X-Industry

A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to nefarious use by the now-defunct Conti ransomware gang members, indicating collaboration between the two crews.  The malware, named Domino, is primarily designed to facilitate follow-on exploitation of compromised systems, including delivering a lesser-known information stealer that has been advertised for sale on the dark web since December 2021.

Former TrickBot/Conti syndicate me

A victim of a ransomware attack paid to restore access to their network, but the cybercriminals did not hold up their end of the deal.  The real-life incident, as detailed by cybersecurity researchers at Barracuda Networks, occurred in August 2021, when hackers from the BlackMatter ransomware group used a phishing email to compromise a single victim's account at an undisclosed company.  First seen in July 2021, BlackMatter is a ransomware-as-a-service (RaaS) tool that allows the ransomware's dev

Those readers who were born before the Internet Age may remember seeing the Wanted Posters of criminals on the walls of US Post Offices.  There were stated cash rewards for those who provided information that led to the wanted criminal’s arrest.  Yes, you actually went into a federal building and mailed a letter with a postage stamp attached.  What is a postage stamp?  We will cover this subject in another article. The US authorities are offering a multimillion-dollar reward for anyone with info

Red Sky Alliance has been building our dark web data collection since late January 2021. With it, we are able to make dark web content available without the need for analysts to touch the dark web to visit Tor .onion sites. To date, we have over 1.3 million data points on over 75 sites and we are adding new sites regulary. The dark web sites that we collect from evolves over time as new sites come and older sites shut down, but we maintain a historical record of those decommissioned sites. Lastl

Activity Summary - Week Ending 20 August 2021:

• Red Sky Alliance observed 21 unique email accounts compromised with Keyloggers
• Beware of vadmin-vad05
• Analysts have identified 24,404 connections from new unique IP addresses
• 2,573 new IP addresses participating in various Botnets were seen this past week
• APT31
• APT Attack / Kimsuky
• APT1 - Common Crew
• Darkside and BlackMatter (a Hive connection?)
• Defense Industrial Base (DIB) / Israel
• Health Care / US, Ohio
• Indra / Hackers Behind Recent Attacks on I

Activity Summary - Week Ending 25 June 2021:

• Red Sky Alliance observed 105 unique email accounts compromised with Keyloggers
• Analysts identified 37,719 connections from new unique IP Addresses
• 2,489 new IP addresses participating in various botnets were Observed
• Darkside Affiliate Group
• Telegrams APIs being Used
• Poland’s Government allegedly hit by Russian Hackers
• White Hats to the Rescue
• Carnival Cruise Line hit, AGAIN
• Korea Atomic Energy Research Institute
• Hong Kong’s Apple Daily pivoting to

The world has entered a new era of cyberattacks.  There have been decades of viruses, breaches, and other forms of attack, last year saw increased hacker sophistication, the propensity to pay in ransomware cases, and a broad swath of geopolitical uncertainty conditions that hackers have found favorable.

The forecast for any organizations seeking or renewing cyber insurance is looking grim.

• 25% average premium increase.
• Ransomware/extortion coverage limitations-lower limits and coinsurance.
• Insu

Activity Summary - Week Ending 28 May 2021:

• An Apple designer and a Russian physicist continues to be Spoofed
• Analysts identified 1,872 new IP addresses participating in various Botnets
• Red Sky Alliance identified 22,469 connections from new unique IP Addresses
• DarkSide Ransomware Variant
• Web Skimming Attacks against CMS
• Dominos India hit Hard via Cell Phones
• Cyber Activists Complaining about India’s CERT
• Irish Health Service Executive still Reeling
• SITA airline on-line services still Showing D

Critical infrastructure in any country relies on energy sources and transmission for proper and safe national operations.  A direct cyber shot was delivered to the US oil and gas industry by a Russian criminal group known as DarkSide.  DarkSide was identified in the ransomware attack that shut down the US-Georgia-based Colonial Pipeline, which immediately created fuel shortages to cars, trucks, and the airline industry.  The ransom of $5 million USD was eventually paid to get the pipeline back i

From Krebs On Security, 17 May 2021.[1]  Our analysts think this is important information and wish to share with our Red Sky Alliance members.  In a Twitter discussion last week on ransomware attacks, Krebs On Security noted[2] that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukr

Recently a trusted cyber professional of Red Sky Alliance, with close to 40 years in the business said, “As cyber technology grew in the last thirty plus years, our international community sacrificed security for convenience.”  So true. 

Now we ask: if a Russian cyber-criminal group[1] or the North Korean military hacks[2] your company, places ransomware on your network because of corporate carelessness and then demands millions to unlock your valuable data - at that point - does it really matte

Critical infrastructure in any country relies on energy sources and transmission for proper and safe national operations.  A direct cyber shot was delivered to the US oil and gas industry, allegedly by a Russian criminal group known as DarkSide.  DarkSide is suspected in the ransomware attack that shut down the US-Georgia based Colonial Pipeline, which immediately created fuel shortages to cars, trucks and the airline industry. 

This pipeline attack now has other energy sector officials on edge

What is RedPane?

RedPane is a dark web search engine tool that has been developed by Red Sky Alliance since late January 2021. With RedPane we are able to make dark web content available without the need for analysts to touch the dark web to visit Tor .onion sites. To date, we have over 300,000 data points on over 50 sites and we are adding new sites weekly.

With RedPane we have developed custom processes to capture text data from dark web sites that we designate, parse that information into a for

US Atlanta based Colonial Pipeline Company said in a statement last Friday that it was the victim of a cybersecurity attack, and so "proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems."  An updated statement over the weekend it said it had "determined that this incident involves ransomware."

A former U.S. official and two industry sources have told media that the group DarkSide is among the sus

Activity Summary - Week Ending 5 March 2021:

• Fair Deal Furniture in Mombasa Kenya still is Keylogged
• Red Sky Alliance identified 35,371 connections from new unique IP Addresses
• Analysts identified 3,001 new IP addresses participating in various Botnets
• SIM Swapping – easier than a Malware Attack
• Silver Sparrow flying around inside Apple
• Javali Banking Trojan
• PlugX and RedEcho
• A Kia Hit
• Oh Canada – Bombidier, GlobalEye and Enterprise Oh !!
• Don’t get Stung by Lithuanian CityBee
• The Darkside Hacke

Recent reporting by CrowdStrike indicates that two productive cybercrime threat groups, Carbon Spider (CS) and Sprite Spider (SS) are spreading hate and discontent against VMware’s ESXi.

ESXi is a Type-1 hypervisor (also known as a “bare-metal” hypervisor) developed by VMware.  A hypervisor is software that runs and manages virtual machines (VMs).  In contrast to Type-2 hypervisors that run on a conventional host operating system, a Type-1 hypervisor runs directly on a dedicated host’s hardware.

Remember the Dark Side comics?  Well, the DarkSide criminal hacking group is no laughing matter.  The DarkSide Ransomware gang claims they are creating a distributed storage system in Iran to store and leak data stolen from victims.  DarkSide is operated as a Ransomware-as-a-Service (RaaS) where developers control programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices.

DarkSide is the latest ransomware criminal gang to anno