Thursday, April 27, 2023 // (IG): BB // Financial Enabler // Coffee for Bob
Future of warfare is AI, retired US Army general warns
Analyst Comments: The warning from retired US Army general Richard Clarke highlights the potential threats posed by the increasing reliance on AI-enabled autonomous systems in warfare. As AI technology continues to develop, its use in warfare is likely to become more prevalent, raising questions about ethical use and the potential for indiscriminate attacks. The emphasis on truth-telling technology to combat deep fakes and disinformation campaigns is a positive step towards tackling one of the key challenges of the information age. The statement from Clarke also indicates that the US military may be lagging behind other countries in terms of technological development, suggesting a potential vulnerability.
FROM THE MEDIA: According to retired US Army general Richard Clarke, the future of warfare will be fought with autonomous systems enabled by AI and will take place in cyberspace and space. Speaking at the RSA Conference, Clarke said that a single person would be able to control 20 planes and that the US military must equip itself with technology at the speed at which it develops to remain dominant in the world of warfare. Clarke warned that major global powers such as China have already taken significant steps in technology and have even surpassed the US in certain areas. He also stressed the importance of technology in sorting deepfakes from real video and audio, so as to provide true information to allies and enemies.
READ THE STORY: The Register
NSA cyber director warns of ransomware attacks on Ukraine, Western supply chains
Analyst Comments: Russian hackers are attempting to inject ransomware into Ukraine's logistics supply chain, as well as those of the Western countries that back Kyiv in its fight against Moscow. This represents a shift in tactics for Moscow, which many believed would use a digital offensive to cripple Ukraine's critical infrastructure and secure a quick victory. The assessment also highlights that Poland, one of Ukraine's biggest supporters, has already fallen victim to malicious activity, possibly by a Russia-based hacking group. The NSA Director of Cybersecurity, Rob Joyce, warns that this is a significant escalation in tactics and capabilities, which may have serious consequences if successful in disrupting the supply chain of US companies. Finally, the assessment cautions against amateur citizens taking up cyber arms to fight in foreign conflicts, as it may have negative consequences for the ability to set and enforce norms and may give cover to Russia to engage in misinformation and disinformation campaigns.
FROM THE MEDIA: Russian hackers are targeting the logistics supply chains of Ukraine and Western countries that support Kyiv in its conflict with Moscow, according to the Director of Cybersecurity at the US National Security Agency, Rob Joyce. Speaking at the RSA Conference, Joyce said the hackers were attempting to introduce ransomware into the supply chain, a tactic that marks a shift from earlier expectations that Moscow would target critical infrastructure directly. Joyce added that Poland, one of Ukraine's key supporters, had “certainly” been a victim of malicious activity, possibly referencing an attack attributed to Russia-based hacking group Iridium by Microsoft last year. Joyce declined to speculate on what a successful attack on US targets would mean for Washington's involvement in the conflict. He also criticized individuals who take up "cyber arms" in support of Ukraine, saying such activity should be the preserve of governments.
READ THE STORY: The Record
Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks
Analyst Comments: The expansion of Alloy Taurus's target list shows that the group is still evolving its operations in support of its espionage activities. This means organizations across Southeast Asia, Europe, and Africa that fall within the group's target list need to step up their security measures. It is important to keep systems updated, implement strong passwords, and use modern security software solutions to protect against modern threats. Additionally, organizations should use defense-in-depth architecture to secure their systems.
FROM THE MEDIA: Chinese APT group, Alloy Taurus (also known as Granite Typhoon) has expanded its cyber-espionage activities to include financial institutions and government entities. The group has been targeting South Africa and Nepal with a Linux variant of a backdoor, PingPull, and a new undocumented tool called Sword2033. PingPull is a remote access trojan that uses the Internet Control Message Protocol for command-and-control communications. The Linux variant of PingPull shares similar functionalities as its Windows counterpart. Sword2033, on the other hand, supports three basic functions, including uploading and exfiltrating files and executing commands. Both tools are designed to help Alloy Taurus carry out espionage activities.
READ THE STORY: THN // DARKReading
As Taipower Modernizes, Cybersecurity Threats Loom
Analyst Comments: Taiwan has been a prominent target of cyberattacks from China, with the country's strategic location and political status in the crosshairs of the Chinese Communist Party (CCP). The CCP has been known to employ cyberattacks as part of its strategy to infiltrate and influence foreign nations, especially those that it considers a threat to its political agenda. The situation is further exacerbated by the ongoing tensions between China and Taiwan, where the CCP continues to claim sovereignty over Taiwan and has not ruled out the use of force to achieve this goal.
