darkside (13)

9450988701?profile=RESIZE_400xActivity Summary - Week Ending 20 August 2021:

  • Red Sky Alliance observed 21 unique email accounts compromised with Keyloggers
  • Beware of vadmin-vad05
  • Analysts have identified 24,404 connections from new unique IP addresses
  • 2,573 new IP addresses participating in various Botnets were seen this past week
  • APT31
  • APT Attack / Kimsuky
  • APT1 - Common Crew
  • Darkside and BlackMatter (a Hive connection?)
  • Defense Industrial Base (DIB) / Israel
  • Health Care / US, Ohio
  • Indra / Hackers Behind Recent Attacks on I

9142811686?profile=RESIZE_400xActivity Summary - Week Ending 25 June 2021:

  • Red Sky Alliance observed 105 unique email accounts compromised with Keyloggers
  • Analysts identified 37,719 connections from new unique IP Addresses
  • 2,489 new IP addresses participating in various botnets were Observed
  • Darkside Affiliate Group
  • Telegrams APIs being Used
  • Poland’s Government allegedly hit by Russian Hackers
  • White Hats to the Rescue
  • Carnival Cruise Line hit, AGAIN
  • Korea Atomic Energy Research Institute
  • Hong Kong’s Apple Daily pivoting to

9029753695?profile=RESIZE_400xThe world has entered a new era of cyberattacks.  There have been decades of viruses, breaches, and other forms of attack, last year saw increased hacker sophistication, the propensity to pay in ransomware cases, and a broad swath of geopolitical uncertainty conditions that hackers have found favorable.

The forecast for any organizations seeking or renewing cyber insurance is looking grim.

  • 25% average premium increase.
  • Ransomware/extortion coverage limitations-lower limits and coinsurance.
  • Insu

8998217073?profile=RESIZE_400xActivity Summary - Week Ending 28 May 2021:

  • An Apple designer and a Russian physicist continues to be Spoofed
  • Analysts identified 1,872 new IP addresses participating in various Botnets
  • Red Sky Alliance identified 22,469 connections from new unique IP Addresses
  • DarkSide Ransomware Variant
  • Web Skimming Attacks against CMS
  • Dominos India hit Hard via Cell Phones
  • Cyber Activists Complaining about India’s CERT
  • Irish Health Service Executive still Reeling
  • SITA airline on-line services still Showing D

8943653095?profile=RESIZE_400xCritical infrastructure in any country relies on energy sources and transmission for proper and safe national operations.  A direct cyber shot was delivered to the US oil and gas industry by a Russian criminal group known as DarkSide.  DarkSide was identified in the ransomware attack that shut down the US-Georgia-based Colonial Pipeline, which immediately created fuel shortages to cars, trucks, and the airline industry.  The ransom of $5 million USD was eventually paid to get the pipeline back i

8942343683?profile=RESIZE_400xFrom Krebs On Security, 17 May 2021.[1]  Our analysts think this is important information and wish to share with our Red Sky Alliance members.  In a Twitter discussion last week on ransomware attacks, Krebs On Security noted[2] that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukr

8941840492?profile=RESIZE_400xRecently a trusted cyber professional of Red Sky Alliance, with close to 40 years in the business said, “As cyber technology grew in the last thirty plus years, our international community sacrificed security for convenience.”  So true. 

Now we ask: if a Russian cyber-criminal group[1] or the North Korean military hacks[2] your company, places ransomware on your network because of corporate carelessness and then demands millions to unlock your valuable data - at that point - does it really matte

8925521275?profile=RESIZE_400xCritical infrastructure in any country relies on energy sources and transmission for proper and safe national operations.  A direct cyber shot was delivered to the US oil and gas industry, allegedly by a Russian criminal group known as DarkSide.  DarkSide is suspected in the ransomware attack that shut down the US-Georgia based Colonial Pipeline, which immediately created fuel shortages to cars, trucks and the airline industry. 

This pipeline attack now has other energy sector officials on edge

8920606657?profile=RESIZE_400x

What is RedPane?

RedPane is a dark web search engine tool that has been developed by Red Sky Alliance since late January 2021. With RedPane we are able to make dark web content available without the need for analysts to touch the dark web to visit Tor .onion sites. To date, we have over 300,000 data points on over 50 sites and we are adding new sites weekly.

With RedPane we have developed custom processes to capture text data from dark web sites that we designate, parse that information into a for

8910336854?profile=RESIZE_400xUS Atlanta based Colonial Pipeline Company said in a statement last Friday that it was the victim of a cybersecurity attack, and so "proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems."  An updated statement over the weekend it said it had "determined that this incident involves ransomware."

A former U.S. official and two industry sources have told media that the group DarkSide is among the sus

8640732684?profile=RESIZE_400xActivity Summary - Week Ending 5 March 2021:

  • Fair Deal Furniture in Mombasa Kenya still is Keylogged
  • Red Sky Alliance identified 35,371 connections from new unique IP Addresses
  • Analysts identified 3,001 new IP addresses participating in various Botnets
  • SIM Swapping – easier than a Malware Attack
  • Silver Sparrow flying around inside Apple
  • Javali Banking Trojan
  • PlugX and RedEcho
  • A Kia Hit
  • Oh Canada – Bombidier, GlobalEye and Enterprise Oh !!
  • Don’t get Stung by Lithuanian CityBee
  • The Darkside Hacke

8627829869?profile=RESIZE_400xRecent reporting by CrowdStrike indicates that two productive cybercrime threat groups, Carbon Spider (CS) and Sprite Spider (SS) are spreading hate and discontent against VMware’s ESXi.

ESXi is a Type-1 hypervisor (also known as a “bare-metal” hypervisor) developed by VMware.  A hypervisor is software that runs and manages virtual machines (VMs).  In contrast to Type-2 hypervisors that run on a conventional host operating system, a Type-1 hypervisor runs directly on a dedicated host’s hardware.

8196171482?profile=RESIZE_400xRemember the Dark Side comics?  Well, the DarkSide criminal hacking group is no laughing matter.  The DarkSide Ransomware gang claims they are creating a distributed storage system in Iran to store and leak data stolen from victims.  DarkSide is operated as a Ransomware-as-a-Service (RaaS) where developers control programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices.

DarkSide is the latest ransomware criminal gang to anno