Daily Drop (491): US Charges Chinese & Russian actors, Sidewinder Infra, Myanmar’s Junta TELCOM, OSINT Ukraine, Mustang Panda, South Africa & Moscow, DoJ & Mikhail Matveev, DOJ indictment United Front
05-17-2023
Wednesday, May 17, 2023 // (IG): BB // Cloak & Dagger// Coffee for Bob
US ‘strike force’ charges Chinese and Russian nationals with stealing sensitive tech
Analyst Comments: The indictments announced by the U.S. Justice Department reflect the increasing efforts to combat attempts to illicitly obtain sensitive U.S. technologies. With a focus on preventing foreign adversaries from accessing advanced tools, particularly from countries like China, Iran, and Russia, the Biden administration has prioritized export controls and enforcement actions. The cases highlight the risks associated with intellectual property theft and the potential misuse of advanced technologies. The establishment of the Disruptive Technology Strike Force underscores the government's commitment to investigating and prosecuting export control violations. These actions signal a broader strategy aimed at protecting national security and preventing the proliferation of advanced technologies to potential adversaries.
FROM THE MEDIA: The U.S. Justice Department has unveiled a series of indictments targeting foreign nationals involved in attempting to illegally access sensitive U.S. technologies. The cases include the theft of Apple's autonomous driving system source code and the pilfering of smart manufacturing technology used in military aircraft and nuclear submarines. These enforcement actions mark the inaugural efforts of the Disruptive Technology Strike Force, a joint initiative between the Justice and Commerce departments aimed at investigating and prosecuting export control violations. The Biden administration has been ramping up the use of export controls to prevent countries such as China, Iran, and Russia from acquiring advanced American technologies. The indictments demonstrate the commitment to safeguarding national security and democratic values, according to Assistant Attorney General Matthew Olsen.
READ THE STORY: The Record
State-Sponsored Sidewinder Hacker Group's Covert Attack Infrastructure Uncovered
Analyst Comments: The discovery of previously undisclosed attack infrastructure used by the state-sponsored threat actor SideWinder highlights the group's ongoing activities and targeting of entities in Pakistan and China. The network of domains and IP addresses, which mimic various organizations, shows the group's focus on spear-phishing attacks to gain access to targeted environments. SideWinder's long-term presence and persistent targeting suggest a sustained espionage campaign with a focus on Indian interests. The use of malicious lure documents and Android APK files underscores the group's advanced capabilities in conducting surveillance and gathering sensitive information. Organizations in the targeted countries, particularly those in the financial, government, and law enforcement sectors, should be vigilant and implement robust email protection solutions to mitigate the risk of falling victim to SideWinder's attacks.
FROM THE MEDIA: Cybersecurity researchers from Group-IB and Bridewell have uncovered previously undocumented attack infrastructure used by the state-sponsored threat actor SideWinder to target entities in Pakistan and China. The infrastructure includes a network of 55 domains and IP addresses that mimic various organizations in sectors such as news, government, telecommunications, and finance. SideWinder has been active since at least 2012, primarily employing spear-phishing techniques to gain access to targeted environments. The group's targets are believed to be associated with Indian espionage interests, with frequently targeted countries including Pakistan, China, Sri Lanka, and others. The researchers also found government-themed lure documents hosted on the domains, as well as malicious Android APK files that function as spyware capable of harvesting sensitive information. SideWinder's attacks emphasize the need for organizations to deploy effective business email protection solutions to detect and mitigate malicious content.
READ THE STORY: THN
How Myanmar’s Junta Uses Telecom Companies to Target Journalists
Analyst Comments: The consolidation of control over mobile service providers by Myanmar's military poses significant threats to privacy, freedom of expression, and the safety of activists, opposition members, and journalists. With sensitive user data easily accessible, there are concerns about surveillance and persecution of individuals critical of the military regime. The military's efforts to monitor and censor the internet, coupled with frequent internet shutdowns, create an environment of fear and limit access to independent news sources. Journalists and activists are employing secure communication measures, such as encrypted messaging platforms and VPNs, but the risks persist.
