Friday, March 17, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob
Phase-based Tactical Analysis of Online Operations
Analyst Comments: By collectively leveraging the kill chain's shared structure, investigators can pinpoint multiple points of detection and disruption in an operation, bolstering defense resilience and enhancing early detection chances. Moreover, it enables teams with different specializations to compare operations, recognizes prevalent tactics, and prioritize them for countermeasure development. This streamlined approach facilitates the detection and disruption of a broader array of online threats than previously achievable.
FROM THE MEDIA: Meta has developed the Online Operations Kill Chain to address the lack of a shared model for responding entities to analyze, describe, compare, and disrupt malicious online operations. This framework covers a wide range of online operations, such as cyber espionage, influence operations, scams, human trafficking, and terrorist recruitment, by building on the commonalities of online operations such as acquiring assets, disguising assets, and indiscriminate engagement. The framework can be used by analysts and investigators at tech platforms, open-source institutions, and government bodies to identify the threat actor’s specific tactical, technical, and procedural activities. The kill chain can be applied to a single operation to sequence its activity, compare multiple operations to identify commonalities and prioritize countermeasures that could be applied to multiple operations, and share and compare findings on different operations across different disciplines. This approach would enable investigators to detect and disrupt operations comprehensively, prioritize countermeasures, and increase resilience by allowing teams who specialize in different areas to compare operations and prioritize common tactics, techniques, and procedures for countermeasure development.
READ THE STORY: CEIP
Leveraging Behavioral Analysis to Catch Living-Off-the-Land Attacks
Analyst Comments: The growing use of LotL attacks by cybercriminals highlights the need for organizations to adopt advanced defensive strategies that can detect anomalous behavior in real time. As these attacks are becoming more effective, they pose a significant threat to security teams that rely on traditional security measures such as a signature or rules-based detection systems. The report suggests that implementing AI-based systems that understand normal business behavior and can initiate targeted responses is essential for detecting and responding to LotL attacks. This shift towards AI-based cybersecurity measures will help organizations keep up with evolving threats and provide comprehensive protection against cyber-attacks.
FROM THE MEDIA: A recent report has revealed that cybercriminals increasingly use “living-off-the-land” (LotL) attacks, which rely on native tools and applications within a system to evade detection. Attackers can abuse the credentials and privileges granted to administrators to carry out a malicious activity that is indistinguishable from legitimate behavior. Such attacks have been found to be highly effective and are 10 times more likely to succeed than file-based attacks. Common LotL techniques include using PowerShell to launch malicious scripts, batch scripts, and .NET applications, and also making use of registry console tools, RDP connections, and WMI services. Defensive systems relying on known bads and historical attack data fail to catch these malicious activities, and detecting anomalous behavior in real time requires a business-centric strategy that leverages AI to understand the “normal” behavior of every user and device in an organization.
READ THE STORY: DarkReading
China's new cyber policy: Obey Xi and ban global 'disinformation'
Analyst Comments: A Chinese Communist Party's new white paper on internet rule of law highlights the party's emphasis on control and obedience to its leadership. The demand for global governance structures to regulate internet content raises concerns about free speech and censorship. The call for absolute obedience to the party for domestic and foreign speech online demonstrates the party's desire to subjugate any thought deemed undesirable. This highlights the need for the international community to uphold the principles of free speech and human rights in the face of authoritarian regimes' attempts to suppress dissent and control the flow of information. The concerns raised by the white paper also demonstrate the importance of protecting critical infrastructure and developing secure communication networks to safeguard national security interests.
FROM THE MEDIA: The Chinese Communist Party has released a new white paper on internet rule of law, which emphasizes obedience to the party's overall leadership. Deputy Director of the State Council Information Office Cao Shumin explained that the law must implement the party's leadership throughout the entire process to ensure the correct political direction. The white paper calls for new global governance structures to regulate internet content, citing concerns about disinformation, personal safety, social stability, and national security. The Chinese Communist Party demands absolute obedience to the party for all domestic and foreign speech online, with consequences for those who commit crimethink.
