Daily Drop: (440)

03-24-2023

Friday, March 24, 2023 // (IG): BB // Cyber-Roundup// Coffee for Bob

Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers

Analyst Comments: The cyber attack on telecommunication providers in the Middle East underscores the continuing threat of Chinese state-sponsored threat actors to the region. The use of sophisticated tools like Mimikatz and PingPull highlights the Chinese threat actors' dedication to advancing their toolset towards maximum stealth. The deployment of a custom variant of Mimikatz referred to as mim221 with new anti-detection features further underscores the need for organizations to enhance their cybersecurity posture continually. While the attack was unsuccessful, the fact that multiple Chinese nation-state groups such as APT10, APT27, and APT41 have tactical similarities with Gallium suggests the possibility of a "digital quartermaster" responsible for maintaining and distributing the toolset. The strategic interest of Chinese cyber espionage threat actors in the Middle East is an ongoing concern, and organizations in the region must remain vigilant to the evolving cyber threats.

FROM THE MEDIA: Telecommunications providers in the Middle East have been targeted by a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell. The attack began in the first quarter of 2023 and involved infiltrating Internet-facing Microsoft Exchange servers to deploy web shells for command execution. The attackers conducted various reconnaissance, credential theft, lateral movement, and data exfiltration activities. The attacks ultimately proved unsuccessful, with the breaches detected and blocked before any implants could be deployed on the target networks. The Chinese cyber espionage threat actors are known to have a strategic interest in the Middle East and will likely continue exploring and upgrading their tools for evading detection.

READ THE STORY:   THN // InfoSecMag

Rep Michelle Steel and Senator Cotton introduce protections against CCP espionage on U.S. supply chains

Analyst Comments: The proposed bill is of significant tactical and strategic importance as it addresses a serious national security threat that could have far-reaching implications, especially as tensions with China continue to rise. The proposed legislation aims to prevent potential security breaches, strengthen the US's position in global competition, and preserve the security of the US and allied supply chains. Furthermore, the bill could have a positive impact on international relations and reinforce the US's commitment to safeguarding its national interests and those of its allies. Therefore, the proposed legislation is a crucial step in ensuring the security of the US and its allies in the context of the intensifying global competition with China.

FROM THE MEDIA: Proposed legislation aims to ban all Department of Defense (DoD) usage and contracts with entities using or sharing data with China's LOGINK platform. Co-sponsored by multiple Representatives, the bill would require the President to prohibit US entities from using or sharing data with LOGINK, mandate the Administration to report on LOGINK's threat, and work with international partners to stop its use. LOGINK, overseen by China's Ministry of Transportation, has raised concerns similar to those surrounding Huawei and ZTE, which were banned by Congress in 2019. The proposed legislation is a crucial step in countering China's espionage efforts and demonstrates growing concern over China's aggressiveness towards democracies. It has significant tactical and strategic implications, as it could prevent potential security breaches, strengthen the US's global position, and protect the security of US and allied supply chains.

READ THE STORY:   OC Breeze

US lawmakers tell TikTok CEO the app ‘should be banned

Analyst Comments: The House Energy and Commerce Committee's hearing on TikTok's cybersecurity and national security risks is significant as it highlights the ongoing concerns that the app poses a threat to U.S. national security. Although Chew attempted to dispel concerns, the announcement from China's Commerce Ministry raised lawmakers' concerns that the Chinese government may have authority over the app and its data. The hearing also sheds light on other dangers associated with the app, including spreading harmful content and misinformation, threats to children, and user privacy. The call for a national privacy law is a significant development as lawmakers debate ways to protect Americans from the harmful effects of social media. The future of TikTok in the U.S. remains uncertain, as federal officials demand Chinese owners sell their stake in the company or face a ban.

FROM THE MEDIA: On 23rd March 2023, the chief executive of TikTok, Shou Chew, testified to a U.S. House committee for the first time to dispel concerns about the cybersecurity and national security risks posed by the short-form video app. Bipartisan lawmakers on the House Energy and Commerce Committee grilled Chew about TikTok's ties to the Chinese government, highlighting the risk that the Chinese Communist Party could force TikTok to hand over data collected on U.S. users under Beijing's security laws. Chew emphasized that ByteDance, TikTok's parent company, is a private company and not owned or controlled by the Chinese government.

