QuoIntelligence’s Weekly Intelligence Snapshot for the week of 26 March – 2 April 2020 is now available! Find the summary below and subscribe to our mailing list at the bottom if you want to receive Weekly summaries and other regular updates from us!

CYBER

Current Threat 

Industries impacted: Any

Researchers at Kaspersky and Trend Micro discovered a new watering hole attack that indiscriminately targeted iOS users in Hong Kong to deliver a new iOS malware dubbed LightSpy. Researchers at Kaspersky attribute these attacks to the TwoSail Junk APT group, which they connect with low confidence to the Chinese-speaking SpringDragon APT group and which has a history of leveraging watering hole attacks against Vietnam.

Cyberattackers are continuing to use the COVID-19 pandemic to target victims. In addition, governments are increasingly using technology to trace the spread of the virus and to monitor isolation requirements. We highlight these observed cyber activities in addition to some cybersecurity and data privacy implications arising from this increasing use of tracking technology.

Threat Actors

Industries impacted: Industrial, Information Technology

Since January, QuoIntelligence (QuoINT) uncovered various new aspects of Winnti Group-related threat activity. We detected a new Winnti variant indicating an unreported German chemical company was previously targeted by the group, and during analysis we discovered the variant uses a custom DNS tunneling implementation and technique based off the open source DNS tunneling project named iodine. Notably, a Winnti malware using iodine DNS tunneling as a C2 channel has never been publicly documented so far. In addition, we identified a new Winnti sample containing a configuration which targets a previously targeted South Korean gaming company. At least in two instances, we became aware of the group’s use of a stolen digital certificate from a Taiwanese company, not publicly discussed and only briefly mentioned previously by a security researcher.

OUTLOOK

6 April – European Council: Video conference of Foreign Affairs Ministers on the military implications of the COVID-19 pandemic
7 April– European Council: Video conference of the Eurogroup on the coordinated response to the economic fallout of the COVID-19 pandemic
8 April– European Council: Meeting of Council Working Party on Public Health