Friday, November 04, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
China’s Surveillance Eye on the African Continent
FROM THE MEDIA: Chinese investment in the African continent has witnessed a staggering upshoot in the past two decades. Infrastructural projects ranging from roadways, railways, ports, electricity hubs, fishing industries to telecommunication frameworks are quite rampant across the continent. Most of these projects seem to be financed through the Chinese developmental banks; yet the terms and conditions of these arrangements have been kept quite secretive leading to suspicion that they contain unfavorable provisions for the host nations.
READ THE STORY: Monitor
ASD reveals foreign state hackers hit Australian ‘energy provider’
FROM THE MEDIA: An “Australian energy provider” was hacked by a sophisticated state actor just days after a new exploit was revealed. The criminal was swiftly spotted and locked out before damage was done after authorities proactively prompted urgent checks in the critical infrastructure community to chase down threats. That’s the real-life picture of a day at work at the Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC), which has just released its 2022 Threat Report, an annual stocktake of malicious activity hitting Australia as well as global cyber diseases we’re likely to contract.
READ THE STORY: The Mandarin
Suspected Russian trolls use political cartoons to denigrate Democratic candidates as midterms approach
FROM THE MEDIA: Suspected Russian operatives have used far-right media platforms to denigrate Democratic candidates in Georgia, New York, Ohio and Pennsylvania in a renewed effort to influence voters in next week’s midterm elections, private researchers said Thursday. The alleged Russian influence operation included six political cartoons spread in the last week on a pro-Donald Trump online forum, according to social media analysis firm Graphika, which discovered the activity.
READ THE STORY: CNN
FIN7 Cybercrime Group Likely Behind Black Basta Ransomware Campaign
FROM THE MEDIA: FIN7, a financially motivated cybercrime organization that is estimated to have stolen well over $1.2 billion since surfacing in 2012, is behind Black Basta, one of this year's most prolific ransomware families. That's the conclusion of researchers at SentinelOne based on what they say are various similarities in the tactics, techniques, and procedures between the Black Basta campaign and previous FIN7 campaigns. That's the conclusion of researchers at SentinelOne based on what they say are various similarities in the tactics, techniques, and procedures between the Black Basta campaign and previous FIN7 campaigns. Among them are similarities in a tool for evading endpoint detection and response (EDR) products.
READ THE STORY: DarkReading // THN // The Cyberwire
APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations
FROM THE MEDIA: APT-36 (also known as Transparent Tribe) is an advanced persistent threat group attributed to Pakistan that primarily targets users working at Indian government organizations. Zscaler ThreatLabz has been closely monitoring the activities of this group throughout 2022. Our tracking efforts have yielded new intelligence about this APT group that has not previously been documented. APT-36 group is a Pakistan-based advanced persistent threat group which has specifically targeted employees of Indian government related organizations.
READ THE STORY: Security Boulevard
OPERA1ER hackers steal over $11 million from banks and telcos
FROM THE MEDIA: A threat group that researchers call OPERA1ER has stolen at least $11 million from banks and telecommunication service providers in Africa using off-the-shelf hacking tools. Between 2018 and 2022, the hackers launched more than 35 successful attacks, about a third of them carried out in 2020. Analysts at Group-IB, working with the CERT-CC department at Orange, have been tracking OPERA1ER since 2019 and noticed that the group changed its techniques, tactics, and procedures (TTPs) last year.
READ THE STORY: BleepingComputer
RomCom Weaponized KeePass and SolarWinds Instances to Target Ukraine, Maybe UK
FROM THE MEDIA: The threat actor known as RomCom has been weaponizing SolarWinds, KeePass and PDF Reader Pro instances in a series of new attack campaigns against targets in Ukraine and potentially the United Kingdom. The discovery comes from the BlackBerry Research & Intelligence Team, who published an advisory about RomCom on Wednesday. "While Ukraine still appears to be the primary target of this campaign, we believe some English-speaking countries are being targeted as well, including the United Kingdom," reads the document.
READ THE STORY: InfoSecMag // BleepingComputer // The Cyberwire
America’s National Security Is Dependent on Critical Rare Earth Minerals
FROM THE MEDIA: The U.S. is currently heading for a major national security train wreck. Bewildering environmental policies, energy plans detached from reality, and an incomprehensible practice of trusting China to provide critical components for both civilian and military technologies is an unsustainable trajectory. The administration has rejected fossil fuels, driving us commercially and across the defense industry toward electric vehicles. The problem is, China has a near-monopoly on the mining and refinement of rare earth minerals (such as lithium and cobalt) that are used in EV batteries. China also monopolizes the production of those same batteries.
