Weekly Intelligence Snapshot – Week 37

This week we report Emotet is still active. The DFIR Report describes an incident in May 2022 which began with a phishing email containing an Excel file with a malicious macro. Microsoft fixed 63 vulnerabilities in its PatchTuesday bulletin including two zero-day vulnerabilities, one actively exploited in the wild. In Geopolitics, Armenia and Azerbajan resumed conflict. Despite a reported temporary ceasefire, a new conflict in the region could worsen the global #EnergyCrisis and possibly pull in #Russia and #Turkey to the conflict.
Weekly Intelligence Summary from QuoIntelligence

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 8-14 Sep is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Current Threat

The DFIR Report described an incident from May 2022 where an Emotet infection led to the compromise of an environment through subsequent use of Microsoft Excel Macro, Cobalt Strike and PsExec among other common tooling. According to the researchers, the ultimate goal was the deployment of ransomware but the intrusion was stopped before this stage. The incident highlights the need for organizations to maintain basic security practices – the tooling and methodology used in this breach are well known and have been analyzed multiple times. This is especially true for the initial access vector, as the use of Office macros is one of the most common delivery vectors.

Vulnerability

Microsoft September Patch Tuesday Addresses 63 Flaws, Including an Actively Exploited Zero Day

Microsoft fixed 63 vulnerabilities as part of its monthly Patch Tuesday update, including five critically rated vulnerabilities. Impacted products include Microsoft Windows and Microsoft Edge. Two of the vulnerabilities are considered zero-day vulnerabilities, with one being actively exploited in the wild. Other major companies such as Adobe, Apple, Cisco, Google, SAP, VMware, Schneider Electric, Siemens, and Lenovo, have all released important security updates for various products this month.

Rollups:

Industries impacted: Energy, Government

  • Lazarus Group: Observed Targeting Energy Providers
  • Containers and Commands Abused During Cyber Attacks Identified Using Honeypots
  • Lorenz Ransomware Group: Successfully Exploits Patched Vulnerability
  • Magento Vendor Fishpig Infected with Rekoobe RAT
  • APT41: Creates Linux Variant of SideWalk Backdoor
  • OriginLogger: A Look at Agent Tesla’s Successor

Geo Highlights

Fresh Clashes Erupt Between Azerbaijan and Armenia, Threatening to Further Destabilize the Region Despite Temporary Ceasefire

Industry impacted: Government

The open conflict between Armenia and Azerbaijan that resumed on 12 September over disputed territories risks further destabilizing regional security. A large scale conflict could also worsen the current energy crisis, since the Caucasus is an important corridor for oil and gas pipelines. In addition, if not resolved, the conflict would risk dragging in Russia and Turkey, which have supported in the past Armenia and Azerbaijan respectively.

Rollups 

Industry impacted: Government, Information Technology

  • NATO Classified Documents Were Leaked as a Result of an Alleged Cyberattack on the Portuguese Government
  • Kim Jong-un Passes New Law And Says North Korea Will Never Give Up Nuclear Weapons
  • EU Cyber Resilience Act Will Introduce Tougher Cybersecurity Regulations for IoT Devices
  • US Plans To Expand Chip Export Restrictions On China
  • Russia Announces New Policy for Microelectronics, Recognizes Lack of Production Capacity
  • Russia Is Suspected To Spend Millions To Influence The Global Political Landscape

 

Community Area

Outlook

  • 20 September – Cybersecurity & Cloud Expo – Europe
  • 22 September – Global Cyber Conference – Zurich Edition

 

Interested in becoming a premium customer?

Unlock exclusive benefits by becoming a premium customer

Share this article:

Weekly Intelligence Snapshot – Week 37

Share this article:

Related Posts

Subscribe To Our
Weekly Newsletter

Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.