 |
| http://www.itbusinessedge.com |
Wapack Labs released a report today that identified 17 connections to Advanced Persistent Threat (APT)
sinkholes by six corporate networks. While not a perfect indicator, connections
to these sinkholes are indicative of potential compromise by an APT actor. Wapack Labs recommends that each of the 17
machines be examined by security personnel.
What’s a sinkhole? When a
computer is compromised by malware, it often connects to a computer outside of
the victim network for instructions. Wapack Labs purchased these command and
control (C2) nodes specifically to identify computers reaching out of their
native environment. As a result, any computer connecting to the Wapack Labs
sinkhole should be considered likely compromised, and examined immediately for
compromise, data loss, exfiltration or theft.
APT sinkholes indicate potential
State Sponsored Espionage attacks against them.
Companies in the following
industries are mentioned in this report:
- Fortune 100 Chemical
- Internet Service Provider
- SMB Virtual Server Hosting
- SMB Onsite managed IT
- Medium sized Defense Industrial Base company
- SMB IT Consulting
Publication Date: 22
August 2016
Handling requirements: Traffic light protocol (TLP) RED - Recipients may not share TLP: RED information with any parties outside of the specific exchange, meeting or conversation in which it is originally disclosed.
Attribution/Threat Actors: Various/Multiple
Actor type: Adversary
capabilities have been assessed as Tier IV and Tier V (Criminal, State Sponsored, Advanced
Persistent Threat)
Previous reporting: Multiple
Targeted industries: Chemical, Defense/Industrial Controls,
Internet/Hosting
Victim information will be provided separately to Wapack Labs security partners.
The full attribution report has been published in its entirety in the Red Sky Alliance portal. For
more information please contact the lab directly at 844-4-WAPACK,
603-606-1246, or feedback@wapacklabs.com.
About Wapack Labs
Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence
organization supporting the Red Sky Alliance, the FS-ISAC and individual
organizations by offering expert level targeted intelligence analysis answering
some of the hardest questions in Cyber. Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools
that fuse open source and proprietary information. The intelligence derived from these tools and
techniques serve as the foundation of Wapack Labs’ information reporting to the
cyber-security teams of its customers and industry partners located around the
world.
