Thursday, Sept 01, 2022 // (IG): BB //Sponsor: ShadowNews
China-linked APT40 gang targets wind farms, Australian government
FROM THE MEDIA: Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC) said on Tuesday they had identified a cyber espionage campaign that delivers the ScanBox exploitation framework through a malicious fake Australian news site. The campaign, active from April to June of this year, targeted Australian government agencies, Australian media companies and manufacturers who conduct maintenance on wind turbine fleets in the South China Sea. Proofpoint said the victim profile was similar to a June 2021 TA423 threat that delivered a downloader in DLL format via RTF template injection.
READ THE STORY: The Register // Technology Decisions // Oilprice // Cyberscoop
Chinese state hackers targeted Australian federal and local gov
FROM THE MEDIA: Threat actors believed to be sponsored by China are said to be behind espionage campaigns around the world, with Australian local and federal government agencies among the targets. The Australian Navy is believed to have been one of the targets of a sophisticated phishing campaign, security researchers said. Security vendor Proofpoint with the help of management consultants PwC have presented an analysis of campaigns attributed to the TA423 / Red Ladon hacking group, which aimed to plant malware through the ScanBox Javascript reconnaissance attack kit.
READ THE STORY: iTnews
Italian Oil Major Becomes Victim Of Ransomware Attack
FROM THE MEDIA: Italian oil major Eni reported a cyberattack on its computer networks on Wednesday. The attack appeared to be a ransomware attempt that has dealt only minor damage according to the Italian company. A company representative told Bloomberg News on Wednesday that “Eni confirms that the internal protection systems have detected unauthorized access to the company network in recent days,”. Cybercrime syndicates are increasingly using ransomware to attack companies in the energy sector as continuity of service is extra important for energy companies.
READ THE STORY: Oilprice // SecurityAffairs
Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack
FROM THE MEDIA: A cryptomining campaign has potentially infected thousands of machines worldwide by hiding in a Google Translate download for desktops. According to researchers at Check Point, the threat actor behind it is a Turkish-speaking software developer called Nitrokod, which offers free versions of popular software applications that don't have an official desktop version — like Google Translate.
READ THE STORY: DarkReading
Google Chrome bug lets sites write to clipboard without asking
FROM THE MEDIA: Chrome version 104 accidentally introduced a bug that removes the user requirement to approve clipboard writing events from websites they visit. This functionality isn't limited to Google Chrome. Safari and Firefox also allow web pages to write to the system clipboard, yet they have gesture-based protections in place. Chrome developers have identified the problem but a fix has yet to come, so it persists in current versions of the Google Chrome browser for mobile and desktop.
READ THE STORY: Bleeping Computer
Judge Certifies Lawsuit Alleging CRA Allowed Hackers to Breach Thousands of Online Taxpayer Accounts
FROM THE MEDIA: A federal judge has certified a class action lawsuit alleging that the Canada Revenue Agency (CRA) allowed thousands of taxpayer identities to be breached by hackers, who then used the information to illegally collect Canada Emergency Response Benefit (CERB) payments. Based on the accusations of the case’s plaintiff, BC resident Todd Sweet, federal judge Richard Southcott wrote it appears that thousands of Canadians “were vulnerable to hackers from approximately June to August of 2020” because the CRA allegedly was dealing with “operational failures” that prevented it from securing online taxpayer portals.
READ THE STORY: The Epoch Times
134K Common Ground plan members added to vendor’s ransomware fallout
FROM THE MEDIA: Common Ground Healthcare Cooperative recently informed 133,714 plan members that their data was likely accessed during a hacking incident and subsequent ransomware attack of its mailing vendor, OneTouchPoint. OTP previously issued a notice on behalf of 30 health plans as impacting 1.07 million individuals. The patients from CGHC and the separate notice from Aetna ACE in Connecticut for 326,278 members brings the total OTP breach tally to over 1.53 million affected individuals.
READ THE STORY: SCMAG
This James Webb telescope image may be hiding more than just the stars
FROM THE MEDIA: A new phishing campaign is taking advantage of interest in the images captured by the James Webb telescope to infect victims with malware, analysts have warned. A report(opens in new tab) from security firm Securonix found cybercriminals are embedding malware capable of bypassing antivirus filters into an image of the SMACS 0723 galaxy cluster, published by NASA earlier this year. Although at first the image appears entirely innocuous, inspecting the file in a text editor reveals code designed to trigger the download of a malicious executable.
