Weekly Intelligence Snapshot – Week 14

Kaspersky reports that some victims compromised in the SupplyChain attack against 3CX's Desktop Application VoIP software also had the Gopuram Backdoor installed.
Weekly Intelligence Summary from QuoIntelligence

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 30 March – 5 April is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Current threat

Evasive Campaign Uses OneNote And CMD Scripts To Target Italy 

QuoIntelligence observed an email campaign with OneNote attachments targeting Italy delivering the Gozi backdoor. The campaign has been active at least since 24 March and the email lure plays on new regulations regarding marital status in Italy. This campaign shows the continued use of OneNote documents used as an initial infection vector, illustrating the shift away from Office macros observable in the general threat landscape that QuoIntelligence has reported on during the last few weeks.

Gopuram Backdoor Deployed Through Compromised 3CX Application

Industries impacted: Financials, Information Technology

Kaspersky researchers reported on the Gopuram backdoor distributed as an aftermath of the compromise of 3CX Desktop Application VoIP software. The malware was distributed to selected devices of the victims operating in the cryptocurrency sector.

Rollups

Industries impacted: Government, Information Technology

  • New Highly Modular AlienFox Toolkit Steals Credentials From Multiple Cloud Service Providers
  • The Chinese State-Sponsored RedGolf Group is Targeting Windows and Linux Systems With the KEYPLUG Backdoor
  • Newly Discovered Russia-Aligned APT Winter Vivern Targeting European Entities Supporting Ukraine with Zimbra Vulnerability
  • New Version of Typhon Reborn Infostealer Released With Improved Anti-Analysis and Evasion Capabilities
  • Researchers Find Cybercriminals Exploit Log4j In New Proxyjacking Attack On Kubernetes Infrastructure
  • A Global Law Enforcement Operation Seized Genesis Market, One of the Largest Criminal Marketplaces in the World

Geo Highlights

Russia Releases New Foreign Policy Concept: Increase Cooperation with China and Asia, and Polarized Vision of International Relations

Industry impacted: Government

QuoIntelligence analyzes the key elements of Russia’s new foreign policy which provides an overview of Russian perception of the state of the current geopolitical landscape. The document highlights the importance for Russia of cooperating with Asia, and its polarized vision of international relations.

Rollups

Industries impacted: Financials, Government, Information Technology

  • ASEAN Countries Consider Dropping US Dollar, Euro, and Yen
  • Japan Increases Export Controls on Semiconductor Equipment as Tensions with China Rise
  • Italy’s Temporary Ban of ChatGPT Makes Other EU Regulators Consider Similar Options
  • UK Government Releases Draft Proposals For New Post-Brexit Border Controls

 

Community Area

Outlook

  • 13 April – Smart Cybersecurity Summit Singapore 2023

Latest Reports

(Sent to PREMIUM Customers only)

  • 5 April – Operational Profile: LockBit
    LockBit is a ransomware group whose operations are based on providing malware builders to affiliates responsible for gaining access to victim networks.
  • 31 March – Operational Profile: Phoenix Group
    Phoenix Group is a pro-Russia hacktivist group active since April 2022 and involved in DDoS and defacement attacks. In February 2023 it announced it was joining Killnet. 

Interested in becoming a premium customer? Let’s talk

Interested in becoming a premium customer?

Unlock exclusive benefits by becoming a premium customer

Share this article:

Weekly Intelligence Snapshot – Week 14

Share this article:

Related Posts

Subscribe To Our
Weekly Newsletter

Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.