wizard spider (5)

10503132260?profile=RESIZE_400xActivity Summary - Week Ending on 20 May 2022:

  • Red Sky Alliance identified 33,648 connections from new IP’s checking in with our Sinkholes
  • InterServer Inc. has Issues
  • Analysts identified 1,553 new IP addresses participating in various Botnets
  • Sality remains our top Malware Variant
  • Apache LogJ4 and LogJ4 2 still an issue / CVE-2021-44228
  • Nerbian RAT
  • Blind Eagle APT
  • SEGs and ICES
  • Wizard Spider in Russia

Link to full report: IR-22-140-001_weekly140.pdf

10066089458?profile=RESIZE_400xConti ransomware was first discovered in December of 2019 and has become one of the most prominent ransomware platforms to date. The Conti Ransomware as a Service (RaaS) platform gained international attention in May of 2021 when it was used to shutdown Ireland’s Health Service Executive (HSE).  The group has shown no signs of slowing down with notable attacks reported in the United States, Australia, United Kingdom, Taiwan, and Indonesia in the past two and a half months.

The most recent attack

10029452898?profile=RESIZE_400xThe US Department of Justice (DOJ) authorities first became aware of Diavol ransomware in October 2021.  Diavol is allegedly associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan.  Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker.  While ransom demands have ranged from $10,000 to $500,000, Diavol actors have

9913748094?profile=RESIZE_400xThe operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure.  The advanced Trojan is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021.  Emotet is believed to have originated in the Ukraine is also known as Heodo which was first detected in 2014.  See:  https://redskyalliance.org/xindustry/this-may-be-the-end-of-emotet

Most of the victims d

9258016070?profile=RESIZE_400xActivity Summary - Week Ending 16 July 2021:

  • Who’s TBoy Ken?
  • Red Sky Alliance observed 12 unique email accounts compromised with Keyloggers
  • Analysts identified 56,261 connections from new unique IP Addresses
  • 2,346 new IP addresses were seen participating in various Botnets
  • Diavol & Wizard Spider
  • ChaChi, a new Golang RAT
  • Cyber Security in Australia
  • A Close look at COVID-21, huh?
  • Iranian Trains hit with Cyber-attack, Again
  • Internet Down in Cuba, Porque? 

Link to full Report:

IR-21-197-001_weekly