FROM THE MEDIA: Taiwan Power Company (Taipower) plans to invest US$18 billion in its grid over the next decade, focusing on resilience, decentralization, modernization, and strengthening of the electricity system. The expansion of smart devices such as smart grids and meters is expected to enhance resilience and improve distribution. However, the increasing use of interconnected digital technologies and IoT devices makes the power sector vulnerable to cyberattacks. Taipower is one of Taiwan’s most prominent cyberattack targets, being exposed to daily cyberattacks, often heightened during times of cross-Strait tension. Taipower has established an Information Sharing and Analysis Center (ISAC) to exchange intelligence with the government's energy ISAC platform and developed a Smart Grid Security Deployment Plan. However, greater effort is needed to ensure accountability and transparency and to plug blind spots. Private or patriotic hackers can carry out ransomware attacks, and the disablement of key infrastructure are areas of Taiwan’s defense preparedness that warrant additional investment.
READ THE STORY: AMCHAM
DoJ, Treasury accuses 3 men of laundering crypto for North Korea
Analyst Comments: The US government has indicted and sanctioned three individuals, including a Chinese national, a Hong Kong British national, and a North Korean national, for conspiracies to launder stolen and illicit cryptocurrency used by the North Korean regime to finance its weapons programs. The indictments highlight the complex cyber operations run by North Korea since at least 2017 to steal or generate cryptocurrency, which is then laundered and sent to the regime to fund its weapons of mass destruction programs. The US government has accused the three individuals of using virtual currency to facilitate payments and profits, targeting virtual currency companies for theft, and exploiting the technological features of virtual assets to evade sanctions. The US has also placed sanctions on all three individuals, blocking properties in the US that they own or have a direct or indirect interest in, and threatening sanctions against individuals or foreign financial institutions that conduct business with them. The case underscores the continuing threat posed by North Korea's cyber operations and its use of cryptocurrencies to finance its weapons programs.
FROM THE MEDIA: The US Department of Justice (DoJ) has indicted three men, including one North Korean national, for money laundering using cryptocurrency to fund the country’s weapons programs. Wu Huihui of China, Cheng Hung Man, a Hong Kong British national, and North Korean national Sim Hyon Sop are accused of two money laundering conspiracies, both aimed at channeling funds into North Korea's coffers. Additionally, the Treasury Department placed sanctions on all three men, blocking properties in the US that they own or have a direct or indirect interest in, and the State Department announced a reward of up to $5 million for information leading to the arrest or conviction of Sim. The Democratic People's Republic of Korea (DPRK) has been accused of running complex operations designed to steal or generate cryptocurrency, which is then laundered and sent to the regime to fund its programs around weapons of mass destruction (WMD), and ballistic missiles, which are national security threats.
READ THE STORY: The Register
US Intelligence Leak: China Is Focusing Cyber Capabilities on Capturing & Shutting Down Satellites
Analyst Comments: The leaked documents indicate that China is focusing its cyber capabilities on satellite disruption, reflecting the country's wider strategy to become a dominant space power. The documents suggest that China is researching ways to disrupt and hijack satellite communications, which could have serious implications for military operations and civilian services. The US military has previously warned about the increased capabilities of US rivals, including China's and Russia's cyber capabilities, as well as new technologies such as anti-satellite missiles and lasers. Concerns about China's military and cyber capabilities are currently centered on Taiwan.
FROM THE MEDIA: Leaked documents suggest that China is focusing its cyber capabilities on disrupting and hijacking enemy satellites, as part of its strategy to become a dominant space power. The documents indicate that China's intelligence services are researching ways in which satellite signals can be copied, allowing hackers to hijack signals, disrupt communications, or potentially take command of a satellite remotely. Military leaders have previously reported that China aims to be the dominant force among the stars within the next 20 years. US-owned satellites currently dominate space with at least 2,800 total of the roughly 5,500 in orbit, but China’s military alone has now launched 347 including 35 since late 2022 (the country is thought to have some 540 in total). Military leaders have been sounding alarms about the increased capability of US rivals, with General Bradley Chance Saltzman warning that Russia and China have lasers and light tools capable of interfering with satellite cameras and that Russia has been testing anti-satellite missiles since at least 2021.
READ THE STORY: CPOMAG
Fentanyl Follies: Loose Talk in Washington and Mexico City
Analyst Comments: The issue of narcotics trafficking, particularly the smuggling of fentanyl from Mexico to the United States, is a major concern for both countries. While American politicians have called for unilateral action against the cartels, such action is unlikely to be successful without broader efforts to reclaim state presence in the large, lawless areas of rural Mexico in which the cartels operate. Additionally, unilateral military action within Mexico by the U.S. armed forces is a non-starter and could damage the overall relationship between the two countries. Despite initial pushback from the López Obrador administration, Mexico has announced a fentanyl action plan, including creating a coordinating body within the Mexican government to address fentanyl, increasing personnel monitoring land customs stations and maritime ports, creating a special unit within the national prosecutor’s office, and establishing a protocol for consultations between the Mexican Finance Ministry and the U.S. Treasury Department on money laundering.
FROM THE MEDIA: The issue of narcotics trafficking has become a high-profile source of friction between Mexico and the United States. Fentanyl, a highly addictive synthetic opiate, has increasingly become the drug of choice among U.S. consumers of hard drugs, with 70,000 deaths per year attributed to fentanyl overdoses out of a total of 100,000 narcotics-related deaths. Fentanyl’s precursor chemicals are produced in China, cross the Pacific by sea, and are smuggled into Mexican ports, where the final product is then created in laboratories and sent to the United States. American politicians have become engaged on this issue, with some calling for unilateral kinetic action against the cartels. Mexican president Andres Manuel López Obrador has reacted by asserting that fentanyl is America’s problem, not Mexico’s, and has threatened to urge Mexican-Americans to vote against Republicans if they do not cease their pressure campaign.
READ THE STORY: The National Interest
China’s ‘CRAZY’ Tactics To Destroy Enemies, Influence VIPs Halted By US; But Other Nations Fall Prey
Analyst Comments: The piece provides a comprehensive overview of China's espionage and foreign interference operations and highlights the need for defending democratic values to counter Chinese activities. It provides several examples of Chinese espionage and foreign interference in countries such as the US, Australia, Canada, and the UK. The author emphasizes the importance of understanding the nature of the threat posed by China and suggests that a fool-proof system is difficult since spying is one of the oldest professions in the history of mankind. However, the article does not provide any concrete solutions or recommendations for countering Chinese activities.
FROM THE MEDIA: The recent arrests in the US and Australia of individuals accused of working for the Chinese government in espionage and foreign interference operations highlight China's ongoing efforts to expand its influence and power abroad. The article highlights China's use of various tactics, including political donations, media control, economic espionage, and the Thousand Talents Program, to transfer knowledge and intellectual property from foreign countries to China. The author argues that while enforcement actions against Chinese government agencies are necessary, the most effective means of countering Chinese activities is to defend democratic values and prevent them from being undermined.
READ THE STORY: The EurAsian Times
The Era of Hybrid Warfare: How Space Became the Latest Dimension in Conflict
Analyst Comments: The comments made by Greg Wyler and Clémence Poirier highlight the growing concerns around cybersecurity in the satellite industry, particularly with regard to gateways and supply chains. The recent Viasat hack serves as a stark reminder of the vulnerabilities inherent in satellite networks and the potential risks posed by foreign actors. It is clear that there is a need for greater investment in cybersecurity measures, particularly among New Space companies that may be less equipped to handle sophisticated attacks. The proposed EU-ISAC could be a step in the right direction in terms of collaboration and information sharing, but it remains to be seen whether such initiatives will be enough to protect against increasingly sophisticated cyber threats.
FROM THE MEDIA: At the Cysat event in Paris, E-Space CEO Greg Wyler claimed that gateways are the biggest security vulnerability in today's satellite networks. Wyler believes that gateways, which act as a central hub for data coming in and out of satellites, represent a "giant, vulnerable elephant to be eaten" for foreign actors, adding that "gateways are really easy [to attack]. They have a fence around them." Wyler's comments follow the recent Viasat hack, which involved attackers exploiting vulnerabilities in the company's gateway to infiltrate its satellite network. Other speakers at the event, including Clémence Poirier of the European Space Policy Institute, warned that supply chains were becoming a "very weak link" in the security chain and that New Space companies were not investing enough in cybersecurity.
