Weekly Intelligence Snapshot – Week 20

Officials in multiple European countries were targeted by a newly discovered malicious firmware implant called "Horse Shell".

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 11 – 17 May is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Current threat

Camaro Dragon: The APT Group Targets EU Entities by Exploiting TP-Link Router Firmware

Check Point researchers uncovered a malicious firmware implant tailored for TP-Link routers by the Chinese state-sponsored APT group Camaro Dragon targeting officials in multiple European countries. The Camaro Dragon activity overlaps with the Chinese APT Mustang Panda cluster. The implant features several malicious components, including a custom backdoor dubbed “Horse Shell”, which enables the attackers to maintain persistence, build anonymous infrastructure, and move laterally within compromised networks. According to the researchers, the Horse Shell firmware implant is firmware-agnostic, suggesting its potential compatibility with firmware images designed for routers from other vendors.

Rollups

Industries impacted: Financials, Health Care, Industrials, Information Technology

  • New Malicious Advertising Campaign Delivers Redline Stealer Via Infected AI Tools
  • Swiss Tech Giant ABB Confirms IT Security Incident Impacting Operations Worldwide
  • Russia-Based CheckMate Ransomware Targets Server Message Block (SMB) Communication Protocol
  • CLR SqlShell Malware Actively Targets MS SQL Servers for Crypto Mining and Ransomware
  • RA Group: New Ransomware Group Utilizes Babuk Source Code to Target Several Industries
  • New MEME#4CHAN Phishing Campaign uses Follina Vulnerability to Drop XWorm Payload

Geo Highlights

Challenges of Technical Standardization Amid Growing Polarization of the Geopolitical Landscape

QuoIntelligence analyzes the geopolitical importance of technical standardization and the implications of China’s growing influence in technical standard-setting for European companies.

Rollups

Industries impacted: Communication Services, Financials, Information Technology

  • EU’s Black Sea Internet Cable Project Aims to Reduce Dependency on Russia, Strengthening Global Infrastructure Security
  • US Department of Justice Announces Crypto Crackdown to Combat Illicit Activities
  • The European Parliament Votes To Ban Greenwashing and Premature Obsolescence
  • Iceland, Ireland, Japan, and Ukraine Join NATO’s Cooperative Cyber Defense Center of Excellence
  • US Disruptive Technology Strike Force Unveils First Espionage Cases Involving China, Russia, and Iran

Community Area

Outlook

  • 19 May – G7 Leaders’ Summit
  • 19 May – HackMiami X
  • 24 May – 3rd ENISA Telecom & Digital Infrastructure Security Forum 

Latest Reports

(Sent to PREMIUM Customers only)

  • 18 May – Intel Brief: Use of exploitation frameworks alternative to cobalt strike by threat actors
    We analyze why advancements in Cobalt Strike Beacon detection have made it harder for criminal and state-affiliated threat actors to use Cobalt Strike successfully.
  • 21 April – Intel Brief: CBDC’s Impact on the Geopolitical Landscape & Cybersecurity Risks
    An overview of the impact of central bank digital currencies (CBDCs) that represent a new challenge, particularly for the EU and Western countries.

Latest Blog

Interested in becoming a premium customer? Let’s talk

Interested in becoming a premium customer?

Unlock exclusive benefits by becoming a premium customer

Share this article:

Weekly Intelligence Snapshot – Week 20

Share this article:

Related Posts

Subscribe To Our
Weekly Newsletter

Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.