Sunday, Aug 28, 2022 // (IG): BB //Sponsor: ShadowNews
New Agenda Ransomware appears in the threat landscape
FROM THE MEDIA: Trend Micro researchers recently discovered a new piece of targeted ransomware, tracked as Agenda, that was written in the Go programming language. The ransomware was employed in a targeted attack against one of the company’s customers. The investigation into the incident revealed that threat actor used a public-facing Citrix server as a point of entry, they likely used a valid account to access this server and perform lateral movements inside the victim’s network.
READ THE STORY: Security Affairs
Hidden Weakness: Cyberwarfare Can Bring Down Xi Jinping
FROM THE MEDIA: Domestic resistance to Chinese president Xi Jinping is currently manifesting in a wave of sensitive data leaks from within China. This is decisive for two reasons. First, it reveals a sharp value divergence between the policies and practices of the Communist Chinese regime and the rapidly changing political culture of the Chinese people. If this critical vulnerability is escalated by agents within or outside of China, it could lead to a crisis of legitimacy in Beijing.
READ THE STORY: National Interest
Microsoft report on a sustained phishing campaign by the SEABORGIUM threat actor
FROM THE MEDIA: The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely with Russian state interests. Its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. SEABORGIUM intrusions have also been linked to hack-and-leak campaigns, where stolen and leaked data is used to shape narratives in targeted countries.
READ THE STORY: SystemTek
A phony, U.S.-friendly social media campaign prompts questions
FROM THE MEDIA: Facebook and Twitter took down a network of fake accounts that promoted pro-Western messages in the Middle East and Asia, according to a splashy joint report Wednesday from Stanford University and the network analysis firm Graphika. A spokesperson for Meta, Facebook’s parent company, said it was the first time it “has removed a foreign-focused influence network promoting the United States’ position,” as my colleague Naomi Nix reported (with an assist from Ellen Nakashima).
READ THE STORY: WashingtonPost
LastPass Admits Hackers Stole Source Code, Proprietary Tech Info
FROM THE MEDIA: The last thing any company that makes its living from security wants is a security incident, but LastPass has confirmed that hackers penetrated the defenses of its development environment two weeks ago to steal its source code. “We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information,” the password management firm’s CEO Karim Toubba said in an advisory to customers.
READ THE STORY: Security Boulevard
North Korean hackers adopt complex methods to hide malware from analysts: Report
FROM THE MEDIA: A notorious North Korean hacking syndicate has adopted sophisticated techniques to ensure it deploys malware only against intended targets, making it harder for authorities to get their hands on the group’s malware and analyze it, according to security researchers Thursday. Seongsu Park, a malware analyst at cybersecurity firm Kaspersky, relayed the findings in a new report detailing the inner workings of the command and control (C2) servers behind the DPRK-backed Kimsuky’s Gold Dragon malware cluster.
READ THE STORY: NKNEWS
Hackers target passenger data base of Akasa Air
FROM THE MEDIA: Akasa Air- the country’s newest airline has faced a data leak of its passenger database, the airline announced on Sunday. The airline said that it has self-reported the incident to CERT-In- nodal agency tasked to deal with incidents of cyber security threats like hacking and phishing. Akasa Air is owned by the family of billionaire stock trader Rakesh Jhunjhunwala and former Jet Airways CEO Vinay Dube. It started operations on 7 August.
READ THE STORY: ET
Russia blamed for wave of hacker attacks in Southeast Europe
FROM THE MEDIA: Russia has been accused of being behind a wave of hacker attacks on the websites and social media of state institutions and political parties in Southeast Europe. While all countries in the region are now EU members or aspiring members, and several have joined NATO, Russia still seeks to maintain its influence in Southeast Europe. Since the invasion of Ukraine in February, there have been fears that Russia would use its remaining influence to destabilize the region. Montenegro’s National Security Agency (ANB) said on August 26 that several Russian agencies were behind a cyberattack on key IT systems of state institutions earlier in August. Outgoing Prime Minister Dritan Abazovic said that Montenegro was at the peak of a hybrid war.
