Wednesday, Aug 17, 2022 // (IG): BB //Sponsor: Zanes Hand Made
Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign
FROM THE MEDIA: Microsoft's Threat Intelligence Center (MSTIC) has taken steps to disrupt the operations of "Seaborgium," a Russia-based threat actor that has been involved in persistent spear-phishing and credential-theft campaigns aimed at organizations and individuals in NATO countries since at least 2017. The threat actor's primary motivation appears to be cyber espionage. Its victims include numerous organizations in the defense and intelligence communities, nongovernmental organizations, think tanks, higher-education institutions, and intergovernmental organizations, mainly in the US and UK.
READ THE STORY: DarkReading
US urged to imitate Ukraine’s collective cyber defense
FROM THE MEDIA: The U.S. has been called upon by National Cyber Director Chris Inglis to replicate Ukraine's collective cyber defense strategy involving government agencies, companies, and its residents in an effort to combat more sophisticated threats, reports The Record, a news site by cybersecurity firm Recorded Future. Such need for collective action in cybersecurity is highlighted by the Colonial Pipeline ransomware attack last year, which compromised gas supply to millions of customers across the East Coast as a result of a person's inadequate cyber hygiene, said Inglis at the DEF CON hacking conference.
READ THE STORY: SCMAG
Breaking down silos and adopting a 'whole-of-state' cybersecurity approach
FROM THE MEDIA: As cybersecurity practitioners who have spent decades in the battle to protect our country’s digital space, we must admit that we’re still talking about the same challenges year after year. At the top of the list is lack of visibility of cyber threats. Even though we have seen state, local and educational organizations make incremental changes and improvements in securing their networks and citizen data, we are, quite frankly, still far behind the adversary.
READ THE STORY: Statescoop
Security Firms Find Over 20 Malicious PyPI Packages Designed for Data Theft
FROM THE MEDIA: Kaspersky is warning of two such packages – ‘ultrarequests’ and ‘pyquest’ – that were masquerading as ‘requests’, a highly popular open source package. The malicious repositories copied the description from the legitimate package and contained fake statistics. The malicious packages contained nearly identical code as ‘requests’, but were designed to write to a temporary file a one-liner Python script designed to fetch a next-stage script that in turn downloads and executes the final payload. Called ‘W4SP Stealer’, the final payload is a Python trojan that collects saved cookies and passwords from browsers and Discord tokens, and sends them to the threat actor via a Discord webhook.
READ THE STORY: Security Week
RedAlpha targets think tanks and humanitarian organizations.
FROM THE MEDIA: Recorded Future describes a credential-phishing campaign by the suspected Chinese state-sponsored threat actor RedAlpha that's been targeting "humanitarian, think tank, and government organizations globally" since 2019: "Over the past 3 years, we have observed RedAlpha registering and weaponizing hundreds of domains spoofing organizations such as the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan (AIT), and other global government, think tank, and humanitarian organizations that fall within the strategic interests of the Chinese government.
READ THE STORY: The CyberWire // Techmonitor
Army lesson from Ukraine war: cyber, EW capabilities not decisive on their own
FROM THE MEDIA: One of the key observations the U.S. Army is taking from the war in Ukraine is that non-kinetic capabilities such as cyber and electronic warfare must be combined with other weapons in order to achieve their full potential on the battlefield. “The conflict also reveals an important aspect of both EW and cyber: neither is dominant on its own and they work best when converged with other multi-domain effects,” Lt. Gen. Maria Gervais, deputy commanding general and chief of staff at Training and Doctrine Command, said during a presentation at the TechNet Augusta conference on Tuesday.
READ THE STORY: FedScoop
How Russian Information Operations Are Trying to Win the War
FROM THE MEDIA: The Russian government has been waging war against the truth for many decades. Reports suggest Stalin coined the term dezinformatsiya (disinformation) as the name of a KGB propaganda department back in the 1920s. Today, state-backed efforts to distort objective facts and influence public opinion lie at the heart of the Kremlin's war machine. As our latest research reveals, it is using tried-and-tested channels both to create and exacerbate divisions between Western-allied countries and to influence voters to oppose their governments' support for Ukraine.
