Daily Drop (498): Iranian Targets Israeli, AMD Utilizes Old CPUs, US Bans DPRK Outsourcer, Lazarus Group, CN Hackers Attack Kenya, US Rare Earth Challenges China, IP Theft Ukraine
05-24-2023
Wednesday, May 24, 2023 // (IG): BB // Intro Exploit Dev // Coffee for Bob
Chinese Foreign Minister Engages in Discussions with Dutch Deputy Prime Minister - After the ASML IP Theft
Analyst Comments: The dialogue between China and the Netherlands illustrates a mutual intent to deepen cooperation in various sectors. However, the backdrop of the intellectual property theft incident involving ASML, a Dutch semiconductor company, complicates the relationship. ASML recently reported that a former employee in China misappropriated data related to its proprietary technology. While the company does not believe this misappropriation materially impacts its business, it has reported the incident to relevant authorities. ASML has a unique position in the chip supply chain, producing a unique tool required for advanced semiconductors. This is not the first time ASML has reported intellectual property theft, having previously alleged that Chinese companies infringed on its IP rights.
The incident raises questions about the future of Netherlands-China relations, particularly in the context of trade and intellectual property protection. While Qin emphasized China's willingness to strengthen intellectual property rights protection, the ASML incident might raise concerns for Dutch companies about operating in China. Given the strategic importance of ASML's technology for advanced chip manufacturing, the incident could also have geopolitical implications, particularly considering the ongoing technology rivalry between the US and China. The Netherlands will likely have to navigate these complexities as it seeks to further its cooperation with China.
FROM THE MEDIA: Chinese State Councilor and Foreign Minister Qin Gang and Dutch Deputy Prime Minister and Foreign Minister Wopke Hoekstra recently held talks in Beijing. The two sides discussed a range of topics including economic, trade, and investment cooperation, cultural and people-to-people exchanges, and multilateral cooperation in arms control, cyber security, and climate change. Qin expressed China's willingness to expand market access and strengthen intellectual property rights protection, and the hope that the Netherlands would provide a non-discriminatory business environment for Chinese companies. Qin also reiterated China's stance against decoupling and severing supply chains. Hoekstra reaffirmed the Netherlands' adherence to the one-China policy and expressed a desire to deepen cooperation in various fields, including agriculture and innovation. Hoekstra also appreciated China's efforts in promoting peace talks and expressed hope for China's constructive role in the peaceful settlement of the Ukraine crisis.
READ THE STORY: Shine (CN) Probably Propaganda
Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation
Analyst Comments: The warning from CERT-UA highlights the persistence of threat actors engaging in espionage activities and the evolving tactics they employ. Despite Microsoft disabling macros by default in Office files downloaded from the web, attackers continue to leverage macro-based malware, indicating their ability to adapt and circumvent security measures. The adoption of uncommon file types and techniques like HTML smuggling further demonstrates the agility of threat actors in developing and deploying new payload delivery mechanisms. This shift in tactics, as observed by enterprise security firm Proofpoint, emphasizes the need for organizations to remain vigilant and adapt their security defenses to address emerging threats.
FROM THE MEDIA: The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about an ongoing espionage campaign targeting state bodies in Ukraine. The campaign, attributed to a threat actor known as UAC-0063, involves the use of phishing emails to deliver various malicious tools onto compromised systems. The emails masquerade as communications from the Embassy of Tajikistan in Ukraine and contain a Microsoft Word document that, when macros are enabled, deploys encoded VBScript and drops additional malware. The attack chain includes a keylogger, a Python-based backdoor, and a file exfiltration tool. The campaign's infrastructure suggests that organizations in Mongolia, Kazakhstan, Kyrgyzstan, Israel, and India are also potential targets
READ THE STORY: THN
AMD scours parts bin for old CPUs, GPUs to put in Chromebooks
Analyst Comments: AMD's decision to launch a line of chips specifically for Chromebooks indicates the company's recognition of the growing demand for these devices. By using older CPU and GPU architectures, AMD can potentially lower the cost of these chips, making them an appealing choice for budget-conscious consumers or institutions looking to purchase Chromebooks in large quantities. The expected long battery life is a crucial feature for portable devices like Chromebooks. However, the performance of these chips may not be as high as that of AMD's latest CPUs. It will be interesting to see how the market responds to these chips and whether they can compete effectively with other processors designed for Chromebooks.
