QuoIntelligence’s Weekly Intelligence Snapshot for the week of 09 – 15 March is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!
Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!
Cyber Highlights
Current threat
APT29 Targets Europe in New Campaign Abusing Notion
Industry impacted: Government
Several researchers from Palo Alto, BlackBerry, and Gianluca Tiepolo recently reported on an APT29/Nobelium/Cloaked Ursa campaign targeting Europe through lures instrumenting the Ministry of Foreign Affairs of Poland and Czechia as well as the European Commission. The campaign delivers the GraphicalNeutrino loader and implements C2 over Notion to download Cobalt Strike beacons to infected devices.
Current threat
Microsoft February Patch Tuesday Addresses 83 Flaws, Including 2 Actively Exploited Zero-Days
Microsoft released its monthly Patch Tuesday security update, which includes fixes for 83 flaws, two of which are actively exploited zero-days, and nine more are of critical severity. Impacted products include Microsoft Windows, Microsoft Office, Microsoft Exchange Server, and Microsoft SharePoint. Other vendors who have also released important security updates this Patch Tuesday include Fortinet and Adobe.
Rollups
Industries impacted: Energy, Financials, Government, Health Care
- A New Variant of the Xenomorph Banking Trojan Targets Over 400 Financial Institutions Globally
- Novel Golang-Based Malware GoBruteforcer Targeting Web Servers
- New Threat Actor YoroTrooper Targeting Government and Energy In Multiple Regions
- DEV-1101: Circumventing MFA With Specialised Phishing Kit Service
- Magniber Ransomware Implemented a Variant of Microsoft SmartScreen bypass
Geo Highlights
US Financial Sector Turmoil to Likely Increase Scrutiny on the Banking Sector
Industry impacted: Financials
QuoIntelligence analyzes the volatile situation in the banking sector after the collapse of Silicon Valley Bank in the US and Credit Suisse’s current struggles.
Rollups
Industries impacted: Government, Industrials, Information Technology
- Biden Administration’s Budget Focuses on Outcompeting China and Confronting Threats to Global Security
- EU Presents its Space and Maritime Strategy and Seeks to Protect Domains Against New Threats
- China is Increasing its Control Over Cable Projects in the South China Sea
- Update on the UK’s Foreign Policy Framework Reflects China and Russia Continue to be Key Points
- Russian Fighter Jet Forces Down US Drone Over Black Sea
Community Area
Outlook
- 14 March – secIT Hannover
- 14 March – APIsecure 2023
- 4-5 April – ItaliaSec (Rome)
QuoIntelligence is a sponsor for the 2023 edition of ItaliaSec where CEO Marco Riccardi will host a roundtable discussion: Italy under attack: how and why to use Threat Intelligence to distinguish real threats from media hype.
Latest Reports
(Sent to PREMIUM Customers only)
- 16 March – Technology Brief: Information Stealer Malware — A constant threat in the landscape
Information stealer malware is one of the most common malware families in the current threat landscape. Designed to steal sensitive information from computers and mobile devices and impacting mainly remote workers, these types of attacks can be devastating for businesses, and result in identity theft, financial loss, and reputational damage. - 6 March – Technology Brief: SystemBC — A Widespread, Lesser-Known, Multipurpose Malware
Likely to remain a threat across all sectors, the malware family SystemBC hasn’t received much public reporting or research, leaving organizations vulnerable to attack from this dangerous threat vector.