READ THE STORY:   The Record

Using Starlink Paints a Target on Ukrainian Troops

Analyst Comments: The use of Starlink by Ukrainian troops highlights the risks associated with new technologies in modern warfare. While high-speed internet services like Starlink can provide critical communication capabilities to troops, they also pose new risks that must be carefully considered. The potential for Russian forces to intercept Starlink's GPS signals and target Ukrainian troops is a serious concern that must be addressed. The incident highlights the importance of assessing the potential risks of new technologies and considering ways to mitigate those risks before they become a threat. As the use of new technologies in modern warfare continues to evolve, it is crucial to remain vigilant about potential risks and take necessary steps to protect troops on the ground.

FROM THE MEDIA: The Starlink system has gained popularity among Ukrainian soldiers for its high-speed internet service, allowing them to stay connected and share information more effectively. However, the system's use has also raised concerns that it could put troops at risk by revealing their positions to Russian forces. Defense One reports that Russian forces have been known to intercept GPS signals in the past and use them to target enemy forces. If Russian forces were to intercept Starlink's GPS signals, they could potentially use the information to target Ukrainian troops, especially in areas with limited or no other communication options.

READ THE STORY:   Defense One

US charges crypto fugitive Do Kwon after Montenegro arrest

Analyst Comments: Do Kwon's arrest and fraud charges have significant implications for the crypto market, given his role as a co-founder of Terraform Labs and the impact of the collapse of Terra USD and Luna digital tokens in 2020. The charges of securities, commodities, and wire fraud indicate the severity of the alleged offenses, highlighting the need for increased regulation in the crypto industry. The involvement of US prosecutors and the possible extradition of Kwon suggest that the legal action against him is likely to proceed. The lawsuits filed by the US Securities and Exchange Commission further compound the significance of the event, highlighting the potential risks and fraudulent activities associated with cryptocurrency.

FROM THE MEDIA: Do Kwon, a South Korean crypto entrepreneur and co-founder of Terraform Labs, has been arrested in Montenegro and charged with fraud by US prosecutors. The charges include securities, commodities, and wire fraud, for which he faces eight criminal counts. Kwon is accused of deceiving customers about the Terra blockchain, misrepresenting its technology and user adoption rates. The collapse of Terra USD and Luna digital tokens in October 2020 caused an unprecedented crash in the crypto market, affecting hundreds of thousands of investors. Terraform and Kwon are also facing lawsuits from the US Securities and Exchange Commission for arranging a cryptocurrency fraud that caused billions of dollars in losses.

READ THE STORY:   FT

DC spy museum exposed signed credit card authorization forms

Analyst Comments: The exposure of credit card authorization forms on the International Spy Museum's public cloud storage resource due to misconfiguration is significant as it highlights the risks associated with storing sensitive data on the cloud without adequate security measures. The incident could have resulted in a data breach, and the potential damage caused by the exposure of credit card information to malicious actors cannot be underestimated. The adoption of S3 is high, and even small organizations can have thousands of buckets, which are often misconfigured and exposed to the internet, increasing the risk of costly data breaches. The incident highlights the need for organizations to implement robust security measures and ensure proper configuration of their cloud resources.

FROM THE MEDIA: The International Spy Museum in Washington DC inadvertently exposed about a hundred signed credit card authorization forms on its Amazon public cloud storage resource, an S3 bucket, due to misconfiguration, according to cyber threat intelligence analyst Bob Diachenko. The credit card authorization forms included the cardholder’s name, card number, and security number, and were usually filled by schools that book a visit to the museum for their students. After being alerted to the leak, the museum isolated the exposed forms from public access. As the data in most S3 buckets are stored unencrypted, the credit card information could be easily downloaded by anyone who gained access to it. The extent of the potential data breach is unclear.

