XU YANJUN: A Case Study in Chinese Economic Espionage Tradecraft

On 10 October 2018, the FBI announced the arrest of Xu Yanjun, a Chinese intelligent agent who had been targeting an employee of GE Aviation to acquire trade secrets on the company’s jet engines.  The target employee had cooperated with the FBI during this operation, and when Xu arranged a meeting with the employee in Europe in April 2018, Xu was arrested.  He was extradited from Belgium to the United States in October and charged with economic espionage.

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wapack Labs Sinkhole Blacklist

LP AMBER ANNOUNCEMENT:   

Reporting Period: November 13, 2018

Wapack Labs identified connections from 74,137 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com

Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM

This TLP AMBER report is available only to Red Sky Alliance members.

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:

Compromised Email Accounts

Reporting Period: November 13, 2018 

On 13 November 2018, Wapack Labs identified 530 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM

LoJax Malware

Cybersecurity researchers have unveiled, the first-ever, UEFI (Unified Extensible Firmware Interface) rootkit being used.  It allows hackers to implant persistent malware on targeted computers that could endure a complete hard-drive wipe.  Titled LoJax, the UEFI rootkit is part of a malware campaign conducted by the Sednit group, also known as APT28, Fancy Bear, Strontium, and Sofacy, who have targeted government organizations in the Balkans as well as in Central and Eastern Europe.[1]  The Sednit group is a state-sponsored hacking group believed to be a unit of the Russian GRU (General Staff Main Intelligence Directorate).  The hacking group has been associated with a number of high-profile attacks, including the DNC hack during the US 2016 presidential election. 

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   

Reporting Period: November 5, 2018

Wapack Labs identified connections from 59,877 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com

Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM

This TLP AMBER report is available only to Red Sky Alliance members.

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:

Compromised Email Accounts

Reporting Period: November 5, 2018 

On 5 November 2018, Wapack Labs identified 574 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM