Daily Drop (522): Natural Gas Cooperation: CN & RU, Space Garbage collecting, Russia-Based Hacking Rampage, New Linux Backdoor, Huawei and ZTE from 5G networks, Industry shutdown if RU stops gas
06-17-23
Saturday, Jun 17, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
China and Russia May Be Expanding Natural Gas Cooperation – Just Not Via Power of Siberia 2
Analyst Comments: The conflict between Russia and Ukraine has impacted Russia's trade options and increased its reliance on China. This dynamic gives China significant leverage in the negotiations over the PoS-2 pipeline. However, the timing and conclusion of the negotiations are uncertain due to China's desire to maintain relationships with the United States and Europe. Financing risks and lack of trust further complicate the project. While the PoS-2 negotiations remain in stasis, Russia and China are exploring other avenues for natural gas cooperation, including alternative routes and LNG. The West should be cautious about the PoS-2 pipeline but remain vigilant in Central Asia.
FROM THE MEDIA: The ongoing conflict between Russia and Ukraine has limited Russia's trade options, leaving China as its primary alternative. As a result, China holds the upper hand in negotiations over the Power of Siberia-2 (PoS-2) natural gas pipeline, and the pace and outcome of the negotiations will be dictated by Beijing. However, the negotiations are unlikely to conclude before a resolution to the conflict in Ukraine, as China seeks to maintain functional economic relationships with the United States and Europe. Financing risks and a lack of mutual trust also present challenges to the project. Despite the PoS-2 negotiations being at a standstill, Russia and China are increasing bilateral natural gas flows through alternative routes, including indirect routes via Central Asia and liquefied natural gas (LNG).
READ THE STORY: The Diplomat
Astroscale wants to be the world's friendly neighborhood space garbage collector
Analyst Comments: The increasing amount of space debris poses a significant risk to space missions and the sustainability of space activities. Efforts by regulatory bodies like the FCC and organizations like the WEF are crucial in addressing the problem and promoting responsible practices among space operators. The emergence of commercial ADR services, such as Astroscale's ELSA-M, shows promise in tackling the issue. Yet, the involvement of major satellite constellation operators like SpaceX and Amazon is necessary for more comprehensive and effective debris mitigation efforts. Cooperation among all stakeholders is essential to ensure a sustainable and clutter-free space environment.
FROM THE MEDIA: The growing issue of space debris is posing risks to current and future space missions, with over 27,000 pieces of debris currently tracked by the US Department of Defense. In an effort to address the problem, the Federal Communications Commission has proposed a five-year deadline for equipment disposal after the end of a mission. The World Economic Forum (WEF) has published recommendations aiming for a 95-99 percent success rate in post-mission disposal and a five-year target for removing obsolete space objects from low Earth orbit. Companies like Astroscale are emerging to provide commercial active debris removal (ADR) services. However, major players like SpaceX and Amazon, operating large satellite constellations, have not yet signed on to these efforts.
READ THE STORY: The Register
A Russia-Based Hacking Rampage Hits US Agencies and Exposes Millions
Analyst Comments: The data breaches targeting US government agencies by the Clop ransomware gang highlight ongoing cybersecurity threats and the need for robust defense measures. The attacks, which took advantage of a known vulnerability, emphasize the importance of promptly patching software to prevent exploitation. While the attacks may not have been specifically targeting government entities, the risk of sensitive information being exposed remains a concern. The potential ties between ransomware groups like Clop and the Russian government raise questions about state sponsorship or at least tacit approval of their activities. This underscores the importance of international cooperation in addressing cybercriminal networks and holding them accountable.
FROM THE MEDIA: US cybersecurity officials have confirmed that a "small number" of government agencies have suffered data breaches as part of a hacking campaign carried out by the ransomware gang Clop, likely based in Russia. The group exploited a vulnerability in the file transfer service MOVEit to target victims including Shell, British Airways, and the BBC. Progress Software, the owner of MOVEit, patched the vulnerability in May, and US cybersecurity authorities have urged organizations to update their systems. While the specific US government agencies affected have not been disclosed, the Department of Energy is among them. Although the attacks appear opportunistic, with no evidence of broader access or theft of high-value information, there are concerns about ties between ransomware groups like Clop and the Russian government. Clop has claimed to focus on businesses and promised to delete data from governments and law enforcement, but researchers suspect information collected may be shared with the Kremlin.
