Daily Drop (101)
Sunday, April 10, 2022 // (IG): BB //Weekly Sponsor: Cloakedentryco
Hackers use Conti's leaked ransomware to attack Russian companies
FROM THE MEDIA: A hacking group used the Conti's leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. While it is common to hear of ransomware attacks targeting companies and encrypting data, we rarely hear about Russian organizations getting attacked similarly. This lack of attacks is due to the general belief by Russian hackers that if they do not attack Russian interests, then the country's law enforcement would turn a blind eye toward attacks on other countries. However, the tables have now turned, with a hacking group known as NB65 now targeting Russian organizations with ransomware attacks. For the past month, a hacking group known as NB65 has been breaching Russian entities, stealing their data, and leaking it online, warning that the attacks are due to Russia's invasion of Ukraine. The Russian entities claimed to have been attacked by the hacking group include document management operator Tensor, Russian space agency Roscosmos, and VGTRK, the state-owned Russian Television and Radio broadcaster.
READ THE STORY: Bleeping Computer
Microsoft seized Russian domains targeting Ukrainian media organization
FROM THE MEDIA: Microsoft seized seven domains belonging to Strontium, also known as Fancy Bear or APT28, a Russian hacking group with ties to the country’s military intelligence agency, the company announced in a blog post (via TechCrunch). According to Microsoft, Russian spies used these sites to target Ukrainian media outlets, as well as foreign policy think tanks and government institutions located in the US and the European Union. Microsoft obtained a court order to take control of each domain on April 6th. It then redirected them to a sinkhole, or a server used by cybersecurity experts to capture and analyze malicious connections. The company says it has seized over 100 domains controlled by Fancy Bear before this most recent takedown. “We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information,” Tom Burt, Microsoft’s corporate vice president of customer security and trust said in the post. “We have notified Ukraine’s government about the activity we detected and the action we’ve taken.” This particular hacking group has a long history of attempting to interfere with both Ukraine and the US. Fancy Bear was linked to cyberattacks on the Democratic National Committee in 2016 and targeted the US election in 2020.
READ THE STORY: The Verge
'Is my money gone?' A thriving crypto community deals with a $600 million theft
FROM THE MEDIA: Axie Infinity became a leader in the growing play-to-earn space, where players can make money and even earn a living. Then its blockhain was hacked. When Logan Evans found out that Axie Infinity — a popular online game in which players can earn cryptocurrency — fell victim to one of the largest digital heists of all time, he worried he had lost everything. “My first reaction was ‘holy s---, is my money gone? Did I just buy all these cute little Pokemon for nothing?’” Evans, 24, told NBC News. Evans has spent the past eight months building up his squad of Axies, animated monsters that many (including Evans) compare to the popular Nintendo Pokémon franchise, wherein players pit their candy-colored monsters against one another. But what might sound like a relatively simple game has emerged as one of the most popular and lucrative of what are called play-to-earn games. Axie Infinity's website boasts that its marketplace has out through $3.6 billion in transactions, and the game has drawn in around 2 million users per day. But that economy was rocked in late March when unidentified hackers managed to steal assets worth around $625 million from a subsidiary of Vietnamese gaming studio Sky Mavis, the company that runs Axie Infinity. The company vowed to reimburse lost funds, and Sky Mavis said Wednesday that it had raised $150 million from investors to help pay back its players.
READ THE STORY: NBC
China ‘Decodes’ An Orbiting US Satellite; Claims Expertise In Automatically Detecting & Fixing Security Flaws In Outer Space
FROM THE MEDIA: The overcrowding of space has fueled concerns of cyber attacks on satellites. Given the inexpensive and readily available disruptive tools in the digital age, both military and commercial satellites remain vulnerable to hacking by state and non-state actors. To protect its space assets, China has devised a new cyber defense. China has developed a new cyber defense infrastructure that can automatically detect security flaws in orbiting satellites, according to military experts participating in the project. There are thousands of satellites in orbit, each with hundreds of components that could be vulnerable to hackers due to software or hardware flaws. As launch prices have decreased, there are now more satellites rotating in low earth orbits in 2022, opening the frontier of space to big private sector launch projects. According to the Union of Concerned Scientists, there were 4,852 satellites in orbit at the start of 2022. According to the Chinese researchers, the Ontology of Cyber Situational Awareness for Satellites (OntoCSA4Sat), a computer system jointly built by the National University of Defense Technology in Changsha and the Beijing Aerospace Control Centre, has a thorough database of satellites. Unlike existing publicly available databases, the new technology can identify a satellite’s potential flaws, calculate the most effective ways to attack it, and suggest countermeasures. “The cyber security arms race in space has intensified,” Liu Bin, a PLA science and technology lab’s chief project scientist, wrote in a research published in the domestic journal Systems Engineering and Electronics late last month.