READ THE STORY:   Cybernews

Iran-linked incidents spurred Cyber Command to send 'hunt forward' team to Albania

Analyst Comments: The deployment of the CNMF team to Albania is tactically significant as it helped prevent further Iranian cyber attacks on the country's government networks. Strategically, it demonstrates the US's ability to work with its allies in cyberspace and strengthens diplomatic ties with Albania. The hunt forward concept has won considerable support from Capitol Hill due to its ability to foster digital cooperation among nations and allow Cyber Command to understand adversary nations' digital tactics firsthand. Since 2018, the CNMF has deployed teams 44 times to 22 countries, performing operations on nearly 70 networks worldwide. The hunt forward effort builds trust and confidence between nations, according to Cyber Command and NSA chief Gen. Paul Nakasone.

FROM THE MEDIA: In July 2022, a cyber attack targeted the Mujahideen-e Khalq in Albania before a conference was due to be held. In September 2022, a second attack hit Albania's Total Information Management System, which automated tasks such as passport checks and cross-referencing individuals on fugitive databases. The Cybersecurity and Infrastructure Security Agency later confirmed that Iranian hackers had been inside Albania's networks for over a year. The Biden administration sanctioned Iran's spy agency for carrying out the July attack and condemned Tehran for the second breach. Albania severed diplomatic relations with Iran following the attacks.

READ THE STORY:   The Record

Senators call for Congress-approved cybersecurity position at the Department of Energy

Analyst Comments: Elevating the cybersecurity director position to an assistant-secretary level role would enhance the position's stability and effectiveness, and demonstrate the government's commitment to cybersecurity in the energy sector. The lack of Senate confirmation has raised concerns about the position's standing within the department and the potential impact on national security. The bipartisan support for elevating the position suggests that there is broad agreement on the importance of cybersecurity in the energy sector and the need for stable, professional, nonpartisan leadership in this area.

FROM THE MEDIA: Senators from both parties have called for the elevation of the cybersecurity director position at the Department of Energy from its current director-level role to an assistant-secretary-level position that would require Senate confirmation. Congress has criticized the White House and Secretary of Energy Jennifer Granholm for downgrading the position, which is currently held by Puesh Kumar, on the grounds that it is too important to leave subject to the whims of shifting politics. The lack of Senate confirmation has raised concerns about the position's standing within the department.

READ THE STORY:   The Record

US military hits Iran-backed groups in Syria after drone attack kills American contractor

Analyst Comments: The US airstrikes targeting Iranian-affiliated groups in Syria are a significant response to recent attacks against US personnel and Coalition forces in the region. The decision to use precision strikes against facilities used by these groups shows a willingness to use force to protect US interests and personnel, which may deter future attacks. However, these strikes also carry the potential to escalate tensions between the US and Iran. The continuing threat of drone attacks against US bases in Syria and the region remains a concern for US forces stationed there.

FROM THE MEDIA: The US military's response to the drone attack on a US base in Syria illustrates its dedication to protecting its personnel and interests in the region. By conducting precision airstrikes on facilities used by Iranian-affiliated groups, the US demonstrates its willingness to use force to deter future attacks. However, there is still a risk of escalating tensions with Iran. US bases in Syria are likely to continue facing drone attack threats, emphasizing the importance of maintaining a robust defensive posture in the region. The precision airstrikes were carried out in response to recent attacks on Coalition forces in Syria by groups linked to Iran's Islamic Revolutionary Guards Corps (IRGC). The US military's objective is to deter future attacks and reaffirm its commitment to defending its personnel.

READ THE STORY:   The Hill

Crypto is banned in China, but Binance employees and support volunteers tell people how to bypass the ban

Analyst Comments: The report highlights a significant security concern for Binance, which has been trying to prevent Chinese residents from accessing its platform since China banned cryptocurrency trading in 2021. The fact that employees and volunteers are teaching customers how to evade Binance's KYC controls is a regulatory concern for the exchange, which could potentially face penalties and legal action from authorities. Additionally, the report suggests that Binance's KYC and AML efforts are ineffective, indicating a possible lack of oversight and potential loopholes that criminals could exploit. From a tactical and strategic perspective, this could have a significant impact on Binance's reputation and business, as regulators may become increasingly hesitant to allow the exchange to operate in their jurisdictions. It could also lead to further scrutiny of the exchange's practices, which may hurt its ability to attract new customers and expand its operations.

