New Chinese Misinformation Campaign

Fake Campaign Attempts to Attribute Chinese Advanced Persistent Threat Group APT 41 to the NSA

By Dominic Alvieri 

@AlvieriD

October 12th, 2022

A new Chinese misinformation campaign has been spreading this past week attempting to attribute the Chinese APT 41 to the National Security Agency. Many are using the Intrusion Truth name. 

Global Times Chinese domain article tweet.

Several new accounts tweeted in Chinese Mandarin for the local media in Asia while others have been created in English for a wider audience. All accounts use the APT 41 hashtag. 

Kimberly Allen Fake FireEye Attribution in Mandarin

The above tweet translates to FireEye attributing Chinese APT 41 to the NSA.

The tweet above has been removed but the account remains.

The FBI reports concludes what we all know while some are trying to create confusion in typical APT 41 style.

This is a new and current campaign with all accounts still currently open. No new activity has been spotted since the initial report this week with fake attribution tweets.

Blog will be updated as needed. Stay safe.

Los Angeles School District Claimed by Vice Society

 Ransomware Roundup 

By Dominic Alvieri

@AlvieriD

9/9/22

We all know DDoS attacks are illegal. The rules seemed to have changed, entrust me.

Earlier this week several ransomware gangs leak sites including LV, Everest and Ragnar Locker appeared to be under the same "high load" stress that caused LockBit and ALPHV Black Cat ransomware to make some adjustments.

Everest v Brazil?

The Everest Ransomware Team leak site has been unavailable since leaking access to the Brazilian Government and still offline as of this article. It is still offline now.

photo courtesy @darktracer_int  Twitter

Ragnar v Air Portugal?

Ragnar Locker has been wrestling with TAP Air Portugal regaining site control after an alleged DDoS attack. Raagnar Locker teased Air Portugal and the site neatly went unavailable again. The site is currently back online as of 7:45pm EST but no new posts or leaks were added.

Ragnar Locker has been offline again since after their post. 

Alleged TAP Air Portugal customer leak.

Going Backwards, the LockBit Tattoo

LockBit is back in the news besides the obsessive post rate to offer $1,000 to anyone who gets a LockBit tattoo. 

ALPHV Black Cat ransomware has removed the Italian Energy Agency, GSE-Gestore Servizi Energetici from its leak site. When a ransomware group flashed a victim like ALPHV did with Unisys several weeks back for an hour or so that is a message or a taunt. WHen a post is deleted after nearly a week that usually indicates a payment. Black Cat like most ransomware groupsd does not do charity work.

The only other reasonable reason for removal could be the fear of NATO action due to the cyber attacks on Albania and Montenegro. Creos of Luxembourg remains on their leak site so that theory doesn't hold up well either.

Vice Society

New Logo, Same Lowlife Double Extortion Group.

New Vice Society alternate logo. You're welcome.

Vice Society has just claimed the Los Angeles School District via Jeremy Kirk at 7:50pm EST while I am still waiting for a response this is from Vice.

The last 6 posts for Vice Society are:

The Los Angeles School District, California

Elmbrook School, Wisconsin

Moon Area School Distric, Pennsylvania 

The Francis King School of English, United Kingdom

Lampton School, United Kingdom

BSV Hospice

Vice Society is believed to be an English speaking group.

Vice Society has also added a timer on most of their new posts.

Yanluowang is thought to be a Chinese group.

Is Cl0P Brazilian? Cl0P is thought to be Russian but for some reason Brazil and Portuguese keeps coming up. More to come.

Cl0P

Cl0P added a captcha again to help against those high loads after an attack on a British water utility.

Dominic Alvieri, @AlvieriD Twitter

Is This Email Phishing You Off?

How to Immediately Tell if This Email is from MetaMask or Phishing You

By Dominic Alvieri @AlvieriD

August 31st, 2022

Is this a phishing attempt?

Yes.

Here is how to find out immediately. 

Most people don't remember but MetaMask did not collect your email when you created your account. MetaMask does not send emails. If you receive an email from "MetaMask" it is a phishing attempt.

The cover photo is from a current phishing campaign using a sense of urgency and fear of terminated access.

This phishing attempt obviously did not come from MetaMask. Official support @MetaMaskSupport Twitter

New redirected verification landing page and QR code linking to the phish.

This fake MetaMask email has a convoluted journey with websites hosted in Denmark and redirected to China with an Alibaba registered domain hosting the actual phish. I will post an update to this blog post or my Twitter when I close this file as the campaign is still active and a new dated email circulating.

Not another QR code...

Remember MetaMask Does Not Send You Emails

What if this tip doesn't work with others?

This sounds easy enough and it is, whenever a question arises about whether an account has been hacked, suspended or restricted in any way is to go directly to the account in question, not through any courtesy link, notice or email.

Unhappy Anniversary

The United States Federal Minimum Wage is frozen in time

by

Dominic Alvieri

July 22nd, 2022

Twitter @AlvieriD

Why are we leaving everyone behind?

