Weekly Intelligence Snapshot – Week 21

Current Threat

Update on Gamaredon Activity and Infrastructure 

Industry impacted: Government

On 21 April, in the 16th Weekly Intelligence Snapshot, Quointelligence reported on the Gamaredon group activity characterized by the use of SFX archives to deliver malware. We continued to track this activity and collected on further occurrences of related activity, which enabled us to map the infrastructure used and establish a pattern of behavior.

Rollups

Industries impacted: Government, Information Technology

• Fronton: A Russian Botnet for Creation, Command, and Control of Coordinated Inauthentic Behavior
• Fronton: A Russian Botnet for Creation, Command, and Control of Coordinated Inauthentic Behavior
• Conti Ransomware Shuts Down Operation, Rebrands Into Smaller Units
• FIN12: Researchers Expose Their Inner Workings
• Twisted Panda: Chinese APT Espionage Operation Against Russian’s State-Owned Defense Institutes
• Russia’s Turla group Launches Espionage Phishing Campaign Targeting Eastern Europe
• Unknown APT Group has Targeted Russia Repeatedly Since Ukraine Invasion
• Chrome Update Warning: Google Reports A Critical Vulnerability
• REvil: DDoS Extortion Attack Flagged as Possible Part of Their Resurgence
• Industrial Spy: Switching To The Ransomware Model

Geo Highlights

Rollups

Industries impacted: Communication Services, Government

• US and South Korea Agree to Strengthen Alliance and Restarting Joint Military Drills
• Iran Said it Will Avenge the Killing of Revolutionary Guards Colonel
• US to Defend Taiwan Militarily if China Invades
• Canada Bans Huawei and ZTE From its 5G Networks
• Quad Leaders Reaffirm Commitment in Indo-Pacific, Russian and Chinese Warplanes Conducted Patrol in Region