X-Industry

Threat intelligence experts at ClearSky Cyber Security have reported the details of an Iranian social engineering campaign using fake LinkedIn identities to trick people into downloading malware with fake job offers. ClearSky has identified a campaign named “Iranian Dream Job,” in which the Iranian threat actor TA455 has targeted the aerospace industry by offering fake jobs.

See: https://redskyalliance.org/xindustry/iran-targeting-aerospace-through-fake-jobs

The campaign distributed the so-calle

International law enforcement has shut down 27 of the most popular platforms used to carry out distributed denial-of-service (DDoS) attacks, Europol announced in a statement on 11 December 2024.  The operation called PowerOFF, conducted across 15 countries to include the US, UK, Australia, Brazil, Canada, and Finland, which led to the identification of 300 users of these platforms and the arrest of three administrators in France and Germany.

Europol explained that the takedowns were timed ahead

The US Treasury Department has sanctioned a Chinese cybersecurity vendor for allegedly trying to spread malware to approximately 81,000 firewall devices from Sophos.  The sanctions target Sichuan Silence Information Technology and one of its employees, Guan Tianfeng, “for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide,” the Treasury Department said in last Tuesday’s announcement.  “More than 23,000 of the compromised firewalls were in the United States,” the

Tinexta Cyber and SentinelLabs have tracked threat activities targeting business-to-business IT service providers in Southern Europe. Based on the malware, infrastructure, techniques used, victimology, and the timing of the activities, researchers have assessed that it is highly likely a China-nexus threat actor conducted these attacks with cyberespionage motivations.
The relationships between European countries and China are complex and characterized by cooperation, competition, and underlying

The FTC announced on 03 December 2024 that it had banned data brokers Mobilewalla and Gravy Analytics from harvesting and selling Americans' location tracking data linked to sensitive locations, like churches, healthcare facilities, military installations, and schools. The FTC says Mobilewalla and Gravy Analytics unlawfully collected and sold location data collected from consumers, including data linked to their visits to places of worship and health-related locations.

Virginia-based Gravy Analy

As soon as transactions of data and money started to become commonplace on the internet criminals sensed a whole new vista opening up to them.  Since then, it has been a constant game of cat and mouse trying to stay one step ahead of the cybercriminals, too often with the hackers coming out on top.

According to the figures there were over 2,300 attacks recorded in 2023.  That might not sound too serious.  But the nature of an attack means that many people are affected by each one.  In this case

DMM Bitcoin is a cryptocurrency exchange based in Japan, operated by DMM Group, a large Japanese e-commerce and entertainment conglomerate. Launched in 2018, the platform allows users to trade various cryptocurrencies, including Bitcoin, Ethereum, and Ripple, through spot trading and leverage trading services. In June 2024, the Japanese cryptocurrency exchange announced that cybercriminals stole 4,502.9 Bitcoin (BTC), approximately $304 million (48.2 billion yen), from its wallets.

“At approxima

Stoli Group's U.S. companies https://stoli-group.com  have filed for bankruptcy following an August 2024 ransomware attack and Russian authorities seizing the company's remaining distilleries in the country.  Chris Caldwell, the President and Global Chief Executive Officer of Stoli USA and Kentucky Owl, the two Stoli Group subsidiaries, said in a recent filing, this comes after the August attack severely disrupted its IT systems, including its enterprise resource planning (ERP) platform.

The cyb

While threat actors continue to rely on many “classic” tactics that have existed for decades, our threat predictions for the coming year largely focus on cybercriminals embracing bigger, bolder, and, from their perspectives, better attacks.  From Cybercrime-as-a-Service (CaaS) groups becoming more specialized to adversaries using sophisticated playbooks that combine both digital and physical threats, cybercriminals are upping the ante to execute more targeted and harmful attacks.

