Tuesday, April 11, 2023 // (IG): BB // Financial Enabler // Coffee for Bob
TSMC wants to cash its US CHIPS but seems unhappy with the red tape
Analyst Comments: The US CHIPS Act aims to reduce the country's dependence on foreign semiconductor manufacturing and supply chains by providing subsidies for domestic semiconductor manufacturing and R&D. However, chipmakers such as TSMC have expressed frustration with the strict requirements to receive public funding. Despite this, TSMC, the largest semiconductor foundry in the world, is expanding its manufacturing facilities in the US and stands to benefit from the funding allocation. Yet with the CCP's acquisition of lithographic-making technology from ASML, a Dutch company, has raised concerns about China's ability to produce advanced chips that could threaten TSMC's market position. The US government's move to subsidize domestic semiconductor manufacturing is part of its strategy to counter China's ambitions to become a semiconductor powerhouse.
FROM THE MEDIA: Taiwan Semiconductor Manufacturing Co (TSMC) has expressed concerns over the requirements to get a portion of the US CHIPS Act subsidies, which are ring-fenced $52.7 billion of taxpayer cash to support the semiconductor manufacturing and R&D on American soil. TSMC is in talks with the US government over CHIPS Act guidance. The chipmaker's specific gripes are unclear. As part of its massive capacity expansion, TSMC is building a pair of US fabs outside Phoenix, worth about $43.5 billion, and it could bag between $2 billion and $6 billion on top of substantial tax breaks. However, companies receiving over $150 million in the subsidies will be required to share a portion of any profit that exceeds certain "agreed-upon thresholds," which may deter foreign-run fab giants like TSMC and Samsung from pitching for a slice of the cash. Additionally, these manufacturers will be subject to detailed reporting requirements, a prohibition on Chinese investments and stock buybacks, and employee childcare provisioning requirements.
READ THE STORY: The Register
KillNet Claims Creating Gay Dating Profiles with NATO Logins
Analyst Comments: The claim made by KillNet of successfully breaching NATO's cyber infrastructure and stealing data appears to be credible, given the group's previous track record of successful cyber attacks. The group has targeted private businesses and critical government websites around the world, including the United Kingdom and Lithuania, among others. Such attacks highlight the ongoing threat of hacktivist groups and cyber warfare in today's geopolitical landscape, underscoring the need for robust cybersecurity measures and international cooperation to combat cyber threats.
FROM THE MEDIA: Pro-Russian hacktivist group KillNet has claimed responsibility for launching Distributed Denial of Service (DDoS) attacks on NATO's cyber infrastructure and breaching its security to steal data. The group reportedly carried out cyberattacks that resulted in the "paralysis" of 40% of NATO's electronic infrastructure. KillNet leaked NATO email addresses and plain-text passwords that it claimed to have stolen from NATO School, and also shared a screenshot showing that it had used the alleged stolen login credentials to register 150 email addresses on a gay dating portal in Kyiv and Moldova, suggesting a possible motive of embarrassment or blackmail. The increasing frequency and sophistication of cyber attacks pose significant challenges to governments, businesses, and individuals alike, and underscore the need for robust cybersecurity measures and international cooperation to combat cyber threats.
READ THE STORY: HackRead
Meta has nothing to say about politicians making deepfaked ads
Analyst Comments: The articles highlight some of the challenges and risks associated with AI-generated content and the need for appropriate safeguards to be put in place to protect individuals and society. The lack of clarity on how social media platforms like Meta will handle deepfakes and AI-generated content raises concerns about the potential for misinformation and manipulation. The potential for AI-generated falsehoods to damage reputations and cause harm is also a growing concern, as demonstrated by the potential defamation lawsuit against OpenAI.
FROM THE MEDIA: Meta has declined to detail how it will treat AI-generated deepfake content that appears on its social media platforms, leading to questions about whether elected representatives could use AI-generated content to manipulate discourse without repercussions. The Washington Post reports that Meta flags deepfakes as content to be handled by fact checkers rather than seeking a tech fix to detect manipulated media. Meanwhile, a lawsuit may be brought against OpenAI for ChatGPT generating falsehoods and potentially damaging reputations. The mayor of a well-to-do rural locale outside of Melbourne, Australia, threatened to sue OpenAI for defamation after its ChatGPT model falsely claimed he went to prison for bribery. US President Joe Biden acknowledged that AI has the potential to help solve some of today's most pressing issues but warned it could also be a disruptive force that needs appropriate guardrails to protect America's rights and safety. OpenAI may also start verifying users' ages to better protect children from harmful content generated by its AI software.
