Sunday, January 08, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
Moldovaʼs government hit by flood of phishing attacks
FROM THE MEDIA: Moldova’s government institutions have been hit by a wave of phishing attacks — the latest cyber assault on the country since it pledged support for Ukraine in its defense against Russia. Hackers have sent more than 1,330 emails to accounts belonging to the country’s state services, Moldova’s cybersecurity regulator announced on Thursday. In one campaign, emails contained a message about the alleged expiration of the .md government domain and instructed users to follow a malicious link leading to a fake payment page to renew it. The phishing emails were sent on behalf of the website hosting company Alexhost, according to email samples published on the Moldovan Information Technology and Cyber Security Service (STISC) website.
READ THE STORY: The Record
Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
FROM THE MEDIA: The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity malware called ANDROMEDA (aka Gamarue) that was uploaded to VirusTotal in 2013. "UNC4210 re-registered at least three expired ANDROMEDA command-and-control (C2) domains and began profiling victims to selectively deploy KOPILUWAK and QUIETCANARY in September 2022," Mandiant researchers said in an analysis published last week.
READ THE STORY: THN
Blind Eagle Hacker Group Launching Indiscriminate Attacks Using Powerful Toolset
FROM THE MEDIA: There have been reports that an organized threat actor, known as Blind Eagle (tracked as APT-C-36), has re-appeared again with a refined toolset and one of the most elaborate infection chains in the history of cyberattacks targeting Colombian and Ecuadorian organizations. Blind Eagle is a Spanish-speaking hacker group and recently researchers at Check Point uncovered the group’s latest: Tactics and techniques, Powerful Tools and Government-themed lures. As of 2018, Blind Eagle has been attacking indiscriminately South American nations due to its narrow geographical focus. In September 2021, Trend Micro published a document documenting the activities of the Blind Eagle group.
READ THE STORY: GBhackers
Charlie Hebdo website hacked after cartoons insulting Islamist Iranian Regime
FROM THE MEDIA: Almost exactly eight years to the day after the Islamist terror attack that claimed the lives of twelve Charlie Hebdo employees, the French magazine allegedly suffered a cyber attack after it released more cartoons mocking Iran’s Supreme Leader Ayatollah Ali Khamenei and the Islamist regime in Tehran’s treatment of women. The Paris prosecutor’s office opened an investigation into the hack of the website on Thursday, telling the AFP: “An investigation was opened today of managers of fraudulent access to an automated data processing system.” The investigation will also look into fraudulent maintenance, fraudulent data modification, fraudulent data extraction, and the obstruction of operating the site, the prosecutor’s office added.
READ THE STORY: Breitbart
India’s cyber espionage campaign
FROM THE MEDIA: On September 17, 2021, Forbes unveiled some shocking facts. In the era of digital modernization, cyber-attacks are the most common tool used by hackers to steal classified information of a government, institution, and the public. India’s use of nefarious tactics to establish its presence in the region is nothing new. However, it is an open secret that all the countries in the region are aware of this and have expressed their concerns in various international forums. In this connection, the worst affected countries are Pakistan and China. They have repeatedly provided details to the international community and organisations with evidence of India’s nefarious intentions and high-handed tactics. It is pertinent to note that China’s case is different from Pakistan’s since China has become such a substantial economic and defense power that India cannot compete with it.
READ THE STORY: Nation (PK)
China’s chip industry is struggling
FROM THE MEDIA: China is entering the new year with its tech ambitions under a Covid cloud. The enormous cost of the now abandoned zero-Covid policy has badly strained government finances, and the communist party’s pledge to build a world-beating chip industry, already reeling from American sanctions, is falling victim to the familiar ills of cost, waste and corruption. A much hyped one trillion yuan ($145 billion) investment plan is reportedly on hold. Costly subsidies have born little fruit but they have encouraged graft and provoked sanctions. As a result, government officials are looking at alternative ways of encouraging growth in the semi-conductor industry, according to Bloomberg. Xi Jinping has pledged that China will ‘resolutely win the battle in key core technologies’, and a domestic semi-conductor industry is fundamental to that ambition.
READ THE STORY: The Spectator
Russian Hackers Reportedly Targeted US Nuclear Research Labs: Here's How They Tried Tricking Scientists
FROM THE MEDIA: A group of Russian hackers reportedly targeted three U.S. nuclear research laboratories in the summer of 2022. The Russian group Cold River carried out a phishing campaign against scientists at the Brookhaven, Argonne, and Lawrence Livermore National Laboratories to obtain passwords, Reuters reports. According to the report, hackers created fake login pages for the laboratories and contacted nuclear scientists to try to trick them into revealing their passwords. "This is one of the most important hacking groups you've never heard of," Reuters quoted Adam Meyers, senior vice president of intelligence at U.S. cybersecurity firm CrowdStrike saying. "They are involved in directly supporting Kremlin information operations." Cold River hacked into and leaked emails belonging to the former head of Britain's MI6 spy service in 2022 and targeted Britain's foreign ministry in 2016.
READ THE STORY: Yahoo Finance
Are Cyber Attacks at Risk of Becoming ‘Uninsurable’
FROM THE MEDIA: Back near the end of December 2022, Mario Greco, chief executive at insurer Zurich, told the Financial Times that cyber attacks are set to become “uninsurable.” As you might expect, these comments have set off global alarm bells. First, what did the Zurich Insurance Group CEO say? Greco’s comments to the Financial Times were widely reported all over the world. Here is an excerpt of that article: “The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become ‘uninsurable’ as the disruption from hacks continues to grow. “Insurance executives have been increasingly vocal in recent years about systemic risks, such as pandemics and climate change, that test the sector’s ability to provide coverage. For the second year in a row, natural catastrophe-related claims are expected to top $100bn.
READ THE STORY: SecurityBoulevard
Telegram: detected malware stealing crypto on some traders
FROM THE MEDIA: Going more specific, Microsoft had published research on the threat actor by identifying him with the name DEV-0139, noting that he posed to his victims as a representative of another cryptocurrency investment company. Not only that, DEV-0139 acts by sending an Excel file with the name OKX Binance & Huobi VIP fee comparision.xls armed with malicious macros. Of course, this all happens after the threat actor joins Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms, thus identifying its target among members. This sort of ‘guidance’ provided by Microsoft, led SafeGuard Cyber’s D7 team to identify and confirm that these malicious files had been sent to traders of the client crypto company.
READ THE STORY: The Cryptonomist
Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware
FROM THE MEDIA: According to a new report from Israeli security firm Check Point, hackers are using ChatGPT to develop powerful hacking tools and create new chatbots designed to mimic young girls to lure targets. ChatGPT can also code malicious software that can monitor users’ keyboard strokes and create ransomware. For your information, ChatGPT has been developed by OpenAI as an interface for its LLM (Large Language Model). However, cybercriminals have somehow figured out a way to make it a threat to the cyber world since its code generation capability can easily help threat actors launch cyberattacks. On the other hand, Hold Security’s founder Alex Holden stated that he has observed dating scammers exploiting ChatGPT to create convincing personas. Scammers are creating female personas to impersonate girls to gain trust and have lengthier conversations with their targets.
READ THE STORY: HackRead
Chinese tracking device found in UK govt car, raises alarm bells
FROM THE MEDIA: Concerns over Chinese spyware have prompted intelligence officials in the UK to strip back government and diplomatic vehicles, leading to the discovery of at least one SIM card capable of transmitting location data, according to British media outlet inews.co.uk. Citing a serving security source, investigative reporter Richard Holmes, in an exclusive report, said the device, which had been placed inside a sealed part imported from a Chinese supplier. The tracking sims were reportedly installed by the vehicle manufacturer, and were found during a sweep that uncovered 'disturbing things'. The report said Chinese officials have dismissed the allegations as 'groundless and sheer rumour'. "We are firmly opposed to political manipulation on normal economic and trade cooperation or any smear on Chinese enterprises," the Chinese official said. The discovery raises national security concerns and has spurred calls from British politicians for a swift review into the "systemic threat" posed by Chinese intelligence, the inews.co.uk reported.
READ THE STORY: Devdiscourse
One of America's most hated companies hired a security robot. It didn't go well
FROM THE MEDIA: Can a robot bring you peace of mind? This has, for some time, been a conundrum that's wafted around my inner workings. If robots are so clever -- and some surely are -- they can protect us from all sorts of nefarious threats and intrusions. From other robots, for example. So when I first heard that a company called Knightscope had created security robots that patrolled buildings, I was unnaturally moved. How would the local, inferior humans react? I learned this quickly when a human was accused of assaulting one of these things at the company's own offices in Mountain View, California. Yet I continued to get emails from the company, as its business apparently flourished. Even when one of its security robots fell into a shopping mall fountain. Recently, though, I heard that a local company -- one at which many customers are irate -- had hired one of Knightscope's rolling software sheriffs.