READ THE STORY: Washington Examiner
Crypto Infects Banks, Banks Return the Favor
Analyst Comments: The collapse of three crypto-friendly banks within a month has had a significant impact on the cryptocurrency sector, particularly for those that relied on their services. This event highlights the vulnerabilities of the crypto sector when it comes to traditional financial institutions and demonstrates the need for more reliable banking partners or alternatives to ensure stability. In the short term, this may create operational challenges for crypto firms and affect the perception of crypto-assets reliability. In the long term, it may force the crypto sector to reevaluate its relationship with traditional banks or explore other financial solutions to mitigate risks.
FROM THE MEDIA: Three crypto-friendly banks, including Signature Bank and Silvergate Bank, collapsed within a month, causing disruptions in the cryptocurrency sector. Circle Internet Financial Ltd. experienced difficulties when $3.3 billion of cash backing its USDC stablecoin was stuck in the now-defunct Silicon Valley Bank. The incident led to the temporary loss of USDC's dollar value and damage to its reputation. Some in the sector speculate that there may be a coordinated effort to eliminate digital assets from finance, while others attribute the situation to risk management. The crypto sector is now facing challenges in finding reliable banking partners.
READ THE STORY: Bloomberg
China Is Tweaking Its Propaganda for African Audiences
Analyst Comments: African countries should be cautious about China's propaganda efforts and ensure they are not swayed by China's messaging alone. African governments should promote independent media and encourage their citizens to seek out diverse sources of information to get a balanced view of China's role in their societies. African governments should also develop their own narratives to counter China's messaging, highlighting the benefits and drawbacks of their relationships with China. African governments should also be mindful of the risks of relying too heavily on China for infrastructure projects and investments and work to diversify their partnerships.
FROM THE MEDIA: China's propaganda efforts in Africa are gaining momentum as it seeks to cultivate positive relationships with African countries. Beijing is focusing on creating a compelling Chinese narrative to influence African opinion through its international outreach program. China's propaganda emphasizes positive changes in African societies attributed to cooperation with or learning from China. It seeks to build a coalition of like-minded partners to promote its national interests, maintain its territorial integrity, and enhance its comprehensive national strength. Despite spending millions of dollars each year on its Africa-focused propaganda, China's favorability still lags behind that of the United States. While Africa's view of China is generally favorable, Beijing's official media outlets have low levels of African viewership, and their coverage does not overlap with mainstream African media outlets.
READ THE STORY: FP
America’s Military Depends on Minerals That China Controls
Analyst Comments: Currently the dependence of the U.S. military and the world on critical minerals controlled by China is a significant tactical and strategic challenge. The U.S. military's technological edge in the coming decades relies on a steady and secure supply of these minerals, making it a national security concern. The dependence of the U.S. on China for these minerals poses a significant risk to national security, as China's rapid growth as a military power renders it America's most consequential strategic competitor. The lack of a robust domestic supply chain for critical minerals poses a significant risk to the future of the U.S. military.
FROM THE MEDIA: The United States is alarmingly dependent on China for critical minerals, essential to building and maintaining modern weapons systems. The war in Ukraine has highlighted the national security implications of energy security, and a steady and secure supply of critical minerals is essential to maintain America's role as a military superpower. The U.S. Geological Survey keeps a list of 50 minerals critical to U.S. national security, infrastructure, economic and energy needs, many of which have military applications. Some minerals on the list include titanium for aerospace components, high-temperature superalloys for turbines and hypersonic missiles, and ceramics for hypersonic thermal protection systems. China controls much of the refining and production capacity of these minerals, leaving the U.S. and other major world powers dangerously dependent on it.
READ THE STORY: FP
Why the role of crypto is huge in the Ukraine war
Analyst Comments: The significant role of cryptocurrency donations in supporting pro-Ukrainian war efforts highlights the potential benefits of digital currencies in conflict zones, particularly in terms of rapid financial support. However, the risks associated with cryptocurrencies, such as sanctions evasion and cybercrimes, necessitate a careful assessment of their use in such contexts. The push for new regulations from public and private organizations aims to address these concerns and create a more secure environment for the use of digital currencies. The development and implementation of these regulations will likely impact the use of cryptocurrencies in future conflicts or humanitarian crises.
FROM THE MEDIA: Over $212 million in cryptocurrency donations have been made to support pro-Ukrainian war efforts, with funds being utilized for various purchases, including protective gear and medical supplies. The decentralized nature of crypto enables quick transactions, making it a useful tool in conflict zones. However, the use of cryptocurrencies also poses risks, such as sanctions evasion and cybercrimes, prompting public and private organizations to consider new regulations.
READ THE STORY: World Economic Forum
Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials
Analyst Comments: Winter Vivern APT's targeted campaigns against government officials and private businesses are a significant tactical and strategic threat. The APT's ability to distribute custom payloads using various methods and demonstrate restraint in the scope of their attacks shows strategic intent and sophistication in their operations. The group's alignment with the interests of Belarus and Russia's governments poses a risk to national security. The continued evolution of Nobelium's toolset and its targeted phishing campaigns against diplomatic entities in the European Union also pose a significant threat to national security. The findings highlight the need for improved cybersecurity measures to protect against APTs and their evolving toolsets.
FROM THE MEDIA: Winter Vivern is a Russian-speaking APT group that has been targeting government officials and private businesses in various countries, using custom payloads distributed through phishing websites and tailored malicious documents. The group is believed to be aligned with the interests of Belarus and Russia. Their attacks involve using batch scripts to deploy the Aperetif trojan from compromised WordPress sites, and they have shown strategic intent and sophistication in their operations. Nobelium, another Kremlin-backed group, has been developing new custom malware and targeting diplomatic entities in the European Union through phishing campaigns, with a focus on agencies aiding Ukrainian citizens and the government.
READ THE STORY: THN
Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips
Analyst Comments: The identification of these vulnerabilities is of high significance in a tactical and strategic sense, as it poses a threat to the security of a wide range of Android smartphones and other devices. The four critical flaws that allow remote code execution without user interaction could potentially lead to entrenched access to cellular information passing in and out of the targeted device, and the attack method is well within reach of skilled attackers. The patches for other devices are expected to vary depending on the manufacturer's timeline, and until then, users are recommended to take steps to reduce the exploitation risk.
FROM THE MEDIA: Google Project Zero has warned about 18 zero-day vulnerabilities in Samsung's Exynos chips that could be used to remotely compromise a smartphone without any user interaction. The security flaws, which have not been disclosed in detail, affect a range of Android smartphones, wearables and vehicles using the Exynos W920 chipset and Exynos Auto T5123 chipset. Four of the vulnerabilities are capable of achieving remote code execution, allowing a threat actor to access cellular information on the affected device. While patches have already been released for some devices, others are expected to receive updates according to their manufacturers' timelines. Google has recommended disabling Wi-Fi calling and Voice over LTE to mitigate the risks.
READ THE STORY: THN
Wave of Stealthy China Cyberattacks Hits U.S., Private Networks, Google Says
Analyst Comments: Chinese state-sponsored hackers' development of highly sophisticated techniques to breach government and business networks without detection represents a significant threat to US and Western targets. The attacks' impact is significant because of the importance of what is being stolen, with defense contractors, government agencies, and technology and telecommunications firms being the main targets. These attacks have been successful in compromising systems for years without detection, and the scope of Chinese intrusion into US and Western targets is likely far broader than currently known. This threat poses both tactical and strategic significance to the United States and its allies.
FROM THE MEDIA: On March 16, Alphabet-owned company Google's Mandiant division released a report stating that Chinese state-sponsored hackers have developed highly sophisticated techniques to breach government and business networks without detection. These hackers are using a new level of ingenuity and sophistication, compromising devices at the edge of the network and targeting software that runs on computers without antivirus or endpoint detection software. This method of attack is challenging to investigate, and it is believed that the scope of Chinese intrusion into US and Western targets is likely far broader than currently known. The attacks are mainly targeting defense contractors, government agencies, and technology and telecommunications firms. While the number of identified victims may be small, the impact is significant.
READ THE STORY: WSJ
High-Altitude Espionage (Spy Balloon) and India’s National Security
Analyst Comments: The use of balloons for espionage and surveillance is not new, but advancements in technology have made them a more sophisticated tool for collecting various forms of intelligence. China's use of spy balloons poses a serious threat to national security, and India needs to improve its technological proficiency and work with like-minded nations to address this issue. The blurring of geographical borders through technological advancements makes it even more critical for India to be vigilant against espionage attempts, especially near borders and critical infrastructure. The use of balloons for surveillance and espionage can have serious consequences, and India needs to take steps to counter these emerging dangers.
FROM THE MEDIA: The recent sighting of a Chinese spy balloon flying above the United States has raised concerns about the use of balloons for espionage and surveillance. Balloons equipped with sensors, cameras, or communication equipment can collect various forms of intelligence, such as SIGINT, GEOINT, HUMINT, and ELINT. China's use of spy balloons has sparked conversations about rethinking countermeasures against emerging dangers like this. India has also spotted a similar balloon near its border, which raises concerns about national security and the need to improve technical proficiency and work with like-minded nations.
READ THE STORY: Moderndiplomacy
Telerik vulnerability exploited
Analyst Comments: Exploitation of a known vulnerability in an IIS server represents a serious threat to the security of US Federal civilian agencies. The incident highlights the need for vulnerability management and the limitations of vulnerability scanners, which can lead to vulnerabilities being overlooked. This incident also underscores the importance of understanding one's systems and networks thoroughly, including supply chain software bills of materials, to help discover risks and be more proactive in mediating the threats they pose. It is critical for organizations to have solutions that help them analyze the software supply chain and avoid the deployment of unknown or potentially harmful components hidden in legitimate software.
FROM THE MEDIA: Multiple threat actors, including at least one APT group, were able to exploit a known vulnerability in an IIS server to compromise a US Federal civilian agency. The vulnerability allowed attackers to execute code on the agency's web server. The agency's vulnerability scanner failed to detect the flaw as the Telerik UI software was installed in a file path it does not typically scan. The vulnerability was exploited by a nation-state actor and a cybercriminal group. The incident highlights the importance of vulnerability management and the limitations of vulnerability scanners.
READ THE STORY: The Cyberwire
Fortinet zero-day attacks linked to suspected Chinese hackers
Analyst Comments: The identified attack on government organizations is significant in a strategic and tactical sense as it demonstrates the potential of sophisticated attackers to exploit zero-day vulnerabilities to conduct cyber espionage. The attack was highly targeted, with advanced capabilities demonstrated by the attackers, and resulted in the backdooring of multiple devices to ensure continued access to the victims' networks. It highlights the need for government organizations and large enterprises to take proactive measures to detect and remediate zero-day vulnerabilities in their systems to prevent cyber espionage and data exfiltration.
FROM THE MEDIA: A Chinese hacking group known as UNC3886 has been linked to a series of cyber-espionage attacks against government organizations that exploited a Fortinet zero-day vulnerability (CVE-2022-41328) to deploy malware. The flaw allowed threat actors to execute unauthorized code or commands on unpatched FortiGate firewall devices, with malware payloads subsequently deployed for data exfiltration, file downloading and writing, and the opening of remote shells. The attackers were able to backdoor FortiGate devices using a path traversal exploit and showcase advanced capabilities such as reverse-engineering the devices’ operating system. The attack is believed to have occurred in mid-2022 and was highly targeted against the government and large organizations. The group maintained access to the compromised networks through two new malware strains: a Python-based Thincrust backdoor and the ICMP port-knocking Castletap passive backdoor. The attacks serve as a reminder of the importance of identifying and patching known vulnerabilities and highlight the risk of internet-accessible devices in espionage operations.
READ THE STORY: Bleeping Computer
Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration
Analyst Comments: The discovery of a new strain of malware associated with TeamTNT demonstrates the ongoing threat posed by crypto jacking groups. These groups continue to target cloud and container environments, where misconfigured systems can be exploited to deploy cryptocurrency miners, stealing system resources and potentially exfiltrating data. The deployment of a decoy miner highlights the sophistication of these attacks and the need for organizations to have comprehensive security measures in place to detect and remediate such threats. The use of a dynamic linker hijacking technique to cloak the miner process further emphasizes the need for organizations to adopt a defense-in-depth strategy and implement multiple layers of security to prevent and detect these attacks.
FROM THE MEDIA: Cado Security has found a new strain of malware suspected to have been developed by TeamTNT, a crypto-jacking group that has been active since at least 2019. The malware mines Monero cryptocurrency on compromised systems and was found after Sysdig reported a sophisticated attack known as SCARLETEEL aimed at containerized environments to steal proprietary data and software. The sample surfaced on VirusTotal around the same time as the SCARLETEEL attack, raising the possibility that it could have been deployed as a decoy to conceal data exfiltration. The new malware shows syntactic and semantic similarities to prior TeamTNT payloads and includes a wallet ID previously attributed to them. TeamTNT is known for repeatedly striking cloud and container environments to deploy cryptocurrency miners and has unleashed a crypto mining worm capable of stealing AWS credentials.
READ THE STORY: THN
Texas Agriculture Commissioner warns about Chinese purchases of US farmland, military base access
Analyst Comments: Concerns raised by Texas Agriculture Commissioner Sid Miller regarding China's purchasing of US farmland highlight the potential risks to national security. China's access to America's military bases, electric grid, and food sources could provide them with unique capabilities for espionage and pose significant threats to the US. The recent tensions between the two countries have further heightened concerns about Chinese investment in US farmland. The legislation banning China from purchasing farmland, passed by some lawmakers like South Dakota Gov. Kristi Noem, demonstrates the growing awareness of this issue. However, the US must assess the situation carefully to balance the economic benefits of foreign investment against the risks to national security.
FROM THE MEDIA: Texas Agriculture Commissioner Sid Miller has warned about the dangers of China's purchasing of US farmland, including having access to America's military bases, electric grid, and food sources. Miller highlighted the purchase of 140,000 acres near the Laughlin Air Force Base by a Chinese billionaire and former military leader as an example. He emphasized the need for the US to ban China from purchasing any more land, given the risk to national security.
READ THE STORY: JTN
Three French airports have been targeted by hackers linked to the Kremlin
Analyst Comments: The DDoS attacks on French airports by Anonymous Sudan highlight the threat of cyber attacks to critical infrastructure and public services. The group's apparent ties to Russia suggest a coordinated effort to disrupt Western countries, and their use of DDoS attacks underscores the need for robust cybersecurity measures to protect against such attacks. The motives behind the attacks, including retaliation for past events, raise questions about the effectiveness of using cyber attacks as a form of protest or retaliation. The incident also underscores the need for international cooperation and information sharing to combat cyber threats and protect against future attacks on critical infrastructure.
FROM THE MEDIA: Five French airports including Paris, Paris-Vatry, Bordeaux, Lyon, and Marseille were reportedly targeted by distributed denial of service (DDoS) attacks on Wednesday by a hacker group named Anonymous Sudan. According to reports, the hackers carried out “collective service saturation attacks”, which overwhelmed and took servers at three airports offline. Anonymous Sudan claimed responsibility for the attacks on Telegram, stating that they attacked the airports in revenge for the cartoons of Muhammad published by Charlie Hebdo eight years ago. The group's ties to Russia are rumored, and it is believed that their mission is to destabilize European institutions and establishments in Western countries.
READ THE STORY: Gear Rice
AI-Generated Personas Used to Create Digital Con Artists on YouTube
Analyst Comments: The significance of the AI-generated video threat lies in its potential to deceive users by appearing more trustworthy and familiar than traditional malware offers. With over two billion monthly users on YouTube, this platform has become a prime target for malicious actors, and their tactics have increased by 300% in November alone. The issue is compounded by the fact that these cybercriminals post fictitious comments on the videos that give the impression that the content is legitimate, leading people astray. While YouTube has strict enforcement of its policing rules, malicious actors are always searching for new ways around these regulations, making it necessary for users to be aware of the fundamentals of this form of scam.
FROM THE MEDIA: CloudSek, a cybersecurity research company, has raised the alarm over the growing use of AI-generated videos on YouTube by cyber criminals. These videos are increasingly being used to make malicious content look more trustworthy and familiar than traditional malware. They appear on various websites in various languages and often include harmful links or other calls to action. The content is designed to lure victims in and encourage them to download malware or enter their personal information. Cybercriminals have to compete with YouTube's strict policing rules, but once detected, their accounts and videos can quickly be taken down and banned from the site. CloudSek warns against downloading free versions of software that would otherwise be paid for, blocking emails and websites that appear dubious, and avoiding the sharing of personal or financial information unless required.
READ THE STORY: Digital Information World
Kaspersky releases decryptor for ransomware based on Conti source code
Analyst Comments: The release of the decryptor tool by Kaspersky is a positive development in the ongoing fight against ransomware attacks. The tool's availability will likely assist victims in recovering their data and minimizing the impact of the attack. However, the continued evolution of ransomware variants and the activities of cybercriminal groups highlight the need for robust cybersecurity measures and collaboration between the public and private sectors to prevent and respond to such threats.
