X-Industry

All Articles (173)

3752022765?profile=RESIZE_710xRed Sky Alliance information sharing portal provided data about a member falling for a business email compromise (BEC).  Attackers sent a payment request spoofing a well-known local contractor by changing TLD from .COM to .US.  In total, 113 additional domains were registered by the same actors in August-November 2019.

Details

On 26 November 2019, a Red Sky…

3744318588?profile=RESIZE_710x

Red Sky Alliance has recently observed multiple Chinese, state sponsored, Advanced Persistent Threat (APT) groups targeting Chinese-Muslim non-governmental organizations (NGOs).  Historically, Chinese APT groups have conducted specific cyber campaigns against these type organizations, traditionally with little or no overlap. 

The US Secretary of State (SECSTATE), Mike…

 

3740884159?profile=RESIZE_710x 

By 12 November 2019, hacker Alexei Burkov was extradited from Israel to the US to face major credit card fraud charges.  Originally arrested in 2015 for his role in Cardplanet, his extradition was delayed several times as the Russian government was fighting against his extradition to the US. Israel subsequently received a competing extradition request from Russia. …

3724012340?profile=RESIZE_710xChina Coverage of Report on the Cyber Vulnerabilities of Asian Ports

SUMMARY

Nanyang Technological University in Singapore has just released a report examining the economic losses expected if Asian port systems, including several in China, were subjected to a major cyber-attack.  This report did not assess the cyber…

3701886939?profile=RESIZE_710xA reexamination of the academic work published by the Nanjing Military Region First Technical Reconnaissance Bureau showed its primary focus was on network security and computer operations issues.  This suggests that, like some other Tech Recon Bureaus (TRB’s) in the Chinese military, this unit has likely developed a cyber operations mission.

Details about this unit were revealed…

Emotet is a banking malware that emerged in 2014 and has since become a popular malware-as-a-service (MAAS) and a dropper for other types malware. In late September 2019, Emotet returned from a four-month hiatus and was observed in a rash of malicious spam campaigns.[1] The most common delivery mechanism consists of office documents distributed via email.

 …

3642742600?profile=RESIZE_710xFrom our Asia Desk - China has just opened a new airport near Beijing equipped with facial-recognition systems that let a passenger check in, clear security, and board an aircraft using only their face for identification.  The 5G backbone for this airport system has been built by Huawei Technologies, while the facial-recognition software has been developed by the Chinese companies…

3623640099?profile=RESIZE_710xTikTok is a popular social media app for sharing short user-created video clips.  TikTok is a youth-oriented app that is used primarily by those in the 16-24 age demographic.  TikTok is hugely popular with about 500 million monthly users worldwide and more than 26 million users in the United States.

The problem is that TikTok is a Chinese social media app, developed in China by a…

3572707688?profile=RESIZE_710xOn 6 August 2019, the Government of India struck down “Article 370A and 35A” from its constitution.  Article 370 is a constitutional provision that grants special status and allows the Indian state of Jammu and Kashmir to make its own laws.  The State of Jammu and Kashmir defined these privileges to include the ability to purchase land and unmovable property, the ability to vote and…

In July 2019, Proofpoint reported a new malware campaign named, “Operation Lagtime IT.” The campaign is targeting government agencies in East Asia and leveraging malicious RTF documents to deliver multiple payloads, including a new custom malware payload dubbed, “Cotx RAT.” Based on observed infrastructure and attacker TTPs, analysts have attributed the campaign to a Chinese APT group tracked as TA428.

3516858995?profile=RESIZE_710x

Figure 1. Internet blackout area during Moscow opposition protests 

Governments, especially authoritarian ones, consider cutting the Internet as one of the ways to deal with political opposition and separatists.  Major Internet disruptions were recently detected in India (Kashmir), Indonesia (Papua), Sudan, and, on a smaller scale, in Russia. Severing or completely…

3515788092?profile=RESIZE_710xSUMMARY

Recent Western analysis has identified a new series of military unit cover designators for the new Chinese military entity called the Strategic Support Force (SSF).  Elements of the SSF have reportedly been assigned cover designators in the series 32001-32099 Unit.  Because the SSF is the parent organization for China’s new cyber force,…

SUMMARY

3482291767?profile=RESIZE_710xRecent Western analysis identified a series of Chinese military cover designators, 32001-32099, as belonging to the People’s Liberation Army (PLA) Strategic Support Force (SSF). Using open-source research targeted on the Chinese internet, Wapack Labs has developed some candidates in this series as components of the Network Systems Department, the new…

 

Russian Federal Security Service (FSB) contractor SyTech lost documents in a cyber breach.  One of the exposed secret Russian projects, dubbed Knockout, is targeting Western media in the US, Great Britain, Germany, France, and other countries.  Knockout maps mass media IT infrastructure, extracts media metadata and collects their vulnerabilities.

3441980513?profile=RESIZE_710x Figure 1. SyTech logo…

In August 2019, Wapack Labs observed a significant uptick in malicious emails delivering a malware identified as Cryxos.  The observed malware is currently being delivered to users in Brazil, however thousands of related specimens were observed on Virus Total indicating a widespread campaign affecting multiple countries.  This report provides technical details on the first stage and second stage components of this malware campaign as well as the associated infrastructure, and malware…

3400868861?profile=RESIZE_710xSUMMARY

The recent leakage of millions of resumes from Chinese job sites has provided the opportunity to research, among other things, the work histories and expertise of thousands of Huawei Technologies employees.  Christopher Balding of Fulbright University Vietnam has conducted such a search to determine if Huawei has links to the People’s…

3396768374?profile=RESIZE_710xThe Department of Homeland Security released a National Terrorism Advisory System

Bulletin on 18 July 2019.

It updates The National Terrorism Advisory System, or NTAS, a tool designed to communicate information about terrorist threats by providing timely, detailed information to the public.  There are now three primary notifications:…

TA505 is a prolific Russian threat actor known for attacks against multiple industries with a variety of malware since 2014. In July 2019, Wapack Labs analyzed the intrusion infrastructure associated with TA505’s attacks. The network is comprised of multiple IPs and domains, many of which were spoofed to appear like domains belonging financial institutions. Also hosted were two domains for Royal Dumps, a known carder site. More recently there has been reported upticks in TA505 attacks with…

3385921593?profile=RESIZE_710x

 

 

 

 

 

DNATools Inc. application dnaLIMS is a “state-of-the art web-based laboratory information management system used to track and manage (scientific DNA research)”.  It is commonly used by researchers in labs and universities around the world.  In 2017, multiple vulnerabilities were discovered in this software.  After the vendor was notified,…

Prepared by:  Nicholas Dessanti, UNH Cyber Student Intern

Password security has been a major topic of discussion for all computer and web site users.  Today, hackers are exploiting vulnerabilities within user passwords in many ways.  Brute force attacks are the most common way hackers use to find passwords.  Another common method is called a dictionary attack.  Both brute force and dictionary attacks systematically check all possible passwords until the correct one is…