QuoIntelligence’s Weekly Intelligence Snapshot for the week of 6 – 12 April is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!
Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!
Cyber Highlights
Current threat
Threat Actors Leveraging Windows Server Zero-Day to Push Nokoyawa Ransomware
Industries impacted: Consumer Discretionary, Energy, Health Care, Industrials, Information Technology
Kaspersky researchers detected a series of privilege escalation attempts on a number of monitored workstations in the Middle East, North America, and Asia in February 2023. The attackers used zero-day exploits to achieve the privilege escalation. Attributed to a ransomware group, the attacks ended with the deployment of the Nokoyawa ransomware payload. Exploitation of a zero-day vulnerability is notable in the eCrime landscape and is normally used by APTs.
Vulnerability
Microsoft April Patch Tuesday Addresses 97 Flaws, Including 1 Actively Exploited Zero-Day
Microsoft released its monthly Patch Tuesday security update, which includes fixes for 97 flaws, one of which is an actively exploited zero-day, and seven of critical severity. Impacted products include Microsoft Windows, Microsoft Office, Microsoft Exchange Server, and Microsoft Edge. Other vendors who have also released important security updates this Patch Tuesday include Apple and SAP.
Rollups
Industry impacted: Information Technology
- Microsoft Takes Legal Action Against Cracked Cobalt Strike Distribution
- MERCURY and DEV-1084: Destructive Attacks against On-Premise and Cloud Environments
- FusionCore: New European Malware-as-a-Service (MaaS) Group Offers SarinLocker Ransomware Through its Affiliate Program
- Researchers Discover Critical Exploitation Path Utilizing Microsoft Azure Shared Key Authorization As Backdoors
- New Cylance Ransomware Equipped With Command-Line Capabilities
- LinkedIn Announced a Set of New Free Verification Features to Authenticate Users and Their Employment History
Geo Highlights
Regulators Oversight on AI Increases Following Widely Use of ChatGPT and its Recent Data Breach
Industry impacted: Information Technology
As the use of ChatGPT rises, and the potential risks with it, regulators are increasing oversight on AI technologies. QuoIntelligence analyzes the current AI regulatory frameworks, and how world powers are responding to AI challenges.
Rollups
Industries impacted: Financials, Government, Information Technology
- Google Restricts Predatory Loan Apps’ Access To Users’ Sensitive Data
- Japan Increases Export Controls on Semiconductor Equipment as Tensions with China Rise
- Turmoil Over Macron’s Taiwan Remarks Exposes EU Divisions On China
- Members of the European Parliament To Call For Renegotiation Of EU-US Data Transfer Framework
Community Area
Outlook
- 17 April – Privacy Symposium 2023
- 19 April – NATO Cybersecurity Exercise Locked Shields
- 17 April – Cybersec Europe 2023
Latest Reports
(Sent to PREMIUM Customers only)
- 5 April – Operational Profile: LockBit
LockBit is a ransomware group whose operations are based on providing malware builders to affiliates responsible for gaining access to victim networks. - 31 March – Operational Profile: Phoenix Group
Phoenix Group is a pro-Russia hacktivist group active since April 2022 and involved in DDoS and defacement attacks. In February 2023 it announced it was joining Killnet.
Interested in becoming a premium customer? Let’s talk