In its 2025 thr

Researchers have discovered what they believe is the first-ever malware capable of infecting the boot process of Linux systems. "Bootkitty" is proof-of-concept code that students in Korea developed for a cybersecurity training program they're involved in. Though unfinished, the bootkit is fully functional and even includes an exploit for one of several so-called LogoFAIL vulnerabilities in the Unified Extensible Firmware Interface (UEFI) ecosystem that Binary Research uncovered in November 2023.

Criminals are using text messaging, dating apps, social media, and email to perpetrate a form of financial fraud, most known as 'pig-butchering,' where victims are lured into fraudulent investment schemes. Meta has confirmed it has removed around 2 million scam accounts across its platforms since the beginning of 2024. “This year alone, we’ve taken down over two million accounts linked to scam centers in Myanmar, Laos, Cambodia, the United Arab Emirates, and the Philippines,” says Meta.
See: http

Earlier this week on Cyber Monday, the US Internal Revenue Service (IRS) and its Security Summit partners warned taxpayers to approach their holiday shopping with extra caution because scammers are also shopping, for their next victim’s personal information.  The consumer alert kicks off the ninth annual National Tax Security Awareness Week featuring tips for taxpayers and tax professionals to avoid scams and protect their sensitive data.  The special week is part of the Security Summit initiati

Trustwave researchers have recently released a report about a phishing campaign they had been tracking which had experienced a significant increase in activity in August of 2024 and targeting primarily Microsoft 365 users. This campaign has been linked to the phishing kit called Rockstar 2FA.  The Rockstar 2FA phishing kit has been deemed to be an updated version of the DadSec phishing kit. Microsoft tracks the threat actor behind these phishing kits under the moniker Storm-1575.

Rockstar operat

Imagine a world where every car dealership in the country sells the same bland, featureless sedan.  No variety, no personality, just four wheels, a steering wheel, and a shrug-worthy lack of innovation.  That’s what one-size-fits-all cybersecurity looks like for managed security service providers (MSSPs): A cookie-cutter offering that nobody truly loves, everyone tolerates, and eventually, someone else customizes better.[1] 

Mike Saylor, CEO and co-founder of Black Swan Cybersecurity, has spent

In September 2024, researchers observed an attack using the notorious SmokeLoader malware to target companies in Taiwan, including those in manufacturing, healthcare, information technology, and other sectors. SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks.  While SmokeLoader primarily serves as a downloader to deliver other malware, in this case, it carries out the attack itself by downloading pl

FortiGuard Labs gathers data on ransomware variants of interest that are gaining traction within its datasets and the OSINT community. The report below provides brief insights into the evolving ransomware landscape.

Interlock Ransomware Overview - Interlock is a new ransomware variant that was first publicly discovered in an available file-scanning site in early October 2024. This could indicate that the ransomware emerged as early as September. The Interlock ransomware comes in Windows and Free

A ransomware attack on supply chain software firm Blue Yonder in turn hit a dozen big names in food and retail with business disruptions, Starbucks and Walgreens among them.  The software is widely used by a range of Fortune 500 companies, and the full list of potentially impacted victims remains unclear.  Companies such as grocery giant Kroger (and its recently acquired subsidiary Albertsons), Anheuser-Busch and Ford are known to use the software but have not confirmed any impact as of yet.  Se

Network-attached storage devices like NetApp contain volumes of data which are vital to business operations.  With broad access available to so many users, protecting NetApp storage from malware is critical to operational stability and integrity. Organizations worldwide face increasingly sophisticated threat actors. AI-powered threat detection can level the playing field, protect business data, and stop attacks before they begin. 

The Challenge - Legacy AV solutions have long dominated storage s

Two Internet cables between Germany and Finland, as well as between Lithuania and Sweden, have experienced sudden outages. Located in northern Europe, the Baltic Sea is an active commercial shipping route ringed by nine countries, including Russia. The affected countries, all members of NATO, say that it is unlikely to be accidental. This happened in the same waterway in which a significant gas pipeline and other underground cables were previously damaged in mysterious circumstances in 2022. No,

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate