Daily Drop (511): DEFCON: CTF SAT, Europe & Africa Energy Cooperation, Chinese Gang Phishes UAE, Cyclops Ransomware Offers Stealer, Bankrupt Crypto Companies Battle

06-06-23

Tuesday, Jun 06, 2023 // (IG): BB // Intro Exploit Dev // Coffee for Bob

China Establishing 'Commanding Lead' with Key Military Technologies

Analyst Comments: The ASPI analysis highlights the significant lead that China has established in key military technologies, raising concerns about potential dominance in future advancements. China's commanding position in hypersonics, electronic warfare, and undersea capabilities could have significant implications for its military prominence in the Indo-Pacific region and beyond. The study underscores the need for increased collaboration among US allies and partners to address the technological gap. The AUKUS partnership and similar initiatives could facilitate technology sharing and cooperative research efforts to enhance capabilities and counterbalance China's advancements.

FROM THE MEDIA: An analysis by the Australian Strategic Policy Institute (ASPI) suggests that China has established a commanding lead in key military technologies, including hypersonics, electronic warfare, and undersea capabilities. The study found that China leads in 19 out of 23 key categories, raising concerns that China may dominate future technological breakthroughs in these areas. China produces over 73% of all high-impact research in hypersonics and has nine of the top 10 leading research institutions in the field. The analysis also highlights the significant presence of Chinese authors who received post-graduate training in the US, Australia, or Britain, indicating that China is leveraging Western research institutions to its advantage. While the US and its allies maintain an edge in certain areas like autonomous systems and quantum computing, China's research advantage remains substantial.

READ THE STORY:   VOA

First in space: SpaceX and NASA launch a satellite that hackers will attempt to infiltrate during DEF CON

Analyst Comments: The use of an actual satellite in orbit for the Hack-A-Sat competition signifies a significant step forward in understanding and addressing cybersecurity challenges in space systems. The competition provides a valuable opportunity for researchers to explore and identify vulnerabilities in satellites, which can inform the development of improved cybersecurity measures. As space systems become more interconnected and reliant on commercial off-the-shelf products, securing these systems becomes increasingly critical. The participation of government agencies and the recognition of space systems as critical infrastructure highlight the growing importance of space cybersecurity. By simulating real-world cyberattacks in a space environment, researchers can gain insights into the unique complexities and risks associated with securing satellite systems.

FROM THE MEDIA: SpaceX and NASA have sent a satellite called Moonlighter into low-earth orbit as part of the Hack-A-Sat competition, which aims to identify vulnerabilities in satellites and improve cybersecurity in space. Moonlighter, a CubeSat, will be used as an experimental "hacking sandbox" during the DEF CON hacking conference in Las Vegas. The competition, a collaboration between The Aerospace Corporation, the Air Force Research Laboratory, and U.S. Space Systems Command, marks the first time that the Hack-A-Sat competition will take place using an actual satellite in orbit rather than simulations. The initiative reflects the increasing focus on securing space systems and addressing potential vulnerabilities in the space industry and among cybersecurity experts. The competition will help researchers understand cyber operations in space, given the challenges posed by the remote and automated nature of satellite systems.

READ THE STORY:   Cyberscoop

Europe Cooperating in the Energy Sector with Africa

Analyst Comments: The Invest in African Energy Paris edition organized by the African Energy Chamber was a significant event that furthered the dialogue on energy cooperation between Africa and Europe. By bringing together key stakeholders from both regions, the forum facilitated discussions on investment prospects, collaboration opportunities, and the potential of Africa's energy sector. The emphasis on gas monetization, renewable energy, and academic cooperation demonstrated a comprehensive approach to addressing Africa's energy needs and leveraging Europe's expertise and resources. The participation of high-profile speakers and the signing of cooperation agreements underscored the commitment to foster partnerships and drive economic growth through energy development. The forum's focus on financing African energy projects, developing LNG infrastructure, and promoting renewable energy solutions highlighted the importance of sustainable and inclusive energy transitions for the continent.

FROM THE MEDIA: The African Energy Chamber (AEC) organized the Invest in African Energy Paris edition, a forum aimed at strengthening African-Europe relations and promoting investment in African energy projects. The event brought together energy ministers, policymakers, renewable energy companies, and potential investors to discuss Africa's hydrocarbon resources and their role in driving socioeconomic growth. The forum highlighted the potential for gas monetization in countries like Congo, Namibia, and the Democratic Republic of Congo. It also emphasized the importance of logistics in supporting Africa's energy availability and the role of European players in financing and developing Africa's hydrocarbon resources.

READ THE STORY:   Modern Diplomacy

Chinese PostalFurious Gang Strikes UAE Users with Sneaky SMS Phishing Scheme

Analyst Comments: The phishing campaign by PostalFurious targeting users in the U.A.E. highlights the ongoing threat posed by phishing attacks. The use of SMS messages impersonating trusted organizations is a common tactic employed by cybercriminals to deceive individuals into revealing sensitive information. The campaign's specific targeting of U.A.E. residents and the use of localized IP geofencing indicate a level of sophistication. Organizations and individuals should remain vigilant against such attacks, exercise caution when clicking on links or providing personal information, and implement security measures such as keeping software up-to-date and practicing strong digital hygiene.

