Weekly Intelligence Snapshot – Week 19

Intelligence Cables,Weekly Intelligence Snapshot

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 4 – 10 May is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Current threat

US And Partners Identify Russian Snake Malware Infrastructure Worldwide

Industries impacted: Communication Services, Financials, Government, Utilities

The National Security Agency (NSA) and partner agencies have identified the infrastructure for Snake malware, a Russian cyberespionage tool, in over 50 countries. Victims include education institutions, small businesses, media organizations, and critical infrastructure sectors in the US, as well as sensitive intelligence targets globally. The Snake malware is attributed to a unit within Center 16 of Russia’s Federal Security Service (FSB). The announcement is complemented by a technical report providing guideline for hunting Snake implant in the environment. Furthermore, US government and allies disrupted the infrastructure of the malware.

Vulnerability

Microsoft May Patch Tuesday Addresses 38 Flaws, Including 2 Actively Exploited Zero-Days

Microsoft released its monthly Patch Tuesday security update, which includes fixes for 38 flaws, three of which are zero-days, with two of them being actively exploited. Impacted products include Microsoft Windows and Microsoft Outlook. Other vendors who have also released important security updates this Patch Tuesday include Android and Cisco.

Rollups

Industries impacted: Consumer Discretionary, Energy, Financials, Government, Industrials, Information Technology, Materials, Real Estate

  • North Korea’s APT Kimsuky Uses Evolved Reconnaissance Capabilities to Target Organizations in the US, Europe, and Asia
  • Threat Actors Targeting Italian Banks With “drIBAN” Web-Inject Kit
  • Cactus Ransomware Uses Encryption to Evade Detection
  • New Akira Ransomware Operation Targets Corporate Networks Worldwide Across Industries
  • Researchers Find Royal Ransomware Expanding To Target Linux and VMware ESXi
  • Attempted Extortion Attack Against Dragos

Geo Highlights

Cyber insurance: Court Ruled Insurance will Cover Merck Damages Following NotPetya CyberAttack, Insurers Concerned Over Cyber Insurance Viability

Industries impacted: Financials, Information Technology

The increasing occurrence of cyberattacks has created a high demand for cyber insurance policies. However, insurers are facing difficulties, specially when resorting to act of war-like exceptions in their coverage. We analyze how a US court ruled that Merck insurance will cover NotPetya cyberattack damages since insurers failed to prove that the attack qualified as a war-like action. We also explore the Act of war Doctrine and the challenges insurers and policy holders are facing.

Rollups

Industries impacted: Financials, Industrials

  • Binance Faces US Probe Over Possible Russian Sanctions Violations
  • Germany, France, and Italy Position Themselves on Relations with China to Reduce Dependencies
  • China’s Consultancy Crackdown Is Scaring Foreign Businesses

Community Area

Outlook

  • 13 May – EU Indo-Pacific Ministerial Forum
  • 16 – 17 May – DACHsec IT Security Summit
  • 17 May – Cyber Security & Cloud Congress North America 

Latest Reports

(Sent to PREMIUM Customers only)

  • 21 April – Intel Brief: CBDC’s Impact on the Geopolitical Landscape & Cybersecurity Risks
    An overview of the impact of central bank digital currencies (CBDCs) that represent a new challenge, particularly for the EU and Western countries.
  • 19 April – Intel Brief: Threats Related to Cloud Infrastructure Providers
    Overview of the most prevalent threats related to the use of cloud services identified with recommendations to address the attack surface.
  • 12 April – Threat Intel Assessment: Italian Threat Landscape Q1 – Between Real Threats and Hype
    Analysis of the threats Italy faced in Q1 of 2023 and what lies ahead.
  • 5 April – Operational Profile: LockBit
    LockBit is a ransomware group whose operations are based on providing malware builders to affiliates responsible for gaining access to victim networks.

Latest Blog

Interested in becoming a premium customer? Let’s talk

Subscribe To Our
Weekly Newsletter

Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.