Thursday, April 13, 2023 // (IG): BB // Financial Enabler // Coffee for Bob
China Fires Back in Its Tech War with the United States
Analyst Comments: The article provides a detailed assessment of the ongoing tech war between China and the United States, with a focus on the semiconductor industry. It analyzes the actions taken by both nations, their potential consequences, and insights into China's increasing control over foreign interests and its efforts to surpass the United States in advanced technology research.
FROM THE MEDIA: The U.S. passed the CHIPS and Science Act to increase its self-sufficiency in critical technology, while China announced a cybersecurity probe into Micron Technology, one of the largest U.S. memory chip makers. China's review of Micron could potentially lead to exclusion from the China market, causing immediate economic losses and benefiting competitors. The U.S. has instituted a set of export controls that ban Chinese companies from acquiring advanced chips and chip-making equipment without a license from the Department of Commerce, thereby constraining Chinese semiconductor manufacturers. China's increasing control over foreign interests includes establishing a National Data Bureau (NDB) charged with collecting and protecting data. President Xi has called out the United States's restrictions on China's access to technology as a campaign of "containment and suppression."
READ THE STORY: OODALOOP
We must slow down the race to God-like AI
Analyst Comments: The article provides an insightful perspective on the risks of uncontrolled AI development and the potential consequences of creating "God-like AI." The author's expertise as an investor in AI startups and co-author of the "State of AI" report lends credibility to his concerns. The article is well-researched and provides relevant examples of recent breakthroughs in AI. However, it could benefit from a more nuanced discussion of the potential benefits and drawbacks of AGI development and the feasibility of democratic oversight.
FROM THE MEDIA: The author, a tech investor and co-author of the "State of AI" report, expresses concern about the race to create "God-like AI," which refers to a superintelligent computer capable of learning and developing autonomously and transforming the world around it. He notes that the leading AI companies are moving rapidly towards this goal, which represents a historical and technological turning point and poses significant risks to the future of the human race. The author questions whether those racing to build the first AGI have a plan to slow down and allow for democratic oversight. He expresses deep fear about the potential consequences of uncontrolled AI development.
READ THE STORY: FT
The Future of the U.S. Governance of Critical Minerals
Analyst Comments: The policy brief highlights the importance of critical minerals for modern technology and the energy transition and the challenges and opportunities for the United States and its allies in securing a reliable and sustainable supply of these minerals. The recommendations offered by the brief, including increasing responsible domestic production and improving governance, align with the need for a comprehensive approach that balances economic, environmental, and social considerations. However, the brief acknowledges the inherent limitations and costs of mining and refining critical minerals and emphasizes the need for reducing demand through efficiency, recycling, and alternative technologies.
FROM THE MEDIA: The FBI has issued a warning regarding cybercriminals posing as members of China's government and targeting Chinese nationals living in the US in an effort to defraud them. The criminals impersonate law enforcement officers or prosecutors from the People’s Republic of China (PRC) and threaten victims with arrest or violence for alleged financial crimes. The FBI has advised people to be cautious of any accusations of crimes being made against them from a foreign country, not to provide personal or financial information to anyone they don't know, and to report any scams to the FBI's Internet Crime Complaint Center. This alert is similar to a campaign the FBI announced in October of last year, where PRC security and intelligence agents were accused of conducting surveillance and engaging in a campaign to harass and coerce a US resident to return to the PRC as part of an international extralegal repatriation effort known as "Operation Fox Hunt."
READ THE STORY: OODALOOP
Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign
Analyst Comments: The Lazarus Group's shift in focus is concerning, as it suggests that the group is expanding its target list beyond the cryptocurrency sector. It is also significant that the group is using updated infection vectors and decoy documents related to defense contractors and diplomatic services to lure victims into opening malicious documents. Organizations in the defense, academic, and automotive sectors should take proactive measures to defend against the group's malicious activities.