READ THE STORY: Eurasian Times
To Prosecute Putin for War Crimes, Safeguard the Digital Proof
FROM THE MEDIA: Holding Russia accountable for atrocities in Ukraine requires the painstaking collection and preservation of evidence in the face of rampant disinformation. As horrifying images began to appear from the wreckage in the recently liberated Ukrainian town of Bucha, global outrage grew. Five weeks after Russia’s invasion of Ukraine, screens were flooded with videos, photos, and stories of the atrocities inflicted on Ukrainian civilians in this Kyiv suburb: shocking footage of people in civilian clothes, some with their hands tied behind their backs; naked and burned bodies of women; and mass graves. Estonian Prime Minister Kaja Kallas tweeted: “This is not a battlefield, it’s a crime scene.” The painstaking and exacting work of gathering evidence of war crimes by the human rights community, aided by ubiquitous digital devices, is now being done in collaboration with journalists, military officials, the open-source intelligence community, cyber sleuths, and civilians on social media alike. The amount of documentation being assembled is beyond precedent. And although public proclamations alleging violations of international law draw attention, these charges must be supported by a precise process, complete with vetted and permissible evidence, to convict. The integrity of the war crimes documentation process is essential, and collecting data is only the beginning. The battle for hearts and minds today takes place electronically. So, predictably, just as soon as the images from Bucha were published, the Russia propaganda farm rolled out a highly coordinated and targeted disinformation blitz, calling the footage a “provocation” and a “staged production.” Russian Foreign Minister Sergey Lavrov called the massacre a “fake attack.” Russia’s defense ministry posted to Telegram, saying some of the photos were “fake.” Pro-Kremlin social media accounts accused “Ukrainian Nazis” of the Bucha killings—a deceit that has already made it to China.
D THE STORY: Foreign Policy
Facebook owner Meta takes action against cyber threats in some countries
FROM THE MEDIA: Meta Platforms, which controls the world's biggest social networking site Facebook, took action to remove accounts that violated its policies in an effort to prevent the spread of cyber threats, its new report showed. In its first quarterly Adversarial Threat Report, Meta analysts wrote about the risks of coordinated inauthentic behavior, online espionage, mass reporting and other emerging problems from some countries. It is expanding the scope of its action to deal with an increasingly dangerous internet landscape and the use of social media networks by individuals and groups in pursuit of illicit activities. Meta's public security reporting began more than four years ago, when it shared findings regarding coordinated inauthentic behavior by the Russian Internet Research Agency. “Since then, global threats have significantly evolved, and we have expanded our ability to respond to a wider range of adversarial behavior,” analysts wrote. “To provide a more comprehensive view into the risks we see, we’re expanding our regular reporting … all in one place, as part of the quarterly reporting we’re testing.” So-called “bad actors” on the internet have grown in numbers and scope, forcing companies and individuals to be very cautious about the content they engage with. Overall, such criminal activities were projected to inflict damages worth about $6 trillion globally in 2021, according to a study by research company Cybersecurity Ventures. If that were to be measured as a country, it would be the world's third-largest economy behind the US and China.
READ THE STORY: The National News
The mysterious Chinese cyber attack against Ukraine on the eve of the invasion
FROM THE MEDIA: Accusations of Chinese cyber activity as the recent problem burst out in Ukraine have been emerging. The information appear uncommonly dirty yet one western intelligence official thinks the goal was espionage-and also the cyber-attack may have been broader than previously reported. The Times first reported that cyberpunks, declared to be based in China, began targeting Ukrainian websites on 23 February, the day prior to the invasion. That caused inquiries regarding whether they had development notification of Moscow’s strategies as well as if their intent was in some way to sustain Russia. A wide set of Ukrainian federal government and business organizations were claimed to have been targeted by cyberpunks, including organizations linked to nuclear power. It is unclear how much this task was scanning for vulnerabilities online and also the number of sites were really compromised. But the goal aims to have been reconnaissance- swiping secrets-as opposed to the sort of sabotage procedures which Russia was charged of performing right before the invasion, and also when it started. The Times cited intelligence documents-however the Ukrainian safety and security service refuted they had actually handed anything over and seemed to minimize the discoveries, adding to complication. Some analysts asked yourself if they were fretted about antagonizing Beijing. On Monday, the Chinese consular office in the UK declined the case and also described the Times report as “sheer reckless talk as well as not qualified at all”. Russia targeted However some western authorities think the tale is even more complex. They assert the Chinese actors went on to target systems in Russia and Belarus, as well as Poland:” Given that late February, Chinese cyber-actors have actually been launching cyber-attacks versus government as well as army networks in Ukraine, Russia and Belarus,” claims one western knowledge authorities.”
