X-Industry

Robots are taking over the world.  According to Oxford Economics, there will be 14 million robots in China by 2030 and 20 million worldwide.  In the USA, robots will modify or replace 1.5 million job positions.  Labor shortages due to the COVID-19 pandemic encouraged both manufacturers and warehouse companies to partner with robotic companies to optimize human and robot collaboration.   We have already seen robots build robots, what is next?

Now enter the engineers from Google, they have unveile

The US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are raising awareness of the potential threat posed by attempts to manipulate information or spread disinformation in the lead-up to and after the 2022 midterm elections.  Foreign actors may intensify efforts to influence the outcomes of the 2022 midterm elections by circulating or amplifying reports of real or alleged malicious cyber activity on election infrastructure.  Additionally, th

A recent cyber-attack caused the trains operated by Denmark’s largest train service DSB to come to a halt.  Threat actors hit a third-party IT service provider associated with DBS, which slammed the brakes on.  The cyber-attack hit the Danish company Supeo, an IT service that provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities.  DSB is the largest train operating company in Denmark.[1]

“Trains throughout th

Activity Summary - Week Ending on 4 November 2022:

• Red Sky Alliance identified 20,715 connections from new IP’s checking in with our Sinkholes
• Timeweb[.]ru hit 204x
• Analysts identified 1,260 new IP addresses participating in various Botnets
• ShadowPad
• DramaQq
• British Cyber Spies
• Small Business Cyber Security
• German Copper
• Star Gazing stopped in Chile
• French Defense Firm Attack
• Can You Remember ?

Link

Link to full report: IR-22-307-001_weekly308.pdf

Red Sky Alliance maintains a substantial dark web collections data set and we make this data available to our customers through our CTAC, RedXray, and API products.  This gives customers the opportunity to explore and perform analyses on dark web data without the need for establishing a safe infrastructure for navigating the Tor network.  To date we have collected over 1.4 million data points across 80 dark web sites.  The set of sites that we collect from on an ongoing basis will change with ne

A Ukrainian man has been charged with computer fraud for allegedly infecting millions of computers with malware in a cybercrime operation known as "Raccoon Infostealer," the US Justice Department (DOJ) said 25 October 2022.  Mark Sokolovsky, 26, is being held in the Netherlands and the US is seeking his extradition, the DOJ said in a statement.

It said Raccoon Stealer malware was leased to cybercriminals for $200 a month, payable in cryptocurrency.  The malware was then installed on the computer

ShadowPad is a modular malware platform privately shared with multiple PRC-linked threat actors since 2015.   According to SentinelOne, ShadowPad is highly likely the successor to PlugX.  Due to its prevalence in the cyber espionage field, the VMware Threat Analysis Unit (TAU) was motivated to analyze the command and control (C2) protocol to discover active ShadowPad C2s on the Internet.  C2 Protocol:  ShadowPad supports six C2 protocols: TCP, SSL, HTTP, HTTPS, UDP, and DNS.  In this research[1]

Over two and a half years, a Russian-speaking ransomware group named OldGremlin has been attributed to 16 malicious campaigns aimed at entities operating in the transcontinental Eurasian nation.  The group's victims include companies in logistics, industry, insurance, retail, real estate, software development, banking, and arms manufacturing.

OldGremlin is using custom backdoors (TinyPosh and TinyNode) and ransomware (TinyCrypt, a.k.a decr1pt) along with third-party software for reconnaissance a

The FBI released an alert last week warning of hack-and-leak operations targeting organizations in the US and Israel by a group based in Iran.  The alert centers on Emennet Pasargad, an Iranian company US law enforcement agencies have previously spotlighted for its role in efforts to interfere with the 2020 US presidential election.  Last week, the FBI said the company, which has changed its name several times to avoid sanctions, has targeted entities in Israel since 2020 with attacks that invol

The White House has begun its second annual International Counter Ransomware Summit in which Biden administration officials will convene with representatives of three dozen nations, the EU, and private business to discuss the growing threat posed by data-destroying cyberattacks. President Biden will not be attending the meetings.