READ THE STORY: Daily Signal
SocGholish Malware Campaign Infiltrates Major News Sites To Infect PCs
FROM THE MEDIA: Threat researchers at the cybersecurity firm Proofpoint have discovered an extensive malware campaign targeting readers of online news outlets. A threat actor tracked as TA569, also known as SocGholish, has managed to compromise the infrastructure of a media company that serves content to a large number of news publications. Proofpoint researchers have found SocGholish injecting malicious code into the Javascript codebase that pushes the company’s content to partnering news sites. Visitors to these sites may end up accidentally installing malware if they aren’t careful.
READ THE STORY: Hothardware // iTwire
Russia Cyber Director Warns No U.S. Cooperation Risks 'Mutual Destruction'
FROM THE MEDIA: The head of the Russian Foreign Ministry's cybersecurity division has warned that a failure for nations to establish rules of digital engagement could lead to real-world conflict and devastation. As the conclusion of the United Nations First Committee on Disarmament and International Security approached Friday, Moscow and Washington remained at odds over a range of issues, including efforts to find common ground on the use of information communication technologies (ICTs).
READ THE STORY: Newsweek // The Cyberwire
Privacy Protocol Elusiv Raises $3.5 Million in Seed Funding
FROM THE MEDIA: A zero-knowledge-oriented compliant privacy protocol, Elusiv, has secured $3.5 million in its seed funding round. LongHash and Staking Facilities Ventures led this round. The company stated in its press release that individual freedom relies on financial privacy, but privacy-maintaining technology requires practical compliance. Elusiv is gearing up to become the “backbone of the blockchain financial ecosystem.” The protocol aims to provide users and merchants with privacy while maintaining safety via low-trade-off compliance solutions. Moreover, Elusiv will make standard transactions private while allowing users to choose the transactions to make public.
READ THE STORY: HackRead
New Crimson Kingsnake gang impersonates law firms in BEC attacks
FROM THE MEDIA: A business email compromise (BEC) group named 'Crimson Kingsnake' has emerged, impersonating well-known international law firms to trick recipients into approving overdue invoice payments. The threat actors impersonate lawyers who are sending invoices for overdue payment of services supposedly provided to the recipient firm a year ago. This approach creates a solid basis for the BEC attack, as recipients may be intimidated when receiving emails from large law firms like the ones impersonated in the scams.
READ THE STORY: BleepingComputer
The Navy doesn’t know what to do with all its drone data
FROM THE MEDIA: A scout drone is a system for collecting information—an uncrewed flying machine with freedom of movement and the ability to get lost or even shot down. As the United States Navy plans for greater integration of drones in its operations, the way drones capture, store, and transfer data are all new avenues for risk. At two October 26 events, the Navy and the defense industry addressed the unique problems of drone data management in the fleet.
READ THE STORY: PopSci
Oreo Maker Settles With Insurer Over NotPetya Damages Claim
FROM THE MEDIA: A four year court battle over whether the NotPetya attack was, for insurance purposes, an act of war came to a close in a Chicago courtroom even as other legal fights over when a cyber incident is an act of war remain unresolved. Mondelez International - maker of Oreo cookies, Ritz crackers and Tang fruit-flavored powder - sued Zurich Insurance Group in 2018 after the underwriter refused the food manufacturer's claim under an all-risk property policy of at least $100 million in damages stemming from the malware wave.
READ THE STORY: BankInfoSec
Over 167,000 Stolen Credit Cards Exposed on POS Malware Server
FROM THE MEDIA: A threat Intelligence firm discovered point of sale (POS) malware command and control (C2) servers for two malware variants hosting over 167,000 payment records from stolen credit cards. The credit cards were stolen between February 2021 and September 8, 2022, from issuers primarily (97%) located in the United States. According to Group-IB researchers, the poorly configured server hosted an administrative panel for MajikPOS and Treasure Hunter malware.
READ THE STORY: CPO
LockBit ransomware claims attack on Continental automotive giant
FROM THE MEDIA: The LockBit ransomware gang has claimed responsibility for a cyberattack against the German multinational automotive group Continental. LockBit also allegedly stole some data from Continental's systems, and they are threatening to publish it on their data leak site if the company doesn't give in to their demands within the next 22 hours. The gang has yet to make any details available regarding what data it exfiltrated from Continental's network or when the breach occurred.
READ THE STORY: BleepingComputer
Buhler Versatile facing $35M breach of contract lawsuit from Australian farm equipment distributor
FROM THE MEDIA: A deal to ship Winnipeg-built tractors to Australia has resulted in a lawsuit alleging breach of contract, after Buhler Versatile Inc. decided to stop exports outside North America, according to a statement of claim filed in Manitoba's Court of Kings Bench. PFG Australia Pty Ltd., headquartered in a suburb of Melbourne, says Winnipeg-based Buhler Versatile knew the damage it would cause when it decided to halt shipments, according to court documents.
