QuoIntelligence’s Weekly Intelligence Snapshot for the week of 29 July – 05 August 2020 is now available!
Industry impacted: Communication Services, Energy, Government, Health Care, Industrials, Information Technology, Materials, Utilities
- On Monday, 3 August, a user published a post titled “1800 vulnerable and compromised pulse vpn” on an Russian-speaking underground forum. The post contained a data dump including information of 1,800 Pulse VPN compromised servers vulnerable to CVE-2019-11510, a critical vulnerability that was patched in April 2019 and massively exploited since August 2019 by both e-crime and APT actors.
Industry impacted: ANY
- Researchers at Sophos detailed new techniques implemented by WastedLocker ransomware operators leveraging the Windows memory management feature to evade detection from anti-ransomware solutions.
Industry impacted: Financials
- QuoIntelligence recently identified at least three new spear phishing campaigns which occurred between May and July 2020, that aligns with the known fake job scheme used by FIN6, and also leverages multiple tools from the Golden Chickens Malware-as-a-Service. While we confirm the campaigns occurred between May and July, they are likely still ongoing.
Industry impacted: ANY, Government, Health Care, Information Technology
- APT34: Newly Incorporates DNS-over-HTTP To Conduct Cyber Operation
- Spear Phishing Campaign Targeting Aerospace and Defense Shares Similar Tactics to Lazarus Group
- Joint Release from US Government Agencies Attributed Malware Used in Cyberespionage Campaigns to Chinese Government Linked Threat Groups
- Australia Releases Cyber Security Strategy 2020
- US Government Observes Increase In Ransomware Attacks Targeting State and Local Government as Election Approache