FBI Cyber Division

Listen to season two of the Ahead of the Threat podcast and learn about the current landscape of cyberthreats targeting businesses and critical infrastructure. The podcast will highlight the administration’s cyber strategy and the FBI’s launch of Operation Winter SHIELD, a campaign to defend the homeland against cyber threats with real economic and national security implications, with guests ranging from the private sector to government officials. Listen to episode 0 now: https://lnkd.in/dmdpsc-y

Last week we launched Operation Winter SHIELD, the FBI’s cyber resilience campaign. Today we are spotlighting the 10 key cyber defenses organizations should implement to reduce risk and recover faster from intrusions. From exercising your incident response plan to maintaining offline and immutable backups, these recommendations draw on real FBI investigations and provide industry with a practical roadmap to better secure critical systems. Learn more about the steps you should take now to make exploitation harder: https://lnkd.in/eRe88CG3

Recently the U.S. government gained legal title over more than $400 million in seized assets, including cryptocurrency and real estate, forfeited from Larry Dean Harmon who operated darknet mixing service Helix. Learn more about this investigation here: https://lnkd.in/eXU6xKMX

Most people know the #FBI for our work disrupting criminal enterprises, bringing violent offenders and corrupt officials to justice, countering terrorism, and chasing foreign spies. On Season Two of the Ahead of the Threat podcast, learn about an equally important part of our mission: defending the homeland in cyberspace. This season, we will take you inside FBI Cyber, introducing you to the people working every day to keep our digital world secure. You’ll also hear about the launch of Operation Winter SHIELD, an FBI campaign to promote the 10 most impactful steps organizations can take to build #cyber resilience. Listen now, wherever you get your podcasts: https://lnkd.in/dmdpsc-y

The FBI’s #cyber mission gives us a perspective few others have. Today, we are launching Operation Winter SHIELD to put that perspective into action—sharing the top 10 controls organizations can implement to defend against cyber criminals and nation-state hackers. Each week, we’ll spotlight key defenses, such as phish-resistant authentication and managing third-party risk, and connect them to real #FBI cases. Our goal? To defend the homeland, help you build resilience, and drive measurable progress across industry, government, and critical infrastructure. Watch the announcement video and learn more about building your resilience: www.fbi.gov/wintershield

Update on the Tren de Aragua (TdA) ATM jackpotting case: An additional 31 people were indicted for deploying Ploutus malware and stealing millions of dollars from ATMs, bringing the total number of charged TdA gang members up to 87 individuals. https://lnkd.in/enW5anrG

Operational technology (OT) systems that were once isolated are now more interconnected than ever, delivering efficiency and real-time visibility but also increasing #cyber risks. Exposed and insecure OT systems—often connected to enterprise systems, third-party vendors, and the internet—are known to be targeted by both opportunistic and highly capable actors, who can gain access to sensitive OT devices and networks. This guidance document, which provides secure connectivity principles for OT, was led by the UK’s National Cyber Security Centre (NCSC) and co-authored by #FBI, CISA, and other partners. Learn how your organization should design, secure, and manage connectivity in OT. https://lnkd.in/efe_xhca

The #FBI is warning think tanks, academia, and foreign policy organizations that North Korean cyber actors are using malicious QR codes in spearphishing campaigns. These actors spoof trusted figures in the foreign policy space and embed malicious URLs inside QR codes, forcing victims to pivot from workstations to mobile browsers, bypassing email security controls. We urge potentially targeted organizations to protect themselves by reviewing our new report: https://lnkd.in/eqPYHrBX

Yesterday, a Montana resident was sentenced to 46 months in prison for cyberstalking. He threatened and harassed a victim through text messages, masking his identity by using more than 50 unique phone numbers and a VPN. The case required the FBI to analyze over 1,100 distinct IP addresses. https://lnkd.in/dw-4UGcR

Yesterday, two men pleaded guilty to using ALPHV BlackCat ransomware to attack multiple victims across the United States. The two subjects, both Americans, worked in the cybersecurity industry and conspired to extort millions of dollars from U.S. victims in 2023. They agreed to pay ALPHV BlackCat administrators a 20% share of any ransoms received in exchange for access to their ransomware variant and extortion platform. https://lnkd.in/eAPcciSQ