Saturday, Jun 10, 2023 // (IG): BB // Intro Exploit Dev // Coffee for Bob
Pro-Ukraine hackers claim to take down a Russian Internet provider
Analyst Comments: The attack on Infotel, particularly its severity, signifies an escalation in the cyber conflict between pro-Ukrainian and pro-Russian forces. The ability to successfully conduct a "massive" attack that causes significant operational disruption is a concerning development and indicates a high level of sophistication among the pro-Ukrainian hacking group. This event further illustrates how cyber warfare is being integrated into traditional conflict, with cyberattacks now a common weapon in the ongoing war between Ukraine and Russia. Given the essential services provided by Infotel, the attack could have serious implications for Russian businesses, particularly in the banking sector.
FROM THE MEDIA: A pro-Ukrainian hacking group, the Cyber Anarchy Squad has launched a significant cyberattack on Infotel, a Russian internet and telecommunications company primarily used by banks and online stores. Infotel confirmed the cyberattack, stating that part of its network equipment was damaged and restoration work was underway. The Cyber Anarchy Squad claimed full responsibility for the attack, stating they had "completely destroyed" Infotel's infrastructure. As Infotel provides services to Russia's Central Bank and connects it to local banks and online stores, the attack might create issues for Russian businesses in accessing banking systems and making payments.
READ THE STORY: The Record
Ukrainian hackers target telecom firm connected to the Russian central bank
Analyst Comments: The cyber-attack on Infotel represents an escalation of the ongoing cyber warfare between Russia and Ukraine. The Cyber Anarchy Squad's claimed attack, especially if it led to disruptions in the Russian banking system, signifies a significant offensive by the Ukrainian side. It also underscores the vulnerability of critical infrastructure to cyber-attacks. The use of cyber warfare as part of the broader conflict is becoming increasingly common, with cyber-attacks often serving as a form of asymmetric warfare for entities with fewer traditional military resources. Cyber-attacks can cause significant disruption and economic damage, making them an effective tool in conflicts.
FROM THE MEDIA: A Ukrainian hacking group named Cyber Anarchy Squad claimed responsibility for a cyber-attack on Infotel JSC, a Russian telecom firm that provides critical infrastructure to the Russian banking system. Infotel confirmed the attack on its website, stating that its network equipment was damaged and it was working to restore access. The exact consequences of the attack remain unclear. Ukrainian news outlet Economichna Pravda reported that due to the attack, many of Russia's main banks and credit institutions do not have access to banking systems and cannot make payments. Infotel's network went down on Thursday and remains down as of Friday.
READ THE STORY: Cyberscoop
Chinese chipmaker insists it has Intel on-side, not inside
Analyst Comments: The controversy surrounding the Baode Group's Powerstar P3-01105 CPU underscores the intricate and often controversial dynamics of technology development and IP usage in the global semiconductor industry. This incident can have potential implications for the future of tech collaboration between China and U.S.-based companies, given the current geopolitical climate. While it's not unusual for tech companies to collaborate or license technologies, the extent and nature of Intel's involvement with Baode, in this case, are unknown, leaving room for speculation. In light of China's desire to develop its own CPUs, it will be interesting to see how this situation evolves and how it may influence the strategies of other tech firms in both countries.
FROM THE MEDIA: Baode Group, a Chinese vendor also known as PowerLeader, recently launched its Powerstar P3-01105 CPU, claiming it as a locally developed product. However, the company faced allegations that the CPU is just a rebranded version of the Intel Core i3-10105, released in 2021. Skepticism arose due to identical specs, performance, and appearance between the two CPUs. While Baode's CEO, Li Ruijie, confirmed Intel's support in the CPU's development, the exact nature of this collaboration remains unclear. In the current geopolitical climate, with tensions between the U.S. and China, the production of locally designed CPUs in China is of great strategic interest.
READ THE STORY: The Register
DOJ charges two Russians in Mt. Gox crypto hack
Analyst Comments: These charges highlight the ongoing issue of cybersecurity in the cryptocurrency sector, which remains a favored target of cybercriminals due to its perceived anonymity and the potential for substantial illicit gains. The indictment of the two Russians for the Mt. Gox hack, one of the largest and most infamous cryptocurrency exchange hacks, signifies the seriousness with which U.S. law enforcement agencies are pursuing these cases, even years after the fact. The additional charge against Bilyuchenko for operating BTC-e demonstrates the broad scope of criminal activities linked to cryptocurrency, beyond just hacking exchanges. The allegation that BTC-e was essentially serving as a global money laundering service for various types of criminals underlines the multifaceted cybersecurity and legal challenges facing the crypto sector.
FROM THE MEDIA: The Department of Justice (DOJ) has charged two Russian nationals, Alexey Bilyuchenko, and Aleksandr Verner, for their alleged participation in the 2011 hack of cryptocurrency exchange Mt. Gox. The two are accused of conspiring to launder approximately 647,000 bitcoins from the hack. Bilyuchenko is further charged with conspiring to operate an illegal cryptocurrency exchange, BTC-e, which was shut down by U.S. law enforcement in 2017. The DOJ alleges that Bilyuchenko and his co-conspirators operated BTC-e as a platform for criminals worldwide to launder billions of dollars. This comes following the DOJ's recent takedown of a darknet cryptocurrency mixer, which was used to launder more than $3 million in digital assets.
READ THE STORY: The Hill // The Record
Online muggers make serious moves on unpatched Microsoft bugs
Analyst Comments: The exploitation of these vulnerabilities underscores the importance of timely patching and system updates. Organizations should prioritize patch management to mitigate such threats. Particularly, the privilege escalation flaw in the Win32k subsystem (CVE-2023-29336) presents a significant risk due to its ability to grant an attacker system privileges and greater control over a compromised system. Additionally, the Visual Studio vulnerability (CVE-2023-28299) can lead to the inadvertent application of malicious extensions, which could potentially compromise sensitive information.
FROM THE MEDIA: Two Microsoft software vulnerabilities are reportedly under attack on systems that have not been patched. One flaw affects the Visual Studio software, while the other targets the Win32k subsystem. The vulnerabilities, which were patched by Microsoft in April and May, pose significant risks to unpatched systems. Numen Cyber and Varonis Threat Labs have warned that attackers are already exploiting these flaws, which can result in privilege escalation and potential system compromise. The vulnerabilities are tracked as CVE-2023-29336 and CVE-2023-28299, the former affecting older versions of Windows and Windows Server, while the latter can lead to malicious extensions in Microsoft's Visual Studio.
READ THE STORY: The Register
New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered - Patch Now!
Analyst Comments: SQL injection vulnerabilities pose significant risks to web applications as they allow attackers to potentially interact with the underlying database and manipulate or steal data. The fact that Progress Software has promptly released patches for the reported vulnerabilities is a positive step towards mitigating such risks. The historical context of the Cl0p ransomware gang's prior exploitation of a different MOVEit Transfer vulnerability underscores the seriousness of the threat landscape, particularly for software providing critical services such as file transfer. Cl0p's apparent sophisticated preparation and operational security, as well as its focus on ransomware and data theft, suggest that the threat from this group, and others like it, will continue. Companies using the MOVEit Transfer application should promptly apply the released patches and maintain a vigilant security posture, especially given the Cl0p group's history of exploiting vulnerabilities in managed file transfer platforms.
FROM THE MEDIA: Progress Software has patched multiple SQL injection vulnerabilities found in its MOVEit Transfer web application that could potentially allow unauthorized access to the MOVEit Transfer database. These vulnerabilities, which were discovered and reported by cybersecurity firm Huntress during a code review, could result in the modification and disclosure of database content. They affect all versions of the service and have been addressed in several versions. Progress Software stated there are no observed indications of these newly discovered flaws being exploited yet.
READ THE STORY: THN
China Wants to Set Up a Spying Post in Cuba
Analyst Comments: If these reports are accurate, the establishment of a Chinese spying facility in Cuba represents a significant escalation in the ongoing rivalry between the U.S. and China. It brings the intelligence war to the U.S.'s doorstep, potentially giving China access to sensitive information. This development could strain U.S.-Cuba relations and lead to heightened U.S.-China tensions. It also highlights China's continuous investment in surveillance technology, contributing to a "Cold War arms race dynamic". It remains to be seen how the Biden administration will respond to this alleged security threat.
FROM THE MEDIA: China is allegedly in the process of establishing an electronic eavesdropping facility on Cuba, aimed at collecting signals intelligence from the United States. According to the Wall Street Journal, Cuba has agreed to let China construct this facility on the island, which could allow China to monitor various types of communications and gather intelligence from key U.S. military bases. The facility's exact location and construction timeline remain uncertain, but it's said that China has paid Cuba billions of dollars for this project. Both the U.S. Defense Department and Cuban Vice Foreign Minister Carlos Fernández de Cossio denied the report's accuracy. Other media outlets, however, have corroborated the Journal's initial reporting. The U.S. Senate Intelligence Committee has expressed deep concern over the reports and called for preventative measures.
READ THE STORY: FP
Putin’s little cyber helpers turn their sights on the UK
Analyst Comments: This large-scale data breach underscores the growing threat of state-tolerated or state-sponsored cybercrime, with this incident seeming to connect to geopolitical tensions between Russia and the West. While it is challenging to definitively link these actions to state direction, the tacit acceptance and possible encouragement by the Russian state cannot be dismissed. The situation also highlights the cyber vulnerabilities of major businesses and critical infrastructure, pointing to the need for improved cybersecurity measures.
