Wednesday, April 26, 2023 // (IG): BB // Financial Enabler // Coffee for Bob
China to Expand Espionage Laws
Analyst Comments: The expanded anti-espionage law in China has raised concerns among foreign companies and governments that this could be used as a tool to force technology transfer and control foreign influence. The ambiguity in the broadened scope of the law, particularly the term "national interests," raises questions about how the law will be applied in practice. The proposed changes also come amidst tensions between China and the US over technological innovation, with both countries imposing sanctions on each other's technology companies. The Chinese authorities have previously used existing anti-espionage laws to punish Chinese nationals for sharing documents with NGOs, and allegations of espionage on foreign citizens have been used to conduct hostage diplomacy.
FROM THE MEDIA: The proposed changes to China's anti-espionage law will significantly expand the definition of espionage and the scope of the law. While previously limited to state secrets, the amended law will now encompass all data and materials related to national security and national interests, although it does not specify what this includes. There will also be a greater focus on cyber security, with increased monitoring and prosecution of foreign individuals and companies operating in key sectors for national security. This expanded counterespionage law could become a powerful tool for Beijing to control foreign influence and potentially force technology transfer. The move comes amid rising tensions between China and the US, and it remains to be seen how the law will be applied in practice.
READ THE STORY: Foreign Brief
Taking BRICS+ to the next level – what are the new horizons for the Global South
Analyst Comments: The article provides a comprehensive overview of the BRICS+ initiative, its possible formats, and the need to reinforce the pragmatic aspect of the platform. The article highlights the potential impact of the BRICS+ initiative on global governance, particularly as BRICS countries are set to lead some of the key global fora in the coming years. The proposed key measures that could be implemented to achieve significant progress are well-researched and practical. However, the article does not provide a detailed analysis of the challenges that the BRICS+ initiative may face in its implementation.
FROM THE MEDIA: The BRICS+ initiative was proposed in 2017, but there is still no concrete framework or overarching concept advanced by any of the BRICS countries. The implementation of the BRICS+ framework has taken the form of BRICS+ summits involving the invitation of a number of developing economies outside of the BRICS core. Possible formats of the BRICS+ initiative include a regional approach, establishing a pool of heavyweights among developing economies, and expanding the ranks of members of the New Development Bank. To achieve significant progress, the BRICS+ initiative needs to reinforce the pragmatic aspect of the platform by concluding breakthrough economic agreements based on the Global South platforms.
READ THE STORY: Modern Diplomacy
The latest tool in China’s influence campaign: Police on social media
Analyst Comments: The article provides a comprehensive overview of the report by the Australian Strategic Policy Institute, which reveals China's efforts to exploit Western social media platforms to push pro-China narratives. The report's findings highlight the expanded scope and ambition of Chinese influence operations, with evidence linking the Chinese security apparatus to efforts to malign the US. The article also notes that such campaigns are difficult to trace directly back to government entities, which keep related directives and operations under tight wraps.
FROM THE MEDIA: China's Ministry of Public Security and a major Chinese cybersecurity company appear to be involved in an influence campaign aimed at casting the US as an irresponsible cyber power, according to a report by the Australian Strategic Policy Institute. The think tank found over 4,000 posts on Twitter, Reddit, Facebook, China’s Sina Weibo, and online blogs and forums last year posting identical content alleging the CIA and the National Security Agency were spying on China and other countries. Some of the accounts found to be posting similar content on Chinese platforms showed links to local public security bureaus responsible for policing and public security.
READ THE STORY: The Washington Post
Irrigation Systems in Israel Hit With Cyber Attack That Temporarily Disabled Farm Equipment
Analyst Comments: Israeli irrigation systems were targeted in a cyberattack that temporarily disabled farm equipment. The attack was reported by two companies, Netafim and NaanDanJain, which manufacture and install irrigation systems used in agricultural fields in Israel and around the world. The companies did not disclose the nature of the attack or the extent of the damage but said the incident was resolved quickly and did not affect their customers' crops.
