Weekly Intelligence Snapshot – Week 24, 2023

UNC3886 — a Chinese Cyberespionage group — is targeting defense, tech, and telecom organizations in the US and APAC.

QuoIntelligence’s Weekly Intelligence Snapshot for the week of 8 – 14 June 2023 is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!

Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!

Cyber Highlights

Current threat

UNC3886: The Chinese State-Sponsored Group Exploited VMware ESXi Zero-day to Backdoor Windows and Linux Systems

Industries impacted: Communication Services, Government, Information Technology

Chinese cyber espionage group, UNC3886, has been deploying a novel malware on systems that traditionally do not support Endpoint Detection and Response (EDR) solutions such as network appliances, SAN arrays, and VMware ESXi hosts. The group primarily targets defense, technology, and telecommunication organizations located in the US and APAC regions. The attack campaign has been ongoing since late 2022 and has shown the group’s extensive capabilities and understanding of the underlying technology of the targeted appliances. UNC3886 has been adept at avoiding detection by EDR solutions through various techniques, including credential harvesting, exploiting vulnerabilities, deploying backdoors, and tampering with logging services on the impacted systems.

Vulnerability

Microsoft June Patch Tuesday Addresses 78 Flaws, 0 Zero-Day Vulnerabilities

Microsoft released its monthly Patch Tuesday security update, which includes fixes for 78 flaws, none of which are zero-days. Impacted products include Microsoft Windows, Microsoft Exchange Server, and Microsoft SharePoint. Other vendors who have also released important security updates this Patch Tuesday include Google, Fortinet, VMware, and MOVEit.

Rollups

Industries impacted: Financials, Government, Information Technology

  • New ENISA Supply Chain Cybersecurity Guidance Stresses Collaboration, Information Sharing, and Effective Policies
  • Launch Of Google’s New “.Zip” TLDs Leads to Possible Information Leaks
  • A New Golang-Based InfoStealer Dubbed Skuld Exploiting Windows Systems Worldwide
  • Cadet Blizzard: A Novel Russian State-Sponsored Threat Actor That Conducts Focused Destructive Attacks and Espionage Operations
  • Newly Discovered Pikabot Distributed Through QakBot
  • Pro-Russia Hacktivist Threatens Massive Attacks Against Global Banking System

Geo Highlights

Germany Releases Its First National Security Strategy

Industries impacted: Energy, Government, Information Technology

QuoIntelligence analyzes Germany’s first ever national security strategy, outlining its perception of the current threat landscape and the country’s posture to address security challenges.

Rollups

Industries impacted: Consumer Discretionary, Consumer Staples, Financials, Government

  • US – China Tensions: Cuba to Reportedly Host Chinese Base
  • Green Activist Increases: Deutsche Bank, JP Morgan Faces Pro-Climate Protests Against Investment Policies
  • EU General Product Safety Regulation Enters into Force to Enhance Safety Regardless of Origin
  • France Discovers Russian Disinformation Campaign Involving Russian Threat Actors

Community Area

Outlook

  • 20 JunePlanet Cyber Sec Conference
  • 23 June – SANS Ransomware Summit 2023

Upcoming Webinars

Latest Reports

(Sent to PREMIUM Customers only)

  • 26 May – Intel Assessment: AI: Risks and Challenges in Cyberspace and the Geopolitical Landscape 
    An in-depth evaluation of the reality of the threats the use of generative AI tools by threat actors pose. It also seeks to identify privacy and regulatory risks for businesses using such tools.

Interested in becoming a premium customer? Let’s talk

Interested in becoming a premium customer?

Unlock exclusive benefits by becoming a premium customer

Share this article:

Weekly Intelligence Snapshot – Week 24, 2023

Share this article:

Related Posts

Subscribe To Our
Weekly Newsletter

Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.