Weekly Intelligence Snapshot – Week 17

This week we cover our observations of #Emotet development, including differences in #TTPs observed in recent samples. We also cover #Lazarus activity reported by AhnLab targeting the #defense and #chemical sectors. We are tracking this activity for awareness and early defense and prevention before proliferation of campaigns to European entities. Additionally, as the #war in #Ukraine continues into its third month, we cover the latest #geopolitical developments.
Weekly Intelligence Summary from QuoIntelligence

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 21 – 27 April is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights:

Current Threat

Emotet Implements New Delivery Techniques, Increases Activity, And Fixes Bugs In Their Malicious Payload

Since the return of their activity in November 2021, 10 months after its disruption, Emotet is again one of the most prolific botnets and trojans targeting Windows platforms to distribute follow-on malware. Emotet is already considered the top 1 malware family by CheckPoint researchers. According to ProofPoint researchers, the new wave of activity has a low-volume nature and differs from the typical behavior of the threat group.

 

Threat Actor

New Malware of Lazarus Group Targetting Specific Process

Industries impacted: Information Technology, Materials

Following up on the recent activity of Lazarus group reported by Symantec, this week, AhnLab ASEC team also released a related report, describing activity targeting the defense and chemical sectors in the South Korea. QuoIntelligence continues to assess the campaigns described within the reports conducted by Lazarus, given that the campaigns point to attempts of industrial and military espionage. Additionally, QuoIntelligence is tracking the activity for awareness and early defense and prevention before proliferation of campaigns to European entities.

Rollups:

Industries impacted: Consumer Discretionary, Financials, Government

  • SentinelLabs Reports Nokoyawa and Hive Ransomware Are Not Related
  • Iranian APT35 Leveraged Recently Patched VMWare Vulnerability to Push New Backdoor
  • Industrial Spy: New eCrime Marketplace Sells Stolen Data from Breached Companies
  • Two Months of Russian Cyber-Activity Ukraine Reported by Microsoft

Geo Highlights

Ukraine update: Russia Halts Gas Export to Some EU Countries, Moldova Potentially at Risk

The war in Ukraine enters its third month as the tone of confrontation between Russia and Western countries grows. This, together with Russia’s warning that the Transnistria region could be drawn into the war in Ukraine, signals the invasion is unlike to end any time soon. Diplomacy seems to have stalled, likely resulting in a long-lasting conflict. This is likely to result in global disruptions of supply chains that will extend through the year and in increased commodity prices. Organizations are also likely to reshape how and from where they get their supplies as new alliances and tensions appear in the geopolitical landscape.

Rollups:

Industries impacted: Information Technology

  • Digital Services Act: Council and European Parliament Provisional Agreement for Making the Internet a Safer Space for European Citizens
  • EU, India Agree to Broaden Ties Amid Ukraine War
  • FBI Director Says Espionage Threat Posed by China Is Unprecedented in History
  • France Opens Investigation into ‘Serious’ Sabotage of Internet Network

    Interested in becoming a premium customer?

    Unlock exclusive benefits by becoming a premium customer

    Share this article:

    Weekly Intelligence Snapshot – Week 17

    Share this article:

    Related Posts

    Subscribe To Our
    Weekly Newsletter

    Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.