Threat Intelligence Roundup - Qilin hits Asahi, Crimson Collective abuses AWS, multi-sector breaches

Check Point Research’s 13 October threat bulletin aggregates multiple high-impact events across sectors. Qilin ransomware claimed responsibility for an intrusion at Asahi (Japan), exfiltrating ~27GB across 9,300 files and disrupting operations at six breweries—impact likely in the hundreds of millions. U.S. city Sugar Land reported a cyberattack impacting online municipal services for ~110,000 residents, with no indication of critical infrastructure impact or confirmed data theft. Law firm Williams & Connolly confirmed unauthorized access to a small number of attorney email accounts; central databases reportedly unaffected, with suspected China-linked threat actors. Separately, the Crimson Collective group (linked to last week’s Red Hat incident claim) is escalating cloud-focused extortion by abusing exposed AWS credentials, creating new IAM users, assigning AdministratorAccess, enumerating cloud assets, resetting RDS master passwords, snapshotting EBS volumes to spin up EC2 instances, and delivering extortion notes via SES from within victim accounts. Additional items include a claimed Avnet data breach (1.3TB compressed data) and a DraftKings account-stuffing incident affecting <30 customers. The bulletin also flags widespread exploitation activity (e.g., RondoDox botnet targeting 56 vulnerabilities across 30+ device types) and mentions an Oracle E-Business Suite zero-day enabling unauthenticated RCE via BI Publisher Integration on internet-exposed instances. Collectively, these items underscore concurrent risks from ransomware, cloud identity abuse, and legacy/exposed device fleets.