Daily Drop (107)
4-17-22
Sunday, April 17, 2022 // (IG): BB //Weekly Sponsor: Philly Tech Club
Ukraine war's most potent weapon may be a cellphone
FROM THE MEDIA: As the war in Ukraine pushes well into its second month, much of the outcome thus far — including Russian failures in executing their battle plans — is the result of logistics. Moscow has struggled abysmally to get gasoline, ammunition and food to its frontline troops. On the Ukrainian side, the flow of weapons and other materiel from the North Atlantic Treaty Organization and the U.S. has been breathtaking.
One area of warfare hangs in the balance: information. Despite ample video evidence of widespread war crimes by Russian troops, provided by Ukrainian forces and international journalists, the Kremlin is still managing the information war with energy, imagination and fairly effective counternarratives.
It's a familiar litany by now: The Ukrainian government is composed of Nazis; corpses of civilians in the cities of Bucha and Irpin are staged; missile strikes on targets like maternity hospitals and train stations are "false flag" operations conducted by the Ukrainians; and it is Ukraine, not Russia, that is preparing to use nerve agents.
For the Russians, this is not a trivial exercise. A significant part of the world will regard this conflict through the diet of information it consumes. As the war drags on, this will greatly influence global willingness to support sanctions and increasingly higher energy prices. Inside Russia, of course, President Vladimir Putin has control over almost every aspect of the media and the Internet, at least for the moment, and he can use that to tap into the nationalism of the Russian people.
READ THE STORY: Times Free Press
North Korean Hackers Pulled off $620 Million Crypto Heist, FBI Says
FROM THE MEDIA: Hackers connected to the North Korean government were behind the theft of over $600 million in cryptocurrency from an online video game network last month, the FBI said.
"Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29," the FBI said in a statement released Thursday.
The Democratic People's Republic of Korea is the official name of North Korea.
"The FBI, in coordination with Treasury and other U.S. government partners, will continue to expose and combat the DPRK's use of illicit activities -- including cybercrime and cryptocurrency theft -- to generate revenue for the regime," the statement said.
Video game company Sky Mavis announced in March that it had discovered the breach of Ronin Network, the blockchain used by players of its hugely popular Axie Infinity game. The game allows users to earn cryptocurrency through playing and trading characters called Axies, which are unique nonfungible tokens.
READ THE STORY: Alba Waba
Karakurt data thieves linked to larger Conti hacking group
FROM THE MEDIA: An analysis of the cryptocurrency wallets tied to the Karakurt hacker group, combined with their particular methodology for data theft, suggests that the group's membership overlaps with two other prominent hacking crews, according to an analysis published by cyber security vendor Tetra Defense.
Tetra's report details the experience of a client company that was hit with a ransomware attack by the Conti group, and subsequently targeted again by a data theft perpetrated by the Karakurt group. The analysis showed that the Karakurt attack used precisely the same backdoor to compromise the client's systems as the earlier Conti attack.
"Such access could only be obtained through some sort of purchase, relationship, or surreptitiously gaining access to Conti group infrastructure," Tetra wrote in its report.
It's important to differentiate the two different types of cyber attack described here, according to Tetra. In a ransomware attack, key data is encrypted and the extortion money is paid in exchange for a decryption key, so that the target company can recover its data and resume operating.
READ THE STORY: Channel Asia
Iridium sat phones, Wi-Fi-enabled thermal imagery tools find way to terror groups in Kashmir
FROM THE MEDIA: Fifteen signatures of Iridium satellite phones, used by the US-led allied forces in Afghanistan, and Wi-Fi-enabled thermal imagery devices that help a terrorist to escape security cordons especially during night have been found in the militancy-hit Kashmir valley, officials here said on Sunday.
They said some of the signatures of Iridium satellite phones have been found in cyber space since February. It started from North Kashmir and now there have been some spots in parts of South Kashmir as well, they said.
These satellite phones could be part of the consignment dumped by the allied forces while leaving Afghanistan or may have been snatched by the Taliban or terrorists fighting there, the officials said.
They said there is no need to panic as the movement of these phones was being specially monitored and those using them would definitely be in custody soon or get neutralised, the officials said.
READ THE STORY: The Print
Thousands of ordinary Russians are going to battle in the information war - what they're saying
FROM THE MEDIA: Spreading pro-Russian content, dismissing accusations of war crimes, and participating in cyber attacks are all ways in which people are encouraged to help the Russian cause.
