Daily Drop (532): Wagner mutiny, Uncovered ThirdEye, CNMF: Under Advisement, Google DeepMind, Poss. fallout in cyberspace, AI chip exports, Chinese carmakers, China’s $7tn energy overhaul
06-29-23
Thursday, Jun 29, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Putin freezes out hardliners after Wagner mutiny
Analyst Comments: The absence of Surovikin and the promotions of Putin loyalists suggest a major realignment within the Russian security apparatus. By elevating individuals who have publicly demonstrated their loyalty, Putin seems to be aiming to consolidate his control over the security services while attempting to minimize the influence of hardline elements within the military. The shifting dynamics within the security services could potentially impact Russia's military strategies and the conduct of its ongoing military operations. Furthermore, these changes could also serve to deter future coup attempts by signaling that any challenge to Putin's authority will be met with significant consequences.
FROM THE MEDIA: Russian President Vladimir Putin has implemented significant changes within Russia's security services following a failed insurrection by the Wagner Group, led by Yevgeny Prigozhin. Sergei Surovikin, a senior Russian general with close ties to Prigozhin, is reportedly missing since the start of the mutiny, causing significant speculation. On the other hand, Putin loyalist Viktor Zolotov has been promoted, and his police force, the National Guard, has been tasked with a larger role in the ongoing invasion of Ukraine. Putin's moves seem directed towards regaining control and restoring order after the coup attempt, which is the first in Russia in three decades.
READ THE STORY: FT
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
Analyst Comments: Despite being relatively unsophisticated, ThirdEye can gather useful information for future attacks, signifying a potential threat to system security. Given its recent discovery and unknown delivery method, organizations, particularly those Russian-speaking, should remain vigilant about potential phishing attacks. It is also crucial to maintain robust cybersecurity practices, including regularly updating and patching systems, using strong and unique passwords, employing reliable antivirus software, and promoting cybersecurity awareness among users.
FROM THE MEDIA: A new Windows-based information-stealer malware named ThirdEye has been discovered by Fortinet FortiGuard Labs. The malware, disguised as a PDF file with a Russian name, harvests sensitive data from infected hosts, collecting system metadata and transmitting the details to a command-and-control server. The delivery method for this malware remains unknown, but the nature of the PDF file suggests a phishing campaign. The first ThirdEye sample was detected on VirusTotal on April 4, 2023. The malware is presumed to be targeting Russian-speaking organizations.
READ THE STORY: THN
Cyber Command to expand 'canary in the coal mine' unit working with private sector
Analyst Comments: The expansion of the "Under Advisement" program reflects the U.S. military's recognition of the critical role of public-private cooperation in the realm of cyber defense. The move comes amid growing threats in the cyber domain and serves as an important step towards enhancing the nation's cyber defenses. The program has proven beneficial in facilitating real-time threat information sharing, enabling quicker response times to potential cyber threats.
FROM THE MEDIA: The U.S. Cyber Command is planning to double the size of its "Under Advisement" program, a team of technical experts that serves as a crucial link between the military and private sector for cyber defense. The program will grow from a dozen to two dozen personnel over the next year, as confirmed by Army Lt. Col. Jason Seales, the chief of private sector partnerships for the command. The program, initiated around the 2020 presidential elections, facilitates the exchange of information regarding potential malicious cyber activities between the government and private sector, with a key focus on aiding defense planning and bolstering information sharing.
READ THE STORY: The Record
Google DeepMind’s CEO Says Its Next Algorithm Will Eclipse ChatGPT
Analyst Comments: Gemini's development marks a potential leap forward in AI technology. By combining the strengths of large language models and reinforcement learning techniques, Gemini may result in an AI model capable of understanding and navigating complex problems more effectively. However, the application of such advanced AI capabilities does raise concerns, particularly around misuse of technology and the potential for it to become uncontrollable. It will be crucial for DeepMind and the broader AI community to continue exploring AI safety measures and maintain open communication and collaboration among researchers to mitigate these risks.
