Weekly Intelligence Snapshot – Week 3

Lazarus: Subgroup BlueNoroff Targets Small And Medium Sized Companies To Steal Crypto Assets

Industries impacted: Financials

On 13 January, researchers at Kaspersky Labs reported a campaign dubbed as SnatchCrypto and attributed to the North Korean threat actor group BlueNoroff, known to be a subgroup of the larger Lazarus Advanced Persistent Threat (APT) group. According to the research, this campaign is aimed at various companies that deal with cryptocurrencies and smart contracts, DeFi, blockchains, and FinTech with victims across multiple countries.

Rollups

Industry impacted: Communication Services, Energy, Financials, Government

• New APT Earth Lusca Targets Government, Crypto and Media With Complex Infrastructure
• APT28 & Konni: Targeting Renewable Energy Research
• White Rabbit: A New Ransomware With Advanced Evasion Tactic
• REvil: Russian FSB Dismantle Group at US Request
• AvosLocker Ransomware Developing a Linux Version for its Malware

Geo Highlights

Conflict in Ukraine: Possible Scenarios Following Ongoing Tensions with Russia

Industry impacted: Government

A recent cyberattack on Ukrainian government websites has further stoked tensions between Ukraine and Russia as Russia is threatening to invade Ukraine. While diplomatic efforts to de-escalate the conflict are ongoing, military confrontation with Russia in Ukraine’s border territories together with hybrid war elements, such as cyberattacks and disinformation campaigns, against Ukraine and their allies are possible.

Rollups

Industry impacted:Consumer Discretionary, Financials, Information Technology

• US Government Holds Meeting with Private Sector Stakeholders on Software Security
• EU Targets Fictitious Finnish Power Company in Cyberattack Simulation
  Energy Crises and Political Turmoil Impacting Cryptocurrency Miners
• Volkswagen and Bosch Create Joint Venture for Battery Manufacturing, as BMW Continues Cooperation with External Suppliers