FROM THE MEDIA: The Lazarus Group, a North Korean threat actor, has been observed shifting its focus to defense, academic, and automotive sectors in Eastern Europe and other parts of the world. This pivot is seen as significant, given that the group is known for its persistent attacks on the cryptocurrency sector. Kaspersky researchers have identified updated infection vectors and a deviation in targeting, which occurred in April 2020. The group has been using decoy documents related to defense contractors and diplomatic services to lure victims into opening macro-laced documents that drop the Manuscrypt (aka NukeSped) backdoor on the compromised machine. The group has also been tied to supply chain attacks and has been blamed for the supply chain attack aimed at enterprise VoIP service provider 3CX that came to light last month.
READ THE STORY: THN
Germany Reviews Chinese Group’s Acquisition of port stake
Analyst Comments: Germany's review of Cosco's acquisition of a stake in the Tollerort container terminal is consistent with the country's increased scrutiny of foreign investment in critical infrastructure, especially from non-EU states. The move also comes amid a broader reevaluation of Germany's economic relationship with China. The decision to review the deal could have significant implications for Cosco's efforts to expand its presence in Europe and may further damage Germany's already strained relationship with China.
FROM THE MEDIA: Germany is reviewing its decision to allow Chinese shipping company Cosco to acquire a stake in the Tollerort container terminal in Hamburg port. The terminal has been classified as critical infrastructure, giving Germany’s economy ministry greater powers to block acquisitions by companies from non-EU states. The renewed doubts over the Cosco transaction come as Germany reassesses its relationship with Beijing amid concerns over supply chain dependence on China. The decision to review the deal could reignite a row within the German government over the investment’s security implications.
READ THE STORY: FT
Are the High Seas the Primary Cyberwarfare Theatre
Analyst Comments: The research highlights the importance of understanding the risks posed by cyberattacks in the maritime industry. The simulations reveal potential vulnerabilities that could be exploited by cybercriminals to imperil the entire vessel. The researchers’ recommendations to improve awareness and training among seafarers are sensible and needed to minimize risk. However, a collaboration between governments, maritime companies, and academia is needed to develop a more comprehensive cybersecurity strategy to protect the industry and global shipping.
FROM THE MEDIA: The Norwegian University of Science and Technology (NTNU) and the Cyber-SHIP Lab at the University of Plymouth have conducted simulations and scenarios of cyberattacks at sea. Spoofing and jamming incidents in the maritime sector, although not yet impacting the ship itself, have prompted experts to explore the risk of direct attacks, which could cause physical harm. The researchers collaborated with the team at the Cyber-SHIP Lab and were successful in hacking a ship’s rudder during a simulation, running it aground in a timeframe that the deck officers could not stop it. As a result, the researchers say the industry needs to become better prepared, and sailors must be trained to respond to these risks. Human behavior could decrease cyber risk.
READ THE STORY: OODALOOP
German builder of yachts and military vessels hit by a ransomware attack
Analyst Comments: The ransomware attack against Lürssen underscores the growing threat to the maritime industry from cyberattacks. The incident also highlights the risks faced by companies that build military vessels and other sensitive assets. As the use of technology on ships and yachts increases, and the threat of cyberattacks becomes more widespread, it is important for companies to prioritize cybersecurity and implement strong defenses against such attacks.
FROM THE MEDIA: Bremen-based shipbuilder Lürssen, which produces superyachts and military vessels, reportedly suffered a ransomware attack over the Easter holiday. The attack brought operations at the company's shipyards to a halt. Lürssen, which is known for building the world's largest superyachts, has not provided any additional information. The company has a contract to build offshore patrol vessels for Australia and builds ships for the German Navy. A criminal investigation has reportedly been initiated by German police.
READ THE STORY: The Record
MERCURY – A Destructive Operation From Iranian Hackers Wipe Cloud Environments
Analyst Comments: The identification of MERCURY's hybrid ransomware attacks targeting Middle Eastern targets highlights the continued threat posed by state-sponsored threat actors. The partnership with DEV-1084 demonstrates the ability of Iranian actors to collaborate with other groups to achieve their objectives. The use of unpatched internet-facing devices underlines the importance of maintaining and updating network security. The destruction and disruption of on-premise and cloud environments highlight the need for robust cybersecurity measures and disaster recovery plans. The ability of actors to control email inboxes highlights the potential impact of successful attacks and the need for awareness training among employees. The lack of concrete evidence regarding DEV-1084's relationship to other Iranian threat actors highlights the challenge of attribution in the cyber domain.
