Intelligence Reporting

malware (7)

Wapack Labs has identified 699 unique IP addresses believed to be infected by or associated with, possible delivery of Black Energy.  Some of these connections contained an href user agent (pointing at another location), others appeared infected with Black Energy and were identified checking into our Black Energy sinkholes.  Black Energy, as you may recall, was used against Ukraine on 23 December 2015, in coordinated attacks against multiple regional distribution power companies in…

Cybersecurity researchers have unveiled, the first-ever, UEFI (Unified Extensible Firmware Interface) rootkit being used.  It allows hackers to implant persistent malware on targeted computers that could endure a complete hard-drive wipe.  Titled LoJax, the UEFI rootkit is part of a malware campaign conducted by the Sednit group, also known as APT28, Fancy Bear, Strontium, and Sofacy, who have targeted government organizations in the Balkans as well as in Central and Eastern Europe.…

Cyber actors are targeting US critical infrastructure using a malicious attachment leveraging the “shellshock” vulnerability based on historical and current investigative analysis. The same tactics, techniques and procedures (TTPs) could be used against other US critical infrastructure sectors.  US authorities are is providing the following indicators of compromise, identified malicious code, and suspect internet protocol (IP) addresses to assist receiving organizations’ computer network…

Foreshadow flaws are revealed in Intel’s Core and Xeon range of processors. Alternatively known as L1 Terminal Fault or L1TF include three new speculative execution[1] side channel vulnerabilities.  The Foreshadow attacks could allow a hacker or malicious application to gain access to the sensitive data stored in a computer's memory or third-party clouds, including files, encryption keys, pictures, or…

Cybersecurity threats are always changing.  Threats that target businesses are malware, phishing, ID theft, Distributed Denial of Service (DDoS) attacks, software threats, data diddling, password attacks, Man-In-The-Middle (MITM) attacks, salami-slicing, IoT hacking, and cyber extortion.  These are the most common cyber threats that small business companies need to be protected against.  It is highly likely your business can reasonably prevent and mitigate many of these type…

The XXIII Olympic Winter Games, hosted in PyeongChang, South Korea, commence on 9 February 2018. Wapack Labs observed two compromised individuals, infected with AZORult malware, logging into the official Olympic Winter Games portal, pyeongchang2018.com. AZORult is a Trojan horse which steals information from a compromised system. After installation, AZORult begins looking for sensitive data; browser cookies, usernames and passwords, system information, and autocomplete fields.