FROM THE MEDIA: The attack on Israeli irrigation systems highlights the growing risk of cyber threats to critical infrastructure, including those involved in food production. This incident follows a recent increase in cyberattacks on agriculture and food-related systems, including the JBS meatpacking attack in the US and the ransomware attack on Ireland's health system, which disrupted the country's Covid-19 vaccination program. The motives behind this attack remain unclear, but it is possible that state-sponsored actors or hacktivists are involved. As Israel is a key player in the global agriculture industry, such attacks may have significant economic implications beyond the local region. The incident underscores the need for enhanced cybersecurity measures to protect critical infrastructure, particularly in the agriculture and food sector, which is increasingly reliant on technology and automation.
READ THE STORY: CPOMAG
De-Dollarization of World Trade: Who is Sanctioning Whom
Analyst Comments: The shift in trade towards other currencies is not a new trend, and many countries have been making efforts to reduce their dependence on the US dollar for a long time. The dominance of the dollar in world trade has been due to the Bretton Woods agreement that established it as the reserved currency of the world backed by the largest gold reserves. However, this dominance has been decreasing over time as countries started to use other currencies for transactions. The de-risking from the dollar and streamlining payments is a rational step taken by countries to insulate their economies from the risk and instability posed by the US dollar.
FROM THE MEDIA: The economies of several states and regional blocs have taken initiatives to trade in currencies other than the US dollar due to the extensive sanctions imposed by the US on Russia and other countries. The sanctions have made it difficult for countries to trade in US dollars, thus impacting foreign exchange and trade. Many significant events have occurred recently, such as an EU country trading in yuan for energy supplies and ASEAN discussing measures to expand cross-border digital payment systems to include trade exchanges. The Reserve Bank of India has also permitted banks from 18 countries to use Indian rupees for trade and exchange. Many countries have taken the initiative to use their own currencies to trade bilaterally and insulate their economies from the risk and instability posed by the US dollar.
READ THE STORY: Modern Diplomacy
Mirai botnet hackers targeting TP-Link router zero-day vulnerability
Analyst Comments: The exploitation of zero-day vulnerabilities in routers is a major threat to the security of networks, particularly those that support critical infrastructure. The ease with which TP-Link routers can be infected and added to the Mirai botnet is worrying, as is the speed with which hackers are able to exploit newly discovered vulnerabilities. The use of DDoS attacks to disrupt websites and other services is a well-established tactic, and the fact that hackers can now use routers to carry out these attacks adds a new dimension to the threat. TP-Link’s prompt patching of the vulnerability is encouraging, but the fact that hackers were able to exploit it despite this suggests that more needs to be done to improve router security.
FROM THE MEDIA: Hackers are exploiting a zero-day vulnerability in TP-Link routers, primarily in Eastern Europe, to add them to the Mirai botnet, a network of infected devices that can be used to launch distributed denial-of-service (DDoS) attacks. The vulnerability, CVE-2023-1389, was discovered last December and affects the TP-Link Archer AX21 router. TP-Link patched the vulnerability in March, but researchers from Trend Micro’s Zero Day Initiative (ZDI) discovered that hackers had begun exploiting it by 11 April. The hackers are using the routers’ ability to carry out DDoS attacks against gaming servers, as well as features that make traffic from the devices look legitimate. Researchers were concerned at how quickly the hackers had added the vulnerability to their arsenal and said that this was nothing new for the maintainers of the Mirai botnet.
READ THE STORY: The Record
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware
Analyst Comments: The RustBucket malware is another example of BlueNoroff's sophisticated cyber-enabled heists, which have targeted the SWIFT system and cryptocurrency exchanges. This new malware strain shows that threat actors are adapting their toolsets to accommodate cross-platform malware by using programming languages like Go and Rust. Additionally, this development is a sign that cybercriminals are continuing to exploit trust relationships in the software supply chain as entry points to corporate networks.
FROM THE MEDIA: A financially motivated North Korean threat actor, BlueNoroff, is suspected to be behind a new Apple macOS malware strain called RustBucket. This malware is designed to add infected devices to a botnet, which is then used to launch distributed denial-of-service (DDoS) attacks against game servers. The malware identified by Jamf masquerades as an “Internal PDF Viewer” application to activate the infection, although the success of the attack banks on the victim manually overriding Gatekeeper protections. The second-stage payload, written in Objective-C, is a basic application that offers the ability to view PDF files and only initiates the next phase of the attack chain when a booby-trapped PDF file is opened through the app.
