QuoIntelligence’s Weekly Intelligence Snapshot for the week of 31 March – 6 April is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Hive RaaS Continues to Improve Their Resources and Operations

Industries impacted: Government, Health Care, Industrials, Information Technology, Materials

Hive is a Ransomware-as-a-Service (RaaS) that was first reported in June 2021. QuoIntelligence has observed the service and namesake malware being updated and improved. Hive uses the established business model of maintaining a core group of developers and operators who recruit skilled affiliates to conduct each phase of the attack kill-chain, in order to finally encrypt systems with Hive’s ransomware and conduct an extortion process.

Rollups

Industries impacted: Energy, Financials, Government, Industrials

  • New BlackGuard stealer malware sold on hacker forums
  • Multinational Electric Utility Company Iberdrola Suffered Cyberattack
  • Rockwell Industrial Control System Automation Vulnerabilities Could Allow Attackers to Hide Code
  • Lazarus: Trojanized DeFi App Being Used to Deliver Malware
  • Cicada Chinese APT group widens targeting in continued espionage campaign
  • Bank of Italy Denies Recent Claims of Cyber Attacks
  • SocGholish and BLISTER Leveraged To Deliver LockBit Ransomware
  • RCE 0-day Vulnerability in Spring Java framework

Geo Highlights

Ukraine Update: Russian Military to Refocus on South-Eastern Ukraine, New Sanctions on Russia Could Result in New Cyberattacks

QuoIntelligence continues to assess that a ceasefire between Ukraine and Russia is unlikely to be agreed upon anytime soon, possibly resulting in a longer second phase of the invasion. Regarding war crimes allegations, it is unlikely that investigations will result in arrests of Russian individuals, at least in the medium term. As the invasion continues, energy provision is likely to cause internal division in Europe, as sanctions require unity, and bans on Russian energy supply can unequally affect EU countries. As for the cyber threat landscape, we assess with moderate confidence that sanctions by themselves will not trigger retaliatory destructive operations conducted by Russian state-sponsored entities.

Rollups

Industries impacted: Government

  • US Establishes Bureau of Cyberspace and Digital Policy
  • Poland Vetoes EU Directive to Implement Global Corporate Tax Deal