Weekly Intelligence Bulletin – Week 4

25. January 19

QuoScient’s Weekly Intelligence Bulletin for the week of 17 January – 24 January 2019 is now available for download in the Media Center!

Find below a summary.

CYBER

Current Threat
Industry Impacted: Financials
According to researchers, a new crypto mining campaign associated with the threat actor Rocke Group is targeting public cloud infrastructure.

Vulnerabilities
Industry Impacted: ANY
Debian released a security update addressing a Remote Code Execution (RCE) vulnerability (CVE-2019-3462) in Advanced Package Tool (APT) package manager used in Ubuntu, Debian and
other Linux distributions.

Threat Actor Activity Industry
Impacted: Consumer Discretionary, Consumer Staples, Financials
QuoINT detected new spear phishing activity related to FIN7 (aka Carbanak), the notorious cybercrime syndicate targeting multiple sectors worldwide, including retail, energy, telecommunication
and hospitality.
QuoINT detected two new Cobalt attack waves occurring on 17 January and 23 January, respectively, dropping the Cobint malware. The 23 January campaign was active when we first identified
the sample in the wild. The delivery method is currently unknown, but the malware is likely delivered via a spearphishing email containing a link.
QuoINT has uncovered an attack against a Pakistani financial service provider’s employee that highly matched the Tactics, Techniques, and Procedures (TTPs) reported in a recent intrusion
at the Chilean interbank network Redbanc. As well, there is new evidence that might link the November 2018 attacks against multiple Pakistani banks to Lazarus. Further, this week we identified new attack activity in Chile related to the same campaign.

CRYPTOCURRENCY
The total market capitalization fell to EUR 104 billion after a stagnant trading period at the end of last week.

GEOPOLITICS
France’s data protection authority CNIL imposed a penalty of EUR 50 million on Google for breaching the General Data Protection Regulation (GDPR).
The Center for Strategic and International Studies reported that North Korea continues operating 20 undisclosed missile operation bases.

OUTLOOK
30 January- Trade Talks Between China and U.S.