FROM THE MEDIA: DeepMind, Google's AI lab, is developing an artificial intelligence system called Gemini, which aims to surpass the capabilities of OpenAI's GPT-4, the technology that powers ChatGPT. Gemini is a large language model similar to GPT-4 but will incorporate techniques used in DeepMind's AlphaGo to enhance its problem-solving and planning abilities. The AlphaGo techniques involve reinforcement learning and tree search methods. DeepMind's CEO, Demis Hassabis, believes that combining these methods with the large language models will lead to significant innovation. Gemini's development could take several months and potentially cost hundreds of millions of dollars.
READ THE STORY: Wired
Swiss intelligence warns of fallout in cyberspace as West clamps down on spies
Analyst Comments: The report from FIS indicates that the geopolitical tensions resulting from the Russia-Ukraine conflict are driving shifts in intelligence gathering tactics, with a greater reliance on cyber espionage. As the accessibility of human intelligence assets reduces, digital infiltration becomes a more feasible and attractive option for intelligence collection. Critical infrastructure, financial service providers, state administrations, and businesses dealing with large volumes of sensitive data need to ramp up their cybersecurity defenses in anticipation of these potential threats.
FROM THE MEDIA: Switzerland's Federal Intelligence Service (FIS) warns of an expected increase in cyber espionage targeting critical infrastructure operators, owing to the Western countries' efforts to diminish Russia’s human intelligence networks in Europe. As per FIS's annual report, intelligence services across the globe will need to enhance their capabilities to procure data domestically and internationally. Key targets would include entities handling large volumes of sensitive data, such as financial service providers, state administrations, and critical infrastructure operators. The warning comes after European governments expelled several hundred Russian spies following Ukraine's invasion.
READ THE STORY: The Record
US considers tougher restrictions on AI chip exports to China
Analyst Comments: The hacking of EncroChat and the subsequent arrests mark a significant achievement for law enforcement in combating organized crime, demonstrating the potential impact of cyber operations in modern policing. However, the method of intrusion and the legal grounds for the operation continue to spark controversy, with the device used to access the encrypted communications kept secret due to national security concerns. This suggests that the balance between privacy rights and national security interests continues to be a challenging and contentious issue in the digital age.
FROM THE MEDIA: Three years following a police operation to infiltrate the EncroChat encrypted communication service, which was extensively utilized by criminals, more than 6,500 suspects have been arrested, according to law enforcement officials. Representatives from the French and Dutch criminal justice systems shared this data at a press conference marking the third anniversary of the EncroChat operation. Over the past three years, operations based on EncroChat data have resulted in the seizure of a significant quantity of illegal drugs, weapons, cash, and other assets, and have prevented approximately 100 assassinations.
READ THE STORY: The Record
What History Could Have Taught Putin About the Loyalty of Mercenaries
Analyst Comments: While the Wagner mercenaries are generally better paid than regular Russian soldiers, the question of loyalty arises - are they loyal to Putin or to Prigozhin? Putin's decision to rely heavily on a large mercenary army from a single source may have been a critical misstep. This allowed Prigozhin to accumulate significant power, posing a direct challenge to Putin's authority. While history provides instances where the use of mercenaries proved strategically beneficial, the key lies in managing them effectively, as underlined by Maurice, Prince of Orange's principles of ensuring mercenaries are 'well-chosen, well-fed, and well-paid.' By these standards, Putin's handling of the Wagner Group appears questionable, particularly regarding the selection and logistical support.
FROM THE MEDIA: Yevgeny Prigozhin, the chief of Wagner Group, a private military contractor, recently challenged Russian President Vladimir Putin, marking a surprising shift in power dynamics in Russia. Prigozhin's mercenaries reportedly abandoned the Ukrainian battlespace and occupied Rostov-on-Don, a critical command center for Russia's war in Ukraine, actions interpreted by many as a rebellion against Putin. While the crisis was averted with Prigozhin's exile to Belarus and the cease of Wagner's march on Moscow, it has ignited a debate on the efficacy and dangers of employing mercenaries.