READ THE STORY: ZDNET
WhatsApp Allows Communication Amid Internet Outages
FROM THE MEDIA: When selecting a proxy, users can connect to WhatsApp via servers run by individuals and groups devoted to promoting free speech throughout the world. According to WhatsApp, using a proxy connection preserves the app's privacy and security settings, and end-to-end encryption will continue to secure private conversations. As per the firm, neither the proxy servers, WhatsApp, nor Meta will be able to see the communications that are sent between them. When it comes to assisting users when WhatsApp is prohibited in a country, the messaging service stated, "If WhatsApp is restricted in your nation, you can utilize a proxy to connect and communicate with loved ones. End-to-end encryption will still be used to protect private communications while using a proxy connection to WhatsApp."
READ THE STORY: Cysecurity
No more holidays for US telcos, FCC is cracking down
FROM THE MEDIA: The Federal Communications Commission plans to overhaul its security reporting rules for the telecom industry to, among other things, eliminate a mandatory seven-day wait for informing customers of stolen data and expand the definition of what constitutes an incident. In a unanimous 4-0 vote, the FCC published a notice of proposed rulemaking that Chairwoman Jessica Rosenworcel said is sorely overdue, as the current rules are more than 15 years old. "The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements," Rosenworcel said. Along with eliminating the waiting period for reporting events to customers, the FCC is also proposing to require telling the FBI and US Secret Service, but is still seeking input on when this should be done.
READ THE STORY: The Register
SpaceX to Launch Starlink Satellites in First Mission of New Year at Vandenberg SFB
FROM THE MEDIA: A Starlink mission carrying 51 satellites will ring in the new launch year at Vandenberg Space Force Base. Liftoff of the Falcon 9 rocket, built by Space Exploration Technologies, will target Monday night from Space Launch Complex-4 on the South Base. The instantaneous launch opportunity will be at 8:15 p.m. Monday, with a backup opportunity set for 8:02 p.m. Tuesday, SpaceX said Saturday. The satellites’ placement in space determines the planned time for rocket launches. Boaters were advised to remain out of the ocean area off the South Base from approximately 4:30 p.m. to 10:30 p.m. Monday. Likewise, pilots were advised of a space launch at Vandenberg between 7:50 p.m. and 10:27 p.m. Monday. Rocket launches can be delayed because of technical troubles or unfavorable weather. The 229-foot-tall rocket will place another set of Starlink satellites in orbit.
READ THE STORY: NOOZHAWK
How the Cold War Between USA and USSR Let Us Discover Space
FROM THE MEDIA: With a hot trending talk of the times being space journeys, one might wonder how it all started- how we’ve come to this point in time, where interplanetary travel and tourism seem realistic. The origins of space travel can be traced to the space race between the USA and the USSR. They both wanted to one-up each other by completing a space journey. The USSR seemed to have a lead over the USA, with feats of sending the first satellite to orbit the Earth, and the first living thing to space in its belt. Remember Laika? The Soviet space dog was a trained cosmonaut and consumed food and water in a gelatinized form. Much to the USA’s dismay, the USSR beat them again when they managed to send the first human to space. Cosmonaut Yuri Gagarin reached an altitude of 203 miles (327 kilometers) and returned after orbiting the Earth in the Vostok 1 Space Capsule.
READ THE STORY: Interesting Engineering
Items of interest
Notorious Cuban spy Ana Montes released from federal prison
FROM THE MEDIA: Ana Montes, a Cuban spy who gave up American secrets for 17 years while working for the Defense Intelligence Agency, was released from prison Friday. Montes, 65, served more than 21 years of her 25-year sentence. She did her time at FMC Carswell, a women’s prison in Fort Worth, Texas. Montes was arrested in September 2001, just 10 days after the attacks on the World Trade Center. By that time, her bosses were already suspicious of her, and they didn’t want to risk her leaking the plans for the invasion of Afghanistan. Potentially facing the death penalty, Montes cut a deal with federal prosecutors in which she agreed in March 2002 to plead guilty to conspiring to commit espionage. In exchange, she received a 25-year sentence.
READ THE STORY: Yahoo News
Hacking Power Plants and Industrial Control Systems (Video)
FROM THE MEDIA: David Bombal’s second interview with the professional hacker Occupy The Web. In this video we discuss OSINT and hacking industrial control systems (ICS) using SCADA (supervisory control and data acquisition).
Ep. 85 - [David Schultz] Supervisory Control & Data Acquisition SCADA Systems Industrial Automation (Video)
FROM THE MEDIA: “Guest Bio My passion is using current and emerging technologies to overcome challenges and solve problems in manufacturing. With a background in business development, I am both commercially savvy and technically proficient. This combination enables me to articulate a value proposition and demonstrate the application of the underlying technology. I help companies develop and execute digital transformation and asset management strategies. I enable manufacturers to create a competitive advantage through data and information and the greater availability of assets. I am interested in working with organizations that share my values of honesty, integrity, and empathy. Together we endeavor to create the best versions of all people. “
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com