X-Industry

A previously unknown government-backed hacking group is targeting organizations in the manufacturing, IT, and biomedical sectors across Taiwan, Vietnam, the US and an unnamed Pacific island, according to new research from Symantec.

Researchers are tracking the group under the name “Grayling” and said in a report released earlier this week that it is using custom-made malware as well as publicly available tools to attack its targets.  The attacks, which began in February and continued through May

A newly identified espionage operation run by hackers linked to China’s government has targeted dozens of organizations in Taiwan since the middle of 2021.  Microsoft on Thursday attributed the campaign to a previously unidentified group it named Flax Typhoon.  The goal of the campaign is to not only perform espionage on targeted Taiwanese entities but “maintain access to organizations across a broad range of industries for as long as possible,” the tech giant said.

The group is mainly targeting

A suspected cyber-attack on 7-Eleven stores, pervasive in large towns and at rail stations across Denmark, is reporting that “we cannot use cash registers and/or receive payments.”  This the company wrote on its Facebook page.  “We are therefore closed until we know the extent [of the attack].  We hope to be able to open stores again soon,” it wrote.

There are 176 7-Eleven stores in Denmark.  The company’s CEO told a Danish broadcaster that cash registers “suddenly” began to malfunction in store

Conti ransomware was first discovered in December of 2019 and has become one of the most prominent ransomware platforms to date. The Conti Ransomware as a Service (RaaS) platform gained international attention in May of 2021 when it was used to shutdown Ireland’s Health Service Executive (HSE).  The group has shown no signs of slowing down with notable attacks reported in the United States, Australia, United Kingdom, Taiwan, and Indonesia in the past two and a half months.

The most recent attack

Activity Summary - Week Ending 7 May 2021:

• Taleq Simeon needs a new Email Address
• Red Sky Alliance identified 15,654 connections from new unique IP Addresses
• Analysts identified 1,209 new IP addresses participating in various Botnets
• Researchers observed 20 unique email accounts compromised with Keyloggers
• FormBook Variant – Part III
• Google Play Store
• Oil and Gas getting SMART
• Oil and Gas on the Rise, Finally
• Cyber-Attack on Oil and Gas to ‘continue’ Rise
• Angola’s National Oil, Gas and Biofuel’

There is a vigorous debate among geopolitical and military scholars if, and when China will invade Taiwan.  At the beginning of the Corona Virus pandemic, many believed that the timing could be ripe for China to militarily invade the island nation of Taiwan.  This a long sought-after prize to “reunite China.”

Link to full Report: TR-20-134-001_China Taiwan hotwarFINAL.pdf

Red Sky Alliance performs weekly queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this weekly list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated