X-Industry

Several days ago, our friends at FortiGuard Labs shared a valuable check list considering the current Ukrainian crisis.  We would like to share with our readers and thank Fortinet.   With Russian military operations currently underway in Ukraine, the question of whether cyber warfare will also be employed remains unanswered.  While researchers have seen cases of destructive cyber actions focused on Ukraine, at this point specific attribution is not possible. 

As a result of these actions, there

The Russian military continues to be active in Ukraine; movements that started on 23 February.  Of interest, the cyber conflict is mirroring the military conflict with Russian government websites going dark to some parts of the world after being targeted with a flood of web traffic via a distributed denial-of-service (DDoS) attack attempting to knock them offline.  It is unclear who directed the attack or if it was successful in disrupting the sites.  However, cybersecurity researchers say the R

There is an English ballad which was first published in the 1640’s titled, The World Turned Upside Down.  Many believe the current international geo-political atmosphere meets this time aged ballad.  The US has publicly accused Russia of being responsible for last week’s cyber-attacks targeting Ukraine’s defense ministry and major banks.  Now some experts believe Russia could escalate malicious cyber activity and conduct sophisticated cyber-attacks on the West too.  If this occurs, the attacks w

The European Central Bank is preparing banks for a possible Russian-sponsored cyber-attack as tensions with Ukraine mount as the region braces for the financial fallout of any conflict.  The stand-off between Russia and Ukraine has rattled Europe's political and business leaders, who fear an invasion that would inflict damage on the entire region. 

Earlier this week, French President flew to Moscow, then to Kyiv Ukraine in a bid to act as a mediator after Russia massed troops near Ukraine.[1]  N

Activity Summary - Week Ending on 28 January 2022:

• Red Sky Alliance identified 21,120 connections from new IP’s checking in with our Sinkholes
• Intern LLC in Moscow hit
• Analysts identified 5,665 new IP addresses participating in various Botnets
• AvosLocker Ransomware
• Wormable Windows Vulnerability
• Nmap
• Belarus Trains hit
• Canada mad at Russia
• QR Code Confusion
• 22% Gone Phishing
• Vessel Impersonation

Link to full report: IR-22-028-001_weekly028.pdf

The U.S. Department of Homeland Security is reportedly warning that the U.S. could witness a retaliatory cyberattack at the hands of Russia if it decides to respond to the latter's potential invasion of Ukraine, where 100,000 or more troops have been amassed for weeks.  According to a DHS Intelligence and Analysis bulletin dated 23 January 2022 and sent to law enforcement agencies around the country, officials believe that if the U.S. responds to rising tensions at Ukraine's eastern border, the

The US Federal Energy Regulatory Commission (FERC) announced on 20 January 2022, to strengthen its Critical Infrastructure Protection (CIP) Reliability Standards by requiring internal network security monitoring (INSM) for high and medium impact bulk electric system cyber systems.

The Notice of Proposed Rulemaking (NOPR) proposes to direct the North American Electric Reliability Corporation to develop and submit new or modified Reliability Standards to address a gap in the current standards.[1]

The US and the UK have ‘quietly’ sent cyber warfare experts to Ukraine to help sabotage any cyber warfare threats like that in the 2015 Ukraine power grid hack when Russian hackers remotely took over a power company’s control center.  It was the first publicly international acknowledged attack using digital weaponry that attacked the Ukrainian power grid, causing power outages across the country.  In the hopes of protecting the Ukraine, as the US and allies speculate the next move of Russia, bot

The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure.  The advanced Trojan is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021.  Emotet is believed to have originated in the Ukraine is also known as Heodo which was first detected in 2014.  See:  https://redskyalliance.org/xindustry/this-may-be-the-end-of-emotet

Most of the victims d

The Five Eyes is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. These countries are parties to the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence.  What effects one of these partner countries will affect all of them.  China, Russia and Iran pose three of the biggest threats to the U.K. in a fast-changing, unstable world, the head of Britain’s foreign intelligence agency said 29 November 2021.  M

Are hackers better at using AI than defenders?  “There are three parts of any security strategy. You want to be able to detect, to prevent, and to respond,” says the Global Chief Technology Officer of Dell Technologies.  “It turns out that in the 'detect' area, we are well underway.  If you are using a security event information-management service or managed-security service provider, and they are not already using high degrees of advanced machine intelligence to detect threats, you already lost

Activity Summary - Week Ending on 12 November 2021:

• Red Sky Alliance identified 27,845 connections from new IP’s checking in with our Sinkholes
• Analysts identified 3,224 new IP addresses participating in various Botnets
• Sality remains the top Malware Variant at 24,282 Observation
• Chaos Ransomware
• Fake Ecommerce and Black Friday
• Robinhood Hit (Again)
• CISA 22-01
• Ukraine & Gamaredon SSU Arrests
• Pakistan and Russia
• Cyber Attack US Federal Indictments
• FIN7 still Kicking Around

Link to full repo

Activity Summary - Week Ending on 27 October 2021:

• Red Sky Alliance identified 36,141 connections from new IP’s checking in with our Sinkholes
• Analysts identified 41,071 new IP addresses participating in various Botnets
• Sality remains the top Malware Variant at 32074 times seen
• Harvester Part II
• Vulnerability on Confluence Server
• EntroLink
• Russia, Russia, Russia
• Iranian Gas Stations
• Walmart
• COP = Climate Activism escalation
• Climate and Animal Rights Activists join Forces to eliminate Meat

Link

Ukrainian authorities have detain a criminal gang who laundered funds for Russian hacking groups.  Ukraine’s national police detained suspects on 25 October 2021, for stealing funds from cryptocurrency wallets and laundering profits for cybercrime organizations.   

The arrests took place as part of a joint investigation with US authorities, the Ukrainian National Police (NPU) said in a press release.  An undisclosed number of suspects were detained following house searchers across the country.

A

In 1963, Agent 007 is seen in the movie From Russian with Love battling a secret crime organization known as SPECTRE. Russians Rosa Klebb and Kronsteen are out to grab a decoding device known as the Lektor, using the beautiful Tatiana to lure James Bond into helping them.  Bond willingly travels to meet Tatiana in Istanbul, Turkey where he must rely on his wits to escape with his life in a series of deadly encounters with the enemy.

Sometime fiction is closer to life than we think.  James Bond a

The White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations, not including Russia or China. This gathering aims to improve global network resilience, address illicit cryptocurrency use, and elevate both law enforcement collaboration and diplomatic efforts. 

In a pre-event press call on 12 October 2021, a senior administration official said, "In this first round of discussions, we did not invite the Russian

Malwarebytes Intelligence Team is reporting the MSHTML vulnerability classified as CVE-2021-40444 has become the focus of threat actors targeting Russian government entities.  Its researchers intercepted phishing email attachments revealing that attackers were trying to target Russian organizations.

The CVE-2021-40444 vulnerability involves ActiveX and is an old flaw, but it was discovered recently, and soon enough, threat actors started sharing its PoCs, tutorials, and exploits on hacking forum

Our friends at several cyber media outlets are reporting that the operators behind the REvil ransomware-as-a-service (RaaS) is back.  In a surprise return, REvil reappeared after a two-month break following the widely publicized attack on technology services provider Kaseya on 4 July 2021.  In fact, Red Sky Alliance analysts observed its return this past week.

Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have reappeared online, wit

Activity Summary - Week Ending 23 July 2021:

• Red Sky Alliance identified 19,903 connections from new unique IP addresses
• Top observed Attacker Server (C2): Alexey[.]rybalov@yandex.ru & taleq[.]simeon888@mail.com
• Analysts identified 2,670 new IP addresses participating in various Botnets
• DLL Side-Loading Technique
• dmerchant
• WildPressure
• China keeps pulling Triggers
• Russia Cyber-Attacks
• Saudi Aramco Hit with Ransomware
• Cell Phones and Spying
• Norway blaming China for March cyber-attack
• What will b

The National Security Agency, the FBI and other agencies are tracking an ongoing Russian cyberespionage campaign in which attackers are using brute-force methods to access Microsoft Office 365 and other cloud-based services, according to an alert published Thursday.  The campaign, which started in 2019, has targeted "hundreds" of businesses, government agencies and organizations worldwide, mainly in the U.S. and Europe, the NSA reports. The victims include several U.S. Department of Defense unit