QuoIntelligence’s Weekly Intelligence Snapshot for the week of 14 – 20 April is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Gamaredon Continues To Use SFX Archives To Deliver Implants

Industries impacted: Government

QuoIntelligence is tracking an iteration of a campaign we attribute to Gamaredon group delivering implants in the form of self-extracting package files (SFX executable). This enables the group to bundle together various files – in this context to show user a decoy Office document and in the background launch a VNC server using a UltraVNC utility. According to Office and executables files metadata, this new wave started around the second week of April.


Industries impacted: Consumer Discretionary, Consumer Staples, Financials, Information Technology, Materials, Real Estate, Utilities

  • Lazarus Extends their “Operation Dream Job” Campaign to Targeting the Chemical Sector
  • The Karakurt Extortion Group Potentially Partner With Conti Ransomware
  • Lazarus Group Targeting Blockchain Companies Using Trojanized Crypto Apps
  • The Group Haskers Gang Introduces New ZingoStealer Malware-As-A-Service In Their Telegram Channel Including A
  • Free Version For Their Members
  • Attack Campaign Involving Stolen OAuth User Tokens Issued to Third-Party Integrators
  • Analysis and Kill Chain of Latest BlackCat Ransomware Incident
  • FBI Links the Largest Crypto Theft to North Korean Lazarus Group and APT38
  • Gamaredon: Actively Updating Tools For Activity in Ukraine

Geo Highlights

Ukraine: Fighting Intensifies in Eastern Ukraine, Global Divisions Hardening, and Cyberattacks on Critical Infrastructure

Industry impacted: Government

As the war in Ukraine is continuing without any likely end in sight, countries are reorganising their alliances and partnership that could shape a divided international structure for decades to come. Based on the recent cyberattacks on the energy sector, and the warnings regarding threats to ICS/SCADA systems and critical infrastructure at large, we assess with low confidence, that it is probable the Russian Federation is engaged in activities aiming at preparation for the deployment of destructive cyber operations.


Industries impacted: Communication Services, Government

  • US Court Rules that Scraping Publicly Accessible Data is Legal
  • NSO’s Pegasus Spyware Reportedly Used to Target Catalan, UK, EU Politicians and Organizations
  • NATO Holds World’s Largest International Live-Fire Cyber Exercise