READ THE STORY: The Register
GOP embraces a new foreign policy: Bomb Mexico to stop fentanyl
Analyst Comments: The article presents a summary of the growing support among some Republicans for using military force to combat the fentanyl crisis. It highlights the concerns of both proponents and opponents of this approach, including the potential impact on U.S.-Mexico relations, the legal and logistical challenges of such a strategy, and the potential consequences for drug demand. The article also notes the differing views of Republican leaders on this issue, suggesting a division within the party.
FROM THE MEDIA: Some prominent Republicans are advocating for the use of military force to combat the fentanyl crisis, including bombing drug cartel leaders in Mexico. Donald Trump has expressed support for this approach and asked for "battle plans" to strike Mexico. Some Republican lawmakers have introduced bills seeking authorization for military force against the cartels or to label them as foreign terrorist organizations. However, not all Republican leaders support this idea, and Democrats have rejected it. Nearly 71,000 Americans died in 2021 from synthetic-opioid overdoses, and the Drug Enforcement Agency has assessed that most of the fentanyl distributed by cartels is produced in secret factories in Mexico with chemicals sourced from China.
READ THE STORY: Politico
Russia's Joker DPR Claims Access to Ukraine Troop Movement Data
Analyst Comments: The analysis by Recorded Future provides useful insights into the cyber activities of the Joker DPR threat group, which appears to be more focused on information operations rather than specialized hacking. The group's claim of having real-time access to DELTA was likely exaggerated, but the impact of the claim on AFU commanders' decision-making cannot be ignored. The ongoing threat of cyber attacks and disinformation campaigns from Russian-aligned groups highlights the need for robust cybersecurity measures and international cooperation to combat such threats
FROM THE MEDIA: The Joker DPR threat group, which has been functioning as an arm of the Russian state since 2019, claimed in November 2021 that it had real-time access to DELTA, the Ukraine military's battlefield management system (BMS). This would have given the group insights into military planning for the Armed Forces of Ukraine (AFU). However, analysis by cybersecurity firm Recorded Future suggests that the claim was vastly exaggerated, and that the group is more likely to have access to an individual user account rather than full access to the BMS. Although the group wants to give the impression of being a band of super-hackers, in reality, the group does not appear to specialize in hacking and takes what it can get to support its information agenda. The group's activities suggest that it is more opportunistic with its cyber activity, using its platform to amplify news of compromises in an effort to undermine the credibility of the Ukrainian government and military. The likelihood of international law enforcement reaching Joker DPR in Russia is small, but the analysis hopes to raise the group's profile to help protect Ukraine's forces from Russian-aligned groups, as well as push back against ongoing Russian disinformation campaigns.
READ THE STORY: DarkReading
Hong Kong Is Courting Crypto. What’s Behind the Switch
Analyst Comments: Hong Kong is taking a risk by integrating cryptocurrency with its financial infrastructure, but it may also pay off by allowing the city to be a global capital for an exciting new world. The new regulations, which require firms to establish a Hong Kong presence and apply for licensing by June 2024, are causing a rush into Hong Kong among larger players in the industry. While Singapore's attempt to nurture a trustworthy crypto business failed, Hong Kong is taking the risk of integrating crypto with its financial infrastructure because it cannot afford to keep out the wider range of transactions that cryptocurrencies and their underlying blockchain technology might eventually spawn.
FROM THE MEDIA: Hong Kong, a global financial center, is embracing cryptocurrency and is heading in the opposite direction of other global authorities. In February, the new government in Hong Kong unveiled a new regulatory template for cryptofinance, including access for retail investors to "large-capitalization" tokens. The new regulations require firms to establish a Hong Kong presence by June 1 and then apply for licensing by June 2024. Unlike Singapore, which relies on its enormous port and related commerce, Hong Kong's sector accounts for close to a quarter of gross domestic product. The Hong Kong government has budgeted HK$50 million ($6.5 million) towards the development of a "Web3" ecosystem. The government is taking a risk on crypto retail trading to integrate crypto with Hong Kong's formidable financial infrastructure and the huge savings horde held by Chinese retail investors to forge a global capital for an exciting new world.