READ THE STORY: Techradar // The Register
Organizing a cyber militia
FROM THE MEDIA: Cybersecurity experts in many countries have long speculated about how effective cyber reserve forces might be prepared and mobilized. Ukraine's "IT Army" may provide a model, a via media between loosely inspired hacktivism and highly structured military reserve forces. Recorded Future has an interview with a "high ranking member of the force" (identity withheld for the official's safety--he's identified only as "IT Admin") in which that official describes how the IT Army has evolved, and how it's serving in the current war.
READ THE STORY: The CyberWire
Chile says gov’t agency struggling with ransomware attack
FROM THE MEDIA: Chile’s cybersecurity incident response team said an unnamed government agency is dealing with a ransomware attack that targeted the organization’s Microsoft tools and VMware ESXi servers. Chile’s CSIRT said the attack started last Thursday but did not respond to requests for comment about what group was behind the attack or what department or agency was attacked. In a statement, the cybersecurity agency explained that during the attack, the extension “.crypt” was added to all files in the department’s system.
READ THE STORY: The Record
Chinese hackers caught impersonating Australian media
FROM THE MEDIA: Government officials have reacted with concern after a Chinese government-affiliated hacking group was caught impersonating Australian media organizations to target military, government, and public health organizations with information-stealing ScanBox malware. The activities of the Chinese government-linked group, known by some as TA423/Red Ladon and others as APT40, have been monitored for several years in numerous countries as it targets countries with Belt and Road Initiative-related interests.
READ THE STORY: ACS
China’s hacking groups APT41, APT27 target government institutions, companies
FROM THE MEDIA: China’s state-sponsored hacking group dubbed “Advanced Persistent Threats (APT)” is a decade-old group that targets government institutions and companies globally. Grusha Bose, a Fellow Researcher, writing in Indo-Pacific Center for Strategic Communications (IPCSC) said that The APT41 and APT27 are the oldest and most dangerous groups currently active and have shown advanced capabilities in jeopardizing a country’s national security. China’s APTs hacker groups use unusual malware tools to exploit government institutions’ vulnerabilities to meet its espionage agenda.
READ THE STORY: The Print
South Korean Cybersecurity Experts Play Cat-and-Mouse With the North’s Hackers
FROM THE MEDIA: Kay Kyoung-ju Kwak, a South Korean cybersecurity researcher, can usually tell when malware emanates from his neighbors to the north: They drop clues in the malicious code that show they understand their adversary. “Sometimes they put a K-pop star name in there,” he says, laughing. “They don’t like BTS.” (Instead, he says, they prefer the all-female ensemble Girls’ Generation.) Kwak says he’s also stumbled across digital evidence of North Koreans illegally downloading South Korean soap operas, presumably to entertain themselves when their shifts end.
READ THE STORY: Bloomberg
Crypto.com Accidentally Transfers $7.2 Million to A Customer Instead of a $68 Refund Due to Typo
FROM THE MEDIA: It turns out typo is not just a significant issue in texting as Crypto.com accidentally releases $7.2 million USD to an Australian customer amounting to $10.5 million AUD, instead of sending a refund of $68 USD or $100 AUD. But, before they know it, presumably, a large portion of the money has already been spent. Crypto.com, one of the world's largest cryptocurrency trading platforms, is no longer exempt from typos. According to The Verge, instead of making a little refund, someone from Crypto put the incorrect account number in the payment area and mistakenly paid a massive sum, $7.2 million, to be precise.
READ THE STORY: Techtimes
Is China Using Cyberattacks To Maintain Its Rare Earth Dominance
FROM THE MEDIA: For the longest time, the world relied solely on China for its supply of rare earths. Now, it seems that most countries have woken up to the “rare earths reality.” That is, we are starting to understand how important these elements are for vital sectors like defense as well as for products we use every day, like cars. Moreover, we’re starting to realize that we can’t let one single nation control the entire supply chain. This changing attitude has encouraged many countries, including the US, to start tapering their reliance on China for critical metals and minerals. However, it’s possible this shift has not gone over well with the Chinese government. This is particularly evident given the growing number of cyber attacks on rare earth producers of late.
READ THE STORY: Oilprice // AG Metal Miner
US officials order Nvidia to halt sales of top AI chips to China
FROM THE MEDIA: Chip designer Nvidia Corp said US officials told it to stop exporting two top computing chips for artificial intelligence work to China, a move that could cripple Chinese firms' ability to carry out advanced work like image recognition and hamper Nvidia's business in China. Nvidia shares fell 6.6% after hours. The company said the ban - which affects its A100 and H100 chips designed to speed up machine learning tasks - could interfere with the completion of developing the H100, the flagship chip Nvidia announced this year.
