Suspicious Activity reports

On an average day Wapack Labs emails over 1,000 suspicious activity reports to targeted firms. When an organization continues to appear in our reporting, this demonstrates to us that there are serious concerns that need immediate attention.  These cyber issues can negatively affect other companies who have been in contact with the targeted firm.  When a targeted company fails to respond to our notifications to solve the apparent cyber issues, we feel it is our position to publish a report.  Our reports are available for purchase here by the targeted organizations and interested parties.
 

 
HADWISE.jpg

Indian Physical Security Company Compromise - Hadwise Technologies

On July 15, 2017, Wapack Labs identified, with high confidence, four keylogged email accounts compromised belonging to an Indian physical security company, Hadwise Technologies Pvt. Ltd. These email accounts were used to collect information from multiple internal Hadwise systems and several external.

 
GAP.jpg

Suspicious Activity Report – “.GOV”

Between April 20, 2017 and September 13, 2017, Wapack Labs identified 36 federal and state portal or email accounts that had been victimized by attackers deploying keyloggers. As well, because these accounts contained by user names and passwords (redacted for this report), there exists a high probability that these accounts have been used by the adversaries who collected them.

 
SITA.jpg

Suspicious Activity Report – SITA.aero

Between March 29 and April 4, 2017, Wapack Labs identified multiple two computers logging into Wapack Labs owned botnet and Advanced Persistent Threat (APT) sinkholes, indicating likely (but unconfirmed) compromises of the computers observed checking in.  The combination of the two pieces of malware suggests a remote access Trojan is deployed on one IP address, while malware used to spread infections is located on another. It is unclear if the two incidents are related.