READ THE STORY: THN
CCP’s increasingly sophisticated cyber-enabled influence operation
Analyst Comments: The Australian Strategic Policy Institute’s International Cyber Policy Centre’s report sheds light on how the CCP is using social media to manipulate public opinion and disrupt domestic and foreign policies and decision-making processes beyond its borders. The report provides key recommendations to policymakers and social media platforms to counter the CCP’s increasingly sophisticated cyber-enabled influence operations, including greater investment of resources and more effective strategies to disrupt future influence operations. With the CCP’s cyber-enabled influence operations becoming more aggressive and effective, the report highlights how the CCP is seeking to influence economic decision-making in democracies, destabilize social cohesion during times of crisis, sow distrust of leaders or institutions, and processes, fracture alliances and partnerships, and further deter journalists, researchers and activists in democracies from expressing their opinions.
FROM THE MEDIA: The Australian Strategic Policy Institute’s International Cyber Policy Centre has released a report that highlights how the Chinese Communist Party (CCP) is manipulating online public opinion beyond its own borders. The report entitled “Gaming public opinion: The CCP’s increasingly sophisticated cyber-enabled influence Operations” notes that the CCP’s cyber-enabled influence operations have evolved to become more aggressive, global, and effective in targeting democracies by disrupting domestic and foreign policies and decision-making processes. The CCP is now using covert cyber-enabled influence operations to counter accusations of cyber espionage and support the expansion of Chinese cybersecurity services abroad. The report reveals a previously unreported CCP cyber-enabled influence operation named “Operation Honey Badger” that spread unverified claims that the US was irresponsibly conducting cyber-espionage operations against China and other countries.
READ THE STORY: ASPI
Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor
Analyst Comments: This attack highlights the Iranian nation-state threat actor's continuous refinement and retooling of its malware arsenal. The use of ISO images and other archive files is a new tactic, and the adoption of enhanced methods to evade detection indicates an increasing sophistication of the adversary. The use of decoy documents written in different languages and related to a non-profit entity demonstrates the actor's ability to tailor the attack to different targets. The early stages of infection are yet to be seen in the wild, and this new malware campaign underscores the importance of maintaining cybersecurity defenses and updating software regularly to protect against newly emerging threats.
FROM THE MEDIA: Iranian nation-state threat actors are using phishing attacks to target Israel, deploying an updated version of the Windows backdoor called PowerLess. Cybersecurity firm Check Point has identified the activity cluster as "Educated Manticore," with "strong overlaps" with other hacking crews such as APT35, Charming Kitten, Cobalt Illusion, ITG18, Mint Sandstorm, TA453, and Yellow Garuda. The ISO file, a decoy document written in Arabic, English, and Hebrew, is used as a conduit for the attack chain, and the payload ultimately launches the PowerLess implant, which has the capability to steal data from web browsers and apps like Telegram, take screenshots, record audio, and log keystrokes.
READ THE STORY: THN
Key U.S. Navy Shipbuilder Hit In Ransomware Attack
Analyst Comments: While this was not a significant cyber attack, cybersecurity experts have warned that attacks of this nature are on the rise. They have urged companies to implement robust detection mechanisms to identify and respond to such threats promptly, highlighting the potential impact of cyber attacks on industrial control systems, even if data theft did not occur. Ransomware attacks are expected to increase this year, with Iran, Russia, China, and North Korea being the largest threats.
FROM THE MEDIA: Fincantieri Marinette Marine suffered a cyber attack on April 12, which caused production delays across the shipyard. Large amounts of data on the network servers were made unusable by an unknown group, which compromised the data needed to instruct the shipyard's CNC manufacturing machines, resulting in computer-controlled tools being offline for several days. Some of the CNC machines were back in operation by the end of last week, but email and some networked operations remained offline as of Friday. Fincantieri Marine Group stated that its network security officials immediately isolated systems and reported the incident to relevant agencies and partners. The spokesperson also confirmed that the company has brought in additional resources to investigate and restore full functionality to the affected systems as soon as possible. It is not yet known if the attackers stole any sensitive data on the vessels or processes at the shipyard.
READ THE STORY: 1945
Keep reading with a 7-day free trial
Subscribe to Bob’s Newsletter to keep reading this post and get 7 days of free access to the full post archives.