FROM THE MEDIA: Binance, the world's largest cryptocurrency exchange by volume, has been found to allow customers in China to subvert its know-your-customer (KYC) systems, enabling them to bypass residency and verification requirements that are supposed to prevent Chinese residents from accessing the platform. A CNBC report obtained and reviewed messages from Binance's official Chinese-language chatrooms, showing techniques for evading KYC, including offering false addresses and manipulating Binance's systems. Employees, volunteers, and customers also shared video guides and documents that showed mainland residents how to falsify their country of residence to obtain Binance's debit card. Financial regulation experts expressed concerns that Binance's KYC and anti-money laundering (AML) efforts could easily be thwarted, leading to the possibility of illegal activity such as terrorism, fraud, or cybercrime. The report also suggests that Binance's KYC controls could have implications beyond China, including potential national security concerns.

READ THE STORY:   CNBC

Tennessee city hit with a ransomware attack

Analyst Comments: A ransomware attack on Oak Ridge City's technology systems is significant as it highlights the increasing threat of ransomware attacks on local governments and institutions. This attack could disrupt the city's operations and services, leading to potential financial losses and public inconvenience. It also indicates the need for local governments and institutions to strengthen their cybersecurity defenses and develop response plans to mitigate such attacks. The city officials should continue to work with law enforcement and cybersecurity experts to investigate the matter and recover the affected systems. The city should also review its cybersecurity defenses and develop a comprehensive response plan to prevent future attacks. Additionally, the city should consider providing cybersecurity awareness training to its employees to help prevent future incidents.

FROM THE MEDIA: Oak Ridge, a city in Tennessee known for its role in the Manhattan Project, is grappling with a ransomware attack that has impacted its technology systems. City officials are working with law enforcement and cybersecurity experts to address the situation. Despite the attack, the Oak Ridge Police and Fire departments remain reachable by phone. Tennessee has seen a surge in ransomware attacks, with the FBI office in Memphis noting a significant increase in incidents targeting various sectors. This marks the 18th attack on local government in the US this year, according to ransomware expert Brett Callow.

READ THE STORY:   The Record

BlackGuard stealer now targets 57 crypto wallets, extensions

Analyst Comments: The new capabilities of the BlackGuard stealer pose a significant risk to users as they attempt to steal sensitive data, including cryptocurrency data. The malware's ability to propagate via USB and add itself under the "Run" registry key makes it difficult to detect and remove, and its ability to download additional payloads and execute them directly in the breached computer's memory further complicates the detection and removal process. To mitigate the risk of BlackGuard infections, users should avoid downloading executables from untrustworthy websites, not launch files arriving as email attachments from unknown senders, and keep their systems and AV tools updated. Users should also use trusted and secure cryptocurrency wallets and extensions.

FROM THE MEDIA: A new variant of the BlackGuard stealer malware has been discovered, featuring enhanced capabilities such as USB propagation, persistence mechanisms, loading additional payloads in memory, and targeting more crypto wallets. The malware, which was first spotted by Zscaler in March 2022, was sold as a malware-as-a-service (MaaS) on Russian-speaking forums. AT&T analysts found this new version, which has improved features including a crypto wallet hijacker (clipper) module, USB propagation, the ability to download and execute additional payloads, registry modification for persistence, and file duplication. BlackGuard now targets 57 cryptocurrency browser extensions and wallets, an increase from the 45 it targeted in August. To mitigate the risk of infection, users should avoid downloading executables from untrustworthy websites, be cautious with email attachments, and keep their systems and antivirus tools updated.

READ THE STORY:   Bleeping Computer

City of Toronto and Virgin confirm hackers accessed data through file transfer systems

Analyst Comments: The cyberattacks by the Clop ransomware group through a vulnerability in Fortra’s GoAnywhere file transfer product are significant as they pose a significant risk to organizations' sensitive data and operations. The widespread adoption of third-party software in various industries highlights the need for organizations to be vigilant and proactive in their cybersecurity defenses. The continuous evolution of ransomware attacks, such as Clop, demonstrates the need for organizations to strengthen their cybersecurity defenses and response plans.

FROM THE MEDIA: The Clop ransomware group has been attacking organizations through a vulnerability in Fortra’s GoAnywhere file transfer product, affecting dozens of organizations in recent weeks. The City of Toronto and Virgin confirmed that they were among the victims of the cyberattack. Clop has been adding new victims to its leak site, which includes several high-profile companies. The City of Toronto and other organizations affected are investigating the details of the identified files, and the Clop ransomware group has been exploiting vulnerabilities in third-party software.

READ THE STORY:   The Record

North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign

Analyst Comments: The spearphishing campaign by Kimsuky targeting experts on the Korean peninsula is significant as it demonstrates the group's continued efforts to gain intelligence and sensitive information from high-value targets. The use of two attack methods highlights the group's sophisticated tactics and capabilities. The advisory issued by South Korean and German agencies underscores the importance of vigilance and robust cybersecurity defenses to mitigate the risk of cyberattacks.

FROM THE MEDIA: Kimsuky, a notorious North Korean group, has been conducting spearphishing attacks since 2012, targeting diplomats, non-governmental organizations, think tanks, and experts on issues related to the Korean peninsula. The group's latest campaign focuses on highly targeted attacks using two methods to gain access to victims' Google accounts. These methods include the infection of Android phones through a malicious app on Google Play and the use of a malicious Chromium web browser extension. The National Intelligence Service and the Constitutional Protection Agency of South Korea and Germany issued an advisory warning of the campaign, which mainly targets experts on the Korean Peninsula and North Korea.

READ THE STORY:   The Record

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Analyst Comments: The WooCommerce Payments plugin is a widely used e-commerce plugin for WordPress, and the vulnerability affects over 500,000 websites. If exploited, the flaw could result in unauthorized admin access to impacted stores, potentially leading to the theft of sensitive information or financial losses. It is therefore crucial that users update to the latest patched version and take additional steps to secure their sites, such as checking for newly added admin users and rotating API keys.

FROM THE MEDIA: The WooCommerce Payments plugin for WordPress, installed on over 500,000 websites, has a critical security flaw that could enable a bad actor to gain unauthorized admin access to impacted stores, according to an advisory by the company. The vulnerability is in versions 4.8.0 through 5.6.1 and allows an unauthenticated attacker to take over a website without any user interaction. The flaw is believed to be in a PHP file called "class-platform-checkout-session.php." WordPress security company Wordfence warned that the vulnerability could be weaponized on a large scale. Patched versions include 4.8.2, 4.9.1, 5.0.4, 5.1.3, 5.2.2, 5.3.1, 5.4.1, 5.5.2, and 5.6.2. WooCommerce is disabling the WooPay beta program due to the issue's potential to impact the payment checkout service.

READ THE STORY:   THN

Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps

Analyst Comments: The emergence of Nexus as a new Android banking trojan is a significant threat to the financial industry, with several threat actors already adopting it. Its ability to perform ATO attacks against banking portals and cryptocurrency services, as well as read 2FA codes, makes it a potent tool for conducting fraud. The fact that it overlaps with another banking trojan and incorporates a ransomware module further increases its threat level. Additionally, Nexus's explicit rules prohibiting its use in specific countries suggest that threat actors using it may have a specific target or agenda. As such, this event is of both tactical and strategic significance, as it poses a direct threat to the security of financial institutions and their customers.

FROM THE MEDIA: Italian cybersecurity firm Cleafy has reported the discovery of a new Android banking Trojan known as Nexus. This emerging malware appears to be in its early stages of development and has been adopted by several threat actors to target around 450 financial applications and conduct fraud. Nexus is advertised as a subscription service to its clientele for a monthly fee of $3,000. The malware provides all the main features to perform Account Takeover attacks against banking portals and cryptocurrency services, such as credentials stealing and SMS interception. Nexus has been used in real-world attacks, with most infections reported in Turkey, and overlaps with another banking trojan dubbed SOVA. The malware also contains features to take over accounts related to banking and cryptocurrency services by performing overlay attacks and keylogging to steal users' credentials.

READ THE STORY:   THN

Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

Analyst Comments: The emergence of DEV-1101 and its open-source phishing kit is a significant development in the realm of phishing attacks. The use of AitM campaigns makes detection more difficult, and the sophistication of the phishing kit's functionalities presents a severe threat to the security of individuals and organizations. The widespread use of the phishing kit by several attackers and its availability for purchase raises concerns about its continued and future use. As such, this event is of both tactical and strategic significance, as it poses a direct threat to the security of individuals and organizations, especially those who may fall prey to phishing campaigns using this kit. It is important to take measures to protect against such attacks, such as raising awareness of phishing threats, implementing multifactor authentication, and monitoring suspicious activity.

