QuoIntelligence’s Weekly for 24 – 30 September 2020 is now available!
You can find below a summary for our Weekly Intelligence Snapshot, providing insight and analysis into this week’s major cyber and geopolitical events.
Subscribe to our mailing list to receive it straight in your inbox, or inquire today to receive a free trial of our full Weekly Intelligence Product, which includes analyst comments, MITRE ATT&CK tags, IOCs, and more!
CYBER
Current Threat
Industry impacted: ANY
- During September, researchers observed malspam and exploit kit campaigns delivering variants of TaurusStealer malware, which ultimately load SystemBC, a proxy malware, and a QakBot (also known as QBot) banking Trojan. The activity and Tactics, Techniques and Procedures (TTPs) align with activity observed in August by researchers at both Malwarebytes and CheckPoint.
Cyber Incident
Industry impacted: Government
- On 24 September, CISA announced that an attacker breached an unnamed US federal agency. The unattributed attack reportedly may have started with the exploitation of CVE-2019-11510 against an unpatched Pulse Secure VPN server, which potentially gave the threat actor credentials that were shared with Microsoft Office 365 accounts and internal Active Directory Domain accounts.
Threat Actor
Industry impacted: Communication Services, Financials, Information Technology, Materials
- Researchers at Symantec uncovered a new cyber espionage campaign they attributed to the Palmerworm (aka BlackTech) threat group, targeting organizations in Japan, the US, Taiwan, and China. Reportedly, Palmerworm is a Chinese, government backed group primarily focused on cyberespionage in Asia. The cyber campaign, which began in 2019 and continued into 2020, targeted various organizations in the engineering, electronics, and financial sector with four previously unknown backdoors.
Rollups
Industry impacted: ANY, Communication Services, Consumer Discretionary, Consumer Staples, Financials, Government, Health Care, Industrials, Information Technology
- New Android Banking Trojan “Alien” Targets Mobile Banking Apps to Steal Credentials.
- Cisco Patches 29 High-Severity Flaws Including Two Zero-day Vulnerabilities Previously Exploited in The Wild.
- GADOLINIUM: Microsoft Disrupts Spear Phishing Campaign by Suspending Applications Leveraged by Gadolinium.
- UHS Hospitals Hit by Reported Country-Wide Ryuk Ransomware Attack.
- Kaspersky Releases H1 2020 Threat Landscape Report for Industrial Automation Systems.
GEOPOLITICS
Industry impacted: Government
- The conflict between Armenia and Azerbaijan over the Nagorno-Karabakh region escalated to a military confrontation in the previous week, resulting in nearly 100 casualties, including civilians. The geostrategic importance of the region, due to gas and oil pipelines running through the area, and potential regional interest of foreign nations connected to the conflict, will likely make any peace negotiations difficult. Even if the military conflict eases in the coming weeks and months, cyberattacks are likely to continue.
Rollups
Industry impacted: Government
- North Korea Announces Shifting Focus on Rebuilding Economy, after Establishing ‘effective war deterrent’.
- Oxford University Introduces Measures to Protect Students from Hong Kong Security Law.
Outlook
Industry impacted: ANY
- GLOBSEC Bratislava Forum 2020
Would you like to have access to the full report? Click on the link below to learn more about our Weekly Intelligence Snapshot subscription.
