Last week, the US Department of Justice (DOJ) indicted three Iranian hackers for their role in a campaign intended to steal critical data related to US' aerospace and satellite technology and resources. Said Pourkarim Arabi, 34; Mohammad Reza Espargham, 25; and Mohammad Bayati, 34; are all residents and nationals of Iran and allegedly participated in a coordinated campaign of identity theft and hacking on behalf of Iran's Islamic Revolutionary Guard Corps (IRGC), a designated foreign terrorist
All Articles (2241)
Sort by
In a recent study by CrowdStrike regarding cyber threat activity show more intrusion attempts in the first six months of this year than in all of 2019. The pandemic-related shift to remote work and the growing availability of Ransomware-as-a-Service (RaaS) were two major drivers. Red Sky Alliance has reported on many of these ransomware groups and actors in detail in 2020. These reports can be found at no charge at https://redskyalliance.org.
The security vendor's threat-hunting team blocked
A new cybercriminal group called OldGremlin has been targeting Russian companies including banks, industrial enterprises and medical firms with ransomware attacks.
Researchers have said that OldGremlin’s first activities began between late March and early April 2020. The group took advantage of the COVID-19 pandemic in early lures (a common theme for ransomware strains during this time period, sending financial institutions purported recommendations on how to organize a safe working environment
Artem Lifshits is allegedly a part of Project Lakhta/IRA: the ongoing disinformation campaign targeting the upcoming US election. Lifshits is facing US criminal charges to commit wire fraud as he was accessing cryptocurrency exchange accounts created using stolen US persons’ personal data.
Artem Lifshits Profile
Name: Artem Mikhaylovich Lifshits, Artem Lifshits, Artyom Lifshits.
Name in Russian: Лифшиц Артем Михайлович, Артем Михайлович Лифшиц, Артем Ли
Activity Summary - Week Ending 25 September 2020:
- Analysts identified 3,021 new IP addresses participating in various Botnets
- Red Sky Alliance observed 56 unique email accounts compromised with Keyloggers
- RSAC identified 46,283 connections from new unique IP addresses
- Winnti Group and the Shadowpad Backdoor
- Baka JavaScript Skimmer Stealing Credit Card Data
- Zap Energy – Zapped
- OIL / GAS vs. Renewable Energy
- $40.00 a Barrel, Stagnant + -
- Libya pumping Oil
- ReconAfrica targeted by Environmentalists
The current US administration is signaling it will be updating the US government’s approach to its maritime cybersecurity strategy. Cyber security priorities are being discussed to enhance and secure the US’ ability to ‘project power at sea and defend against adversarial cyberattacks.’ The plan involves a re-examination of the national approach to information sharing and better emphasizing the use of operational technologies in ports.
Hackers at all tier levels have long targeted shipping fir
A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key used for secure communications between two parties.
"The root cause for this side-channel is that the TLS st
The back-to-school season has already been stressful for schools and families. Now a spate of ransomware attacks targeting K-12 schools has made it even more challenging. In May 2020, the FBI warned schools about the increasing risk of ransomware attacks during the pandemic. The agency warned that cyber actors would likely increase targeting of K-12 schools as an "opportunistic target" as more institutions shift from in-person learning to online classes and teachers and staff rely on remote ac
Activity Summary - Week Ending 18 September 2020:
- Red Sky Alliance identified 45,527 connections from new unique IP addresses
- IP: 149[.]202[.]67[.]223 – French company, Roubaix Ovh Sas is compromised for the 2nd week
- Analysts identified 4,362 new IP addresses participating in various Botnets
- Multiplatform RaaS SMAUG
- Shlayer Adware Targets OSX
- Crude prices Rose at the end of this Week
- Australian and US Pii leaked by CN Company
- Colombian Ecopetro drilling in the US Permian Basin, but has some Cyb
Cyberattacks on Small to Medium-sized businesses (SMBs) are continuing at a relentless pace for 2020, with most data breaches coming from outside the organization. Cyber-attacks are up and average 75% since the Corona pandemic. Cybersecurity analysts believe hackers are specifically targeting these smaller firms because they know SMBs lack adequate resources and enterprise-grade security tools, making them easier prey than larger businesses.