FROM THE MEDIA: Since the 2021 coup in Myanmar, the country's military has gained control over all four mobile service providers, raising concerns about increased surveillance and persecution of activists, opposition members, and journalists. The consolidation of mobile service providers has made sensitive user data more accessible to the military, compromising privacy and freedom of expression. Experts suggest that the military's actions are part of a broader strategy to monitor and censor the internet. Internet shutdowns, online censorship, and surveillance have led to a "digital dictatorship" in Myanmar, with significant risks for journalists and activists.
READ THE STORY: VOA
The Role of Open-Source Intelligence in the War in Ukraine
Analyst Comments: The utilization of OSINT in the Ukrainian conflict highlights the transformative impact of open-source information in modern warfare. It demonstrates the power of publicly available data, social media platforms, and satellite imagery tools in shaping military intelligence, countering narratives, and documenting war crimes. The use of OSINT has provided Ukraine with valuable insights, allowing them to anticipate actions and gather international support. It also points out challenges such as the need for verification and the potential for misinformation.
FROM THE MEDIA: Open-source intelligence (OSINT) has played a significant role in the ongoing war in Ukraine, impacting military intelligence, information warfare, media reporting, and the documentation of war crimes. The democratization of intelligence through the abundance of publicly available information has allowed a wider range of individuals to collect and deliver intelligence products. OSINT has been used to monitor troop movements, track war crimes, shape narratives, and assist in war reporting. It has enabled the Ukrainian armed forces to anticipate actions, while also countering Russian narratives and garnering international public opinion in favor of Ukraine. Social media platforms have been instrumental in documenting war crimes, with OSINT initiatives collecting and verifying evidence.
READ THE STORY: Modern Diplomacy
Russia’s economic war with the West moves to a new frontline
Analyst Comments: The Kremlin's retaliatory measures, including the nationalization of foreign assets, signify a significant shift in Russia's response to Western sanctions. The personalized approach and potential divisions within the West are intended to both punish Europe for imposing sanctions and benefit interest groups within Russia. The actions by European authorities, seen as "daylight robbery" by Moscow, have further fueled tensions. The involvement of individuals with security backgrounds, the siloviki, indicates a security-centric approach to the nationalization campaign. The dilemma faced by Western companies in navigating public pressure, sanctions, and Russian requirements underscores the complexities and risks involved.
FROM THE MEDIA: Russia's economic confrontation with the West following the invasion of Ukraine is taking a dangerous turn as the Kremlin escalates retaliatory measures, including the temporary nationalization of foreign assets in the country. Recent court decisions freezing Russian assets in Europe have triggered this response, with the Russian government targeting specific foreign stakeholders to stoke divisions in the West while benefiting interest groups within Russia. European energy firms, such as Finland's Fortum and Germany's Uniper, have already had their Russian assets put under provisional management. The actions by European authorities are viewed by Moscow as "daylight robbery," and Russia is implementing new rules that impose discounts and voluntary donations on Western companies seeking to exit projects with Russian partners. The nationalization campaign is driven by individuals with security service, police, or military backgrounds, known as the siloviki. The Kremlin is expected to engage in separate deals with foreign investors based on their connections in Russia, further driving divisions.
READ THE STORY: FT
China's Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks
Analyst Comments: The use of a custom firmware implant designed for TP-Link routers, along with the Horse Shell backdoor, underscores the sophistication and persistence of the attacks. The specific method of deploying the tampered firmware remains unknown, but the exploitation of known vulnerabilities and default passwords is suspected. The capability of the implant to execute shell commands, upload/download files, and relay communications between clients enhances the threat actor's control and lateral movement within compromised networks. The targeting of residential and home networks suggests the creation of a mesh network, potentially for increased anonymity and concealment. The use of compromised routers as part of a chain of nodes complicates detection and disruption efforts. The involvement of China-affiliated threat actors in similar router-based campaigns has been previously observed, indicating a persistent trend in their tactics and techniques.
