Wednesday, June 29, 2022 // (IG): BB //Weekly Sponsor: Dataminr
Chinese influence operation aimed to protect Beijing's stake in rare earth mining, research finds
FROM THE MEDIA: A Chinese influence operation unsuccessfully tried to mobilize U.S. protests against an Australian rare earths mining company planning an expansion in Texas in an effort to defend Beijing’s dominance in the market, researchers with cybersecurity firm Mandiant said Tuesday. RU TTP
While aspects of the operation aren’t novel, the activity from a campaign known and tracked as Dragonbridge, which dates to at least 2019, shows signs of increasing sophistication in its attempts to microtarget receptive authentic audiences in ways that could “suggest the possibility of using similar means to manipulate public discourse surrounding other U.S. political issues to the [People’s Republic of China’s] advantage,” the researchers wrote.
READ THE STORY: CyberScoop // FT // SecurityWeek // SCMEDIA // The Register
Chinese propagandist threatens Seoul for joining NATO cyber group
FROM THE MEDIA: After South Korea became the first Asian country to join NATO’s Cooperative Cyber Defense Centre of Excellence (CCDCOE), Chinese propagandist Hu Xijin threatened Seoul. “If South Korea takes a path of turning hostile against its neighbors, the end of this path could be a Ukraine,” tweeted Hu Xijin on Thursday. Hu is China’s “best-known propagandist on the global stage” and his formerly high standing at the Global Times, owned and operated by the Chinese Communist Party, suggests his statements have a degree of official sanction.
The warning for incoming South Korean President Yoon Suk-yeol is obvious — Get too close to NATO and feel China’s wrath. Russia, Ukraine’s neighbor, launched “special operations” in the country on February 24 after Moscow accused Kyiv of turning hostile towards its neighbors.
READ THE STORY: The Print
Cyber Pirates Prowling Ship Controls Threaten Another Big Shock
FROM THE MEDIA: In February 2019, a large container ship sailing for New York identified a cyber intrusion on board that startled the US Coast Guard. Though the malware attack never controlled the vessel’s movement, authorities concluded that weak defenses exposed critical functions to “significant vulnerabilities.”
A maritime disaster didn’t happen that day, but a warning flare rose over an emerging threat to global trade: cyber piracy able to penetrate on-board technology that’s replacing old ways of steering, propulsion, navigation and other key operations. Such leaps in hacking capabilities could do enormous economic damage, particularly now, when supply chains are already stressed from the pandemic and the war in Ukraine, experts including a top Coast Guard official said.
READ THE STORY: Insurance Journal
Frozen-food firm Apetito hit by cyber attack
FROM THE MEDIA: Apetito, the Germany-based frozen-food supplier, has revealed a cyber attack on its operations. The privately-owned business, which serves foodservice and retail customers, has issued a brief statement indicating the impact on its operations so far. “We currently have no access to our IT-supported systems because our servers have been attacked. For this reason, among other things, orders are currently not possible,” Rheine-based Apetito said in its statement posted online.
“Unfortunately, it is not yet foreseeable when we can be reached again. Customers can contact their responsible sales representative.
“Our top priority is to ensure supplies to clinics and retirement homes, as well as senior citizens at home by delivering replacement menus. An internal and external team of experts is working flat out on analysis and on solutions.”
READ THE STORY: Just Food
TikTok is a wolf in sheep’s clothing – FCC commissioner call for US ban
FROM THE MEDIA: Brendan Carr, Senior US Federal Communications Commission (FCC) Commissioner, wants TikTok gone from Apple App and Google Play stores. Carr stated that TikTok is not just another video app. “That’s the sheep’s clothing. It harvests swaths of sensitive data that new reports show Beijing has access to it.“ You can read Carr’s letter to Apple and Google (June 29 Twitter Post). Carr is relying on Apple and Google to uphold their App Stores policies on privacy and surreptitious data collection.
Carr was reacting to BuzzFeed’s report that leaked audio from 80 internal TikTok meetings shows that US user data has been repeatedly accessed from China. The company hurriedly announced that it had migrated its US user data to domestic servers run by Oracle. But that ignores the question of admitted access by Chinese employees to U.S. user data from at least September 2021 to January 2022.
READ THE STORY: CyberShack
Beware of Deepfakes, Tech Jobs Interviews May Contain Stolen Information and Deceive Public
FROM THE MEDIA: The Federal Bureau of Investigation (FBI) released a public service announcement for all, and it talks about the presence of deepfake on technology job interviews that may deceive a person regarding those on the other end. There are growing cases of stolen personal information, and it may be what threat actors use to present to job applicants in an interview they went or will go through.