READ THE STORY: BNE
Cyber Element in the Russia-Ukraine War & its Global Implications
FROM THE MEDIA: Cyber has become a focal point in the conduct of both civil and military operations. Given its emerging destructive potential, it was now become an independent ‘domain’ like land, sea, air, or space in the national military strategy of the United States (US). Besides being a new battle space, this domain serves as a force multiplier to increase or decrease the effectiveness of kinetic operations in terms of its ability to conduct surveillance, espionage, criminal activities; launch disinformation campaigns/propaganda; impact recruitment/planning; incite attacks; crush enemy morale and will to fight; gain insight into the latter’s planning and capabilities; and to mislead the public in order to secure strategic objectives.
READ THE STORY: Modern Diplomacy
US Pentagon Vows To Reduce Civilian Casualties In Military Engagements In New Blueprint
FROM THE MEDIA: Experts cautiously praise the 36-page blueprint but stress its success or failure will depend on how it is implemented AFTER MORE THAN two decades of wars and interventions that have killed an estimated 387,000 noncombatants , the Department of Defense has finally unveiled a comprehensive plan for preventing, mitigating, and responding to civilian casualties. The 36-page Civilian Harm Mitigation and Response Action Plan , or CHMR-AP — written at the direction of Secretary of Defense Lloyd Austin — provides a blueprint for improving how the Pentagon addresses civilian harm.
READ THE STORY: MENAFN
Face-tracking ‘earables,’ analog AI chips, and accelerating particle accelerators
FROM THE MEDIA: Kyle Wiggers is a senior reporter at TechCrunch with a special interest in artificial intelligence. His writing has appeared in VentureBeat and Digital Trends, as well as a range of gadget blogs including Android Police, Android Authority, Droid-Life, and XDA-Developers. He lives in Brooklyn with his partner, a piano educator, and dabbles in piano himself. occasionally — if mostly unsuccessfully.
READ THE STORY: UPJOBSNEWS
Anonymous collective, Squad303 to reveal list of Russians and Russian Companies Operating in Poland
FROM THE MEDIA: The anonymous collective, Squad 303, recently updated that they would soon come in with data that will feature list of Russians and Russian companies operating in Poland. They stated through a tweet that they would cover and present more European countries. Earlier this month, the group presented a list of Russians operating in the UK. The anonymous group forwarded this data to 10 selected editors. They even announced back then that they would be revealing databases for more European countries later in August. The recent update thus comes in as a recall to their word.
READ THE STORY: The Tech Outlook
Hacker tries to exploit bridge protocol, fails miserably: Finance Redefined
FROM THE MEDIA: Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. This past week, there were some major developments in the run-up to the upcoming Ethereum Merge slated for Sept. 15. Bitfinex became the latest crypto exchange to throw its support behind the chain split token. While DeFi bridge hacks have become a norm this year, developers behind Rainbow Bridge managed to foil an exploit attempt within seconds, leading to the hacker losing their safety deposit.
READ THE STORY: Cardano Feed
Pro-Russian Hacker group Killnet Expresses intention to Target TB2 Drone’s producer, Bayker
FROM THE MEDIA: The pro-Russian hacker group, Killent, recently suggested that they will target Baykar, the company that creates the TB2 drone. According to the hacktivist group, this drone impacted majorly in the Russia-Ukraine war. Additionally, targeting Baykar would also mean targeting Turkey. This information comes in through a recent Tweet update by CyberKnow through their Twitter handle @Cyberknow20.
READ THE STORY: The Tech Outlook
Patient information compromised in CNY data breach: How to know if you're one of them
FROM THE MEDIA: Personal information of 924,138 patients has been compromised in a ransomware attack on Practice Resources, LLC, a medical billing company that serves all Syracuse's hospitals and many other doctor's offices in Central New York. The compromised data reportedly includes patients’ names, home addresses, dates of treatment, health plan numbers, and medical record numbers, according to Practice Resources. PRL said it sent out data breach letters to all impacted individuals, alerting them to the incident and what they can do to protect themselves from identity theft and fraud.
