Weekly Intelligence Bulletin – Week 17

26. April 19

QuoScient’s Weekly Intelligence Bulletin for the week of 18 April – 25 April 2019 is now available! Please contact our sales team at sales@quoscient.io to subscribe today.

Find a summary below.


Current Threat Industry Impacted: Consumer Discretionary, Financials
FireEye discovered and analyzed two archive files containing Carbanak malware source code, builders, and other tools existing since early 2017 on the malware scanning site VirusTotal. Carbanak malware was involved in various attacks against the retail, restaurant, hospitality, and financial sectors resulting in millions of dollars stolen.

Reported Incidents Industry Impacted: Industrial
The Switzerland-based heavy equipment manufacturing company Aebi Schmidt, reportedly suffered a ransomware attack that affected manufacturing operations and email servers in Europe and several international locations.

Vulnerabilities Industry Impacted: ANY
The National Information Security Vulnerability Sharing Platform (C-NVD) released an alert detailing a remote code execution vulnerability impacting all version of Oracle WebLogic that does not require authentication. At the time of writing, Oracle has not released a patch and a proof of concept is available.

Threat Actor Activity
QuoINT profiled a new Golden Chicken threat actor we named GC04.temp. The latest observed digitally-signed TerraLoader malware used by GC04.temp deploys the latest version of the more_eggs backdoor (6.1).

According to media reports, the CIA claims China’s National Security Commission, the People’s Liberation Army, and another branch of China’s intelligence agencies provided funding to Huawei.