QuoIntelligence’s Weekly Intelligence Snapshot for the week of 9 – 15 Feb is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!
Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!
Cyber Highlights
Current threat
Worldwide Corporate Credential Harvesting Campaign Using Telegram C2 In Email Attachment
QuoIntelligence research team identified an ongoing phishing campaign targeting companies across all sectors worldwide. In order to harvest credentials for Office 365 corporate environments, the campaign uses an innovative technique leveraging a Telegram bot API. This campaign reveals a novel usage of Telegram as C2 through the code embedded within the presented phishing site, which is delivered to the target as an HTML file attached to the phishing email.
Vulnerability
Microsoft February Patch Tuesday Addresses 77 Flaws, Including 3 Actively Exploited Zero-Days
Microsoft released its monthly Patch Tuesday security update, which includes fixes for 77 flaws, three of which are actively exploited zero days, and nine more are of critical severity. Impacted products include Microsoft Windows, Microsoft Office, Microsoft Exchange Server, and Microsoft SharePoint. Other vendors who have also released important security updates this Patch Tuesday include Apple and Atlassian.
Rollups
Industry impacted: Information Technology
- Threat Actor Continues To Conduct Malvertising Campaigns
- Namecheap Admits Breach Causing A Flood Of Phishing E-mails Through a Third-Party Provider
- Beep: A New Extremely Evasive Information Stealer Malware
- ESXiArgs Ransomware Continues Attacks Targeting European Countries
Geo Highlights
Central Bank Digital Currencies: Geopolitical Race And Risks
Industries impacted: Financials, Government
More than 100 countries are now exploring central bank digital currencies (CBDC) at different levels. All G7 economies are currently in the development stage of a CBDC and 11 countries have fully launched a digital currency. As central banks are moving forward with CBDC projects, QuoIntelligence analyzes the geopolitics of public digital money and the risks it entails.
Rollups
Industries impacted: Energy, Financials, Government, Industrials, Information Technology, Materials
- South Africa, Russia, and China Announce Joint Military Drills in South Africa, as they Boost Cooperation
- US Announced New EV Charger Rules Amid Subsidy Race with Europe
- Russia To Cut Oil Output In March To Boost Prices
- European Systemic Risk Board Publishes Report Highlighting Increased Risk of Cyberattacks On the EU Financial System by State-Sponsored Actors
Community Area
Outlook
- 17 February – HACKRON 2023
- 17 February – Munich Security Conference
- 22 February – Silicon Valley Cyber Security Summit
2023 Forecast (blog)
‘Innovation’, ‘Professionalization’, ‘Polarization’…Three Words For The Cyber & Political Threat Landscape In 2023
The cyber threat landscape evolves as quickly as technology, often faster than security teams can develop, mature and establish secure cyber systems. Read our 2023 outlook based on trends we observed through 2022 and how we expect them to evolve.