QuoIntelligence’s Weekly Intelligence Snapshot for the week of 19 – 25 August is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Cyber Highlights

In-Depth Research of ShadowPad and Chinese Espionage Actors Using It

Researchers at SentinelOne detailed in a comprehensive report the origin, usage, and ecosystem of ShadowPad, a well-known modular backdoor frequently observed in attack campaigns attributed to various China-linked threat actor groups.

Industry impacted: Financials, Industrials

  • Emerging Ransomware Groups: AvosLocker, Hive, HelloKitty, LockBit 2.0
  • Japanese Cryptocurrency Exchange Targeted By Unknown Threat Actors, Resulting in Almost EUR 77 Million Stolen
  • FIN8 Leverages New Backdoor in Attack Against US Financial Institution
  • New Ransomware Dubbed LockFile Observed In Campaigns Exploiting PetitPotam Vulnerability
  • Threat Actors Exploiting ProxyShell Vulnerabilities on Unpatched Microsoft Exchange Servers

Geo Highlights

 Afghanistan: Implications for Europe in the Short to Medium Term Future

The Taliban’s takeover of Afghanistan was widely covered in the previous week. While the situation in Afghanistan remains in flux and key economic, political, and diplomatic issues continue evolving, below, we are highlighting potential implications for Europe including a renewed debate on refugees, potential increased terrorist threats, as well as questions over accepting the legitimacy of the regime.

Industry impacted: Energy, Financials, Government

  • German Chancellor Merkel Visits Ukraine and Russia, Threatens Sanctions if Nord Stream 2 is “used as weapon”
  • Cyber Insurance Industry Encounters Difficulties as Ransomware Costs Increase
  • Updates on EU Legislative Initiatives Related to Cybersecurity