FROM THE MEDIA: Russian cybersecurity firm Kaspersky released a decryptor tool that can be used to unlock files encrypted by a variant of the Conti ransomware that infected multiple companies and state institutions in December 2022. Kaspersky did not identify the strain, but experts suggest it could be the Meow ransomware, which was based on Conti's leaked code. Kaspersky obtained the ransomware's private keys and a new version of a public decryptor was released to help victims. At least 14 victims out of 257 paid a ransom. Allan Liska, a ransomware expert, said that Kaspersky's work showed ransomware groups themselves typically have lackluster security and urged public and private sectors to engage in similar activities.
READ THE STORY: The Record // Bleeping Computer
As major elections loom, Meta unveils its internal Online Operations Kill Chain
Analyst Comments: The release of the Online Operations Kill Chain framework is significant in terms of tactical and strategic importance. The upcoming elections in the United Kingdom, United States, European Union, India, Turkey, and Taiwan are crucial, and the need to prevent online interference is crucial. The framework will help in detecting and disrupting operations and will foster collaboration between industry, civil society, and government. This tool will be beneficial in ensuring the integrity of these critical elections, thereby contributing to the stability of the democratic process.
FROM THE MEDIA: Meta, the parent company of Facebook and Instagram, has released a new Online Operations Kill Chain framework aimed at helping industry, civil society, and government groups collaborate to detect and disrupt online interference in next year's significant elections in countries such as the United Kingdom, the United States, and India. A framework is a tool used internally at Meta to analyze individual operations and identify the earliest moments at which they can be detected and disrupted. Meta hopes the tool will help other defenders detect and disrupt operations when they see them on their networks, too, and help everybody share their findings. The framework covers a broad range of activities related to online operations, principally those that are meant to be seen and influence humans. The goal of the framework is to create a shared understanding of the vocabulary and a common roadmap of the steps that an operation goes through, breaking down silos and fostering collaboration across different investigative teams.
READ THE STORY: The Record
Senators call on CISA to examine cybersecurity risks of Chinese consumer drones
Analyst Comments: The senators' call for CISA to examine the security risks posed by DJI drones is significant as the widespread use of consumer drones across the U.S. for everything from food delivery to emergency services makes them a potential threat to critical infrastructure. The warning that sensitive information or data could wind up in the hands of China's military underscores the importance of preventing unauthorized access to U.S. critical infrastructure by foreign entities, particularly those with links to the Chinese Communist Party. If vulnerabilities in drone technology are not addressed, they could be exploited to launch cyber-attacks or to gather intelligence, which could have significant tactical or strategic implications in the event of a conflict.
FROM THE MEDIA: A group of 16 bipartisan US senators has written to the Cybersecurity and Infrastructure Security Agency (CISA) to conduct a comprehensive analysis of the risks associated with consumer drones made by Shenzhen DJI Innovation Technology. The senators, including Mark Warner and Marsha Blackburn, have urged CISA to examine the DJI drones, which they claim are linked to the Chinese Communist Party and could be used to spy on US critical infrastructure. According to the senators, DJI drones have been widely used in the inspection of US critical infrastructure such as pipelines, railways, power generation facilities, and waterways, which could lead to the Chinese government developing a detailed picture of such infrastructure, ultimately enabling them to conduct more effective targeting efforts in the event of a conflict. The letter to CISA comes after a determination by the Defense Department that DJI is a “Chinese military company”. The senators are alarmed by several reports indicating that DJI dominates the drone market, with 90% of North America’s consumer drone market and about 70% of the industrial drone market being controlled by DJI.
READ THE STORY: The Record
Weaponized Telegram and WhatsApp Apps Attack Android & Windows Users
Analyst Comments: The use of clippers and optical character recognition (OCR) for Android malware is a new development, which shows that cybercriminals are using advanced techniques to evade detection. Additionally, the use of Google Ads to direct victims to fake websites highlights how easy it is to circumvent legitimate app stores to trick users into downloading malware. Since the malware was targeted mostly at Chinese-speaking customers, it could have wider implications for international relations between countries. This event is likely to prompt organizations and governments to review their security policies and protocols for messaging apps and cryptocurrency wallets.