READ THE STORY: Wired
ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC
Analyst Comments: The discovery of ChamelDoH expands the capabilities of the ChamelGang threat actor and highlights their focus on Linux systems. The use of DoH for command-and-control communication poses challenges for security solutions, as it leverages encrypted channels and can bypass detection and prevention measures. This development emphasizes the need for organizations to implement strong cybersecurity measures, including patching vulnerabilities and monitoring for suspicious activities.
FROM THE MEDIA: The threat actor known as ChamelGang has been found using a new Linux backdoor implant called ChamelDoH, which communicates via DNS-over-HTTPS (DoH) tunneling. ChamelGang, previously identified by Positive Technologies, has targeted industries in multiple countries, leveraging vulnerabilities in Microsoft Exchange servers and Red Hat JBoss Enterprise Application. The ChamelDoH malware is designed to capture system information and enables remote access operations. The use of DoH for command-and-control communication provides benefits to the threat actor, as the requests cannot be easily intercepted, and security solutions struggle to detect and prevent malicious DoH traffic. Stairwell, a cybersecurity firm, has identified 10 samples of ChamelDoH on VirusTotal, indicating the group's focus on Linux intrusions.
READ THE STORY: THN
Pro-Russian hackers remain active amid Ukraine counteroffensive
Analyst Comments: The ongoing conflict between Ukraine and Russia has seen a surge in cyber operations, with both sides employing hacking techniques for intelligence collection, information operations, and supporting kinetic attacks. Pro-Russian hackers continue to target Ukraine, but their operations have become more strategic and coordinated, with the use of front groups and possible support from advanced persistent threat (APT) actors. While the impact of these cyber operations on the conflict itself may vary, they play a significant role in shaping the information landscape and influencing narratives. Ukrainian officials and researchers remain vigilant in monitoring and responding to cyber threats, distinguishing between various hacking groups, and assessing their tactics and motivations.
FROM THE MEDIA: Pro-Russian hackers continue to target Ukraine amid the ongoing conflict with Russian forces, focusing on Ukrainian service providers, media, critical infrastructure, and government networks. Ukrainian cybersecurity officials expect the pace of pro-Russian operations to increase. However, some operations appear aimed at creating the impression of widespread hacking activity rather than achieving meaningful results. Hack-and-leak operations have become a key tool in the information domain of the conflict, with hackers attempting to publish sensitive documents to influence the narrative. State-backed Russian hackers are also conducting operations in Ukraine, including destructive malware attacks, hack-and-leak operations, and intelligence collection. Ukrainian cyber groups have noticed changes in tactics by the Russian military intelligence (GRU), with greater coordination and attention given to hacking groups serving as fronts or conduits for government-operated campaigns.
READ THE STORY: Cyberscoop
EU states told to restrict Huawei and ZTE from 5G networks ‘without delay’
Analyst Comments: The call by the European Commission to restrict high-risk equipment suppliers, particularly Huawei and ZTE, reflects ongoing concerns about the security risks associated with Chinese vendors in 5G networks. The progress report highlights the need to reduce dependency on high-risk suppliers to safeguard the EU's collective security and critical infrastructure. The issue goes beyond the existence of backdoors, focusing on concerns about ties between the companies and the Chinese state. The report raises potential vulnerabilities and risks associated with such dependencies. The EU's push for member states to take action demonstrates its determination to address these concerns promptly and mitigate security risks in 5G networks.
FROM THE MEDIA: The European Commission has called on member states to restrict high-risk equipment suppliers from their 5G networks, specifically highlighting Chinese vendors Huawei and ZTE as representing "materially higher" risk. A progress report on 5G cybersecurity reveals that all but three of the European Union's member states have passed or are in the process of passing laws to impose these restrictions. The report warns of the risk of persistent dependency on high-risk suppliers, posing potential security threats to the EU and its critical infrastructure. Huawei and ZTE have faced scrutiny over their equipment, with concerns raised about ties to the Chinese state and potential vulnerabilities.