FROM THE MEDIA: Microsoft’s Threat Intelligence team has reported the activities of a new threat actor named DEV-1101 who has been advertising an open-source phishing kit for use in adversary-in-the-middle (AitM) campaigns. The phishing kit features reverse-proxy capabilities, automated setup, antibot database evasion, management of phishing activity via Telegram bots, and a range of pre-made phishing pages that mimic popular services. The kit has been used in various approaches, including sending emails to targets with an Open button that activates antibot functionalities, displaying a CAPTCHA request to verify a real user, and bypassing multi-factor authentication by logging into the legitimate service using stolen credentials and forwarding the MFA request to the user. The phishing kit has been observed being used by several attackers and is available for purchase on cybercrime forums and Telegram channels.

READ THE STORY:   Techrepublic

Viasat Hack Still Dominates Cybersecurity Discussions A Year Later

Analyst Comments: The Viasat breach and other security breaches highlight the growing threat of cyber attacks on satellite networks. The lack of access controls and multi-factor authentication in Viasat's VPN devices emphasizes the need for better security measures in satellite networks. The discussions also reveal the need for a security mindset, company auditing, education, and transparency in the satellite sector to improve security. Furthermore, the lack of institutional framework and regulatory agencies for the space sector highlights the need for the US government to see space as critical infrastructure. The market trend towards multi-orbit communications and the need for standardization could benefit satellite manufacturers but also requires the industry to keep pace with the potential for 50,000 satellites in orbit by the end of the decade.

FROM THE MEDIA: The hack on Viasat’s KA-SAT network in early 2022, along with recent security breaches at AT&T and T-Mobile, was discussed at a cybersecurity panel at SATELLITE on March 16, 2023. Mike Regan, Vice President of Business Performance for the Telecommunications Industry Association (TIA), criticized the lack of access controls and multi-factor authentication that could have prevented the attacks. Manjula Sriram, Chief Information and Security Officer of Iridium, emphasized the importance of a security mindset and company auditing to improve security. Mathieu Bailly, Co-Founder and Director of CYSEC, highlighted the need for education and transparency in the satellite sector, especially among engineers. Shaun Waterman, Cybersecurity Correspondent for Newsweek, noted that the US government needs to see space as critical infrastructure to push forward regulatory agencies. In a separate panel, satellite manufacturers discussed the market trend towards multi-orbit communications and the need for standardization to improve profits.

READ THE STORY:   Via Sat

What cyber attack risks do the railways face

Analyst Comments: The increase in cyber attacks targeting the transport sector, particularly railways, is a significant concern for both tactical and strategic reasons. While most attacks had little impact on train services themselves, the increasing connectivity between IT and OT networks in the sector could make ransomware attacks on OT systems more likely, potentially leading to train disruptions or safety incidents. The rise in hacktivist activity following Russia's invasion of Ukraine highlights the potential for cyber attacks to become a tool of geopolitical conflict, with railways as a key target due to their critical infrastructure status.

FROM THE MEDIA: The European Union Agency for Cybersecurity (ENISA) has released its first cyber threat landscape report on the transport sector covering the period of January 2021 to October 2022. The report highlights an increase in DDoS attacks targeting railways, primarily related to the Russian war in Ukraine, and ransomware as the most common type of cyber attack. Of the 98 cyber attacks analyzed, 21 targeted the railway sector, with 45% being ransomware attacks, and 25% being data-related threats. The attacks mostly targeted the IT systems of railways and caused some disruptions but mostly did not cause train operations to shut down. Cybercriminals accounted for the majority of attacks on the transport sector, accounting for 54%. The report highlights the rise of hacktivist activity following Russia's invasion of Ukraine and predicts that DDoS attacks targeting railways and the transport sector, in general, will continue to increase.

