Friday, October 28, 2022 // (IG): BB // INTSUM // Coffee for Bob
West conducting cyber ‘sabotage’ on Russia, deputy foreign minister claims
FROM THE MEDIA: The United States and European Union are conducting a campaign of cyber “sabotage” against Russia, the country’s deputy foreign minister Oleg Syromolotov claimed on Thursday. Cyberattacks against Russian “information resources and infrastructure facilities have increased significantly,” he said, since the beginning of its invasion of Ukraine. Syromolotov, a former deputy director and counterintelligence chief for the FSB, told the state-owned news agency RIA Novosti “the countries of North America and the European Union” are to blame.
READ THE STORY: The Record
Russia threatens a retaliatory strike against US commercial satellites
FROM THE MEDIA: Russia has made some of its most provocative comments yet about Western commercial satellites, which have provided valuable imagery and communications data to Ukraine this year, suggesting they are appropriate wartime targets. In comments made Wednesday, a deputy director in Russia's foreign ministry, Konstantin Vorontsov, said the use of Western commercial satellites by Ukraine is "an extremely dangerous trend." While Vorontsov did not specifically name any satellites, he almost certainly was referring to SpaceX's Starlink satellite constellation, which has been used by Ukrainian soldiers for communications, and synthetic aperture radar satellites that have tracked Russian troop and tank movements.
READ THE STORY: arsTechnica // FOX10
Russia's anti-satellite threat tests laws of war in space
FROM THE MEDIA: A Russian official's threat this week to "strike" Western satellites aiding Ukraine highlights an untested area of international law, raising concerns among space lawyers and industry executives about the safety of objects in orbit. "Quasi-civilian infrastructure may be a legitimate target for a retaliatory strike," senior foreign ministry official Konstantin Vorontsov told the United Nations, reiterating Moscow's position that Western civilian and commercial satellites helping Ukrainian's war effort was "an extremely dangerous trend."
READ THE STORY: Reuters
Hijacked New York Post Site Highlights the 'Insider Threat'
FROM THE MEDIA: When a New York Post employee on Thursday hijacked the company’s website and Twitter Inc. account to post death threats, as well as racist and misogynistic headlines, it was just the latest example of a company insider abusing their access for their own gain. The Post fired the unnamed employee after headlines on the news site included offensive headlines, including calling for the assassination of some US leaders.
READ THE STORY: Bloomberg // Bleeping Computer
Subsea Cables Connecting Taiwan to U.S. at Risk
FROM THE MEDIA: Taiwan has 14 subsea cables -- many little wider than a garden hose -- stretching thousands of miles and directly linking Asian nations including China to the US and other parts of the world. That’s a vulnerability the island’s government, seeing any interruption as potentially destabilizing, wants to minimize. A disruption in a conflict with China could result in Taiwan getting cut off from the world, similar to what happened to the Pacific Island nation of Tonga earlier this year when a volcanic eruption left it without internet access for more than a month.
READ THE STORY: DataCenter Knowledge
Americans should be ready — and watching — for Russian meddling in the midterms and beyond
FROM THE MEDIA: The midterms are less than two weeks away and in addition to Chinese influence operations, Russia is unlikely to sit this one out, either. Considering the Russian President Vladimir Putin’s threats against the West, it is unlikely that Moscow will waive an opportunity to undermine the U.S. during this election season. A combination of cyber operations, more disruptive cyberattacks in coordination with alleged hacktivists and disinformation spread through official accounts are among the activities Russia could aim at the U.S.
READ THE STORY: CyberScoop
Biden now wants to toughen up chemical sector's cybersecurity
FROM THE MEDIA: The White House is adding the chemical sector to a program launched last year to improve cybersecurity capabilities within America's critical infrastructure industries. The addition makes chemical facilities and manufacturers the fourth sector under the Biden Administration's Industrial Control Systems (ICS) Cybersecurity Initiative, which rolled out in July 2021 following the ransomware attack on Colonial Pipeline that disrupted oil distribution primarily in the southeastern United States.
READ THE STORY: The Register
Eternity’s LilithBot, Soon Available to Regular Internet Users
FROM THE MEDIA: Eternity, also known as the “EternityTeam” or “Eternity Project,” has been active since January 2022 and tied to the Jester Group. It gained infamy for using the as-a-service subscription model to distribute its own brand of malware modules via underground forums. These modules typically include a stealer, a miner, a botnet, a ransomware, a worm-and-dropper combination, and a distributed denial-of-service (DDoS) bot.
READ THE STORY: CircleID
The (so-far) unrealized potential of deepfakes
FROM THE MEDIA: Deepfakes, the realistic and thoroughly convincing fabrication of imagery, video, and audio that fakes the identity of some person in ways that are difficult to detect, have aroused concern recently. They seem to open the prospect of extraordinarily effective disinformation and social engineering campaigns. They're not there yet, but they've already made their appearance in advertising, and nation-state influence operations are just marketing in battledress.
