Tuesday, September 20, 2016

Port Authority, NY/NJ

www.wikipedia.com
Wapack Labs is tracking intrusion indicators in multiple US and International Maritime Ports. This report is a summary of activity surrounding the Port Authority of NY and NJ.

Ports around the globe are increasingly victimized by attackers using a multitude of new vectors. One that never fails however, is the use of a keylogger delivered via email. In nearly every case, the email is received from a legitimate shipping company, ship’s captain or master, with broken English and an attachment. The attachment, under normal circumstances should be ship’s logistics information. In others however, it’s a key logger that steals credentials, clipboard contents, and documents.


Publication date:                     19 September 2016
Handling requirements:           Traffic light protocol (TLP) GREEN
Attribution/Threat Actors:       Daily Show
Actor Type:                              Tier I, II
Potential Targets:                     Maritime Port Authority
Past Reporting:                         Red Sky Alliance: DOC-2689
Indicators:                                Redacted Key log outputs may be viewed at api.wapacklabs.com.

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.