Daily Drop (516): Ukraine's 'House On Tank', Backdoor Targeting Vietnamese, Pro-Ukraine Hackers Target RU Telecom, Nuclear Cargo Ships Return, Russian Hackers Charged (BTC), Iran's Drone Aid (RU)
06-11-23
Sunday, Jun 11, 2023 // (IG): BB // Intro Exploit Dev // Coffee for Bob
Ukraine’s ‘House On Tank’ Stuns Military Watchers & Netizens; Russia, Ukraine Use Deception Tactics To Fool Each Other
Analyst Comments: The camouflage and deceptive tactics employed by both Ukraine and Russia show a remarkable level of creativity and resourcefulness in the midst of a serious conflict. This approach demonstrates the critical importance of psychological warfare and the advantages conferred by misleading the enemy, even if it means flouting international laws that forbid disguising military equipment as civilian infrastructure. It's noteworthy that such unconventional strategies are receiving as much global attention as the high-tech weapons used in the conflict. The continuing innovation from both sides also underscores the relentless adaptability of military tactics in the face of evolving challenges on the battlefield.
FROM THE MEDIA: Amid the ongoing conflict between Ukraine and Russia, a video of a Ukrainian combat vehicle disguised as a house moving across a field has gone viral. The video, reportedly shot in Bakhmut, Ukraine, was shared widely, eliciting a variety of reactions. While some found it ingenious, others criticized it as a potential violation of international law, which prohibits the disguise of military equipment as civilian infrastructure. The Ukrainian military's use of deception and camouflage is not new in this conflict. They have previously employed dummies and decoys, including wooden or inflatable replicas of their HIMARS artillery system, to mislead Russian forces. Ukraine has also used nets, wires, and digital camouflage to hide its military assets and thwart Russian drones. Likewise, Russian forces have employed similar tactics, using mock-ups of anti-aircraft missile systems, tree branches, straws, carpets, and thermal radiation-reducing materials to camouflage their military equipment. Both nations have been innovating on the battlefield throughout the 15-month conflict. These unorthodox strategies have drawn as much global attention as the more technologically advanced weaponry used in the war.
READ THE STORY: The EurAsian Times
Water on Boil: Weaponization of Water in Contemporary Geopolitics
Analyst Comments: The weaponization of water is an alarming development that carries severe humanitarian, ecological, and geopolitical implications. Water, as a fundamental life-sustaining resource, should not be used as a tool of warfare. However, given its strategic importance and the increasing scarcity due to climate change, conflicts over water resources are likely to intensify in the future. International law provides some safeguards, but their effectiveness is limited due to the difficulty in enforcement and the absence of some major water-controlling nations from these agreements. The suggestion of establishing an international body dedicated to investigating potential water weaponization is intriguing but will face considerable political challenges due to the sensitivity of water issues and accusations of bias or interference. Emphasizing regional and international cooperation, investing in resilient and sustainable water infrastructure, and raising public awareness about the risks associated with water weaponization are practical approaches that can help manage shared water resources and prevent water-related disputes from escalating.
FROM THE MEDIA: The recent destructive events involving the Kakhovka dam in the Russia-controlled southern Ukraine and the rising tensions between Afghanistan and Iran over shared water resources highlight a concerning trend of water weaponization. This unique natural resource's ability to move spatially makes it an ideal potential weapon in conflicts, as seen in these recent incidents. International laws such as the Geneva List of Principles on the Protection of Water Infrastructure and the Madrid Rules of 1976 attempt to prevent the use of water infrastructure as a means of warfare, but enforcement remains a challenge. Practical solutions are urgently needed, including establishing an international body to monitor suspected cases of water weaponization, imposing strict penalties on offending countries, and promoting peaceful resolution of conflicts through dialogue and diplomacy.
READ THE STORY: Modern Diplomacy
New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies
Analyst Comments: The ongoing campaign using SPECTRALVIPER indicates an increase in sophisticated cyber-attacks targeting Vietnamese public companies. The backdoor's extensive capabilities, such as PE loading and injection, file upload and download, and token impersonation, represent a significant security threat. The potential state affiliation of the threat actors underscores the geopolitical implications of such cyber-attacks. Organizations must strengthen their security posture to protect against such threats, and governments need to work closely with cybersecurity firms to track and counter these actors.
FROM THE MEDIA: Vietnamese public companies have become the target of a campaign deploying a new backdoor, SPECTRALVIPER. Elastic Security Labs described SPECTRALVIPER as a heavily obfuscated, previously undisclosed x64 backdoor with extensive capabilities, including PE loading and injection, file upload and download, and token impersonation. The attacks are attributed to an actor known as REF2754, linked with a Vietnamese threat group APT32 (also known as Canvas Cyclone, Cobalt Kitty, and OceanLotus). Cybersecurity company Meta had previously connected the group's activities to CyberOne Group in 2020. SPECTRALVIPER is designed to connect to an actor-controlled server and wait for commands, using obfuscation methods to resist analysis. REF2754's tactics share commonalities with another group, REF4322, which primarily targets Vietnamese entities.
READ THE STORY: THN
US bans imports from China-based Ninestar over Uyghurs
Analyst Comments: The U.S. government's decision to ban imports from these companies represents its ongoing efforts to address human rights abuses in China, particularly those involving Uyghur and other ethnic minority groups. While this action signals the U.S.'s commitment to sanctioning entities involved in such abuses, critics like Senator Marco Rubio argue that the current case-by-case approach doesn't go far enough and still allows many companies to profit from forced labor. Despite China's denial of any wrongdoing, pressure from international governments and human rights groups is likely to continue. The effectiveness of the UFLPA will depend on rigorous enforcement and its deterrent effect on other companies engaged in similar practices.
FROM THE MEDIA: On Friday, the U.S. banned imports from Ninestar Corp, a China-based printer manufacturer, and Xingjang Zhongtai Chemical, a Chinese chemical company, due to allegations of human rights abuses. According to the U.S. Homeland Security Department (DHS), these companies are being excluded from the U.S. supply chain because they are engaged in business practices targeting China's Uyghur population and other persecuted groups. The U.S. took these actions under the Uyghur Forced Labor Protection Act (UFLPA), signed into law in December 2021, which forbids imports produced in Xinjiang or by companies on a UFLPA Entity List, unless the importer can demonstrate that the goods weren't produced with forced labor.
READ THE STORY: Reuters
Nuclear-Powered Cargo Ships Are Trying to Stage a Comeback
Analyst Comments: The exploration of nuclear-powered merchant ships is presented with an understanding of its potential in decarbonizing the shipping industry, while also acknowledging significant challenges in the path of their broad adoption. Drawing parallels with the eventual dominance of steam-powered ships in the 19th century, the piece suggests that nuclear-powered ships might ultimately become more prevalent. However, given the urgency of the climate crisis and the existing alternatives of other low- or zero-emission fuels, the practicality and desirability of this shift remain uncertain.
FROM THE MEDIA: Nuclear-powered merchant ships are being explored as a potential solution to the 3% global greenhouse gas emissions contributed by the shipping industry. The failures of past nuclear vessels like the U.S.'s Savannah, West Germany's Otto Hahn, and Japan's Mutsu are examined as cautionary tales. Despite these historical missteps, ongoing projects in South Korea and Norway are currently developing modern nuclear-powered merchant vessels. The high energy density and long operational life of nuclear reactors offer certain advantages. However, challenges such as the disparity between the short service life of ships and the longevity of reactors, technical and safety concerns tied to nuclear power, and the absence of a comprehensive regulatory framework present considerable obstacles.
READ THE STORY: Wired
Pro-Ukraine hackers Cyber Anarchy Squad claimed responsibility for the attack that hit Russian telecom provider Infotel JSC
Analyst Comments: The incident involving Infotel JSC emphasizes the power that cyber threat actors, such as hacking groups, have in disrupting not only a single entity but a whole interconnected system. In this case, the attack didn't solely affect the telecom provider, but it also disrupted the operations of major banks in Russia, demonstrating the interconnected nature of digital infrastructure and the ripple effects that an attack can have on society and the economy. It serves as a stark reminder of the vulnerability of critical infrastructure to cyber threats and the widespread consequences that can arise.
FROM THE MEDIA: In a recent cyber attack, the pro-Ukraine hacking group, Cyber.Anarchy.Squad, claimed responsibility for targeting the Russian telecom provider Infotel JSC. The company, which provides critical connectivity services to the Russian banking system, has suffered significant operational disruption due to the attack. This event has affected major banks throughout Russia, creating a ripple effect on payments and potentially causing communication issues in Moscow. Cyber.Anarchy.Squad also defaced several websites with messages supporting Ukraine's counteroffensive.
READ THE STORY: Security Affairs
Darkweb credit card marts in decline across Asia, researchers claim
Analyst Comments: The shift from stealing credit card numbers to corporate documents could be due to the potential for larger profits from targeting businesses, governments, and other entities. This development highlights the need for improved security measures to protect sensitive corporate data. Furthermore, the prevalence of such activities in large, tech-savvy nations like India, Indonesia, and Vietnam underscores the global nature of cyber threats and the importance of international collaboration in cybersecurity.
