A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on their official site, on February 25th, in the aftermath of Russia’s invasion of Ukraine. The message appears to have rubbed Conti’s Ukrainian members the wrong way, and one of them has hacked the gang’s internal Jabber/XMPP server. Internal logs were leaked earlier today via an email sent to multiple journalists an
All Articles (1946)
Sort by
Several days ago, our friends at FortiGuard Labs shared a valuable check list considering the current Ukrainian crisis. We would like to share with our readers and thank Fortinet. With Russian military operations currently underway in Ukraine, the question of whether cyber warfare will also be employed remains unanswered. While researchers have seen cases of destructive cyber actions focused on Ukraine, at this point specific attribution is not possible.
As a result of these actions, there
Elon Musk announced yesterday that his company SpaceX’s satellite broadband service, Starlink, has been activated in Ukraine, after the Internet was disrupted in the country due to Russia’s invasion. “Starlink service is now active in Ukraine. More terminals en route,” Musk wrote on Twitter in response to Ukrainian Vice Prime Minister Mykhailo Fedorov.
“[Elon Musk], while you try to colonize Mars—Russia try to occupy Ukraine! While your rockets successfully land from space—Russian rockets atta
The Russian military continues to be active in Ukraine; movements that started on 23 February. Of interest, the cyber conflict is mirroring the military conflict with Russian government websites going dark to some parts of the world after being targeted with a flood of web traffic via a distributed denial-of-service (DDoS) attack attempting to knock them offline. It is unclear who directed the attack or if it was successful in disrupting the sites. However, cybersecurity researchers say the R
Activity Summary - Week Ending on 25 February 2022:
- Red Sky Alliance identified 9,248 connections from new IP’s checking in with our Sinkholes
- com[.]tr Hit 336 times last week.
- Analysts identified 9,095 new IP addresses participating in various Botnets
- DriveGuard
- Magecart
- Cloud Security
- Impacket & APT10
- CyberWar
- Stealing Discord Tokens
- Cyclops Blink
- Russian Cyber-Attacks; Ukraine Attack
Link to full report: IR-22-056-001_weekly056.pdf
This is a true story and the names and location of the victim's family have been deleted. A crypto account holder was annoyed when his phone would not stop buzzing. It looked like a robocall, so he tried to ignore it. The calls continued and then his wife’s phone also started to ring. When she picked it up, a banner came across, a notification that read, ‘Your account’s in jeopardy.’” The warning, which he said was a text message, prompted him to pick up his phone. That was when the couple’s ni
Cyber threat investigators believe the infamous TrickBot malware has reached its limits, but its development team appears to have been “acquired” by the Conti ransomware gang, which has been thriving amid recent crackdowns. TrickBot has been around since 2016. It was initially a banking trojan designed to steal financial data, but it evolved into a modular stealer that could target a wide range of information. See: https://redskyalliance.org/xindustry/trickbot-has-learned-more-tricks
TrickBo
Welcome to the new normal, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is full of data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses' digital defenses. The cyber threat actors have the upper hand at the moment. Part of the reason for that is the fallout from the rapid digitization made necessary by the COVID-19 pandemic. According to research on the subject, more than half of business
The Winter Olympics have officially come to a close. There have been heartwarming headlines of athletes overcoming adversity, upsets, dominant performances, and countless clips of the mascot Bing Dwen Dwen throughout the past two weeks. The headline that cyber professionals are waiting for a yet to arrive.
In the weeks leading up to the opening of the Olympic Games athletes were required to install the My2022 app to track their health. The app is supposed to track Covid-19 and monitor the healt
During the Super Bowl, Coinbase ran a 60 second Advertisement. This AD featured a color-changing QR code bouncing around the screen, imitating the iconic bouncing DVD logo. When scanned, users were directed to their promotional website. New users were offered $15.00 of free BTC when signing up and current users were entered into a $3 million raffle. This advertising technique has recently been a small controversy in the industry, as some purport it teaches users that it is okay to scan unkno
Logistics and freight forwarding giant Expeditors International announced a cyber-attack on 20 February that crippled some of their operating systems and continues to slow their operations around the globe. The Seattle-based freight company, which brought in $10.1 billion in revenue last year, said they shut down most of their operating systems globally after discovering the cyber-attack. "The situation is evolving, and we are working with global cybersecurity experts to manage the situation.
