Wednesday, January 30, 2019

Chinese Tech Giant Tencent and its Relationship with the Chinese Government

China’s Tencent Games is the developer of the mobile version of PlayerUnknown’s Battlegrounds, a vastly popular game that Wapack Labs has identified as being used to create botnets for conducting industrial fraud.  This report examines the relationship between Tencent and the Chinese government to explore the question of whether Tencent is a witting participant in this activity or being used by malicious actors in the government.
To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: January 29, 2019 

On 29 January 2019, Wapack Labs identified 29 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: January 29, 2019

Wapack Labs identified connections from 75,041 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Monday, January 14, 2019

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: January 14, 2019 

On 14 January 2019, Wapack Labs identified 653 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: January 14, 2019

Wapack Labs identified connections from 52,449 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Cyber Criminals Likely Using IQY Files in Phishing Campaigns

US federal authorities are assessing cybercriminals are likely using Internet query (IQY) files in their phishing campaign emails targeting US businesses, indicating a new tactic, technique, and procedure (TTP).  Historically, most cybercriminal phishing campaigns used embedded macros or executables in order to run malicious code.  By using IQY files, the malicious email has a higher chance of success by circumventing computer network and email filters due to a lack of malicious code embedded in the email attachment, with the IQY file using a simple web URL as its payload.

To read the full article and find an archive of related reporting, follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wednesday, January 9, 2019

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: January 7, 2019 

On 7 January 2018, Wapack Labs identified 187 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: January 7, 2019

Wapack Labs identified connections from 51,866 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.