Weekly Intelligence Bulletin – Week 3

18. January 19

QuoScient’s Weekly Intelligence Bulletin for the week of 10 January – 17 January 2019 is now available for download in the Media Center!

Find below a summary.


Industry Impacted: ANY
Two security firms released a report about a threat actor group dubbed GRIM SPIDER (also known as TEMP.MixMaster) that interactively deploys the Ryuk ransomware into large enterprise environments. GRIM SPIDER has operated Ryuk campaigns since August 2018, with high ransom returns totaling USD 3.7 million (BTC 705.80). The distributed campaigns primarily target diverse industries primarily in the U.S., U.K. and Canada.
On 13 January, QuoINT first identified a blackmail phishing scheme from anonymous attackers threatening German company owners with the publication of pornographic videos and antisemitic
remarks impersonating them if the attackers are not paid a specific amount. This scheme is similar to other known blackmail schemes circulating since 2018. Do not pay and ignore, the
attackers use publicly available information in an attempt to authenticate the threat.

Reported Incidents Industry Impacted: ANY
Researchers identified a widespread wave of Domain Name System (DNS) hijacking, affecting dozens of domains for government, telecommunications and internet infrastructure organizations
located in the Middle East, Africa, Europe and the U.S. The three techniques detailed were means to manipulate the affected DNS records in order to intercept (and record) network traffic in this
espionage campaign.

Threat Actor Activity Industry Impacted: Financials
Researchers identified that a recently disclosed intrusion at the Chilean interbank network Redbanc involved a known malware associated with the North Korea-linked APT group Lazarus. The threat actors used a social engineering ploy in order to deliver the malware known as PowerRatankba, which is a reconnaissance and downloader tool.

The total market capitalization did not recover from last week’s fall after dropping to EUR 105 billion.

Germany’s Federal Public Prosecutor arrested an employee of Germany’s military (Bundeswehr) over suspicion that he passed information to Iran’s intelligence service.
Security concerns over Huawei products which potentially facilitate Chinese espionage continued in the previous week. Poland’s internal affairs minister called on NATO and the E.U. to formulate
a joint stance on whether Huawei should be banned from some markets. Germany’s industry federation called on Germany’s Government and the European Council to strengthen Europe’s
economy to counter competition from China.

22 January – World Economic Forum Annual Meeting