READ THE STORY: InfoSec Mag
Former US Cyber Command and NSA chief makes the case for a cyber competition strategy
FROM THE MEDIA: Cyber threats to national security and prosperity are today better understood, better prioritised and far better resourced than in decades past. Cyber as a domain, as a threat and as a key opportunity is now a firmly established and essential element of military strategy and capability. Yet today, state, non-state and individual cyber actors have greater capability, capacity and willingness to use cyber tools aggressively for malicious purposes, and their tolerance for risk has grown.
READ THE STORY: ASPI
Explosions rock Russian ammunition depot in Crimea...Russia calls attack 'sabotage'
FROM THE MEDIA: Meanwhile over in Ukraine, blasts have rocked a Russian military depot in Crimea. Russia called the explosions an "act of sabotage"while Ukrainian presidential adviser shared on social media that what happened is "demilitarization in action". Lee Shi-hoo reports. Explosions rocked a military depot on the Russian-occupied Crimean Peninsula in Ukraine on Tuesday. The blasts occurred at an ammunition depot and other facilities in the village of Maiskoye, which serves as an important supply line for Russia. The attack led to fires, injuries to at least two people, and caused more than 3-thousand residents to evacuate.
READ THE STORY: ARIRANG
Cyber Security: Oracle vetting TikTok's algorithms to ensure no US data access to China
FROM THE MEDIA: Cloud major Oracle is now vetting short-form video platform TikTok's content moderating algorithms to ensure that the Chinese government does not have access to the US users' data. According to Axios, all new US user traffic on TikTok, owned by Chinese tech giant ByteDance, is being routed to Oracle's cloud infrastructure. However, it is "still unclear when TikTok will be done with migrating all of its previous US user data over to Oracle's cloud," the report said late on Tuesday.
READ THE STORY: IBT
Beijing-linked influence campaign takes aim at Western investors
FROM THE MEDIA: The Chinese government has been linked to an online disinformation campaign trying to undermine the investment plans of Western companies developing rare earth mineral (rare earth) deposits, as Beijing seemingly resorts to cyber warfare to defend the country’s leadership in strategic vectors. According to cyber security firm Mandiant, the online influence campaign Dragonbridge spread fake news about Australian rare earths mining and processing firm Lynas and other rare earth companies. Dragonbridge comprises a network of thousands of inauthentic accounts across numerous social media platforms, websites and forums that promote narratives to support Chinese political interests, Mandiant argues.
READ THE STORY: FDI
China Using Numerous Monitoring Cameras and Big Data to Suppress Religious Groups and Rights Defenders, Files Show
FROM THE MEDIA: Rural areas of China’s eastern coastal Shandong Province have installed hundreds of thousands of surveillance cameras since 2013 as a part of its massive monitoring system, initiating a monitoring model which became known as the “Sharp Eyes Project.” The main targets of the system are Falun Gong adherents and rights defenders, according to official documents viewed by the Chinese language edition of The Epoch Times.
READ THE STORY: The Epoch Times
India: BharatPay data breach: Personal data, transaction details of 37,000 users leaked online
FROM THE MEDIA: On August 13, CloudSEK’s threat intelligence arm, XVigil, found that BharatPay’s backend database containing customers’ personal information, bank balance, and transaction data from Feb. 2018 to Aug. 2022 was leaked on a cybercrime forum. BharatPay provides various digital financial services, including fund transfers and cash deposits, to customers as well as merchants by partnering with numerous distribution networks all across India. According to the company website, BharatPay operates in 11 states with more than 50,000 retail outlets. The firm also offers prepaid cards which can be issued to a customer via its partner network.
READ THE STORY: ET
Mailchimp suffers second breach in 4 months
FROM THE MEDIA: Mailchimp suffered another data breach earlier this month, and this one cost it a client. In a statement Friday, Mailchimp disclosed that a security incident involving phishing and social engineering tactics had targeted cryptocurrency and blockchain companies using the email marketing platform. It was the second Mailchimp breach to target cryptocurrency customers in a four-month span. Though Mailchimp said it has suspended accounts where suspicious activity was detected while an investigation is ongoing, it did not reveal the source of the breach or scope of the attack.