FROM THE MEDIA: Microsoft's Threat Intelligence team has identified MERCURY, a state-sponsored Iranian group, which is conducting ransomware attacks in hybrid environments. The group is financially motivated and has been conducting espionage campaigns against Middle Eastern targets since 2017. The ongoing operation targets both on-premises and cloud environments with a focus on destruction and disruption. The U.S. government has linked MERCURY to the Ministry of Intelligence and Security in Iran. MERCURY has partnered with DEV-1084, a known cyber-espionage group, to execute lethal attacks. The groups share common tools, domains, and infrastructure. MERCURY has exploited an unpatched internet-facing device to access targets and allowed DEV-1084 to carry out further attacks. The groups used various techniques to maintain persistence, steal credentials, and encrypt on-premise devices while deleting cloud elements.
READ THE STORY: GBhackers
German drug development company says cyberattack causing production delays
Analyst Comments: Experts caution against underestimating the regime's cyber threat, which has traditionally been viewed as a means for funding the government. The North Korean hackers, who are often hand-selected and trained from a young age, have successfully executed supply chain attacks, impersonated journalists and researchers, and exploit vulnerabilities to steal cryptocurrencies and conduct ransomware attacks. The regime's cyber operations serve a dual purpose of generating funds and spying on the US, South Korea, and their allies. While North Korea's cyber capabilities are often overshadowed by those of China and Russia, the US intelligence community has identified the country as a maturing cyber threat capable of causing temporary disruptions to critical infrastructure and business networks.
FROM THE MEDIA: According to media reports, North Korea's cyber threat should not be underestimated, as the country's hackers have been responsible for some of the most severe cyberattacks and espionage campaigns in recent years. They are often hand-selected and trained from a young age to join the regime's hacking teams, and their activities serve a dual purpose of generating funds for the government and spying on the US, South Korea, and their allies. The regime's cyber operations are technically adept and creative, with recent attacks including supply chain attacks, impersonation of journalists and researchers, and the exploitation of vulnerabilities to steal cryptocurrencies and conduct ransomware attacks. Despite being overshadowed by the cyber capabilities of China and Russia, the US intelligence community has identified North Korea as a maturing cyber threat capable of temporarily disrupting critical infrastructure and business networks. The regime is also suspected of using stolen funds to support its nuclear programs, and its cyber operations are reorganized periodically to keep the precise structure under wraps.
READ THE STORY: The Record
Senator demands security audits for emergency cell network used by first responders
Analyst Comments: The vulnerability of emergency communication networks to cyberattacks is a serious concern, and Senator Wyden's call for annual cybersecurity audits of FirstNet is a reasonable step to ensure its security. The lack of transparency and accountability regarding the audits conducted by AT&T and the Commerce Department is worrying, as it undermines the ability of government agencies to identify and address any vulnerabilities in the system. The vulnerabilities in SS7 and Diameter highlighted by Wyden are also significant, as they can be exploited by hackers and foreign actors to spy on U.S. residents. It remains to be seen how the FCC and other government agencies will respond to Wyden's call for new regulations to address these issues.
FROM THE MEDIA: Senator Ron Wyden has warned that FirstNet, the emergency phone network used by first responders and the military, is vulnerable to attacks that can allow “criminals and foreign governments to track mobile users." In a letter to the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), Wyden demanded annual cybersecurity audits of FirstNet, due to previously uncovered vulnerabilities in the system. Wyden also criticized CISA for failing to provide his office with a copy of a 2022 report on the security of telecommunications channels, and he urged the FCC to issue new regulations forcing carriers to meet minimum cybersecurity standards.
READ THE STORY: The Record
The Massive ‘Batteries’ Hidden Beneath Your Feet
Analyst Comments: The article provides a clear explanation of the ATES technology and its potential benefits for reducing carbon emissions and energy consumption. The article also highlights some of the challenges of implementing ATES systems, including the need for suitable geology, hydraulic conductivity, and high upfront costs. The article could have provided more information on the environmental impact of drilling and setting up ATES systems and the potential for groundwater contamination. Overall, the article provides a useful overview of a promising technology for reducing energy consumption in buildings.