FROM THE MEDIA: Chinese state-sponsored threat actor Mustang Panda, also known as Camaro Dragon, has been implicated in a series of targeted attacks on European foreign affairs entities since January 2023. Check Point researchers have identified a custom firmware implant specifically designed for TP-Link routers, featuring a malicious component called 'Horse Shell' that provides persistent access, anonymous infrastructure building, and lateral movement within compromised networks. The exact method of deploying the tampered firmware is unknown, but it is suspected that known security flaws or default passwords were exploited. The Horse Shell implant allows for the execution of shell commands, file uploads and downloads, and communication relaying between clients. Notably, the router backdoor targets devices on residential and home networks, potentially forming a mesh network for creating a chain of nodes between infections and command-and-control servers.
READ THE STORY: THN
South Africa’s flirtation with Moscow risks billions of dollars in US exports
Analyst Comments: The allegations of covertly supplying arms to Russia have significant economic implications for South Africa, particularly in its trade relationship with the US. The potential loss of tariff-free access to US markets through AGOA could have a detrimental impact on South Africa's manufacturing industry, particularly its car exports. The country's economic reliance on the US market, coupled with the already strained relations with the US over various issues, puts South Africa in a vulnerable position. The alleged ties between the ANC and Russia, including financial links, raise concerns about potential conflicts of interest and policy decisions influenced by Russian money. South Africa's reputation as a financial center has already been affected by its placement on an international "grey list," further complicating its economic situation.
FROM THE MEDIA: South Africa is facing economic risks as a result of the fallout from allegations that it covertly supplied arms to Russia. The US accusation has led to a sharp sell-off in South Africa's currency and government bonds, highlighting the economic stakes for a country that has sent less than 1% of its exports to Russia in the past five years. The potential loss of tariff-free access to US markets under the African Growth and Opportunity Act (AGOA) is a real risk, as South Africa exported over $15 billion worth of goods to the US in 2021. AGOA is crucial for sustaining South Africa's manufacturing industry, including carmakers and related industries. While China has surpassed the US as South Africa's biggest trade partner, Chinese imports mainly focus on commodities rather than higher-value goods. The strained relations with the US and potential economic consequences highlight the challenges South Africa faces in its foreign policy and trade relationships.
READ THE STORY: FT
U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator
Analyst Comments: The indictment of a Russian national involved in ransomware attacks underscores the ongoing threat posed by cybercriminals and the global reach of ransomware campaigns. Matveev's alleged involvement in multiple ransomware variants highlights the sophistication and scale of these operations, causing significant financial losses to victims. The fact that the US has issued sanctions and a reward for Matveev's arrest demonstrates the seriousness with which the US government is taking the fight against ransomware. However, the ongoing profitability of the ransomware-as-a-service model indicates that the battle against ransomware is far from over. The joint advisory on BianLian ransomware, as well as the emergence of new strains like LokiLocker, serve as reminders of the evolving nature of ransomware threats and the need for organizations to prioritize robust cybersecurity measures to mitigate the risk.
FROM THE MEDIA: A Russian national, Mikhail Pavlovich Matveev, has been charged and indicted by the US Department of Justice (DoJ) for launching ransomware attacks using LockBit, Babuk, and Hive variants. Matveev is accused of being a central figure in developing and deploying the ransomware since at least June 2020, targeting thousands of victims globally, including law enforcement agencies, hospitals, and schools. The ransom demands made by these campaigns total up to $400 million, with victim payments reaching $200 million. Matveev has been charged with conspiring to transmit ransom demands and intentionally damaging protected computers, and he faces over 20 years in prison if convicted. The US State Department has also offered a reward of up to $10 million for information leading to Matveev's arrest and conviction.
READ THE STORY: THN // The Telegraph
North Korea shows off surveillance satellite it claims it can launch
Analyst Comments: North Korea's showcase of a surveillance satellite highlights its ongoing efforts to project military power and technological prowess. The exact capabilities of the satellite remain unknown, but it is expected to serve propaganda purposes and enhance North Korea's surveillance capabilities. The country's ability to develop and launch a satellite demonstrates its advanced missile technology. However, the development and launch of the satellite are likely funded through illicit means, such as cybercrime and the theft of cryptocurrency. North Korea's history of human rights abuses and its support for cybercriminal activities raise concerns about the regime's priorities and the well-being of its citizens. The satellite launch, if it occurs, will be closely monitored by the international community, given North Korea's history of using its military and technological capabilities to exert influence and advance its own agenda.
