During routine testing of a new Wapack Labs Application Program Interface (API), Wapack Labs identified what appears to be multiple potential compromises at a USG health agency.
- On June 8, 2015, keylogger activity was recorded on the USA JOBS portal for an account belonging to a defense contractor with a USG health agency email account. The contractor’s session on USA JOBS was captured by keyloggers, including (unconfirmed) personally identifiable information (PII) that may have been entered into the system. Regardless of how or why, the account was observed; user name and password, in keylogger outputs.
- On Feb 6, 2016 Wapack Labs identified malicious email destined for the USG health agency, but found the indicator only today, and did not report.
- Between Feb 18, 2016 and May 11, 2016, ten instances of keylogger activities associated with five USG health agency email accounts and five accounts associated with a USG health agency log-in were logged by Wapack Labs collections.
A Victim Notification has been performed regarding the incident.
For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or firstname.lastname@example.org.
About Wapack Labs
Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber. Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information. The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.