Masked demonstrators in Hong Kong; the sign says “Carrie Lam is not my mother”
Hong Kong protests in June 2019 brought as many as two million demonstrators onto the streets to fight a planned extradition law that would allow mainland China’s government to pull dissenters from Hong Kong for charging in Beijing. These mass demonstrations were largely coordinated through Telegram, an app that provides end-to-end encryption and the ability to manage communications for very large groups.
On 12 June
Figure 1. AS-12/AS-31 Losharik tentative schema.
On 1 July 2019, fourteen Russian sailors died in a fire during the testing of a secret Russian military submarine. The type of vessel is believed to be an AS-12/AS-31 “Losharik” deep-diving nuclear sub. While the Russian government insists, they were just surveying the ocean floor for science, the high military ranks of the participating sailors show that the spy capabilities to include taping and severing undersea communication cables are the p
In July 2019, Wapack Labs identified a large email campaign using malicious word documents to deliver a variety of malware. The emails are presumed related by way of similar social engineering, the same URL shortening tactic and shared office exploit for CVE-2018-11882. In several cases, the emails were sent from legitimate organizations indicating a prior infection was leveraged as a launching point to attack additional entities.
This report provides details on the maliciou
The Hong Kong government’s attempt to enact an extradition agreement with mainland China sparked mass demonstrations in Hong Kong in June 2019. Protesters took to the streets in record numbers, with as many as two million protesters reported at the peak of the demonstrations. By 23 June, Hong Kong’s Chief Executive had suspended action on the extradition bill.
The mainland Chinese government’s reaction to these events has been surprisingly weak. Throughout the month of June, China’s Foreign M
https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/
Our UK partners have share an important report on Ryuk Malware.
Ryuk was first seen in August 2018 and has been responsible for multiple attacks globally. Ryuk is a targeted ransomware where demands are set according to the victim’s perceived ability to pay.
The Ryuk ransomware is often not observed until a period of time after the initial infection – ranging from days to months – which allows the actor time to carry out re
Many liberal leaning foundations in the US overtly support political causes in the name of “philanthropy,” and spend tens of millions of dollars each year pushing an environmentalist agenda; often with the goal of carbon credit taxation. One of these “green” mega-funders stands out and pushes millions in funds from the relative obscurity of its headquarters in Switzerland; far from prying eyes (like the US IRS disclosure rules).
The Oak Foundation’s mission statement reads: “[the] Oak Foundat
Vulnerability in Mozilla Firefox Could Allow for Arbitrary Code Execution[1]
A vulnerability has been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), which could allow for arbitrary code execution.[2] Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of this vulnerability could allow for arbitrary code execution through an explo
SUMMARY
Russian President Vladimir Putin and Chinese President Xi Jinping have met twice already in 2019 for summits on economic cooperation. A series of agreements has been concluded at these meetings, mostly focused on Russian cooperation on China’s Belt and Road infrastructure construction. Putin had initially been hesitant to join in these projects, probably because he saw them as China extending its influence into Central Asia, traditionally under Russian influence. Now Putin is speaking
Apple IDs are a popular target for hackers because they can enable theft of financial data and other personally identifiable information (PII). These are often obtained through phishing campaigns intended to trick users into entering their personal data. In June 2019, Wapack Labs identified one such campaign that is leveraging a large infrastructure and a phishing kit dubbed ‘Allantibots’. Allantibots is a sophisticated phishing package and is characterized by its ability to spoof the Apple URL.
Our friends at the US Federal Bureau of Investigation, Office of Private Sector, has recently provided information to private sector partners regarding criminals posing as technology support representatives to obtain personal and financial information.
The culprits gain the trust from victims by impersonating a representative from a legitimate or an illegitimate technology company. They mislead the victims by offering computer services to resolve a range of computer security and operations issu
The Cyberspace Administration of China (CAC) issued a new draft cybersecurity regulation on 21 May 2019. This draft is a planned extension of the Cybersecurity Law issued in 2017 that placed greater restrictions on foreign firms operating in China. The new regulation creates the requirement for review of imported network equipment to determine if such equipment represents a risk to national security. The vagueness of the language indicates that the new law could be used to block the import of
Huawei CEO, Ren Zhengfei
On 15 May 2019, US President Trump declared a national emergency over the dangers of importing technology from adversary countries, a move universally understood to be targeted at the Chinese corporation Huawei Technologies. The “ban” on Huawei is being enacted by the US Department of Commerce, charged by the White House with deciding on the mechanisms of blocking Huawei’s connections to the US. The ban hurts Huawei in two ways: by closing the US market to Huawei equipm
Mirai is a self-propagating malware that infects networked devices and turns them into remotely controlled bots. Targets include devices in the Internet of Things (IoT) such as IP cameras and home routers and access is achieved with either software exploits or via authentication with factory default credentials. Mirai is frequently updated to include new exploits making it difficult to mitigate.
This report provides cluster trending on infrastructure over the past several weeks from this repor
On 7-9 May 2019, Wapack Labs detected an increase in malicious emails with the spoofed sender field accounts@hhhmarine.com.sg. Hackers deliver malicious attachments under the pretense of an incoming SWIFT transfer (Figure 1).
Figure 1. Email text spoofing HHH Marine Services on 8 May 2019.
The attackers use the popular malware Lokibot. Wapack Labs detected communications of these samples to known and new Lokibot C2s:
On 1 May 2019, Russian President Vladimir Putin signed “Internet sovereignty” bill. New requirements to use ISPs to track traffic origin will likely force traffic decryption and support of internal censorship efforts. In the future, Russia will develop its own DNS system to conduct special Internet controls. Currently, LinkedIn is banned in Russia. Russian national payment system, Mir, was developed after several Russian banks were denied services by US-based Visa and MasterCard. Future st
Research Overview
Background: The detonation of a nuclear weapon at high altitude or in space (~30 km or more above the earth’s surface) can generate an intense electromagnetic pulse (EMP) referred to as a high-altitude EMP or HEMP. HEMP can propagate to the earth and impact various ground-based technological systems such as the electric power grid. Depending on the height of the explosion above the earth’s surface and the yield of the weapon, the resulting HEMP can be characterized by three haz
The People’s Republic of China has claimed the whole of the South China Sea as its sovereign territory ever since coming to power in 1949. However, several other countries have historical claims over some of the islands, and the Law of the Sea Treaty gives several of these countries rights to economic zones that overlap with Chinese claims. This has led to conflict between China and the United States, which supports the claims of its allies to parts of the South China Sea under international l
In April 2019, Krebs reported that Wipro, an Indian IT outsourcing company, was the victim a successful cyber attack by suspected state-sponsored actors. The actors leveraged ScreenConnect, a remote administration tool, to gain access to various Wipro systems which were then used as launching points for additional attacks against Wipro’s customers. The follow-on attacks consisted of a phishing campaign capturing data as part of gift card fraud operation.
Additional open sources reported this at
