Weekly Cyber Reports

This Week in Cyber 13th October 2023

Latest news and views from our Cyber Analysts

Written by

Team Nucleus

Written on

12th October, 2023


Amnesty International Reveals Intellexa Alliance’s Alarming Spyware Tactics


In a groundbreaking exposé, Amnesty International has unveiled the covert operations of the Intellexa Alliance, shedding light on their highly sophisticated cyber surveillance techniques. The report meticulously crafted by Amnesty’s Security Lab delves into the intricate workings of Intellexa’s flagship spyware, known as “Predator,” exposing its ability to infiltrate mobile devices with remote access while leaving no discernible trace, making it nearly impossible to audit independently.

Amnesty International’s report illuminates a wide array of surveillance methods employed by the alliance, highlighting their focus on targeting specific individuals such as journalists and human rights defenders. Of particular concern is the Jupiter system, an add-on for the Mars network injection setup. This system enables cyber operators to inject network attacks into encrypted HTTPS traffic, effectively bypassing even the most robust security protocols available.

Analyst Insights

The findings underscore an urgent call to action. Major technology corporations are implored to bolster their product defences, especially for individuals facing high-risk situations. Furthermore, Amnesty’s report emphasises the critical need for comprehensive regulations governing the cyber surveillance industry. As we navigate the complexities of the digital era, protecting our private spaces demands global collaboration, stringent regulations, and justice for those impacted by these invasive technologies. For a deeper understanding of the report's revelations, visit Amnesty International’s Security Lab website.

VBScript Deprecation: Embracing Modern Scripting Solutions


In a major shift announced in October 2023, Microsoft revealed the deprecation of VBScript in future Windows releases. The scripting language will now be accessible as a feature on demand (FOD) before its eventual removal from the operating system. This move aligns with Microsoft's ongoing commitment to enhance system security. Features on Demand (FODs) play a crucial role, allowing users to add or remove components as needed, ensuring a more flexible and streamlined computing experience.

Analyst Insights

As VBScript steps aside, users are encouraged to explore modern alternatives like PowerShell, offering powerful scripting capabilities and seamless integration with Windows systems. This transition signals a new era in scripting, emphasising the importance of embracing contemporary solutions for enhanced efficiency and security.

HTTP/2 Rapid Reset Unleashes Unprecedented DDoS


A recent deluge of DDoS attacks, propelled by the newly discovered HTTP/2 Rapid Reset vulnerability, has targeted internet behemoths Amazon Web Services (AWS), Google, and Cloudflare. By exploiting the known vulnerability, these attacks reached a peak of 398 million requests per second (RPS) on Google's cloud infrastructure alone, setting a concerning new precedent. HTTP/2 Rapid Reset exploits the protocol's intricacies, overwhelming servers by inundating them with swiftly initiated and cancelled requests. In response, companies globally, including Alibaba Tengine, F5, and Microsoft, are urgently releasing patches to fortify their systems. The urgency of patching cannot be overstated, as outdated systems are particularly vulnerable.

Analyst Insights

At our end, proactive measures are in place. Our Managed Detection & Response services can help to identify outdated and vulnerable systems. Moreover, our dedicated Security Operations Center (SOC) team conducts routine CVE-based threat hunts, providing an added layer of defence against emerging vulnerabilities. As the cybersecurity landscape evolves, patching remains the frontline defence, and our services stand ready to fortify your digital infrastructure against evolving threats.

Rapidly Evolving Mirai Variant


In the ever-changing landscape of cyber threats, a formidable adversary has surfaced: IZ1H9, the latest variant in the notorious Mirai botnet family. Fortinet's recent discovery paints a grim picture of IZ1H9's rapid evolution, bolstered by thirteen new exploits targeting routers from prominent manufacturers like D-Link, Zyxel, TP-Link, and TOTOLINK.

The surge in IZ1H9's activities witnessed in September 2023 is a cause for concern. With tens of thousands of exploitation attempts recorded in a single day, it's evident that this variant is relentless and aggressive. Exploiting critical vulnerabilities like CVE-2015-1187 and CVE-2020-25506 in D-Link devices, IZ1H9 gains unauthorised access, allowing remote attackers to execute malicious commands seamlessly. The botnet also targets vulnerabilities in various other devices, posing an imminent threat to your network's integrity.

Analyst Insights

In the face of this menacing adversary, Telesoft advocates a proactive approach. Implementing Telesoft's Managed Detection and Response (MDR) service is your shield against IZ1H9 and its ilk. Our MDR service combines state-of-the-art technology with the expertise of skilled analysts, ensuring your network remains secure amidst these evolving threats. Telesoft's MDR teams are equipped with the latest threat intelligence, allowing them to swiftly identify and neutralise threats like IZ1H9. With Telesoft's MDR, you can rest assured that your network is safeguarded against the relentless onslaught of the Mirai botnet and other emerging threats.

Strengthening School Networks: Telesoft's Managed Detection and Response (MDR) for Academy Trusts


As schools gear up for the academic year, cybersecurity is paramount. The National Cyber Security Centre's warning resonates strongly, urging schools to defend against potential cyber threats. In this digital age, academy trusts face unique challenges, balancing budget constraints with the need for robust cybersecurity across multiple schools. Telesoft offers a tailored solution: Managed Detection and Response (MDR) services designed for academy trusts.

Analyst Insights

Telesoft's MDR is a comprehensive, proactive defence strategy. By employing our MDR at an academy-trust level, schools can unify their cybersecurity efforts. Our expert analysts, armed with cutting-edge threat intelligence, swiftly identify and neutralise evolving threats, ensuring a safe digital environment for students and staff. Telesoft's MDR not only safeguards individual schools but also provides a centralised, efficient, and cost-effective security solution across the entire academy trust. Stay ahead of cyber threats and empower your academy trust with Telesoft's MDR.


Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus