X-Industry

Tesla Inc. CEO Elon Musk said SpaceX’s high-speed Internet service, Starlink, has held out against Russia’s cyberwar tactics amid the country’s ongoing invasion of Ukraine. 

What Happened - Musk said last week that Starlink has resisted Russia’s “jamming & hacking attempts,” even as the Vladimir Putin-led country is ramping up efforts.  Musk linked his comment to a Reuters report that said Russia was behind a massive cyberattack against a satellite internet network that took tens of thousands of

Activity Summary - Week Ending on 13 May 2022:

• Red Sky Alliance identified 35,648 connections from new IP’s checking in with our Sinkholes
• MS in Sydney Australia hit 134x
• Analysts identified 1,442 new IP addresses participating in various Botnets
• Black Basta
• Stonefly APT
• Magnus & Grim
• Exploits in Ransomware used to Block Encryption
• Risk-Based Cyber Security in the UK
• Passwords
• Ransomware Evolution

Link to full report: IR-22-133-001_weekly133.pdf

The supply chain provides the framework for the modern transfer of goods.  Logistics play a pivotal role from the acquisition of raw materials to the delivery of a final product to the end user.  Generally, the raw materials are transported to a supplier, who then transports the materials to a manufacturer.  The manufacture creates a finished product that is then distributed to either a retailer or warehouse where the product is either sent to or carried out by the consumer.  Pictured below is a

Three people were handed years-long sentences in federal court on Wednesday for a range of crimes connected to a widespread hacking and identity theft campaign.  Alessandro Doreus, Jean Elie Doreus Jovin and Djouman Doreus pleaded guilty to conspiracy to commit fraud and aggravated identity theft in September 2021.  Prosecutors said they defrauded hundreds of people from 2015 to 2020 by gaining access to Social Security numbers, account numbers, usernames and passwords.

A US District Judge gave

In a recent US Department of Homeland Security (DHS) cyber-security bulletin, analysts emphasize the need to better protect Manage Service Providers (MSP).  Cyber security authorities in the United Kingdom (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (CISA), (NSA), (FBI) are aware of recent reports that observe an increase in malicious cyber activity targeting MSPs and expect this trend to continue.[1]  The joint Cybersecurity Advisory (CSA) provides a

Researchers at Red Canary cyber intelligence have discovered a new Windows malware with worm capabilities that spreads using external USB drives.  This malware is linked to a cluster of malicious activity titled Raspberry Robin and was first observed in September 2021 (cybersecurity firm Sekoia tracks this malware as "QNAP worm").  Red Canary's Detection Engineering team detected the worm in multiple customers' networks, some in the technology and manufacturing sectors.

Raspberry Robin spreads t

Espionage comes in many forms, for advanced persistent threat (APT) “UNC3524” as dubbed by security company Mandiant, the objective is to collect emails dealing with corporate development, mergers & acquisitions, and corporate transactions.  “UNC3524” was first discovered in December 2019 and has been tracked since then.  The group’s corporate targets and interest in M&A plans point to financial motivation, however, the group’s ability to linger in a target environment while collecting emails, s

Ransomware has hit an Illinois college with devastating results.  It is shutting its doors permanently.  Lincoln College says it will close this week in the wake of a ransomware attack that took months to resolve.  While the impact of COVID-19 severely impacted activities such as recruitment and fundraising, the cyberattack seems to have been the tipping point for the Illinois college. 

The college has informed the Illinois Department of Higher Education and Higher Learning Commission that it wi

Development teams need to consider the concept of secure design when developing applications. When coding any software, the main goal is to focus on security. Never leave protection and security until the end of development. It is important to note that any errors associated with this can damage the entire software.