READ THE STORY: The Record
From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet
Analyst Comments: The discovery of new payloads associated with Diicot demonstrates the threat actor's expanding capabilities, including the potential for launching DDoS attacks. The use of off-the-shelf botnets and other tools indicates the group's willingness to conduct various types of attacks based on their targets. Organizations should prioritize implementing robust security measures, such as SSH hardening and strong authentication practices, to protect against these threats.
FROM THE MEDIA: Cybersecurity researchers have uncovered new payloads associated with the Romanian threat actor known as Diicot, indicating its potential for launching distributed denial-of-service (DDoS) attacks. Diicot was previously documented for its use of a Go-based SSH brute-forcer tool called Diicot Brute in a cryptojacking campaign. The latest analysis reveals that the group has also deployed the Cayosin botnet, suggesting its ability to carry out DDoS attacks. Diicot has been observed targeting routers running the Linux-based embedded devices operating system, OpenWrt. The threat actor has a consistent compromise chain, utilizing various tools and malware to gain access and conduct malicious activities.
READ THE STORY: THN
Germany warns of industry shutdown if Russian gas stops flowing in 2024
Analyst Comments: The expiration of the gas transit agreement between Russia and Ukraine poses significant challenges for Germany and the European energy supply. The inability to reach a direct agreement between Ukraine and Russia increases the uncertainty surrounding the extension of the contract. Germany's Economy Minister's warning highlights the potential consequences for Germany's industrial capacity and the need for precautions to secure energy supplies. The situation emphasizes the importance of diversifying energy sources and infrastructure, such as the planned LNG terminal, to ensure energy security in Eastern Europe.
FROM THE MEDIA: The gas transit agreement between Russia and Ukraine, which allows Russian gas to flow through Ukraine to European countries, is set to expire next year. Direct negotiations between Ukraine and Russia for the extension of the transit contract appear unlikely in the current environment. Germany's Economy Minister, Robert Habeck, has warned that if the agreement is not extended, Germany may need to wind down or shut off industrial capacity. This could lead to supply restrictions or cuts for manufacturers in Germany and the need for Germany to export gas to offset the deficit in Eastern Europe. Habeck emphasized the importance of additional capacity, including a planned LNG terminal, to maintain energy supply in the region.
READ THE STORY: Modern Diplomacy
Micron chips in $600M for China memory facility despite Beijing sanctions
Analyst Comments: Micron's decision to invest in a Chinese factory despite being sanctioned as a security risk shows the company's commitment to its Chinese business and workforce. It may suggest that Micron anticipates the sanctions being lifted in the future. However, this investment also raises questions about how it aligns with the US government's efforts to discourage American companies from investing in China. Micron's investment in China is relatively small compared to its plans for a chip fabrication plant in the US. It remains to be seen how Micron's actions will be perceived in the context of US-China relations and the policies regarding investments in China.
FROM THE MEDIA: Despite being sanctioned by Chinese authorities as a security risk, US memory maker Micron plans to invest over $600 million in upgrading its chip packaging facility in Xi'an, China. The investment aims to introduce new high-performance packaging and testing equipment and construct a new factory for additional production lines. Micron intends to acquire all assets from Powercheng Semiconductor (Xi'an) Ltd (Licheng Xi'an), with the existing workforce transitioning to Micron. The move comes after China's Cyberspace Administration ruled Micron a national security threat, straining US-China relations. The investment in China follows Micron's plans to spend $100 billion on a memory chip fabrication plant in New York State.
READ THE STORY: The Register
TSMC’s US plant is the result of industrial policy meant to counter China, giving states like Arizona more economic heft (Chinese Media)
Analyst Comments: Arizona's success in securing the TSMC investment demonstrates the effectiveness of the US government's industrial policy and its focus on leveraging regional strengths. The state's existing semiconductor industry, educational initiatives, and infrastructure development have made it an attractive location for semiconductor manufacturers. The implicit promise of federal spending, coupled with Arizona's proactive efforts, played a crucial role in convincing TSMC to choose the state for its advanced fab. The geopolitical implications of the deal, amid US-China tensions, highlight the significance of industrial policy in shaping the global chip industry.