READ THE STORY:   Rail Tech

The Persian Gulf-Black Sea Corridor: Why should India consider an alternative getaway

Analyst Comments: The proposed trade corridor linking the Persian Gulf and the Black Sea has the potential to significantly boost trade between India, Russia, and Europe while reducing transportation costs and time. The creation of this corridor would align with India's objective of seeking new trade routes to Europe and could be beneficial for the Indian economy. However, the proposal involves investing in infrastructure projects in other countries, which carries a certain degree of political, economic, cultural, social, legal, and geopolitical risks. Additionally, there are ongoing conflicts in the region that could potentially disrupt the project's implementation. Overall, this proposal could have significant strategic and economic implications if successfully implemented.

FROM THE MEDIA: Armenia has proposed the creation of an alternative trade corridor linking the Persian Gulf and the Black Sea to facilitate trade between India, Russia, and Europe. The suggestion was made by a delegation of high-ranking officials and experts from Armenia during a visit to India by the country's foreign minister, Mr. Ararat Mizoyan. The proposed corridor will operate alongside the International North-South Transport Corridor (INSTC) to establish a trade link between Mumbai and Bandarabas Seaport in Iran and then proceed to Armenia and further on to Europe or Russia. The aim of this alternative route is to bypass Azerbaijan, which has closer ties with Turkey and Pakistan, and India is being asked to support and finance this proposal. Armenia's relationship with India has been growing due to recent defense exports, and both countries share a cold relationship with Turkey and Pakistan.

READ THE STORY:   Modern Diplomacy

Items of interest

How to Out-Deter China

Analyst Comments: China's aggression towards Taiwan is a significant concern for the United States and its allies in the Asia-Pacific region. A conflict between China and Taiwan could lead to a regional war, and the United States could be drawn into the conflict due to its defense treaty with Taiwan. Therefore, it is crucial for the United States to deter Chinese aggression toward Taiwan and ensure peace and stability in the region. The United States should continue to strengthen its military presence in the Asia-Pacific region and provide Taiwan with the necessary military equipment and training to defend itself against Chinese aggression. The United States should also work with its allies in the region to develop a unified strategy to counter Chinese aggression and ensure peace and stability in the region. China's aggressive posture towards Taiwan is a significant threat to peace and stability in the Asia-Pacific region. The United States and its allies must take proactive measures to deter Chinese aggression and ensure peace and stability in the region.

FROM THE MEDIA: In response to China's growing confidence in its military capabilities and strategic deterrence efforts, the US must focus on out-deterring China to avoid a potential conflict over Taiwan. By emphasizing the catastrophic consequences of a war between two nuclear-armed powers and undermining China's optimism in its capabilities, the US can prevent an escalatory spiral. Washington's deterrence strategy involves coordinating with allies and leveraging all national power tools to convey the risks of nuclear posturing and ensure Beijing understands the true risks of conflict over Taiwan. This approach can prevent China from becoming overconfident and avert a potential catastrophe.

READ THE STORY:   FP

To Catch a Spy: The Art & Future of Counterintelligence (Video)

FROM THE MEDIA: The World Affairs Council of Greater Houston hosted an online event called "To Catch a Spy: The Art & Future of Counterintelligence" with James Olson, a former CIA operative and author of "To Catch a Spy: The Art of Counterintelligence." Olson explains that counterintelligence is the steps taken to protect a country's people and secrets from foreign espionage services. He also notes that China is the number one threat to the United States, with a magnitude of espionage and cyber attacks much higher than anything seen before, and that the level of spying by foreign countries on the US is higher than ever before. Olson also discusses the effectiveness of Cuba's intelligence services and the motivations of Americans who have spied on foreign countries, with money being the primary motivation.

Blockchain Surveillance, Cyber Mercenaries, and Intelligence (Video)

FROM THE MEDIA: Janine discusses blockchain analysis companies and their relationship with surveillance and intelligence agencies. Janine explains the difference between analysis and surveillance and presents a case study on the company Neutrino. She also discusses the danger that these companies pose and suggests ways to resist their impact. Janine talks about her background and concerns about privacy in Bitcoin. She discusses several companies that offer blockchain analysis and their affiliations with financial institutions and intelligence agencies. She also highlights the importance of transparency and access to the code used in these tools. Finally, she suggests ways to avoid using software and services that employ these data collection tools.

These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.