Prevention is always better than mitigation. To avoid threats, we can use the following secure software development best practices: Validate input, Heed compiler warnings, Architect

Just who are your LinkedIn connections?  LinkedIn users are being urged to watch out for suspicious emails because the professional networking website is one of the most popular brands targeted by cybercriminals in phishing attacks and an estimate of 52% of phishing attacks globally are focused on LinkedIn.  LinkedIn users are being urged to watch out for suspicious emails because the professional networking website is one of the most popular brands targeted by cybercriminals in phishing attacks

An elusive and sophisticated cyberespionage campaign orchestrated by the China-backed Winnti group has managed evade detection since at least 2019.  Named by investigators "Operation CuckooBees,” the massive intellectual property theft operation enabled the threat actor to exfiltrate hundreds of gigabytes of information.  Targets included technology and manufacturing companies primarily located in East Asia, Western Europe, and North America.  "The attackers targeted intellectual property develo

Activity Summary - Week Ending on 6 May 2022:

• Red Sky Alliance identified 43,915 connections from new IP’s checking in with our Sinkholes
• msk.ru still #1 in Hits
• Analysts identified 1,442 new IP addresses participating in various Botnets
• CVSS
• Using Emulation
• BotenaGo Variant
• PyInstaller
• Inmarsat
• 5 Constant Malware Issues

Link to full report: IR-22-126-001_weekly126.pdf

Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.   

Link to full report: IR-22-125-001_IntelSummary125.pdf

Just yesterday, I gave a very brief talk on the ethics and morals of hackers.  My focus was centered on the criminality of hacking, but the same holds true with nation-state level cyber actors.  The Russia Matters publication has provided a series of opinions on why Russia has not initiated a full scale cyber-attack, often called ‘cybergeddon’ upon its adversaries.  Russia’s war in Ukraine, now nearing its 10-week mark, has been devastating, killing thousands of civilians, and forcing millions t

When one of your enemies begins attacking another one of your other enemies, does this mean that your first enemy is now an ally?   I will let the philosophers answer this question.  A China-linked state-sponsored cyberespionage group has started targeting the Russian military in recent attacks, which aligns with China’s interests in the Russia-Ukraine war.  Tracked as Mustang PANDA, Bronze President, RedDelta, HoneyMyte, Red Lichand TA416, the government-backed hacking group previously focused

Black Basta, a new ransomware group, has made their presence felt by claiming responsibility for twelve ransomware attacks in the month of April.   Black Basta, like many other ransomware operations, uses double-extortion tactics, stealing victim data before encrypting systems to leverage payment.  The group then uses their Tor site and slowly leaks victim data, applying pressure to victims to pay the ransom for the decryption key.  Notable targets from the first stretch of attacks include the A

With apologies to singer/songwriter Bob Dylan, “The answer my friend, is blowing in the wind.” Hackers do not care if the energy source is renewable or fossil fuel, they will attack it and turn out your lights and everything electric (yes, your network). German wind turbine giant Deutsche Windtechnik https://www.deutsche-windtechnil.com has issued a notification to warn that some of its IT systems were impacted in a targeted professional cyberattack earlier in April 2022.

The incident, which the

Those readers who were born before the Internet Age may remember seeing the Wanted Posters of criminals on the walls of US Post Offices.  There were stated cash rewards for those who provided information that led to the wanted criminal’s arrest.  Yes, you actually went into a federal building and mailed a letter with a postage stamp attached.  What is a postage stamp?  We will cover this subject in another article. The US authorities are offering a multimillion-dollar reward for anyone with info

Activity Summary - Week Ending on 29 April 2022:

• Red Sky Alliance identified 10, 907 connections from new IP’s checking in with our Sinkholes
• msk.ru has issues
• Analysts identified 3,698 new IP addresses participating in various Botnets
• Vice & Industrial Spy
• US Agriculture under Attack
• T-Mobile Hit (again)
• Oil India LTD
• Getting Annoyed?
• Lapsus$

Link to full report: IR-22-119-001_weekly119.pdf

There are many things you can do to protect yourself against cyberattacks but if you still do not remember the basics, then your organization is an easy target for cyber criminals.  Please review what Red Sky Alliance recommends at the end of this article.

A security vulnerability that was left unpatched for three years allowed a notorious cyber-criminal gang to breach a network and plant ransomware.  The BlackCat ransomware attack against the undisclosed organization took place in March 2022