russia (23)

9872813280?profile=RESIZE_400xThe Five Eyes is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. These countries are parties to the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence.  What effects one of these partner countries will affect all of them.  China, Russia and Iran pose three of the biggest threats to the U.K. in a fast-changing, unstable world, the head of Britain’s foreign intelligence agency said 29 November 2021.  M

9857998096?profile=RESIZE_400xAre hackers better at using AI than defenders?  “There are three parts of any security strategy. You want to be able to detect, to prevent, and to respond,” says the Global Chief Technology Officer of Dell Technologies.  “It turns out that in the 'detect' area, we are well underway.  If you are using a security event information-management service or managed-security service provider, and they are not already using high degrees of advanced machine intelligence to detect threats, you already lost

9795700079?profile=RESIZE_400xActivity Summary - Week Ending on 12 November 2021:

  • Red Sky Alliance identified 27,845 connections from new IP’s checking in with our Sinkholes
  • Analysts identified 3,224 new IP addresses participating in various Botnets
  • Sality remains the top Malware Variant at 24,282 Observation
  • Chaos Ransomware
  • Fake Ecommerce and Black Friday
  • Robinhood Hit (Again)
  • CISA 22-01
  • Ukraine & Gamaredon SSU Arrests
  • Pakistan and Russia
  • Cyber Attack US Federal Indictments
  • FIN7 still Kicking Around



Link to full repo

9741603100?profile=RESIZE_400xActivity Summary - Week Ending on 27 October 2021:

  • Red Sky Alliance identified 36,141 connections from new IP’s checking in with our Sinkholes
  • Analysts identified 41,071 new IP addresses participating in various Botnets
  • Sality remains the top Malware Variant at 32074 times seen
  • Harvester Part II
  • Vulnerability on Confluence Server
  • EntroLink
  • Russia, Russia, Russia
  • Iranian Gas Stations
  • Walmart
  • COP = Climate Activism escalation
  • Climate and Animal Rights Activists join Forces to eliminate Meat


9738659095?profile=RESIZE_400xUkrainian authorities have detain a criminal gang who laundered funds for Russian hacking groups.  Ukraine’s national police detained suspects on 25 October 2021, for stealing funds from cryptocurrency wallets and laundering profits for cybercrime organizations.   

The arrests took place as part of a joint investigation with US authorities, the Ukrainian National Police (NPU) said in a press release.  An undisclosed number of suspects were detained following house searchers across the country.


9725351877?profile=RESIZE_400xIn 1963, Agent 007 is seen in the movie From Russian with Love battling a secret crime organization known as SPECTRE. Russians Rosa Klebb and Kronsteen are out to grab a decoding device known as the Lektor, using the beautiful Tatiana to lure James Bond into helping them.  Bond willingly travels to meet Tatiana in Istanbul, Turkey where he must rely on his wits to escape with his life in a series of deadly encounters with the enemy.

Sometime fiction is closer to life than we think.  James Bond a

9718723684?profile=RESIZE_400xThe White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations, not including Russia or China. This gathering aims to improve global network resilience, address illicit cryptocurrency use, and elevate both law enforcement collaboration and diplomatic efforts. 

In a pre-event press call on 12 October 2021, a senior administration official said, "In this first round of discussions, we did not invite the Russian

9602956887?profile=RESIZE_400xMalwarebytes Intelligence Team is reporting the MSHTML vulnerability classified as CVE-2021-40444 has become the focus of threat actors targeting Russian government entities.  Its researchers intercepted phishing email attachments revealing that attackers were trying to target Russian organizations.

The CVE-2021-40444 vulnerability involves ActiveX and is an old flaw, but it was discovered recently, and soon enough, threat actors started sharing its PoCs, tutorials, and exploits on hacking forum

9554622473?profile=RESIZE_400xOur friends at several cyber media outlets are reporting that the operators behind the REvil ransomware-as-a-service (RaaS) is back.  In a surprise return, REvil reappeared after a two-month break following the widely publicized attack on technology services provider Kaseya on 4 July 2021.  In fact, Red Sky Alliance analysts observed its return this past week.

Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have reappeared online, wit

9302081078?profile=RESIZE_400xActivity Summary - Week Ending 23 July 2021:

  • Red Sky Alliance identified 19,903 connections from new unique IP addresses
  • Top observed Attacker Server (C2): Alexey[.] & taleq[.]
  • Analysts identified 2,670 new IP addresses participating in various Botnets
  • DLL Side-Loading Technique
  • dmerchant
  • WildPressure
  • China keeps pulling Triggers
  • Russia Cyber-Attacks
  • Saudi Aramco Hit with Ransomware
  • Cell Phones and Spying
  • Norway blaming China for March cyber-attack
  • What will b

9280948300?profile=RESIZE_400xThe National Security Agency, the FBI and other agencies are tracking an ongoing Russian cyberespionage campaign in which attackers are using brute-force methods to access Microsoft Office 365 and other cloud-based services, according to an alert published Thursday.  The campaign, which started in 2019, has targeted "hundreds" of businesses, government agencies and organizations worldwide, mainly in the U.S. and Europe, the NSA reports. The victims include several U.S. Department of Defense unit

8941840492?profile=RESIZE_400xRecently a trusted cyber professional of Red Sky Alliance, with close to 40 years in the business said, “As cyber technology grew in the last thirty plus years, our international community sacrificed security for convenience.”  So true. 

Now we ask: if a Russian cyber-criminal group[1] or the North Korean military hacks[2] your company, places ransomware on your network because of corporate carelessness and then demands millions to unlock your valuable data - at that point - does it really matte

The FBI and the Cybersecurity and Infrastructure Security Agency are warning of continued cyber threats stemming from Russia's Foreign Intelligence Service, or SVR, which the Biden administration accused of carrying out the SolarWinds supply chain attack.

In a joint alert issued 26 April 2021, the agencies warn that despite economic and other sanctions against Russia announced by the White House on 15 April 2021, attackers associated with the SVR likely will continue to target government network

8872293089?profile=RESIZE_400xChina, Russia, North Korea, and Iran continue to pose significant cybersecurity threats to the US, because each is capable of launching disruptive attacks, according to a report published 13 April 2021 by the Office of the Director of National Intelligence.

Threats include disinformation campaigns that target elections and try to undermine democratic institutions as well as aggressive hacking campaigns, such as the SolarWinds supply chain attack, according to the report. In many cases, criminal

8837471697?profile=RESIZE_400xThe new cooperation agreement between Russia and Iran on cybersecurity and information technology is likely to create new hurdles for the United States and its allies in the Middle East. In January 2021, Russian Foreign Minister Sergey Lavrov and his Iranian counterpart Javad Zarif signed a cooperation agreement on cybersecurity and information and communications technology (ICT).

The agreement includes cybersecurity cooperation, technology transfer, combined training, and coordination at multil

8511885296?profile=RESIZE_400xA Russian-speaking "Scam-as-a-Service" (SaaS) operation called, "Classiscam" is expanding globally, with 40 interconnected gangs in about a dozen countries using fake product advertisements to launch phishing schemes, the security firm Group-IB reports.  This “SaaS” is adding to the long list of hacker services for anyone to buy with some spare Bitcoin.

The fraud actors are posting fake online classified advertisements for products to trick interested buyers into visiting phishing pages, where t

8321594296?profile=RESIZE_400xThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework.  See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020.  This APT actor has demonstrated

8083672063?profile=RESIZE_400xAlmost five years ago, the Russian hackers known as Sandworm hit western Ukraine with the first-ever cyberattack to cause a blackout.  A never-before-seen act of cyber warfare that turned out the lights for over 250,000 Ukrainians.  Since then, Sandworm has perpetrated countless destructive attacks; another blackout on the Ukrainian capital of Kyiv, the release of the NotPetya worm in 2017 that spread globally and eventually caused $10 billion in damage, and an attack that temporarily crippled t

8011615880?profile=RESIZE_400xOur friends from the US Department of Homeland Security have provided an open source Threat Assessment for October 2020 - which is Cyber Security Awareness Month.  The following is the Cyber Threat Assessment Section. 

Cyber threats to the Homeland from both nation-states and non-state actors will remain acute. U.S. critical infrastructure faces advanced threats of disruptive or destructive cyber-attacks. Federal, state, local, tribal and territorial governments, as well as the private sector, w

7969571052?profile=RESIZE_400xA new cybercriminal group called OldGremlin has been targeting Russian companies including banks, industrial enterprises and medical firms with ransomware attacks.

Researchers have said that OldGremlin’s first activities began between late March and early April 2020.  The group took advantage of the COVID-19 pandemic in early lures (a common theme for ransomware strains during this time period, sending financial institutions purported recommendations on how to organize a safe working environment