039A) – MAR-10318845-1.v1 - SUNBURST
• Jan. 27, 2021 – Malware Analysis Report (AR21-021-027A) – MAR-10319053-1.v1 - Supernova
• Revised Jan. 7, 2021 | Original Dec. 17, 2021 – Alert (AA20-352A) Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
  
• Revised Jan. 6, 2021 | Original Dec. 13, 2020 – CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products</a>
• Dec. 2020 What Every Leader Needs to Know about the Ongoing APT Cyber Activity

National Security Agency (NSA)

• Dec. 17, 2020 – NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources
  • Infographic
  • Abridged Version
  • Full Advisory

SolarWinds

• SolarWinds Security Advisory
  

Microsoft Blog

• March 15, 2021 – One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021
• March 2, 2021 – New Nation-State Cyberattacks
  

Microsoft Security Response Center

• March 5, 2021 – Multiple Security Updates Released for Exchange Server
• March 2, 2021 – HAFNIUM Targeting Exchange Servers with 0-day Exploits
• Updated Feb. 5, 2021 – Solorigate Resource Center
  
• Revised Dec. 21, 2020 | Original Dec. 13, 2020 – Customer Guidance on Recent Nation-State Cyber Attacks
• Dec. 13, 2020 – Important Steps for Customers to Protect Themselves from Recent Nation-State Cyberattacks

FireEye

• UNC2452 and Sunburst Resource Center
• Dec. 13, 2020 – Threat Research: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor