Daily Drop (534): China: Strategic Shift, HTML Smuggling, US: India Relations, Mexico-Based Actor, Poly Network: Suspends Service,DPRK: Spy Sat
07-05-23
Wednesday, Jul 05, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
China accuses US of turning Taiwan into a powder keg with its latest sales to self-governing island
Analyst Comments: This recent sale of US military equipment to Taiwan further complicates the already tense US-China relations, particularly concerning Taiwan. As the US continues its support to Taiwan under its 'One China' policy, China perceives this as an intrusion into its internal affairs, escalating tensions across the Taiwan Strait. It also raises questions about potential military confrontations in the region. The reactions and support of other global players, such as the European countries and Asian allies like Japan, South Korea, and the Philippines, could play a crucial role in maintaining peace and stability in the region. The recent moves by Honduras, which has shifted its allegiance from Taiwan to China, and the revelation of the Chinese spy base in Cuba, underscore China's increasing influence and intelligence capabilities, making it a major player on the global stage.
FROM THE MEDIA: The US State Department has approved a military equipment sale worth $440.2 million to Taiwan, drawing criticism from China's Defense Ministry, which accused the US of escalating tensions in the Taiwan Strait. The approved sale includes ammunition, spare parts for Taiwan's vehicles, small arms, combat weapon systems, and logistical support items. China, which views Taiwan as its own territory, said it had lodged "stern representations" with the US. Meanwhile, Taiwan's foreign minister has asked for European countries' support to maintain peace and stability in the Indo-Pacific region.
READ THE STORY: AP
Russia’s Cyber Gulag Grows to Gag Anti-War Voices
Analyst Comments: The increase in Russia's surveillance measures indicates a strengthening of control over its domestic population. This "digital authoritarianism" aligns with similar practices seen in other authoritarian regimes and signifies a concerning erosion of civil liberties. It may lead to an even greater chilling effect on free speech and dissent, potentially stifling opposition voices within the country. The utilization of advanced technology like AI and facial recognition suggests a growing trend of technological weaponization by states to suppress dissent. The international exchange of these technologies, as in the case of Russia and Iran, poses a threat to global digital freedoms and human rights. It sets a dangerous precedent and indicates the potential for widespread application of such surveillance technologies in other oppressive regimes. The ramifications of such pervasive surveillance extend beyond domestic concerns and involve international security issues. The capabilities can be used not only to suppress internal dissent but also for foreign espionage and cyber warfare activities.
FROM THE MEDIA: Russia has significantly expanded its surveillance capabilities to monitor its citizens, especially those who oppose its actions in Ukraine, according to a New York Times report. The measures, termed "digital authoritarianism," include tracking activity on encrypted apps, identifying anonymous social media users, and accessing people's accounts. The majority of these tools are owned by Citadel Group, previously part-controlled by sanctioned oligarch Alisher Usmanov. Following Russia's full-scale invasion of Ukraine in 2022, censorship and prosecution rates for social media comments increased dramatically. In 2023, Russia's internet regulator, Roskomnadzor, deployed an AI system, Oculus, to detect banned online content. Additionally, facial recognition technology has been used to monitor and detain protestors, with an estimated 250,000 cameras in use in Moscow alone. Russia has also reportedly traded advanced surveillance technology to Iran in exchange for drones.
READ THE STORY: Kyiv Post
Recent Chinese cyber intrusions signal a strategic shift
Analyst Comments: The Five Eyes' disclosure indicates a shift from cyber espionage for intellectual property theft to offensive cyber intrusions for strategic effects, necessitating long-term access to the adversary's network. This shift, and the broadening of the scope of cyber operations, could signal the maturation of the integration of joint information warfare forces into the PLA, thus challenging previous assumptions about the relationships within the Chinese cyber establishment. The alternative theory posits that the MSS or a team of contractors was gathering intelligence to prepare for a future battlefield. These revelations demand an in-depth, transparent evaluation by interdisciplinary experts to fully understand the implications and potential consequences of these strategic developments in China's cyber operations.
FROM THE MEDIA: On May 25, the Five Eyes intelligence-sharing network, comprising Australia, Canada, New Zealand, the UK, and the US, released a coordinated disclosure on a state-sponsored cyber hacking group, 'Volt Typhoon', linked to the Chinese government. Chinese state-sponsored cyber threats generally come from two primary government structures: the Ministry of State Security (MSS) and the Strategic Support Force (SSF). The SSF is a joint information warfare command of the People's Liberation Army (PLA). The 'Volt Typhoon' group has been observed infiltrating critical infrastructure since 2021, but the recent intelligence suggests a shift in strategy and further advancement in the Chinese cyber establishment.
READ THE STORY: ASPI
Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX
Analyst Comments: The SmugX campaign's use of HTML smuggling showcases a significant degree of sophistication, leveraging complex techniques to evade detection and infiltrate target systems. The campaign highlights the increasingly sophisticated and persistent nature of cyber threats, particularly those believed to be state-sponsored. It is crucial that organizations, especially governmental entities, take steps to strengthen their cyber defenses, educate their staff on spear-phishing tactics, and regularly conduct cybersecurity audits to prevent such threats. The use of HTML smuggling, coupled with low detection rates, emphasizes the need for robust, advanced threat detection and response solutions.
FROM THE MEDIA: A Chinese nation-state group has been observed using HTML smuggling techniques to infiltrate European foreign affairs ministries and embassies, deploying the PlugX remote access trojan. Cybersecurity firm Check Point has been tracking this ongoing activity, dubbed SmugX, since December 2022. HTML smuggling employs HTML5 and JavaScript features to build and launch malware through decoy documents attached to spear-phishing emails. The suspected threat actor behind the operation, Mustang Panda, is yet to be confirmed. The PlugX malware, dating back to 2008, enables operators to carry out file theft, screen captures, keystroke logging, and command execution.
READ THE STORY: THN // TheRecord
The West needs to get real about India
Analyst Comments: While engaging with India remains important given its global significance, Western countries must exercise a measured approach. They should align their expectations with the reality of India's economic potential, understanding that it may not become an immediate rival to China. They should also appreciate India's policy of strategic autonomy, which implies that India may not always align with the West's interests, particularly in conflicts where India's security isn't directly threatened. The West needs to critically assess the claim of shared democratic values, taking into account the nuances of India's democratic practice under the Modi government. In essence, the West must seek to understand and engage with India as it truly is, rather than how it ideally might be. This approach will ensure more realistic expectations, reducing the risk of future disappointments and enhancing the effectiveness of diplomatic and strategic engagements.
FROM THE MEDIA: The United States and other Western countries have shown significant interest in strengthening ties with India, seeing it as a vital strategic partner, primarily in light of the perceived threat from China. This focus has been reflected in high-profile diplomatic engagements, including a full state visit to the US by Indian Prime Minister Narendra Modi. The courtship gained momentum with the 2008 US-India nuclear deal. Despite India's appeal, growing from its vast population and increasing wealth, there are three crucial reasons that might warrant the West to reassess its overtures towards India.
READ THE STORY: ASPI
Mexico-Based Hacker Targets Global Banks with Android Malware
Analyst Comments: The activities of actors such as Neo_Net and Anatsa reveal an evolving landscape of cyber threats. The use of mobile malware, particularly in phishing and smishing campaigns, continues to be a significant risk to both financial institutions and their customers. While the tools and tactics used are described as relatively unsophisticated, their tailored application and apparent effectiveness highlight the need for robust cybersecurity measures and ongoing vigilance. The significant theft of funds and compromise of PII underline the potential damage such attacks can inflict.
FROM THE MEDIA: Neo_Net, an e-crime actor from Mexico, has reportedly led a global mobile malware campaign from June 2021 to April 2023, primarily focusing on Spanish and Chilean banks. Security researcher Pol Thill and SentinelOne have linked Neo_Net to the theft of over 350,000 EUR and the compromise of thousands of victims' personally identifiable information (PII). The attacker targeted major banks such as Santander, BBVA, CaixaBank, Deutsche Bank, Crédit Agricole, and ING. The actor used unsophisticated but effective tools, such as SMS phishing and fraudulent banking applications, to exfiltrate user credentials and two-factor authentication (2FA) codes. Additionally, Neo_Net developed a smishing-as-a-service offering called Ankarex, used for launching smishing campaigns. In a separate but related development, ThreatFabric reported a new banking trojan campaign known as Anatsa (or TeaBot) that targeted banking customers in the U.S., U.K., Germany, Austria, and Switzerland starting in March 2023.