FROM THE MEDIA: Arizona's strength in the semiconductor industry, along with the promise of federal spending, played a significant role in attracting Taiwan Semiconductor Manufacturing Co (TSMC) to invest in a chip fabrication plant in the state. Despite recent tensions between the US and China, Arizona has emerged as a major beneficiary of the US government's industrial policy aimed at countering China's technological rise. The state has been actively developing educational pipelines to supply TSMC with skilled workers, and infrastructure investments are being made to support the plant. The deal with TSMC represents the largest foreign direct investment in the US, showcasing the impact of the government's efforts to promote domestic semiconductor manufacturing.
READ THE STORY: SCMP (China State Sponsered media)
Iran-Afghanistan Water Dispute and Regional Implications
Analyst Comments: The water dispute between Iran and Afghanistan is a longstanding issue that has been further exacerbated by the completion of the Kamal Khan Dam. The border clashes and Iran's response of closing a border crossing highlight the heightened tensions in the region. The responsibility for these tensions lies with the Taliban, and their actions raise concerns about the stability of the Afghan government. The water dispute is not limited to Iran and Afghanistan, as Pakistan is also seeking a water-sharing agreement with Afghanistan. These disputes could have a negative impact on regional stability and efforts by Pakistan and China to promote cooperation in the region.
FROM THE MEDIA: The water dispute between Iran and Afghanistan has been ongoing since the signing of a treaty in 1973. The recent completion of the Kamal Khan Dam in Afghanistan has further escalated tensions, with Iran alleging that the dam has reduced the water flow to Iran, violating the terms of the treaty. Border clashes between the two nations have intensified the situation, with Iran closing a vital border crossing in response. The responsibility for the tensions lies with the Taliban, raising concerns about the intentions of the Afghan government. Pakistan is also seeking a water-sharing agreement with Afghanistan but has seen no progress. These disputes could negatively impact regional stability and Pakistan-China efforts in the region.
READ THE STORY: Modern Diplomacy
China calls hacking report ‘far-fetched,’ accuses the U.S. of cyberattacks
Analyst Comments: The denial by China's government regarding the allegations made by Mandiant is not surprising, as it is a common response from nations accused of cyber espionage. China has consistently denied involvement in cyberattacks and has instead accused the United States of carrying out hacking activities. The rejection of the report serves as a reminder of the ongoing tensions between the two countries in the cybersecurity domain. The accusations and counter-accusations further highlight the need for improved international cooperation and dialogue to address cyber threats effectively. The findings of Mandiant's report, coupled with previous revelations of state-backed Chinese hacking activities, underscore the importance of robust cybersecurity measures and continued vigilance in protecting critical infrastructure and sensitive information.
FROM THE MEDIA: China's government has rejected a report by U.S. security firm Mandiant, which attributed cyberattacks to Chinese-linked hackers targeting public agencies and other entities worldwide. The Chinese foreign ministry spokesperson dismissed the report as "far-fetched and unprofessional," accusing the cybersecurity industry of overlooking hacking attacks conducted by the United States. The report was released ahead of U.S. Secretary of State Antony Blinken's visit to Beijing to improve strained relations. Mandiant's report detailed a significant cyber espionage campaign that exploited vulnerabilities in a Barracuda Networks email system, primarily targeting foreign ministries, government agencies, and academic organizations.
READ THE STORY: PBS
Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker
Analyst Comments: The lawsuit filed by Hanan Elatr Khashoggi against NSO Group highlights the allegations of abuse and human rights violations associated with the use of Pegasus spyware. The case brings attention to the potential impacts of surveillance technology on individuals and their families, causing fear, intimidation, and a loss of personal freedom. The lawsuit is part of broader efforts to hold spyware companies accountable for the misuse of their technology.
FROM THE MEDIA: Hanan Elatr Khashoggi, the widow of slain Saudi journalist Jamal Khashoggi, has filed a lawsuit against spyware purveyor NSO Group, alleging that the company's Pegasus software was used to spy on her, leading to her being detained, fearing for her family's safety, and living in a constant state of vigilance. The suit accuses NSO Group of violating federal and Virginia hacking laws by selling its spyware to repressive foreign governments. Pegasus software has been implicated in targeting dissidents, opposition politicians, and journalists in several countries. The lawsuit seeks unspecified damages and condemns NSO Group for infringing upon personal freedom, and privacy, and causing disastrous outcomes. NSO Group has not yet responded to the lawsuit.
