Microsoft says it's blocked GRU cyber operations directed against US, European, and Ukrainian targets. Redmond calls the group "Strontium," in its metallic naming convention for threat groups, but the threat actor is also known as APT28 and, of course, Fancy Bear. The disruption was a familiar (and entirely praiseworthy) takedown. Microsoft explained, "On Wednesday April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these a
All Articles (2634)
Sort by
At the onset of the Civil War, a man whose name would eventually become synonymous with famous American detectives was reportedly providing false reports to the Union’s top general. Allan Pinkerton, who once successfully smuggled Abraham Lincoln into Washington, DC to avoid a rumored assassination attempt before he was even sworn in as president, acted as General George McClellan’s top intelligence officer. He was considered one of the best spymasters in the United States, responsible for effe
Activity Summary - Week Ending on 8 April 2022:
- Red Sky Alliance identified 1,898 connections from new IP’s checking in with our Sinkholes
- Go Daddy LLC domain - 61 x
- Analysts identified 1,311 new IP addresses participating in various Botnets
- IcedID Trojan
- DoubleZero Wiper Malware
- ChronoPay
- Inverse Finance
- TX Infrastructure
- CN also attacking UA
Link to full report: IR-22-098-001_weekly098.pdf
Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.
Link to full report: IR-22-097-001_IntelSummary097.pdf
The US Justice Department announced on 06 April 2022 a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the US government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU).
The malware called “sandworm” is infecting users’ systems, t
Ransomware is a constant thorn in the side of cyber security professionals worldwide. Hive Ransomware stormed onto the scene in June of 2021 and in their first six months, from June to December of 2021 they managed to compromise 355 companies. The group made headlines for targeting IT, real estate, and healthcare organizations, prompting an FBI Alert sharing the Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with the group in late August.
Recently the
Electricity, oil and gas and other critical infrastructure vital to any country’s day to day lives is increasingly at risk from cyber-attackers who know that successfully compromising industrial control systems (ICS) and operational technology (OT) can enable them to disrupt or tamper with vital services. A report from cybersecurity company Dragos[1] details ten different hacking operations which are known to have actively targeted industrial systems in North America and Europe and its warned t
They say “Birds of a Feather, Flock Together.” This holds true with criminal hackers. Threat analysts have recently compiled a detailed technical report on FIN7 operations from late 2021 to early 2022, showing that the adversary continues to be very active, evolving, and trying new monetization methods.[1]
Link to full report: TR-22-095-002_Fin7.pdf
[1] https://www.bleepingcomputer.com/news/security/fin7-hackers-evolve-toolset-work-with-multiple-ransomware-gangs/
Those readers who have children have already built a sandbox and watched the contents be tracked into their house. What I will be describing is a different type of sandbox or some have referred to it as a “Cuckoo box.” Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it; build your own environment or use third-party solutions. Here are some “easy” steps required to create a custom malware sandbox where you can perform a proper a
With the worldwide push to stamp out the internal combustion engine and push electric vehicles; a research study on how to thwart the charging process of EVs was introduced. University of Oxford researchers in the UK, in collaboration with Switzerland and the UK’s Armasuisse federal agency, identified a novel attack method that let them remotely force EVs to abort charging. The attack method called Brokenwire works by sending malicious signals wirelessly to the targeted vehicle to cause electr
Activity Summary - Week Ending on 1 April 2022:
Today is April Fools' Day, but sound Cyber Security is No Joke. Call us for protection.
- Red Sky Alliance identified 15,105 connections from new IP’s checking in with our Sinkholes
- Kanzas LLC Moscow RU - 241 x
- Analysts identified 1,392 new IP addresses participating in various Botnets
- Emotet Variant
- AbereBot is Escobar
- Kaspersky Lab
- Shortage of female Cyber Security Professional
- Hacked Ukrainian News Website
- Spearphishing Attack from Belize
The 2022 Major League Baseball season is set to kick off next week, which means fans everywhere are trying to gauge how their team stacks up to the competition. To prepare for the season Wapack Labs has skipped the analysis of Batting Averages, RBI’s, and On-Base Percentages in favor of measuring each team’s cyber security posture.
Horizon Actuarial Services, LLC provided notice regarding a data privacy incident that occurred on 12 November 2021. The incident involved the theft of data inclu
Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.
Link to full report: IR-22-090-001_IntelSummary090.pdf
Globalism is an ideology based on the belief that people, information, and goods should be able to cross national borders unrestricted, while globalization is the spread of technology, products, information, and jobs across nations. Within one week of the Russian invasion of Ukraine, governments around the world passed some of the toughest and most coordinated sanctions in modern history. At lightning speed, dealings with the Russian Central Bank and Russian travel to and through 33 countries’
The Ronin Network announced yesterday that hackers have stolen more than $600 million worth of Ethereum (173,600 ETH) and $25.5 million of US dollar-pegged stablecoin USDC, making it one of the largest decentralized finance (DeFi) hacks to date. The company, which is tied to the popular blockchain game Axie Infinity, said in a Substack post that they suffered a security breach on March 23. Sky Mavis, a blockchain gaming company, built and controls the Axie Infinity game.
The hack involved the
Recently, a cyber threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. The result is that he/they are receiving “Free money” ATMS.
Threat intelligence researchers are tracking the cluster under the name of UNC2891, with some of the group's tactics, techniques, and procedures sha
Proofpoint released a new report this week about fake job emails being sent by threat actors, noting that they are seeing nearly 4,000 similar phishing emails each day. Bad actors are using the promise of easy money to steal personal data or trick victims into committing money laundering. “These types of threats can cause people to lose their life savings or be tricked into participating in a criminal operation unknowingly,” said Proofpoint. “They are very concerning for universities especial
The US Federal Communications Commission (FCC) has added Russian cybersecurity company Kaspersky Lab to its list of entities that pose an “unacceptable risk to US national security,” according to a report from Bloomberg. This is the first time a Russian company has been added to the list, which is otherwise made up of Chinese companies, like Huawei and ZTE.[1]
Businesses in the US are barred from using federal subsidies provided through the FCC’s Universal Service Fund to purchase any products
Last Monday, the current US administration released a “Statement by President Biden on our Nation’s Cybersecurity,” followed by public statements where Biden warned about the prospect of a Russian cyberattack, saying “it’s coming.” Both the written and verbal comments reinforced the fact that “the federal government can’t defend against the threat alone” and Biden went on to tell US critical infrastructure owners that “under US law…the private sector…largely decides the protections that we will
Activity Summary - Week Ending on 25 March 2022:
- Red Sky Alliance identified 15,245 connections from new IP’s checking in with our Sinkholes
- Malicious Keylogger data is back with 24 Keylogged emails
- Analysts identified 1,081 new IP addresses participating in various Botnets
- CaddyWiper
- CryptBot
- Russian Cyber Attacks – Train your Machine
- IssacWiper
- A 3rd Wipper (after HermeticWiper and IzaakWiper)
- Wiper remediation
Link to full report: IR-22-084-001_weekly084.pdf