READ THE STORY: Via Satellite
Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China
Analyst Comments: Evasive Panda's been reported to be targeting an international NGO in China by using MgBot malware. It highlights the malware's capabilities and the potential for adversary-in-the-middle attacks involving the compromise of routers or gateways. The article also provides background information on Evasive Panda and its history of cyber espionage attacks targeting various entities in China, Hong Kong, and other countries located in East and South Asia.
FROM THE MEDIA: APT group Evasive Panda, also known as Bronze Highland and Daggerfly, has been targeting an international NGO in China by delivering the MgBot malware via update channels of legitimate applications such as Tencent QQ. The malware is capable of stealing files, logging keystrokes, harvesting clipboard data, recording audio streams, and credential theft from web browsers. It is unclear how the threat actor managed to deliver the malware via legitimate updates, but it could be a case of an adversary-in-the-middle attack involving the compromise of routers or gateways. The activity began in November 2020 and continued throughout 2021. Evasive Panda has been attributed to a series of cyber espionage attacks targeting various entities in China, Hong Kong, and other countries located in East and South Asia since at least late December 2012.
READ THE STORY: THN // The Record // InfoSecMag
Iranian hackers targeted Israelis using rare cyber attack techniques
Analyst Comments: The report by Check Point highlights the continuing threat posed by Iran-linked hacker groups to Israeli targets, particularly academic researchers. The use of new malware with advanced functionalities, as well as the submission of related files to VirusTotal, suggests a high level of sophistication and planning by the attacker. The adoption of a new naming convention for Iranian-aligned threats by Check Point may also prove useful in tracking the activities of these groups.
FROM THE MEDIA: Israeli cybersecurity company, Check Point has reported that the Iran-linked hacker group, "Educated Manticore," has started targeting Israeli academic researchers with new malware. The malware is contained within an ISO file called "Iraq development resources" and contains academic content about Iraq in PDF files in Arabic, English, and Hebrew. Once opened, the malware installs a backdoor called "PowerLess" that allows hackers to access the affected computer. The new version of PowerLess includes new functionalities such as the ability to steal data from the Telegram desktop app, take screenshots, and record sound. Two other related files called "iraq-project.rar" and "SignedAgreement.zip" were also found to be used in the attacks. These files appear to be personal projects by the developer behind the attack and were submitted to VirusTotal by the same submitters from Israel. The attacker has been designated as "Educated Manticore" under a new naming convention that labels Iranian-aligned threats as "manticores."
READ THE STORY: JPOST
South Korea and the US agree to cooperate on cybersecurity and combating North Korean digital heists
Analyst Comments: The agreement to establish a "Strategic Cybersecurity Cooperation Framework" between the US and South Korea demonstrates the shared commitment of both countries to strengthen cybersecurity measures against cyber threats, particularly from North Korea. As North Korea continues to use cybercrime to fund its weapons programs, cooperation between the US and South Korea in detecting, preventing, and responding to cyber attacks is critical. The cooperation agreement also reflects the growing recognition of the importance of cybersecurity in protecting critical infrastructure and securing cryptocurrency and blockchain applications. This agreement could serve as a model for other countries to follow in enhancing their cybersecurity cooperation with the US and other allies.
FROM THE MEDIA: South Korea and the US have agreed to sign a cybersecurity cooperation agreement to deter "cyber adversaries," secure critical infrastructure, combat cybercrime, and secure cryptocurrency and blockchain applications. In a joint statement, the two countries cited concerns about North Korea's cyber activities funding its weapons programs and committed to blocking its cyber-enabled revenue generation. North Korea is known to rely on its government-backed hacking groups to fund its weapons programs by launching audacious attacks on cryptocurrency exchanges and medical facilities. The agreement would involve working together to deter "cyber adversaries," secure critical infrastructure, combat cybercrime, "and secure cryptocurrency and blockchain applications." The two countries also outlined an agreement to cooperate in the development of quantum technologies.
READ THE STORY: The Record
Quantum cyber security
Analyst Comments: It is crucial for organizations to stay informed about quantum cybersecurity developments and invest in research to protect their systems against quantum threats. As we approach the million-qubit threshold, the urgency for robust post-quantum cryptography increases, and the race to develop effective solutions intensifies. It is essential to be proactive and invest in quantum cybersecurity solutions to safeguard our digital infrastructure in the future.
