Weekly Intelligence Bulletin – Week 8

21. February 20

QuoScient’s Weekly Intelligence Bulletin for the week of 13 February – 20 February 2020 is now available! Please contact our sales team at intel@quoscient.io to subscribe today.

Find a summary below.

CYBER

Current Threat

Industry impacted: Any

On 19 February, QuoINT released a Warning to clients regarding the publication of a proof-of-concept for a Remote Code Execution vulnerability in Microsoft SQL Server Reporting Services (SSRS), which was recently patched on 11 February. As part of a bug bounty, an ethical hacker proved the validity of the PoC against Tesla.

Threat Actor

Industry impacted: Energy, Information Technology, Telecommunication Services, Government, Transportation, Defense, Aerospace, Any

Researchers at Clearsky released a report detailing a cyberespionage campaign dubbed Fox Kitten, which they attributed to Iranian government-linked threat groups such as APT34 (aka Oilrig), APT33 (aka Elfin), and APT39 (aka Chafer). The campaign reportedly targeted many organizations and companies from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sector in Israel and around the world for the past three years.

 A joint technical alert from US government agencies identified six malware families, and provided an update to a previously disclosed one, attributing their use to the North Korea-linked threat actor known as HIDDEN COBRA (also known as Lazarus).

Outlook

21 February – Parliamentary Elections in Iran
22 February – G20: First Finance Ministers and Central Bank Governors Meeting in Riyadh, Saudi Arabia
22 February – Cancelled: MWC (Formerly ‘Mobile World Congress’) Barcelona 2020
24 February – RSA Conference 2020 in San Francisco, USA