X-Industry

The US and its NATO allies endorsed a new cybersecurity defense policy during President Biden's visit this week with member states in Brussels, according to the official summit communique.  NATO members agreed that the organization's Article 5 provision which states that an attack on one member nation is an attack on all could now be applied to cyber threats.  But NATO would make any decisions to invoke Article 5 in response to a cyber incident on a "case-by-case basis," the communique notes.  A

Activity Summary - Week Ending 25 June 2021:

• Red Sky Alliance observed 105 unique email accounts compromised with Keyloggers
• Analysts identified 37,719 connections from new unique IP Addresses
• 2,489 new IP addresses participating in various botnets were Observed
• Darkside Affiliate Group
• Telegrams APIs being Used
• Poland’s Government allegedly hit by Russian Hackers
• White Hats to the Rescue
• Carnival Cruise Line hit, AGAIN
• Korea Atomic Energy Research Institute
• Hong Kong’s Apple Daily pivoting to

It is clearly proven on a daily/hourly basis that cyber-attacks will not slow down; with ransomware leading the hacker’s choice of malware techniques.  So, who really loses in these attacks?  In most cases, the business and corporate owners.  A million dollar ransom of frozen networks, even if negotiated down, will put many companies on their heels, if not out of business. 

A pair of recent lawsuits have been filed on behalf of former and current Scripps Health (Scripps) patients, who allege the

This all started with email scams requesting money for a Nigerian price who claims he can double your investment or requests money for charities.  A scam then; still a scam.  Now a new one: a current email scam, also known as advance fee fraud or 419 fraud, is a scheme in which a sender requests help in facilitating the transfer of a sum of money, generally in the form of an email. In return, the sender offers a commission —a large amount, sometimes up to several million dollars depending on the

The White House continues to make multiple moves to try and better combat the increasing damage being done by ransomware-wielding attackers.  "The number and size of ransomware incidents have increased significantly, and strengthening our nation's resilience from cyberattacks in both the private and public-sector is a top priority" for President Joe Biden, says a memo issued by the White House to U.S. corporate executives and business leaders on Wednesday, urging them to ensure they are followin

Reader’s Note:  I am writing this article in reverse order today. Please review Part 1 and begin following them today.  Then maybe part 2 will not be necessary.

Part 1

Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at https://redskyalliance.org at no charge.  In fact, the RedPane tool now scraps over 40 dark web forums, collecting pro-active data that can be used to defend a network b

GCHQ the UK’s spying agency says they have fully engaged with AI to find, analyze and use the massive amounts of global data for their own intelligence work. AI and Machine Learning are playing an increasing role in cybersecurity, with security tools analyzing data from millions of cyber incidents, and using it to identify potential threats.

Digital disruption is sweeping through the world’s second-oldest profession, spying, and it is altering monitoring, collection, and action. Spying has of co

Law enforcement is on a roll.  Europol members recently arrested numerous people in connection with a US law enforcement sting; last week Mexico arrested hacktivist Commander X; and now police in Ukraine reported earlier this week they arrested members of a major ransomware gang.  The arrests mark the first time a law enforcement agency has announced a mass arrest of a prolific hacker group that had extorted Americans by either encrypting an organization's files or threatening to leak them to th

Activity Summary - Week Ending 18 June 2021:

• Red Sky Alliance observed 39 unique email accounts compromised with Keyloggers
• Analysts identified 43,797 connections from new unique IP Addresses
• 2,102 new IP addresses were observed participating in various Botnets
• New Agent Tesla Variant
• Infostealer Malware
• Gelsemium
• Norms: Do they Mean Anything?
• Fancy Lazarus
• Asia Pacific Public Sector Cyber Security Executive Council
• Major Rx. Company still has Cyber Issues
• Commander X Busted in Mexico

Link to

Mexican media sources are reporting that hacktivist Christopher Doyon, known as 'Commander X', was captured in Mexico and extradited to the United States, where he faces over a decade's worth of criminal hacking charges.  Doyan now claims that he was illegally handed over to the US authorities and is claiming political asylum in Mexico. 

"Please tell the world that I was illegally handed over from Mexico, where I had political asylum and where I was a humanitarian refugee.  I was illegally taken

As more cities see their police departments targeted with ransomware attacks, some analysts are voicing concerns that the attacks, which could lead to inaccessible systems and potentially compromised evidence, could impede criminal prosecutions.   