FROM THE MEDIA: North Korean leader Kim Jong-un has showcased the country's first surveillance satellite, Military Reconnaissance Satellite No. 1, but without providing details about its capabilities. Kim emphasized that the satellite is a necessary asset for defending North Korea against perceived threats from the United States and South Korea. Launching a satellite would be a significant achievement for North Korea, as only ten nations and the European Union have successfully sent objects into space using their own vehicles. The satellite's purpose is likely to serve as propaganda and demonstrate North Korea's military and technological capabilities. North Korea has a history of repressive governance and is known for supporting cybercriminal activities, including stealing cryptocurrency to fund its weapons programs.
READ THE STORY: The Register
Estonian PM pleads with companies to resist ‘ghost trade’ with Russia
Analyst Comments: Prime Minister Kallas' remarks reflect growing concerns in the Baltic states about the effectiveness of sanctions and the need for stronger measures to prevent the circumvention of trade restrictions. The disproportionate rise in exports to distant countries and suspicions of "ghost trade" highlights the urgency to address these issues. The Baltic states are seeking a more comprehensive approach to tackle the flow of sensitive goods, and Kallas acknowledged the challenges of implementing a complete ban on transit through Russia. The prime minister's call for companies to uphold a moral compass and reject deals that facilitate sanction evasion demonstrates a commitment to maintaining the integrity of international sanctions regimes.
FROM THE MEDIA: Estonian Prime Minister Kaja Kallas has called on local companies to reject deals that could provide Moscow with access to sanctioned goods, citing concerns about Russia's trade practices circumventing Western sanctions. Kallas expressed disappointment with companies that are vocal about security issues but engage in hidden agreements with Moscow. The Baltic states, including Estonia, have seen an increase in exports to countries like Kazakhstan, Kyrgyzstan, and Armenia transiting through Russia, raising suspicions of attempts to bypass sanctions. Kallas also emphasized the need for a comprehensive rule book to prevent the flow of sensitive goods into Russia.
READ THE STORY: FT
Knocking down Hive: How the FBI ran its own ransomware decryption operation
Analyst Comments: The FBI's approach in the Hive takedown reflects a shift in its strategy towards prioritizing victim recovery and disrupting ransomware operations. By providing decryption keys to victims, the FBI not only prevented substantial ransom payments but also offered relief and prevented collateral damage caused by ransomware attacks. The bureau's ability to infiltrate and operate within the adversary's infrastructure allowed for the generation of decryptors. The operation also shed light on the need for improved victim reporting, as a significant number of Hive victims had not reported their victimization. The FBI's ongoing investigation into Hive and its commitment to leveraging cumulative victim data for successful operations further demonstrates the agency's dedication to combating ransomware and protecting victims.
FROM THE MEDIA: The FBI's recent operation to dismantle the ransomware gang Hive showcased a new focus on victim recovery. During the seven-month infiltration of Hive's servers, the FBI generated over 300 decryption keys and discreetly provided them to victims, allowing them to unlock their systems without paying a ransom. The operation prevented approximately $130 million in ransom payments from reaching the gang's cryptocurrency wallets. Bryan Smith, section chief for the FBI's Cyber Criminal Operations Section, highlighted the bureau's victim-centric approach and the importance of disrupting adversaries' activities to increase their costs and benefit victims.
READ THE STORY: The Record
ChatGPT's Chief Testifies Before US Congress as Concerns Grow About AI Risks
Analyst Comments: OpenAI's CEO's testimony underscores the recognition of the need for government intervention in the development and deployment of AI technologies. Concerns about the societal impact of AI systems, including misinformation, copyright violations, and job displacement, have prompted discussions on regulation and oversight. While there is no immediate indication of comprehensive AI regulations in the U.S., the hearing signals an important step toward understanding the potential actions that Congress may consider. Tech industry leaders have expressed openness to some form of AI oversight but caution against overly burdensome regulations. Precision regulation, focusing on specific use cases, has been suggested as a way to address the risks associated with AI without stifling innovation.
