Weekly Intelligence Snapshot – Week 09

Another busy week: Gamaredon is growing as we see a malicious document sample uploaded to malware analysis services, BlackLotus is bypassing Secure Boot on fully-updated UEFI Windows 11 systems and the US National Cybersecurity Strategy has been released.
Weekly Intelligence Summary from QuoIntelligence

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 23 Feb – 01 Mar is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights:

Current threat

Likely Gamaredon Campaign Targets Ukraine Government Services

Industry impacted: Government 

QuoIntelligence analyzed a malicious document sample first uploaded to malware analysis services at the end of February. The document is dated 24 February, written in Ukrainian and contains a letter allegedly from the National Police of Ukraine concerning human rights violations. Based on the theme of the lures, and the deployed techniques we assess with low confidence that this is a Gamaredon campaign.

BlackLotus UEFI Bootkit Infects Fully Patched Systems

ESET reported on a UEFI bootkit capable of bypassing Secure Boot on fully updated UEFI systems. BlackLotus bootkit is capable of running on even fully-up-to-date Windows 11 systems with UEFI Secure Boot enabled. It exploits vulnerability CVE-2022-21894 to bypass Secure Boot and set up persistence for the bootkit.

Rollups

Industries impacted: Financials, Industrials

  • Initial Access Broker TA569 Extends Techniques
  • Emerging Post-Exploitation Framework Offered as MaaS Likely By Former LockBit Affiliates
  • Disrupted Investment Scam Network Targeting Victims Around The World
  • New Lockbit Campaign Observed With Effective Defense Evasion

Geo Highlights

New US Cybersecurity Strategy Proposes To Shift the Burden of Cybersecurity From Users to Tech Providers

Industry impacted: Information Technology

QuoIntelligence analyzes the key elements of the US National Cybersecurity Strategy and hints from the US CISA Director’s speech this week at Carnegie Mellon University on the US’ perception of the current cyber threat landscape.

Rollups

Industries impacted: Energy, Financials, Information Technology

  • China Asks Small Companies to Declare and Assess the Risk of Data Transfers Abroad
  • Banks and Energy Companies are Facing Increasing Pressure and Lawsuits Over Fossil Fuel Financing
  • US Regulators Warn Banks Over Crypto-related Liquidity Risks
  • US Court Says AI-Created Images Not Granted Copyright Protection

 

Community Area

Outlook

  • 6 March – Nullcon Berlin 2023
  • 8 March – Cloud & Cybersecurity Expo London 2023

Latest Report

(Sent to Premium Customers only)

  • 28 February – Use of Cyber Operations by Russia in the Context of the First Year of War in Ukraine

2023 Forecast (blog)

‘Innovation’, ‘Professionalization’, ‘Polarization’…Three Words For The Cyber & Political Threat Landscape In 2023
The cyber threat landscape evolves as quickly as technology, often faster than security teams can develop, mature and establish secure cyber systems. Read our 2023 outlook based on trends we observed through 2022 and how we expect them to evolve.

Interested in becoming a premium customer? Let’s talk

Interested in becoming a premium customer?

Unlock exclusive benefits by becoming a premium customer

Share this article:

Weekly Intelligence Snapshot – Week 09

Share this article:

Related Posts

Subscribe To Our
Weekly Newsletter

Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.