Monthly Threat Intelligence Rollup for August 2023

This document is a monthly threat intelligence rollup that summarizes various incident activities and emerging threats identified during August 2023. It details the activities of several advanced persistent threat (APT) groups, including the Carderbee group, which targeted Hong Kong entities using the PlugX backdoor in a supply chain attack. The report also discusses the Akira ransomware operation, which exploits Cisco VPN products to infiltrate corporate networks. Additionally, it covers the extensive espionage campaign by the UNC4841 group, which has shown adaptability in maintaining access to compromised Barracuda Email Security Gateway appliances. The dismantling of the Qakbot botnet through Operation 'Duck Hunt' is highlighted, showcasing international collaboration in combating cybercrime. Furthermore, the report outlines the evolving tactics of the BlueCharlie group and the discovery of a new post-exploitation technique involving the AWS SSM agent. Lastly, it mentions the resurgence of the Monti ransomware and the return of Raccoon Stealer malware, indicating ongoing threats in the cybersecurity landscape.