Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.
Link to full report: IR-22-090-001_IntelSummary090.pdf
Globalism is an ideology based on the belief that people, information, and goods should be able to cross national borders unrestricted, while globalization is the spread of technology, products, information, and jobs across nations. Within one week of the Russian invasion of Ukraine, governments around the world passed some of the toughest and most coordinated sanctions in modern history. At lightning speed, dealings with the Russian Central Bank and Russian travel to and through 33 countries’
The Ronin Network announced yesterday that hackers have stolen more than $600 million worth of Ethereum (173,600 ETH) and $25.5 million of US dollar-pegged stablecoin USDC, making it one of the largest decentralized finance (DeFi) hacks to date. The company, which is tied to the popular blockchain game Axie Infinity, said in a Substack post that they suffered a security breach on March 23. Sky Mavis, a blockchain gaming company, built and controls the Axie Infinity game.
The hack involved the
Recently, a cyber threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. The result is that he/they are receiving “Free money” ATMS.
Threat intelligence researchers are tracking the cluster under the name of UNC2891, with some of the group's tactics, techniques, and procedures sha
Proofpoint released a new report this week about fake job emails being sent by threat actors, noting that they are seeing nearly 4,000 similar phishing emails each day. Bad actors are using the promise of easy money to steal personal data or trick victims into committing money laundering. “These types of threats can cause people to lose their life savings or be tricked into participating in a criminal operation unknowingly,” said Proofpoint. “They are very concerning for universities especial
The US Federal Communications Commission (FCC) has added Russian cybersecurity company Kaspersky Lab to its list of entities that pose an “unacceptable risk to US national security,” according to a report from Bloomberg. This is the first time a Russian company has been added to the list, which is otherwise made up of Chinese companies, like Huawei and ZTE.[1]
Businesses in the US are barred from using federal subsidies provided through the FCC’s Universal Service Fund to purchase any products
Last Monday, the current US administration released a “Statement by President Biden on our Nation’s Cybersecurity,” followed by public statements where Biden warned about the prospect of a Russian cyberattack, saying “it’s coming.” Both the written and verbal comments reinforced the fact that “the federal government can’t defend against the threat alone” and Biden went on to tell US critical infrastructure owners that “under US law…the private sector…largely decides the protections that we will
Link to full report: IR-22-084-001_weekly084.pdf
For years, cyber threat professionals have warned against installing Kaspersky on any computer. Now, German cybersecurity agency BSI on 16 March 2022 urged consumers not to use anti-virus software made by Russia's Kaspersky, warning the firm could be implicated in hacking assaults amid Russia's war in Ukraine. Russia's military and intelligence activities in Ukraine, and its threats to EU and NATO allies, particularly Germany, mean there is "a considerable risk of a successful IT attack", the
Since declaring cyberwar on Russia through the #OpRussia campaign, the hacktivist group Anonymous has been busy. It has been three weeks since the Anonymous collective tweeted their declaration of war, and in that time the decentralized group has been a mainstay of news headlines.
Since Russia invaded Ukraine the Anonymous twitter account, @YourAnonNews has gained close to 500,000 followers. In the hybrid war format where both acts of kinetic war and cyber war have been documented many hack
Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.
Link to full report: IR-22-083-001_IntelSummary083.pdf
Iran’s Revolutionary Guard has added “smart submarines,” unmanned underwater vehicles, to its navy for the first time, a report presented on Iranian state TV. Its Guard’s Navy unveiled the vessels, along with new missiles and speedboats, at a ceremony in Iran’s southern port city of Bandar Abbas.[1]
Its new speedboats can travel at up to 95 knots (about 109 mph) and are able to launch missiles and rockets. The report also said the Guard’s navy was equipped with new maneuverable missiles with a
A provocative piece from Vox, explains the current state of the Russian Cyber War. After three weeks of fighting, Russia is beginning to deploy increasingly brutal tactics in Ukraine, including indiscriminate shelling of cities and “medieval” siege warfare. Other elements of its military strategy, however, are conspicuously absent in cyberwarfare. Russia has a history of employing cyberwarfare tactics, which some experts believed could feature prominently in its invasion of Ukraine. The cyber
Link to full report: IR-22-077-001_weekly077.pdf
In the US, the FBI has issued an alert about the RagnarLocker ransomware group targeting at least 52 entities across 10 critical infrastructure sectors. The FBI recently released a flash alert, warning users and organizations in the US to remain vigilant about the RagnarLocker ransomware group's growing footprint. "As of January, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufact
Remember the joke line, “We are from the government and we are here to help you?” The recent news from the White House is an indication of more regulation, disclosures, reporting to tax agencies, and taxes are ahead for cryptocurrency users.
President Joe Biden announced a new approach to oversight of cryptocurrencies to support innovation and protect consumers. The White House has unveiled a new executive order for the nation's plan to establish a framework to both develop opportunities and m
Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.
Link to full report: IR-22-077-002_CyberIntelSummary077.pdf
Red Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated, with assoc
A new reflection/amplification DDoS method is being used in attacks that provides a record-breaking amplification ratio of almost 4.3 billion to 1. Distributed Denial of Service (DDoS) attacks target servers or networks with many requests and high volumes of data, aiming to deplete their available resources and cause a service outage. The amplification ratio is critical when conducting attacks, as the higher the number, the easier it is for threat actors to overwhelm well-protected endpoints w
US federal authorities first became aware of RagnarLocker in April 2020 and subsequently produced a cyber report to disseminate known indicators of compromise (IOCs) at that time. The linked report provides updated and additional IOCs to supplement that report. As of January 2022, analysts have identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government,