FROM THE MEDIA: Aquifer thermal energy storage (ATES) is an innovative energy storage technique that uses the insulating properties of the Earth to store thermal energy in aquifers for use in heating and cooling buildings. ATES systems consist of two wells, one warm and one cold, connected to the aquifer below. The warm well pumps up groundwater, which is then run through a heat exchanger and a heat pump to extract heat for use in heating buildings. The cooled water is then pumped into the cold well for use in cooling buildings. The system runs on renewable power and could reduce the use of natural gas and electricity in heating and cooling US homes and businesses by 40 percent. While it is ideal for large buildings or clusters of buildings, it is not yet widely deployed globally due to the complex geological factors that must be taken into account.
READ THE STORY: Wired
After Major Data Breach, Italian Data Protection Authority Temporarily Bans ChatGPT
Analyst Comments: The ban on ChatGPT by the Italian Data Protection Authority highlights the privacy concerns surrounding the creation of giant generative AI models, which are often trained on vast swathes of internet data. The ban also illustrates the importance of complying with the GDPR, which applies to any organization that collects, stores, and uses personal data in the EU, even if the information is publicly available online. The ban could be the first of several regulatory challenges for ChatGPT across Europe, which could result in fines and reputational damage for OpenAI. The incident underscores the need for stronger data protection laws and greater transparency in AI development to ensure that privacy concerns are addressed from the outset.
FROM THE MEDIA: OpenAI's ChatGPT platform, an AI-based text generation system, has been banned by the Italian Data Protection Authority following a major data breach that exposed payment-related and other personal information of some of its subscribers. The ban is based on several violations of the Italian Personal Data Protection Code and the EU's General Data Protection Regulation (GDPR), including the collection of personal data unlawfully, the absence of an age verification system for children, and inaccuracies in the information provided by ChatGPT. The ban may be the beginning of regulatory challenges for ChatGPT across Europe, as data regulators in France, Germany, and Ireland have asked for more information on the findings. The GDPR protects the data of over 400 million people in Europe, and OpenAI is facing several GDPR-related issues with ChatGPT, including a lack of age controls, inaccurate information provision, and the absence of a legal basis for the massive collection and processing of personal data.
READ THE STORY: OODALOOP
Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit
Analyst Comments: The use of spyware by QuaDream to target civil society members is concerning, especially considering that the company sells its services to government customers. The fact that the spyware campaign used a zero-click exploit to deploy spyware as a zero-day in iOS 14 highlights the importance of keeping software up to date and the need for technology companies to continually update and patch their products. The capabilities of KingsPawn are particularly worrisome, as it can record audio, access the camera in the background, and delete calendar events to clean up forensic trails. The fact that QuaDream operates servers from several countries around the world and uses the services of a private sector offensive actor shows that this is a global problem that requires a collective effort to combat.
FROM THE MEDIA: The Israeli surveillance ware vendor QuaDream is suspected of using its KingsPawn malware to target members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. The attacks were directed at journalists, political opposition figures, and an NGO worker in 2021. The malware is believed to have abused a zero-click exploit dubbed ENDOFDAYS in iOS 14 to deploy spyware as a zero-day in version 14.4 and 14.4.2. QuaDream is known to sell its "exploitation services and malware" to government customers. Despite attempts made by the spyware to cover its tracks, traces of the "Ectoplasm Factor" could be used to track QuaDream's toolset in the future. The development is another indication that despite the notoriety attracted by NSO Group, commercial spyware firms continue to develop sophisticated spyware products for use by government clients. The growth of mercenary spyware companies is considered a threat to democracy and human rights, and combatting such offensive actors requires a "multistakeholder collaboration."
READ THE STORY: THN
FBI & FCC Warn on 'Juice Jacking' at Public Chargers, but What's the Risk?
Analyst Comments: The FBI and FCC have warned that malware can be planted in public charging stations and that the USB ports in modern charging stations can be hacked to introduce malware and monitoring software onto devices. While charging stations can carry risks, particularly for enterprises, the risk is low and can be avoided altogether by using ordinary electrical outlets, data blockers or carrying wireless phone chargers. The concerns over public charging stations have not been backed up by any real-world examples, so the risk is considered relatively low.
