Emotet is a banking malware that emerged in 2014 and has since become a popular malware-as-a-service (MAAS) and a dropper for other types malware. In late September 2019, Emotet returned from a four-month hiatus and was observed in a rash of malicious spam campaigns.[1] The most common delivery mechanism consists of office documents distributed via email.
TIR-19-309-001.pdf This report examines the Emotet infrastructure and botnet observed in recent weeks. Indicators are available in a companio
From our Asia Desk - China has just opened a new airport near Beijing equipped with facial-recognition systems that let a passenger check in, clear security, and board an aircraft using only their face for identification. The 5G backbone for this airport system has been built by Huawei Technologies, while the facial-recognition software has been developed by the Chinese companies SenseTime and Yitu Technologies.
This airport technology is a significant benchmark in the Chinese development of ar
TikTok is a popular social media app for sharing short user-created video clips. TikTok is a youth-oriented app that is used primarily by those in the 16-24 age demographic. TikTok is hugely popular with about 500 million monthly users worldwide and more than 26 million users in the United States.
The problem is that TikTok is a Chinese social media app, developed in China by a young engineer named Zhang Yiming and the AI development company, ByteDance, that he founded. TikTok is the internat
Figure 1. Internet blackout area during Moscow opposition protests
Governments, especially authoritarian ones, consider cutting the Internet as one of the ways to deal with political opposition and separatists. Major Internet disruptions were recently detected in India (Kashmir), Indonesia (Papua), Sudan, and, on a smaller scale, in Russia. Severing or completely stopping the Internet becomes more popular, as more rude methods (DDoS, BGP hijacking, or fake certificates) get a stronger push back
SUMMARY
Recent Western analysis has identified a new series of military unit cover designators for the new Chinese military entity called the Strategic Support Force (SSF). Elements of the SSF have reportedly been assigned cover designators in the series 32001-32099 Unit. Because the SSF is the parent organization for China’s new cyber force, the Network Systems Department, Wapack Labs has conducted open-source searches for these designators to better define the units’ existence, missions, and
SUMMARY
Recent Western analysis identified a series of Chinese military cover designators, 32001-32099, as belonging to the People’s Liberation Army (PLA) Strategic Support Force (SSF). Using open-source research targeted on the Chinese internet, Wapack Labs has developed some candidates in this series as components of the Network Systems Department, the new organization for military cyber operations under the SSF. One probable cyber unit found, using the cover designator PLA 32050 Unit, was id
Russian Federal Security Service (FSB) contractor SyTech lost documents in a cyber breach. One of the exposed secret Russian projects, dubbed Knockout, is targeting Western media in the US, Great Britain, Germany, France, and other countries. Knockout maps mass media IT infrastructure, extracts media metadata and collects their vulnerabilities.
Figure 1. SyTech logo from the leaked Knockout presentation
Details
SyTech/FSB breach materials were exposed in July 2019 and were widely discussed in c
In August 2019, Wapack Labs observed a significant uptick in malicious emails delivering a malware identified as Cryxos. The observed malware is currently being delivered to users in Brazil, however thousands of related specimens were observed on Virus Total indicating a widespread campaign affecting multiple countries. This report provides technical details on the first stage and second stage components of this malware campaign as well as the associated infrastructure, and malware attribution
SUMMARY
The recent leakage of millions of resumes from Chinese job sites has provided the opportunity to research, among other things, the work histories and expertise of thousands of Huawei Technologies employees. Christopher Balding of Fulbright University Vietnam has conducted such a search to determine if Huawei has links to the People’s Liberation Army (PLA) or the Ministry of State Security (MSS). He recently published his conclusion that, “there is an undeniable relationship between Hua
The Department of Homeland Security released a National Terrorism Advisory System
Bulletin on 18 July 2019.
It updates The National Terrorism Advisory System, or NTAS, a tool designed to communicate information about terrorist threats by providing timely, detailed information to the public. There are now three primary notifications: Bulletins, Elevated Alerts and Imminent Alerts. NTAS “Bulletins” provide information describing broader or more general trends and current developments regarding t
TA505 is a prolific Russian threat actor known for attacks against multiple industries with a variety of malware since 2014. In July 2019, Wapack Labs analyzed the intrusion infrastructure associated with TA505’s attacks. The network is comprised of multiple IPs and domains, many of which were spoofed to appear like domains belonging financial institutions. Also hosted were two domains for Royal Dumps, a known carder site. More recently there has been reported upticks in TA505 attacks with targe
DNATools Inc. application dnaLIMS is a “state-of-the art web-based laboratory information management system used to track and manage (scientific DNA research)”. It is commonly used by researchers in labs and universities around the world. In 2017, multiple vulnerabilities were discovered in this software. After the vendor was notified, their response indicates these vulnerabilities will not be fixed. It has been confirmed that these vulnerabilities still exist in the software and attack
Prepared by: Nicholas Dessanti, UNH Cyber Student Intern
Password security has been a major topic of discussion for all computer and web site users. Today, hackers are exploiting vulnerabilities within user passwords in many ways. Brute force attacks are the most common way hackers use to find passwords. Another common method is called a dictionary attack. Both brute force and dictionary attacks systematically check all possible passwords until the correct one is found. Hashing algorithms a
Masked demonstrators in Hong Kong; the sign says “Carrie Lam is not my mother”
Hong Kong protests in June 2019 brought as many as two million demonstrators onto the streets to fight a planned extradition law that would allow mainland China’s government to pull dissenters from Hong Kong for charging in Beijing. These mass demonstrations were largely coordinated through Telegram, an app that provides end-to-end encryption and the ability to manage communications for very large groups.
On 12 June
Figure 1. AS-12/AS-31 Losharik tentative schema.
On 1 July 2019, fourteen Russian sailors died in a fire during the testing of a secret Russian military submarine. The type of vessel is believed to be an AS-12/AS-31 “Losharik” deep-diving nuclear sub. While the Russian government insists, they were just surveying the ocean floor for science, the high military ranks of the participating sailors show that the spy capabilities to include taping and severing undersea communication cables are the p
In July 2019, Wapack Labs identified a large email campaign using malicious word documents to deliver a variety of malware. The emails are presumed related by way of similar social engineering, the same URL shortening tactic and shared office exploit for CVE-2018-11882. In several cases, the emails were sent from legitimate organizations indicating a prior infection was leveraged as a launching point to attack additional entities.
This report provides details on the maliciou
The Hong Kong government’s attempt to enact an extradition agreement with mainland China sparked mass demonstrations in Hong Kong in June 2019. Protesters took to the streets in record numbers, with as many as two million protesters reported at the peak of the demonstrations. By 23 June, Hong Kong’s Chief Executive had suspended action on the extradition bill.
The mainland Chinese government’s reaction to these events has been surprisingly weak. Throughout the month of June, China’s Foreign M
https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/
Our UK partners have share an important report on Ryuk Malware.
Ryuk was first seen in August 2018 and has been responsible for multiple attacks globally. Ryuk is a targeted ransomware where demands are set according to the victim’s perceived ability to pay.
The Ryuk ransomware is often not observed until a period of time after the initial infection – ranging from days to months – which allows the actor time to carry out re
Many liberal leaning foundations in the US overtly support political causes in the name of “philanthropy,” and spend tens of millions of dollars each year pushing an environmentalist agenda; often with the goal of carbon credit taxation. One of these “green” mega-funders stands out and pushes millions in funds from the relative obscurity of its headquarters in Switzerland; far from prying eyes (like the US IRS disclosure rules).
The Oak Foundation’s mission statement reads: “[the] Oak Foundat