FROM THE MEDIA: Cybersecurity firm Group-IB has reported a decline in the number of stolen Asian credit card numbers appearing on the dark web. Instead, criminals are increasing their attempts to steal corporate documents, with India being the primary target in the region. In 2023, botnets were used to steal over 3.2 million records from Indian organizations, while compromising 413 corporate accounts. Indonesia and Vietnam came in second in terms of compromised documents and accounts respectively. Among 100 APAC company data breaches detected by Group-IB, which brought in over 81 million records, 34 were from India and 22 from Indonesia.
READ THE STORY: The Register
'Dangerous' Russian hackers launched 'very sophistic' cyberattack on UK council
Analyst Comments: The Gloucester City Council attack is a sobering example of the power and sophistication of spear-phishing attacks. The attackers not only impersonated a trusted third-party supplier but also patiently studied the council's systems to launch a more devastating attack. It showcases the importance of scrutinizing the cybersecurity practices of third-party partners and the necessity of continuous system monitoring.
FROM THE MEDIA: Gloucester City Council in the UK experienced a severe cyber attack, believed to have been perpetrated by a group of Russian hackers. The attack was initiated by a spear-phishing email, a targeted form of phishing where the attackers impersonate a trusted entity, in this case, a supplier. The email contained a malicious payload that infiltrated the council's network, allowing the attackers to explore the council’s IT systems and execute their attack in December 2021. The attack had a significant impact on city council services, causing disruptions in benefits payments, planning applications, and house sales.
READ THE STORY: Daily Star
How getting dollars from IMF, and World Bank would make the borrower country’s situation worse off
Analyst Comments: Dependence on foreign aid can lead to several adverse effects on a nation's economy. For instance, it can create a culture of dependency, deterring a country from implementing needed economic reforms and developing its own industries. This reliance can also lead to debt cycles, which can be challenging to break. Foreign aid often comes with conditions that can impose policies unsuitable for the recipient country's economy, resulting in significant long-term implications for their economic and political stability. Additionally, exchange rate risk can exacerbate the debt burden, particularly for countries borrowing in foreign currencies.
FROM THE MEDIA: Globalization and international trade have made countries more interconnected, leading many nations to depend on foreign aid for economic support. However, dependency on foreign funding comes with potential long-term consequences such as the creation of a cycle of dependency, loss of autonomy, neglect of domestic industries, creation of debt traps, exchange rate risk, quality compromise, and exploitation of natural resources. IMF loans and aid from developed nations often come with conditions that might not suit the recipient countries' unique conditions, creating significant economic and political instability.
READ THE STORY: Modern Diplomacy
DOJ Charges Russian Hackers Attempting to Launder 647,000 BTC
Analyst Comments: These charges signal the growing efforts by U.S. and global law enforcement to crack down on cybercrime and illicit cryptocurrency activities. The accused's wide range of attack methods, from credential stuffing to money laundering, emphasizes the sophistication of modern cybercriminal operations. It also highlights the potential vulnerabilities in sectors such as banking, e-commerce, and cryptocurrency exchanges. The DOJ's announcement comes at a time when the world is grappling with significant cyber threats to critical infrastructure. The arrest of these two individuals represents a victory, albeit a small one, against cybercrime, showing the effectiveness of international law enforcement cooperation.
FROM THE MEDIA: The U.S. Department of Justice (DOJ) has charged two Russian nationals, Dmitry Kuznetsov and Alexey Petrov, for their alleged involvement in global cyberattacks. These attacks primarily targeted banks, e-commerce platforms, and cryptocurrency exchanges, resulting in losses of over $200 million for victims in more than 20 countries. The pair reportedly used techniques including phishing emails, malware injections, credential stuffing, and web shell attacks, coupled with concealment methods such as proxy servers and VPNs. They are also accused of stealing a massive amount of cryptocurrency from Mt. Gox, leading to the exchange's insolvency. They purportedly operated a digital currency exchange, BTC-e, used for money laundering activities. Although BTC-e was shut down in 2017 and one co-conspirator pleaded guilty to money laundering, Kuznetsov and Petrov remain at large.
READ THE STORY: Tekedia
China Declares Support for Massive BRICS Expansion As Countries Push to Challenge US Dollar
Analyst Comments: China's endorsement of the expansion of the BRICS alliance demonstrates its commitment to strengthening cooperation among emerging markets and developing countries. By expressing support for the entry of more nations, China aims to enhance the group's influence and representation. The potential addition of Venezuela and the increasing interest from other countries highlights the attractiveness of BRICS as a platform for economic collaboration and a counterbalance to Western-dominated financial systems. However, the discussions around a gold-backed currency and its potential impact on the global financial landscape will require careful consideration, as it may create both opportunities and challenges for the existing monetary order. The upcoming BRICS summit in South Africa will be crucial in shaping the future direction of the alliance and its expansion plans.