READ THE STORY: TechTimes
CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild
FROM THE MEDIA: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation.
The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit's pkexec utility, which allows an authorized user to execute commands as another user.
Polkit (formerly called PolicyKit) is a toolkit for controlling system-wide privileges in Unix-like operating systems, and provides a mechanism for non-privileged processes to communicate with privileged processes.
READ THE STORY: THN
Israel thwarted cyberattack targeting US power plants
FROM THE MEDIA: Israel halted hackers from attacking US power plants, the deputy chief of the Israeli army's signals intelligence branch, Unit 8200, said at Tel Aviv University’s annual cyber week on Wednesday. The IDF official said that his unit became aware of the cyber threat in the process of stopping another attack aimed at Israel. “We also found that they were attempting to target US power plants as well. This was the first indication of this attack. It enabled preventing this threat, through tight collaboration with our fantastic American partners," Colonel U. told the audience, according to The Jerusalem Post.
He also explained how his unit dealt with the alleged Iranian attack in 2020 targeting Israel's water facilities. “We saw this attacker attempting to poison the water in an attempt to claim human lives. We mitigated that threat far ahead," he said at the conference. Cyberattacks have become an increasing threat for states, and Israel is currently facing a cyber war with Iran.
READ THE STORY: i24 News
Accused ‘NetWalker’ Ransomware Hacker Agrees to Plead Guilty
FROM THE MEDIA: A former Canadian government employee has agreed to plead guilty in the US to charges that he worked for a ransomware gang that researchers say has reaped almost $50 million in illegal payments during the past two years. Sebastien Vachon-Desjardins has agreed to plead guilty to hacking-related charges, according to court documents filed Tuesday in federal court in Tampa. He was accused of working as part of a digital extortion group known as NetWalker.
The ransomware gang has targeted US hospitals, law enforcement organizations, schools, colleges and universities, according to the FBI. The blockchain-analysis firm Chainalysis Inc. has determined that victims have paid $46 million in extortion fees to the NetWalker hackers since 2020. NetWalker has been among the most active ransomware gangs since it emerged two years ago, researchers determined, and the group has been particularly focused on health-care providers during the Covid-19 pandemic.
READ THE STORY: Bloomberg
Modern Modem Mobsters are Costing the World a Fortune
FROM THE MEDIA: The internet has come a long way since the good old days of dial-up. What started as the shared domain of government agencies and universities has morphed into an all-encompassing phenomenon. Even in the least developed countries, 27 percent of the population has some access to the internet; in developed countries access is almost universal, and 90 percent of people are active internet users.
Data continues to compound, necessitating new metrics: terabytes, petabytes, exabytes, zettabytes and yottabytes. The global web of connectivity touches on every aspect of modern life — and generates 2.5 quintillion bytes of data each day. (To put that in perspective, there are eight bits, the lowest unit of memory storage, in a byte. Most people measure their consumption in gigabytes: 1,000 megabytes, or a billion bytes. A quintillion equals a million trillions.) Information is power, and so much data is a potential trove to be plundered by anyone with a little tech savvy. Moral considerations don’t come into it.
READ THE STORY: CFI
Black Basta ransomware gang claims to have already hit 50 organizations
FROM THE MEDIA: A new ransomware group called Black Basta is claiming to have successfully hit 50 victims, while the veteran but evaporating Conti gang — which may have links to the rookie — has gone out with a rocket. That’s according to two recent reports by researchers at security providers.
“In just two months,” say researchers at Cybereason, “the Black Basta gang has added nearly 50 victims to their list as of the publishing of this report, making them one of the most prominent ransomware groups recently.”
READ THE STORY: IT World Canada
ASTRALOCKER Ransomware Spread in ‘Smash and Grab’ Attacks
FROM THE MEDIA: A new version of the AstraLocker ransomware has been observed being distributed directly from Microsoft Office files sent via phishing emails, an unusually quick delivery method leading researchers to believe that the threat actor behind the ransomware is solely interested in making a big impact and receiving a quick payout, or what they call a “smash and grab” approach.
The AstraLocker ransomware was first identified in 2021 and is a fork of the Babuk ransomware-as-a-service, which also appeared in early 2021. The latest version of AstraLocker, meanwhile, was first observed in March. Researchers said AstraLocker attacks are unique in that the ransomware is deployed to victims at a very early stage of the attack, immediately after the target opens the malicious file attachment on the phishing email, rather than the “low and slow” methodology that is common among sophisticated ransomware groups.