FROM THE MEDIA: US government agencies, including the FBI and the Federal Communications Commission (FCC), are warning about the risks of "juice jacking", a form of cyber attack that can infect electronic devices via public charging stations. The phenomenon involves malware being installed on smart devices via USB charging outlets, which can provide back-and-forth data transfer between the charging station's computer or a smart device and an individual's device. Hackers can use infected cables, which have reportedly been given away as promotional gifts. In some cases, charging station owners have intentionally installed malware on their stations. The FCC warns that malware can be installed through a corrupted USB port, which can lock devices or export personal data and passwords directly to perpetrators. Simple solutions for avoiding such attacks include carrying personal chargers and using ordinary electrical outlets. Data blockers, which are hardware devices that prevent data transmission, can also be used.
READ THE STORY: DarkReading
ChatGPT Security: OpenAI's Bug Bounty Program Offers Up to $20,000 Prizes
Analyst Comments: The AI company OpenAI has partnered with Bugcrowd to launch a bug bounty program that rewards researchers for reporting vulnerabilities in its products, with rewards ranging from $200 to $20,000. However, model safety and hallucination issues are not covered by the program. OpenAI had recently patched account takeover and data exposure flaws in the ChatGPT platform, leading Italian data protection regulators to temporarily ban it, but have now outlined a set of measures that OpenAI must implement to have the suspension lifted, including the implementation of an age verification system and information notice to describe the data processing required for the operation of ChatGPT.
FROM THE MEDIA: OpenAI has launched a bug bounty program with Bugcrowd to enable independent researchers to report vulnerabilities in its systems, in a bid to maintain safety and security. Rewards for reporting flaws range from $200 to $20,000 depending on the severity of the issue discovered, with a total of 21 in-scope targets for the program. The bug bounty program will not cover the model safety or hallucination issues, denial-of-service attacks, brute-forcing OpenAI APIs, and demonstrations that aim to destroy data or gain unauthorized access to sensitive information. The move comes after OpenAI patched account takeover and data exposure flaws in its platform, which led to a temporary ban on its ChatGPT chatbot by Italian data protection regulators.
READ THE STORY: THN
FTX bankruptcy filing highlights security failures
Analyst Comments: The article provides detailed information about the cybersecurity failures at the defunct cryptocurrency exchange FTX Trading Ltd., as reported in a new filing by the company's debtors. The report highlights various control failures and cybersecurity vulnerabilities, including those related to cryptocurrency storage, personnel, endpoint security, and more. It also covers the $432 million data breach that occurred one day after the company filed for bankruptcy. The article presents a comprehensive overview of the report's contents, including notable security failures such as the lack of dedicated cybersecurity personnel, inadequate endpoint protection, and poorly protected private keys for billions of dollars in cryptocurrency assets. The article is well-organized and informative, providing important details and context about the FTX case.
FROM THE MEDIA: The debtors for FTX Trading, a now-defunct cryptocurrency exchange and hedge fund, filed a report that detailed a series of security failures in the company. The report stated that the company employed no dedicated cybersecurity personnel and lacked the processes typically considered critical to safeguarding an organization. The debtors claimed that FTX's $432 million loss from a November 2022 data breach was a direct result of its "grossly deprioritized and ignored cybersecurity controls." Notably, FTX stored the private keys for billions of dollars in cryptocurrency assets in its AWS cloud computing environment, and many cryptocurrency assets were stored in "hot" cryptocurrency wallets, which are far more susceptible to hacking, theft, misappropriation, and inadvertent loss than cold wallets because hot wallets are internet-connected.
READ THE STORY: TechTarget
China, and North Korea are building underwater strike drones
Analyst Comments: The article reports that both China and North Korea have developed underwater drone strike vehicles, similar to Russia's nuclear-armed underwater Poseidon drone. China's extra-large underwater drone vehicle, displayed at an arms show in Abu Dhabi in February, has four openings for torpedo tubes, suggesting it will be heavily armed and likely used to attack submarines or surface ships. Naval warfare specialist H.I. Sutton says that arming autonomous underwater vehicles with weapons that require target identification, such as torpedoes, raises ethical and legal questions and increases the risk of friendly-fire incidents. The drones are completely autonomous and cannot be controlled by humans, including when deciding whether to fire weapons.
