Weekly Intelligence Snapshot – Week 38

Malware analyst 3xp0rt has uploaded a Lockbit 3 ransomware builder, allowing anyone to build executables for their own operation.
Weekly Intelligence Summary from QuoIntelligence

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 15-21 Sep is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Incident

Lazarus Continues Financially Motivated Campaigns And Targets Cryptocurrency Company

Industry impacted: Financials

QuoIntelligence has observed a spearphishing campaign targeting a cryptocurrency company in Singapore. The campaign uses the LNK files disguised as PDF documents and the Microsoft HTML Applications (mshta) functionality to connect to the C2 server. Through enumeration of the infrastructure used in the attack attempt it was possible to uncover and link further related samples as the activity group is using a consistent theme of luring users to open the malicious files by suggesting that they will receive as salary increase. The activity is most likely conducted by the Lazarus activity cluster and is financially motivated.

Current Threat

Lockbit 3 Builder Leaked And Published On GitHub

On 21 September, the user 3xp0rt has uploaded a builder for the Lockbit 3 ransomware. Two archives were included, allegedly coming from two different sources. Both contain the complete builder for Lockbit3.0, enabling the creation of the ransomware executable that can be used to infect victims, as well as decryptor, and configuration utilities.

Rollups:

Industries impacted: Communication Services, Government, Information Technology, Utilities

  • Webworm: Modifies Known RATs For Cyber Espionage
  • Sandworm Associated Group UAC-0113 Emulates Telecommunication Providers In Ukraine
  • Gamaredon APT Deploys New Information Stealer Malware To Ukrainian Government Agencies as Part of Espionage Campaign
  • Ongoing ChromeLoader Campaign Identified
  • TeamTNT Using Compromised Servers for Cryptomining
  • Uber Suffers a Cyberattack Allegedly Linked to Lapsus$ Group

Geo Highlights

Middle East Growing Influence Amid The War In Ukraine

The war in Ukraine and the subsequent energy crisis have brought new opportunities for the Middle East which enhanced the region’s strategic position on the global geopolitical landscape. QuoIntelligence analyzes these opportunities and underlines the persistent risks tied with the region.

Rollups 

Industries impacted: Communication Services, Government, Information Technology

  • Kyrgyzstan and Tajikistan Reach Temporary Peace Agreement as Instability Across Russian Borders Increase
  • US Court of Appeals Rejects Big Tech’s Rights to Regulate Online Speech
  • Chinese Semiconductor Industry Increased Scrutiny Amid China’s Corruption Crackdown and US Sanctions
  • Meeting of NATO Chiefs of Defense to Discuss Implementation of Madrid Summit Decisions
  • China And Russia Agree On Closer Military And Economic Partnership In Security Consultations

 

Community Area

Outlook

  • 25 September – 2022 Italian general elections
  • 26 September – InfoSec World
  • 27 September – International Cyber Expo 2022

 

Interested in becoming a premium customer?

Unlock exclusive benefits by becoming a premium customer

Share this article:

Weekly Intelligence Snapshot – Week 38

Share this article:

Related Posts

Subscribe To Our
Weekly Newsletter

Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.