Weekly Intelligence Snapshot – Week 31

We report on SentinelOne's findings on LockBit's latest method which employs the MpCmdRun.exe executable, which is extremely difficult to detect.
Weekly Intelligence Summary from QuoIntelligence

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 28 July-3 Aug is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Current Threat

LockBit Ransomware Abuses Legitimate Utilities to Sideload Cobalt Strike

SentinelOne researchers described the procedures used by the LockBit ransomware operators to sideload a Cobalt Strike DLL through a legitimate executable. Notably, the executable in question was the MpCmdRun.exe – a Windows Defender command line tool. Using part of the Windows security tooling, however, can make it especially challenging to detect and disrupt activity.

Rollups

Industries impacted: Energy, Financials, Utilities

  • Microsoft Finds Partnership Between DEV-0206 and DEV-0243
  • Massive Network for Fake Investment Scams Targeting Europe
  • European Gas Pipeline Breached by BlackCat Ransomware Group
  • Attackers Leveraging Stolen Certificate to Sign Mimicked Apps and Services and Spread Malware
  • US Crypto Firm Nomad Hit by EUR 187.42 Million (USD 190 Million) Theft
  • Manjusaka: Advertised as an Imitation of the Cobalt Strike Framework.

Geo Highlights

Soaring Tensions Across Taiwan Strait Could Disrupt Global Supply Chains and Affect the Cyber Threat Landscape

Industries impacted: Financials, Government, Information Technology

Soaring tensions between China, Taiwan, and the US amid the official visit to Taiwan by the US House of Representatives Speaker Nancy Pelosi underline the strategic position of the Taiwan Strait for global trade, as well as the world’s dependency on Taiwan’s semiconductor industry. QuoIntelligence analyzes the impact of the current crisis on global supply chains and on the cyber threat landscape.

Rollups 

Industries impacted: Financials, Government, Information Technology

  • US Congress Passes Bill to Boost Domestic Chip Manufacturing
  • US and Indonesia Are Holding “Super Garuda Shield” Military Exercise Amid Heightened Indo-Pacific Tensions
  • SEC Intensifies its Pressure on Crypto Trading Platforms to Register With Regulator
  • European Commission To Open New Office in San Francisco Focused On Tech Regulation

 

Outlook

  • 6 August – Black Hat US 2022
  • 11 August – DEF CON 30 Hacking Conference

 

Interested in becoming a premium customer?

Unlock exclusive benefits by becoming a premium customer

Share this article:

Weekly Intelligence Snapshot – Week 31

Share this article:

Related Posts

Subscribe To Our
Weekly Newsletter

Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.