Weekly Intelligence Snapshot – Week 49

APT15: Latest Campaign Disrupted by Microsoft

Industry impacted: Energy, Government

On 6 December, Microsoft announced the seizure and disruption of over 40 malicious domains used in ongoing attacks, which they attributed to the China-linked threat actor group known as APT15. The details provided by Microsoft highlight the various Tactics, Techniques, and Procedures leveraged by APT15 to ultimately deliver various malware payloads to collect and exfiltrate data.

Rollups

Industry impacted:Financials, Information Technology

• Microsoft Exchange’s ProxyShell Vulnerabilities Used to Deploy BlackByte Ransomware
• Network Access Broker ‘Babam’ Having Alleged Affiliation To Ransomware Groups Exposed
• Researchers Discover 14 New Cross-Site Leak Attacks On Web Browsers
• New Zoho ManageEngine Vulnerability Allows Authentication Bypass on Desktop Central MSP Server
• Cryptocurrency Finance Cyber Events: EUR 132 Million and 106 Million Stolen In Two Separate Incidents from BitMart Exchange and Badger DeFi Platform

Geo Highlights

Increased Tensions Over Ukraine Territory Unlikely to Result in Full Military Conflict

Industry impacted: Government

Tensions between Russia and Ukraine have risen significantly in recent weeks. Although a full military conflict in Ukraine is unlikely given the probable intervention of the US if Russia invades Ukraine, the conflict is likely to continue to be unresolved, resulting in tensions and instability in the region.

Rollups

Industry impacted: Government

• US, Australia, Canada, UK, Announce Diplomatic Boycott of Beijing Olympics
• Western Countries Issue New Sanctions Against Belarus
• New EU Anti-Coercion Instrument to Allow to Impose Economic Sanctions Easily