FROM THE MEDIA: AMD has announced a new line of chips, the 7020C-series, specifically designed for Chromebooks. These chips combine four-year-old Zen-2 cores with over two-year-old RDNA-2 GPUs, and a modern memory controller with support for the latest LPDDR5 DRAM, assembled using a TSMC 6nm process. Despite the older CPU and GPU architectures, AMD claims these processors can achieve between 17 and 19.5 hours of battery life, likely due to the more modern 6nm process technology. These chips, with a 15W TDP and AMD's Radeon 610M graphics, are not AMD's fastest, but they can support up to three 4K monitors. The chips will be available in various Chromebooks, including those made by Dell and Asus, starting in Q2 2023.
READ THE STORY: The Register
Suspected Iranian hackers target Israeli shipping and logistics companies
Analyst Comments: The hacking campaign targeting Israeli shipping and logistics websites highlights the ongoing cyber tensions between Israel and Iran. Iranian hackers have been expanding their cyber capabilities and using techniques such as watering hole attacks to compromise targeted organizations. The collection of user data, including IP addresses and browsing history, can have serious privacy and security implications for the affected individuals. Organizations in the shipping and logistics sector, as well as other critical sectors, should remain vigilant and implement robust cybersecurity measures to defend against such attacks.
FROM THE MEDIA: Several shipping and logistics websites in Israel have been targeted in a hacking campaign attributed to the Iranian nation-state hacker group Tortoiseshell, according to cybersecurity company ClearSky. The hackers used a watering hole attack, compromising websites frequently visited by specific groups of people. The attack involved injecting malicious JavaScript code into the websites, which collected user data such as IP addresses, screen resolutions, and previously visited URLs. The majority of the compromised websites were hosted on the uPress hosting service. Israel and Iran have been engaged in a covert cyberwar, with Iranian state-sponsored actors enhancing their cyber capabilities and targeting Israeli organizations.
READ THE STORY: The Record
USA Rare Earth Seeks to Challenge China's Dominance in the Rare Earth Market
Analyst Comments: USA Rare Earth's endeavor to become a major player in the rare earth metals industry in the U.S. presents an opportunity to reduce dependence on China and enhance national security. The company's focus on supplying rare earth magnets for EVs aligns with the growing demand for clean energy technologies. However, competition with China, which dominates the rare earth market, poses significant challenges. USA Rare Earth will need substantial investments, government support, and tax incentives to achieve its goals. The success of the venture will depend on factors such as geopolitical dynamics, market demand, and regulatory policies. Regardless, establishing a domestic supply chain for rare earth metals could enhance the resilience and autonomy of the U.S. electronics industry.
FROM THE MEDIA: USA Rare Earth, a startup aims to become the sole American supplier of rare earth metals crucial to national security and electric vehicle (EV) production. The company plans to invest over $500 million to ramp up mining, extraction, and refining by 2027. It will start supplying high-performance rare earth magnets for EVs and electronics by 2024. By challenging China, which controls over 90% of the rare earth supply chain, USA Rare Earth seeks to address vulnerabilities in the U.S. electronics supply chain. The company anticipates strong demand from the U.S. defense industry and predicts significant growth in magnet revenue and rare-earth oxide production. However, challenges remain, including potential retaliation from China and the need for government support and tax incentives.
READ THE STORY: EET
US bans North Korean outsourcer and its feisty freelancers
Analyst Comments: The OFAC's ban is an effort to curb the DPRK's alleged use of IT workers to fund its weapons and missile programs. By targeting the firms that employ these workers, the US government is aiming to disrupt a significant source of the DPRK's revenue. However, the effectiveness of this strategy may be limited by the ability of these workers to hide their identities and nationalities. As these workers are involved in a wide variety of sectors and have a focus on virtual currency projects, it underscores the need for businesses, particularly those in wealthier nations, to exercise due diligence when hiring offshore freelancers. It also highlights the potential risks associated with virtual currencies, which can be used to facilitate illicit financial activities. This move by the OFAC also further emphasizes the ongoing tension and the complex nature of the cyber landscape between the US and DPRK.