FROM THE MEDIA: Over 100,000 UK residents have had their data stolen by Russian cybercriminals identified as Clop, who exploited software used by a payroll provider to raid major employers including British Airways, Boots, and the BBC. The stolen data includes national insurance numbers and bank account details. This breach follows a similar attack by another Russian-speaking hacking group on Capita. The Five Eyes nations (America, Australia, Britain, Canada, and New Zealand) have warned of increased cyber operations against the West by "Russian-aligned cybercrime groups" in retaliation for their support for Ukraine. Clop is one of the largest phishing and malspam distributors worldwide, with an estimated $500 million extorted from victims. The group is currently under investigation by Britain's National Cyber Security Centre.
READ THE STORY: Telegraph (UK)
Nexperia left off subsidies list as Germany chips away at Chinese connection
Analyst Comments: This development highlights the intensifying scrutiny on Chinese investment in the technology sector in Western countries, especially in the area of semiconductors, due to national security concerns. Nexperia's situation parallels the ongoing geopolitical tensions between the U.S. and China in the tech industry. Given the strategic importance of semiconductors, it is clear that governments are taking more proactive measures to protect their national interests. As this continues to unfold, it will likely impact global semiconductor supply chains and may prompt other companies to reassess their investment strategies. With Germany's receipt of significant EU funding, we can expect a bolstering of its status as an industrial hub in the region. It also raises questions about how the EU will balance its goals of achieving self-sufficiency in semiconductors while also managing the geopolitical implications of foreign investments.
FROM THE MEDIA: The European Commission recently launched an initiative aimed at bolstering the semiconductor supply chain, involving 56 companies and 68 projects across the EU. The scheme is set to be backed by €8.1 billion ($8.7 billion) from EU member states, supplemented by an estimated €13.7 billion ($14.7 billion) from the private sector. Germany stands to receive approximately half of the state funding, consolidating its industrial prominence within the EU. However, Nexperia, a semiconductor manufacturer, has reportedly been denied subsidies by German authorities due to its links to China. Nexperia is a Netherlands-based company with the majority of its semiconductor production located in Hamburg, Germany, and was acquired by China-based Wingtech Technology in 2018.
READ THE STORY: The Register
Microsoft to move top AI experts from China to new lab in Canada
Analyst Comments: The "Vancouver Plan" reflects the ongoing impact of geopolitical tensions between the U.S. and China on the global tech industry. The relocation could potentially affect China's AI talent pipeline and its ambitions in the AI field. On Microsoft's end, the move seems designed to protect its AI talent from being recruited by Chinese firms and to ensure continued research collaboration in a neutral location. It remains to be seen how China will react to this development and whether other tech companies might follow suit in shifting their research facilities.
FROM THE MEDIA: Microsoft is reportedly relocating a number of its top artificial intelligence researchers from its Beijing-based Microsoft Research Asia (MSRA) to a new lab in Vancouver, Canada. The move could affect 20 to 40 staff, although a person close to Microsoft suggested a lower number. Insiders call it the "Vancouver Plan," seen as a response to rising U.S.-China tensions and a strategy to prevent talent poaching by Chinese tech firms. The MSRA has been a key training center for Chinese tech talent and its potential loss may provoke Beijing, which is trying to attract overseas Chinese researchers back to the country. The lab will include personnel from other Microsoft labs globally.
READ THE STORY: FT
Ransomware scum hit Japanese pharma giant Eisai Group
Analyst Comments: The ransomware attack on Eisai is part of a broader trend of cyber attacks on healthcare and pharmaceutical industries, potentially due to their critical roles and substantial financial resources. These industries often store sensitive personal data, making them attractive targets for cybercriminals. While Eisai appears to have mitigated the immediate risk, the full extent of the disruption may take some time to assess fully. Eisai's global stocking policy has proven effective in the short term. However, sustained or increased disruptions in its supply chain could eventually impact its stock levels, especially if the attack affects its logistics systems for an extended period. The status of potential data leakage remains uncertain and could have significant implications if sensitive data were compromised.
FROM THE MEDIA: Japanese pharmaceutical company Eisai was hit by a ransomware attack, causing some disruption to its supply chain. However, Eisai has confirmed that there is no risk of stock shortage, as its global stocking policy ensures it has over three months of supply at any given time. The company's UK systems were unaffected by the cyber attack, and the manufacturing site in Hatfield, England, continues to operate as usual. While the company is investigating the possibility of data leakage, it has confirmed that its corporate websites and email systems are operational. Eisai, which specializes in neurology and oncology, has not disclosed whether it paid a ransom. The company is currently working with cybersecurity partners and law enforcement in response to the attack.