FROM THE MEDIA: China and North Korea have developed underwater drone strike vehicles similar to Russia's Poseidon drone. China's extra-large underwater drone vehicle has four torpedo tubes, indicating that it will be heavily armed and may be used to attack submarines or surface ships. Naval warfare specialist H.I. Sutton said that arming autonomous underwater vehicles with weapons that require target identification, such as torpedoes, increases the risk of friendly-fire incidents. Furthermore, the drone raises ethical and legal questions as it is likely to employ completely robotic kill chains without human intervention.
READ THE STORY: Washington Times
China eyes building base on the moon using lunar soil
Analyst Comments: The article reports that China plans to build a base on the moon using lunar soil within the next five years, with the aim of establishing a basic model for a lunar research station base by 2028 and expanding it into an international one. The country also plans to launch a probe to retrieve the world's first soil sample from the far side of the moon by 2025. The article notes that China's plan comes amid competition among the US, China, and Russia in space, with some officials emphasizing the importance of the US keeping up with space and cyber advancements. The article mentions that China's lunar infrastructure plans were discussed in a meeting of Chinese scientists and researchers and that a robot capable of making bricks out of lunar soil will be part of China's Chang'e-8 mission.
FROM THE MEDIA: China is planning to build a research station on the moon using lunar soil within the next five years, according to state media. The country aims to establish a basic model for a lunar research station by 2028, which it intends to expand into an international one. China also plans to launch a probe to retrieve the world's first soil sample from the far side of the moon around 2025. This follows a meeting of over a hundred Chinese scientists and researchers to discuss potential lunar infrastructure. The state-run China Daily reported that a robot capable of making bricks out of lunar soil will be part of China's Chang'e-8 mission around 2028.
READ THE STORY: The Hill
Investment making rising in Chabahar Free Zone
Analyst Comments: The article provides information on Iran's strategic position and its importance in serving as a transit route for goods in the east-west and north-south directions. The location of Iran's only oceanic port, Chabahar, is significant for the country's economic prosperity and compensates for other deficiencies. The managing director of Chabahar Free Zone Organization announced that $8 billion of investment was made in different sectors in the port during the past year, and the aim is to reach $14 billion in the current year. Major projects like the development of Shahid Beheshti Port, the construction of Chabahar International Airport, and the building Chabahar-Zahedan railway are expected to make Chabahar a complete logistics platform. Chabahar Free Zone has also been suggested as a transit and logistic gateway for Iran's domestic market, providing profitable economic opportunities for the development of logistics facilities.
FROM THE MEDIA: Iran's strategic location next to open waters and important routes has made it an important transit route for the transit of goods in the east-west and north-south routes. Chabahar, Iran's only oceanic port, is located in the International North-South Transport Corridor (INSTC), and the development of the port is of high significance for Iran. The Chabahar Free Zone has attracted $8 billion of investment in different sectors in the past year and is expected to reach $14 billion in the next year. The zone has been suggested as a transit and logistic gateway for Iran's domestic market, with the potential for establishing factories and industrial units due to the existence of a cheap workforce in all fields.
READ THE STORY: Modern Diplomacy
Amid the commercial boom, U.S. military lacks timely access to satellite imagery
Analyst Comments: The U.S. military officials have said that they are working to streamline the process of delivering commercial satellite imagery to military commanders. They aim to provide means to rapidly analyze the data to commanders on the ground. However, the complicated procurement process has caused a delay in incorporating commercial satellite imagery into defense operations. The Space Force is working to take advantage of the opportunities that are being created by commercial innovation to get these new technologies to the warfighter as quickly as possible. There is a need to create a marketplace where providers make their data available, and the combatant commands would submit a tasking and it just automatically tasks any of the satellites that are available.
FROM THE MEDIA: Executives at Planet's annual user’s conference highlighted the benefits of satellite imagery for addressing global challenges and responding to fast-moving events. However, officials on a panel at the conference discussed how the current process of procuring commercial imagery does not necessarily meet the needs of military commanders for timely intelligence. The US Space Force is working with the intelligence community to streamline the delivery of commercial imagery to the warfighter and to enable the rapid analysis of data. The Space Force is trying to take advantage of opportunities created by commercial innovation, but military procurement processes and budgeting constraints mean that progress is likely to be slow. The National Reconnaissance Office has awarded sizable imagery contracts to commercial firms such as Planet, but military users are also seeking contracts with companies to allow them to directly task satellites and obtain imagery more quickly.