READ THE STORY: Travel Info
Top secret Australian cyber center decoded
FROM THE MEDIA: Over the next decade, the REDSPICE program will churn through roughly $10 billion in federal funding and involve the deployment of 1900 data analysts, computer programmers and software engineers. Never heard of it? It stands for resilience, effects, defense, space, intelligence, cyber and enablers, and will effectively mean an almost net doubling in size of the Australian Signals Directorate. Not familiar with the ASD either? Not to worry, not many everyday Aussies are. In fact, until about halfway into its existence, the central workings of the nation's electronic spy agency weren't even known to prime ministers. Former PM Gough Whitlam only became aware of its top secret Five Eyes intelligence-sharing pact with the US, UK, Canada and New Zealand following government raids on the offices of better known spook outfit ASIO in 1973. That led to his discovery that the United States had been operating a clandestine surveillance outpost near Alice Springs known as Pine Gap.
READ THE STORY: Hunter Valley News
China's military modernization & its implications for India: Part III - Closing the capability gap
FROM THE MEDIA: China has used the newly established Strategic Support Force (SSF) to build advanced space and offensive cyber capabilities. The SSF's Space Systems Department has consolidated military space functions, including rocket launches, telemetry, tracking, control, satellite communications, space intelligence, surveillance, and reconnaissance. The Network Systems Department has integrated and strengthened signals intelligence, cyber espionage, computer attack, electromagnetic warfare, and psychological operations, making the SSF a formidable offensive force. According to the US intelligence community, China's cyber espionage operations have included compromising telecommunications firms such as Huawei and ZTE, which have provided opportunities for intelligence collection abroad. For instance, in April 2019, the telecommunications company Vodafone Group revealed that it had found security vulnerabilities with Huawei equipment deployed for its fixed-line phone network in Italy. These vulnerabilities potentially gave Huawei unauthorized access to the carrier's internet traffic and call data. Likewise, in August 2020, a report from the Australian government and Papua New Guinea's National Cyber Security Centre noted that the latter's National Data Centre, built by Huawei in 2018, was marred by weak cybersecurity, which exposed confidential government data for stealing.
READ THE STORY: Daiji World
Cyber Sanctions: Blocking Of Russian Internet
FROM THE MEDIA: A huge cache of sanctions has been unleashed on Russia. Russia is expected to soon be tottering under the weight of the measures enforced. However, what happens should the economic sanctions be reinforced by technological siege through the Internet. The author examines a probable scenario. In the wake of the attack on Ukraine, the kicking in of unprecedented economic sanctions by the West on Russia is going to bite the Russian trade hard. It all began a day after President Putin declared the two Ukrainian regions, Donetsk and Luhansk, as “independent states”. On February 22, the sanctions were first imposed on Russia by the US and its allies. Further sanctions were added as Russia attacked Ukraine on 24 February 2022. As per the estimates of a US-based sanctions watch-list site, Castellum.AI, a total of 5,532 sanctions are in place thus making Russia the most sanctioned country in the world, ahead of Iran. A former Russian Deputy Finance Minister reacted and said “this is a kind of financial nuclear bomb that is falling on Russia.” Notwithstanding the gravity of the sanctions, Russia has stood defiant, the boots on the ground have not halted, and it continues to challenge the West. Speculations are on about Russian reactions. To ease the financial squeeze, will Russia use alternate digital or virtual cryptocurrency or counter it by putting a stop to the oil and gas it supplies to Europe! Whether cryptocurrency itself emerges as a new tool to bypass the tight cordon or not is a complex conjecture. The western world may further be looking at some other methods of punitive actions beyond issuing economic sanctions.
