Weekly Intelligence Bulletin – Week 19

10. May 19

QuoScient’s Weekly Intelligence Bulletin for the week of 2 May – 9 May 2019 is now available! Please contact our sales team at sales@quoscient.io to subscribe today.

Find a summary below.

CYBER
Current Threat Industry Impacted: ANY, Information Technology
Sophos discovered a new ransomware dubbed ”MegaCortex” targeting Sophos customers around the world including, in Italy, the US, Canada, the Netherlands, Ireland, and France.
According to researchers at Trend Micro, attackers are leveraging a critical remote code execution (RCE) vulnerability in Confluence, a widely used enterprise collaboration software, to drop a cryptominer and rootkit.

Reported Incidents Industry Impacted: Financials
On 8 May, Binance, one of the largest cryptocurrency exchanges in the world confirmed that attackers stole BTC 7000, worth EUR 38 million at the time of reporting, from one of its BTC hot wallets. Reportedly, the theft took place with one transaction to this hot wallet, which contained about 2 percent of Binance’s total holdings.

Threat Actor Activity Industry Impacted: Government
ESET released a new detailed report on a Turla-attributed implant dubbed LightNeuron. The implant is specifically designed to target and interact with Microsoft Exchange email servers and operate as a mail transport agent (MTA) to install custom software and process email messages.

GEOPOLITICS
Israel’s Defence Forces (IDF) announced on 5 May that they bombed a building in Gaza, which was allegedly Hamas’ headquarter for cyber operations.

OUTLOOK
12 May – Presidential Elections in Lithuania
13 May – EU Foreign Affairs Council Meeting
14 May – U.S. Secretary of State Pompeo to meet Russia’s Foreign Minister Lavrov in Sochi, Russia