FROM THE MEDIA: Quantum computing poses a significant challenge to classical cybersecurity due to its unparalleled computational power, which introduces various threats such as the "harvest now, decrypt later" model, asymmetric cryptography defeat, and blockchain vulnerability. As the development of million-qubit quantum computer approaches, researchers are exploring potential quantum cybersecurity solutions, including NTRU lattice-based cryptography, code-based cryptography, supersingular elliptic curve isogeny cryptography, and symmetric keys.
READ THE STORY: T_HQ
A Security Team Is Turning This Malware Gang’s Tricks Against It
Analyst Comments: The security researchers from eSentire have done an excellent job in tracking the malware's activity and operations over time and identifying characteristics of how Gootloader covers its tracks and attempts to evade detection that defenders can exploit to protect networks from being infected. The article highlights the severity of the issue and the need for organizations to take proactive measures to protect their networks from such threats. The researchers' finding about the Gootloader's defense mechanism is particularly interesting, as it provides insights into how attackers can be countered.
FROM THE MEDIA: A security firm eSentire has revealed its methods for disrupting the operations of the Gootloader malware, an initial-access-as-a-service operation, that compromises businesses and other organizations and then sells that digital access to other attackers. Gootloader is known for distributing links to compromised documents, particularly templates, and other generic forms. Attackers use a tactic known as search-engine-optimization poisoning to compromise legitimate blogs, particularly WordPress blogs, and then quietly add content to them that includes malicious document links. The system is designed so users can only download the malware once per day, and which Gootloader defense mechanism could also be used against it.
READ THE STORY: Wired
Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks
Analyst Comments: The use of customized malware by state-affiliated threat actors is becoming more prevalent, making it challenging to detect and defend against. The fact that BellaCiao is personalized makes it more difficult to detect, and the use of hard-coded instructions for delivering malware payloads further complicates the matter. Charming Kitten's past attacks on various industry verticals suggest that the group is adept at using different methods for breaching systems, making it more challenging to predict their next move.
FROM THE MEDIA: The Iranian state-sponsored APT group Charming Kitten, also known as APT35, has been found to be using a new malware named BellaCiao to target victims in the US, Europe, the Middle East, and India. BellaCiao is a personalized dropper that delivers other malware payloads on a victim machine as per the commands received from an actor-controlled server. The malware is hard to detect because it contains unique code that is specifically crafted to evade detection. Bitdefender Labs discovered the malware, and the modus operandi used by the group to achieve initial intrusion is still undetermined, although it is suspected to exploit vulnerabilities in internet-exposed applications like Microsoft Exchange Server or Zoho ManageEngine. The group has used various means over the years to deploy backdoors in systems belonging to a wide range of industry verticals.
READ THE STORY: THN
Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware
Analyst Comments: The confirmation by Microsoft that PaperCut servers were exploited by Lace Tempest is a concerning development. Ransomware attacks continue to be a significant threat to organizations, and the exploitation of security vulnerabilities is an increasingly popular tactic used by threat actors to achieve their objectives. Organizations should prioritize patching security vulnerabilities and implementing security controls to prevent unauthorized access to sensitive information. The exploitation of an unpatched vulnerability in Veeam backup software by FIN7 highlights the importance of maintaining up-to-date software and patching systems as soon as possible. Organizations should have robust backup and recovery procedures in place to mitigate the impact of a potential ransomware attack.
FROM THE MEDIA: Microsoft has confirmed that some active exploitation of PaperCut servers is linked to attacks designed to deliver Cl0p and LockBit, ransomware families. The tech giant's threat intelligence team attributes a subset of the intrusions to a financially motivated actor it tracks under the name Lace Tempest. Successful exploitation of the two security vulnerabilities in PaperCut could allow unauthenticated remote attackers to achieve arbitrary code execution and gain unauthorized access to sensitive information. A separate cluster of activity has also been detected weaponizing the same flaws, including those that lead to LockBit ransomware infections. In a related development, the Zero Day Initiative (ZDI) disclosed that the Mirai botnet authors have updated their malware to include CVE-2023-1389, a high-severity flaw in TP-Link Archer AX21 routers that could allow an unauthenticated adversary to execute arbitrary code on affected installations.