"We call on everyone who supports the actions of our president and the Russian army to join in creating and distributing truthful content!"
This call to arms by a Russian website appears to be successfully recruiting ordinary Russians - 28,000 of them according to research by Sky News - to take part in the information war.
It is just one example of how some of the Russian public are playing their part in the battle to control the narrative around the Ukrainian conflict. Other examples include the recruitment of a hacker "cyber army" and the establishment of a seemingly grassroots organization to track Ukrainian war crimes.
READ THE STORY: Sky news
China Installs 3 Mobile Towers Near Indian Territory, Ladakh Councillor Raises Concern
FROM THE MEDIA: Apprehending the possibility of China infiltrating Indian territory as it did in the past, Konchok Stanzin, Councillor of Chushul village in Leh district raised alarms stating Beijing has installed three mobile towers, situated 'very close to the Indian territory'. Sharing images of the Chinese mobile tower in the Ladakh region, the legislator flagged the absence of a 4G network amid habitation in the Union Territory.
"After completing the bridge over Pangong Tso lake, China has installed 3 mobile towers near China's hot spring very close to the Indian territory. Isn't it a concern? We don't even have 4G facilities in human habitation villages," the Councilor shared on Twitter.
"11 villages in my constituency have no 4G facilities," he added.
What appeared to be a territorial encroachment complaint turned out to be a complaint in relation to the lack of infrastructure in the region.
"I am raising my voice for my people, China has increased the pace of their infrastructure recently they have launched a bridge on Pangong and now recently they have built three towers in a hot spring which can be used for drones. To observe our territory or for communication," Konchok Stanzin said.
READ THE STORY: Republic World
World’s largest darknet marketplace co-founder arrested
FROM THE MEDIA: Authorities in Russia have arrested the alleged co-founder of the world’s largest marketplace on the darknet on Friday April 15th, a week after the platform was shut down by German and US authorities.
The marketplace known as Hydra was shut down after German authorities seized the servers on which it was run, along with more than 20 million euros in Bitcoins.
Charges filed by the Justice Department in the US named Dmitry Pavlov, 30, as the administrator of Hydra’s servers. The accused had said he was unaware of the charges and said he was innocent of the charges brought against him.
Pavlov told the BBC’s Russian service last week that: “We are a hosting company and have all the necessary communications licenses. We don’t administer any sites but only provide servers for rent as intermediaries.”
Pavlov was detained after a ruling in Moscow’s Meshchansky District Court after he was accused of large-scale drug trafficking, a completely separate charge to that of Germany and the US.
READ THE STORY: EuroWeekly
Google Patches Third Actively Exploited Chrome Zero-Day of 2022
FROM THE MEDIA: Google has patched for another zero-day vulnerability in the Chrome browser.
The company released Chrome version 100.0.4896.127 for Windows, Mac, and Linux on April 14 to address the vulnerability identified as CVE-2022-1364. The company has disclosed two other zero-days, CVE-2022-0609 and CVE-2022-1096, since the start of the year.
Google didn't offer many details about CVE-2022-1364. The company says it's a type confusion vulnerability in the V8 engine used by Chrome and the Chromium project upon which it's based that was reported by Clément Lecigne from its own Threat Analysis Group sometime in 2022.
That means other browsers that are based on the Chromium project, including Microsoft Edge and Vivaldi, are also affected by CVE-2022-1364. Microsoft and Vivaldi both acknowledged the vulnerability and said they've updated their browsers to the patched version of Chromium.
Google says it's "aware that an exploit for CVE-2022-1364 exists in the wild." It said the same thing about the zero-day vulnerabilities revealed earlier this year, too, one of which it eventually revealed was exploited by two North Korean hacking groups targeting organizations in the US.
READ THE STORY: PCMAG
T-Mobile customers warned of unblockable SMS phishing attacks
FROM THE MEDIA: An ongoing phishing campaign targets T-Mobile customers with malicious links using unblockable texts sent via SMS (Short Message Service) group messages.
The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) issued a warning after multiple customers have filed reports of being targeted by this new SMS phishing (smishing) campaign.
NJCCIC is a component organization within the state’s Office of Homeland Security and Preparedness focused on incident reporting, cyber threat analysis, and information sharing.
The phishing texts thank the recipients for paying their T-Mobile bill and ask them to open a malicious link that will redirect them to a gift.
