X-Industry

Activity Summary - Week Ending 5 June 2020:

• Red Sky Alliance observed 15 unique email accounts compromised with Keyloggers
• Analysts identified 4,332 new IP addresses participating in various Botnets
• Red Sky Alliance collections identified 62,899 connections from new unique IP addresses
• Zload Variant at it Again
• SaltStack
• Octopus Scanner and the vulnerable Supply Chain
• Anonymous – “They’re Back”
• Floating Storage has soared to a New High
• OPEC Oil Output hits the lowest levels in 20 Years
• Rosneft

By Mac McKee – Red Sky Alliance (photo by protonmail)

There is a common misconception among small and midsize businesses (SMBs) that hackers target only large organizations.  Unfortunately, this belief is completely inaccurate.  According to the most recent Verizon Data Breach Investigations Report, more than 70 percent of cyberattacks target small businesses.  Additionally, many attacks are now shifting to target managed service providers (MSPs), specifically because breaching an MSP can give h

Activity Summary - Week Ending 29 May 2020:

• Red Sky Alliance identified 28,772 connections from new unique IP Addresses
• Korean pop singer Kim Hyun-jung being spoofed and it Keylogged
• Analysts identified 6,449 new IP addresses participating in various Botnets
• Anonymous Mexico seen in the Top 5 Threat Actors
• Vendetta Group working in Europe
• Hackers still using the COVID-19 pandemic to spread Malware
• Oil and Gas making a skittish ‘Come Back’
• Russia directly helping the Libyan National Army, Turkey

When my grandfather wanted to make a point, he would make it into a story to hold my attention.  Here is a tale for you.   Imagine that you recently acquired a nice inheritance from your favorite Aunt Nellie.  A great home out in the country is brought to your attention and up for sale, so you decide to buy it.  Ah, life is good.  As you start getting comfortable in your new house, you decide to bring your priceless art collection, that Aunt Nellie willed to you, to show off your collection of w

Activity Summary - Week Ending 22 May 2020:

• Red Sky Alliance observed 68 unique email accounts compromised with Keyloggers
• Analysts identified 53,148 connections from new unique IP addresses
• MinaOTP and Lazarus
• EVILNUM
• OPEC+ Cuts appear to be Working
• Angola’s Oil Production comes to a Halt
• More Nord Stream 2 legal action in Europe
• Oil Prices continue an Up-hill, See-Saw Climb
• Iran sending Crude Oil to Venezuela, both defying Sanctions
• The Oil Rich South China Sea still in Dispute
• Greta wins a W

Activity Summary - Week Ending 15 May 2020:

• Red Sky Alliance identified 74,978 connections from new unique IP addresses
• Analysts identified 7,927 new IP addresses participating in various Botnets
• Stay away from: ohlordiwantyoutohelpme@gmail.com
• LeetHozer Botnet
• Aggah and new multiple RATs
• Beware of: ThunderSpy
• Olso’s Aker Solutions on a RedXray dashboard - 5876 Breach Data hits for Aker Solutions
• Interactive Brokers didn’t recognize negative Numbers
• Neptune and Egypt OBN
• Qatar Petroleum buying

There is a vigorous debate among geopolitical and military scholars if, and when China will invade Taiwan.  At the beginning of the Corona Virus pandemic, many believed that the timing could be ripe for China to militarily invade the island nation of Taiwan.  This a long sought-after prize to “reunite China.”

Link to full Report: TR-20-134-001_China Taiwan hotwarFINAL.pdf

A US federal executive order was issued on 1 May 2020 which proposes to “monitor and replace” any US power grid equipment made by its foreign adversaries.  Security professional said it would mainly affect Chinese-made products like electrical transformers.  The US Department of Energy (DOE) stated under the current US procurement rules, contracts are awarded to the lowest bidder when it comes to bulk power system procurement.  That creates a "vulnerability that can be exploited by those with ma

From our friends at Be Cyber Aware at Sea: COVID-19 continues to dominate the headlines, changing lives worldwide and having a widespread impact upon the maritime and offshore industry, both in terms of the virus and the economic landscape thereafter. We hope that you are all staying safe and well amid the pandemic, wherever you are. This month we have a mix of news: on the one hand there was another confirmed cyber attack, this time on the MSC, a reminder that online threats are ever present. Ho