Among the latest developments, the police department in the City of Azusa, Arizona, recently reported that it had been hit by ransomware in March 2021, resulting in the compromise of personally identifiable information (pii), including Social Security

The Department of Homeland Security has issued a cybersecurity directive that requires the operators of oil and gas pipelines to report ransomware attacks and other security incidents to the government.  The new cybersecurity mandates, which will replace some voluntary guidelines that had been in place for a decade, were announced Thursday in the wake of a 07 May 2021 ransomware attack that led Colonial Pipeline Co. to temporarily shut down its pipeline serving the East Coast, triggering fuel sh

The US federal authorities will soon begin sharing hashes of compromised passwords found in the course of its cybercrime investigations with Have I Been Pwned (HIBP), the data breach notification service.  The password hashes will contribute to Pwned Passwords, a service used to help warn users against reusing passwords that have been leaked in data breaches, says Troy Hunt, the Australian developer who created Have I Been Pwned

The stolen and leaked data the FBI comes across in investigations,

At a time when ever escalating ransomware campaigns are making international headlines, it is interesting to see cyber adversaries demanding ransom before launching an attack.  The bad actors are now using marketing techniques to better message their crimes.  Researchers at ProofPoint explain a new and improved DDoS attack demonstrates how bad actors are consistently seeking more means of achieving their goals.  "DDoS attacks have become increasingly easier to launch and have a potentially subst

The decision to pay the ransom demanded by the cybercriminal group was to avoid any further issues or potential problems for its customers, according to the company’s CEO.  JBS Foods paid the equivalent of $11 million in ransom after a cyber-attack that forced the company to shut down some operations in the United States and Australia over the Memorial Day weekend.

The company made the payment to cybercriminals to ensure the protection of its data and mitigate any further damage to its customers

"They went after our gas and they went after our hot dogs.  No one is out of bounds here. Everyone is in play here," warned Christopher Krebs, former director of cybersecurity at Department of Homeland Security.  From natural phenomena to cyberattacks like the massive SolarWinds operation and recent attack on the Colonial Gas Pipeline, security experts warn it is clear that most businesses and key infrastructure like power grids across this country are pitifully unprepared to meet such threats.

Activity Summary - Week Ending 11 June 2021:

• Red Sky Alliance identified 33,092 connections from new unique IP Addresses
• Analysts identified 1,485 new IP addresses participating in various Botnets
• Variations of dnSpy is still being used as a Lure
• Agent Tesla
• NOBELIUM
• Phishing Campaigns Targeting NGOs
• Bing v. Google and Videos
• Chinese general buys land in TX, why?
• Cloud service company Fastly, Shut Down
• SkinnyBoy
• Quanta Computer – Taiwan
• Amazon Prime accused of Spying??

Link to full report: IR-

A few days after the Colonial Pipeline was attacked, a former law enforcement source close to the company told Red Sky Alliance that law enforcement officials used a cyber type ‘dye pack’ to track the Bitcoin Colonial ransom payment.  A traditional dye pack is used in banks to be used during a bank robbery.  The robbers take the cash bundle with the dye pack and within minutes, the dye pack ignites and paints the robber with a dye, so responding police can identify the fleeing felon.  The federa

Cyber threat analysts have stated that 50% to 70% of all ransomware attacks in the U.S. are targeting small and medium-sized businesses, costing the victims an estimated total of $350 million in the last year, Secretary of Homeland Security Alejandro Mayorkas said Wednesday in a speech to the U.S. Chamber of Commerce.  "The losses from ransomware are staggering. And the pace at which those losses are being realized is equally staggering," Mayorkas said, noting this is why DHS has made battling r

Cyber-attacks seem to be occurring on a daily, if not hourly, basis.  On 8 June 2021, multiple websites went offline briefly throughout the world after an outage at the cloud service company Fastly, revealing how critical a handful of companies running the Internet's network have become.  Dozens of sites including the New York Times, CNN, some Amazon sites, Twitch, Reddit, the Guardian, and the U.K. government's home page, could not be reached.

In Asia, the cities of Hong Kong and Singapore were