READ THE STORY: THN
Hey Man, Can I Use That Building When You’re Done With It
Analyst Comments: The article provides an insightful look at how architecture and design can help reduce the construction industry's global waste and environmental impact. The concept of circular building is an innovative approach to designing structures that can be reused, repurposed, or disassembled, rather than ending up in a landfill. The examples presented in the article demonstrate the potential of circular buildings to reduce waste and decrease a building's ecological impact. Additionally, the article acknowledges the challenges that architects and designers face in advancing circular construction, including changing policies and educating the public.
FROM THE MEDIA: Architecture students at the University of Southern California are designing structures for the Los Angeles 2028 Olympics that can transform, disappear, or begin a second life after the event. The project, called "Making LA," focuses on circular building, which is the practice of making buildings that can be more easily disassembled, moved, or repurposed. Circular construction and design for disassembly is part of a burgeoning focus on sustainability and reducing the construction industry's global waste, which creates about one-third of the world's waste. Some examples of circular buildings include a waterfront Copenhagen bar and restaurant, Kieran Timberlake's prefab, sustainable homes, a 3D-printed home made entirely from forest materials at the University of Maine, and a timber frame office building in Oslo.
READ THE STORY: Wired
Xi Jinping urges Volodymyr Zelenskyy to negotiate with Moscow
Analyst Comments: The phone call between Xi Jinping and Volodymyr Zelenskyy marks a significant development in the ongoing conflict in Ukraine. China's involvement in this conflict has long been a matter of debate, with the country presenting itself as a mediator and pushing for a peaceful resolution. However, China's peace initiative has been met with skepticism by European leaders, and the US and EU have warned China not to support Russia. The lack of agreement on a clear path to a peaceful resolution suggests that the situation remains complex and challenging, with Russia's ongoing occupation of Ukrainian territory continuing to be a major obstacle to lasting peace.
FROM THE MEDIA: Chinese President Xi Jinping spoke with Ukrainian President Volodymyr Zelenskyy, urging him to negotiate with Moscow to seek a "political settlement" of the war, in the first conversation between the leaders since Russia's full-scale invasion a year ago. China's foreign ministry said that Xi would send a special representative to talk to "all parties". However, Zelenskyy's office avoided any reference to negotiation in its readout of the call and instead expressed hope for China's active participation in efforts to restore peace. European leaders have been skeptical of Beijing's peace initiative, while the US and EU have warned China not to arm Russia. Officials and analysts suggested Xi might have made the call to repair relations with EU capitals after comments made by China's ambassador to France about former Soviet states' sovereignty.
READ THE STORY: FT
5G on the high seas brings the Internet of Things to Singapore's port
Analyst Comments: M1's move to bring comprehensive 5G coverage to Singapore's maritime industry is a significant development, demonstrating the vast potential of 5G to transform industries beyond just telecommunications. The Internet of Things use cases in the maritime industry could revolutionize the way vessels are monitored and managed, increasing safety and efficiency. The move is also significant for Singapore, which is a major global port and relies heavily on its maritime industry for economic growth.
FROM THE MEDIA: Singaporean telco M1 has unveiled a plan to bring 5G coverage to the country's maritime industry, which includes over 5,000 maritime companies and more than 4,400 vessels. While much of the area around Singapore's port limits is already covered, there is spotty wireless coverage in the area that extends southward from the mainland. M1 has built roughly a dozen towers across the islands in the region to bring 5G coverage. For the maritime industry, 5G means the chance to put the Internet of Things to work, with M1 offering video surveillance and telemedicine services. Packages start at $3,700 per vessel for onboard real-time surveillance that includes a 5G router, a network video recorder, and two high-definition video cameras.
READ THE STORY: The Register
Anonymous Sudan targets Israel premier and Mossad
Analyst Comments: This attack highlights the vulnerability of critical infrastructure to cyber threats and underscores the importance of enhancing cyber defenses. The motivation behind the attack is political, as Anonymous Sudan claims to be retaliating against Israel for its actions against Palestine. The group is known to work with other hacker groups, including Killnet, which recently conducted a cyber campaign against NATO. The association between Anonymous Sudan and Russia-backed hackers raises concerns about the potential for state-sponsored cyber attacks.
