JCDC Success Stories Archive

 2022

Geopolitical Tensions Cyber Defense Plan

In early 2022, CISA developed a Russia-Ukraine Tensions Plan with JCDC members that lays out phases and objectives of operational coordination between the U.S. government and private sector partners amidst escalating geopolitical tensions. Additionally, JCDC conducted a tabletop exercise of this plan with interagency and private sector members. The plan serves to guide and align collective operational posture and support the ability to synchronize defensive actions to mitigate harmful impacts to U.S. critical infrastructure from Russian cyber operations.

JCDC members worked together to compile a list of free cybersecurity tools and services to help organizations further advance their security capabilities. This list has proved particularly impactful for small businesses and other organizations who are target rich and resource poor.

Amplified Discovery of Daxin

In February 2022, researchers from JCDC member and global software company, Broadcom, discovered a backdoor malware known as Daxin attributed to China that allows the controller to install malicious software and collect information from specific government targets as part of a larger espionage campaign.

Broadcom leveraged JCDC’s operational collaboration to notify foreign governments that are not Broadcom customers about the threat.

"Within 48 hours of contacting JCDC, we put on a call with the first government that we worked with, along with DHS and JCDC,” said Vikram Thakur, technical director at Symantec Threat Intelligence, a division of Broadcom Software.

CISA leveraged pre-existing relationships with both the U.S. private sector and international partners to notify foreign governments affected by this activity and assist in remediation. Specifically, as JCDC members, CISA and Broadcom were able to uncover the new "Daxin" malware and provide advice on both detection and remediation to partners across the globe.

For more information, see CISA's Current Activity on Daxin and the Broadcom blog post, “Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks.”

2021

Defense Against Log4Shell

Upon the discovery of the Log4Shell vulnerability in Apache Log4j software in December 2021, JCDC shared indicators of compromise, threat activity, and intelligence with and among JCDC members to enable partners to act quickly on this threat affecting software broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information. JCDC partners built true operational collaboration by helping the cybersecurity community to better understand and manage the threat posed by Log4Shell and related vulnerabilities.

For more information, see Apache Log4j Vulnerability Guidance.