Weekly Intelligence Snapshot – Week 20

Current Threat

PowerShell Reverse Shell Targets Germany Using Ukraine As a Lure

Malwarebytes Threat Intelligence has reported about an attack using the lure of information about the war in Ukraine to target users in Germany. According to Malwarebytes, no attribution can be made due to lack of solid indicators; however, based on motivation alone, they hypothesize that a Russian threat actor could be behind the campaign.

Rollups

Industries impacted: Consumer Discretionary, Financials, Information Technology

• Cobalt Mirage: Iran-linked group conducts ransomware and espionage operations
• Info-stealer Campaign Targets German Automobile Industry
• Eternity Project: New Toolkit-As-a-Service Offered Via Telegram
• Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors
• A New Version of Cryptojacking Sysrv Botnet Targets Windows and Linux Servers
• US Government Warns of North Korean Nationals Applying to IT Roles
• Conti Ransomware Operators Openly Sides Against LockBit and BlackCat
• CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities

Geo Highlights

Ukraine: How the War in Ukraine is Impacting the IT Sector, Potential Russian Threat Actors Response

Industry impacted: Information Technology

The war in Ukraine is resulting in increased international cooperation on cybersecurity, as the latest US-EU Technology council shows. In addition, as sanctions on Russia increase, Russia remains more isolated, posing risks to its domestic IT sectors, and potentially affecting the global threat landscape.

Rollups

Industries impacted: Energy, Financials, Government, Health Care, Industrials, Information Technology

• The EU and Japan to Cooperate on Indo-Pacific Security, Energy, Cybersecurity
• The EU Reaches a Provisional Agreement on NIS2 and DORA
• EU Unveils New Plan to End Reliance on Russian Energy by 2027