Tuesday, December 10, 2019

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   

Reporting Period: December 9, 2019

Wapack Labs identified connections from 32,333 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:

Compromised Email Accounts
Reporting Period: December 9, 2019 

On 9 December 2019, Wapack Labs identified 13 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wednesday, November 27, 2019

GRF Partners with Red Sky Alliance to Offer Bespoke Threat Reports to Members

RESTON, VA, USA – November 21, 2019- Global Resilience Federation (GRF) has partnered with Red Sky Alliance of New Boston, NH to offer automated and customized threat reports to GRF member companies.

To read the full Press Release in our portal follow this link https://www.wapacklabs.com/news

China Coverage of Report on the Cyber Vulnerabilities of Asian Ports

Nanyang Technological University in Singapore has just released a report examining the economic losses expected if Asian port systems, including several in China, were subjected to a major cyber-attack.  The report concluded that there could be direct and indirect losses as great as US$110 billion spread across the world.

To read the full article in our portal, and find an archive of related reporting, follow this link to - https://redskyalliance.org/xindustry/china-coverage-of-report-on-the-cyber-vulnerabilities-of-asian-po

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   

Reporting Period: November 25, 2019

Wapack Labs identified connections from 29,601 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:

Compromised Email Accounts
Reporting Period: November 25, 2019 

On 25 November 2019, Wapack Labs identified 8 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Tuesday, November 19, 2019

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   

Reporting Period: November 18, 2019

Wapack Labs identified connections from 72,009 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:

Compromised Email Accounts
Reporting Period: November 18, 2019 

On 18 November 2019, Wapack Labs identified 34 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Tuesday, November 5, 2019

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:

Compromised Email Accounts
Reporting Period: November 4, 2019 

On 4 November 2019, Wapack Labs identified 7 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   

Reporting Period: November 4, 2019

Wapack Labs identified connections from 45,284 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Monday, October 21, 2019

TIKTOK & BYTEDANCE: The Problem with Chinese Social Media in the US

TikTok is a popular social media app for sharing short user-created video clips.  TikTok is a youth-oriented app that is used primarily by those in the 16-24 age demographic. Could the Chinese government exploit TikTok to shape perceptions of China for an audience in the US?

To read the full article in our portal, and find an archive of related reporting, follow this link to - https://redskyalliance.org/finished-analysis/tiktok-and-bytedance-the-problem-of-chinese-social-media-in-the-u

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:

Compromised Email Accounts
Reporting Period: October 23, 2019 

On 23 October 2019, Wapack Labs identified 13 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

LP AMBER ANNOUNCEMENT:   

Reporting Period: October 21, 2019

Wapack Labs identified connections from 29,644 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Thursday, October 10, 2019

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   

Reporting Period: October 7, 2019

Wapack Labs identified connections from 54,148 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Friday, October 4, 2019

All You Need is a Face in China

From our Asia Desk - China has just opened a new airport near Beijing equipped with facial-recognition systems that let a passenger check-in, clear security, and board an aircraft using only their face for identification.  The 5G backbone for this airport system has been built by Huawei Technologies, while the facial-recognition software has been developed by the Chinese companies SenseTime and Yitu Technologies

To read the full article in our portal, and find an archive of related reporting, follow this link to - https://redskyalliance.org/finished-analysis/chinese-progress-in-facial-recognition-and-surveillance  

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:

Compromised Email Accounts
Reporting Period: September 30, 2019 

On 30 September 2019, Wapack Labs identified 9 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   

Reporting Period: September 30, 2019

Wapack Labs identified connections from 88,186 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Monday, September 9, 2019

"Lagtime” Chinese APT Campaign

In July 2019, Proofpoint reported a new malware campaign named, “Operation Lagtime IT.” The campaign is targeting government agencies in East Asia and leveraging malicious RTF documents to deliver multiple payloads, including a new custom malware payload dubbed, “Cotx RAT.” 

To read the full article in our portal, and find an archive of related reporting, follow this link to - https://redskyalliance.org

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: September 9, 2019 

On 9 September 2019, Wapack Labs identified 18 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: September 9, 2019

Wapack Labs identified connections from 124,716 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Monday, August 26, 2019

Cryxos Trojan Malware Uptick

Hackers can program Trojans like Cryxos to accomplish pretty much anything they want. In August 2019, Wapack Labs observed a significant uptick in malicious emails delivering a malware identified as Cryxos.  The observed malware is currently being delivered to users in Brazil, however, thousands of related specimens were observed on Virus Total indicating a widespread campaign affecting multiple countries.

To read the full article in our portal, and find an archive of related reporting, follow this link to - https://redskyalliance.org/finished-analysis/cryxos-variant

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: August 26, 2019

Wapack Labs identified connections from 63,336 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: August 26, 2019 

On 26 August 2019, Wapack Labs identified 14 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Thursday, August 22, 2019

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: August 19, 2019

Wapack Labs identified connections from 29,051 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: August 19, 2019 

On 19 August 2019, Wapack Labs identified 102 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Monday, August 12, 2019

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: August 12, 2019 

On 12 August 2019, Wapack Labs identified 32 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: August 12, 2019

Wapack Labs identified connections from 77,164 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Friday, August 9, 2019

Health Center Gets Hit With Ransomware, Twice!

In April 2019, Park Duvalle Community Health Center (PDCHC), located in Louisville, KY was targeted with an unspecified variant of ransomware. It took PDCHC three weeks to restore their files from their back up and make the network fully functional. On June 7, 2019, PDCHC was hit again with ransomware, attackers requested a payment of approximately $70,000 worth of Bitcoin.

To read the full article in our portal, and find an archive of related reporting, follow this link to - https://redskyalliance.org/healthcare/

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: August 5, 2019

Wapack Labs identified connections from 40,141 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: August 5, 2019 

On 5 August 2019, Wapack Labs identified 4,079 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems.