X-Industry

Activity Summary - Week Ending 8 May 2020:

• Red Sky Alliance identified 6,214 new IP addresses participating in various Botnets
• Analysts identified 60,201 connections from new unique IP addresses
• Thailand’s Tongue Fun Fruits, still Keylogged
• The Nazar Exploit
• Gamaredon COVID-19 lures
• ProLock Ransomware
• Oil prices, “Going up?”
• Delek Group selling assets
• Iraq, Russia, China, and Oil
• The Permian Basin is split on Oil cuts
• APT32 concerned about COVID-19, eyeballing China
• Emma Thompson and XR

Link t

A British media outlet, The Saturday Telegraph, recently obtained a 15-page research document by the Five Eyes (5E) Intelligence consortium; made up of the UK, US, Canada, New Zealand, and Australia.  The report outlines an intelligence perspective on the negligence of China with the COVID-19 pandemic.  The report demonstrates the “endangerment of other countries” as the Chinese government covered-up news of the virus by silencing or “disappearing” medical doctors who spoke out, its destroying o

Several private cyber security research firms, along with the US Department of Justice, Federal Bureau of Investigation (FBI) are sharing an important warning report on a new ransomware campaign.  As of March 2020, authorities received notification that the ransomware variant ProLock had infected multiple organizations in the US to include healthcare organizations, government entities, financial institutions, and retail organizations.  ProLock was previously released as ‘PwndLock ransomware’ in

We have all been told not to take candy from strangers. The FBI is warning not to take USB's from them either. The FBI has recently warned a new campaign is targeting businesses from the infamous Fin7, or Carbanak Group. Also known as the Navigator Group, the cybercriminals have been tied to more than $1 billion in fraud. The group has a history of infecting point-of-sale devices with malware and using them to steal payment card information.

Researchers at Trustwave SpiderLabs disclosed an attac

Red Sky Alliance performs weekly queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this weekly list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated

Red Sky Alliance has written extensively about China regarding their many aspects of the Belt and Road Initiative; most recently about its creation of their “new” Internet.[1]  The US think-tank Brookins Institute has provided an excellent report on China’s electric grid, which has direct connection and implications to their “new” Internet capabilities.  See below for their Executive Summary and link to full report.        

Brookins Institute Executive Summary[2]:

The importance of China’s elec

- Red Sky Alliance identified 73,420 connections from new unique IP addresses
- Analysts identified 4,896 new IP addresses participating in various Botnets
- Hoe Hin & Sons, a Malaysian Yamaha Distributorship Keylogged
- Rx and BioChem Companies being Targeted, Hmmmmm…..Anyone Wonder Why?
- APT41 (Winnti) Attack with New Variant
- PoetRAT: Python RAT
- Oil Supply Chain
- Oil rich Libya still in Flux
- Russia planning to cut Oil exports from its Baltic and Black Sea ports
- PEMEX in the middle of Oil Deb

Consolidation of maritime container carriers is showing profit, as seen in the capacity to calm freight rates during this extraordinary economic punch due to the world-wide Corona Virus pandemic.  This is “fundamentally different” from past shipping calamities when decimated demand always led to a collapse in prices for container shipment, as recently reported by Sea-Intelligence.[1]  “The consolidation of the past 20 years seems to finally pay off, in having created the possibility to mitigate

The Zeus Sphinx banking trojan is back after being off the scene for nearly three years. According to cyber researchers at IBM X-Force, Sphinx (a.k.a. Zloader or Terdot) began resurfacing in December 2019. However, the researchers observed a significant increase in victims in March 2020, as Sphinx's operators looked to take advantage of the interest and news of the government relief payments for businesses and individuals. 

First seen in August 2015, Sphinx is a modular malware based on the leak

US Tax Day has come and gone.  Due to the COVID-19 pandemic, the US has delayed the filing deadline to July 15^th.  That is great news for many, AND additionally many taxpayers will be eligible for the US New Economic Stimulus program.  The Internal Revenue Service (IRS) is now issuing warnings to alert the US public about a flood in Corona Virus-related scams over email, phone calls, or social media requesting personal identifying information (pii) while using the pandemic economic impact paymen

Even the largest companies can become victims of ransomware attacks by targeting supply chain members. A third-party ransomware attack has documents from Boeing, Lockheed Martin, SpaceX, and Tesla published for the world to see. These "high end" ransomware demands are now being called "nuclear" ransomware.  