READ THE STORY: The Cyberwire
Twilio discloses another hack from June, blames voice phishing
FROM THE MEDIA: Cloud communications company Twilio disclosed a new data breach stemming from a June 2022 security incident where the same attackers behind the August hack accessed some customers' information. Twilio says this was a "brief security incident" on June 29. The attacker used social engineering to trick an employee into handing over their credentials in a voice phishing attack.
READ THE STORY: Bleeping Computer
BlackCat ransomware gang claims attack on Ecuador’s Army
FROM THE MEDIA: Russian ransomware gang BlackCat claims to have hacked Ecuador’s army, posting data from a military agency on its victim blog. If confirmed, it will be the latest in a spate of attacks on government departments in South American countries, which have been noted for often having poor cyber defenses. BlackCat, also known as ALPHV posted the claims about the Ecuadorian Joint Command of the Armed Forces last night. It is part of the nation’s Ministry of Defense.
READ THE STORY: Techmonitor
Denazification becomes desatanization
FROM THE MEDIA: TASS is authorized to disclose that Ukraine is full of cults, mostly Satanic in nature, and that a principal aim of Russia's special military operation is to purge Ukraine of Satanic influence. The report calls out the Church of Satan as particularly large and influential. The report of Satanic control of Ukraine has been up-and-down in TASS's feeds, and seems to have disappeared from the state news outlet's English-language service, but Vice has a report that preserves the essentials.
READ THE STORY: The Cyberwire
FBI probing former CIA officer's spying for World Cup host Qatar
FROM THE MEDIA: A former CIA officer who spied on Qatar’s rivals to help the tiny Arab country land this year’s World Cup is now under FBI scrutiny and newly obtained documents show he offered clandestine services that went beyond soccer to try to influence U.S. policy, an Associated Press investigation found. The monthslong FBI probe focuses on whether Kevin Chalker’s work for Qatar broke laws related to foreign lobbying, surveillance and exporting sensitive technologies and tradecraft, said two people with knowledge of the investigation who requested anonymity because they weren’t authorized to discuss it.
READ THE STORY: Arkansas Democrat Gazette
Ukrainian military targeted with RomCom RAT in new spear-phishing campaign
FROM THE MEDIA: Ukrainian military entities are being targeted by a spear-phishing campaign spreading the RomCom remote access trojan since Oct. 21, The Hacker News reports. While the unknown threat actor behind RomCom RAT previously impersonated the Advanced IP Scanner app, the latest campaign involved spoofing the pdfFiller app to spread the trojan malware, according to a BlackBerry report.
READ THE STORY: SCMAG
Chinese Disinfo Campaign Targeting US Midterm Elections
FROM THE MEDIA: A Chinese threat actor is targeting the U.S. midterm elections by using fake social media accounts to dissuade Americans from voting. Researchers from Mandiant say an influence campaign promoting the political interests of Beijing that's been active since at least 2019 has lately taken to posting social media content casting doubt on voting's efficacy and invoking the prospect of "civil war." Mandiant dubs the campaign Dragonbridge. Partisan dominance over the U.S. Congress for the next two years - it's currently controlled by Democrats with a very slim majority – hinges on the outcome of nationwide voting that concludes on Nov. 8
READ THE STORY: GovInfoSec // Security Boulevard
Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs
FROM THE MEDIA: Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin payload-related alert in the last 30 days. The experts noticed that threat actors tracked as DEV-0950 used Clop ransomware to encrypt the network of organizations previously infected with the worm. In October 2022, the malware was used in post-compromise activity attributed to another actor, DEV-0950 (which overlaps with FIN11/TA505 cybercrime gang).
READ THE STORY: Security Affairs // Bleeping Computer
Russian hackers attack Israeli parliament’s website
FROM THE MEDIA: The Kremlin-linked Russian hacking group XakNet has claimed responsibility for a DDoS cyber attack on the Israeli parliament’s (Knesset) website in revenge for Israel providing intelligence information on Iranian drones to Ukraine, the Israel Today website reported on Thursday. Knesset staff identified the attack on Sunday night and quickly restored the website to full functionality, Israel Today stated.
READ THE STORY: TVP World
FCC proposes 72-hour breach reporting timeline for emergency alert system participants
FROM THE MEDIA: The Federal Communications Commission on Thursday proposed rules that would require companies such as broadcasters and cable providers that participate in public alert systems to report cyber breach incidents that affect certain equipment within 72 hours. The FCC’s notice of proposed rulemaking, FCC 22-82, was approved on a bipartisan basis by all of the agency’s commissioners and is intended to improve the operational readiness and security of the country’s public alert and warning systems, the Emergency Alert System and Wireless Emergency Alerts.
READ THE STORY: Fedscoop
How data analytics helped a California police department shave a year off an investigation
FROM THE MEDIA: Nearly two-thirds (63%) of law enforcement cases now include digital evidence as part of the investigation, according to recent industry figures. Yet, it can take days or weeks for investigators to properly process and analyze the digital breadcrumbs on a single smart phone. Stringing together clues from an individual’s digital accounts — and making a case that can stand up in court — can take months or even years.