FROM THE MEDIA: Hacktivist group Anonymous Sudan has launched a coordinated cyber attack on over 40 organizations supporting Israel's infrastructure, including critical government services, financial institutions, healthcare facilities, and universities. Among the targets were the official government website of Israel, the Israeli Police, the Israel Broadcasting Corporation, and the websites of Prime Minister Benjamin Netanyahu, the Israeli Security Agency, and the Mossad. Two emergency alert services that warn citizens of incoming rocket attacks were also targeted. Anonymous Sudan claimed responsibility for the attacks and invited others to join in on the campaign.
READ THE STORY: Cybernews
South Africa Eskom Energy Probe: Ex-Chief Won't Name Names
Analyst Comments: The refusal by de Ruyter to name the politician involved in Eskom's corruption highlights the ongoing struggle against corruption in South Africa. The country has been grappling with widespread corruption that has affected both public and private sectors for years. Eskom, which is responsible for providing about 95% of South Africa's electricity, has been plagued with allegations of corruption and mismanagement, resulting in daily rolling blackouts that have affected the country's economy. De Ruyter's testimony sheds light on the extent of corruption at Eskom, which has been a major issue in the country. The continued struggle against corruption in South Africa is a significant challenge that affects the country's economic growth and development, as well as its ability to attract investment.
FROM THE MEDIA: The former head of South Africa's national energy firm, Eskom, Andre de Ruyter, has declined to name the politician who he claims tolerated the company's corruption. De Ruyter appeared before parliament's Standing Committee on Public Accounts on April 27, where he revealed that Eskom is losing about $54 million per month due to corruption. When asked to name the politician involved, de Ruyter cited security and legal risks, but he did acknowledge that Public Enterprises Minister Pravin Gordhan knows the name. The parliamentary committee's chairperson expressed dissatisfaction with de Ruyter's testimony, saying that they have learned nothing more than what he had already said in his television interview.
READ THE STORY: VOA
Items of interest
The lack of ideology makes Russian society fragile
Analyst Comments: The collapse of the Soviet Union in 1991 left Russia without a clear alternative ideology to communism. The discrediting of communist ideology also meant that there was no coherent framework for a new ideology to take its place. The absence of a real ideology in Russia can be traced back to a range of historical, political, and social factors. The fragmentation of Russian society, with deep divisions based on ethnicity, religion, and social class, makes it difficult to promote a common goal and vision for the future. The author argues that since Russians cannot unite for something, they need reasons to join against something, which often leads to negative societal narratives. As a result, Russian society has consistently followed different post- and anti-narratives that stress how different Russia is from the Soviet Union (post-Soviet narrative) or how different it is from the West (anti-Western narrative). This has led to a tendency towards political pragmatism, which often involves a mix of nationalist and conservative rhetoric and policies, but without a clear ideological framework.
FROM THE MEDIA: This piece examines the absence of a coherent ideology in contemporary Russia, and how it affects the country's society and political system. The author argues that since the collapse of the Soviet Union, Russia has failed to establish a new ideological framework to unite its people and provide a vision for the future. This has resulted in a fragmented society, lacking a common purpose, and a political system focused more on maintaining power than promoting a coherent ideology. The article also discusses the historical and cultural factors that contribute to Russian society's anti-Western sentiments and how Putin's leadership has emphasized national identity and sovereignty as a way to create a contemporary ideology.
READ THE STORY: Modern Diplomacy
DevOps for Hackers with Hands-On Labs w/ Ralph May (Video)
FROM THE MEDIA: In this Black Hills Information Security (BHIS) Workshop, we will go into the nuts and bolts of using DevOps for your engagements. We will learn how to use three different software stacks together to create the results we want. The workshop will include four hands-on labs to take what you have learned and apply it right away. First will focus on how to use Ansible to configure our operating systems. Then we will dive into Terraform to manage cloud infrastructure, and lastly, we will look at Docker to execute our code and dependencies.
Getting started with Ansible (Video)
FROM THE MEDIA: The speaker explains the basics of Ansible, including its use in configuring host operating systems and infrastructure as code. The talk covers the benefits of Ansible, such as the ease of writing playbooks and large module support. The speaker also provides a demo of how to use Ansible, including installing Ansible and executing simple Playbooks. The talk concludes with a discussion of the potential pitfalls of using Ansible and information on the speaker's Hacker Ops class, which focuses on using tools like Ansible and Terraform to conduct security assessments.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.