FROM THE MEDIA: OpenAI CEO, Sam Altman, testified before the U.S. Congress, highlighting the need for government intervention to mitigate the risks associated with increasingly powerful AI systems. Altman acknowledged public concerns about the impact of AI on society and emphasized the importance of addressing these concerns proactively. The hearing discussed the potential misuse and ethical implications of generative AI tools, such as OpenAI's ChatGPT. While no sweeping AI regulations are imminent in the U.S., government agencies have pledged to address harmful AI products that violate existing laws. IBM's chief privacy and trust officer and other experts also testified at the hearing, with calls for precision regulation to govern AI deployment in specific use cases.
READ THE STORY: VOA
CIA seeks to recruit Russian spies with new video campaign
Analyst Comments: The CIA's recruitment campaign targeting Russian spies through a social media video demonstrates its ongoing efforts to gather valuable intelligence. By using a dramatic narrative and emphasizing the importance of trustworthy individuals speaking out against the Russian government, the CIA aims to engage potential recruits securely. The campaign builds on previous successful recruitment efforts and reflects the agency's interest in various fields, including advanced science, military and cyber technology, financial information, and foreign policy secrets. The CIA's campaign aligns with similar initiatives by the FBI, demonstrating a comprehensive approach to recruiting assets and gathering intelligence.
FROM THE MEDIA: The CIA has launched a recruitment campaign aimed at Russian spies, using a dramatic video published on social media platforms to entice potential recruits to reveal their secrets. The two-minute video, titled "Why I made contact with the CIA: My decision," shows fictional Russian officers contacting the CIA through its dark web portal. The agency aims to reach trustworthy individuals who can provide valuable information about Russia securely. The campaign follows a previous text-based effort to recruit Russians disaffected by the war in Ukraine. The CIA official emphasized that the campaign is not about regime change or fostering instability in Russia.
READ THE STORY: CBS NEWS
The oil and gas sector lags behind other industries in gathering dark web intel
Analyst Comments: The research underscores the growing significance of dark web intelligence for energy companies in light of the evolving cyber threats they face. Dark web auctions and the sale of compromised VPNs pose considerable risks, as demonstrated by the Colonial Pipeline ransomware attack. The findings highlight the need for energy companies to enhance their cybersecurity measures and prioritize the detection and prevention of common tactics, techniques, and procedures (TTPs) used by adversaries. The report also calls attention to the potential ramifications of a breach in the energy sector, given its critical role in global infrastructure. Heightened awareness and proactive measures are essential to mitigate risks and protect against cyber threats in the energy industry.
FROM THE MEDIA: According to a recent study by Searchlight Cyber, 72% of oil and gas companies are utilizing dark web intelligence to safeguard against cyberattacks. However, the research suggests that the energy sector lags behind other industries, such as financial services, manufacturing, and transportation, in terms of adopting dark web intelligence. The study highlights the prevalence of dark web auctions for initial access to energy companies and the sale of compromised VPNs, which can be used by threat actors to breach security systems. The report emphasizes the need for energy companies to recognize the evolving cybersecurity landscape and the potential consequences of dark web activity on their operations.
READ THE STORY: SCMAG
New ZIP domains spark debate among cybersecurity experts
Analyst Comments: The introduction of Google's .zip and .mov domains has raised valid concerns regarding the potential for phishing and malware threats. The automatic conversion of filenames into clickable URLs on certain platforms could deceive individuals into thinking they are visiting trusted sources. Threat actors could exploit this confusion by registering similar domain names to trick users into clicking on malicious links. While some dismiss the concerns, it is important to exercise caution when interacting with unfamiliar URLs and to verify their legitimacy before clicking. Adhering to standard security practices, such as not clicking on untrusted links and practicing good online hygiene, remains crucial to mitigating the risks associated with these new TLDs.
