QuoIntelligence’s Weekly Intelligence Snapshot for the week of 15-21 Sep is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!
Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!
Lazarus Continues Financially Motivated Campaigns And Targets Cryptocurrency Company
Industry impacted: Financials
QuoIntelligence has observed a spearphishing campaign targeting a cryptocurrency company in Singapore. The campaign uses the LNK files disguised as PDF documents and the Microsoft HTML Applications (mshta) functionality to connect to the C2 server. Through enumeration of the infrastructure used in the attack attempt it was possible to uncover and link further related samples as the activity group is using a consistent theme of luring users to open the malicious files by suggesting that they will receive as salary increase. The activity is most likely conducted by the Lazarus activity cluster and is financially motivated.
Lockbit 3 Builder Leaked And Published On GitHub
On 21 September, the user 3xp0rt has uploaded a builder for the Lockbit 3 ransomware. Two archives were included, allegedly coming from two different sources. Both contain the complete builder for Lockbit3.0, enabling the creation of the ransomware executable that can be used to infect victims, as well as decryptor, and configuration utilities.
Industries impacted: Communication Services, Government, Information Technology, Utilities
- Webworm: Modifies Known RATs For Cyber Espionage
- Sandworm Associated Group UAC-0113 Emulates Telecommunication Providers In Ukraine
- Gamaredon APT Deploys New Information Stealer Malware To Ukrainian Government Agencies as Part of Espionage Campaign
- Ongoing ChromeLoader Campaign Identified
- TeamTNT Using Compromised Servers for Cryptomining
- Uber Suffers a Cyberattack Allegedly Linked to Lapsus$ Group
Middle East Growing Influence Amid The War In Ukraine
The war in Ukraine and the subsequent energy crisis have brought new opportunities for the Middle East which enhanced the region’s strategic position on the global geopolitical landscape. QuoIntelligence analyzes these opportunities and underlines the persistent risks tied with the region.
Industries impacted: Communication Services, Government, Information Technology
- Kyrgyzstan and Tajikistan Reach Temporary Peace Agreement as Instability Across Russian Borders Increase
- US Court of Appeals Rejects Big Tech’s Rights to Regulate Online Speech
- Chinese Semiconductor Industry Increased Scrutiny Amid China’s Corruption Crackdown and US Sanctions
- Meeting of NATO Chiefs of Defense to Discuss Implementation of Madrid Summit Decisions
- China And Russia Agree On Closer Military And Economic Partnership In Security Consultations
- 25 September – 2022 Italian general elections
- 26 September – InfoSec World
- 27 September – International Cyber Expo 2022