All Articles (1965)
Summary
Wapack Labs observed malicious email trending on CTAC which detected an uptick in Darwish Trading Company (DTC) spoofing. Hackers pretend to be from this Qatari company as it has a wide range of business activities to include servicing the oil and gas sector. During 29 March 2019 – 3 April 2019, these samples were seen delivering Lokibot and PonyLoader malware.
Details
Figure 1. Malicious .doc attachment in an email spoofing Darwish Trading Company
The Darwish Trading Company (DTC) has a w
China’s need for energy has skyrocketed over the last 20 years as the country has gotten richer and the middle class—now 400 million—has grown into a significant segment of the population. Energy demands are not being met by domestic production, so China is now a net importer of oil, natural gas, and coal.
China’s energy source mix has traditionally been dominated by coal, but the share of energy produced by coal is dropping. China is highly dependent on imported oil, which makes up about 68 p
Summary
Hackers are using “SWIFT monetary transfer” themed files to lure users into opening them. These files have been identified malicious. Wapack Labs studied a sample group of SWIFT-themed malicious files during a 30 days period in February-March 2019. Nearly half are classified as Lokibot, and 12 percent were detected exploiting CVE-2017-11882 "Microsoft Office Memory Corruption Vulnerability." Most of the samples were submitted from either Ukraine, the Czech Republic or the US. In seve
Summary
Wapack Labs reports on the use of vessel names as lures in malicious emails. Using the names of Motor Vessel (MV), or Merchant/Motor Tanker (MT) in the subject line, is a social engineering tactic used by attackers when sending malicious emails to companies related to the shipping industry. Successful infiltrations into transportation related networks can result in the theft of valuable financial information or corrupt a system with damaging results. This report provides details about
Summary
Shared through the Multi-State (MS)-ISAC: A vulnerability have been discovered in Google Chrome, which could result in arbitrary code execution. Google Chrome is a web browser used to access the Internet. This vulnerability can be exploited if a user visits, or is redirected to, a specially crafted web page. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with this ap
Huawei Technologies and its 5G network construction work around the world have created concern in many quarters. The chief cause for this con cern is the perception that Huawei networks have a unique potential for exploitation by Chinese intelligence services.
A Wapack Labs review to determine the scale of this problem showed that Huawei is in fact involved in 5G infrastructure development in many countries. Germany, Ireland, Switzerland, and Canada have been using Huawei equipment to set u
Summary
APT-C-36 or Blind Eagle (BE) is an APT group that is believed to originate from South America. BE has been carrying out attacks against Colombian government institutions, to include the financial sector, petroleum industry and professional manufacturing. BE has been active since April 2018. Affected targets include Ecopetrol (Colombian Oil Company), Banco Agrario (State Financial Institution) and IMSA (Colombian Wheel Manufacturer). It is possible BE is involved in recent geopolitica
The Network Systems Department (NSD) of the People’s Liberation Army (PLA) Strategic Support Force, created in December 2015, appears to be the entity where military cyber operations are now based. It is a challenging collection target and many aspects of this PLA organization are still unknown.
The NSD is very rarely mentioned in open sources by its actual name. Instead, new data confirms that it uses the cover designator “32069 Unit.” Using this as a search term, some new information was di
New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide
If your company uses Cisco RV320 or RV325 Dual Gigabit WAN VPN routers, then technicians should immediately install the latest firmware update released by the Cisco last week.
Cyber attackers have actively been exploiting two newly patched high-severity router vulnerabilities, after a security researcher released their proof-of-concept exploit code on the Internet last weekend. The vulnerabilities in question are a co
SUMMARY
China’s Tencent Games is the developer of the mobile version of PlayerUnknown’s Battlegrounds, a vastly popular game that Wapack Labs has identified as being used to create botnets for conducting industrial fraud. This report examines the relationship between Tencent and the Chinese government to explore the question of whether Tencent is a witting participant in this activity or being used by malicious actors in the government.
Summary
Players Unknown Battleground (PUBG) has been identified by Wapack Labs as a large-scale proxy participant in major fraud. It is unclear whether PUBG is a witting or unwitting participant, but it is clear that the PUBG network has been abused for fraudulent purposes.
Wapack Labs has yet to identify the specific malware component that is responsible for recruiting PUBG gamers into various botnets. However, the
SUMMARY:
Information regarding a group of Chinese APT cyber actors stealing high value information from commercial and governmental victims in the US and abroad was recently collected and analyzed by US federal authorities. This Chinese APT group is known within private sector reporting as APT10, Cloud Hopper, menuPass, Stone Panda, Red Apollo, CVNX and POTASSIUM. This group heavily targets managed service providers (MSP) who offer cloud computing services; commercial and governmental clients
2019 Cyber Security Threat and Vulnerability Predictions
This report outlines our predictions regarding cyber threats and vulnerabilities for 2019. We base those on the trends Wapack Labs were observing during 2018. The main topics are artificial intelligence, IoT and mobile, cryptocurrency cybercrime, APT activity, and eCommerce targeting.
- Smarter Computing: Swarm, AI and Quantum
Quantum Computing
IBM-Q allows access to its quantum computer for research and testing. Quantum computing will revolut