READ THE STORY: Barron's
New MuddyWater attacks made to resemble ransomware campaign
Analyst Comments: It appears that Iran's state-sponsored threat group MuddyWater, also known by several other names, has collaborated with another group known as DEV-1084 to launch attacks against on-premises and cloud infrastructures in a disruptive and destructive manner, similar to a ransomware campaign. Microsoft has stated that Mercury likely used known vulnerabilities in unpatched applications for initial access, before handing off access to DEV-1084 to move laterally throughout the network. DEV-1084 then used highly privileged credentials to facilitate on-premise device encryption and widespread cloud resource deletion. Microsoft also noted that DEV-1084 presented itself as a criminal actor interested in extortion, likely as an attempt to hide Iran's link to and strategic motivation for the attack.
FROM THE MEDIA: Iran's state-sponsored threat group MuddyWater, also known as Mercury, Cobalt Ulster, TEMP.Zagros, Yellow Nix, Static Kitten, Earth Vetala, Boggy Serpens, and ITG17, has been collaborating with DEV-1084 to launch attacks against on-premises and cloud infrastructures. The attacks were intended to be disruptive and destructive. The group likely exploited known vulnerabilities in unpatched applications for initial access before handing off access to DEV-1084 to perform extensive reconnaissance, establish persistence, and move laterally throughout the network. Highly privileged credentials have been used by DEV-1084 to facilitate on-premise device encryption and widespread cloud resource deletion, while full email inbox access has enabled "thousands of search activities" that helped enable impersonation attacks. The attacks were presented as an extortion attempt to obfuscate Iran's link to and strategic motivation for the attack.
READ THE STORY: SCMAG
Estonian National Charged in U.S. for Acquiring Electronics and Metasploit Pro for Russian Military
Analyst Comments: The arrest and indictment of Andrey Shevlyakov highlight the continuing efforts by foreign actors to evade U.S. export controls and acquire sensitive technology for use in their home countries. The case also underscores the need for heightened scrutiny by U.S. companies of their customers and business partners to ensure compliance with export regulations. The alleged procurement of hacking tools by Shevlyakov further highlights the growing threat of cyber espionage and the need for robust cybersecurity measures. The case may also have implications for U.S.-Russia relations, which have been strained in recent years due to various geopolitical issues.
FROM THE MEDIA: An Estonian national, Andrey Shevlyakov, has been indicted with 18 counts of conspiracy and other charges for purchasing U.S.-made electronics on behalf of the Russian government and military. Court documents allege that Shevlyakov used front companies to import sensitive electronics from U.S. manufacturers and then shipped them to Russia, bypassing export restrictions. Shevlyakov is estimated to have exported at least $800,000 worth of items from U.S. electronics manufacturers and distributors between about October 2012 and January 2022. If found guilty, he faces up to 20 years in prison.
READ THE STORY: THN
Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages
Analyst Comments: The supply chain attack targeting .NET developers is yet another example of how cybercriminals are increasingly leveraging supply chains to deliver malware to targeted systems. The use of a sophisticated typosquatting campaign to execute PowerShell code is also a cause for concern, especially given the malicious code's ability to gain unauthorized access to users' cryptocurrency accounts. The use of a rare obfuscation technique and an auto-update mechanism to retrieve new versions of the executable from a remote location are also signs of the increasing sophistication of malware used in cyberattacks. The incident underscores the need for software developers to implement safety measures at every step of the software development lifecycle to ensure the software supply chain remains secure.
FROM THE MEDIA: Researchers have detailed the workings of a cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The two-stage attack impersonated legitimate packages to execute PowerShell code, retrieving a follow-on binary from a hard-coded server. This culminated in the deployment of Impala Stealer, a .NET-based persistent backdoor, which can gain unauthorized access to users' cryptocurrency accounts. The payload used a rare obfuscation technique called '.NET AoT compilation', making the binary harder to reverse engineer. The second-stage payload has an auto-update mechanism to retrieve new versions of the executable from a remote location and can inject JavaScript code into Discord or Microsoft Visual Studio Code apps, thereby activating the launch of the stealer binary.