READ THE STORY: CNYCENTRAL
Chinese envoy equates Taiwan crisis with docking of spy ship in Sri Lanka
FROM THE MEDIA: A heavily politically-loaded article by the Chinese envoy to Sri Lanka has equated the Taiwan issue with Indian opposition to the docking of a PLA spy ship at Hambantota. “In recent days, two pieces of news about China have widely caught the eye in Sri Lanka. Early this month, after Pelosi’s sneaky visit to China’s Taiwan region, the Chinese side responded with firm countermeasures immediately. Meanwhile, China and Sri Lanka resisted the rude and unreasonable interference from third parties and the Chinese scientific research vessel “Yuan Wang 5” successfully docked at the Hambantota Port,” wrote the Chinese Ambassador to Sri Lanka Qi Zhenhong.
READ THE STORY: Tribune India
India deploys 'swarm drones' along China and Pakistan borders
FROM THE MEDIA: Aimed at gathering intelligence and enhancing the combat potential of the troops, the Indian Army has recently inducted 'swarm drones' and deployed them along the borders with Pakistan and China to thwart any activities that undermine the country's sovereignty. Considered a force multiplier in military operations, the swarm drones can be used in offensive and defensive roles. It can provide surveillance inputs, undertake close recce of a particular area to confirm inputs from other intelligence, surveillance and reconnaissance resources, and engage varied targets like artillery and air-defence equipment, enemy command and control centres and opportunities.
READ THE STORY: AsianNet
Army to get swarm drones, light tank ‘Zorawar’
FROM THE MEDIA: Army’s Armored Corps and Mechanized Infantry are undergoing their biggest transformation in 30 years to include use of drones in a swarm, loitering ammunition, firing at targets beyond the line of sight and bring down enemy drones. All these new technologies are being integrated with the tank and mechanized formations. This is a key change in how tanks will be used in future battles. The two arms of the Army are now getting niche technology, including swarm drones procured from two Indian startup companies, sources said today.
READ THE STORY: Tribune India
Ukraine war: Underwater minehunter drone training a 'game changer' for clearing coastline
FROM THE MEDIA: More than a dozen Ukrainian personnel have already started a three-week course at a facility in southern England, learning how to operate and analyze data from the vessels. The drones scour seabeds using sonar technology and will be used by the Ukrainian navy to detect explosive threats in the water. The commander of Ukraine's unit - who did not want to be named - told Sky News the drones "will be very useful for us to clear the sea area, especially in a very critical region close to Odesa".
READ THE STORY: Sky News
Ransomware Operator Abuses Anti-Cheat Driver to Disable Antiviruses
FROM THE MEDIA: A vulnerable anti-cheat driver for the Genshin Impact video game has been abused by a threat actor to disable antivirus programs to facilitate the deployment of ransomware, cybersecurity firm Trend Micro reports. The driver, mhyprot2.sys, provides anti-cheat functions, but can be used to bypass privileges from user mode to kernel mode and to kill the processes and services associated with endpoint protection applications. The use of the driver, Trend Micro notes, is independent of the Genshin Impact game, and remains on user devices even after the game has been uninstalled.
READ THE STORY: SecurityWeek
'Sliver' Emerges as Cobalt Strike Alternative for Malicious C2
FROM THE MEDIA: Enterprise security teams, which over the years have honed their ability to detect the use of Cobalt Strike by adversaries, may also want to keep an eye out for "Sliver." It's an open source command-and-control (C2) framework that adversaries have increasingly begun integrating into their attack chains. "What we think is driving the trend is increased knowledge of Sliver within offensive security communities, coupled with the massive focus on Cobalt Strike [by defenders]," says Josh Hopkins, research lead at Team Cymru. "Defenders are now having more and more successes in detecting and mitigating against Cobalt Strike. So, the transition away from Cobalt Strike to frameworks like Sliver is to be expected," he says.
