QuoIntelligence’s Weekly Intelligence Snapshot for the week of 23 Feb – 01 Mar is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!
Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!
Cyber Highlights:
Current threat
Likely Gamaredon Campaign Targets Ukraine Government Services
Industry impacted: Government
QuoIntelligence analyzed a malicious document sample first uploaded to malware analysis services at the end of February. The document is dated 24 February, written in Ukrainian and contains a letter allegedly from the National Police of Ukraine concerning human rights violations. Based on the theme of the lures, and the deployed techniques we assess with low confidence that this is a Gamaredon campaign.
BlackLotus UEFI Bootkit Infects Fully Patched Systems
ESET reported on a UEFI bootkit capable of bypassing Secure Boot on fully updated UEFI systems. BlackLotus bootkit is capable of running on even fully-up-to-date Windows 11 systems with UEFI Secure Boot enabled. It exploits vulnerability CVE-2022-21894 to bypass Secure Boot and set up persistence for the bootkit.
Rollups
Industries impacted: Financials, Industrials
- Initial Access Broker TA569 Extends Techniques
- Emerging Post-Exploitation Framework Offered as MaaS Likely By Former LockBit Affiliates
- Disrupted Investment Scam Network Targeting Victims Around The World
- New Lockbit Campaign Observed With Effective Defense Evasion
Geo Highlights
New US Cybersecurity Strategy Proposes To Shift the Burden of Cybersecurity From Users to Tech Providers
Industry impacted: Information Technology
QuoIntelligence analyzes the key elements of the US National Cybersecurity Strategy and hints from the US CISA Director’s speech this week at Carnegie Mellon University on the US‘ perception of the current cyber threat landscape.
Rollups
Industries impacted: Energy, Financials, Information Technology
- China Asks Small Companies to Declare and Assess the Risk of Data Transfers Abroad
- Banks and Energy Companies are Facing Increasing Pressure and Lawsuits Over Fossil Fuel Financing
- US Regulators Warn Banks Over Crypto-related Liquidity Risks
- US Court Says AI-Created Images Not Granted Copyright Protection
Community Area
Outlook
- 6 March – Nullcon Berlin 2023
- 8 March – Cloud & Cybersecurity Expo London 2023
Latest Report
(Sent to Premium Customers only)
- 28 February – Use of Cyber Operations by Russia in the Context of the First Year of War in Ukraine
2023 Forecast (blog)
‚Innovation’, ‘Professionalization’, ‘Polarization’…Three Words For The Cyber & Political Threat Landscape In 2023
The cyber threat landscape evolves as quickly as technology, often faster than security teams can develop, mature and establish secure cyber systems. Read our 2023 outlook based on trends we observed through 2022 and how we expect them to evolve.