Inside the elite Ukrainian drone unit founded by volunteer IT experts: 'We are all soldiers now.'
FROM THE MEDIA: An elite Ukrainian drone unit founded by volunteer IT experts is becoming a crucial part of the resistance against invading Russian forces. Aerorozvidka custom-builds or modifies off-the-shelf consumer drones to work in a military context and drop bombs on Russian vehicles under the cover of night. "Now, we are all soldiers, but our roots are very different," Mykhailo, a board member and head of communications for Aerorozvidka, told Insider. "Some of us have PhDs. Some have masters. Some are from the IT industry and many other industries. The main thing which unites us is a desire to win this war." The unit was founded in 2014 in response to Russia's annexation of Crimea and Russian-backed groups launching a separatist insurgency in the Donbas region. Tech-savvy volunteers came together to design machines for drone-based aerial reconnaissance to support the Ukrainian army. Aerorozvidka's founder, an investment banker, and father of four, Volodymyr Kochetkov-Sukach, was killed in action in Donbas in 2015. "The invasion began not months ago. It began in 2014," Mykhailo said. Aerorozvidka now operates as a non-governmental organization that closely supports Ukraine's military. The unit uses a range of drones, many of which are commonly available store-bought drones that they modify and militarize, including Chinese DJI drones and Autel drones, French Parrot drones, and more.
READ THE STORY: Business Insider
Items of interest
Octo Android malware wants to get its tentacles on your banking information
FROM THE MEDIA: A fascinating thing about the life cycle of malware is how malicious code packages evolve over time. It's a case of threat actors grabbing something that works and then improving or extending it. One example is a breed of banking malware that first popped up in 2016 called Exobot — it went after users in several countries until 2018 when it morphed into ExobotCompact, a remote access trojan (RAT) with several additional subtypes. And recently, cybersecurity researchers discovered Octo, a new RAT that essentially evolved from Exobot but has even more deceptive features — like the one that lets the trojan hide its activities even as it turns your phone into a vehicle for committing fraud. Via Bleeping Computer, we know that cybersecurity researchers with Threat Fabric learned about Octo from seeing requests for it on the dark web. Threat Fabric found that Octo has a lot in common with ExobotCompact, including measures to prevent reverse-engineering the malware and coding that makes it easy to hide inside an innocent-seeming app on the Google Play Store — as well as the neat trick of disabling Google Protect upon download. What sets Octo apart, according to Threat Fabric, is on-device fraud (ODF) functionality. While ODF isn't new to the malware ecosphere, it is the quirk that distinguishes Octo from the rest of the Exobot family of malicious apps.
READ THE STORY: Android Police
The First Purpose: Rediscovering Warning Analysis for CTI (Video)
FROM THE MEDIA: It is all too easy for cyber threat intelligence practitioners to become entangled in the day to day demands in dealing with the endless treadmill of new vulnerabilities, reversing samples, managing IOCs, tracking campaigns, and responding to the relentless pressure of RFIs. Along the way, sometimes these very necessary activities of intelligence overtake the ultimate purposes of intelligence as outcome. Despite all of our tools, and all of our investments in technical and target expertise, we find ourselves seemingly always reacting to new threats that have surprised our consumers, if not also our shops. Preventing surprise is the first purpose of intelligence. But it is well known that the tyranny of current intelligence production can rob us of the time and bandwidth to focus on the critical tasks that enable us to anticipate the ways and means by which future threats will develop, as we are caught up in describing and explaining events happening right now. Yet we can choose to implement processes and to pursue analytic products that can set the groundwork to succeed despite what seems like inevitable conditions. This talk will explore the history and evolution of warning analysis tradecraft, and discuss common pathologies that corrode anticipatory intelligence. We will explore structured analytic techniques and other methodologies intended to guard against these sources of error, and consider debates over their application in fast moving environments and small team contexts. We will explore examples across vulnerability discovery, malware development, and other adversary change cases. Attendees will gain new insights into consumer outcomes value – especially the core value of actionability – across different timelines for response opportunities. They will take away both fundamental tradecraft, but also the connected theory linking its application to recurring problems, and to improved consumer outcomes.
Dream - The Infiltration Of The Dark Net (Video)
FROM THE MEDIA: In 2013 a mysterious dark net market would appear that would remain in the shadows for quite some time. Today we will discuss a mysterious theory as it pertains to one such marketplace. Dream
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at email@example.com