READ THE STORY: THN
Chinese state media hails Tesla mega factory in Shanghai as sign foreign business is on board
Analyst Comments: Tesla's announcement of a new mega factory in Shanghai to produce rechargeable lithium-ion batteries has been met with optimism by Chinese state media, which sees it as a demonstration of foreign enterprises' confidence in the country's economy. However, concerns remain about potential intellectual property theft and China's use of such advanced technology for political gain. The Chinese Communist Party's history of stealing intellectual property and strategic acquisition of technological assets to advance its own interests is well documented. Additionally, the CCP has recently demonstrated its willingness to use economic pressure to advance its political agenda, as seen in its actions against various foreign companies in response to geopolitical disputes.
FROM THE MEDIA: Tesla plans to open a new Megapack factory in Shanghai to produce large-scale rechargeable lithium-ion batteries. The products are designed to store power from intermittent power generation sources like wind and solar and can be deployed during outages like grid failures. The plant is set to break ground in the third quarter of 2023 in the Lin-gang Special Area of China Pilot Free Trade Zone, with production slated for the second quarter of 2024. Tesla's new Megapack factory in China is a positive signal that demonstrates foreign enterprises' confidence in the Chinese economy, according to state-sponsored media outlet Xinhua. Tesla has also launched a new product specifically for the Chinese market, the CyberVault, a 13-kilogram EV home charging station that will reportedly retail for around $800.
READ THE STORY: The Register
Beijing chooses targets carefully as it goes on offensive in US chip wars
Analyst Comments: The investigation against Micron is a clear signal from Beijing to accelerate its efforts to de-Americanize its supply chains. This move by China is consistent with its broader goal of self-sufficiency in the tech industry and reduces its reliance on foreign tech companies. However, experts believe any further retaliation will be limited, given China's reliance on artificial intelligence chips made by Nvidia and other processors manufactured by the likes of Intel and Qualcomm. Nevertheless, if China continues to ramp up its actions against US tech companies, it could cause concern and trigger further restrictions from the US government.
FROM THE MEDIA: China's Cyberspace Administration has launched a national security investigation into the Idaho-based memory chip manufacturer, Micron Technology. Beijing views Micron as having played “an unfriendly role in the country’s semiconductor industry” due to its legal action against Chinese competitors for intellectual property theft and its perceived role in "lobbying Washington to impose sanctions against China.” However, experts believe any further retaliation will be limited, given China's reliance on artificial intelligence chips made by Nvidia and other processors manufactured by the likes of Intel and Qualcomm. In addition, industry insiders say Micron was an obvious first target for Beijing because its tech would be more easily replaced with competitors’ chips if China ultimately decided to ban it.
READ THE STORY: FT
China’s Military Modernization: Recent Trends
Analyst Comments: China's military modernization drive has brought significant changes to the PLA, resulting in a more capable and technologically advanced force. The rapid development of the navy, in particular, has raised concerns among China's neighbors and the international community. China's emphasis on indigenous production and integration of AI technology shows its determination to achieve self-reliance and build a military that is not dependent on foreign suppliers. However, the true impact of China's modernization efforts on its military capabilities and its role in global affairs remains to be seen, and there are concerns about its lack of transparency in its military operations and intentions. The rise of China as a global military power has significant implications for regional stability and the global balance of power, and it is important that China's military modernization efforts are closely monitored and understood.
FROM THE MEDIA: China has made significant strides in its military modernization efforts, with a focus on developing a leaner and more efficient fighting force that is capable of fighting any battle on any terrain at a moment’s notice. Under Xi Jinping's leadership, the PLA has undergone significant changes in its structuring and technological developments, resulting in a more capable, modern, and well-equipped force. The navy has been a particular focus, with China's aspirations of becoming a dominant naval force in the near and far seas. China's military modernization drive has included indigenous production of equipment and technology, and there has been a particular emphasis on integrating AI in next-generation aircraft and weaponry.
READ THE STORY: ORF
The UK government has sparked an encryption row over powers it might never use
Analyst Comments: The proposed government measures to counter online child sexual exploitation have raised concerns about weakening the overall security of messaging services. The debate around lawful access and end-to-end encryption continues, with no actual benefit to those fighting online harms. While it is possible that WhatsApp and Signal may withdraw their platforms from the UK, it is more likely that parliament will pass a controversial power that damages Britain's reputation for online security, which may never be used.
FROM THE MEDIA: The UK government is proposing new measures to counter online child sexual exploitation, which would require messaging platforms to adopt "accredited technology" to detect illegal images. Many service providers and privacy experts argue that these measures could not be implemented without weakening the overall security of messaging services. If implemented, WhatsApp and Signal may withdraw their platforms from the UK. The dispute is part of a larger online security debate around the principle of lawful access, as messaging services are designed to seal their contents away from the state through end-to-end encryption.
READ THE STORY: FT
Oil and gas sector routinely targeted by cyberattackers, experts say
Analyst Comments: The article suggests that the oil and gas industry is routinely targeted by cyber-criminals, and state-sponsored hackers seeking to cause chaos. It notes that even if attackers successfully gain access to an oil and gas company's computer servers, it could take years for them to learn enough about the company's processes and internal safety backups to actually cause an incident. The recent leaked US intelligence documents describing claims by Russian-backed hackers gaining access to a Canadian natural gas distributor's computer network emphasizes the continued threat of cyber attacks on the energy industry.
FROM THE MEDIA: According to cybersecurity experts, the oil and gas industry is a routine target for cybercriminals seeking financial gain, as well as state-sponsored hackers looking to cause chaos. Lesley Carhart of industrial cybersecurity company Dragos Inc. says that the probability of hackers effectively interrupting energy supply or causing injury to people or property through an oil and gas-related cyberattack is minimal. Even if an attacker gains access to an oil and gas company's computer servers, it could take years of surveillance for them to learn enough about the company's processes and internal safety backups to actually cause an incident. Recently leaked US intelligence documents describe claims by Russian-backed hackers that they successfully gained access to a Canadian natural gas distributor's computer network, but no specific energy company was mentioned in the report.
READ THE STORY: Castawaynet
Hackers Flood NPM with Bogus Packages Causing a DoS Attack
Analyst Comments: The attack on npm open source package repository highlights the ongoing challenge of software supply chain security. Open-source ecosystems' good reputation on search engines makes them a prime target for threat actors who create bogus packages and insert links to malicious websites. While such campaigns seek to infect systems with malware or profit through affiliate marketing, they also cause instability and downtime on the targeted infrastructure. Preventive measures such as anti-bot techniques and automated package analysis can help reduce the risk of such attacks.
FROM THE MEDIA: Threat actors targeted the npm open source package repository for Node.js by flooding it with fake packages, creating a DoS (Denial of Service) attack. The attackers used automated processes to publish bogus packages and included links to malicious websites in the README.md files. The goal was to infect victims' systems with malware such as RedLine Stealer, Glupteba, SmokeLoader, and cryptocurrency miners. Checkmarx, which discovered the attack, has recommended that npm incorporates anti-bot techniques during user account creation to prevent such campaigns.
READ THE STORY: THN
At FTX, Multimillion-Dollar Expenses Were Approved by Emoji
Analyst Comments: The report highlights significant failures in financial controls and record-keeping at FTX under its founder, Sam Bankman-Fried. The lack of proper controls for keeping crypto assets safe is particularly concerning. The report suggests that FTX presented itself as more technologically sophisticated than its rivals and attracted approximately $2 billion from venture capitalists. However, the report's findings show the opposite. The report serves as a reminder of the need for proper financial controls and record-keeping in the cryptocurrency industry.
FROM THE MEDIA: A report from FTX's new management team outlines severe criticisms of the lack of financial controls and record-keeping under founder Sam Bankman-Fried. The report details difficulties Alameda Research, Bankman-Fried's crypto hedge fund, had understanding its positions, let alone hedging or accounting for them. FTX and Alameda Research collapsed last year after the exchange lent billions of dollars worth of customer assets to fund risky bets by Alameda. According to the report, FTX Group and its related companies lacked proper controls for keeping crypto assets safe. Private keys, akin to a password that allows for the movement of crypto assets, were sometimes in plain-text files and without encryption on an FTX Group server. The report concludes that "hubris, incompetence, and greed" were the root causes of FTX's failure.
