QuoIntelligence’s Weekly Intelligence Snapshot for the week of 4 – 10 May is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!
Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!
Cyber Highlights
Current threat
US And Partners Identify Russian Snake Malware Infrastructure Worldwide
Industries impacted: Communication Services, Financials, Government, Utilities
The National Security Agency (NSA) and partner agencies have identified the infrastructure for Snake malware, a Russian cyberespionage tool, in over 50 countries. Victims include education institutions, small businesses, media organizations, and critical infrastructure sectors in the US, as well as sensitive intelligence targets globally. The Snake malware is attributed to a unit within Center 16 of Russia’s Federal Security Service (FSB). The announcement is complemented by a technical report providing guideline for hunting Snake implant in the environment. Furthermore, US government and allies disrupted the infrastructure of the malware.
Vulnerability
Microsoft May Patch Tuesday Addresses 38 Flaws, Including 2 Actively Exploited Zero-Days
Microsoft released its monthly Patch Tuesday security update, which includes fixes for 38 flaws, three of which are zero-days, with two of them being actively exploited. Impacted products include Microsoft Windows and Microsoft Outlook. Other vendors who have also released important security updates this Patch Tuesday include Android and Cisco.
Rollups
Industries impacted: Consumer Discretionary, Energy, Financials, Government, Industrials, Information Technology, Materials, Real Estate
- North Korea’s APT Kimsuky Uses Evolved Reconnaissance Capabilities to Target Organizations in the US, Europe, and Asia
- Threat Actors Targeting Italian Banks With “drIBAN” Web-Inject Kit
- Cactus Ransomware Uses Encryption to Evade Detection
- New Akira Ransomware Operation Targets Corporate Networks Worldwide Across Industries
- Researchers Find Royal Ransomware Expanding To Target Linux and VMware ESXi
- Attempted Extortion Attack Against Dragos
Geo Highlights
Cyber insurance: Court Ruled Insurance will Cover Merck Damages Following NotPetya CyberAttack, Insurers Concerned Over Cyber Insurance Viability
Industries impacted: Financials, Information Technology
The increasing occurrence of cyberattacks has created a high demand for cyber insurance policies. However, insurers are facing difficulties, specially when resorting to act of war-like exceptions in their coverage. We analyze how a US court ruled that Merck insurance will cover NotPetya cyberattack damages since insurers failed to prove that the attack qualified as a war-like action. We also explore the Act of war Doctrine and the challenges insurers and policy holders are facing.
Rollups
Industries impacted: Financials, Industrials
- Binance Faces US Probe Over Possible Russian Sanctions Violations
- Germany, France, and Italy Position Themselves on Relations with China to Reduce Dependencies
- China’s Consultancy Crackdown Is Scaring Foreign Businesses
Community Area
Outlook
- 13 May – EU Indo-Pacific Ministerial Forum
- 16 – 17 May – DACHsec IT Security Summit
- 17 May – Cyber Security & Cloud Congress North America
Latest Reports
(Sent to PREMIUM Customers only)
- 21 April – Intel Brief: CBDC’s Impact on the Geopolitical Landscape & Cybersecurity Risks
An overview of the impact of central bank digital currencies (CBDCs) that represent a new challenge, particularly for the EU and Western countries. - 19 April – Intel Brief: Threats Related to Cloud Infrastructure Providers
Overview of the most prevalent threats related to the use of cloud services identified with recommendations to address the attack surface. - 12 April – Threat Intel Assessment: Italian Threat Landscape Q1 – Between Real Threats and Hype
Analysis of the threats Italy faced in Q1 of 2023 and what lies ahead. - 5 April – Operational Profile: LockBit
LockBit is a ransomware group whose operations are based on providing malware builders to affiliates responsible for gaining access to victim networks.
Latest Blog
- 3 May – Infostealer Malware: The Silent Threat Lurking in Your System
Infostealer malware attacks are designed to steal sensitive information such as login credentials, financial data, and personal information.
Interested in becoming a premium customer? Let’s talk