FROM THE MEDIA: The US Department of the Treasury's Office of Foreign Assets Control (OFAC) has prohibited transactions with the North Korean IT service provider, Chinyong Information Technology Cooperation Company, also known as Jinyong IT Cooperation Company. This firm is accused of employing IT workers from the Democratic People's Republic of Korea (DPRK) who operate primarily in Russia and Laos and send their earnings back home. These funds are believed to support the DPRK's weapons and missile programs. These workers often conceal their identities and tend to target wealthier countries. They are also involved in virtual currency projects, which they use to manage their payments and launder funds back to the DPRK. In addition to Chinyong, the Treasury has banned three other entities associated with North Korea's cyber activities: Pyongyang University of Automation, the Technical Reconnaissance Bureau, and the 110th Research Center.
READ THE STORY: The Register
GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments
Analyst Comments: GoldenJackal's targeting of government and diplomatic entities in the Middle East and South Asia underscores the ongoing threat of state-sponsored cyber espionage in the region. The group's stealthy nature and use of tailored malware demonstrate its advanced capabilities and dedication to evading detection. The reliance on trojanized installers and malicious documents highlights the importance of user awareness and robust security measures to prevent initial compromise. Organizations in the targeted regions should enhance their cybersecurity defenses, including implementing strong access controls, conducting regular security assessments, and staying informed about emerging threats.
FROM THE MEDIA: A new advanced persistent threat (APT) group named GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia, according to cybersecurity firm Kaspersky. The group, suspected to be active for at least four years, conducts espionage operations by infecting victims with tailored malware that steals data, spreads through removable drives, and conducts surveillance. While the origin and affiliation of GoldenJackal remain unknown, its tactics and attempts to maintain a low profile suggest a state-sponsored group. Some tactical overlaps have been observed with Turla, a Russian APT group. The group employs trojanized Skype installers and malicious Microsoft Word documents to initiate the attacks. The malware deployed by GoldenJackal includes JackalControl, JackalSteal, JackalWorm, JackalPerInfo, and JackalScreenWatcher. The group also relies on hacked WordPress sites as relays to forward web requests to its command-and-control servers.
READ THE STORY: THN
Chinese hackers attacked the Kenyan government as debt strains grew
Analyst Comments: The targeting of the Kenyan government by Chinese hackers raises concerns about the use of cyber espionage to gain access to sensitive information and exert influence over a country's financial and strategic decisions. China's growing influence in Africa, particularly through infrastructure projects and loans, has made it crucial for them to monitor the financial situation of debtor countries like Kenya. The cyber intrusions highlight the need for robust cybersecurity measures and increased awareness of the risks associated with foreign investment and debt dependency. It is essential for Kenya and other nations to strengthen their cybersecurity defenses and establish proactive strategies to safeguard their national interests in the face of increasing cyber threats.
FROM THE MEDIA: Chinese hackers targeted the Kenyan government in a series of digital intrusions over the past few years, with the aim of gaining information about Kenya's debt owed to China, according to sources, cybersecurity research reports, and technical data analysis. The hacking campaign, attributed to a Chinese state-linked hacking group known as "Backdoor Diplomacy," targeted key ministries and government departments, including the presidential office. The attacks demonstrate China's willingness to leverage its espionage capabilities to monitor and protect its economic and strategic interests abroad. Kenya's financial strain and its role in China's Belt and Road Initiative make it a strategic target for Chinese hackers. The Chinese government denies any involvement in the hacks.
READ THE STORY: Reuters // Asia Financial
Keep reading with a 7-day free trial
Subscribe to Bob’s Newsletter to keep reading this post and get 7 days of free access to the full post archives.