READ THE STORY: WSJ
Why the EU Should Stop Talking About Digital Sovereignty
Analyst Comments: This article provides a thoughtful analysis of the concept of digital sovereignty and its potential weaknesses in the EU's cybersecurity policy architecture. The author offers compelling arguments for the adoption of the concept of digital responsibility, which prioritizes cooperation and inclusiveness in the digital realm over an "us vs. them" mentality. The article is well-researched and well-written, providing relevant examples and clear explanations of complex concepts.
FROM THE MEDIA: The concept of "digital sovereignty" has gained traction in EU policy areas, including cybersecurity, as a means of achieving technological independence from foreign suppliers and asserting control over data and digital assets. However, the EU's lack of an advanced technology sector exposes potential weaknesses in this approach, and it could lead to the exclusion of important entities from the cybersecurity process. Instead, the EU should adopt the concept of "digital responsibility," which emphasizes fostering cybersecurity partnerships with trusted organizations outside of government based on their good behavior in the digital realm and compliance with existing regulations. The EU's cybersecurity posture is rooted in a multistakeholder governance model and subsidiarity, and achieving digital independence will be a difficult, long-term, and uncertain process due to the immense digital dependencies in the EU. Cooperation between a variety of organizations is imperative for effective cybersecurity, and companies should follow the principles of digital responsibility by going beyond what is legally required of them and being proactive, rather than reactive. The EU should emphasize a responsible and cooperative approach in the digital realm rather than focusing on digital sovereignty.
READ THE STORY: CFR
Items of interest
Unmasking Genesis Market: International crackdown on cybercriminals
Analyst Comments: The successful takedown of the Genesis Market highlights the importance of international cooperation in tackling cybercrime, especially when cyber threats continue to evolve and grow more sophisticated. The collaboration between Europol, the FBI, and law enforcement agencies across 17 countries serves as a model for future joint force operations. This operation also underscores the significance of advanced security tools and technologies in proactively detecting and mitigating potential cyberattacks. Continuous education and training on cybersecurity best practices are also necessary to empower employees to recognize and avoid common threats.
FROM THE MEDIA: Europol, FBI and law enforcement agencies across 17 countries have dismantled the notorious Genesis Market, a leading underground platform specializing in the sale of login information, browser fingerprints and cookies, and email information, among others. Trellix Advanced Research Center played a significant role in neutralizing the market scripts and binaries, assisting in arrests, and uncovering the organization's tactics. Cybercriminals impersonate victims by utilizing acquired browser fingerprints and cookies, combined with a VPN service or the victim's device as a proxy. The takedown of Genesis Market serves as a reminder that cyber threats are evolving and growing more sophisticated, and international collaboration and information sharing among law enforcement agencies are crucial to safeguard consumers and enterprises from future attacks.
READ THE STORY: TechWire Asia
Most ChatGPT Extensions Are Just Malware (Video)
FROM THE MEDIA: The transcript discusses the increasing popularity of AI and specifically ChatGPT, as well as the potential risks associated with using it. The speaker explores different ways in which ChatGPT can be integrated into various outlets such as smartphones, browsers, and command lines. They also warn about the existence of malware disguised as ChatGPT extensions and the potential for cybercriminals to use ChatGPT for malicious purposes such as crafting phishing emails and creating malware.
Hackers Bypass Google Two-Factor Authentication (2FA) SMS (Video)
FROM THE MEDIA: The video discusses how hackers can potentially bypass two-factor authentication (2FA) via SMS, using social engineering tactics to obtain a victim's password and tricking them into revealing the code sent via text message. The hacker can create a fake login page that looks like the real one, send a phishing email to the victim with a link to the fake page, and then use the obtained login credentials to access the victim's account. The video also emphasizes the importance of using stronger forms of 2FA and highlights the potential security vulnerabilities of SMS-based 2FA.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.