READ THE STORY: SN
Lazarus Group's 'DeathNote' Cluster Pivots to Defense Sector
Analyst Comments: The shift in focus by the DeathNote subgroup within the Lazarus Group indicates that the group is actively expanding its target list and capabilities, consistent with its historical patterns. The Lazarus Group's connection to the North Korean government suggests that its activities may be used to further North Korea's national interests. Companies and organizations in the defense sector should be aware of the Lazarus Group's activities and take measures to secure their networks and systems against potential attacks. The ongoing RAT campaign by DeathNote and its similar tactics, techniques, and procedures across different campaigns underline the sophistication and persistence of the Lazarus Group's efforts.
FROM THE MEDIA: A subgroup within North Korea's Lazarus Group, known as DeathNote, has shifted its focus from cryptocurrency mining attacks to targeting defense sector organizations around the world. Researchers from Kaspersky have been tracking DeathNote's activities and have found that the Lazarus subgroup has been conducting subsequent campaigns against the defense and defense-related companies in Europe, Latin America, Africa, and South Korea. Kaspersky observed DeathNote engaging in two campaigns against defense companies in 2022 alone. The attack showed the malware using numerous legitimate Windows commands and tools to acquire login credentials, move laterally, and exfiltrate data. DeathNote's evolution from cryptocurrency mining attacks to defense sector espionage is consistent with the Lazarus Group's efforts to broaden its target list over the years.
READ THE STORY: DarkReading
State Department, Congress working on a formal program for US cyber aid
Analyst Comments: The article provides information about the U.S. State Department's talks with Congress about creating official channels to help foreign nations prevent and recover from cyberattacks and develop emerging technologies. The effort would include a fund dedicated to technology support, as well as other forms of assistance. Nathaniel Fick, the ambassador at large for the State Department's Bureau of Cyberspace and Digital Policy, believes there is broad bipartisan support for the effort on the Hill. The existing U.S. assistance mechanism is "not architected" for cybersecurity matters, and the cyber assistance effort would not necessarily have to be cut out of whole cloth, but rather increase in technology assistance "ideally" would "come mostly from a reapportionment of other resources, because it can't just all be net new." The cyber diplomat also said he didn't have an exact dollar figure in mind for the program.
FROM THE MEDIA: The U.S. State Department is holding talks with Congress to create official channels for helping foreign countries prevent and recover from cyberattacks, and develop emerging technologies. This effort will include a fund dedicated to technology support, along with other forms of assistance. The Biden administration has provided grants of $25 million to Costa Rica and Albania to help recover from cyberattacks. Nathaniel Fick, the ambassador at large for the State Department’s Bureau of Cyberspace and Digital Policy, said the existing U.S. assistance mechanism is not architected for such matters, especially cybersecurity. He also mentioned that he didn’t have an exact dollar figure in mind for the program, and that prioritization will be made.
READ THE STORY: The Record
Ransomware attack that forced a New York county back to pen and paper began in 2021, official says
Analyst Comments: This article provides a detailed account of the ransomware attack that hit Suffolk County and the subsequent forensic investigation that uncovered significant cybersecurity deficiencies. The report highlights the impact of the attack on county systems and services, including the use of pen and paper for government services and the disabling of email systems for thousands of county workers. The article also details the response of county officials and former Suffolk County Clerk Judith Pascale, who has been involved in a dispute with officials over the county's response to the attack.
FROM THE MEDIA: A ransomware attack that hit New York’s Suffolk County last September led to the leak of sensitive data from the Long Island region’s 1.5 million residents, including thousands of Social Security numbers. The investigation revealed the hackers broke into the county clerk’s office in December 2021 through the Log4j vulnerability and installed bitcoin mining software, and exfiltration tools, created fake accounts, harvested credentials, and installed remote monitoring tools. The report identified the acquisition of a folder with passwords to critical systems as one of the main causes of the attack. Emergency dispatchers spent weeks taking down calls by hand and police used radios to share details of crimes due to the network outages caused by the attack. At least one member of the clerk's office IT department was placed on administrative leave for their alleged refusal to cooperate with county investigators and a longstanding refusal to implement cybersecurity mechanisms county-wide. The county has spent nearly $5.5 million on the recovery and investigation efforts.