There is absolutely no excuse for the United States federal minimum wage to be frozen in time since 2009.

Year after year there is no change just like a broken clock. Even after this last slide stocks are still up quite nicely since 2009. Athlete and executive salaries, housing prices...and now inflation are soaring.

Arizona Cardinals star quarterback Kyler Murray just signed a 5 year $230 million dollar contract and once again the federal minimum wage has not changed since 2009.

The US Department of Labor documents the history of changes to the Minimum Wage Law. They have not been documenting much over the last decade plus.

What is going on?

What has the US Department of Labor been doing? In a word-NOTHING.

It is in corporate America's best interest to keep wages low. 

Workers wanted more money but yadda, yadda, yadda the lobbyists took care of it. 

Most jobs in one way or another are based off of the minimum wage. Any US State wishing to go above that rate may do so but it is against the law to go below that federal minimum level.

There are several different categories of jobs including skilled jobs, professional, hourly etc. This isn't a deep dive or a skewed data driven bs info blog. Just a blog about a physical real world problem.

Pre-pandemic the hospitality industry was one of the industries in the United States that made up a majority of the job growth over the previous 10 year period according to several archived analyst articles on CNBC. 

During this time restauranteurs, franchisers, coffee houses and the like sprung up on nearly every corner during the expansion. Think Dunkin Donuts, Starbucks, Subway etc. not to mention the casual Texas Roadhouse or TGIFs down the strip. Don't forget about Shake Shack. 

sad but true...

Firms are still lobbying hard for the government not to raise wages for those who need it most.

It is pretty sad that corporations pay lobbyists to keep wages down. 

In a nutshell corporate America pays lobbyists mostly congregated on a few block stretch of K Street in Washington DC not far from the Capitol. It is in their best interest to keep wages low. Year after year corporate and franchised locations continue to mushroom while the starting minimum wage remained the same.

Lobbying.

The major problem is corporate and entrepreneurial America got greedy and didn't raise many minimum basic rates during the expansion and then the pandemic hit. Now the inflationary decline is upon us and staffs are being cut are employers are now unable to raise rates. Although some states did raise minimum wages many did not. Wages overall did show gains but paled in comparison to the overall growth of the upper income brackets.

Without posting more mind numbing data suffice it to say the federal minimum needs to rise dramatically and rise today.

Otherwise we really are leaving everyone else behind.

Dominic Alvieri 

NRA I Don't Need an AR-15 to Hunt a Duck But I Need a Raise

What do the NRA and the NRA stand for?

By Dominic Alvieri

@AlvieriD

May 29th, 2022

The National Rifle Association

The National Rifle Association held their annual convention in Houston Texas this week days after the mass shooting in Uvalde, Texas. Texas senator Ted Cruz made a speech last night blaming everything but the truth on the increase in the amount of mass shootings in our country. Cruz blamed violent video games which have been proven not to be the root cause and thoroughly written about.

I hate politics.

The NRA board of directors just re-elected longtime head Wayne LaPierre even amid scandals which says a lot about the group at the moment.

I am a firm believer in the right to keep and bear arms but a person does not need an AR-15 to hunt a duck or a deer. 

***Nearly every single mass shooting in the United States from Columbine to Uvalde has been carried out with an AR-15***

It is time for command and control. WE have the right to keep and bear arms and to be protected. Guns don't kill without being in control of the wrong person.

Not only were the speakers unshaken but they were heartless.

What does the NRA lobby? How much do they spend? Who contributes?

Good questions. Many sites have data readily available and in this case used from /opensecrets.org

2021 data was not available

For arguments sake lets say this dataset is a correct representation. A majority of spending is in the classic general "outside spending' category. What does that entail? This outside spending funds an entity called the Victory Fund which is a special purpose vehicle tied closely to the National Rifle Association.

Who donates to the NRA? Readily available information with the usual suspects like the gun makers themselves that I will not go over here but was an informative journey and a deeper dive is required. 

What does the group lobby? This is a small sample with viewpoints and political comments aside.

In 13 years the NRA has not budged on gun control.

S-3 was recently hired by the NRA

Americans will never give up their right to bear arms but we have past the point for gun control. In most states you can buy a gun at the age of 18 but have to wait until you are 21 to drink. 

Let that thought marinate for a moment.

There are many groups that are intent on keeping loose gun regulation and control. How many more innocent people have to die before we recognize the need for some control. 

 

The National Restaurant Association

This NRA represents the second largest private sector employer in the United States. 

In 13 years the National Restaurant Association has lobbied against raising the minimum wage in every instance. Contributors include the usual large corporate chain restaurants from Darden and new economy firms like DoorDash who contribute and lobby to keep wages down.

But how low?

The servers who serve you food and beverages have not had a raise in 13 years. In the state of Pennsylvania a server makes $2.83 per hour. In 35 years the pay rate for a server in Pennsylvania has only gone from $2.01 to $2.83 an hour. That is not a typo.

How can this be?