FROM THE MEDIA: A Chinese-speaking phishing group known as PostalFurious has been identified in a new SMS phishing campaign targeting users in the United Arab Emirates (U.A.E.), according to cybersecurity firm Group-IB. The scam involves sending fraudulent text messages pretending to be from postal services and toll operators, requesting payment for a vehicle trip fee to avoid fines. The messages include shortened URLs that lead to phishing pages designed to steal payment credentials and personal information. The phishing pages mimic the official name and logo of the impersonated postal service provider. The campaign has been active since April 15, 2023. The phishing links are geofenced to be accessible only from U.A.E.-based IP addresses, and the threat actors constantly register new phishing domains to expand their reach. Group-IB emphasizes the transnational nature of organized cybercrime demonstrated by PostalFurious operations.

READ THE STORY:   THN

US sues Binance and founder Zhao over “web of deception"

Analyst Comments: The SEC's lawsuit against Binance and its CEO represents a significant development in the regulatory scrutiny faced by the cryptocurrency industry. The charges raised by the SEC, if proven true, could have severe consequences for Binance's operations and reputation. The lawsuit also highlights the ongoing efforts by regulators to enforce securities laws and protect investors in the cryptocurrency space. The outcome of this case could set important precedents for how cryptocurrencies and digital asset exchanges are regulated in the future. The impact of the lawsuit on the broader crypto industry remains to be seen, but it is likely to create ripples and increase regulatory scrutiny on other platforms as well.

FROM THE MEDIA: The U.S. Securities and Exchange Commission (SEC) has filed a lawsuit against Binance, the world's largest cryptocurrency exchange, and its CEO Changpeng Zhao (CZ), accusing them of operating a "web of deception" and violating securities laws. The SEC complaint lists 13 charges, including artificially inflating trading volumes, diverting customer funds, misleading investors, and failing to restrict U.S. customers from the platform. The SEC also alleges that Binance and Zhao secretly controlled customers' assets and engaged in wash trading to inflate trading volumes. Binance has stated its intention to vigorously defend against the allegations and claims that the SEC's actions are limited in reach since Binance is not a U.S. exchange.

READ THE STORY:   Reuters

Cyclops Ransomware Gang Offers Go-Based Info Stealer to Cybercriminals

Analyst Comments: The emergence of an information stealer component associated with the Cyclops ransomware demonstrates the expanding capabilities and ambitions of threat actors. Information stealers are a significant threat as they can lead to various types of financial fraud and compromise individuals' privacy. Organizations and individuals should implement robust security measures, including endpoint protection, regular software updates, and user education on safe computing practices, to mitigate the risk of ransomware and information stealer attacks.

FROM THE MEDIA: Threat actors associated with the Cyclops ransomware are offering an information stealer malware designed to capture sensitive data from infected systems, according to a report by Uptycs. The ransomware targets Windows, macOS, and Linux operating systems and terminates processes that could interfere with encryption. The information stealer component, written in Golang, targets Windows and Linux systems and captures various details such as operating system information, computer name, number of processes, and files of interest. The harvested data is then uploaded to a remote server.

READ THE STORY:   THN

Bankrupt Crypto Companies Are Fighting Over a Dwindling Pot of Money

Analyst Comments: The legal battle between FTX and Genesis Global Capital demonstrates the complexity of resolving financial disputes within the crypto industry. As both companies navigate bankruptcy proceedings, the outcome will have significant implications for creditors and the recovery of their funds. The case also sheds light on the vulnerabilities of tightly connected crypto players, where the collapse of one company can have a domino effect on others. The legal conflict between FTX and GGC will likely involve intricate negotiations and potential settlement discussions to reach a resolution.

FROM THE MEDIA: The liquidator of bankrupt crypto exchange FTX is seeking to retrieve nearly $4 billion from Genesis Global Capital (GGC), a crypto lender, through a legal battle in the Southern District of New York. FTX claims that GGC made payments shortly before FTX's collapse, and these payments should be reversed under US bankruptcy laws. The court hearing is expected to take place on June 15. The outcome of the case will impact the recoveries for Genesis creditors, and if FTX's claims are legitimate, the recoveries for Genesis creditors will be very low. The case highlights the interconnectedness of major crypto players and the challenges faced during the unraveling of their intertwined estates.

READ THE STORY:   Wired

Hype or Hoax: Are Russian Cyber Capabilities Robust Enough to Cripple Ukraine?

Analyst Comments: The analysis highlights the limitations of Russia's cyber and electronic warfare capabilities and the importance of adaptive defense measures in countering cyber threats. It underscores the need for continuous improvement and collaboration in the cyber domain, as adversaries can develop countermeasures and enhance their defensive capabilities. The lessons from the war in Ukraine serve as a reminder to nations to remain vigilant, avoid complacency, and recognize the evolving nature of cyber warfare. The analysis also highlights the potential impact of cyber operations when integrated with traditional kinetic actions, emphasizing the need for a comprehensive approach to national security.

FROM THE MEDIA: The war in Ukraine has exposed the shortcomings of Russian cyber and electronic warfare capabilities, challenging assumptions that Russia's cyber operations would be able to overwhelm Ukrainian defenses. Before the conflict, Russia's successful cyberattacks, such as the infiltration of the Democratic National Convention servers during the 2016 U.S. Presidential elections, led to complacency and assumptions that Russia would easily dominate in the cyber domain. However, Russia's cyber operations in Ukraine have been met with improved defensive capabilities from Ukraine, aided by foreign assistance, including from private firms and the U.S. military. Russia's inability to coordinate cyberattacks with kinetic actions and logistical failures have limited the impact of their cyber operations in the war. The lessons learned from the war in Ukraine emphasize the potential scope of destruction in future conflicts and the need for integrating cyber capabilities into conventional warfare.

READ THE STORY:   TSB