Weekly Intelligence Bulletin – Week 10

11. March 19

QuoScient’s Weekly Intelligence Bulletin for the week of 28 February – 07 March 2019 is now available for download in the Media Center!

Find a summary below.

CYBER
Current Threat Industry Impacted: ANY

PINCHY SPIDER criminal group released a new version of their GandCrab ransomware. Also, the
operators expanded tactics to now directly deploying the ransomware into enterprise environments – a scheme known as big game hunting. The new ransomware version supercedes the
latest decryptor released by a security organization.

Vulnerabilities Industry Impacted: ANY, Information Technology
Android’s monthly security bulletin includes fixes for 45 vulnerabilities across Pixel phones and
Nexus devices. Of the vulnerabilities, 11 are remotely exploitable and critical.
Cisco released an advisory addressing a remote code execution vulnerability existing in multiple
small business routers.
Google disclosed a zero-day vulnerability in Chrome with a critical rating that can potentially lead
to arbitrary code execution in the context of the browser. Separately, Google disclosed a serious
local privilege escalation vulnerability combine with the recently patched Chrome vulnerability
targeting Windows 7 32-bit systems.
Adobe released a security patch for ColdFusion to address the zero-day vulnerability since it is
been actively exploited in the wild.

Threat Actor Activity Industry Impacted: Financials, Government, Industrial
On Thursday, 7 March, QuoINT identified a new Cobalt spear phishing campaign impersonating
various banks including at least WellsFargo, Synovus, Comerica, Banrisul, Bancolombia, Banorte
and KeyBank.
In the last seven days, QuoINT observed continued activity from the e-crime threat actor EmpireMonkey. The spear phishing emails are impersonating the Financial Supervisory Authority of
Denmark, and targets different financial institutions primarily operating in the E.U.
Researchers compiled analysis about a suspected China-linked cyber espionage group dubbed
APT40 (also known as TEMP.Periscope, TEMP.Jumper, and Leviathan) which details and profiles
both recent and past activities.

GEOPOLITICS
The conflict between Pakistan and India calmed after coming close to escalation in the previous
week. Cyber operations have accompanied the ongoing tensions since 1998.
Huawei sued the U.S. government over the ban of their products, which violates the U.S.
constitution according to Huawei. Separately, China’s economy and military spending is expected
to increase at slower rates in 2019.