READ THE STORY: ET
Social media's role in spreading U.S. election disinformation in the spotlight
FROM THE MEDIA: We have discussed election security for many years, perhaps more so within the last ten years with the documented confirmation of interference by nation states (Russia, China and Iran). Until recently, however, domestic election interference that leverages the power of social networks wasn’t recognized and, frankly, didn’t exist. The power of social media to influence elections has now been thrust into the spotlight again with the whistleblower allegations of Twitter’s former CISO.
READ THE STORY: CSO
A Damage Assessment of Trump’s “Declassification Defense
FROM THE MEDIA: On Friday, the Director of National Intelligence (DNI) Avril Haines informed Congress that her office will lead an “assessment of the potential risk to national security that would result from the disclosure of the relevant documents” that were housed at former President Donald Trump’s residence at Mar-a-Lago. We can already anticipate broad outlines of what such an assessment may find – not in terms of the substantive policy areas and intelligence product that the classified documents cover because that is currently unknown, but in terms of the sources and methods potentially compromised by such disclosures based on publicly available information about the classified material at issue.
READ THE STORY: Just Security
Blackbaud Escapes Suit Over Ransomware Attack of Patient Data
FROM THE MEDIA: Blackbaud Inc. won’t have to face negligence and breach of contract claims brought by Trinity Health Corp. over a 2020 ransomware attack that exposed patient and donor data, after a federal judge ruled that the health nonprofit couldn’t prove that the breach caused it to incur expenses.
READ THE STORY: Bloomberg Law
RaaS operations fueling ransomware attacks
FROM THE MEDIA: Successful ransomware attacks reported in July totaled 198, which was 47% higher than in June, with the increase largely attributed to ransomware-as-a-service groups, Threatpost reports. Most of the attacks were conducted by the Lockbit ransomware gang, with a total of 62 attacks last month, which was an increase of 10 from June, according to a report from NCC Group. Meanwhile, Hiveleaks with 27 attacks and BlackBasta with 24 attacks were the second and third most active groups, respectively, representing a 440% and 50% increase in number of attacks from June.
READ THE STORY: SCMAG
Montenegro blames criminal gang for cyber attacks on government
FROM THE MEDIA: Montenegro on Wednesday blamed a criminal group called Cuba ransomware for cyber attacks that have hit its government digital infrastructure since last week, described by officials as unprecedented. Public Administration Minister Maras Dukaj told state television the group had created a special virus for the attack called Zerodate, with 150 work stations in 10 state institutions becoming infected. read more
READ THE STORY: Reuters
NSA, Cyber Command mobilizing Election Security Group to fight foreign cyberattackers
FROM THE MEDIA: The National Security Agency and Cyber Command have activated their Election Security Group tasked with disrupting foreign cyberattackers aiming to hack or interfere with the upcoming midterm elections, assembling a team to combat threats coming from China, Iran and Russia. The group uses its foreign signals and intelligence collection capabilities to identify attackers and their intent and then fights against attackers by exposing them publicly, making their financial costs skyrocket, and by deploying other techniques.
READ THE STORY: Washington Times
Russian Hackers Penetrate NATO Defenses; Sell Secret Documents Online Of Missile Systems Used In Ukraine
FROM THE MEDIA: More specifically, hackers are selling the dossiers containing data linked to MBDA Missile Systems, a pan-European company that develops and manufactures missiles. MBDA has admitted that its data was among the stolen data posted by hackers online for sale. However, it has also maintained that none of the classified files came from the firm and that the information was hacked from a compromised external hard drive.
READ THE STORY: EurAsian Times
Air Force assessing information warfare lessons from Ukraine-Russia conflict
FROM THE MEDIA: The Russian invasion of Ukraine is providing an important case study for how information warfare can play out in the modern era, according to a top U.S. Air Force general. “As we’re in competition leading up to this crisis, the ability of our enterprise to support our senior leaders and the [intelligence community] and the sharing with our secretary of state, with the National Security Council, with the president, with the secretary of defense — and the ability of us to share information with our partners and allies to tell them exactly what was going to happen at the timing of tempo when it happened — was amazing,” Lt. Gen. Kevin Kennedy, commander of 16th Air Force, said Wednesday in a presentation at the Department of the Air Force Information Technology and Cyberpower conference in Montgomery, Alabama.
