Weekly Intelligence Snapshot – Week 47

Our tracking of the Mustang Panda group reveals a different DLL sideloading technique from those seen this year.
Weekly Intelligence Summary from QuoIntelligence

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 17 – 23 Nov is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights:

Current threat

New Infection Chain Used Likely By Mustang Panda Delivering PlugX

Industry impacted: Government

On 21 November, QuoIntelligence observed a researcher posting on Twitter information related to an alleged sample of the Mustang Panda malware family. The analysis of this phishing attachment indicates that it is likely used by the Mustang Panda activity group to target government entities in Myanmar. The RAR archive includes legitimate PDF documents as well as a legitimate executable used to sideload a malicious DLL file. While DLL sideloading is a technique used consistently by Mustang Panda, the method of delivery shows a departure from practices observed in campaigns we analyzed earlier this year.

Rollups:

Industries impacted: Consumer Staples, Energy, Government, Health Care, Industrials, Materials

  • New Vulnerabilities Patched in F5 BIG-IP and BIG-IQ, Exploits Available And Weaponized
  • DEV-0569: Royal Ransomware Delivery Through Malvertising Campaign
  • Increasing Cybersecurity Risks For Offshore Oil and Gas Infrastructures
  • Mustang Panda Spear-Phishing Campaign Targets Governments Worldwide
  • Nighthawk: Pentest Tool Likely to Be Leveraged by Threat Actors
  • Aurora Stealer Becoming Prevalent Ecrime Threat, Poorly Detected
  • Ransomware Attacks on Critical Infrastructure Foreseen as Trend in 2023

Geo Highlights

Increased Scrutiny Over Foreign IT Providers Under GDPR Compliance and EU Competition Rules

Industries impacted: Government, Health Care, Information Technology

EU Countries are increasing oversight on foreign providers as the EU tries to boost its own domestic industry to increase EU digital sovereignty. Nevertheless, increased oversight on major foreign IT providers also present challenges to EU organizations, which face increased regulatory risk and limited alternatives.

Rollups 

Industries impacted: Consumer Discretionary, Government, Information Technology

  • New Interoperable Europe Act To Digitalize And Improve Public Services For Citizens And Businesses
  • Renewed Tensions In South China Sea Amid US Vice President’s Visit to Philippines
  • Iran Moves Forward With Nuclear Program Bringing More Instability In The Middle East
  • Investigation on IKEA: Due Diligence Risk Increases as Oversight on Retail Provider Rises

Community Area

Outlook

  • 1 December – Cyber Security & Cloud Expo Global

Latest Mercury Newsletter

(Available to Customers only)

  • 2 November – New Mercury Milestone Reached!
    All the functionality of Mercury Legacy now available in the beta version of the new Mercury.
    New feature – Nested Comments in Alerts
    Maintain discussions with our analysts in the Brand Protection, Vulnerabilities Intelligence and Service Requests alerts.

    Interested in becoming a premium customer? Let’s talk

     

    Interested in becoming a premium customer?

    Unlock exclusive benefits by becoming a premium customer

    Share this article:

    Weekly Intelligence Snapshot – Week 47

    Share this article:

    Related Posts

    Subscribe To Our
    Weekly Newsletter

    Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.