Monday, February 20, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
US General Warns China Biggest Threat in Space
Analyst Comments: China has developed an array of anti-satellite capabilities that have raised alarm bells among the US military and its allies. One of China's most significant threats to space security is its ground-based direct ascent anti-satellite (DA-ASAT) missile, which is capable of destroying low-earth orbit (LEO) satellites. China has also developed other anti-satellite technologies, such as directed energy weapons and cyber attacks, which could disrupt or destroy satellites.
FROM THE MEDIA: General Bradley Chance Saltzman, the U.S. chief of space operations, has identified China as the "most challenging threat" in an ever-growing space arms race. He also singled out Russia as a major player, stating that both countries have developed weapons that challenge the way space is utilized. These weapons include anti-satellite missiles, ground-based directed energy, and orbit interception capacities. Saltzman highlighted the need for the U.S. to shift its operations in space due to the weapons developed by China and Russia, which have fundamentally changed the way the U.S. operates in space. The space arms race has existed for decades, but it has now evolved to focus on finding ways to damage satellites with laser weapons or powerful microwaves. As space becomes more congested, General Saltzman calls for a code of conduct in space and responsible behavior from all players.
READ THE STORY: VOA
North Korean Cyber Espionage Group Deploys WhiskerSpy Backdoor in Latest Attacks
Analyst Comments: Earth Kitsune is a cyber espionage group that has been active since at least 2019. They primarily target individuals interested in North Korea and use self-developed malware to carry out their attacks. Some of the malware used by the group includes dneSpy and agfSpy. Earth Kitsune is known for using watering holes that leverage browser exploits in Google Chrome and Internet Explorer to activate the infection chain.
FROM THE MEDIA: The cyber espionage group Earth Kitsune has deployed a new backdoor named WhiskerSpy as part of a social engineering campaign. The group has been active since at least 2019, primarily targeting individuals interested in North Korea. Previously, the group used watering holes that leveraged browser exploits to activate the infection chain. In the latest attacks, the group has used social engineering tactics to trick users into visiting compromised websites related to North Korea. The group compromised the website of a pro-North Korean organization to distribute the WhiskerSpy implant. The malware comes with capabilities to delete, enumerate, download, and upload files, take screenshots, inject shellcode, load arbitrary executables, and more. Earth Kitsune is known for its technical proficiency and continuously evolving tools, tactics, and procedures. Trend Micro also detailed another intrusion set, Earth Yako, striking research organizations and think tanks in Japan. The group introduced new tools and malware within a short period of time and actively changed their targets and methods.
READ THE STORY: THN
Moldova, facing cyberattacks as part of the alleged Russian coup plan, asks for Western support
Analyst Comments: Moldova and Russia have a tense relationship due to Russia's alleged support for separatists in Moldova's breakaway region of Transnistria, which declared independence in 1990. Moldova has pursued pro-European policies, which has put it at odds with Russia. Russia's actions against Moldova are seen by some experts as part of a broader effort to maintain influence in the region and counter Western influence.
FROM THE MEDIA: Maia Sandu, the President of Moldova, has warned of an active Russian plot to overthrow her country’s government through propaganda and disinformation, multiple cyberattacks, and false bomb alerts. She has called for a range of support from other European nations to defend the integrity of her state. Russia is “waging hybrid war against Moldova,” with actions that undermine social cohesion, provoke protests, and allow external saboteurs to launch a coup, Sandu said. The crisis in Moldova has led to the resignation of Prime Minister Natalia Gavrilita due to domestic challenges including inflation and energy security issues. Sandu called on European peers to support Moldova to deal with internal threats of the hybrid war, cyber threats and modernizing border security and control.
READ THE STORY: The Record
Samsung Introduces New Feature to Protect Users from Zero-Click Malware Attacks
FROM THE MEDIA: Samsung has announced a new feature called Message Guard that is designed to protect users from malware and spyware through zero-click attacks. The feature is currently available on Samsung Messages and Google Messages on the Samsung Galaxy S23 series and is designed to limit exposure to invisible threats such as image attachments. Zero-click attacks exploit previously unknown flaws in software to trigger the execution of malicious code without requiring any user interaction. Samsung's Message Guard checks image files bit by bit and processes them in a controlled environment to ensure they cannot infect the rest of a device.
READ THE STORY: THN
Tech innovation can outpace cyber threats
Analyst Comments: Russia's asymmetric cyber capabilities allow it to achieve strategic objectives through cyber means without the need for traditional military force. These capabilities include cyber espionage, disinformation and propaganda, ransomware attacks, and cyber attacks against critical infrastructure. Russia's cyber operations are considered a threat to global security.
FROM THE MEDIA: A panel of experts, including NATO's head of policy planning Benedetta Berti, Ian Bremmer of Eurasia Group and GZERO Media, Comfort Ero of Crisis Group, and Brad Smith of Microsoft, discussed the past year since Russia invaded Ukraine at the Munich Security Conference. They discussed Western unity and Ukraine's resolve, warning against underestimating Russia's possible next moves. While the West responded well to the invasion, Bremmer warned that Russia is becoming "the most powerful rogue state in history" and asymmetric attacks on NATO could be seen in the future. The panel also addressed the power of technology and its impact on the world's safety, as well as the future of Ukraine and the challenges in cyberspace.
READ THE STORY: GZERO
Beyond the Lines | China’s unseen wars: A balloon between Biden and Beijing
Analyst Comments: China has been using a combination of technology-based espionage and human intelligence to steal sensitive corporate and trade data from countries such as the United States, Canada, Australia, and the United Kingdom. This has allowed China to establish itself as an economic superpower while actively pursuing global military superpower goals. The Chinese espionage mission has been caught in the limelight a few times, but many continue to exist undetected. China's narrative, run through its unofficial advocates across the world, is an effective parallel ecosystem that survives and flourishes below the radar.
FROM THE MEDIA: The article discusses the use of asymmetric warfare by China, particularly its combination of tech-based corporate espionage capabilities with a military strategy to dominate and control the global power status. The author draws a parallel between the recent incident of a Chinese spy balloon over American territory and the 1960 U-2 spy plane incident in which an American pilot was captured by the Soviet Union. The article argues that China's espionage missions are increasingly integrating with overt actions such as using military-grade lasers against a coast guard vessel in the Philippines or a high-profile military action against India in Ladakh or Arunachal Pradesh. The author suggests that China's hyper-power balloon, combining espionage technology, military and economic muscle, human intelligence, and clandestine advocacy, is a threat to global security that needs to be addressed.
READ THE STORY: First Post
PLA Information Warfare and Military Diplomacy: A Primer on Modernization Trends
Analyst Comments: Understanding the strengths and weaknesses of China's military modernization efforts can help the US and its allies to better anticipate and prepare for potential conflicts or competition in various domains, such as space, cyberspace, and the information environment. It also highlights the importance of investing in and modernizing the US military's own information warfare capabilities and fostering interoperable military partnerships and alliances.
FROM THE MEDIA: The US Department of Defense sees China as its most consequential strategic competitor due to its modernization of information warfare and military diplomacy. The PLA's primary arm for information warfare is the Strategic Support Force, which aims to secure information dominance through space and cyberspace operations. PLA military diplomacy has expanded dramatically, but it incurs an opportunity cost, and PLA culture prioritizes form over substance. The PLA's approach to information warfare suffers from several weaknesses, such as bureaucratic infighting, cumbersome approval processes, centralized decision-making, and overconfidence in their own data-sensing capabilities, creating opportunities for the US and its allies to exploit and outmaneuver them.
READ THE STORY: Small Wars Journal
Decoding ‘datanomics’: data analytics, security strategies and its economic impact for scale-ups
Analyst Comments: Data is highly valuable in today's world, and is often referred to as "the new oil". Like oil, data must be refined and processed to be useful. With data analytics, businesses can gain valuable insights into their operations, customer behavior, and market trends, allowing them to make informed decisions and gain a competitive advantage. According to a study by the McKinsey Global Institute, data-driven organizations are 23 times more likely to acquire customers, six times more likely to retain them, and 19 times more likely to be profitable.
FROM THE MEDIA: Data has become a critical asset in today's world, and data analytics can provide valuable insights to businesses. A panel of data experts discusses the importance of data security and data literacy in organizations in a recent article. The panelists provide real-world examples of how their organizations leverage data analytics to improve student learning outcomes and process financial transactions. The article also highlights the challenges of ensuring data security in a rapidly evolving threat landscape and stresses the importance of securing endpoint devices, such as computers, from potential attacks. Overall, the article emphasizes the need for businesses to prioritize data protection along with data analytics to leverage data as a source of competitive advantage.
READ THE STORY: Your Story
RAAF Poseidon adventure hunts for North Korean sanction busters
Analyst Comments: The operation seeks to reinforce Australia's commitment to nuclear non-proliferation and maintaining the rules-based order in the Indo-Pacific region, as well as to enforce UN Security Council sanctions and Australia's own sanctions against North Korea.
FROM THE MEDIA: The Royal Australian Air Force (RAAF) has deployed a P-8A Poseidon surveillance aircraft as part of Operation ARGOS to monitor and deter illegal ship-to-ship transfers of sanctioned goods to and from North Korea. The missions aim to maintain the hunt for vessels attempting to evade United Nations Security Council sanctions against North Korea, which has increasingly turned to cyber means to generate revenue. The country is a growing player in the methamphetamine market and uses cryptocurrencies to make transactions difficult to trace. The DPRK has also reportedly entered the ransomware market to fund its cyber activities. Australia has intercepted DPRK narcotic cargo in the past and is committed to enforcing sanctions against North Korea to contribute to maintaining the rules-based order in the Indo-Pacific region.
READ THE STORY: The Mandarin
GoDaddy joins the dots and realizes it's been under attack for three years
FROM THE MEDIA: Web hosting and domain name provider GoDaddy has revealed that it suffered a new attack on its infrastructure, with the company suggesting that it is one of a series of linked incidents dating back to 2020. In its annual report filed with the US Securities and Exchange Commission, GoDaddy detailed a March 2020 attack that compromised the hosting login credentials of approximately 28,000 hosting customers as well as personnel login credentials. It also revealed that a November 2021 breach targeted its hosted WordPress service. The latest attack came in December 2022, when a third party gained access to and installed malware on the company's cPanel hosting servers, which intermittently redirected customer websites to malicious sites. GoDaddy believes that these incidents may be linked to a multi-year campaign by a sophisticated threat actor group that has installed malware on its systems and obtained pieces of code related to some services within the company. GoDaddy states that none of the incidents has resulted in any material adverse impact on its business or operations.
READ THE STORY: The Register
Huge Activision hack leaks possible Warzone 2 & Modern Warfare 2 2023 content roadmaps
FROM THE MEDIA: According to a report, Activision was allegedly hacked in December 2022 by threat actors who gained access to their network through a privileged user. The hackers managed to download sensitive documents and schedules for content to be released dating to November 17, 2023, and no signs of what Season 5 entails were seen. Screenshots of content roadmaps for upcoming seasonal updates for Modern Warfare 2 and Warzone 2 were shared by vx-underground, and although it is written in Season 6, which will supposedly be released sometime in September, there might be an event that will go along with it called “Haunting of Saba”. However, it is worth noting that the validity of the hack itself has come into question, and it is not yet confirmed if the roadmaps shown are authentic.
READ THE STORY: Dexerto
Coins of War: Crypto assets used to support the Russian military after evading sanctions
Analyst Comments: Cryptocurrencies are being used to fund war efforts because they provide anonymity, security, global reach, and accessibility. Cryptocurrencies make it harder to track where the funds are coming from and going, making it easier to evade sanctions. They also offer a level of security that traditional forms of payment do not have, making it harder for the funds to be seized or blocked by authorities.
FROM THE MEDIA: The use of cryptocurrencies as a fundraising tool for pro-Russian groups and influencers has increased since sanctions were imposed on Russia for its invasion of Ukraine in February 2022. Alexander Lyubimov, director of the Novorossia Aid Coordinating Center, which raises funds for Russian forces in Ukraine, has said that his organization has invested at least $1.8m in crypto assets to provide ammunition, guns, drones, vehicles, winter clothing, and more to the Russian military. NACC has been active since Russia's annexation of Crimea in 2014 and raises funds to support pro-Russian regions that have unilaterally declared independence, the Donetsk and Luhansk People's Republics. Other pro-war fundraisers are also collecting donations in cryptocurrencies, such as Russian right-wing celebrity Anastasia Mikhaylovskaya and blogger Vladimir Romanov. The US and other Western countries are trying to stop the flow of cryptocurrency donations, but it is not an easy task.
READ THE STORY: Our Bitcoin News
U.S. plans new sanctions on Russia, targets key industries
FROM THE MEDIA: The Biden administration is planning to impose new export controls and a fresh round of sanctions on Russia, targeting key industries, financial institutions, and several individuals. The sanctions are aimed at Russia's defense and energy sectors, and U.S. allies may look into preventing the evasion and circumvention of sanctions in order to disrupt the support Russia receives from third countries. Meanwhile, the European Union's proposal for new sanctions includes entities in Iran that are seen to be providing Russia with drones and other military supplies, technologies, components, heavy vehicles, electronics, and rare earths. Earlier this month, the United States issued new sanctions on Russia over cyber activities that targeted seven individuals.
READ THE STORY: MarketScreener
Indian Ticketing Platform RailYatri Hacked – 31 Million Impacted
FROM THE MEDIA: Indian train ticket booking platform, RailYatri, has suffered a data breach that has exposed the personal information of over 31 million users/travelers, including email addresses, full names, genders, phone numbers, and locations. The breach is believed to have occurred in late December 2022, with the compromised database of sensitive information leaked online. The breach is not a typical case of hackers exploiting vulnerabilities; it began in February 2020 when a cybersecurity researcher identified a misconfigured Elasticsearch server exposed to the public without any password or security authentication. The server belonged to RailYatri, and after the researcher contacted the company, the server was closed with the help of the Indian Computer Emergency Response Team (CERT-In). However, two years later, on February 16th, 2023, hackers rattled the company with yet another security breach due to a new leak. The latest data breach could have been avoided "if the company had implemented proper cybersecurity measures from the outset."
READ THE STORY: HackRead
Ukraine war: Blinken says China might give weapons to Russia
Analyst Comments: This is very likely already occurring.
FROM THE MEDIA: The US has accused China of considering providing "lethal support" to Russia in the Ukraine conflict, a claim that China strongly denied. US Secretary of State Antony Blinken expressed "deep concerns" over the possibility of China providing weapons and ammunition to Russia, which would be a "serious problem for us and in our relationship". China has denied allegations of offering such support and accused the US of spreading lies. If China were to provide Russia with weapons, it would seriously damage US-China relations. The US has already sanctioned a Chinese company for allegedly providing satellite imagery of Ukraine to the Wagner Group, which provides Russia with thousands of fighters.
READ THE STORY: BBC
Foxconn to launch Taiwan’s first locally made satellite
FROM THE MEDIA: Taiwan-based Foxconn is set to launch the country's first locally made low earth orbit (LEO) satellite next year. The satellite, weighing around 12 kg and resembling a backpack, will be capable of completing a full earth orbit 550 km above it 15 times each day. The initiative is a collaboration between Foxconn's communications research center and Taoyuan's National Central University. As advances in technology bring the world closer to realizing connectivity for the third of the planet's population that remains offline, the deployment of low earth orbit satellites has been heating up recently, with Space X's Starlink having deployed nearly 2,000 satellites and applied for licenses for over 40,000.
READ THE STORY: Taiwan News
New Mirai botnet variant V3G4 targets Linux servers, IoT devices
FROM THE MEDIA: A new variant of the Mirai botnet, V3G4, has been targeting 13 vulnerabilities in IoT devices connected to Linux servers, according to cybersecurity researchers at Palo Alto Network’s Unit 42. Once the vulnerable devices are compromised, they can be fully controlled by attackers and become part of a botnet that can be used to conduct further campaigns, including DDoS attacks. The vulnerabilities used have less attack complexity than previously observed variants, but they maintain a critical security impact that can lead to remote code execution, the researchers said. V3G4 was active between July and December 2022, in three campaigns.
READ THE STORY: CSO
Could Critical Infrastructure Suffer from a PIPEDREAM
FROM THE MEDIA: It is crucial for critical infrastructure owners and operators to take proactive measures to protect their industrial control systems (ICS) from potential cyberattacks. The threat of malware like PIPEDREAM, which is capable of taking ICS offline, highlights the importance of securing these systems. The Cybersecurity and Infrastructure Security Agency (CISA) offers several guidelines and resources to help organizations protect their ICS, including implementing security controls, conducting regular vulnerability assessments, and having incident response plans in place. It is important for critical infrastructure owners and operators to take the threat of cyberattacks seriously and take steps to ensure the resilience and continuity of their operations.
READ THE STORY: JDSUPRA
Items of interest
Pipe Bomb Found Near Philadelphia Train Tracks Sparks Conspiracy Theories
FROM THE MEDIA: A pipe bomb was discovered near a train track in the Holmesburg area of Philadelphia. The bomb was found behind St. Dominic Catholic Church, close to a single set of train tracks feeding into Holmesburg Junction station. The bomb was discovered by a passerby who saw a PVC pipe with capped ends and an unknown black powder. Reports suggest that the bomb was removed by the police bomb squad and taken back to headquarters for further investigation. Social media users have linked the incident with recent train derailments and have suggested the two events are either caused by domestic terrorists or part of a government conspiracy. The Philadelphia Police Department has not yet discerned a possible motive for the existence of the bomb.
READ THE STORY: Newsweek
ChatGPT Built Me a Hacking Tool (Video)
FROM THE MEDIA: The ChatGPT Python tool enables the creation of an SSH login brute force tool, making the code more robust by handling unexpected errors. In a demonstration, security researcher Heath Adams shows how to use ChatGPT to create the SSH brute force tool in just minutes, highlighting its potential for ethical hacking.
Linux Privilege Escalation for Beginners (Video)
FROM THE MEDIA: This video is an introduction to the 6.5-hour Linux privilege escalation course, covering prerequisites and tips for beginners. It demonstrates various tools and techniques, such as system enumeration, network probing, and vulnerability exploitation, and recommends note-taking and using support resources like Discord. The course aims to help students become familiar with privilege escalation and prepare for certification exams.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected to cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.