Mauritania, specifically their capital Nouakchott, face numerous cyber challenges to their banking/corporate, government and personal communications due to outside dependence on network infrastructure. A recent cyber-attack directed towards their Communication Director and his staff demonstrate this vulnerability. Simple cyber-attacks as this, illustrate weaknesses to many developing African nations; and in reality, many developing nations. This information is being supplied for your situational awareness.
- Mauritania and West Africa must rely on outside network providers which present many vulnerabilities.
- Developing nations face many basic cyber security related challenges.
- Heightened cyber security education, training and experience is desired for many developing nations.
Publication
date: 21
October 2016
Handling requirements:
Traffic light protocol
(TLP) GREEN
Attribution/Threat
Actors: Stranded Traveler actors
Actor
Type: Adversary
capabilities have been assessed as Tier II*
Potential Targets: Mauritania
and neighboring West African nations
Past Reporting: Red Sky Alliance: DOC-4365
*Practitioners with a greater depth
of experience, with the ability to develop their own tools (from publicly known
vulnerabilities).
The full attribution report has been published in its entirety in the Red Sky Alliance portal. For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.
About Wapack Labs
Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber. Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information. The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.
AZORult is a publicly available information-stealing malware that is popular among hackers. AZORult is delivered via phishing e-mails and with the use of Exploit Kits (EK), most notably the Rig EK. It collects information from victims by targeting a variety of applications for credential harvesting. In January 2018, Wapack Labs started analysis of AZORult nodes in an effort to identify stolen data. As part of this research, Wapack Labs gained insight into AZORult Command and Controls (C2). This report includes details on the AZORult malware and provides trending on the identified infrastructure. Wapack Labs analysts were able to recover over a million AZORult logs, which include data on victim IPs, e-mails, credentials, and attack server data. This information is listed in the Wapack Labs Blacklist Slack channel and searchable via our CTAC tool to provide situational awareness...READ MORE