READ THE STORY: The Record
Meeting the challenges of defending America in the 21st century
Analyst Comments: The article is an opinion piece by Rep. Adam Smith, Chairman of the House Armed Services Committee. In the article, he discusses the need for the United States to modernize its defense posture to address the growing threat posed by China and other potential adversaries. Smith highlights the importance of space and cyberspace as critical warfighting domains in the 21st century and stresses the need for the U.S. to match and exceed the capacity of potential adversaries in these areas. He discusses the establishment of the United States Space Force and the progress made in cyber defense with the establishment of United States Cyber Command and the Cyber Mission Forces. However, he believes that more needs to be done to defend U.S. networks, installations, and weapon systems and to hold potential adversaries at risk. Smith argues that the U.S. is still postured and equipped for a 20th century fight, and that there is a window of opportunity to make the necessary changes and reforms required to meet the challenges of the 21st century.
FROM THE MEDIA: The Chairman of the House Armed Services Committee, Adam Smith, emphasized the importance of preparing for modern conflict, particularly in space and cyberspace, as the threat from the Chinese Communist Party grows. While progress has been made in establishing the United States Space Force and Cyber Command, he believes that more needs to be done to defend against aggressive cyber operations conducted by China and other adversaries. He stressed the need to defend networks, installations, and weapon systems, as well as to have offensive and defensive capabilities that are sufficiently resourced. Smith called for leaders from the Administration, military, and Congress to work constructively to make necessary changes and reforms to meet the challenges of the 21st century.
READ THE STORY: The Hill
Items of interest
Russian hackers are targeting Canada for supporting Ukraine
Analyst Comments: The summary is clear and concise, providing the necessary information about the cyber attacks on Canadian government websites and a gas company allegedly conducted by Russian hackers. The summary also highlights the context of Canada's warnings about potential cyber attacks from Russia due to its support for Ukraine.
FROM THE MEDIA: Russian hackers have allegedly targeted at least two Canadian government websites and a Canadian gas company in possible retaliation for Canada's support of Ukraine in the ongoing conflict between Ukraine and Russia, according to reports. Canadian officials had warned about the potential of such cyberattacks from Russia since the start of the war in Ukraine. Steven Chase, a senior parliamentary reporter at The Globe, said he has seen documents that detail the alleged attack on the Canadian company, and he will discuss these attacks and their connection to Russia's broader plan to punish Ukraine's supporters.
READ THE STORY: The Globe and Mail
The Cyber Vory: The Evolution of the Russian Organized Crime Threat Actors (Video)
FROM THE MEDIA: This talk will specifically address the following topics: The historical relationship between organized crime and various Russian governments The role the Vory played in the collapse of the Soviet Union and the oligarchy that emerged in its place Organized Crime or APT - how ROC capabilities cross into Advanced Persistent Threat TTPs Notable threat actor groups such as Conti and REvil Notable campaigns such as the Colonial Pipeline attack What security and intelligence practitioners need to know about the Cyber Vory What will we see in light of the current Russian/United States relationship? Security practitioners and intelligence professionals will come away with a deeper understanding of how the history of the Vory informs today and tomorrow's cyber attacks by these groups.
A Practical Case of Threat Intelligence – From IoC to Unraveling an Attacker Infrastructure (Video)
FROM THE MEDIA: Pivoting, or being able to move between indicators of compromise and up David Bianco's Pyramid of Pain to uncover the threat actor's tactics, techniques, and procedures (TTPs) is a common practice in Cyber threat intelligence (CTI) operations. However, it is sometimes regarded more as a black art than a science. In this talk, we will discuss a threat group dubbed "Luna Moth" that leverages call-back phishing techniques, as a case study to walk you through the process of leveraging indicators of compromise identified while responding to several security breaches to uncover the threat actor's infrastructure.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.