There is an English ballad which was first published in the 1640’s titled, The World Turned Upside Down. Many believe the current international geo-political atmosphere meets this time aged ballad. The US has publicly accused Russia of being responsible for last week’s cyber-attacks targeting Ukraine’s defense ministry and major banks. Now some experts believe Russia could escalate malicious cyber activity and conduct sophisticated cyber-attacks on the West too. If this occurs, the attacks w
An unknown criminal hacking group is targeting organizations in the aviation, aerospace, defense, transportation and manufacturing industries with trojan malware, in attacks that researchers say have been going on for years. The malware has been named TA2541 and detailed by cybersecurity researchers the persistent cyber-criminal operation has been active since 2017 and has compromised hundreds of organizations across North America, Europe, and the Middle East.
Despite operating for nearly 5 yea
Both cyberattacks and cybercrime are increasing driven by the ongoing COVID-19 pandemic and easy money to be made by the cyber actors, who are suspected to be Russians. One of the most damaging of these attacks are Remote Code Execution (RCE), or an Arbitrary Code Execution. RCE attacks can be especially detrimental to corporate and institutional sectors in both North America and the United Kingdom. When someone takes control of another person’s device or computer, it can be dangerous for the
Activity Summary - Week Ending on 18 February 2022:
- Red Sky Alliance identified 18,841 connections from new IP’s checking in with our Sinkholes
- Ugg Boot 4 Sale
- Analysts identified 5,853 new IP addresses participating in various Botnets
- ACTINIUM/Gamaredon/DEV-0157
- Vulnerabilities in Adobe Illustrator & Photoshop
- APTs in Turkey and Colombia on the Rise
- Fake Windows 11
- 49ers Hit by BlackByte
- TA2541
- Ecommerce Sites Rigged
- Truckers and Doxxing
Link to full report: IR-22-049-001_weekly049.pdf
A new malware family is targeting Asian cloud service providers and using compromised resources to mine cryptocurrency. The malware, CoinStomp, makes use of Timestomping, Command and Control through reverse shells, removal of target system’s cryptographic policies, and references to a previous cryptojacking campaign, Xanthe.
Cryptojacking is the process of compromising machines and using their resources to mine for cryptocurrencies. This attack method has grown popular as an alternative to buil
BlackByte ransomware has been used in recent attacks on at least three critical infrastructure sectors in the US. Available to bad actors as a Ransomware-as-a-Service (RaaS), BlackByte has been used in attacks against US and foreign businesses, including in critical infrastructure sectors such as government, financial, and food and agriculture, the FBI and US Secret Service warn.
The gang emerged in July 2021 when it began exploiting software vulnerabilities to target corporate victims worldwid
In recent years, our digital selves are now an established part of our identity. The emails we send, the conversations we have over social media both private and public as well as the photos we share, the videos we watch, the apps we download, and the websites we visit all contribute to our digital personas. There are ways to prevent a government agency, country, or cybercriminal from peeking into our digital lives. Virtual private networks (VPNs), end-to-end encryption, and using browsers that
It has been alleged that the CIA has a secret, undisclosed data repository that includes information collected about Americans, two Democrats on the Senate Intelligence Committee said. While neither the agency nor lawmakers would disclose specifics about the data, the senators alleged the CIA had long hidden details about the program from the public and Congress. Senators Ron Wyden of Oregon and Martin Heinrich of New Mexico sent a letter to top intelligence officials calling for more details
There is a dubious quote that has been allegedly attributed to Joseph Stalin, saying “It doesn’t matter how many people vote, only who counts them.” Voting integrity is a solemn guarantee in many countries. The US 2020 Presidential alleged election irregularities, using the Dominion voting machines, has caused serious doubts challenging voting integrity. A US federal cybersecurity agency is currently reviewing a report that alleges security vulnerabilities in voting machines used by Georgia a