READ THE STORY: The Register
Is it a drone? Is it a balloon? Whatever it is the US warns locals not to let them fly in Iran
Analyst Comments: The warning issued by the US government underscores the ongoing geopolitical concerns related to the development and deployment of UAVs, which can be used for surveillance or as weapons platforms. It is also a sign of the continued tension between the US and Iran, particularly with regard to technology transfer and the use of UAVs. The US is keen to prevent Iran from gaining advanced UAV capabilities, particularly as Iran is suspected of providing UAVs to other entities like Russia, Tajikistan, and the Houthi rebels in Yemen. The caution issued to American companies indicates the potential risk they face if they are found to be indirectly contributing to Iran's UAV programs, either knowingly or unknowingly. This also highlights the importance of stringent due diligence procedures for technology companies, to ensure that their products do not end up in the hands of countries under US sanctions. The development points towards an increasing interplay of geopolitics, technology transfer, and commercial interests in the field of UAVs.
FROM THE MEDIA: The US government has issued a warning about the threat posed by Iran's development of Unmanned Aerial Vehicles (UAVs), urging American companies to be cautious about supplying components needed for these drones and spy balloons. A joint advisory from the US Departments of Commerce, Justice, State, and Treasury highlighted that providing such goods and services to Iran would violate sanctions against the country. Iran is reportedly procuring technologies for UAVs that it can't produce domestically, with a network of procurement agents, front companies, suppliers, and intermediaries being used to evade export controls and sanctions.
READ THE STORY: The Register
U.S. and allies condemn economic coercion with attention on China
Analyst Comments: The joint declaration underscores the growing international concern over China's trade practices and economic policies. By releasing this message, the six countries are signaling their shared opposition to economic coercion, reinforcing their commitment to a rules-based international trading system. While the statement does not carry any immediate economic consequences, it serves to highlight and draw attention to what these countries perceive as unfair trade and economic tactics. It also underscores their intent to work collaboratively in addressing such practices.
FROM THE MEDIA: The United States and five of its key allies - Japan, Australia, Canada, New Zealand, and the United Kingdom - have issued a joint declaration criticizing economic coercion and non-market policies related to trade and investment. While the declaration does not directly name China, it is widely interpreted as targeting Beijing. The countries expressed concern over practices that undermine the rules-based multilateral trading system. The statement mirrors a message released by the Group of Seven (G7) nations after a leaders' meeting last month. A U.S. Trade Representative official referred to China as the biggest perpetrator of the condemned behavior.
READ THE STORY: Japan Times
Items of interest
The Role of Quantum Key Distribution in Securing Critical Infrastructure
Analyst Comments: The potential of QKD for enhancing the security of the critical infrastructure is significant, particularly given the anticipated rise of quantum computing and its implications for existing encryption methods. By exploiting quantum mechanics' properties, QKD can offer a robust, future-proof solution for secure communication. The present limitations, such as range and integration with existing infrastructure, are hurdles that ongoing research and development initiatives are actively addressing. These efforts include exploring the use of quantum repeaters to extend the QKD range and developing systems operable over existing fiber-optic networks.
FROM THE MEDIA: Quantum Key Distribution (QKD) offers a promising solution for enhancing the security of critical infrastructure, leveraging the principles of quantum mechanics to ensure secure and tamper-proof communication. Unlike traditional encryption methods that can be vulnerable to quantum computing attacks, QKD is resistant to such threats as it relies on the laws of quantum mechanics for security. However, challenges such as the limited range of current QKD systems and the difficulty of integrating QKD with existing communication infrastructure exist. Despite these obstacles, QKD holds great promise for protecting critical systems and information from cyberattacks and emerging quantum threats.
READ THE STORY: Citylife
Has China really developed chip manufacturing technology without the need for EUV? (Video)
FROM THE MEDIA: Chips are very important. Our daily mobile phones, computers, and even washing machines contain chips. However, the fabrication of chips requires a lithography machine, especially the finer chips that require higher fabrication processes. China has strong chip design capabilities, but the lithography machine for chip production needs to rely on other countries.
China Finally Cracks the Code Bypassing US Chip Sanctions - but did they (Video)
FROM THE MEDIA: Although US sanctions on China's access to technology are severe, Chinese enterprises are discovering methods to circumvent them. The ease with which Chinese AI businesses may get high-end semiconductor technology via third parties must be the most difficult for US officials. The penalties apply to hardware but not to services that use that technology, creating a lucrative market for Chinese cloud providers offering services based on Nvidia A100 processors that underpin generative AI.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.