“The messages vary but typically thank the recipient for paying their bill and offer a gift. The messages include a link to accept the gift,” the NJCCIC explained on Friday.
READ THE STORY: Cyber Reports
DuckDuckGo removes hacking-related sites and clones from YouTube
FROM THE MEDIA: It appears that DuckDuckGo has (partially) removed websites related to theft from its search results.
TorrentFreak Reports DuckDuckGo is no longer used to search for content on The Pirate Bay, Fmovies, and other shady legal sites. It appears that the service has also removed sites dedicated to YouTube transcription tools such as YouTube-DL and YouTube-MP3.
DuckDuckGo has not completely removed these sites and tools from search results at the time of writing. A search for “The Pirate Bay” will provide more relevant websites, for example a search for “youtube-dl” will provide the relevant GitHub repository. (Nobody Briefly disappeared from github in 2020 due to the DMCA dispute.)
TorrentFreak states that in 2018, DuckDuckGo removed the exclamation mark “Banks” commands of hacking-related sites that make it easier to search for content on certain websites, so it is not responsible for copyright infringement on those sites.
READ THE STORY: Archyde
Microsoft takes on the ZLoader criminal network
FROM THE MEDIA: Is this really the end for the ZLoader malware? Notorious for attacking healthcare facilities and businesses, this botnet was taken down by Microsoft.
ZLoader is a botnet that relies on a network of infected machines present in companies, hospitals, schools and also in private homes. Particularly active, he served in cyberattack campaigns all over the world, including in France last year. Professional couriers have thus been targeted to collect sensitive data.
Following a court order, Microsoft was able to dismantle this malware controlled by an organized criminal network exploiting malware in the form of “software as a service” (SaaS). The objective is to steal and extort money. The Windows publisher has taken control of 65 domain names used by this network, as well as 319 other domain names associated with the domain name generator algorithm integrated into the malware.
Microsoft explains that originally, ZLoader proceeded to steal login credentials, passwords and other information, in order to extort money from its victims. But the software was also able to disable the most common antivirus and security software, thanks to a specific component. Affected persons and institutions could therefore no longer detect the infection.
ZLoader has also been used to develop other malware such as Ryuk ransomware, which targets healthcare institutions to extort ransoms. The operation carried out by Microsoft aims to decommission the ZLoader infrastructure and reduce the power of nuisance of the criminal organization behind it. The company will continue to monitor their activity.
READ THE STORY: Archyde
Items of interest
Moskva sinking: What really happened to the pride of Russia's fleet?
FROM THE MEDIA: The Russian guided-missile cruiser Moskva rests deep beneath the Black Sea this morning.
Ukraine claims that it hit Moskva with missiles, causing it to sink. Russia has insisted the reason for the sinking was a fire. On Friday, the United States supported Ukraine's account, with a senior defense official saying that it believes that two Ukrainian Neptune missiles hit the Russian warship in the Black Sea.
Whether the ship lies at the bottom of the sea as the victim of Ukrainian missiles, Russian incompetence, bad luck or a combination of all three remains disputed. What is certain, though, is that the biggest wartime loss of a naval ship in 40 years will raise troubling questions not only for Moscow, but for military planners around the world.
The ship sank off the coast of Ukraine in the Black Sea on Thursday. Ukraine says it hit the Moskva with anti-ship cruise missiles and that these sparked the fire that detonated the ammunition.
Russian Ministry of Defense via state media reports the sinking of the warship Moskva -- the flagship of Putin's Black Sea fleet 07:05
Russia has put out its own version of events: Russia's Defense Ministry says a fire of unknown origin detonated the ship's stored ammunition and the resulting explosions left the Moskva with structural damage. It says the warship then sank amid rough seas as it was being towed to a nearby port.
READ THE STORY: CNN
Discord Infostealers: How hackers steal your password (Video)
FROM THE MEDIA: Discord Infostealers can hack your accounts by stealing your passwords and tokens if you fall for a malicious link in discord, beware of messages about free games etc.
Elite Pilot Commander Talks Aerospace Cyber Warfare (Video)
FROM THE MEDIA: In this episode of Big Theory Science, special guest Noel Zamot, former Commander of the Air Force's Elite Test Pilot School and Technology Warfare Expert who has testified twice in congress, joins us to discuss cyber defenses in aerospace technology and artificial intelligence.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com