READ THE STORY: Modern Diplomacy
The Chinese carmakers planning to shake up the European market
Analyst Comments: China's advancement in the EV market, driven by both state-led support and entrepreneurial agility, presents a serious challenge to Europe's traditional automakers. The transition away from combustion engines towards electric vehicles provides Chinese manufacturers a level playing field, as the "race has started again". The Chinese companies' ambition, combined with the support from the Chinese government focused on energy and technological self-sufficiency, means they are likely to make substantial inroads into the European market.
FROM THE MEDIA: Chinese carmakers, led by companies like Nio and BYD, are making aggressive moves into the European market. Following the dominance of their home market, where China buys proportionately more electric vehicles than any other country, Chinese manufacturers are leveraging their expertise in electric vehicle and battery technology to challenge Europe's established automakers. Their ambitions are fueled by the impending ban on petrol and diesel engines in Europe by 2035, opening up a massive opportunity for electric vehicles. Companies like Chery, China's largest car exporter, plan to significantly increase their presence in the European market in the coming years.
READ THE STORY: FT
Russian cyber expert arrested in Kazakhstan, triggering a showdown between US and Moscow
Analyst Comments: Kislitsin's arrest signifies a possible change in the geopolitical landscape, particularly in how former Soviet states, like Kazakhstan, are dealing with cybersecurity and cybercrime. The incident might be indicative of increasing international cooperation in the cybercrime sphere, reflecting on the evolving cybersecurity dynamics globally. The fact that both the U.S. and Russia are seeking Kislitsin's extradition underscores the cross-border nature of cybercrime and the complexities involved in international cybersecurity law enforcement. Given the precedence set by the Dmitry Zubakha case, there is potential for Kislitsin to evade U.S. extradition if he is extradited to Russia first.
FROM THE MEDIA: Nikita Kislitsin, a renowned Russian cybersecurity expert, was arrested in Kazakhstan last week upon the request of the U.S. Kislitsin is charged with the unauthorized sale of usernames and passwords of American customers of the social media platform, Formspring, back in 2012. Kislitsin formerly served as the head of network security at Group-IB and its Russia-based affiliate, F.A.C.C.T. Both his former employers deny that his arrest is related to his roles at their companies, with F.A.C.C.T. attributing the charges to his tenure "as a journalist and independent researcher."
READ THE STORY: The Record
Wagner Mutiny Puts Russia’s Military Bloggers on a Razor’s Edge
Analyst Comments: The rise of the voenkory illustrates a global trend of shifting information dissemination and consumption in the digital age. The popularity of these bloggers indicates a substantial demand for alternative news sources, particularly in situations of conflict where official information is limited or manipulated. This can be a powerful tool in shaping public opinion. However, it also comes with risks. These bloggers' positions, while providing an alternative perspective, are often heavily influenced by their personal biases and affiliations, leading to potential misinformation or propaganda.
FROM THE MEDIA: Vladlen Tatarsky's elaborate funeral highlights the rising influence of nationalist bloggers in Russia, particularly during the ongoing Ukraine conflict. Known as voenkory or military correspondents, these individuals, primarily active on Telegram, have stepped in to fill the information vacuum left by the government. They provide updates and narratives about the front lines of the war, amassing massive followings. Their influence was evident when Yevgeny Prigozhin, a Putin ally and chief of the Wagner mercenary group, attempted a coup in June, causing these bloggers to navigate the situation cautiously. Despite their shared nationalism and pro-war stance, their affiliations are mixed—some are aligned with the Kremlin, others with Wagner, and a faction with military veterans.
READ THE STORY: Wired
China’s $7tn energy overhaul sparks battery ‘gold rush’
Analyst Comments: The cybersecurity breach at Suncor Energy highlights the ongoing threat faced by the energy industry from cyber criminals. The incident underscores the vulnerabilities in critical infrastructure and the potential for disruptions in fuel supply and operations. As cyber threats continue to evolve and become more sophisticated, companies in the energy sector must remain vigilant and prioritize cybersecurity measures to protect their assets, data, and operations.
