Weekly Intelligence Bulletin – Week 24

14. June 19

QuoScient’s Weekly Intelligence Bulletin for the week of 06 June – 13 June 2019 is now available! Please contact our sales team at sales@quoscient.io to subscribe today.

Find a summary below.



Industry Impacted: Information Technology

Researchers at Qualys discovered a critical remote command execution vulnerability in legacy versions of the Exim mail transfer agent. The vulnerability  is exploitable via both local and remote attacks in Exim versions 4.87 through 4.91, to include those with non-default configurations. Upon analyzing attack activity potentially exploiting this vulnerability, QuoINT discovered an attacker-owned server operating since 10 June and containing sensitive enterprise data of roughly 400 recently compromised servers.

Microsoft security update addresses 88 vulnerabilities across multiple products including, Internet Explorer, Edge, Windows, Microsoft Office, Exchange Server, SQL Server and more. Of the vulnerabilities, 66 are rated important and 21 are rated critical, of which 19 are remote code execution (RCE) vulnerabilities. The release also includes patches for four previous zero-day vulnerabilities publicly disclosed earlier this month.

Threat Actor Activity

Industry Impacted: Consumer Discretionary, Financials

QuoINT uncovers a new malware (internally dubbed as “TerraRecon” provided by the Golden Chickens’ Malware-as-a-Service, and used in highly targeted attacks against money transfer services. We also shed lights on SONE, an infostealer provided by the same MaaS.

QuoINT detected a new tool signed using the same digital certificate we recently observed being used in one attack attributed to Lazarus. While unconfirmed, there are indications that the tool is potentially a variant of a known tool associated with North Korea-linked APT38.



Tensions across the Middle East are rising, after several attacks on oil tankers and on a civilian airport in Saudi Arabia were attributed to Iran.



13 June – Meet QuoScient at NOAH19 Berlin

16 June – Meet QuoScient at 31st Annual FIRST Conference

18 June – The 13th e-Crime & Cybersecurity Germany