log4j - X-Industry - Red Sky Alliance

Weekly Cyber Intel Report - All Sector 07 15 2022

Activity Summary - Week Ending on 15 July 2022:

Red Sky Alliance identified 47,679 connections from new IP’s checking in with our Sinkholes
Swedish Co., City Network International AB 10x
Malicious Email collection is back: Alessandra[_]alexandre_@hotmail[.]com 24x
Analysts identified 1,504 new IP addresses participating in various Botnets
eCh0raix, DeadLocker and Kawaii
Malicious Files Exploiting Old CVEs
Log4j Report
Honda KeyFobs and Rolling Pwn

Link to full report: IR-22-196-001_weekly196.

Intel Report: Cyber Threats & Vulnerabilities 03 17 2022

Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.

Link to full report: IR-22-077-002_CyberIntelSummary077.pdf

Weekly Cyber Intel Report - All Sector 01 14 2022

Activity Summary - Week Ending on 14 January 2022:

Red Sky Alliance identified 24,345 connections from new IP’s checking in with our Sinkholes
Microsoft IP’s in UK and N. Ireland hit
Analysts identified 1,435 new IP addresses participating in various Botnets
Rook Ransomware
More Log4j
Ukraine Cyber Bust
UK NHS
Who’s Winning?
Google Docs
The Electric Grid’s Hot Wires
BLM suing LAPD

Link to full report: IR-22-014-001_weekly014.pdf

Vietnamese Crypto Trading Platform Hit with Log4j

ONUS, the Vietnamese crypto trading platform, recently experienced an attack stemming from the Log4j vulnerability (CVE-2021-44228).[1] ONUS allows users to trade crypto currencies through their app which is available for iOS and Android. The organization has grown significantly in the past 18 months since the app’s launch in March of 2020, with a large portion of users in Vietnam, Nigeria, and the Philippines.[2]

Financial organizations and crypto platforms in particular are juicy targets for a

Weekly Cyber Intel Report - All Sector 12 22 2021

Activity Summary - Week Ending on 22 December 2021:

Red Sky Alliance identified 30,069 connections from new IP’s checking in with our Sinkholes
dauction.ru Still has Issues after 4 weeks !
Analysts identified 5,039 new IP addresses participating in various Botnets
Log4j Vulnerability
BlackCat
AgentTesla Additions
Iran Hackers
Cyber and Medical Devices
Attacking K-12 School Apps
Cyber Port Protection
Finite Recruitment

Link to full report: IR-21-356-001_weekly356.pdf

Weekly Cyber Intel Report - All Sector 12 17 2021

Activity Summary - Week Ending on 17 December 2021:

Red Sky Alliance identified 39,374 connections from new IP’s checking in with our Sinkholes
ru Still has Issues after 3 weeks
Analysts identified 4,459 new IP addresses participating in various Botnets
Zoho ManageEngine
Manga
Log4j
Ransomware bad actor arrested in Romania
Volvo Snatched
AgentTesla
Cyber Attacks are a National Security Concern
Kronos Attack

Link to full report: IR-21-351-001_weekly351.pdf

log4j (6)