The largest growth industry pre-pandemic was the food and beverage sector which needed and still needs low wages to not only get back to previous levels but to continue to grow. Growth at the expense of a young and uneducated revolving door work force except for those for whom it is their profession.

Server wages are based off of a percentage of the Federal minimum wage subsidized by the employer to that Federal minimum, currently $7.25 an hour if tips are not made above that minimum hourly level.

Coca-Cola, McDonald's, DoorDash all donating to lobby and lobbyists to keep the minimum wage down. It is in their best interest to keep wage costs down and margins up. Business 101.

What about the people. We the people?

I will spare you the complete list but it is fair to say there a a lot of people who have a keen interest in keeping the Federal minimum wage down.

Both the NRA and the other NRA, the National Restaurant Association receive substantial amounts of money from groups intent on keeping the status quo, but for how much longer?

In 13 years the National Rifle Association has done nothing to control AR-15s which have been used in every mass school shooting.

In 13 years the National Restaurant Association has lobbied against raising the minimum wage every time.

Who do these groups work for? That was a rhetorical question.

Stay safe.

All Day I Dream about Redacted

How a bug bounty break caught an NFT scam which uncovered major credit card fraud

By Dominic Alvieri

@AlvieriD

May 22, 2022

Counterfeiting and credit card scams have been around since the products themselves. This isn't new. Distributions of the said scams are becoming more and more creative.

The scam gates have opened.

{Cover photo courtesy of scam site /rockport-france.fr 165.231.200.159 in Estonia}

One thing leads to another

Finishing a technical report on a bug bounty I decided to search related cryptocurrency and NFT projects which were recently announced looking for bad actors whom often target new projects. Adidas, Hyundai and a soon to be named company were all being targeting.  Confirmations. 

This is the most recent Adidas court order victory.

Adidas was first alphabetically and had several NFT and crypto related spoofs being represented by several actors in various countries show up on the first queries. NFT minting wallet drain spoofs and the usual giveaway scams showed immediately. 

Several related scams including /adidas-mint.com,  /drop-adidas.com and /drops-adidas.com were reported and closed along with half a dozen others. Another set of names caught my eye so I drilled down deeper.

 

Counterfeits and credit card fraud all over the world

Adidas-CostaRica caught my eye due to the current Conti ransomware situation in Costa Rica now. Uruguay, Ecuador, France, Malaysia and nearly apanning the globe.

/adidas-uae.com

/adidas-peru.com

/adidas-ecudor.com

/adidas-slovenija.com

/adidas-uruguay.com...

more and more variations showed up on related searches:

/AdidasColumbiaOutlet.com

/AdidasShoes-UK.com

/AdidasShoes-Canada.com...

Most of the domains in question lead to one ip address and Alibaba registered. Counterfeiting products and credit card theft alerts have been issued for these fake domains which are not official Adidas promotions. Reebok, Rockport, Nike and several other major brands have been targeted with these fake spoof websites. Outlets, sales and discounted prices are the major lures and no sneakers have been delivered to any friends who have attempted to sign up and purchase.

The Cyber Show

/

A Week with Lapsus$

Conversations with Americas Most Wanted

By Dominic Alvieri

@AlvieriD

April 11th, 2022

What it's like

 

So what is it like to speak with someone so wanted and hated by so many? The answer may surprise you. Brash, confident and way more intelligent than people are willing to give to the remainder of the Lapsus$ group credit for. 

What is his name? I didn't ask and frankly don't care. Chances are it would be another farce. 

Where is he? I didn't ask again and don't care.

Where are the remaining members now? I again didn't ask and again don't care. That is not my job to breach Telegram and other companies and to find answers. 

This is an account from the past week with Lapsus. I am not part of Lapsus$.

Recent photo profile updates

Tagged on Twitter

That warm and cozy feeling. 

What did you talk about? None of your business. Just kidding. We did share a few laughs. Speaking of how influential a photo is in reference to text we laughed as he changed profile photos live. We are all visual creatures. We also all fall into patterns. Pattern analysis transfers well.

We spoke about women ( don't judge ) surprisingly not guns, a little tech and the minefield that has been unearthed around him. Eager to save what was a short lived legend in Lapsus$ it would come as no surprise to anyone that this is the current attempt at just that, reviving Lapsus$.

It was very interesting. There have been may articles and blogs written about the group and I am not going to be redundant but giving a brief synopsis of the past week chatting with the famed "Mox" of the prematurely pronounced dead Lapsus$ hacking and extortion group. 

In and out. Constant change, searching, contacts. Fast.

Lapsus$ is still alive albeit a like a racing team without a car or driver but it has a good pit crew. They are looking to change that. 

As several researchers have pointed out and has been confirmed there are several members of the group still active as is evident here. Actively searching to retain former glory. 

Right now it is no secret that the group is under diminished capacity. That can change at any moment.

Girls, guns, cars, companies... we didn't actually speak about guns but I'm sure that would have been interesting as well. 

Good bye Mox

To be continued fortunately by someone else. I'm exhausted.

Dominic Alvieri

Twitter @AlvieriD