Friday, November 11, 2022 // (IG): BB // Bubba3dPrints // Coffee for Bob
China expands use of cyber repression to control population
FROM THE MEDIA: China is using cyberattacks, influence operations and mass data theft to extend repressive authoritarian controls over its population and throughout the world, according to a newly declassified U.S. intelligence report. The 2020 report by the National Intelligence Council, an analysis unit, identified China as a leader among the world’s authoritarian states in employing “digital authoritarianism” as a means of ensuring political control at home and meddling in other countries. As part of the anti-U.S. targeting, “Chinese intelligence officials analyzed multiple U.S. states’ … election voter registration data,” the report said.
READ THE STORY: Washington Times
Spyware targets Uyghurs by ‘masquerading’ as Android apps
FROM THE MEDIA: Cybersecurity researchers have discovered a spyware campaign that is targeting Uyghurs by “masquerading” as Android apps including messaging services, prayer time apps and dictionaries, according to a new report by the cloud security firm Lookout. The spyware, which researchers say is connected to a Chinese government-backed hacking group, can be used to track people who use services that may be considered a “pre-crime” or are seen by China as indications that someone is engaging in or will engage in religious extremist or separatist activities.
READ THE STORY: The Guardian // Barron’s // WIONEWS
Tracking methane from space could be key to helping slow global warming
FROM THE MEDIA: Satellites orbiting Earth are providing data to precisely point scientists, companies and governments to sources of methane — a strong greenhouse gas. Cutting methane emissions could help to slow global warming in the next few decades. But efforts to reduce methane hinge on knowing where and how much of the gas is being emitted — and whether companies and governments are responding. Cutting methane emissions is high on the agenda at this week's UN COP27 climate summit in Sharm el-Sheikh, Egypt.
READ THE STORY: AXIOS // ABCNEWS
Microsoft attributes ‘Prestige’ ransomware attacks on Ukraine and Poland to Russian group
FROM THE MEDIA: Microsoft officially attributed cyberattacks featuring the ‘Prestige’ ransomware to a hacking group based in Russia called Iridium. The ransomware was used in a series of attacks targeting the transportation and logistics sectors in Ukraine and Poland last month, according to a blog post released by Microsoft at the time. “As of November 2022, MSTIC assesses that IRIDIUM very likely executed the Prestige ransomware-style attack. IRIDIUM is a Russia-based threat actor tracked by Microsoft, publicly overlapping with Sandworm, that has been consistently active in the war in Ukraine and has been linked to destructive attacks since the start of the war,” the tech giant said on Thursday.
READ THE STORY: The Record // Security Affairs // Bleeping Computer // CS
Russian hacker spreading LockBit ransomware arrested in Canada
FROM THE MEDIA: The US Department of Justice arrested a Canadian Citizen born in Russia for spreading Lockbit ransomware. Michael Vasiliev, a 32-year-old, was arrested by the law enforcement department and will soon be extradited to the United States for further prosecution. Details are in that the arrest was made after a 2-3 years long investigation concluded and Mr. Vasilev was found guilty of malware spread and wealth creation illegally. Lisa O Monaco, the Deputy Attorney General, announced the arrest as a victory to the department of justice and added that it should act as a warning sign to all those indulging in cyber-crime.
READ THE STORY: CyberSecurityInsiders // VOA // Windsor Star // DoJ
Royal Mail down: Tracking unavailable as outage exceeds 24 hours
FROM THE MEDIA: Royal Mail, UK's leading mail delivery service, has been experiencing ongoing outages with its online tracking services down for more than 24 hours at the time of writing. With Royal Mail's Track & Trace website offline, British residents are unable to track their parcels, letters and mail deliveries. BleepingComputer has been monitoring the ongoing outage at Royal Mail that has now exceeded 24 hours.
READ THE STORY: Bleeping Computer
Russia’s Sway Over Criminal Ransomware Gangs Is Coming Into Focus
FROM THE MEDIA: Russia-based ransomware gangs are some of the most prolific and aggressive, in part thanks to an apparent safe harbor the Russian government extends to them. The Kremlin doesn't cooperate with international ransomware investigations and typically declines to prosecute cybercriminals operating in the country so long as they don't attack domestic targets. A long-standing question, though, is whether these financially motivated hackers ever receive directives from the Russian government and to what extent the gangs are connected to the Kremlin's offensive hacking. The answer is starting to become clearer.
READ THE STORY: Wired
Cyberwar and Cybercrime Go Hand in Hand
FROM THE MEDIA: Cybersecurity professionals have long discussed the notion that future conflicts will no longer be fought just on a physical battlefield, but in the digital space as well. Although recent conflicts show that the physical battlefield isn't going anywhere soon, we are also seeing more state-backed cyberattacks than ever before. It is therefore vital that businesses, individuals, and governments ensure they are prepared for an attack. In the digital battleground it isn't just soldiers being targeted — everyone is in the line of fire.
READ THE STORY: DarkReading
White House cyber official advocates nimbler NATO to confront digital threats
FROM THE MEDIA: A top White House cyber official spoke at a NATO meeting in Rome Thursday, convening with allies to hone plans for rapidly responding to nation-state hacks and other digital threats. Thursday’s meeting follows a June commitment from officials representing 30 NATO countries to significantly boost NATO’s cyber defenses as an alliance and at the national level.
READ THE STORY: Cyberscoop
New APT41 subgroup identified
FROM THE MEDIA: Researchers at Trend Micro have identified a new subgroup of APT41, the threat actor associated with the Chinese government. They're calling the group "Earth Longzhi," an attribute two long-running campaigns to it. "Since it first started being active in 2020, Earth Longzhi’s long-running campaign can be divided into two based on the range of time and toolset. During its first campaign deployed from 2020 to 2021, Earth Longzhi targeted the government, infrastructure, and health industries in Taiwan and the banking sector in China.
READ THE STORY: The Cyberwire
FSB-linked hacker group disguises as Ukrainian officials to spread malware
FROM THE MEDIA: Ukraine's Computer Emergency Response Team (CERT) detected a large number of emails containing malicious links. Following the malicious link triggers malware – most commonly data-stealing malware – download. Phishing emails are being spread using @mail.gov.ua. "It means that the criminals are getting increasingly scrupulous in disguising themselves as Ukrainian public officials," CERT-UA said. It assesses that Armageddon (UAC-0010) is behind the campaign. This hacking group is associated with Russia's Federal Security Service (FSB).
READ THE STORY: Cybernews // CIP
New malware leaves victims anywhere but on Cloud9
FROM THE MEDIA: Researchers at security firm Zimperium have discovered a previously undocumented malware strain that masquerades as an extension for Chromium-based web browsers. Dubbed Cloud9, the malicious extension not only steals the user’s data by harvesting cookies, clipboard data, and keystrokes, but it can also assume complete control over a compromised machine, enlisting it into a botnet to mine crypto and even carry out DDoS attacks.
READ THE STORY: The Cybernews
Worok hackers hide new malware in PNGs using steganography
FROM THE MEDIA: A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms. This has been confirmed by researchers at Avast, who built upon the findings of ESET, the first to spot and report on Worok's activity in early September 2022. ESET warned that Worok targeted high-profile victims, including government entities in the Middle East, Southeast Asia, and South Africa, but their visibility into the group's attack chain was limited.
READ THE STORY: Bleeping Computer
New phishing campaign posing as Spain's Tax Agency
FROM THE MEDIA: Never click on any links in emails, SMS, and messaging platforms – especially if the message urges you to take some immediate action. There’s a brand new phishing campaign on the run in Spain that poses as the Spanish Tax Agency, Agencia Tributaria. The phishing attempt starts out via a fraudulent SMS that notifies victims of a supposed reimbursement that they qualify for. According to the SMS, all they need to do to receive the reimbursement is to fill out a form on the agency's website.
READ THE STORY: Avast
This random image is spreading a malicious PyPl package using GitHub
FROM THE MEDIA: Cybersecurity researchers from Check Point Research (CPR) have discovered a new malicious package on PyPI, the code repository for the Python programming language which uses an image to deliver a Trojan malware, largely using GitHub. The threat actors behind this new campaign hope that while searching the web for legitimate projects, Python developers will, sooner or later, come across ‘apicolor’.
