Featured Post ─

Inside Ryuk Crime (Crypto) Ledger & Asian Crypto Traders

The following article is co-authored by threat intelligence researchers from HYAS and Advanced Intelligence and cross-posted to both websites. Much has been written about the many families of ransomware over the past several years. Some of these ransomware families are operated by successful and disciplined criminal enterprises that function like any technology-focused business with developers, testers, and recruiters. The Ryuk family of ransomware has been particularly successful in economic terms as well as having a disruptive impact on many industries around the world. This article outlines some of the financial findings related to the group that might be useful for a broad audience.

HYAS Intel Team

HYAS Intel Team

January 7, 2021

Featured Post ─

The SolarWinds Hack: Understanding The Adversary Infrastructure

The capabilities and possible victims of the recent SolarWinds hack and the SunBurst backdoor are becoming clearer as the cybersecurity community continues to investigate the attack. HYAS has performed our own research, collected data leveraging our unique sources, and we wanted to share some unique insights that add to the industry’s understanding of this attack. This blog delves into the infrastructure used by SunBurst to compromise targets and points out another network monitoring solution that may have been compromised. 

HYAS Intel Team

HYAS Intel Team

December 23, 2020

Featured Post ─

Latest Roaming Mantis Campaign Targets Banks in Japan and Turkey

Summary Roaming Mantis is a Chinese-speaking threat actor group that has been active since at least 2017. The group primarily targets the customers of financial institutions with smishing attacks that deliver the FakeSpy (aka Moqhao) Android trojan, which is designed to steal its victims’ information. From October to November 2020, HYAS Intelligence Services observed a Roaming Mantis campaign targeting a Japanese and Turkish bank that stole the banking credentials of their customers, which were then used in credential stuffing attacks on the banks’ websites.    HYAS analysis of the Roaming Mantis campaign revealed extensive abuse of Dynamic DNS (DDNS) services with over 15,000 DNS domains used to host campaign infrastructure from which the actors launched their attacks. Threat Analysis Overview Threat actors frequently abuse Dynamic DNS (DDNS) services and infrastructure for malicious purposes such as distributing malware, command & control (C2) infrastructure, or phishing campaigns. The low cost of DDNS services and the capability they provide threat actors to quickly build, customize, and operationalize domains and C2 infrastructure for campaigns makes them an attractive option. In addition, DDNS services provide threat actors with a cover of anonymity as no publicly available registration information is required compared to traditional domain registration. HYAS Intelligence Services regularly observes threat actor abuse of DDNS services in various campaigns to launch and carry out attacks. This threat report details how the Roaming Mantis threat actor group has targeted financial institutions in Japan and Turkey and provides suggested mitigation measures. 

HYAS Intel Team

HYAS Intel Team

December 14, 2020

Blog

Inside Ryuk Crime (Crypto) Ledger & Asian Crypto Traders

Inside Ryuk Crime (Crypto) Ledger & Asian Crypto Traders

The following article is co-authored by threat intelligence researchers from HYAS and Advanced Intelligence and cross-posted to ...

HYAS Intel Team

HYAS Intel Team

January 7, 2021

The SolarWinds Hack: Understanding The Adversary Infrastructure

The SolarWinds Hack: Understanding The Adversary Infrastructure

The capabilities and possible victims of the recent SolarWinds hack and the SunBurst backdoor are becoming clearer as the cybers...

HYAS Intel Team

HYAS Intel Team

December 23, 2020

Mapping Adversary Infrastructure: A Real-world (North Korean) Example

Mapping Adversary Infrastructure: A Real-world (North Korean) Example

The news article “Hackers use fake media domains to trick North Korea researchers” by Nils Weisensee appeared in NKNews.org on D...

HYAS Intel Team

HYAS Intel Team

December 22, 2020

Simplifying Threat Investigations: New HYAS Insight Playbooks for Microsoft Azure Sentinel

Simplifying Threat Investigations: New HYAS Insight Playbooks for Microsoft Azure Sentinel

The HYAS Insight Logic Apps connector for Microsoft Azure Sentinel was announced and generally available in October and is alrea...

HYAS

HYAS

December 9, 2020

DNS: The High Fidelity but Underutilized Threat Signal

DNS: The High Fidelity but Underutilized Threat Signal

Malware in general, and ransomware in particular, is the scourge of enterprises today. You can look at the headlines around inci...

Todd Thiemann

Todd Thiemann

December 1, 2020

Investigating Brand Infringement with HYAS Insight

Investigating Brand Infringement with HYAS Insight

HYAS Insight is a key tool for SOC and fraud teams for use cases like incident response and fraud investigation. Something that ...

Todd Thiemann

Todd Thiemann

November 10, 2020

Turbocharging Threat Investigations: HYAS Insight Connector for Microsoft Azure Sentinel

Turbocharging Threat Investigations: HYAS Insight Connector for Microsoft Azure Sentinel

Enterprises are embracing digital transformation to speed business during a pandemic, and that changes how they appear online to...

HYAS

HYAS

October 28, 2020

DNS over HTTPS: Balancing Security and Privacy

DNS over HTTPS: Balancing Security and Privacy

DNS over HTTPS (DoH) is making news headlines again and causing some consternation in enterprise security circles. With Microsof...

Todd Thiemann

Todd Thiemann

September 28, 2020

First West Credit Union Speeds Cyber Fraud Investigations with HYAS

First West Credit Union Speeds Cyber Fraud Investigations with HYAS

Something I regularly get asked is, “How do enterprises use HYAS Insight to accelerate their investigations?” I spoke with a HYA...

Todd Thiemann

Todd Thiemann

September 8, 2020

Accelerate Investigation & Attribution with Avalon and HYAS Insight

Accelerate Investigation & Attribution with Avalon and HYAS Insight

Investigating security incidents is seldom a straightforward process. Investigations are typically performed by disparate and di...

Todd Thiemann

Todd Thiemann

August 27, 2020