FROM THE MEDIA: Cybersecurity researchers and IT administrators have expressed concerns about Google's new top-level domains (TLDs), specifically .zip and .mov, warning that threat actors could exploit them for phishing attacks and malware distribution. The worry stems from the fact that these TLDs match commonly used file extensions, potentially leading to the automatic conversion of innocuous filenames into clickable URLs on various platforms. There are fears that individuals may mistakenly trust these URLs and fall victim to phishing scams or inadvertently download malware. While some argue that the concerns are exaggerated, others emphasize the need for caution and awareness when interacting with such URLs.
READ THE STORY: Bleeping Computer
Identity-focused attacks remain the most vulnerable entry point to an organization
Analyst Comments: The CISA red team assessment highlights the importance of addressing identity-focused attacks as a significant security vulnerability. Organizations must recognize that email-based threats, such as spearphishing, pose a significant risk. It is crucial to invest in robust security solutions that go beyond compliance requirements and provide effective detection and response capabilities. Implementing ITDR practices, including the use of ITDR platforms like Illusive, can enhance an organization's ability to detect and mitigate threats, limiting attackers' ability to maintain a persistent presence in the network. Understanding the true threat model and allocating security resources accordingly can help organizations prioritize their security investments and strengthen their overall security posture.
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team assessment in response to a request from a critical infrastructure organization, revealing that the team was able to gain persistent access to the organization's network through spearphishing emails. The assessment emphasized the vulnerability of identity-focused attacks as the primary entry point for threat actors. Many organizations lack the necessary tools to detect and alert them when an attacker gains access to their environment, allowing attackers to maintain persistence, gather information, and escalate privileges. Implementing identity threat, detection, and response (ITDR) practices, such as deploying honeypots and using ITDR platforms, can help detect and prevent credential abuse and provide better visibility into potential threats.
READ THE STORY: FedScoop
DOJ indictment alleges China's United Front involvement in repression
Analyst Comments: The CISA red team assessment highlights the importance of addressing identity-focused attacks as a significant security vulnerability. Organizations must recognize that email-based threats, such as spearphishing, pose a significant risk. It is crucial to invest in robust security solutions that go beyond compliance requirements and provide effective detection and response capabilities. Implementing ITDR practices, including the use of ITDR platforms like Illusive, can enhance an organization's ability to detect and mitigate threats, limiting attackers' ability to maintain a persistent presence in the network. Understanding the true threat model and allocating security resources accordingly can help organizations prioritize their security investments and strengthen their overall security posture.
FROM THE MEDIA: The Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team assessment in response to a request from a critical infrastructure organization, revealing that the team was able to gain persistent access to the organization's network through spearphishing emails. The assessment emphasized the vulnerability of identity-focused attacks as the primary entry point for threat actors. Many organizations lack the necessary tools to detect and alert them when an attacker gains access to their environment, allowing attackers to maintain persistence, gather information, and escalate privileges. Implementing identity threat, detection, and response (ITDR) practices, such as deploying honeypots and using ITDR platforms, can help detect and prevent credential abuse and provide better visibility into potential threats.
READ THE STORY: AXIOS
Large language models' surprise emergent behavior written off as 'a mirage'
Analyst Comments: The study conducted by Stanford University researchers challenges the notion of emergent abilities in large language models, providing a critical perspective on the interpretation of these models' capabilities. By emphasizing the role of measurement methods and benchmarks, the researchers argue that the perceived emergent abilities are not necessarily unique to larger models but may also exist in smaller models. This challenges the prevailing assumption that larger models possess a fundamentally different level of competence. The findings have implications for the practical deployment of language models, suggesting that smaller models may be a viable alternative to achieve desired tasks without the need for extensive scaling.
