Weekly Intelligence Bulletin – Week 45

12. November 18

QuoScient’s Weekly Intelligence Bulletin for the week of 01 November – 08 November 2018 is now available for download in the Media Center!

Find below a summary.

CYBER

Reported Incidents Industry Impacted: Financials

On 2 November HSBC Bank became aware of unauthorized users accessing customer accounts. Impacted customer data includes both financial and Personal Identifiable Information.

Vulnerabilities

Industry Impacted: Information Technology

Apache released an advisory in Apache Struts version 2.3.x which addresses a two-years old vulnerability existing in the Commons File Upload library, that when successfully exploited could
cause a remote code execution.

Threat Actor Activity

Industry Impacted: Financials

QuoScient has identified a new threat actor named Golden Chickens 01 (GC01) targeting financial institutions across the globe. First incorrectly identified by other researchers as Cobalt Group due to shared TTPs, GC01 is equally highly motivated and is currently engaged in active spear-phishing campaigns. Although our investigation is still ongoing, we highlighted details about this threat actor and its latest spear phishing activity.

CRYPTOCURRENCY

Gate.io, a cryptocurrency exchange platform based in Cayman Islands was targeted in a supply chain attack by first compromising the widely used web analytics platform StatCounter in order
to steal cryptocurrency.
The overall crypto asset market capitalization increased by 5.8 percent over the previous week. Between 2 November and 4 November, the capitalization continued a steady trajectory, but rose sharply on 7 November before a slight decline by 4.1 percent on 8 November.

GEOPOLITICS

On Monday, President Trump restored all sanctions previously lifted under the 2015 Iran Nuclear deal. These sanctions also include punitive measures against third countries doing business with Iran. As a result of the Sanctions, QuoINT expects retaliatory cyber operations (e.g. DDoS attacks, web defacement) against U.S. targets carried on by Iranian nationalists hacktivist groups. An increase in more advanced attacks, such as spear-phishing, carried on by state sponsored APT groups (e.g. OilRig) are also likely to increase in the next weeks.

OUTLOOK

11 November- FS-ISAC Fall Summit
11 November – Paris Peace Forum
11 November – President Trump to Meet President Putin in Paris
11 November – ASEAN Leaders Summit
15 November – 2. Hessian Innovation Congress