Red Sky Alliance performs weekly queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this weekly list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated

Activity Summary - Week Ending 8 May 2020:

• Red Sky Alliance identified 6,214 new IP addresses participating in various Botnets
• Analysts identified 60,201 connections from new unique IP addresses
• Thailand’s Tongue Fun Fruits, still Keylogged
• The Nazar Exploit
• Gamaredon COVID-19 lures
• ProLock Ransomware
• Oil prices, “Going up?”
• Delek Group selling assets
• Iraq, Russia, China, and Oil
• The Permian Basin is split on Oil cuts
• APT32 concerned about COVID-19, eyeballing China
• Emma Thompson and XR

Link t

A British media outlet, The Saturday Telegraph, recently obtained a 15-page research document by the Five Eyes (5E) Intelligence consortium; made up of the UK, US, Canada, New Zealand, and Australia.  The report outlines an intelligence perspective on the negligence of China with the COVID-19 pandemic.  The report demonstrates the “endangerment of other countries” as the Chinese government covered-up news of the virus by silencing or “disappearing” medical doctors who spoke out, its destroying o

Several private cyber security research firms, along with the US Department of Justice, Federal Bureau of Investigation (FBI) are sharing an important warning report on a new ransomware campaign.  As of March 2020, authorities received notification that the ransomware variant ProLock had infected multiple organizations in the US to include healthcare organizations, government entities, financial institutions, and retail organizations.  ProLock was previously released as ‘PwndLock ransomware’ in

We have all been told not to take candy from strangers. The FBI is warning not to take USB's from them either. The FBI has recently warned a new campaign is targeting businesses from the infamous Fin7, or Carbanak Group. Also known as the Navigator Group, the cybercriminals have been tied to more than $1 billion in fraud. The group has a history of infecting point-of-sale devices with malware and using them to steal payment card information.

Researchers at Trustwave SpiderLabs disclosed an attac

Red Sky Alliance performs weekly queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this weekly list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated

Red Sky Alliance has written extensively about China regarding their many aspects of the Belt and Road Initiative; most recently about its creation of their “new” Internet.[1]  The US think-tank Brookins Institute has provided an excellent report on China’s electric grid, which has direct connection and implications to their “new” Internet capabilities.  See below for their Executive Summary and link to full report.        

Brookins Institute Executive Summary[2]:

The importance of China’s elec

- Red Sky Alliance identified 73,420 connections from new unique IP addresses
- Analysts identified 4,896 new IP addresses participating in various Botnets
- Hoe Hin & Sons, a Malaysian Yamaha Distributorship Keylogged
- Rx and BioChem Companies being Targeted, Hmmmmm…..Anyone Wonder Why?
- APT41 (Winnti) Attack with New Variant
- PoetRAT: Python RAT
- Oil Supply Chain
- Oil rich Libya still in Flux
- Russia planning to cut Oil exports from its Baltic and Black Sea ports
- PEMEX in the middle of Oil Deb

Consolidation of maritime container carriers is showing profit, as seen in the capacity to calm freight rates during this extraordinary economic punch due to the world-wide Corona Virus pandemic.  This is “fundamentally different” from past shipping calamities when decimated demand always led to a collapse in prices for container shipment, as recently reported by Sea-Intelligence.[1]  “The consolidation of the past 20 years seems to finally pay off, in having created the possibility to mitigate

The Zeus Sphinx banking trojan is back after being off the scene for nearly three years. According to cyber researchers at IBM X-Force, Sphinx (a.k.a. Zloader or Terdot) began resurfacing in December 2019. However, the researchers observed a significant increase in victims in March 2020, as Sphinx's operators looked to take advantage of the interest and news of the government relief payments for businesses and individuals. 

First seen in August 2015, Sphinx is a modular malware based on the leak

US Tax Day has come and gone.  Due to the COVID-19 pandemic, the US has delayed the filing deadline to July 15^th.  That is great news for many, AND additionally many taxpayers will be eligible for the US New Economic Stimulus program.  The Internal Revenue Service (IRS) is now issuing warnings to alert the US public about a flood in Corona Virus-related scams over email, phone calls, or social media requesting personal identifying information (pii) while using the pandemic economic impact paymen