Cyber Intel Brief: June 08 – 14, 2023

In the ever-shifting arena of cyber threats, organizations find themselves in a perpetual cat-and-mouse game with cybercriminals and harmful actors. The gravity of active network surveillance and cyber defense strategies is undeniable, serving as the shield against loss of confidential data, operational disruptions, and potential harm to your organization’s standing.

As a leader in Managed Detection and Response (MDR), we acknowledge the essential need for actionable intelligence to counter emerging threats. This blog post provides an inside look at our weekly Cyber Intel Brief exclusive to our customers. Our objective is to arm your organization with this indispensable knowledge, enabling you to proactively identify and curb risks, reinforce your security mechanisms, and safeguard your financial stability.

In this edition, we spotlight an assortment of cyber threats, including the discovery of a new infostealer, Skuld Infostealer, the Lace Tempest, and Storm-1167 threat groups, alongside the latest updates on dark web data leak sites and the latest entries in CISA’s Known Exploited Vulnerabilities Catalog. By understanding these threats and implementing the recommended mitigation strategies, you’ll be well-positioned to reinforce your organization’s defenses.

We welcome you to continue reading and uncover strategies to fortify your defenses against these escalating threats. By implementing the strategies and recommendations outlined, you can secure your organization’s vital assets and attain tranquility in this dynamic and uncertain threat environment.

Remember, a powerful cybersecurity approach isn’t just about reacting but predicting and preventing them before they occur. Let’s dive into the most recent cyber threats, gather invaluable insights, and arm your organization with actionable intelligence.

The Skuld Infostealer: Evading Detection and Raising Concerns

Targeted Industries: All

Skuld, a sophisticated infostealer malware, poses a considerable risk to businesses. It features unique evasion techniques that sidestep traditional detection measures, targeting sensitive data across various platforms. The potential damages could extend to data breaches, financial loss, reputational harm, and regulatory penalties.

What makes Skuld particularly concerning is its continuous evolution and unique data exfiltration method. Businesses should consider immediate mitigative action, focusing on user awareness training, regular security policy reviews, and routine testing of security measures.

Protect Your Organization from Threat Groups

In our increasingly networked reality, organizations spanning various sizes and sectors confront an escalating danger of cyber threats. The changing topography of cyber threats necessitates forward-thinking steps to shield sensitive data, sustain business operations, and defend organizational reputation. We illuminate the operations of Lockbit Ransomware, Lace Tempest, and Storm-1167. By grasping their strategies and driving forces, organizations can bolster their cybersecurity barriers and effectively counteract the fluid nature of the cyber threat environment.

LockBit Ransomware: Exploiting Vulnerabilities at Will

Targeted Industries: All, especially Healthcare, Finance, Government, and Manufacturing

LockBit ransomware affiliates exhibit adaptability and sophistication, posing a high threat to all industries. They exploit known vulnerabilities and use diverse attack tactics, causing operational downtime, data loss, and significant financial costs. Industries heavily dependent on their data and IT infrastructures are particularly vulnerable, such as Healthcare, Finance, Government, and Manufacturing.

To defend against LockBit, ensure your software is regularly updated, implement email filtering solutions, enhance employee cyber awareness training, and maintain regular backups of critical data.

Lace Tempest: Persistent and Destructive

Targeted Industries: All

Lace Tempest, a highly sophisticated threat actor, poses a significant risk. They utilize a complex intrusion chain, starting with a phishing email and ending in system destruction, with potential impacts ranging from data loss and operational disruption to financial loss. Swift action is crucial, including implementing robust endpoint protection solutions, conducting network segmentation, backing up sensitive data, and providing user training on phishing awareness.

Storm-1167: New Threat on the Horizon

Targeted Industries: All, with a focus on Financial Services and Insurance

Storm-1167 is an emerging threat actor specializing in AiTM phishing and BEC campaigns, primarily targeting banking and financial services organizations. The threat actor’s ability to bypass multi-factor authentication (MFA) poses a significant risk, requiring additional security measures beyond MFA, such as conditional access policies.

TA505: Early Exploitation of MOVEit

Targeted Industries: Industries heavily reliant on managed file transfer (MFT) software

TA505, a notorious threat actor, has been exploiting vulnerabilities in common managed file transfer (MFT) solutions, and evidence suggests TA505 was developing exploit code and information gathering for MOVEit as early as 2021. Immediate mitigation actions are recommended, including prioritizing the patching of MFT solutions.

