Weekly Intelligence Summaries

Our Weekly Intelligence Summaries cover insights, news and analysis into cybersecurity, threat intelligence, and geopolitical events. 

Want to join our Cybersecurity and Threat Intelligence Community of Professionals? Subscribe to our mailing list to get industry-relevant news straight to your inbox and to download the full Weekly Intelligence Snapshot.

Weekly Intelligence Snapshot – Week 19

Weekly Intelligence Snapshot – Week 19

In this weekly we investigate the emerging threat of NodePacketManager (NPM) becoming an attack vector for supply chains and the rising trend of extortion groups targeting companies without using ransomware. In terms of the war in Ukraine, we have escalated our cyber threat level from MEDIUM to HIGH due to extremely targeted hacktivist activity against entities operating in NATO countries.

read more
Weekly Intelligence Snapshot – Week 18

Weekly Intelligence Snapshot – Week 18

QuoIntelligence is tracking a campaign where the threat actors are using the remote template injection to deliver an espionage implant targeting Russian entities. Researchers allege that the campaign in question is attributed to Chinese nation-state actors. We continue our Ukraine war Geopolitics and Cyber coverage. Since organizations increased their monitoring of Russian APTs, other threat actors are likely to leverage the void and increase their activities, as we have observed with Chinese-sponsored threat actors over the last weeks.

read more
Weekly Intelligence Snapshot – Week 17

Weekly Intelligence Snapshot – Week 17

This week we cover our observations of #Emotet development, including differences in #TTPs observed in recent samples. We also cover #Lazarus activity reported by AhnLab targeting the #defense and #chemical sectors. We are tracking this activity for awareness and early defense and prevention before proliferation of campaigns to European entities. Additionally, as the #war in #Ukraine continues into its third month, we cover the latest #geopolitical developments.

read more
Weekly Intelligence Snapshot – Week 16

Weekly Intelligence Snapshot – Week 16

This week, the QuoIntelligence research team observed a campaign of the Gamaredon group, where SFX archives are used to deliver a VNC utility and decoy document. This new wave started around the second week of April and it is likely still ongoing. This activity of the Gamaredon group, which is a threat group extensively linked to operations of Russian intelligence and intrusions against targets in Ukraine, is in line with the ongoing invasion in Ukraine as well as the response from the EU and NATO countries.

read more
Weekly Intelligence Snapshot – Week 14

Weekly Intelligence Snapshot – Week 14

This week we report on the ongoing conflict in Ukraine, possibly resulting in a longer second phase of the invasion. War crime allegations against Russia are currently unlikely to be persecuted, and the rising energy crisis is likely to cause internal division in Europe. Meanwhile, new sanctions on Russia could result new cyberattacks. Separately, read about Hive RaaS which continues to improve its resources and operations to encrypt systems.

read more
Weekly Intelligence Snapshot – Week 13

Weekly Intelligence Snapshot – Week 13

This week we cover the ongoing conflict in Ukraine as a potential peace agreement between Russia and Ukraine seems unlikely in the short and medium term. Additionally, while activity in Ukraine will likely remain mostly kinetic for the foreseeable future, long-reaching cyber retaliation efforts by Russia will likely target NATO and Ukrainian allies. Separately, we cover the significance of North-Korean TA groups exploiting a RCE vulnerability in Google Chrome.

read more
Weekly Intelligence Snapshot – Week 12

Weekly Intelligence Snapshot – Week 12

As the invasion of Ukraine enters its second month, there are no signs of a potential peacea greement any time soon. The conflict results in a rise of activism and hacktivism as the politicization and polarization of society increases. QuoIntelligence continues to assess the threat level for cyber threats as Medium-High. Read our Weekly for further details and analysis of the cyber and geopolitical events that led to this assessment. We also cover how an Initial Access Broker dubbed Exotic Lilly is changing the threat landscape.

read more
Weekly Intelligence Snapshot – Week 11

Weekly Intelligence Snapshot – Week 11

QuoIntelligence assesses the conflict in Ukraine is unlikely to be solved in the short and medium term. We assess that the broadest threat to companies comes from hacktivist groups, while APT groups remain a threat especially to organizations providing #aid and support to Ukraine. In terms of the global impact of the conflict, it is likely the conflict will continue affecting energy and food security and result in increasing prices, potentially impacting business continuity. Read more about our Ukraine and Russia in our weekly, as well as our analysis into alleged Russian activity exploiting MFA and Printnightmare.

read more
Weekly Intelligence Snapshot – Week 10

Weekly Intelligence Snapshot – Week 10

As the Russian invasion in Ukraine enters its third week, we analyze the latest cyber security events surrounding the invasion and the implications the conflict has for the global economy and supplychains.

Our assessment regarding the threat level for organizations remains the same. We continue to see highly motivated hacktivist groups and APTs engaged in increased cyber activity. We also cover PatchTuesday in depth as patching technology remains a pertinent step towards mitigating against future attacks.

read more