FROM THE MEDIA: Suncor Energy, a Calgary-based oil company, has experienced a significant cybersecurity breach, possibly the most significant in Canadian oil and gas history, according to experts. The company confirmed the cyberattack after reports emerged of issues at its Petro-Canada gas stations, including difficulties with credit and debit card payments and access to car wash services. The extent and details of the attack have not been disclosed. Cybersecurity experts have warned for years that the Canadian energy industry is an attractive target for cybercriminals due to the high value of its assets and customer dependence on its products. The Canadian Centre for Cyber Security has identified ransomware as the main threat to the oil and gas sector.
READ THE STORY: FT
Pornhub Is Being Accused of Illegal Data Collection
Analyst Comments: These allegations, if proven, indicate significant GDPR violations, as consent is a cornerstone of the regulations. The complaint highlights the broader challenges of data privacy in the digital age, where user behavior is routinely tracked and profiled for targeted content or advertising, often without explicit consent or knowledge. Legal resolution may take years but could have significant repercussions for Pornhub and similar sites, especially given increasing global regulatory scrutiny of online adult content. The case underscores the need for greater transparency and user control in data collection and sharing practices in the digital industry.
FROM THE MEDIA: Pornhub, one of the world's largest adult websites, is facing legal challenges across Europe concerning its data handling practices. The company allegedly violates Europe's General Data Protection Regulation (GDPR) rules, according to a new complaint filed by activists and researchers in Italy. The claim alleges that Pornhub doesn't permit users to opt out of being tracked by cookies, lacks clarity about data shared with third parties, and assigns sexual preferences to individuals based on viewed videos. The complaint is based on technical analysis of Pornhub's website and privacy practices, further building on previously undisclosed complaints in Italy and Cyprus.
READ THE STORY: Wired
‘Traitors must be shot’: Vladimir Putin’s truce with Wagner teeters on edge
Analyst Comments: The fragility of the truce between the Kremlin and Wagner underscores the challenges in managing private military contractors and their loyalty to the state. The disagreement over Prigozhin's status and the continued presence of Wagner fighters in Russia highlight the complexities of bringing such entities under control. The fate of Wagner and its fighters will have implications for Russia's military operations and influence in conflicts abroad. It remains to be seen whether the Kremlin can effectively integrate Wagner into the regular armed forces or if the group will continue to operate independently.
FROM THE MEDIA: The truce between the Kremlin and the Wagner private military contractor in Russia is facing challenges just two days after being agreed upon. Yevgeny Prigozhin, the founder of Wagner, is still under investigation for organizing the mutiny, despite promises that he would not face charges. Locals in Voronezh reported seeing Wagner fighters in the city after officials said they had left. Meanwhile, loyalists of Russian President Vladimir Putin have called for harsh measures against Prigozhin, including death, for his role in the uprising.
READ THE STORY: FT
Fears grow of deepfake ID scams following Progress hack
Analyst Comments: This breach presents a concerning escalation in cybercriminal activity, highlighting both the vulnerability of complex digital systems and the sophistication of modern cybercriminals. The risk is not just the immediate impact of the breach but the potential long-term exploitation of the stolen data. The high value and volume of the personal information taken suggest that the consequences could be far-reaching and long-lasting. This breach underscores the critical importance of robust cybersecurity measures, including continuous updating and patching of software vulnerabilities, and the development of advanced detection and defense mechanisms against deepfake technology.
FROM THE MEDIA: The Massachusetts-based software maker Progress Corp has suffered a significant cyber breach, in which the Russian-speaking gang, Cl0p, stole sensitive data from hundreds of companies and government agencies, including Shell, British Airways, PwC, and the Department of Agriculture. This data breach included detailed personal information of millions of individuals. Experts warn this could lead to a rise in deepfake scams, whereby criminals create digital likenesses of individuals to bypass security checks or claim government benefits. The stolen data was secured through a vulnerability in Progress Corp's MOVEit software.