READ THE STORY: TechRadar
Spinning combat failure
FROM THE MEDIA: The Telegraph, citing Ukrainian sources, said this week that "hundreds" of Russian troops were being killed daily. Enemy casualties are notoriously difficult to assess with any accuracy, particularly in near-real time, and high estimates should be treated with caution, but the Ukrainian claims received some partial confirmation from Russian sources. The Washington Post reports that Russian hard-war advocates (who've recently been excoriating some Russian senior regular army leaders as soft and inept) are repeating soldier complaints in letters home of high casualties and poor leadership.
READ THE STORY: The Cyberwire
Ukraine will seek help from allies to finance Starlink service if SpaceX demands payment
FROM THE MEDIA: Ukraine will ask its foreign partners for help in funding Starlink satellite internet systems currently being provided for free by SpaceX if the company begins to demand payment, Ukraine's defence minister told Reuters on Thursday. "We will try to find the funds. (We) have partners in different countries. We will ask them to help us, to assist us with finance aid also," Defence Minister Oleksii Reznikov said in an interview, when asked if Kyiv would cover the costs if SpaceX asked for payment.
READ THE STORY: Yahoo News // News.am
Iranian press review: Satellite-carrying rockets have military purposes, hints IRGC commander
FROM THE MEDIA: The commander of Iran's Passive Defense Organization Brigadier General Mohammad Hossein Jalali has signaled that the successful test flight of a rocket capable of propelling satellites into space was part of the country's military program. The Ghaem 100, Iran's first three-stage launch vehicle, will be able to place satellites weighing 80 kg in an orbit 500 km (300 miles) from the earth's surface, IRNA said last week.
READ THE STORY: Middle East Eye
China, Cambodia to Crack Down on Online Gambling, Telecom Scams
FROM THE MEDIA: China and Cambodia will deepen law enforcement cooperation to crack down on human trafficking, online gambling and telecommunications scams that have taken hold in the Southeast Asian nation. Cambodia has become a haven for cyber slavery crimes with traffickers originating from China drawing widespread attention from rights groups for luring victims from throughout Asia.
READ THE STORY: Bloomberg
Why Chinese Critics Are Worried About Twitter Under Elon Musk
FROM THE MEDIA: Li had had 54 accounts on the Chinese social media site Weibo, and they all got shut down one way or another. His posts often triggered the country’s strict censors: One drew attention to the shocking case of a chained mother of eight in eastern China; another petitioned for families of trafficking victims. Eventually he gave up. “I had no other alternative, so I turned to Twitter,” Li told VICE World News from Italy, where he is now based. He requested the use of only his surname to avoid potential retaliation by the Chinese government, which has previously gone after Chinese nationals who criticized the country on Twitter and Facebook, services that are blocked in China.
READ THE STORY: VICE
Mafia-style ransom gangs don’t need to be tech-smart, warns veteran analyst
FROM THE MEDIA: Chester Wisniewski, a principal research scientist at cyber-watchdog Sophos, probably doesn’t need to worry about job security. He works to help companies resist the onslaught of cyberattacks from ransom-hungry criminals. And those attacks just keep on coming. UK car dealer Pendragon was allegedly hit by a ransomware attack last month, with rumors swirling in early November that multinational Continental also fell victim. Both are said to have fallen foul of cyberattacks mounted by LockBit, arguably the most notorious ransom gang of all.
READ THE STORY: Cybernews
White House says Biden to discuss cyber threat from North Korea with South Korean leader
FROM THE MEDIA: U.S. President Joe Biden will discuss with his South Korean counterpart Yoon Suk-Yeol the broader threat posed by North Korea in the cyber domain during an upcoming trip to Asia, U.S. National Security Advisor Jake Sullivan said on Thursday. Speaking at a White House briefing, Sullivan said Washington remained concerned about the possibility of North Korea conducting another nuclear test.
READ THE STORY: Reuters
US Health Dept warns of Venus ransomware targeting healthcare orgs
FROM THE MEDIA: The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks are also targeting the country's healthcare organizations. In an analyst note issued by the Health Sector Cybersecurity Coordination Center (HC3), HHS' security team also mentions that it knows about at least one incident where Venus ransomware was deployed on the networks of a U.S. healthcare org.