According to administration officials previewing the summit over the weekend, the two-day event will focus on priorities like improving system resilience and developing

Cyber threat actors are using a never-before-seen technique to stealthily infect victims with malware by abusing legitimate tools.  The campaign has been detailed by cybersecurity researchers  who say that the attackers can spend more than 18 months inside the networks of victims while taking steps to ensure their activity stays under the radar to avoid detection in what's thought to be an intelligence-gathering and espionage operation. 

How the attack begins is still uncertain, but victims beco

The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a joint alert on a new cybercrime group targeting organizations in the healthcare sector.

Called Daixin Team, the threat actor has been active since at least June 2022, targeting organizations in the US with ransomware based on leaked Babuk source code in September 2021, and also engaging in data theft and extortion.  It has

Most businesses are surprised by how long a single cyberattack can take to carry out, from beginning to end.  When the average dwell time of an intruder in an IT ecosystem has increased to more than 9 months; why malicious actors seem to be given the luxury of time.

To better understand how this all works, here is a brief review the five stages of a cyberattack.

1. Getting to know the victim: Adversaries start by identifying target organizations and collecting information about them. Key focuses i

Researchers found buried deep in a 61-page recent report by the U.S. Attorney General, the Biden Administration called for a dramatic expansion in the federal government’s ability to seize and keep cryptocurrency. If enacted, the proposed changes would bolster both criminal forfeiture, which requires a conviction to permanently confiscate property, as well as civil forfeiture, which does not require a conviction or even criminal charges to be filed.  Notably, the report’s release was coupled wit

LinkedIn has become a popular destination for threat actors trying to communicate with people for a variety of purposes, such as distributing malware, cyberespionage, credential stealing, financial fraud, etc.  One common approach to using LinkedIn by cyber criminals is to approach people using fake profile claiming to be a recruiter working at technology, defense, or media companies.  The North Korean-sponsored group Lazarus often engaged in these kinds of activities in order to propagate malwa

As a young intelligence officer, if you had told me an adversary could act anonymously and alone, easily acquire the most advanced weaponry, disrupt or take down almost any “connected” target globally, and our ability to prevent these attacks was systemically flawed – I would have been astonished.  As always, all adversaries integrate intention, capability, and opportunity.  With cyber warfare, a breadth of adversaries and individuals can bring to bear all three by continuously aiming at the U.S

One of the oldest and most successful forms of banking malware has been repurposed into a backdoor trojan described as "significantly dangerous" and likely to be used for ransomware attacks.  The new variant of Ursnif malware, also known as Gozi, has been detailed by researchers who suggest it has been purposefully built to power ransomware and data-theft attacks by using malicious Microsoft Office documents to get into users’ computers and requires macros to be activated. 

Designed to steal ban

The US Transportation Security Administration (TSA) have announced a new cyber-security directive regulating designated passenger and freight railroad carriers.  The announcement demonstrates the Biden Administration’s commitment to strengthen the cyber-security of US critical infrastructure.  Building on the TSA’s work to strengthen defenses in other transportation modes, this security directive will further enhance cyber-security preparedness and resilience for the nation’s railroad operations

There have been some developments in the Ducktail phishing campaign.  To begin our report, it seems reasonable to go over a little bit of history on Ducktail for those who might be unfamiliar.  The Ducktail phishing campaign was first discovered and reported on in late July of 2022.  Researchers at the firm WithSecure are credited with the discovery of the campaign.  In terms of who is responsible, WithSecure’s report on this campaign indicated a high level of confidence in their belief that the

Vice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021 that has alleged ties to Russia who attacks “With Love.”  Vice have crossed the line of what many hackers said was off limits – education and health care systems and facilities.  This past September, a ransomware attack on the Los Angeles Unified School District crippled its digital operations across their system, which includes more than 1,000 schools and serves roughly 600,000 students.