The complex geopolitical landscape in Southeast Asia, influenced by People’s republic of China (PRC)’s strategic interests and territorial disputes, faces a prominent offensive threat from Chinese cyber operations. Southeast Asia’s economic and digital growth make it a prime target for cyber threats. In the past 8 months Cyberint has been able to identify a major large-scale campaign.

Supply chain attacks are a growing and increasingly sophisticated form of cyber threat. They target the complex network of relationships between organizations and their suppliers, vendors, and third-party service providers. These attacks exploit vulnerabilities that emerge due to the interconnected nature of digital supply chains, which often span multiple organizations, systems, and geographies.

Responsible for a number of infamous ‘big game hunter’ ransomware attacks and believed active since at least 2019, the ransomware threat group dubbed ‘CL0P‘ is thought to be a Russian-language cybercriminal gang and have been widely reported as associated with, or their malware adopted by, other cybercriminal groups including ‘FIN11’, a part of the larger financially-motivated ‘TA505’ group, and ‘UNC2546’.

Cyber threats against critical infrastructure – such as energy and transportation networks – remain pervasive as ever, with 2023 witnessing an astounding 420 million such attacks in total. That’s the bad news. The good news is that critical infrastructure is set to become more secure, at least in the European Union, thanks to the NIS 2 Directive (also known as E.U. Directive 2022/2055).

In April 2023, Researchers uncovered a new ransomware actor named RA Group, demonstrating a connection to the Babuk ransomware through the utilization of leaked source code. Following the full disclosure of Babuk’s ransomware source code by an alleged group member in September 2021, various ransomware families have emerged, incorporating this leaked code into their attacks.

The Common Vulnerability Scoring System (CVSS) is used to evaluate and communicate the technical severity of software, hardware and firmware vulnerabilities. While CVSS has been around for nearly 2 decades and now stands as an industry standard tool for scoring the severity of a vulnerability, the framework still has its limitations. To mitigate some of these challenges and improve the efficacy of the system, an updated version of CVSS was released in November 2023.

GuLoader stands out as a prominent downloader founded on shellcode that has been used in many attacks aimed at spreading a diverse array of highly sought-after malware strains. For over three years, GuLoader has maintained its activity and is continuously evolving through ongoing development efforts. The latest iteration introduces novel anti-analysis techniques, making its analysis extremely difficult.

Cybercriminals are always on the lookout for vulnerabilities to exploit and steal sensitive information. One such threat is credential stuffing, a type of cyberattack that can cause significant damage to both individuals and businesses. Credential stuffing is a cyberattack that involves the use of stolen account credentials to gain unauthorized access to user accounts on other systems.

Qilin operates as an affiliate program for Ransomware-as-a-Service, employing a Rust-based ransomware to target victims. Qilin ransomware attacks are often tailored for each victim to maximize their impact, utilizing tactics like altering filename extensions of encrypted files and terminating specific processes and services.