X-Industry

Researchers have uncovered malware designed to disrupt electric power transmission that may have been used by the Russian government in training exercises for creating or responding to cyberattacks on electric grids.

Known as CosmicEnergy, the malware has capabilities that are comparable to those found in malware known as Industroyer and Industroyer2, both of which have been widely attributed by researchers to Sandworm, the name of one of Russia’s most skilled and cutthroat hacking groups.  Sand

Activity Summary - Week Ending on 30 September 2022:

• Red Sky Alliance identified 31,149 connections from new IP’s checking in with our Sinkholes
• Hetzner in Bavaria Germany hit 28x
• Analysts identified 3,298 new IP addresses participating in various Botnets
• dotCMS Issues
• Meta to the Rescue
• Noberus, aka: BlackCat ALPHV
• Optus
• Industroyer

Link to full report: IR-22-274-001_weekly274.pdf

There is serious legal reasoning that cyber-attacks against a nation’s critical infrastructure could be reasoned as a war crime.[1]  The University of California (UC), Berkeley Human Rights Center’s recent recommendations for war crime charges against the Sandworm hacking group, which was sent to the International Crimes Commission (ICC) before some of the most recent cyberattacks fully came to light, single out Sandworm’s two blackout attacks in 2015 and 2016 for legal and practical reasons: Sa

Activity Summary - Week Ending 23 October 2020:

• Red Sky Alliance observed 69 unique email accounts compromised with keyloggers
• Analysts identified 43,643 connections from new unique IP addresses
• CTAC identified 2,933 new IP addresses participating in various Botnets
• EKING Variant of Phobos Ransomware
• Kraken
• KillDisk and Industroyer
• Mobility Electronics Suppliers Expo – Attacked
• Messe-Berlin
• Minnesota Republican Party – Attacked
• Critical Manufacturing RedXray example – Tesla Inc.
• 4Chan and 8Chan