READ THE STORY: DarkReading
“Defense is the New Offence”: A Taiwanese Perspective for Cyberspace & Takeaways for India
FROM THE MEDIA: The recent Taiwan visit by US Congresswoman Nancy Pelosi brought the increasing cyber threats to national security to light again. According to Taipei Times, systems like electronic bulletin boards at railway stations and convenience stores were hacked, and government websites were attacked and brought down, even before Pelosi arrived on the island nation. It was reported that television screens behind cashiers in some of the 7-Eleven convenience stores—a US-based multinational retail company—were compromised to display statements like “Warmonger Pelosi, get out of Taiwan!”. In another instance, an electronic board at the Sinzuoying railway station showed a message in simplified Chinese which translated into “The visit of the old witch to Taiwan is a serious challenge to the core of the country.
READ THE STORY: Modern Diplomacy
Cyber Security Headlines: North Korea at Black Hat, Ransomware attacks jump, Pentagon software requirements
FROM THE MEDIA: IronNet, a security firm hired to assist at Black Hat’s Network Operations Center discovered several active malware infections on the network including SHARPEXT, which has been attributed as having direct connections to North Korea’s top leadership. The threat hunters stated that during the conference, they observed numerous callouts from four unique hosts to three domains associated with the North Korean malware.” This might have been from someone who had SHARPEXT on their machine, bringing it into the conference, or picking it up while there. The SHARPEXT browser extension is typically installed on a victim’s Windows PC once it’s been compromised via some other vulnerability or infection route.
READ THE STORY: CISOSERIES
Ransomware: Burglars disable antivirus with anti-cheat driver
FROM THE MEDIA: Trend Micro reports an unusual find. In the case of a ransomware attack, the intruders terminated the installed virus protection using a signed anti-cheat driver from a game. Signed drivers can be loaded in 64-bit systems without error messages in kernel mode, i.e. with the highest access rights in the system. So does the driver mhyprot2.sys
to protect against unwanted cheating by players of the popular game Genshin Impact.
READ THE STORY: California 18
City warns ransomware attack strikes Hamilton water customers
FROM THE MEDIA: The city says a third-party vendor that handles mail for Hamilton water customers was hit by a ransomware attack. As many as 2,387 accounts — out of a total of 156,923 — may have been breached. The compromised personal information could have included customer names and addresses, the city said in a news release Friday. “Hamilton Water considers this is a low-risk incident for residents, but felt it important to inform the community.”
READ THE STORY: The Spec
Shout-out to whoever went to Black Hat and had North Korean malware on their PC
FROM THE MEDIA: The folks tasked with defending the Black Hat conference network see a lot of weird, sometimes hostile activity, and this year it included malware linked to Kim Jong-un's agents. In their second year of helping protect the infosec event's Network Operations Center (NOC), IronNet's team said it flagged 31 malicious alerts and 45 highly suspicious events, according to the team's postmortem report.
READ THE STORY: The Register
Items of interest
Scammers Made Deepfake AI Hologram of Binance Executive
FROM THE MEDIA: Earlier in April this year, an interesting story surfaced revealing how scammers are using AI-generated images to represent fake law firm and scam unsuspecting users and businesses. This time around, scammers have taken scamming techniques a notch higher by creating a Deepfake hologram of one of Binance executives. For your information, Binance is the world’s largest cryptocurrency exchange. Binance’s chief communication officer, Patrick Hillmann revealed that a “sophisticated” team of hackers is using video footage of his previous television appearances and interviews and digitally modifying it to make his AI hologram.
READ THE STORY: HackRead
A North Korean Assassin (Video)
FROM THE MEDIA: On January 17th 1968, 31 North Korean special force members crossed into South Korea to kill the President. Kim Shin Jo is one of two survivors who lived to share their story.
Life Inside North Korea’s Hacker Army (Video)
FROM THE MEDIA: North Korea has sent hundreds of programmers abroad to make money by any means necessary. With the latest U.S. hacking charges, we take a look at the lives of this secret army, their fears and dreams.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com