Weekly Intelligence Snapshot – Week 16
This week, the QuoIntelligence research team observed a campaign of the Gamaredon group, where SFX archives are used to deliver a VNC utility and decoy document. This new wave started around the second week of April and it is likely still ongoing. This activity of the Gamaredon group, which is a threat group extensively linked to operations of Russian intelligence and intrusions against targets in Ukraine, is in line with the ongoing invasion in Ukraine as well as the response from the EU and NATO countries.
Weekly Intelligence Snapshot – Week 15
This week, QuoIntelligence reveals our internal investigation findings about an ongoing phishing campaign delivering the banking trojan known as Gozi (aka Ursnif), which is targeting retail, telecom, and other organizations in Italy. We also continue our coverage on the war in Ukraine, including the discovery and disruption of Industroyer2.
Weekly Intelligence Snapshot – Week 14
This week we report on the ongoing conflict in Ukraine, possibly resulting in a longer second phase of the invasion. War crime allegations against Russia are currently unlikely to be persecuted, and the rising energy crisis is likely to cause internal division in Europe. Meanwhile, new sanctions on Russia could result new cyberattacks. Separately, read about Hive RaaS which continues to improve its resources and operations to encrypt systems.
Weekly Intelligence Snapshot – Week 13
This week we cover the ongoing conflict in Ukraine as a potential peace agreement between Russia and Ukraine seems unlikely in the short and medium term. Additionally, while activity in Ukraine will likely remain mostly kinetic for the foreseeable future, long-reaching cyber retaliation efforts by Russia will likely target NATO and Ukrainian allies. Separately, we cover the significance of North-Korean TA groups exploiting a RCE vulnerability in Google Chrome.
Weekly Intelligence Snapshot – Week 12
As the invasion of Ukraine enters its second month, there are no signs of a potential peacea greement any time soon. The conflict results in a rise of activism and hacktivism as the politicization and polarization of society increases. QuoIntelligence continues to assess the threat level for cyber threats as Medium-High. Read our Weekly for further details and analysis of the cyber and geopolitical events that led to this assessment. We also cover how an Initial Access Broker dubbed Exotic Lilly is changing the threat landscape.
Weekly Intelligence Snapshot – Week 11
QuoIntelligence assesses the conflict in Ukraine is unlikely to be solved in the short and medium term. We assess that the broadest threat to companies comes from hacktivist groups, while APT groups remain a threat especially to organizations providing #aid and support to Ukraine. In terms of the global impact of the conflict, it is likely the conflict will continue affecting energy and food security and result in increasing prices, potentially impacting business continuity. Read more about our Ukraine and Russia in our weekly, as well as our analysis into alleged Russian activity exploiting MFA and Printnightmare.
Weekly Intelligence Snapshot – Week 10
As the Russian invasion in Ukraine enters its third week, we analyze the latest cyber security events surrounding the invasion and the implications the conflict has for the global economy and supplychains.
Our assessment regarding the threat level for organizations remains the same. We continue to see highly motivated hacktivist groups and APTs engaged in increased cyber activity. We also cover PatchTuesday in depth as patching technology remains a pertinent step towards mitigating against future attacks.
Weekly Intelligence Snapshot – Week 9
As the Russian invasion of Ukraine is ongoing, the threat of cyberattacks increases. NATO and EU have provided weapons to Ukraine and stricter sanctions against Russia, which might cause Russia to retaliate in the form of targeted cyberattacks. Therefore, organizations in Western countries face an increased risk of targeted cyberattacks, particularly the critical infrastructure, defense, and government sectors. Furthermore, collateral damage provoked by targeted attacks could impact the availability, confidentiality, and integrity of dependent infrastructure. QuoIntelligence assesses the threat level for companies in the EU as medium to high.
Weekly Intelligence Snapshot – Week 8
Russian President Vladimir Putin announced the decision to carry out a military operation in the Donbas region of eastern Ukraine. This decision has already resulted in cyber and physical ramifications. This weekly intelligence summary covers our in-depth analysis of the events as they unfold – including our assessment of cyberattacks (ie wiper) targeting Ukraine infrastructure, the likelihood of attacks causing a ripple effect on entities outside Ukraine, the impact to the global supply chain, and more.
Weekly Intelligence Snapshot – Week 7
Following the increasingly tense situation in Ukraine, this week read about the unconfirmed withdrawal of Russian troops and a DDoS attack that affected the Ministry of Defense and some of its banks. Both events came after the US’ warning of an imminent Russian invasion of Ukraine. Also, FBI and USSS released a joint advisory providing IOC information on the BlackByte ransomware group.
