QuoIntelligence’s Weekly Intelligence Snapshot for the week of 29 April – 5 May is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Cyber

Current Threat
Industry impacted: Consumer Staples

  • QuoIntelligence has observed multiple developments regarding the current state of ransomware including new statements from Babuk, a new ransomware variant, Iranian state-sponsored ransomware activity, and activity from UNC2447.

Threat Actor
Industry impacted: Government

  • On 5 May, ESET researchers alerted to a new weaponized Microsoft Word document attributed to the North Korea-linked Lazarus threat actor group, with links to previously known attack activity dubbed as Operation In(ter)ception.

Rollups
Industry impacted: Government

  • Threat Actor, Potentially Chinese-Sponsored, Leverages New “PortDoor” Malware to Target Russian Defense Company
  • Belnet Targeted by DDoS Attack, Shuts Down Belgium’s Government Networks, Educational Institutions, and Research Centers
  • Exim ’21Nails’ Vulnerabilities Discovered By Researchers Affecting Many Versions
  • Dell Systems Affected By Five BIOS Privilege Escalation Flaws
  • TsuName Vulnerability Could Lead to DDoS Against DNS

 

Geopolitics

  • Threat actors are increasingly using deepfake technologies to bypass security measures, as part of disinformation campaigns or in social engineering attacks, posing dangers to states, organizations, and individuals. Threat actors are likely to take advantage of this technology for scams given the uptick in deepfake technology and service offering across the dark web. Similarly, nations-states could use deepfakes as a political disinformation tactic.

Rollups
Industry impacted: Financials, Government

  • ASEAN, China, Japan, and South Korea to Boost Financial Cooperation Amidst COVID-19 Pandemic
  • US and NATO Begin Military Withdrawal From Afghanistan
  • EU Parliament Passes Non-Binding Resolution Condemning Russia’s Actions