FBI Cyber Division

Operation Winter SHIELD has ended, but the real impact is just beginning. Over the past 60 days, #FBI field offices conducted more than 600 engagements across 14 critical sectors. All field offices participated in #OWS – helping businesses, hospitals, utilities, schools, and local governments nationwide build #cyber resilience and respond effectively to every attack. As Jarrod Forgues Schlenker of FBI Cyber explains in an interview with the Microsoft Threat Intelligence podcast, Operation Winter SHIELD is about turning awareness into action. Listen now 🔗 https://lnkd.in/e4QFiWfe

One of the most effective ways to ensure you are prepared to respond to a cyber incident is to practice. Practiced organizations respond faster, contain incidents more effectively, and reduce impact. That’s why Exercising your Incident Response Plan with all Stakeholders is one of Operation Winter SHIELD’s 10 Key Defenses. Start by maintaining clear, concise incident response plans that define roles: who has decision authority, what systems should be isolated, what evidence should be preserved and how to preserve it. Reducing risk can be as simple as reducing the number of decisions an organization makes in a crisis situation. Each quarter, conduct a focused tabletop exercise with technical, legal, communications, operations, and leadership teams. These exercises expose gaps and build trust. Preparation makes a difference in the middle of an incident. To enable rapid coordination, include your local FBI field office or other law enforcement contacts in your incident response plan. Learn about how you can partner with the FBI fbi.gov/cyber/partnerships and more on all FBI #OWS recommendations fbi.gov/wintershield

On today’s episode of the Ahead of the Threat podcast, Assistant Director Brett Leatherman speaks to Sherrod DeGrippo, Microsoft’s deputy CISO and general manager for customer security, and Maeve Healy, a program manager at the #FBI. They discuss the increasing role AI plays in initiating – and stopping – cyberattacks; how the basic steps recommended by the FBI’s Operation Winter SHIELD campaign can deter would-be hackers; and how security teams can increase their effectiveness by developing partnerships with software developers. https://lnkd.in/ee78KbbM To start the show, AD Leatherman talks about a recent operation to take down a residential proxy service and how foreign partners were critical in that effort. He also discusses a ransomware negotiator who allegedly worked against his own company. See all #AOTT episodes and transcripts 👉 fbi.gov/aheadofthethreat

Your organization’s security extends only as far as your least-protected vendor with network or data access. Adversaries will target the weakest link in your supply chain to bypass strong security measures. That’s why managing third-party risk is one of Operation Winter SHIELD’s 10 Key Defenses. Start by keeping an up-to-date list of all third parties with access, paired with clear owners of these relationships. Require controls like strong authentication, least-privilege access, and monitored gateways where feasible. To further reduce risk, regularly audit third-party accounts and promptly disable any that are no longer needed. Vendor contracts should include clauses requiring quick notification if a breach occurs and annual verification of security controls. When a contract ends or changes, make sure to revoke access and confirm proper data disposal. These simple steps can prevent attackers from exploiting trusted relationships. Recent #FBI advisories have shown how attackers exploit third-party compromise and vendor integrations to sneak into organizations’ networks and steal sensitive data. Learn more about these attacks 🔗https://lnkd.in/gPGKrsBg And see all FBI #OWS recommendations 🔗fbi.gov/wintershield

Russian national Aleksei Volkov was sentenced to 81 months in prison for hacking into U.S. companies and selling access to cyber criminals, including the Yanluowang ransomware group, helping them extort tens of millions of dollars in ransom payments. The FBI will continue to work with foreign partners to arrest cyber criminals and extradite them to face justice on American soil. https://lnkd.in/ewwm6dvY

Iranian cyber actors are using Telegram as command-and-control (C2) infrastructure to push malware targeting Iranian dissidents and opposition groups around the world – resulting in data leaks and reputational harm. Read the #FBI’s new advisory on tactics used by Iranian intelligence and mitigation strategies to reduce the risk of compromise🔗 https://lnkd.in/eyiYn2bQ

Russian cyber actors are conducting a global campaign targeting commercial messaging application (CMA) accounts belonging to individuals with high intelligence value, resulting in unauthorized access to thousands of accounts. Here’s how their phishing techniques work: 🔹 Cyber actors associated with Russian intelligence send fake messages pretending to be automated support accounts or victim contacts on CMAs. 🔹 They tailor messages to deceive targets into clicking links or providing verification codes or account PINs. 🔹 With this info, the attackers link their own device to a victim’s account or engage in full account takeover. Read the #FBI’s new #PSA for recommended ways to protect yourself, even if the campaign evolves and the attackers use additional techniques 🔗 ic3.gov/PSA/2026/PSA260320

Our digital world is full of skilled cybercriminals who aim to steal your money, hold your data for ransom, and shut down critical systems. #YourFBI Cyber Division has evolved over time to combat these threats. Dr. John Fox, the FBI historian, explains the evolution of cybersecurity threats in our country and how the FBI is rising to fight it head on: https://lnkd.in/eWksatZ6

The FBI, Justice Department, Defense Criminal Investigative Service (DCIS), and international partners announced the disruption of four of the world’s largest Internet of Things (IoT) botnets that together were responsible for millions of infected devices and hundreds of thousands of DDoS attacks worldwide. https://lnkd.in/ehCVdWms The operation was conducted with related law enforcement actions in Canada and Germany, which targeted the individuals who operated the botnets. DCIS is investigating the case, with assistance from FBI Anchorage.

The #FBI seized multiple domains linked to Iranian intelligence that were actively used to facilitate cyberattacks, post stolen data, and call for the killing of regime dissidents and U.S. residents. The FBI and the U.S. Department of Justice will continue to defend the homeland by disrupting Iranian hacking and repression schemes that target dissidents and impact Americans. https://lnkd.in/ewdJJKxG