READ THE STORY: FEDSCOOP
Belarusian hacktivists try NFTs to support antigovernment campaign
FROM THE MEDIA: The Belarusian Cyber Partisans, a hacktivist collective working to topple the autocratic leadership of Belarus, listed a series of digital “passports” related to Belarusian President Aleksandr Lukashenko and his associates as NFTs for sale Tuesday, hoping to raise money for continued actions against the government. The “passports” were mock-ups based on information from the national passport database the group hacked in 2021, the Cyber Partisans said. NFTs, short non-fungible tokens, give buyers ownership of a particular asset, and can serve as a way to support artists and creators.
READ THE STORY: CyberScoop
State Department debars ex-NSA cyber mercenaries who aided vast UAE surveillance operation
FROM THE MEDIA: The State Department has banned three former National Security Agency employees from working on any matters related to International Traffic in Arms Regulations, which regulates the sale of military technologies overseas, due to their involvement in helping the United Arab Emirates carry out a widespread surveillance campaign to spy on dissidents, journalists and politicians as well as U.S. companies.
READ THE STORY: Cyberscoop
Tether responds to Wall Street Journal ‘disinformation’
FROM THE MEDIA: Tether Holdings Limited has clapped back at The Wall Street Journal over an article it claims spread “false information” about the stablecoin issuer’s profitability, solvency and accounting standards. In a Monday article, the Journal claimed that Tether could be deemed “technically insolvent” if its assets fell just 0.3%. That conclusion was drawn from Tether’s reported assets and liabilities as of Thursday. One week prior, Tether published its latest attestation showing $67.7 billion of reported assets against $67.5 billion of liabilities.
READ THE STORY: CoinTelegraph
How AI Distorts Decision-Making and Makes Dictators More Dangerous
FROM THE MEDIA: In policy circles, discussions about artificial intelligence invariably pit China against the United States in a race for technological supremacy. If the key resource is data, then China, with its billion-plus citizens and lax protections against state surveillance, seems destined to win. Kai-Fu Lee, a famous computer scientist, has claimed that data is the new oil, and China the new OPEC. If superior technology is what provides the edge, however, then the United States, with its world class university system and talented workforce, still has a chance to come out ahead. For either country, pundits assume that superiority in AI will lead naturally to broader economic and military superiority.
READ THE STORY: Foreign Affairs
Lifting ban on North Korean media can only help the South Korean government
FROM THE MEDIA: (Poss. Propaganda) For many years, visiting a North Korean website from a South Korean IP address would prompt a serious-looking warning from ROK police explaining the website is blocked for containing illicit material. The ban on DPRK state media dates back to the division of Korea and was perhaps understandable at one time. South Korea was fighting a civil war for survival against a stronger opponent and cut access to hostile propaganda. This sort of censorship was enshrined in the controversial National Security Law, giving authorities broad power to punish anyone they saw as threatening the ROK state.
READ THE STORY: NKNEWS
Items of interest
The murky world of biometric engines
FROM THE MEDIA: Individuals are unknowingly at risk of becoming victims of deep fake scams or online stalking through seemingly innocuous activities, according to biometric security firm Daltrey. Participating in public events, or merely being a spectator, leaves individuals open to their image being uploaded into a biometric engine, a technology that is vastly more complex and powerful than a simple photo library.
Daltrey's CEO and co-founder Blair Crawford uses the popular annual City2Surf road running event held in Sydney each August as an example. According to Crawford, when the 60-odd thousand participants register and attend the event, their photos are taken and uploaded into the German-owned Sportograf facial recognition system.
“Each of the faces in the photos is subjected to a facial recognition system that maps their faces. This is the start of the issue, as people may not be aware that their images are being placed into such a system that is accessible by so many other people with so little protection. In addition, spectators’ images may unknowingly be captured in the background, uploaded and searchable, without the opportunity for them to consent,” Crawford said.
READ THE STORY: Technology Decisions
Why Was This Bitcoin Millionaire Digging Tunnels Under His House?Darknet Diaries Ep. 39(Video)
FROM THE MEDIA: A hacker by the handle "3 Alarm Lamp Scooter" became obsessed with cryptocurrency, explosives, and preparing for a dark future. So why was he blindfolding people so they could dig a network of tunnels under his father's home?
How To Gain Cell Phone Pin Numbers Remotely Using LockPhish And Kali Linux (Video)
FROM THE MEDIA: in this video I show you how to download and use the tool lockphish which is a pentesting tool for cyber security I'm not responsible for your actions with this knowledge these videos are for educational and entertainment purposes.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com