QuoIntelligence’s Weekly Intelligence Snapshot for the week of 6 May – 13 May 2020 is now available!

Find the summary below and subscribe to our mailing list at the bottom if you want to receive Weekly summaries and other regular updates from us! Or inquire today to receive a free trial of our full Weekly Intelligence Product, which includes analyst comments, MITRE ATT&CK tags, IOCs, and more!


Current Threat

Industries impacted: ANY

Researchers at ESET discovered a cyber espionage malware named Ramsay, existing from at least September 2019 to March 2020, designed to operate within air-gapped systems. Ramsay is designed to collect all Word, PDF, and ZIP documents on the victim’s machine and store them in a hidden folder. Additionally, the spreader – or propagation component – scans for network shares, removable drives, and appends a copy of the malware to all portable executable (PE) files.


Industries impacted: ANY, Information Technology

In its May Patch Tuesday, Microsoft released patches for 111 vulnerabilities across several products, including Microsoft Windows, Microsoft Edge, Internet Explorer, Microsoft Office, and SharePoint. None of the patched vulnerabilities were listed as previously publicly known or exploited in the wild.

Threat Actor

Industries impacted: ANY

On 12 May, the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) released multiple joint reports disclosing three new malware families that they link to the North Korea’s Lazarus (also known to them as Hidden Cobra). The three malware families are each described in separate Malware Analysis Reports (MARs), explaining their malicious functionality. In addition, on 6 May, researchers at Malwarebytes attributed a MacOS version of a Remote Access Trojan (RAT) known as Dacls to Lazarus.



  • Adobe Fixed 36 Vulnerabilities including Critical Flaws in Adobe Acrobat and Reader
  • US and UK Cyber Authorities Release Alert on APT Groups Targeting Health Care Providers
  • ATM and Payment Technology Provider Diebold Nixdorf Suffered a ProLock (aka PwndLocker) Ransomware Attack
  • Ruhr University Bochum in Germany Recovers From A Ransomware Attack

  • Rail Vehicle Company Stadler Suffered From A Data Breach
  • Naikon APT: Cyberespionage Group Targets Government Entities in Asia Pacific (APAC) Region
  • Global Financial Organizations Targeted in Spear Phishing Campaigns to Deliver The EVILNUM Malware



  • Germany’s Chancellor Merkel Says ‘Hard Evidence’ Exist For Russia’s Involvement in 2015 Bundestag Cyberattack

  • Iran Confirms Unsuccessful Cyberattack on Port in Strait of Hormuz