Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated
All Articles (2242)
Sort by
A leading cyber security firm, Cybereason[1], has announced the results of its third annual ransomware study, commissioned to better understand the true impact of ransomware on businesses. This global study reveals that ransomware attacks are becoming more frequent, effective, and sophisticated.
See: https://redskyalliance.org/xindustry/100-50-1-100-ransomware-gangs-using-50-types-of-malware
The Report Ransomware: The True Cost to Business 2024 reveals that of the organizations who opted to pay
The US House of Representatives has passed legislation that could lead to a nationwide ban on the popular video-sharing app TikTok, reigniting debates around data privacy, national security, and the limits of government oversight. The bipartisan bill, named the Protecting Americans from Foreign Adversary Controlled Applications Act, requires the Chinese company ByteDance to divest its ownership of TikTok. If it fails to do so, the app would be prohibited from operating in the United States, an
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit ransom demands in connection with doing so."
The defendant, who had his home searched by Canadian law enforcement
The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. The Program Compatibility Assistant Service (pcalua.exe) is a Windows service designed to identify and address compatibility issues with older programs. Adversaries can exploit this utility to enable command execution and bypass security restrictions by using it as an alternative command-line interpreter. In
The US Department of Justice claims that it has disrupted a botnet controlled by the Russian state-sponsored hacking group Forest Blizzard, also known as Fancy Bear. The Russian hackers' targets include US and foreign governments, military entities, and security and corporate organizations. The FBI operation copied and deleted stolen files and other data from the compromised routers and, working with local Internet service providers, the FBI then informed the owners and operators of the routers.
A new phishing campaign has been observed delivering Remote Access Trojans (RAT) such as VCURMS and STRRAT using a malicious Java-based downloader. The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware, an unusual aspect of the campaign is VCURMS' use of a Proton Mail email address ("sacriliage@proton[.]me") for communicating with a command-and-control (C2) server.
The attack chain commences
Magnet Goblin, a financially motivated threat actor, is swiftly adopting one-day security vulnerabilities into its arsenal to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. Threat actor group Magnet Goblin's hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, mainly targeting public-facing servers and edge devices. In some cases, the deployment of the exploits is within 1 day after a [proof-of-concept] is publi
Organizations in the US have been targeted since at least 2021 in various phishing and business email compromise (BEC) campaigns spoofing government and private businesses. The attacks, attributed to a threat actor tracked as TA4903, were focused on harvesting corporate credentials to enable BEC activities such as invoice fraud or payroll redirect. As part of the observed attacks, the threat actor frequently registered new domains spoofing government entities and private organizations in secto
Ireland’s businesses have been warned of the need to have cyber security safeguards during a recent cyber security conference staged in Belfast. The Check Point Cyber Security Summit took place at Titanic Belfast, with bosses from Microsoft and NI’s GitHub leading the conversation on how to combat hackers and cyber threats.
Billed as a summit unlike any other in the cyber security realm, convening cyber and business leaders from across the public and private sectors in Northern Ireland, the eve
Cyber security is undergoing a massive transformation, with Artificial intelligence (AI) at the forefront of this change, posing both a threat and an opportunity. AI can potentially empower organizations to defeat cyberattacks at machine speed and drive innovation and efficiency in threat detection, hunting, and incident response. Adversaries can use AI as part of their exploits. It is never been more critical for us to design, deploy, and use AI securely.
There seems to be a very disturbing cyber-attack trend that is targeting our Healthcare sector. This should be of a huge concern for everyone. There used to be certain sectors that state sponsoredaccount access and criminal hackers would shy away. Those days are gone. The healthcare industry is an increasingly appealing target for cybercriminals from around the world. The reason is simple: The healthcare value chain encompasses a large, complex network of connected entities that warehouse e
The top US intelligence agency has revamped its election security team ahead of the 2024 presidential election, a contest multiple national security leaders have warned could be targeted by foreign adversaries using fast-moving attacks. Jessica Brandt, who previously held a variety of prominent research roles at Washington think tanks, was appointed the first full-fledged director of the Foreign Malign Influence Center in late 2023.
The hub, part of the Office of the Director of National Intell
Linux Users Beware -- The Spinning YARN malware campaign targets misconfigured servers running Apache Hadoop YARN, Docker, Confluence, and Redis web-facing services. Cado Security Labs has discovered an emerging Linux malware campaign dubbed Spinning Yarn.
The emergence of the new Linux malware shouldn’t surprise, given the recent surge in threats targeting Linux devices and servers. Recently, an old Linux malware known as Bifrost RAT[1] resurfaced with a new variant that mimics VMware domains
A Microsoft spokesman reported that the Russian government-backed hacking team that broke into its corporate network and spied on senior executives also stole source code and may still be poking around its internal computer systems. In what is being described as an “ongoing attack,” the world’s largest software maker says it has evidence the hacking group “is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access.” This has inc
The unprecedented cyberattack on Change Healthcare[1], a major revenue cycle management firm, has thrown the US healthcare system into a financial mess. With payment systems crippled, hospitals are demanding federal intervention to avert an economic crisis that could imperil care delivery. Change Healthcare is a revenue and payment cycle management provider that connects payers, providers, and patients within the U.S. healthcare system. The name also refers to a company founded in 2007 that b
The US Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in "developing, operating, and distributing" commercial spyware designed to target government officials, journalists, and policy experts in the country. "The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses an
The Stormous ransomware gang has taken credit for an attack on a major Belgian beer producer this week. The ransomware attack on Duvel Moortgat Brewery has affected operations for days. Can you believe it? Who wants to stop the flow of beer? Local news outlets and BleepingComputer reported on Wednesday that Duvel’s IT department detected the attack and shut down production lines. Spokesperson Ellen Aerts told reporters that they are “still working to find out exactly what happened. "We hav
A company contacted the incident response firm Sygnia to investigate suspect activity on its network. Sygnia rapidly concluded the company was experiencing a ransomware attack and was in imminent danger of having its entire environment encrypted. It recommended immediate and bold action to disconnect from the internet. This is one of the oldest defenses against hackers and disconnects from the internet. Just as in the previous century, a user would notice something unexpected downloading int
CISA Report JCSA-20240227-001
Note: This CISA advisory uses the MITRE ATT&CK® for Enterprise framework, version 14. See the MITRE ATT&CK Tactics and Techniques section for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool.
Overview - This advisory provides observed tactics, techniques,
