Saturday, October 1, 2016

Cyber Security, or Lack Thereof

The lack of internal cyber security has cost Yahoo a very serious breach of data, government oversight and current legal hassles.  Whistleblowers inside Yahoo are reporting that the company never took cyber security serious, even after a serious 2010 attack by Chinese military hackers.  There are many lesson learned from this lack of cyber security significance. This information is being provided for your situational awareness.

Publication date:                            29 September 2016

Handling requirements:                Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:           Any ATP or similar actor

Actor Type:                                     Adversary capabilities have been assessed as Tier V*

Potential Targets:                           Worldwide Corporate and Government targets

Red Sky Alliance Reporting:         DOC-1823, Message-1595 & 6508

*State actors who create vulnerabilities through an active program to “influence” commercial products and services during design, development or manufacturing, or with the ability to impact products while in the supply chain to enable exploitation of networks and systems of interest.

About Wapack Labs

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.