READ THE STORY: The Record
The Chinese military had deep ties to Wuhan lab suspected of COVID-19 outbreak
Analyst Comments: The released cables add to the mounting evidence of the links between the WIV and the Chinese military, raising concerns about the lab's role in the origins of COVID-19. The information in the cables aligns with previous reports and statements from experts regarding the potential involvement of the WIV in the pandemic. These cables emphasize the need for transparency and a thorough investigation into the origins of COVID-19 to gain a comprehensive understanding of the events leading to the global health crisis.
FROM THE MEDIA: Recently released State Department cables reveal concerns about the connections between the Wuhan Institute of Virology (WIV) and the Chinese military. The cables, obtained through the Freedom of Information Act, suggest that the WIV engaged in classified research and collaborated with the Chinese military on secret projects. The Trump State Department's fact sheet from January 2021 also mentioned the WIV's collaboration with the Chinese military. The cables provide insights into the State Department's efforts to understand the role of the lab and its connections to the Chinese military during the pandemic.
READ THE STORY: Washington Examiner
Taiwan says will it keep talking to US on forex policies
Analyst Comments: The inclusion of Taiwan on the monitoring list indicates the U.S. government's continued scrutiny of its foreign exchange and economic policies. The statement from Taiwan's central bank emphasizes its commitment to ongoing dialogue with the U.S. Treasury, indicating a willingness to address any concerns and maintain a cooperative relationship.
FROM THE MEDIA: Taiwan's central bank has stated that it maintains smooth communication channels with the U.S. Treasury Department and will continue discussing foreign exchange policies with them. This comes after the United States included Taiwan on its monitoring list in the Treasury's semi-annual currency report. The report stated that no major U.S. trading partners manipulated their currencies for export advantages, and it ended "enhanced analysis" for Switzerland. However, Switzerland remains on the monitoring list, along with Taiwan, China, South Korea, Germany, Malaysia, and Singapore. Taiwan's central bank expressed its commitment to ongoing communication and dialogue with the U.S. Treasury on economic and exchange rate policies.
READ THE STORY: Reuters
Items of interest
Space industrialization
Analyst Comments: By providing specific statistics and highlighting the risks posed to satellites, spacecraft, and the environment, it raises awareness about the urgency of addressing this issue. The mention of increased light pollution and the connection to space tourism and missions further emphasizes the need for sustainable practices in space exploration. The call for action and the suggestion of innovative solutions demonstrate a proactive approach to mitigating the unintended consequences of space debris.
FROM THE MEDIA: Space debris, comprising abandoned spacecraft, parts, and wreckage, poses risks to space missions and the Earth's environment. With over 8,000 tons of debris generated from human space missions, the presence of space junk impacts the environment through increased night sky brightness and potential atmospheric effects. The growing population of smaller debris objects exacerbates the problem, with no viable method for cleanup currently available. While safety concerns have been raised by the United Nations and space-exploring countries, the environmental impact of space debris remains underexplored. Global leaders and researchers are urged to take action, advocating for the adoption of innovative technologies to reduce orbital debris generation.
READ THE STORY: Springer link
ELSA-M | End of Life Services by Astroscale (Video)
FROM THE MEDIA: The ELSA-M servicer will be able to support a range of future satellite operators, including constellations, which are equipped with a compatible magnetic capture mechanism such as the Astroscale Docking Plate. The mission is supported by the UK Space Agency through the Sunrise Programme which is run as a Public-Private Partnership between ESA and OneWeb. Astroscale has been working with OneWeb, one of the most mature LEO satellite constellation operators, for almost 5 years under the ESA Sunrise program.
SPACE JUNK - Fast And Dangerous | SPACETIME (Video)
FROM THE MEDIA: Humanity is leaving more and more traces in space. Every mission and every launch of a satellite means more objects in Earth's orbit. Countless parts are now orbiting our planet. But the waste means a growing danger - not only for manned spaceflight but also for functioning satellites, on which our digital infrastructure depends. Scientist and astronaut Ulrich Walter explain what space junk is made of and how it should be avoided in the future.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.