Victim Notification: Payment Processing Company in Oman Identified

Between 8/23/16 and 9/16/16 a Visa-owed secure payment processing subsidiary company operating in Oman has been identified 35 times in Wapack Labs keylogger collections program.

Publication date:                     19 September 2016

Handling requirements:           Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:       Daily Show

Actor Type:                              Tier I, II

Potential Targets:                     Payment processing

Past Reporting:                         Red Sky Alliance: DOC-2689

Indicators:                                Redacted Key log outputs may be viewed at api.wapacklabs.com.

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.

Victim Notification and Early Warning: Online Travel and Logistics

www.chron.com

On 19 SEP 2016, Wapack Labs discovered a collection of key-logged credentials for four prominent consumer based travel and logistics brands belonging to one umbrella company.  In all, 8303 keylogger outputs were identified across the four brands - many containing full username/password combinations, clipboard contents, travel plans, and payment information.

Publication date:                    19 September 2016

Handling requirements:          Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:      Daily Show

Actor Type:                             Tier I, II

Potential Targets:                    Payment processing

Past Reporting:                        Red Sky Alliance: DOC-2689

Indicators:                                Redacted key logger outputs may be viewed at api.wapacklabs.com. Query terms are shown in the full report, available in Red Sky Alliance.

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.

Victim Notification Performed for USG Health Agency

www.google.com

During routine testing of a new Wapack Labs Application Program Interface (API), Wapack Labs identified what appears to be multiple potential compromises at a USG health agency. 

• On June 8, 2015, keylogger activity was recorded on the USA JOBS portal for an account belonging to a defense contractor with a USG health agency email account. The contractor’s session on USA JOBS was captured by keyloggers, including (unconfirmed) personally identifiable information (PII) that may have been entered into the system. Regardless of how or why, the account was observed; user name and password, in keylogger outputs.

•   On Feb 6, 2016 Wapack Labs identified malicious email destined for the USG health agency, but found the indicator only today, and did not report.

• Between Feb 18, 2016 and May 11, 2016, ten instances of keylogger activities associated with five USG health agency email accounts and five accounts associated with a USG health agency log-in were logged by Wapack Labs collections.

A Victim Notification has been performed regarding the incident. 

For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.