READ THE STORY: FT
US considers tougher restrictions on AI chip exports to China
Analyst Comments: The decision to tighten export controls on AI chips signifies escalating tensions between the U.S. and China over technological supremacy. Given the critical role that these chips play in advancing AI research and development, stricter export controls could hinder China's AI advancements but may also harm U.S. companies by limiting their potential markets. It also marks a continuation of the U.S. policy to ensure its technology does not aid potential military advancements of adversarial nations. However, this could lead to retaliatory measures from China, adding further complexity to the already strained relations.
FROM THE MEDIA: The Biden administration is considering implementing new export controls on artificial intelligence (AI) chips, as part of its efforts to limit China's access to technology with potential military applications. The U.S. Department of Commerce is reportedly preparing to revise export controls introduced in October 2021 in a way that could prevent companies such as Nvidia and Advanced Micro Devices from selling advanced chips to China. This would have a significant impact on companies like Nvidia, which has already designed new graphics processing unit chips in response to the controls implemented last year.
READ THE STORY: FT
Tracking atrocities in Sudan: 'The world has become significantly less anonymous for war criminals'
Analyst Comments: The application of technology, particularly the integration of satellite imaging and open-source intelligence, has been pivotal in documenting human rights abuses in conflict regions. The ability to predict attacks before they occur based on patterns and local intelligence could potentially save countless lives and is a significant advancement in the field of humanitarian intervention.
FROM THE MEDIA: Since April, fighting between two factions of Sudan's army has escalated, moving from the capital, Khartoum, to western Darfur. This has raised significant concern, as Darfur was the site of a genocide that started in 2003, killing hundreds of thousands. However, the situation now differs from 2003 due to advances in technology. Using low-orbit satellites, researchers like Nathaniel Raymond and his team at Yale’s Humanitarian Research Lab can document human rights abuses in near real-time. They're also working to predict attacks before they occur. Raymond's team previously used satellite analysis and open-source intelligence in Darfur more than a decade ago, and now they're returning with improved tools to address the ongoing crisis.
READ THE STORY: The Record
Items of interest
Understanding Africa’s Love for Russian Wagner, What Next After its Liquidation?
Analyst Comments: The internal conflict between Russia's MoD and the Wagner Group reflects Russia's broader struggle to reconcile its use of unofficial military entities like the Wagner Group with its official military structure. While this may not result in immediate destabilization, it does expose fault lines in Russia's military and political establishment that could be exploited or could cause problems in the future.
FROM THE MEDIA: Recent events involving the Russia’s Ministry of Defense (MoD) and the Wagner Group, a private military contractor, highlight internal disputes within Russia's military structure. Comparisons have been drawn to the current political-military situation in the Republic of Sudan, where infighting between Sudan’s Armed Forces (SAF) and a paramilitary group, the Rapid Support Forces (RSF), has led to an unstable political climate. In Russia, the leader of the Wagner Group, Yevgeny Prigozhin, criticized the Russian Defense Ministry's attempts to formalize the relationship between the military and the group. He accused top military leaders of causing the deaths of many Wagner contractors and even threatened to launch an armed uprising. Eventually, Prigozhin relocated to Belarus for personal safety and national security reasons.
READ THE STORY: Modern Diplomacy
How Super Hackers Take Total Control With One Click (Video)
FROM THE MEDIA: The Pwn2Own contest challenges the world's greatest hackers to find vulnerabilities in common software, phones, and OSes -- and tech companies pay big bucks for it.
The Mystery of the Middle East's Cyber Mercenaries (Video)
FROM THE MEDIA: The Kazakhstani government tried to silence a critical journalist. But when she also became the target of a phishing scam, tracking the hackers opened a rabbit hole into a massive but shoddy spying operation. Who was really behind it? And why was all the hacked data dumped onto the open Internet?
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.