Stay One Step Ahead With Our Data Leak Site Analysis

Monitored data extortion and ransomware threat groups added 66 victims to their leak sites in the past week. The most popular industry listed was Manufacturing, followed by retail trade; professional, scientific, and technical services; public administration; and health care and social assistance. This information highlights the importance of maintaining robust security measures to protect sensitive data and the need for effective incident response plans.

Manufacturing: Protecting Critical Operations

Manufacturing, a vital sector of the global economy, is also under significant threat, with 16 victims identified in the analysis. From large-scale production facilities to smaller manufacturers, organizations in this industry are susceptible to disruptive attacks that can halt operations, lead to financial losses, and compromise customer trust. Our comprehensive Managed Detection and Response solutions protect your digital assets and enhance your brand reputation.

Retail Trade: Safeguarding Consumer Data

The Retail Trade sector has experienced many victims, with six identified, respectively. These industries handle vast amounts of data, including highly sensitive consumer data. Protecting consumer data integrity and ensuring compliance with privacy regulations is paramount. Implementing advanced encryption, multi-factor authentication, and continuous monitoring can safeguard your data, maintain customer trust, and demonstrate your commitment to cybersecurity.

Professional, Scientific, and Technical Services: A Prime Target

The Professional, Scientific, and Technical Services industry has emerged as the most targeted sector in the last week, with six victims identified. This industry includes various businesses, such as legal services, consulting firms, and engineering companies. The valuable intellectual property and sensitive client data these organizations possess make them attractive targets for cybercriminals. By partnering with us and implementing our robust Managed Detection and Response solutions, you can fortify your defenses and minimize the risk of falling victim to ransomware attacks.

Protect Your Organization from The Latest Known Exploited Vulnerabilities

Are you aware of the latest vulnerabilities known to have been exploited by threat actors? Recently the Cybersecurity and Infrastructure Security Agency (CISA) added a new Fortinet vulnerability to its Known Exploited Vulnerabilities Catalog. This news should be of utmost importance to anyone using their products. Don’t wait until it’s too late—stay informed and proactive to protect your technology assets.

CVE-2023-27997: An Urgent Patch Required

Targeted Industries: All

The Cybersecurity and Infrastructure Security Agency (CISA) recently added CVE-2023-27997 to its Known Exploited Vulnerabilities Catalog. The vulnerability affects products from Fortinet, and CISA recommends immediate updates as per the vendor’s instructions.


In the face of these evolving threats, it’s paramount that businesses remain agile and adaptive in their cybersecurity measures. It’s no longer a question of if but when an attack will happen. Prioritize your cybersecurity efforts now to secure your digital frontier.

Need help securing your business? Reach out to our cybersecurity experts for a comprehensive review of your security posture and tailored mitigation strategies. See Threats. Stop Breaches. Together.

What We Mean When We Say

Estimates of Likelihood

We use probabilistic language to reflect the Intel Team’s estimates of the likelihood of developments or events because analytical judgments are not certain. Terms like “probably,” “likely,” “very likely,” and “almost certainly” denote a higher than even chance. The terms “unlikely” and “remote” imply that an event has a lower than even chance of occurring; they do not imply that it will not. Terms like “might” reflect situations where we are unable to assess the likelihood, usually due to a lack of relevant information, which is sketchy or fragmented. Terms like “we can’t dismiss,” “we can’t rule out,” and “we can’t discount” refer to an unlikely, improbable, or distant event with significant consequences.

Confidence in Assessments

Our assessments and projections are based on data that varies in scope, quality, and source. As a result, we assign our assessments high, moderate, or low levels of confidence, as follows:

  • High confidence indicates that our decisions are based on reliable information and/or that the nature of the problem allows us to make a sound decision. However, a “high confidence” judgment is not a fact or a guarantee, and it still carries the risk of being incorrect.
  • Moderate confidence denotes that the information is credible and plausible, but not of high enough quality or sufficiently corroborated to warrant a higher level of assurance.
  • Low confidence indicates that the information’s credibility and/or plausibility are in doubt, that the information is too fragmented or poorly corroborated to make solid analytic inferences, or that we have serious concerns or problems with the sources.


LinkedIn Twitter YouTube

Subscribe to the Deepwatch Insights Blog