FROM THE MEDIA: Computer scientists from Stanford University have questioned the concept of "emergent" abilities in large language models (LLMs), arguing that these abilities are a result of mismeasurement rather than true intelligence. LLMs, like GPT-3, have been praised for their unexpected capabilities as they grow in size. However, the researchers contend that these perceived emergent abilities are actually a consequence of using poorly chosen measurement methods and pass-or-fail tests that favor larger models. They propose that smaller models have the potential to perform the same tasks but are not favored by the benchmarks used. Their findings suggest that the transition in abilities is more gradual as models scale, challenging the belief in a sudden leap in capabilities for larger models. This implies that smaller, more cost-effective models could be sufficient for many applications.
READ THE STORY: The Register
Justice and Commerce Department ‘strike force’ target theft of quantum, autonomous technologies
Analyst Comments: The announcement of coordinated enforcement actions by the Disruptive Technology Strike Force underscores the U.S. government's commitment to combatting the illicit acquisition of sensitive U.S. technologies by adversarial nations. By targeting individuals and networks involved in procuring and transferring critical technologies, the initiative aims to disrupt the efforts of China, Russia, and Iran to enhance their military capabilities and national security posture. The cases highlight the importance of export control laws and the need for close cooperation between law enforcement agencies to address the challenges posed by technology transfer to adversarial nations. As the Strike Force continues its work, it is likely to bring further cases and contribute to ongoing efforts to safeguard U.S. technology and maintain a competitive advantage in strategic areas.
FROM THE MEDIA: The newly formed Disruptive Technology Strike Force, a joint initiative by the U.S. Justice and Commerce Departments, has announced five coordinated enforcement actions targeting individuals involved in helping China, Russia, and Iran gain access to sensitive U.S. technologies. Two of the cases focus on procurement networks allegedly aiding Russia in violating American export control laws to obtain technology crucial to national security, including quantum cryptography. The charges come as part of the strike force's efforts to combat illicit actors and safeguard critical technologies from being exploited by nation-state adversaries. The initiative involves multiple U.S. law enforcement agencies, promotes data and intelligence sharing, and aims to prevent technology transfers that support the military capabilities of adversarial nations.
READ THE STORY: Cyberscoop
VW talks to Huawei about licensing software for cars in China
Analyst Comments: Volkswagen's discussions with Huawei highlight its efforts to strengthen its presence in China's EV market, where competition is intense. By leveraging Huawei's software expertise, VW aims to improve its offerings and cater to the preferences of Chinese consumers. This move is in line with VW's strategy to invest in autonomous driving and upgrade its operating platform to deliver advanced features. While concerns surrounding US-China tensions persist, VW sees value in partnering with Chinese tech companies to tap into their capabilities and benefit from the perception of working with local suppliers.
FROM THE MEDIA: Volkswagen (VW) has engaged in talks with Huawei to potentially incorporate Huawei's software in its vehicles sold in China, aiming to enhance its position in the country's growing electric vehicle (EV) market. VW's software division, Cariad, has faced challenges since its establishment, leading to delays in launching new electric models. By partnering with Chinese tech companies like Huawei, VW hopes to gain traction in China's EV market, where it currently trails behind competitors such as Tesla and BYD. Despite geopolitical tensions, VW recognizes the potential benefits of collaborating with local Chinese suppliers to meet consumer expectations.
READ THE STORY: FT
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules
Analyst Comments: The emergence of CopperStealth and CopperPhish demonstrates the evolving tactics of the Water Orthrus threat actor group, highlighting their intention to diversify their criminal activities and expand their financial gains. The use of pay-per-install networks and deceptive techniques to distribute malware underscores the need for continued vigilance among users, particularly when downloading software from untrusted sources. The incorporation of advanced features, such as credential verification and confirmation codes, in the CopperPhish phishing kit showcases the group's efforts to improve its success rates.
FROM THE MEDIA: The threat actor group known as Water Orthrus, responsible for the CopperStealer malware, has launched two new campaigns featuring novel payloads named CopperStealth and CopperPhish. The group, previously associated with the Scranos campaign, has a history of utilizing pay-per-install networks to distribute CopperStealer. The recent attacks involve distributing CopperStealth through Chinese software-sharing websites, employing a rootkit and payload injection techniques. Meanwhile, CopperPhish is deployed via free anonymous file-sharing websites, using a phishing kit to harvest credit card information. The attribution to Water Orthrus is based on similarities in source code with CopperStealer, indicating the group's evolution and expansion of capabilities.