READ THE STORY: Statescoop
Active Directory Forest Recovery Introduces New OS Provisioning Tool
FROM THE MEDIA: Even after more than 20 years of service, Active Directory (AD) remains one of the most critical components of the typical enterprise’s IT infrastructure. AD is easy for users to take for granted when it is working. However, in the event of an attack, its criticality to business operations can become painfully clear. When security attacks occur, every second that ticks away before the threat is contained and remediated and systems are restored represents a hit to the business.
READ THE STORY: Security Boulevard
Advanced Persistent Threat (APT) Groups: What Are They and Where Are They Found
FROM THE MEDIA: An Advanced Persistent Threat (APT) is a malicious actor who possesses extraordinary skill and resources—enabling them to infiltrate and exfiltrate an organizations’ network. APTs use a variety of techniques, tactics, and tools—such as highly-targeted social engineering attacks, ransomware, vulnerability exploits, and zero-days to accomplish their illicit objectives. While some threat actors work alone, multiple government authorities such as the Cybersecurity and Infrastructure Security Agency (CISA) have linked attacks to APT groups—with some having ties to specific nation-states who use them to further their country’s interests.
READ THE STORY: Security Boulevard
Researchers Expose Over 80 ShadowPad Malware C2 Servers
FROM THE MEDIA: As many as 85 command-and-control (C2) servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit (TAU), which studied three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for C2 communications. ShadowPad, seen as a successor to PlugX, is a modular malware platform privately shared among multiple Chinese state-sponsored actors since 2015.
READ THE STORY: THN
TheTruthSpy: a global stalkerware network
FROM THE MEDIA: TechCrunch has been investigating a massive stalkerware operation embedded in a bevy of Android apps including TheTruthSpy, Copy9, and MxSpy. Now, TechCrunch reports, a source has shared a cache of tens of gigabytes of data dumped from the stalkerware’s servers that includes the operation’s core database and detailed records on every device targeted by TheTruthSpy’s stalkerware apps since 2019.
READ THE STORY: The Cyberwire
Trojans being spread through scanners
FROM THE MEDIA: Scanners are being used to send Trojans, Avanan says in a report released today. Discussed in the report are the attack itself, the techniques, and the best practices recommended by Avanan. The hackers are using spoofed scanner notification emails to send malicious files. The example email was titled “Commission Receipt” and may attract people to click as they think they are getting a paycheck. Check Point research identified the attachment and verified that there is a Trojan. The file, if clicked, would attempt to take over the end-user’s computer.
READ THE STORY: The Cyberwire
How China Boosts Iran’s Digital Crackdown
FROM THE MEDIA: Ongoing protests in Iran have been nothing short of an existential challenge to the Iranian regime’s legitimacy and its hold on power. This is chiefly so because schoolchildren and teenagers have been playing a leading role in keeping the momentum, which, in turn, has made it more difficult for the regime to apply its usual method of mass suppression and brute force.
READ THE STORY: The Diplomat
The US Should Steal China’s Regional Cooperation IP
FROM THE MEDIA: Chinese President Xi Jinping’s defiant reaffirmation of China’s push for technological independence and even dominance in his 20th Communist Party Congress speech, matched by US bans on semiconductor and equipment sales, are just the latest escalations in a decoupling contest between the world’s two biggest economies. The first cracks are appearing. More will follow. Yet US workers and the US economy more broadly may not benefit as much as they could from the global supply chain reshuffle.
READ THE STORY: CFR
Elon Musk vows not to turn Twitter into ‘free-for-all hellscape’
FROM THE MEDIA: Elon Musk has said he does not want Twitter to become a “free-for-all hellscape”, appearing to row back on comments he previously made about liberating free speech on the social media platform ahead of his deal closing on Friday. “Twitter obviously cannot become a free-for-all hellscape where anything can be said with no consequences!,” he wrote in a post on Twitter on Thursday titled “Dear Twitter Advertisers”.
READ THE STORY: FT
Items of interest
Are Boomers To Blame For The Shipping And Supply Chain Crisis
FROM THE MEDIA: OPED by Captain John Konrad (gCaptain) Container shipping stocks are collapsing as rates and demand for many cargo segments continue to rise. Recession fears are growing almost as much as new job listings. Inflation is spiraling while trucking rates collapse. China decides to print more money as the US Federal Reserve raises rates. Labor negotiations have ground to a halt. The US Navy watches as mines continue to drift around the Black Sea and does nothing to protect seafarers risking their lives to navigate ships loaded with Ukraine grain.
READ THE STORY: gCaptain
Hardware Hacking & FPGAs with Colin O'Flynn (Video)
FROM THE MEDIA: On the next episode of the Teardown Sessions we will be talking with Colin O'Flynn, renowned embedded security expert and creator of ChipWhisperer-Husky. We will be talking about hardware attacks, tear-downs, and FPGAs. Join us live to ask questions and win mystery hardware.
Hijacking and Murder in Global Shipping’s Grim Underbelly (Video)
FROM THE MEDIA: In July 2011, the oil tanker Brillante Virtuoso was drifting through the treacherous Gulf of Aden when a crew of pirates attacked and set her ablaze. When David Mockett, a maritime surveyor, inspected the vessel, he was left with more questions than answers. Soon after his inspection, Mockett was killed in a car bombing.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com