Mailing Malware. You just can’t make this up: but the oldest cyber threat tactic is back again. A cybercrime group has been mailing out USB thumb drives in the hope that recipients will plug them into their PCs and install ransomware on their networks, according to the FBI. The USB drives contain so-called 'BadUSB' attacks. They were sent in the mail through the US Postal Service and United Parcel Service. One type contained a message impersonating the US Department of Health and Human Ser
blackmatter (7)
The new ransomware operation, which debuted in November 2021, has the potential to be the most sophisticated ransomware of the year, with a highly adjustable feature set that allows for assaults on a wide range of corporate setups. Details have emerged about what is the first Rust language based ransomware strain identified that has already amassed "some victims from different countries" since its launch last month.
The ransomware, now named BlackCat, was disclosed by MalwareHunterTeam https://
This joint Cybersecurity Advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) to provide information on BlackMatter ransomware. Since July 2021, BlackMatter ransomware has targeted multiple US critical infrastructure entities, including two US Food and Agriculture Sector organizations. This advisory provides information on cyber actor tactics, techniques, and procedures (TTPs) ob
Activity Summary - Week Ending 1 October 2021:
- Red Sky Alliance identified 28,292 connections from new IP addresses connecting to Sinkholes
- Analysts identified 482 new IP addresses participating in various botnets
- Amazon Data Services Canada has a compromised IP
- #1 Malware for 29 Sept, FoggyWeb
- Blackmatter Ransomware, Again
- iTerm2 App
- German Elections and Russia
- South Africa Ransomware Attack
- French Shipper hit Again
- British Giant Group hit with a ‘sophisticated’ cyber-attack
- Lithuania and Chin
Activity Summary - Week Ending 17 September 2021:
- Red Sky Alliance identified 37,866 connections from new unique IP addresses
- Analysts identified 765 new IP addresses participating in various Botnets
- Compromised IP: 107.172.100.248
- Is it REvil or is it the Feds?
- BazarLoader
- QakBot
- BlackMatter and Cameras?
- Grayfly – an Arm of APT41
- EasyJet in the Crosshairs
- Just Who’s Winning the Cyber War?
- Tiananmen Square Memorials
Link to full report: IR-21-260-001_weekly_260.pdf
Activity Summary - Week Ending 20 August 2021:
- Red Sky Alliance observed 21 unique email accounts compromised with Keyloggers
- Beware of vadmin-vad05
- Analysts have identified 24,404 connections from new unique IP addresses
- 2,573 new IP addresses participating in various Botnets were seen this past week
- APT31
- APT Attack / Kimsuky
- APT1 - Common Crew
- Darkside and BlackMatter (a Hive connection?)
- Defense Industrial Base (DIB) / Israel
- Health Care / US, Ohio
- Indra / Hackers Behind Recent Attacks on I
Activity Summary - Week Ending 30 July 2021:
- Red Sky Alliance identified 29,998 connections from new unique IP addresses
- Analysts identified 7,608 new IP addresses participating in various Botnets
- Do you used Cucurut on YouTube?
- ‘dmechant’ Malware - Still on the Radar
- Candiru’s Spyware
- Google Chrome Security update
- DNS Cache Poisoning
- RedLine Malware and the Olympics
- Israel and Japan working to Protect the Olympics
- IceFog at the Summer Olympics?
- BlackMatter group
Link to full report: IR-21-211