READ THE STORY: DUO
Hackers Deploy Shadowpad Backdoor and Target Industrial Control Systems in Asia
FROM THE MEDIA: Russian cybersecurity firm Kaspersky uncovered an attack campaign targeting unpatched Microsoft Exchange servers in different Asian countries.
According to an advisory released by the company on Monday, once they gained initial access via the above vulnerabilities, the threat actors deployed the ShadowPad malware on the industrial control systems (ICS) of telecommunications companies in Pakistan and Afghanistan and a logistics and a transport organization in Malaysia.
READ THE STORY: InfoSec Mag
Cyberattack hits Russian space agency site after sharing NATO photos
FROM THE MEDIA: The website of Russia's space agency Roscosmos was hit by a cyberattack after publishing satellite images of the NATO summit building and other military command centers of NATO nations, Roscosmos press service head Dmitry Trugovets said Wednesday, according to RIA.
The site was targeted by hackers in a DDoS attack after the images were shared, but unlike prior attacks in March and April, these hackers have seemingly been traced to the Yaketerinburg within Russia, RIA reported.
READ THE STORY: JPOST
Why more zero-day vulnerabilities are being found in the wild
FROM THE MEDIA: The number of zero-days exploited in the wild has been high over the past year and a half, with different kinds of actors using them. These vulnerabilities, which are unknown to the software maker, are leveraged by both state-sponsored groups and ransomware gangs.
During the first half of this year, Google Project Zero counted almost 20 zero-days, most of which target products built by Microsoft, Apple and Google, with browsers and operating systems taking up large chunks. In addition, a critical remote code execution vulnerability was found in Atlassian's Confluence Server, which continues to be exploited. But in 2021, the number of in-the-wild zero-days was even higher. Project Zero found 58 vulnerabilities, while Mandiant detected 80--more than double compared to 2020.
READ THE STORY: CSO Online
Brutal Russian invasion of Ukraine has transformed cybersecurity
FROM THE MEDIA: “The brutal Russian invasion of Ukraine has transformed the context of cybersecurity” worldwide, said British National Cyber Security Center CEO Linda Cameron.
Speaking at the Tel Aviv University Cyber Week on Tuesday, Cameron said that the lives of millions of innocent people are in jeopardy due to cyber threats, just like on the battlefield, but that “Ukrainian cyber defenders repelled the attacks and are real heroes.”
READ THE STORY: JPOST
Israel National Cyber Directorate announces national ‘cyber-dome’
FROM THE MEDIA: Israel’s National Cyber Directorate is promoting the formation of a “cyber dome,” its director general said on Tuesday. Speaking at Tel Aviv University’s annual Cyber Week conference, Gaby Portnoy outlined the make-up of the dome, saying it featured a new, big-data and artificial intelligence approach to “proactive defense” against cyber threats. According to the Directorate, some 1,500 attacks were thwarted by its teams in the past year.
“There is no longer only one type of … enemy,” said Portnoy. “On one hand, Iran has become our dominant rival in cyber, together with Hezbollah and Hamas. We see them, we know how they work, and we are there,” he added.
READ THE STORY: JNS
Cyber spy agency targeted foreign extremists trying to recruit Canadians
FROM THE MEDIA: Canada's electronic spy agency says it has used its arsenal to try and stop foreign extremists from recruiting Canadians and sharing violent material online. The acknowledgement is nestled in the Communications Security Establishment's annual report made public Tuesday, which points to recent cases where it flexed its cyber muscles.
While the details are largely sanitized in the report, the examples shed some light on how the foreign signals intelligence agency has been using the "active" cyber capabilities granted to it by the Liberal government in 2019.
READ THE STORY: CBC
Could the Russian cyber attack on Lithuania draw a military response from NATO?
FROM THE MEDIA: Normally the meaning of this would be frighteningly clear, but this is an attack with a difference: not a physical attack, but a cyber attack; and working out what a cyber attack means is never simple. The NATO member in question is the Baltic state of Lithuania, which was targeted on Monday by Russian hackers. According to the hackers, the attack is still going on.
Transport and media websites have been hit, as have the websites of various state institutions such as the Lithuanian tax service, which had to pause its operations yesterday.