A new report from Cisco counters this misconception.
As Maritime technology progresses, towage vessels (tugboats) and their crews are increasingly connected to online services during operations, increasing their vulnerability to cyber threats, malware, viruses, and hackers. These cyber security concerns were raised by the US based Maritime Transportation System (MTS) - Information Sharing and Analysis Center (ISAC)[1] after a tugboat fell victim to a phishing email. This was the first time a tugboat reported receiving this type of phishing email
What will happen if the November 2020 election results are tampered, blocked or disappear? Both parties will cry foul and blame the other party. Will the voters every really know the final results and how long could it possibly take for both national parties to agree upon an outcome? The blame may need to be placed with the hackers and ransomware criminals who have been attacking governments, businesses, and organizations with no let-up in sight. State and local governments and their agencie
An adversary known for targeting the Financial Cyber Sector, at least since 2018, has switched up its tactics to include a new Python-based remote access Trojan (RAT).[1] This RAT can steal passwords, documents, browser cookies, email credentials, software licenses, and credentials for trading software/platforms, customer credit card information, and proof of address/identity documents, and other sensitive information. The group is suspected of offering APT style hacker-for-hire services to o
Activity Summary - Week Ending 11 September 2020:
- Red Sky Alliance observed 97 unique email accounts compromised with Keyloggers
- Analysts identified 69,770 connections from new unique IP addresses
- The BeagleBoyz are robbing Banks
- Analysts identified 4,775 new IP addresses participating in various Botnets
- Box Pages Utilized in Phishing Attacks
- Netwalker Ransomware in Argentina
- Oil Prices in a new “Supercycle”
- Iranian tankers possibly heading to Venezuela in defiance of US sanctions
- Germany – Nor
From our Friends at Be Cyber Aware at Sea - "Welcome to this month’s edition of Phish & Ships, brought to you by The Be Cyber Aware at Sea campaign.
For the last few months we have been swept up in the effects of the coronavirus on the world, and its impact on the cyber sphere for shipping in particular. While the virus is still very much in circulation and we are adjusting to the measures put in place for our protection, we must start to look ahead once more. After all, round the corner is the
Ransomware is here to stay. Recent alerts from the Cybersecurity and Infrastructure Security Agency (CISA) report that there is no end in sight. There are many versions of ransomware in use and group and nations behind the extortion attempts. These cyber actors are motivated by money. Ransomware can be described simply as a type of malware from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware
Activity Summary - Week Ending 4 September 2020:
- Analysts identified 5,204 new IP addresses participating in various Botnets
- Red Sky Alliance identified 44,612 connections from new unique IP addresses
- Analysts observed 24 unique email accounts compromised with Keyloggers
- Analysts found identifying data on Kuwaiti hacker: NYANxCAT
- Shlayer Malware
- Tripwire‘s August 2020 Patch Priority Index (PPI)
- ISIS attacks Syria’s energy infrastructure
- Two oil tankers loading at the Libyan Port of Brega
- Saudi
Close to 90 percent of all commerce is shipped via maritime transportation. Lloyd’s of London report combined container throughput figures regarding the top 100 international ports grew by 2.5 percent in 2019. Splash247 has posted an interesting article explaining that the Chinese government may be toying with supply chain data systems, creating concerns in maritime transportation.
“There has been progress within the maritime and shipping sector in creating a digital maritime ecosystem that i
A recent survey result of 3,200 people in 524 organizations that suffered data breaches is a bit of a mixed bag. Ponemon's, "Cost of a Data Breach Report 2020" (commissioned by IBM), reveals that despite an apparent decline in the average cost of a data breach from $3.92 million in 2019 to $3.86 million this year the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes. Ponemon's analysis of
The Cybersecurity and Infrastructure Security Agency (CISA) and other US agencies have issued a warning about increases in bank e-thefts worldwide organized by a hacking group called "BeagleBoyz." Researchers believe this group has ties to the North Korean government. The BeagleBoyz group is a subset of the North Korean-backed hacking collective known as the Lazarus Group or Hidden Cobra. The report with details of how the BeagleBoyz have made off with an estimated $2 billion in funds and cry
