QuoIntelligence’s Weekly for 10 – 16 September 2020 is now available!
You can find below a summary for our Weekly Intelligence Snapshot, providing insight and analysis into this week’s major cyber and geopolitical events.
Subscribe to our mailing list to receive it straight in your inbox, or inquire today to receive a free trial of our full Weekly Intelligence Product, which includes analyst comments, MITRE ATT&CK tags, IOCs, and more!
CYBER
Vulnerability
Industry impacted: ANY
- On 11 September, Secura released a test tool and technical report for a recently patched Elevation of Privilege vulnerability dubbed Zerologon, existing in the Netlogon protocol used by multiple versions of Windows Server. In addition, QuoINT confirms there is a working proof-of-concept exploit available online. Successful exploitation could allow a local, unauthenticated attacker to escalate privileges.
Threat Actor
Industry impacted: Government
- On 9 August, QuoINT detected an ongoing APT28 campaign, which likely started on 5 August and ultimately dropped the Zebrocy malware. The campaign used NATO’s upcoming October 2020 trainings as a lure and targeted at least one Middle Eastern government. However, it is likely the attackers also targeted NATO members. Early next week, QuoINT will release a public blog post on our research.
Rollups
Industry impacted: ANY, Communication Services, Financials, Government, Information Technology
- Cyberattacks from Chinese, Russian, and Iranian linked Threat Actors Targeting Individuals and Entities Involved in US Election.
- Palo Alto Patches Critical Buffer Overflow Vulnerability in PAN-OS Devices.
- CISA Attributes Cyberattacks Targeting US Government Agencies and Private Institutions to Chinese Government Backed Cyber Threat Actors.
- Equinix Confirms Ransomware Attack that Impacted its Internal Systems.
- US Justice Department Indicts Seven International Cyber Defendants, Including Alleged Members of the Winnti Threat Actor Group.
- US Government Advises on Iranian Threat Actor Exploiting VPN Vulnerabilities.
GEOPOLITICS
Industry impacted: Government
- China’s government has long utilized cyberspace to further its own interests domestically and internationally. As cyberspace has become an integral part in the ongoing power competition between China and the US and their respective allied countries, increasing tensions will be reflected by operations in cyberspace, such as increased espionage, surveillance, misinformation, or censorship. Additionally, as economic and diplomatic tensions are ongoing, China’s government will likely continue leveraging industrial espionage to accelerate development in key industries to become a leading manufacturing power.
Rollups
Industry impacted: Government
- US DoJ Charges Two Iranian Cyberactors with Defacing US Websites in Retaliation for Killing of Quds Forces Leader.
- UK Parliament Passes Market Bill Which Could Breach International Law By Overriding Brexit Provisions.
Outlook
Industry impacted: Industrials
- Russia to Hold Naval Exercise in Eastern Mediterranean.
Would you like to have access to the full report? Click on the link below to learn more about our Weekly Intelligence Snapshot subscription.