FROM THE MEDIA: ESET Research has discovered fake Telegram and WhatsApp websites, mostly targeting Android and Windows users with trojanized versions of these instant messaging services. These harmful apps are primarily clippers that steal or alter the contents of the clipboard, with several focusing on cryptocurrency wallets. The clippers intercept the victim’s messaging communications and replace any sent and received cryptocurrency wallet addresses with addresses belonging to the attackers. The fake websites provide download links for Telegram and WhatsApp for all supported operating systems, and the trojanized apps intercept victims’ chat conversations to exchange any cryptocurrency wallet addresses for the attackers or exfiltrate sensitive information that would allow attackers to steal victims’ cryptocurrency funds. Researchers found both remote access trojans and clippers included in the Windows versions.
READ THE STORY: CyberSecurityNews
Chinese rocket carrying spy satellite destroyed, burnt to ashes over Nepal’s sky
Analyst Comments: The destruction of the Chinese rocket carrying spy satellites in space is a significant event in the military context as it highlights the potential threats posed by China's surveillance capabilities. It is also significant in terms of the increase in space debris, which could pose a risk to other satellites in orbit.
FROM THE MEDIA: On March 11, 2023, a Chinese rocket carrying spy satellites crashed and burned while entering the Earth's atmosphere over the skies of western Nepal. This rocket was part of China's National Space Administration Y-65 mission that launched three military electronic surveillance satellites from the Xinchang Satellite Launch Center on July 29, 2022. Astrophysicist Jonathan McDowell reported that the rocket had been in the sky for more than 200 days and was intentionally programmed to make an "accidental re-entry somewhere in the world at some unpredictable time this year." The rocket had delivered its payload over Texas on March 8, 2023, before breaking up. Both rockets were used to carry spy satellites, and the most recent crash has resulted in an additional four tons of space debris. China has been accused of releasing spy balloons in the sky in recent times, and the United States and India have reported sightings and even shot down some of these balloons.
READ THE STORY: News lead India
Items of interest
Could future supply chain crisis hit diesel shipping, not containers
Analyst Comments: The situation with the EU and G-7 sanctions on Russian exports of diesel and other refined petroleum products, the increase in ton-mile demand, the historically low order book, and the increase in the shadow fleet is significant, posing a threat to energy security. The situation could lead to a replay of the supply chain crisis experienced with containerized goods, with the potential of impacting fuel supply chains. However, it presents a potential goldmine for owners of product tankers and investors in their stocks.
FROM THE MEDIA: The EU and G-7 sanctions imposed on Russian exports of diesel and other refined petroleum products have led to product tankers sailing longer voyages, leading to an increase in ton-mile demand by 7%. As a result, the number of new product tankers on order is historically low, and until 2026, the world has to make do with roughly the same ocean transport capacity for diesel, gasoline, and jet fuel, regardless of global fuel demand. The shadow fleet is increasing, comprised of ships with opaque ownership that operate outside Western financial and insurance regimes, further reducing the effective ship supply. Product tanker rates are now highly profitable despite high EU inventories, with spot rates at historically high levels at this time of the year. The product tanker market is in the same situation as the crude tanker market with a historically low order book. The potential for future windfall profits and the historically low order book has attracted investors, leading to exceptional stock performance for Torm and other product tanker owners.
READ THE STORY: Freight Waves
A Critical Analysis of the Weaponization of Economics (Video)
FROM THE MEDIA: The transcript is a conversation between a host and Professor Beatrice Weber about the weaponization of economics, which involves the use of trade and finance in aggressive ways against certain countries. They discuss the trend towards globalization and the increasing use of sanctions, as well as the possibility of a new system called globalization or re-regionalization. The discussion also touches on the role of the private sector, government policies, and the current geopolitical climate. They also briefly touch upon the crisis in Ukraine, and the possibility of the new international economic order being more welcoming to environmental concerns.
How Putin held Europe hostage over energy | FT Energy Source (Video)
FROM THE MEDIA: The EU's decision to use gas as a transition fuel has resulted in a high dependence on Russia, which has allowed Russia to build infrastructure that takes gas into Europe. The liberalization of the gas market has led to a move away from state monopolies, which has made countries more vulnerable to malevolent intent. Europe faces one of its worst energy crises in decades due to a gas crisis. Russia has been able to supply less gas during the shoulder season months, ensuring that Europe enters the winter with lower storage than it has in the past. This has increased the stranglehold that Putin has over the European economy. The crisis could potentially last for years, and the long-term problem of climate change could be worsened by the need for alternative energy sources.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.