FROM THE MEDIA: China has expressed its full support for the expansion of the BRICS economic alliance and is open to bringing more countries into the group, according to Chinese foreign ministry spokesperson Mao Ning. BRICS currently consists of Brazil, Russia, India, China, and South Africa. The Chinese government's backing comes in response to reports that Venezuelan President Nicolas Maduro is seeking to add Venezuela to the alliance. BRICS aims to promote cooperation among emerging markets and developing countries, uphold multilateralism, and reform the global governance system to increase the representation of emerging economies. The bloc has garnered attention recently for its potential consideration of launching a gold-backed currency to challenge the US dollar's status as the world's reserve currency. Thirteen countries have formally requested to join BRICS, and expansion discussions will take place at the upcoming summit in South Africa.
READ THE STORY: The Daily Hodl
Captured US Stealth Drone, Reversed-Engineered By Iran, Could Help Russia In Gaining Air Superiority Over Ukraine
Analyst Comments: This development underscores the complexity of the ongoing conflict between Russia and Ukraine, with alliances being formed and third parties becoming increasingly involved. The Iranian-Russia partnership could potentially tip the balance of power in the conflict. The production of drones, particularly stealth drones, could help Russia achieve air superiority, which has so far been resisted effectively by Ukrainian air defenses. The utilization of reverse-engineered technology from U.S. drones by Iran raises further concerns about the proliferation of drone technology and the challenges this poses to national and international security. Moreover, the report that the Iranian drone technology has components sourced predominantly from the U.S., either directly or indirectly, might lead to increased scrutiny over supply chains and exports of relevant technology.
FROM THE MEDIA: As the Ukrainian air defense continues to prevent Russia from achieving air superiority in the ongoing war, Russia is reportedly partnering with Iran to build a drone factory, as per an intelligence report released by the White House. The factory, confirmed through satellite imagery, is being constructed near Moscow and is expected to be operational by early 2024. Iran is supplying Russia with drones, specifically the stealth drone Shahed Saeghe, which is reverse-engineered from the captured U.S. Air Force’s RQ-170 Sentinel. The drone is thought to provide a potential means for Russia to attain air domination against the Ukrainian counter-offensive. The US is attempting to disrupt the sea route through the Caspian Sea, which Iran uses for this supply.
READ THE STORY: The EurAsian Times
Items of interest
Trump faces the biggest challenge yet to ‘Teflon Don’ persona
Analyst Comments: The gravity of these charges is significant given their severity and the unprecedented nature of a former president facing such accusations. If these charges were to lead to a conviction, it would mark a historical event in American jurisprudence and could potentially have a transformative effect on the political landscape. These charges would likely deepen the partisan divide in American politics, as the reactions to the charges could be heavily influenced by political affiliations. Trump's supporters may view the charges as politically motivated, while his critics may see them as overdue justice. The potential penalties upon conviction would be substantial and could include imprisonment. A conviction could also influence other ongoing investigations into the former president's conduct.
FROM THE MEDIA: Former President Donald Trump is facing unprecedented federal charges, including multiple counts under the Espionage Act, for the mishandling of classified documents. This marks the first time a former US president has faced such serious allegations. The indictment by the Department of Justice (DOJ) details that Trump kept classified documents in various unsecured locations in his Florida home. Additional charges include obstruction of justice and concealing records. If convicted, Trump could potentially face significant jail time. The situation has political implications, with some Republicans defending Trump while others highlight the seriousness of the charges.
READ THE STORY: The Hill
Cyber Geopolitics and the Weaponization of Social Media (Video)
FROM THE MEDIA: With the emergence of cyber power, evolving opportunities and risks are presented by new media tools, from cyber activism to espionage, fake news armies, hate speech, and cyber warfare. How are social media platforms and new technologies used and manipulated as tools of war and propaganda? What are the humanitarian costs of cyber conflict? What is the future of human rights and democracy in the region in an increasingly networked world? And what policy recommendations and regulations can best counter the misuse of technology and cybercriminal laws?
GOP's 'weaponization' script wears thin in defense of Trump (Video)
FROM THE MEDIA: Ari Melber talks with Alex Wagner about the limits to the Republican defense of Donald Trump that ignores the system of laws in the United States and instead attacks the legal system and investigators.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.