READ THE STORY: THN
This Is Catfishing on an Industrial Scale
Analyst Comments: WIRED's in-depth investigation sheds light on the unethical and exploitative nature of virtual dating scams. The article effectively captures the experiences of former freelancers, providing insight into the tactics used to extend conversations and extract payment from users. The discussion around the legal gray area in which these companies operate, combined with the global scale of the scams facilitated by technology, underscores the need for increased awareness and regulation. By exposing the dark reality of fake online profiles, the report serves as a cautionary reminder for individuals seeking meaningful connections online.
FROM THE MEDIA: WIRED's investigation exposes the disturbing world of freelancers employed to create and animate fake profiles on dating and hookup sites. These individuals adopt false identities to chat with users, luring them into paying for conversations with fictional characters. Former freelancers reveal the detailed profiles they were given, the emotional manipulation they employed, and the financial impact on vulnerable individuals seeking genuine connections. The report also highlights the prevalence of black market subletting of accounts and raises ethical concerns about the deceptive practices involved.
READ THE STORY: Wired
Items of interest
Of course, Russia's ex-space boss doubts US set foot on the Moon
Analyst Comments: Dmitry Rogozin's doubts about the Apollo 11 Moon landing are not novel, as conspiracy theories questioning the authenticity of the mission have persisted for years. Despite this, overwhelming evidence, including photographs, video footage, and independent verification from various sources, supports the fact that the Apollo missions successfully landed astronauts on the Moon. Rogozin's skepticism seems to be based on personal skepticism rather than substantial evidence. It is important to note that his viewpoint does not represent the consensus of the scientific community or the official stance of the Russian space agency. The Moon landing remains a significant milestone in human space exploration, widely celebrated for its scientific, technological, and historical significance.
FROM THE MEDIA: Former director general of Russia's space agency Roscosmos, Dmitry Rogozin, has expressed skepticism regarding the authenticity of NASA's historic Apollo 11 Moon landing in 1969. Rogozin claimed that he had requested evidence from Roscosmos to support the lunar landing but only received a book containing anecdotal evidence. During his tenure at Roscosmos, he stated that he found no data convincing enough to affirm that the Apollo 11 mission successfully landed on the Moon. Rogozin's skepticism has faced criticism from NASA supporters and Russian scientists, who accuse him of attempting to sow discord between the United States and Russia. However, his views do not reflect the official position of the Russian space agency or the broader scientific community.
READ THE STORY: The Register
GPT-4 for Bug Bounty, Audit & Pentesting (Video)
FROM THE MEDIA: n the video titled "GPT-4 for Bug Bounty, Audit & Pentesting?? He actually found some 0-days," the speaker explores the capabilities of GPT-4 in finding vulnerabilities in software. The speaker gives GPT-4 snippets of code and asks it to identify any vulnerabilities. They provide some context to GPT-4, stating that it is an expert in cybersecurity and vulnerability research. The speaker presents three examples for analysis. In the first example, a simple Python function is given, which triggers a runtime error when certain data is inputted. The speaker explains that if this code is run on a server, the runtime error can lead to a denial-of-service attack. GPT-4 successfully identifies this vulnerability and suggests validating input from untrusted sources.
Automated Black-box Security Testing Of “Smart” Embedded Devices (Video)
FROM THE MEDIA: Black-box fuzzing is often the only viable automated testing option in several scenarios. This is particularly important in the domain of the Internet of Things (IoT) and embedded devices, due to the difficulties in obtaining or extracting custom firmware. Unfortunately, when applied naively, black-box fuzzing mostly produces invalid inputs, which are quickly discarded by the targeted device and do not penetrate its code. When dealing with IoT devices, another alternative is to leverage the companion apps (i.e., the mobile apps used to control an IoT device) to generate well-structured fuzzing inputs. This solution leads to better results but it is still ineffective as it produces fuzzing inputs that are constrained by app-side validation code, thus significantly limiting the range of discovered vulnerabilities.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.