Weekly Intelligence Snapshot – Week 12

EXOTIC LILY: Initial Access Broker (IAB) Tied To Conti, Trickbot And Others

On 17 March, Google’s Threat Analysis Group (TAG) reported about a financially motivated threat actor group dubbed as EXOTIC LILY. TAG determines the EXOTIC LILY group to be an Initial Access Broker (IAB) that appears to be working with at least the Russian cyber crime gang known as FIN12 (also known as WIZARD SPIDER).

Rollups

Industries impacted: Communication Services, Consumer Discretionary, Consumer Staples, Energy, Government, Information Technology, Materials, Real Estate

• Activity From Emotet in the Auto Manufacturing Sector, Suspected Link To Conti Ranomsware Operators.
• Cyclops Blink Sets Sights on Asus Routers
• Serpent: New Backdoor Targeting French Entities
• Lapsus$ Publish Leaks From Microsoft, LG, And Announce a Breach on Okta
• APT35 Automates Initial Access By Exploiting ProxyShell Vulnerabilities
• New Infection Campaign Using Deadbolt Ransomware Targets NAS Devices

Geo Highlights

Ukraine Update: No Signs of Potential Peace Agreement, Threat Actor Activity Continues to Pose Significant Threat

As the invasion of Ukraine enters its second month, there are no signs of a potential peace agreement any time soon. The conflict is resulting in a rise of activism and hacktivism as the politization and polarization of society increases. QuoIntelligence continue to assess the threat level for cyber threats as Medium-High. While no large-scale cyberattacks were observed outside the conflict zone, the latest advisories from the US government suggests this could change.

Rollups

Industry impacted: Government

• Updates on Geopolitical Developments in the Middle East
• EU Proposes New Rules to Boost Cybersecurity and Information Security
• EU Publishes Defense Policy, Germany Presents National Security Strategy