QuoIntelligence’s Weekly Intelligence Snapshot for the week of 8-14 Sep is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!
Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!
Cyber Highlights
Current Threat
The DFIR Report described an incident from May 2022 where an Emotet infection led to the compromise of an environment through subsequent use of Microsoft Excel Macro, Cobalt Strike and PsExec among other common tooling. According to the researchers, the ultimate goal was the deployment of ransomware but the intrusion was stopped before this stage. The incident highlights the need for organizations to maintain basic security practices – the tooling and methodology used in this breach are well known and have been analyzed multiple times. This is especially true for the initial access vector, as the use of Office macros is one of the most common delivery vectors.
Vulnerability
Microsoft September Patch Tuesday Addresses 63 Flaws, Including an Actively Exploited Zero Day
Microsoft fixed 63 vulnerabilities as part of its monthly Patch Tuesday update, including five critically rated vulnerabilities. Impacted products include Microsoft Windows and Microsoft Edge. Two of the vulnerabilities are considered zero-day vulnerabilities, with one being actively exploited in the wild. Other major companies such as Adobe, Apple, Cisco, Google, SAP, VMware, Schneider Electric, Siemens, and Lenovo, have all released important security updates for various products this month.
Rollups:
Industries impacted: Energy, Government
- Lazarus Group: Observed Targeting Energy Providers
- Containers and Commands Abused During Cyber Attacks Identified Using Honeypots
- Lorenz Ransomware Group: Successfully Exploits Patched Vulnerability
- Magento Vendor Fishpig Infected with Rekoobe RAT
- APT41: Creates Linux Variant of SideWalk Backdoor
- OriginLogger: A Look at Agent Tesla’s Successor
Geo Highlights
Fresh Clashes Erupt Between Azerbaijan and Armenia, Threatening to Further Destabilize the Region Despite Temporary Ceasefire
Industry impacted: Government
The open conflict between Armenia and Azerbaijan that resumed on 12 September over disputed territories risks further destabilizing regional security. A large scale conflict could also worsen the current energy crisis, since the Caucasus is an important corridor for oil and gas pipelines. In addition, if not resolved, the conflict would risk dragging in Russia and Turkey, which have supported in the past Armenia and Azerbaijan respectively.
Rollups
Industry impacted: Government, Information Technology
- NATO Classified Documents Were Leaked as a Result of an Alleged Cyberattack on the Portuguese Government
- Kim Jong-un Passes New Law And Says North Korea Will Never Give Up Nuclear Weapons
- EU Cyber Resilience Act Will Introduce Tougher Cybersecurity Regulations for IoT Devices
- US Plans To Expand Chip Export Restrictions On China
- Russia Announces New Policy for Microelectronics, Recognizes Lack of Production Capacity
- Russia Is Suspected To Spend Millions To Influence The Global Political Landscape
Community Area
Outlook
- 20 September – Cybersecurity & Cloud Expo – Europe
- 22 September – Global Cyber Conference – Zurich Edition