QuoScient’s Weekly Intelligence Bulletin for the week of 01 November – 08 November 2018 is now available for download in the Media Center!
Find below a summary.
CYBER
Reported Incidents Industry Impacted: Financials
On 2 November HSBC Bank became aware of unauthorized users accessing customer accounts. Impacted customer data includes both financial and Personal Identifiable Information.
Vulnerabilities
Industry Impacted: Information Technology
Apache released an advisory in Apache Struts version 2.3.x which addresses a two-years old vulnerability existing in the Commons File Upload library, that when successfully exploited could
cause a remote code execution.
Threat Actor Activity
Industry Impacted: Financials
QuoScient has identified a new threat actor named Golden Chickens 01 (GC01) targeting financial institutions across the globe. First incorrectly identified by other researchers as Cobalt Group due to shared TTPs, GC01 is equally highly motivated and is currently engaged in active spear-phishing campaigns. Although our investigation is still ongoing, we highlighted details about this threat actor and its latest spear phishing activity.
CRYPTOCURRENCY
Gate.io, a cryptocurrency exchange platform based in Cayman Islands was targeted in a supply chain attack by first compromising the widely used web analytics platform StatCounter in order
to steal cryptocurrency.
The overall crypto asset market capitalization increased by 5.8 percent over the previous week. Between 2 November and 4 November, the capitalization continued a steady trajectory, but rose sharply on 7 November before a slight decline by 4.1 percent on 8 November.
GEOPOLITICS
On Monday, President Trump restored all sanctions previously lifted under the 2015 Iran Nuclear deal. These sanctions also include punitive measures against third countries doing business with Iran. As a result of the Sanctions, QuoINT expects retaliatory cyber operations (e.g. DDoS attacks, web defacement) against U.S. targets carried on by Iranian nationalists hacktivist groups. An increase in more advanced attacks, such as spear-phishing, carried on by state sponsored APT groups (e.g. OilRig) are also likely to increase in the next weeks.
OUTLOOK
11 November- FS-ISAC Fall Summit
11 November – Paris Peace Forum
11 November – President Trump to Meet President Putin in Paris
11 November – ASEAN Leaders Summit
15 November – 2. Hessian Innovation Congress