READ THE STORY: TechTarget
Lucky Mouse APT using chat app in cross-platform infiltration campaign
FROM THE MEDIA: Cybersecurity groups SEKOIA and Trend Micro have released reports detailing the activities of China-based advanced persistent threat actor Lucky Mouse and its use of a trojanized version of the MiMi chat application to attack systems, according to The Hacker News. Lucky Mouse, also known as APT27, Iron Tiger, Bronze Union and Emissary Panda, has been active since 2013 and is known to perform breaches into targeted networks for political and cyberespionage purposes in line with Chinas interests. Its latest campaign has affected up to 13 entities in the Philippines and Taiwan, including eight that were hit by rshell attacks, with the first breach reported in mid-July 2021.
READ THE STORY: SCMAG
Website that lets you send poop through the post gets hacked
FROM THE MEDIA: A known threat actor has hacked his way into notorious revenge website ShitExpress and leaked the company's secure data, including customer email addresses and the messages they sent through the platform. ShitExpress is an online service that allows people to send actual faeces, through the post, to whomever they desire. It’s designed to be a prank site, where people can purchase a piece of animal faeces and have it delivered to someone’s door, in a box, together with a personalized message.
READ THE STORY: TechTarget
RTLS systems vulnerable to MiTM attacks, location manipulation
FROM THE MEDIA: Security researchers have uncovered multiple vulnerabilities impacting UWB (ultra-wideband) RTLS (real-time locating systems), enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data. RTLS technology is widely used in industrial environments, mass transit, healthcare, and smart city applications. Its primary role is to assist in safety by defining geofencing zones using tracking tags, signal reception anchors, and a central processing system.
READ THE STORY: Bleeping Computer
Kaspersky: North Korean state-sponsored hackers behind the Maui ransomware attacks
FROM THE MEDIA: In July this year, the US Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury (Treasury) issued a warning to healthcare organizations around the country on the possibility of being under threat of attacks from North Korean state-sponsored actors. At that time, the hacking group Andariel had been employing a never-before-seen Maui ransomware against US healthcare organizations since April 2021.
READ THE STORY: Tech HQ
Next Front in Ransomware Is to Make Hacked Data Publicly Searchable
FROM THE MEDIA: A ransomware group known as Black Cat is waging an aggressive campaign against scores of companies in the US and Europe, adopting a novel technique to pressure victims into paying expensive extortion fees. Ransomware groups typically used to just encrypt a victim’s files and demand a payment to unlock them. Then many of them began stealing files, too, threatening to post the data unless they were paid an additional fee. But often the stolen data was difficult to access.
READ THE STORY: Bloomberg
Argentina judiciary targeted by new ‘Play’ ransomware group
FROM THE MEDIA: Argentina’s Judiciary of Córdoba has been forced to suspend its information technology services after being targeted in a ransomware attack. The attack is reported to have taken place on Aug. 13 and involves a fairly new ransomware group going by the name of “Play.” Bleeping Computer reported Monday that as a result of the attack, judiciary employees have been forced to resort to using pen and paper to create and process official documents.
READ THE STORY: SiliconAngle
Clop Ransomware Gang Breaches Water Utility, Just Not the Right One
FROM THE MEDIA: South Staffordshire plc, a UK water-supply company, has acknowledged it was the victim of a cyberattack. Around the same time, the Clop ransomware group started threatening Thames Water that it would release data it has stolen from the utility unless Thames Water paid up. The problem? Thames Water wasn't breached. Apparently, Clop got its UK water companies confused. South Staffordshire serves about 1.6 million customers and recently reported that it was targeted in a cyberattack and was "experiencing a disruption to out corporate IT network and our teams are working to resolve this as quickly as possible." It added there has been no disruption on service.
READ THE STORY: DarkReading
How a Seattle-area school district recovered from a ransomware attack
FROM THE MEDIA: The Northshore School District, appropriately located on the northern shore of Lake Washington, near Seattle, was the victim of a major cyberattack in 2019. The incident made national news, headlines that Jon Wiederspan, the district’s network operations manager, said Tuesday still haunt him nearly three years on. “We first found out about [the attack] at 5 a.m. on a Saturday and we had scheduled an update to our student information system,” Wiederspan said during an online event hosted by the K12 Security Information Exchange. “When the system analysts logged in, the student information system wasn’t there. Instead, there was a page advertising Ryuk.”
READ THE STORY: StatesScoop
EV charging stations vulnerable to hackers – so how defend your fleet?
FROM THE MEDIA: As a string of recent examples show, cybercriminals are increasingly targeting charging stations for electric vehicles. What are the risks for your fleet, and how do you defend yourself against these attacks? Cybercrime is an eternal online race between the good guys and the bad guys; hackers aim for the lowest-hanging fruit and move on as soon as a particular threat has been identified and the problem fixed.
READ THE STORY: FleetEurope
Hackers really aren't letting schools enjoy the summer holidays
FROM THE MEDIA: Summer holidays may still be in full swing, but hackers aren’t resting - with schools and universities around the world under attack. Check Point Research (CPR) has examined the state of cybersecurity in the education and research sector, finding it has been under increasing attack throughout the year, and is under more pressure than other industries. In fact, every month throughout 2021 and 2022 saw hackers target the education and research sector more than any other, with a 114% increase over the past two years. What’s more, in July 2022 alone, there were twice as many weekly cyberattacks, compared to other industries’ average.
READ THE STORY: TechRadar
USBs Still a Major OT Infection Vector
FROM THE MEDIA: Removable media represents the second greatest threat to operational technology (OT) systems so far this year, according to new data from IBM X-Force. The vendor analyzed its incident response and managed security services (MSS) data in light of the ongoing threat from Russia and a fast-expanding digital attack surface for many OT asset owners and operators. It revealed that phishing was the number one initial access vector for attackers in 2021, and was present in 78% of incidents analyzed over January-June 2022. However, tying for second place were scanning and exploitation of vulnerabilities and use of removable media (both 11%).
READ THE STORY: InfoSecurity
Hanes plans more SKU cuts to lower bloated inventory levels
FROM THE MEDIA: Hanes is taking measures to slim down its inventory after a quarter that left it cash strapped and with products clogging its shelves. The company was left with even more excess inventory than expected last quarter after a cyberattack paralyzed parts of its global supply chain network and limited its ability to fulfill orders for nearly three weeks, Bratspies said. The clothing maker disclosed in a May 31 securities filing that it “had become subject to a ransomware attack,” which Dastugue noted ultimately cost the company $100 million in sales and $35 million in operating profits over the quarter. The clothing company noted in its earnings report that it believes the incident has been “contained” and that there is no ongoing operational impact.
READ THE STORY: SupplyChainDive
Ukraine nuclear power company says Russia attacked website
FROM THE MEDIA: Ukraine’s state nuclear power company Energoatom said Russian-based hackers launched a major three-hour attack on its website but had not caused significant problems. “The Russian group ‘People’s Cyber Army’ carried out a cyber attack using 7.25 million bot users, who simulated hundreds of millions of views of the company’s main page,” Energoatom said in a statement on Tuesday.
READ THE STORY: Aljazeera
Items of interest
Ohio Raises a Volunteer Army to Fight Election Hacking
FROM THE MEDIA: Chris Riling says he “could never join the military.” He’s 37, has cerebral palsy, and wouldn’t have managed basic training, he says.
Yet he recently swore an oath to protect the country and obey his commanding officers. At any moment, Ohio’s governor can call him up for active duty reporting to the state’s National Guard. And if he missteps, he can be tried under the Ohio Code of Military Justice.
That’s because Riling, a systems architect at Cisco Systems Inc., is a volunteer for a novel kind of civilian reserve—a group of mostly private-sector tech professionals tasked with combating cyberattacks in the state. Right now, in the runup to the midterms, the group’s focus is election integrity: Voting-related hacking attempts could have disastrous implications for American democracy if successful, and cash-strapped state and local governments are often ill-equipped to face down new technological threats. Already, other states are seeking to copy Ohio’s model as they race to catch up with the threat of ransomware hacks, election interference, and other punishing cyberattacks, both foreign and domestic.
READ THE STORY: BloomBerg
IFCYBER Seminar: Cybercrime meets Cyberwarfare: Russian Ransomware Gangs with Prof Andrew Goldsmith (Video)
FROM THE MEDIA: This presentation relates to some recent work done with Prof David Wall (Leeds University) for the Global Initiative against Transnational Crime. GI is a Geneva/Vienna based non-governmental organisation focused on building and sharing knowledge on transnational crime and related policy responses. The focus of the work is the intersection between ransomware operations and the Russian/Ukraine conflict.
Shining a Light on THE DARK WEB (Video)
FROM THE MEDIA: The dangers that lurk on the Dark Web. Many people who have visited have said they have seen things they never wanted to see. We Take you There.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com