Oil & Gas

Oil and Gas Brief 08 16 2019

Posted by Bill Schenkelberg on August 16, 2019 at 12:22pm

3429739611?profile=RESIZE_710xActivity Summary - Week Ending 16 August 2019:

  • Wapack Labs identified 32 unique email accounts compromised with keyloggers
  • The top C2 IP from keylogger, assigned to: Ireland Cork World Hosting Farm seen 2nd week
  • Analysts identified 77,164 connections from new unique IP addresses
  • Proprietary sources identified 512,109 new IP addresses participating in various botnets
  • Group 123 / APT37, North Korean hacker group
  • Lokibot using Steganography Techniques
  • TrickBot Hides Malicious JavaScript
  • Iran responsible for 70% of intentionally misrepresented their Bills of Lading
  • Turkey sending 3rd drilling ship to Cyprus’ EEZ / Gibraltar to release the VLCC Grace 1 (Iran)
  • Machete hacking group focusing on Venezuela’s military

Link to full report: IR-19-228-001-OIL & GAS_FINAL.pdf

Tags: group 123, apt37, lokibot, trickbot, grace 1, machete hacking group, bills of lading