The attack hit Visser, a manufacturing and design contractor for several prominent aerospace and defense companies. Here is how things unfolded, according to The Register: "The data was pilf

A new NATO report exposes Chinese government leaders plan to push through standardization of a new Internet architecture which will broaden the threat landscape, destabilize security and privacy, and fragment the world wide web. First proposed at the United Nations International Telecommunication Union (ITU) conference in September 2019, the plans call for a replacement to the current TCP/IP model, dubbed “New IP.”  China is being led by Huawei, its state-run communications company, and the comm

Google and Apple are working together. Yes, you heard that correctly. Two of the largest tech giants (and competitors) in the world are working together to prevent the spread of COVID-19.  Google and Apple are working in a joint endeavor to provide new API and functionalities in their mobile operating systems which help application developers create contact-tracing applications which can be used to mitigate the spread of the CoronaVirus.  In May2020, both companies will release APIs that enable

New car showrooms are closed.  Inventory is backing up.  Auto dealers are cash strapped and ready to negotiate a good deal, almost any deal.  So, if a person in the market for a new car, in good health and has a solid job (even with the various state “lock downs”), the timing is very good to buy a new car.  Car shopping will currently be electronic, but salespersons are willing to sell cars and reduce their inventories.  If you are a savvy online shopper and ready to negotiate a price by email o

Activity Summary - Week Ending 10 April 2020:

• Red Sky Alliance identified 52,538 connections from new unique IP addresses
• Who’s Faru Potter? Well, he’s pwned
• APT32, Bitter APT and Kimsuky group taking advantage of the COVID-19 pandemic
• "New" Crown Pneumonia Ransomware, dusted off and Operable
• Firefox Browser Zero-Day Vulnerabilities - Extended Support Release 68.6.1 – fix ASAP
• 3M on hackers Radar Screen, Again
• Brent crude up to $33.38
• Iraq losing Oil Revenues
• The Saudis are sending Oil to US to

The cybercrime environment is evolving as cyber threat actors improve their attack planning, build new malware and sneaky methods to take advantage of both business and consumer’s on-line behavior. Cybercrimes via social media are not new but now have catapulted into a severe problem with the CoronaVirus. Mobile users are more at risk to criminal schemes as popular on-line banking, and merchant services are available as mobile applications.

Besides social engineering techniques, cybercriminals a

Our Friends at the FBI issued a cyber bulletin on 04 01 2020.  This was no April Fool's Joke, but a serious cyber warning on the Sodinokibi Ransomware (pic: tgsoft.it), also known as REvil, Bluebackground, or Sodin.  Red Sky Alliance / Wapack Labs was already researching this ransomware.  Last week, Jesse Burke our Chief of Special Operations, provided a brief on Sodinokibi Ransomware.  Look to your right (Did you miss the March Cyber Intelligence Briefing (CIB). Topics: Coronavirus Lures and Bu

As information security professionals with over 20+ years in the business, we now see that if a bad actor wants to successfully scam someone online, all these hackers need is to have a basic level of software or networking skills.  Everyone now has the tools to enter this lucrative business; albeit in many cases: very illegal.  Malicious “phishers” of the past used poor graphics, poor grammar, misspellings and showed signs that English was not their first language.  Most often, businesspeople we

We all need some good news on the “new” COVID-19 Cyber Front.  The FBI has delivered the good news this past week.  During these first weeks of the “New Normal” during the worldwide Corona Virus pandemic, more and more employees are working from home with limited cyber threat protections or training.  Taking down a Crime as a Service (CaaS) web store off the Internet is fantastic news.  This past week, the FBI seized the domain of Deer.io, which federal prosecutors say served as a clearinghouse

Cyber threat analysts recently uncovered a new variant of the TrickBot malware that relies on new anti-analysis techniques, an updated method for downloading its payload as well as adopting minor changes to the integration of its components.  TrickBot is a module-based malware that, while first identified as a banking trojan, has gradually extended its functions to include collecting credentials from a victim’s emails, browsers and installed network apps.  The malware has also evolved to send sp