READ THE STORY: CBC
Hackers steal $420K from Port of Louisiana; the Mississippi River port is beefing up security
FROM THE MEDIA: The Louisiana state agency overseeing one of America's largest ports by volume suffered a cyber-attack in last year that cost it more than $420,000, a newly public audit has found. Auditors for the Port of South Louisiana said the cyber-attack led to the money being misappropriated. Port officials have been able to recoup about $250,000 through insurance and are filing paperwork to seek more reimbursement.
READ THE STORY: The Advocate
Alma radio telescope in Chile taken down by cyber attack
FROM THE MEDIA: One of the world’s most advanced radio telescopes is offline following a cyber attack and it’s not clear when scientific operations can begin again. The Atacama Large Millimeter/submillimeter Array (Alma) Observatory in Chile was struck by a cyber attack on 29 October, the Observatory said in a tweet on Wednesday. The attack hobbled the observatory’s computer systems and took both the observatory’s public website and its radio telescope antennas offline.
READ THE STORY: Yahoo // BleepingComputer
Ukraine government is seeking alternatives to Elon Musk’s Starlink, vice PM says
FROM THE MEDIA: The Ukrainian government is looking for alternatives to Starlink, the satellite internet arm of Elon Musk’s SpaceX, Vice Prime Minister Mykhailo Fedorov said Thursday. Musk’s continued support for Starlink in Ukraine was called into question last month when the billionaire said his space venture could no longer fund the operation in Ukraine “indefinitely.” He has since said he will continue to do so.
READ THE STORY: CNBC
Crime group hijacks hundreds of US news websites to push malware
FROM THE MEDIA: A cybercriminal group has compromised a media content provider to deploy malware on the websites of hundreds of news outlets in the U.S., according to cybersecurity company Proofpoint. The threat actors, tracked by Proofpoint as “TA569,” compromised the media organization to spread SocGholish, a custom malware active since at least 2018. The media company in question is not named, but was notified and is said to be investigating.
READ THE STORY: TechCrunch
Cyber Threat Landscape Shaped by Ukraine Conflict, ENISA Report Reveals
FROM THE MEDIA: The European Cybersecurity Agency (ENISA)’s threat landscape annual report 2022 is heavily influenced by the impact of the Russian invasion of Ukraine on the cyber landscape. Covering the period from July 2021 up to July 2022, the report was presented under the title Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape during the Prague Security Conference on November 3, 2022. “The geopolitical situations, particularly the Russian invasion of Ukraine, have acted as a game changer over the reporting period for the global cyber domain,” reads the report.
READ THE STORY: InfoSecMag
Espionage campaign loads VPN spyware on Android devices via social media
FROM THE MEDIA: In the SandStrike campaign, the APT set up Facebook and Instagram accounts with more than 1,000 followers to lure their victims. The campaign targets a religious minority, Baháʼí, followed in Iran and parts of the Middle East and Asia-Pacific. As of 2019, six countries in those regions banned the Baháʼí religion, according to the Pew Research Center. The campaign, though, serves as a warning, in particular, for social media and mobile users everywhere.
READ THE STORY: CSO
BLUE-CHECK HAVOC: Twitter Takeover Fuels a Media Meltdown
FROM THE MEDIA: On Halloween, the fifth day of Elon Musk’s ownership of Twitter, an email landed in the inboxes of people who subscribe to Substack’s company newsletter. “Twitter is changing, and it’s tough to predict what might be next,” the message began. “If you’ve been lucky enough to build a follower base on Twitter, and you’ve ever thought about forging a direct link with them that you control via email, now might be a good time to start a Substack.
READ THE STORY: VanityFair
A look at US Government counter-disinformation planning
FROM THE MEDIA: The US Cybersecurity and Infrastructure Security Agency (CISA) has withdrawn its plans for a Disinformation Governance Board that had been intended to lend the weight of the Federal Government to combating maliciously circulated error, but various approaches to content moderation continue to be mooted in Washington. The Intercept describes documents obtained in the course of a lawsuit filed by Missouri Attorney General Eric Schmitt.
READ THE STORY: The Cyberwire
Australia sees spike in cyber-attacks from Iranian, Russian state-linked groups
FROM THE MEDIA: Cyber-attacks against Australia from criminals and state-sponsored groups jumped last financial year, with a government report released on Friday equating the assault to one attack every seven minutes. The Australian Cyber Security Centre (ACSC) received 76,000 cybercrime reports last financial year, up 13 percent from the previous period, according to its latest annual cyber threat report.
READ THE STORY: Alarabiya
DOD Moves on Satellite Cyber Guidance After Russian Threats
FROM THE MEDIA: Upcoming cybersecurity guidance aims to safeguard U.S. commercial satellites against emerging cyber threats amid concerns foreign adversaries will target commercial satellites and cripple U.S. military operations and allies. The Space Systems Command (SSC) told GovCIO Media & Research that its Commercial Services Office (CSCO) will issue a 30-day request for information (RFI) by December outlining goals and requirements for potential industry candidates to participate in an upcoming pilot for the new satellite cybersecurity guidance.
