Daily Drop (480): China and Taiwan, US Global AI Quantum ML, RU & CN Challenge in West Africa, Kremlin Drone Attack, Social Media Cyber Espionage in South Asia: Meta's Discovery, Anti-Trans Group leak
05-05-2023
Friday, May 05, 2023 // (IG): BB // Cloak & Dagger// Coffee for Bob
Military briefing: the drone attack on the Kremlin
Analyst Comments: The drone attack near the Kremlin raises questions about who is responsible and what was the aim of the attack. The incident has prompted international condemnation and a war of words between Moscow, Washington, and Kyiv, as each party tries to shift the blame on the other. While Moscow has blamed Ukraine for the attack, some experts are hesitant to declare the incident a “false flag” conducted by Russia to justify a new escalation in Ukraine, as it would be a significant risk for Putin to imply that one of the most protected sites in the country is vulnerable.
FROM THE MEDIA: Two small drones were launched and exploded near the Kremlin in Moscow early on Wednesday morning, and Moscow, Washington, and Kyiv have been in disagreement over who is responsible and what was the aim. The Kremlin has blamed Ukraine, and the US and Ukraine have categorically denied involvement. Some experts have hesitated to declare the incident a “false flag” conducted by Russia that could justify a new escalation in Ukraine. The drones had almost zero chance of killing Russian President Vladimir Putin, but if they were operated by Ukraine or agents of Kyiv, it would be the most serious penetration of Russia’s supposedly secure airspace since 1987. The Kremlin is protected by radar and air-defense missile systems, a GPS spoofing system, two Pantsir air-defense systems, a Krasukha-4 ground-based jamming system, and handheld anti-drone weapons. Ukrainian officials have denied the country's involvement, but they have a history of using drones to attack highly guarded targets inside Russia.
READ THE STORY: FT
Risk of war with China over Taiwan is real, intel leaders warn
Analyst Comments: The threats from China and the potential of a war over Taiwan pose significant risks for the U.S. and the global economy. The warnings from top intelligence officials about Chinese leaders’ pessimism about the future of relations with the U.S. and the potential for a miscalculation or escalation of a minor confrontation triggering a war should be taken seriously. It is also concerning that China is increasing its space warfare attacks and cyberattacks on critical U.S. infrastructure in a future conflict.
FROM THE MEDIA: During an annual briefing to Congress on Thursday, Director of National Intelligence Avril Haines and Army Lt. Gen. Scott Berrier, director of the Defense Intelligence Agency, warned that the U.S. faces real dangers from China and the potential of a war over Taiwan. Haines expressed concern that a miscalculation or escalation of a minor confrontation could trigger a war based on Chinese leaders’ pessimism about the future of relations with the U.S. Berrier said that at least four dates beginning in 2025 have been put forth for when Chinese President Xi Jinping may order military action against Taiwan. China considers Taiwan as part of its sovereign territory and has vowed to reclaim it. The annual survey of global threats that intelligence officials gave to Congress revealed that the threats from China, including space warfare attacks on satellites and cyberattacks on critical U.S. infrastructure in a future conflict, dominated the survey. Other threats laid out by the DNI and DIA leader included the growing risk of a direct conflict with Russia over the Ukraine war, North Korea’s growing nuclear arms and missile programs, and Iran’s increasing potential to build nuclear arms.
READ THE STORY: The Washington Times
US touts new strategy for global standards on AI, quantum, machine learning
Analyst Comments: The US National Standards Strategy for Critical and Emerging Technology aims to put guardrails around the development of critical and emerging technologies and ensure their safety and interoperability. The strategy outlines planned investments and future partnerships that will be forged to accomplish the four goals mentioned. The US government plans to prioritize efforts for standards development around key technological areas, such as AI and machine learning, biotechnology, navigation tools, and quantum information technologies. However, the strategy is aimed squarely at China, which has sought to increase its role in international standards bodies over the last decade.
FROM THE MEDIA: The White House has published a new strategy to push for international rules that would put guardrails around the development of critical and emerging technologies, including artificial intelligence, machine learning, quantum computing, and more. With the release of the US National Standards Strategy for Critical and Emerging Technology, Biden administration officials aim to ensure that the technology relied upon by Americans is universally safe and interoperable. Standards Developing Organizations (SDOs), which typically consist of experts from industry, academia, civil society groups, and governments, work to ensure the safety and interoperability of technology and systems.
READ THE STORY: The Record
How Russia and China are Challenging Western Domination in West Africa
Analyst Comments: The US National Standards Strategy for Critical and Emerging Technology aims to put guardrails around the development of critical and emerging technologies and ensure their safety and interoperability. The strategy outlines planned investments and future partnerships that will be forged to accomplish the four goals mentioned. The US government plans to prioritize efforts for standards development around key technological areas, such as AI and machine learning, biotechnology, navigation tools, and quantum information technologies. The strategy is aimed squarely at China, which has sought to increase its role in international standards bodies over the last decade.
FROM THE MEDIA: The White House has published a new strategy to push for international rules that would put guardrails around the development of critical and emerging technologies, including artificial intelligence, machine learning, quantum computing, and more. With the release of the US National Standards Strategy for Critical and Emerging Technology, Biden administration officials aim to ensure that the technology relied upon by Americans is universally safe and interoperable. Standards Developing Organizations (SDOs), which typically consist of experts from industry, academia, civil society groups, and governments, work to ensure the safety and interoperability of technology and systems.
READ THE STORY: India Narrative
Meta Uncovers Massive Social Media Cyber Espionage Operations Across South Asia
Analyst Comments: The disruption of the APT groups and adversarial networks by Meta is a positive development in the fight against cyber espionage and disinformation campaigns. The use of social engineering tactics by the APT groups highlights the importance of educating individuals on how to recognize and avoid phishing attacks. It is also noteworthy that at least two of the cyber espionage campaigns used low-sophistication malware with reduced capabilities, likely in an attempt to bypass app verification checks established by Apple and Google. This demonstrates that even simple malware can still be effective if combined with social engineering tactics. The increasing reliance of Iranian state-aligned actors on cyber-enabled influence operations to compensate for shortcomings in their network access or cyberattack capabilities is a concerning trend. The operations have sought to instigate unrest in Bahrain, bolster Palestinian resistance, and counter the normalization of Arab-Israeli relations.
FROM THE MEDIA: Meta, formerly known as Facebook, has disrupted cyber espionage campaigns from three different advanced persistent threat (APT) groups. The APT groups used elaborate fictitious personas on Facebook and Instagram to target individuals located in South Asia. The groups relied heavily on social engineering to trick people into clicking on malicious links, downloading malware, or sharing personal information across the internet. The fake accounts used various lures, including women looking for a romantic connection, recruiters, journalists, and military personnel. Meta expunged about 110 accounts on Facebook and Instagram linked to an APT identified as Bahamut, which targeted activists, government employees, and military staff in India and Pakistan with Android malware.
READ THE STORY: THN
Discord leaks ‘demoralizing’ for US intelligence agencies, DNI Haines says
Analyst Comments: The leaking of classified documents can pose a significant threat to national security, and the emotional impact it has on the government agencies involved in producing those products can be severe, as stated by DNI Haines. It highlights the importance of implementing robust security measures, such as zero trust, to prevent unauthorized access to sensitive information.
FROM THE MEDIA: The leaks of classified documents by a Massachusetts Air National Guard member on the messaging app Discord has had an emotional impact on the government agencies that produced those products, said the director of national intelligence, Avril Haines. Airman Jack Teixiera, 21, is accused of sharing sensitive military documents, including battlefield assessments from Ukraine, with fellow users of Discord. The Pentagon is still working to fully implement zero-trust technology, where networks assume that improper behavior is already happening, and users must authenticate themselves as they access different levels. The DoD CIO, John Sherman, said that zero trust “would have made it a lot more likely” that the Discord leaker would’ve been caught earlier.
READ THE STORY: The Record
An Anti-Trans Doctor Group Leaked 10,000 Confidential Files
Analyst Comments: The data breach suffered by the American College of Pediatricians is a significant security incident that exposes highly sensitive information about the organization's operations and personnel. The leak has provided an unprecedented look into an organization known for its efforts to limit abortion access and deprive gay couples of parental rights. The group's radical views targeting transgender people and transgender youth are not supported by medical science and are aimed at painting same-sex marriage as aberrant and immoral behavior. The organization has also lobbied doctors to urge patients to purchase Christian-based parenting guides and to visit Catholic-run “crisis pregnancy centers,” which strictly reject abortion.
FROM THE MEDIA: The American College of Pediatricians, a conservative doctors’ organization known for its efforts to limit abortion access and deprive gay couples of parental rights, has suffered a significant data breach. The breach exposed more than 10,000 files, including sensitive financial and tax records, membership rolls, and email exchanges spanning over a decade. The records reveal an organization that has benefited greatly by exaggerating its own power while struggling to grow in size and gain respect. The leak has outed most, if not all, of its members and provides an unprecedented look at the groups and personnel central to its campaign. The records also reveal the group's dubious claims, such as painting transgender youth as carriers of a pathological disorder, a claim that is unsupported by medical science. The American College of Pediatricians has also lobbied doctors to urge patients to purchase Christian-based parenting guides and to visit Catholic-run “crisis pregnancy centers,” which strictly reject abortion.
READ THE STORY: Wired
China labels USA 'Empire of hacking' based on old Wikileaks dumps
Analyst Comments: Hello Pot this is Kettle. The investigation's findings are not new, as they rely heavily on the 2017 WikiLeaks "Vault7" dump. The report seems to have a propaganda-tinged tone, and the criticism of Twitter and Google for providing secure communication tools in Tunisia and Egypt may be viewed as an attempt to limit access to information. The US has been making similar allegations against China, and the two nations signed a no-hack pact in 2015, which is not believed to be upheld by either side.
FROM THE MEDIA: The National Computer Virus Emergency Response Center of China and local infosec firm 360 Total Security have conducted an investigation called "The Matrix" and found that the CIA conducts offensive cyber operations, labeling the United States an "Empire of Hacking." The investigation published the first part of their work titled "Empire of Hacking: The US Central Intelligence Agency - Part I." The report heavily relies on the 2017 WikiLeaks "Vault7" trove of exploits that the CIA uses to spy on computers, smart TVs, WhatsApp, and other devices or services. The investigation also discussed the CIA's efforts to undermine socialist regimes, its exploitation of Cisco's weaknesses, and its development of the TOR protocol.
READ THE STORY: The Register // CNA
Apple’s iPhone sales rebound after supply chain challenges
Analyst Comments: Apple's results are a mixed bag, with iPhone sales increasing, but the total revenue declining YoY due to declines in sales of Mac computers and iPads. The increase in iPhone sales is a relief for investors after the Covid-19 outbreak in the Foxconn factory in November disrupted production. The company is focusing on its services division, which has 975mn paying global subscribers, almost double the figure from three years ago. Apple's push into India is also a significant development, with the opening of its first two stores and Cook's meeting with the country's prime minister.
FROM THE MEDIA: Apple's iPhone sales have increased by 2% to $51.3bn in the quarter ending March, as per the company's financial reports. The result is a relief for the investors after the Covid-19 outbreak in the Foxconn factory in November disrupted production. The company's total revenue fell by 2.5% YoY to $94.8bn, mainly due to declines in sales of Mac computers and iPads. Apple has made a push into India and opened its first two stores there. The company is focusing on its services division, which includes music, movies, and iCloud storage, and has 975mn paying global subscribers, almost double the figure from three years ago. Apple's board has authorized the spending of $90bn on share buybacks in the coming 12 months.
READ THE STORY: FT
Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection
Analyst Comments: The discovery of a new method to exploit the PaperCut vulnerability is concerning, as it highlights the challenges faced by defenders in detecting and preventing attacks in real time. The fact that attackers can bypass existing detections by using multiple paths to arbitrary code execution underscores the need for a layered approach to cybersecurity that includes endpoint protection, network security, and threat intelligence. Organizations using PaperCut should ensure that they have installed the latest security patches and implemented security best practices to mitigate the risk of exploitation.
FROM THE MEDIA: Researchers have found a way to exploit a recently disclosed flaw in PaperCut servers in a way that bypasses all current detections. Tracked as CVE-2023-27350, the issue affects PaperCut MF and NG installations and can be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. While the flaw was patched on March 8, 2023, the first signs of active exploitation emerged on April 13, 2023. Multiple threat groups, including ransomware actors, have since weaponized the vulnerability, with post-exploitation activity resulting in the execution of PowerShell commands designed to drop additional payloads. Massachusetts-based threat intelligence firm VulnCheck has published a proof-of-concept (PoC) exploit that sidesteps existing detection signatures by abusing the print management software's "User/Group Sync" feature.
READ THE STORY: THN
Keep reading with a 7-day free trial
Subscribe to Bob’s Newsletter to keep reading this post and get 7 days of free access to the full post archives.