READ THE STORY: SKY News
SLGA clients' information exposed on dark web following cyber attack
FROM THE MEDIA: The Saskatchewan Liquor and Gaming Authority (SLGA) is notifying some clients that their personal information may have been exposed on the dark web following a cyber attack. The Crown corporation announced it was the target of a cyber attack at the end of 2021. SLGA is now warning some regulatory clients that sensitive personal information obtained during permit and registration processes within the past five years may have been accessed.
READ THE STORY: CTV News
Microsoft Reports on Russian Cyber War and Disinformation Efforts In Ukraine
FROM THE MEDIA: Brad Smith, President and Vice-Chair of Microsoft, went with a non-traditional approach to corporate communications by opening his forward to the report with a brief march through the role and history of military technology:
“The recorded history of every war typically includes an account of the first shots fired and who witnessed them. Each account provides a glimpse not just into the start of a war, but the nature of the era in which people lived.
Historians who discuss the first shots in America’s Civil War in 1861 typically describe guns, cannons, and sailing ships around a fort near Charleston, South Carolina.
READ THE STORY: OODALOOP
The next big cyber threat is Russia – & blockchain
FROM THE MEDIA: The former head of cybersecurity for the British Army believes the next big cyber threat comes from Russia – as well as blockchain technology.
Jonathan Shaw CBE, who was recently listed in The Official Top 16 Digital Disruption Speakers to Book for 2022, sat down to discuss secure digital practices with Mark Matthews.
Asked where he believes the next big attack will come from, he says: “Security of cyberspace is an insecure medium – so much so that the Russians actually hacked into the NSA’s (US National Security Agency) database and found all of the backdoors.
READ THE STORY: Business Cloud
NATO to Call China 'Systemic Challenge' in Madrid Strategic Concept
FROM THE MEDIA: NATO is preparing to label China a "systemic challenge" in its Madrid Strategic Concept during a summit June 28-30, which is far short of explicitly calling China an adversary, Bloomberg reported June 27. NATO is also planning to eliminate a description of Russia as a "partner" and instead label the country a "direct threat."
The new Strategic Concept will lay out the alliance's key priorities over the next decade, in significant contrast with the 2010 Strategic Concept affirmed in Lisbon. In addition to scrapping the language around Russia as a partner and labeling China a systemic challenge, the Madrid Strategic Concept will focus calls to push back against Russian expansion in Eastern Europe, with strong language on spending goals, support for the Baltics and acceptance of new member states.
READ THE STORY: Worldview
As Rail Cyber Attacks Ramp Up, Startup Cervello Provides AI Security
FROM THE MEDIA: Passengers worry their train may be late, but railroad operators today face a far bigger problem – cyber attacks.
Their networks are vulnerable to hackers with the potential to sabotage signaling systems and digitally-controlled infrastructure, causing delays, system paralysis … or worse.
“Today, not only are railways becoming clear targets for malicious organizations and criminals, but they are also clear targets as national critical infrastructures – like we saw in Belarus with the latest events between Russia and Ukraine,” Roie Onn, CEO and co-founder of Cervello, tells NoCamels. The Israeli-founded company provides a non-intrusive AI-powered cybersecurity solution for railway operators and infrastructure managers.
READ THE STORY: No Camels
Items of interest
Crypto crash threatens North Korea’s stolen funds as it ramps up weapons tests
FROM THE MEDIA: The nosedive in cryptocurrency markets has wiped out millions of dollars in funds stolen by North Korean hackers, four digital investigators say, threatening a key source of funding for the sanctions-stricken country and its weapons programmes.
North Korea has poured resources into stealing cryptocurrencies in recent years, making it a potent hacking threat and leading to one of the largest cryptocurrency heists on record in March, in which almost $615 million was stolen, according to the U.S. Treasury.
The sudden plunge in crypto values, which started in May amid a broader economic slowdown, complicates Pyongyang’s ability to cash in on that and other heists, and may affect how it plans to fund its weapons programmes, two South Korean government sources said. The sources declined to be named because of the sensitivity of the matter.
It comes as North Korea tests a record number of missiles – which the Korea Institute for Defense Analyses in Seoul estimates have cost as much as $620 million so far this year – and prepares to resume nuclear testing amid an economic crisis.
READ THE STORY: WIN 98.5
How to setup a landing page and run a campaign in Gophish (Video)
FROM THE MEDIA: In this video, you will see how to create an Email Template for a phishing campaign in Gophish using.
The Creepiest OSINT Tool to Date -PINEYES (Video)
FROM THE MEDIA: The Creepiest OSINT Tool to Date.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com