Weekly Intelligence Bulletin – Week 51

22. December 18

QuoScient’s Weekly Intelligence Bulletin for the week of 13 December – 20 December 2018 is now available for download in the Media Center!

Find below a summary.


Current Threat Industry Impacted: ANY

Researchers discovered a sophisticated weaponized document builder, dubbed LCG kit, known for using exploits to target Microsoft vulnerabilities in order to install malware. Due to the wide
use of LCG kit for building malicious documents observed in numerous campaigns, researchers hypothesize the kit is for sale in underground forums and appears popular amongst threat actors.

Vulnerabilities Industry Impacted: ANY

Microsoft released an emergency security patch to address a zero-day vulnerability existing in the Scripting Engine of Internet Explorer version 9 and later, on Windows 7, 8.1 and 10, Server 2008
to 2019, and RT 8.1. Successful exploitation could allow a remote attacker to execute arbitrary code in the context of the current user.

Threat Actor Activity Industry Impacted: Financials

During the last seven days, we detected two new Cobalt Group spear phishing attacks, one targeted Russian financial entities by impersonating the National Bank of Kazakhstan, and the
other targeted Latin American financial entities by impersonating Panama’s Multibank.

The crypto market capitalization continued its upward recovery following a tough period of poor performance. The total market capitalization added EUR 19.2 billion, from EUR 96 billion to EUR 115 billion on 20 December, an increase of 22 percent from the end of last week.

The U.S. will begin withdrawing its troops from Syria, the White House confirmed on 19 December. Accusations of Chinese state-sponsored cyberattacks continued in the previous week which are
possibly influenced by political tensions between the U.S. and China and actual concerns over China’s intelligence gathering.

24 December – Christmas 2018