READ THE STORY: Bleeping Computer
A bug in ABB Totalflow flow computers exposed oil and gas companies to attack
FROM THE MEDIA: Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. The critical systems are widely used by oil and gas organizations worldwide. The vulnerability, CVE-2022-0902 (CVSS score: 8.1), is a path-traversal issue that can be exploited by an attacker to inject and execute arbitrary code.
READ THE STORY: Security Boulevard
India-Pakistan Relations in the Cyber World
FROM THE MEDIA: A number of issues have strained the relationship between India and Pakistan including social, political, economic, and military that resulted in war, and cross border provocation both physical and in the cyber dimension. The Kashmir issue further intensified the already hostile relationship. In contemporary times, cyber played an important role between India and Pakistan, as both prefer to utilize cyber to win small-scale advantages.
READ THE STORY: GVS
Balancing Security Automation and the Human Element
FROM THE MEDIA: There are two recurring themes in security that we continue to discuss, debate and, quite frankly, struggle with—automation and the talent gap. I’ve written about both topics from many angles and now, as the industry becomes more focused on automation as a cornerstone of effective security, the secret to making meaningful progress in both areas is to leverage the symbiotic relationship between them. In other words, using automation to make your people more efficient, and using your people to make automation more effective.
READ THE STORY: Security Week
Greece bans spyware, Belarus ramps up web surveillance, and Twitter deepens its Saudi ties
FROM THE MEDIA: Greece will ban the sale of spyware, according to Prime Minister Kyriakos Mitsotakis. The announcement comes as new details emerge about journalists and an opposition party leader who were targeted with Predator, a mobile surveillance software manufactured by the North Macedonian company Cytrox. Mitsotakis claims Greece will be the first country to enact substantive and effective legislation to explicitly ban such surveillance tech.
READ THE STORY: .coda
Google says surveillance vendor targeted Samsung phones with zero-days
FROM THE MEDIA: Google says it has evidence that a commercial surveillance vendor was exploiting three zero-day security vulnerabilities found in newer Samsung smartphones. The vulnerabilities, discovered in Samsung’s custom-built software, were used together as part of an exploit chain to target Samsung phones running Android. The chained vulnerabilities allow an attacker to gain kernel read and write privileges as the root user, and ultimately expose a device’s data.
READ THE STORY: TechCrunch
An Untrustworthy TLS Certificate in Browsers
FROM THE MEDIA: Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding users to them seamlessly. The company’s Panamanian registration records show that it has the identical slate of officers, agents and partners as a spyware maker identified this year as an affiliate of Arizona-based Packet Forensics, which public contracting records and company documents show has sold communication interception services to U.S. government agencies for more than a decade.
READ THE STORY: Security Boulevard
Peak traffic on Ledger left users unable to move crypto
FROM THE MEDIA: As Sam Bankman-Fried’s crypto exchange FTX faces bankruptcy, users are scrambling to move cryptocurrency to cold wallets like Ledger and Trezor — but due to a sudden surge in traffic, Ledger experienced ‘downgraded server performance’ which left users unable to send or withdraw funds. Ledger chief tech officer Charles Guillemet told Cointelegraph that since users often leave devices alone for long periods of time, the amount of users needing to upgrade software on Wednesday led to an “unusual load on the device manager service.”
READ THE STORY: Protos
Items of interest
Byte, With, and Through: How Special Operations and Cyber Command can Support each Other
FROM THE MEDIA: At first glance, special operations and cyber operations may seem worlds apart from each other. However, Special Operations Command and Cyber Command share global areas of responsibility with missions that span the gap between peacetime and war. The Department of Defense is already taking incremental steps to combine special operations forces and cyber capabilities. On a site visit to Afghanistan in 2019, former Special Operations Command commander General Richard Clarke noted that 60 percent of the special operations community’s focus was now on “working in the information space,” a dramatic change from the 90 percent focus on kinetic operations he observed between 2002-2011.
READ THE STORY: War on The Rocks
Hacking a Samsung Galaxy for $6,000,000 in Bitcoin (Video)
FROM THE MEDIA: With the promise of up to $6 million worth of Bitcoin locked on this Samsung Galaxy phone, it was a challenge we couldn't refuse.
Dave interviews Joe Grand on his Trezor Crypto Wallet Hack interview from WNWS (Video)
FROM THE MEDIA: L0pht hacker group back in the day spent 3 months hacking the Trezor wallet.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com