READ THE STORY: GovCIO
US Department of Energy awards $15 million to electric cooperatives.
FROM THE MEDIA: National Rural Electric Cooperative Association (NRECA), an American trade association representing electric cooperatives that serve approximately 42 million Americans, has been awarded $15 million in cybersecurity funding from the Department of Energy. The money, Security Week explains, is intended to help the nearly nine hundred electric cooperatives represented by the NRECA to bolster their industrial control systems.
READ THE STORY: The Cyberwire
US Outlines Increased Sanctions on Foreign Parties Continuing To Transact With Russia Sanctions Targets
FROM THE MEDIA: The U.S. government issued guidance on October 14, 2022, emphasizing that the United States is “prepared to use its broad targeting authorities against non-U.S. persons” who continue to trade with Russia sanctions targets, particularly with private sector companies that support the Russian military. This guidance bolstered the government’s earlier pronouncement, issued by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC).
READ THE STORY: JDSUPRA
Robin Banks still might be robbing your bank
FROM THE MEDIA: Following our initial discovery and reporting on Robin Banks in late July, Cloudflare engineers swiftly marked Robin Banks domains as malicious, leading the platform to experience disruptions to operations. This in turn provided a three day window where no victims were phished. In response, the developers revised the phishing kit and actively made changes to Robin Banks attack infrastructure to be more resilient against takedowns. After being blacklisted by Cloudflare, Robin Banks relocated its front-end and back-end infrastructure to DDOS-GUARD, a well-known Russian provider that hosts various phishing sites and content for cybercriminals.
READ THE STORY: Security Boulevard
China buys up US technology to keep tabs on its citizens
FROM THE MEDIA: Chinese public security entities have been acquiring U.S. technology with the transfers becoming increasingly regular, especially of DNA analysis equipment needed for mass surveillance, a new report has found. The report ‘The Role of US Technology in China's Public Security System’ by the U.S. intelligence and security research Insikt Group revealed the sweeping extent of technology transfers from U.S. companies to Chinese companies to be used by the public security apparatus, including in the Xinjiang Uyghur Autonomous Region.
READ THE STORY: RFA
Hezbollah, Iranian oil smuggling network hit with sanctions
FROM THE MEDIA: The U.S. on Thursday imposed sanctions on a group of individuals, firms and vessels connected to an oil smuggling outfit said to benefit the Lebanese militant group Hezbollah and Iran's Revolutionary Guard. More than a dozen companies, six individuals and 11 vessels flagged from around the world — from Djibouti to Panama — are included in the sanctions package, for allegedly participating in a scheme that included blending and exporting sanctioned Iranian oil.
READ THE STORY: Yahoo
Multi-factor auth fatigue is real – and it's why you may be in the headlines next
FROM THE MEDIA: The September cyberattack on ride-hailing service Uber began when a criminal bought the stolen credentials of a company contractor on the dark web. The miscreant then repeatedly tried to log into the contractor's Uber account, triggering the two-factor login approval request that the contractor initially denied, blocking access. However, eventually the contractor accepted one of many push notifications, enabling the attacker to log into the account and get access to Uber's corporate network, systems, and data.
READ THE STORY: The Register
Items of interest
Tell-tale export data from Taiwan show US-China market power rebalancing
FROM THE MEDIA: Taiwan's electronic companies such as Foxconn, Pegatron, and Wistron used to produce more than 90% of the laptops in China. Many scholars say the outbreaks of trade war and pandemic have sparked the tech decoupling. Yet, recently released data on Taiwan's computer exports show that the US had already started to become a stronger magnet for tech products, driving the supply chain out of China years before the pandemic and trade war outbreaks.
Since Taiwan is the largest producer of personal computers, servers, and semiconductors, and many of its electronic manufacturing service (EMS) providers assemble Apple and Android smartphones in China and other Asian countries, its export data can serve as a window for the latest competition between the two giant powers.
READ THE STORY: Digitimes
Spycraft: Inside Secrets of Espionage and Surveillance (Video)
FROM THE MEDIA: This video is packed with inside secrets and action, including tailing anybody anywhere; brush passes, dead drops, marks and tricks; applying phone taps; bumper beepers, starlight scopes, parabolic mics, and more.
HAKC THE POLICE - DEF CON 27 Conference (Video)
FROM THE MEDIA: No, it is a cardigan, but thanks for noticing! After getting a nasty speeding ticket, OG SecKC HA/KC/ER hevnsnt decided enough was enough, and set out to fully understand police speed measurement devices, and develop homebrew countermeasures.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com