READ THE STORY: THN
Crypto platform Poly Network suspends service after hacker steals millions of dollars in digital assets
Analyst Comments: Despite the fact that DeFi platforms operate on blockchain technology, which is known for its robust security measures, they are not invulnerable to cyber threats. The hackers exploited this vulnerability, minting an astronomical amount of cryptocurrency tokens. Yet, their success may be short-lived due to the low liquidity of these platforms, which would make cashing out the stolen assets challenging. The fact that this is the second major attack on Poly Network within a relatively short span of time raises serious concerns about the platform's security measures. This recurring breach could significantly impact the platform's reputation and user trust, and may necessitate a comprehensive review and overhaul of its security infrastructure. Furthermore, the hack could stir up more debates on the need for regulation or more robust security standards in the burgeoning DeFi sector. It's noteworthy that Binance and other platforms connected to Poly Network responded quickly, showing a degree of preparedness and cooperation within the crypto community when dealing with such incidents.
FROM THE MEDIA: Over the weekend, the China-based decentralized finance (DeFi) platform Poly Network was hacked, with millions of dollars worth of cryptocurrency stolen. The cyberattack affected 57 assets on 10 different blockchains, including Ethereum, Binance’s BNB Chain, Metis, Polygon, and more. Poly Network has suspended services and initiated communication with centralized exchanges, law enforcement agencies, and blockchain security firms to resolve the issue. Due to the hack, the attackers minted billions of dollars worth of cryptocurrency on platforms with inadequate liquidity to cash out. Estimates of the true value of stolen funds range from $10.1 million to $20 million. Binance CEO Changpeng Zhao assured that Binance users were not affected. Other platforms connected to Poly Network also paused their operations in response to the incident.
READ THE STORY: The Record
DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors
Analyst Comments: The emergence of this new version of the DDoSia tool demonstrates the continuous evolution of cyber threats and the commitment of the threat actors to maintain and improve their tools. The incorporation of encryption to conceal the target list indicates the increasing sophistication of their tactics. The tool's distribution method via Telegram suggests a relatively broad and accessible attack base, likely resulting in a more diverse range of victims. The group's focus on targets in Europe, Australia, Canada, and Japan underscores its global reach and potential geopolitical motivations. The overlap of this development with the U.S. CISA's warning of targeted DoS and DDoS attacks against organizations in multiple sectors highlights the severity and widespread nature of these threats. Such attacks can lead to substantial financial, operational, and reputational costs for affected organizations.
FROM THE MEDIA: The creators of the DDoSia attack tool have released a new version that incorporates a novel mechanism to retrieve the list of targets for DDoS (Distributed Denial-of-Service) attacks. According to cybersecurity company Sekoia, the revised tool, written in Golang, has additional security mechanisms to conceal its targets. The threat actors, a pro-Russian hacker group named NoName(057)16, have been active since 2022 and primarily target entities in Europe, Australia, Canada, and Japan. From May 8 to June 26, 2023, they impacted 486 different websites. The group distributes DDoSia through Telegram via a fully automated process in return for cryptocurrency payment.
READ THE STORY: THN
Russian Satellite Internet Downed via Attackers Claiming Ties to Wagner Group
Analyst Comments: While the exact identity of the threat actor remains unconfirmed, the incident emphasizes the significant risks that cyber threats pose to critical infrastructures such as satellite communications. The impact of the attack, which has reportedly disrupted communications for military and energy sectors, underscores the strategic value of such targets. If the claims of the Wagner Group's involvement are true, this could represent an instance of cyber warfare being used in intra-state conflicts. On the other hand, if the Ukrainian military is indeed responsible, it illustrates how cyber capabilities are being leveraged in the ongoing Russia-Ukraine conflict. The potential use of a third-party cloud provider as the entry point for the attack serves as a reminder of the extended risk surface that comes with the adoption of cloud services.
FROM THE MEDIA: In the early hours of June 29, Dozor-Teleport, a Russian satellite Internet provider that services the country's military and energy sectors, was knocked offline due to a cyberattack. The Wagner Group, a mercenary army once allied with Russia but now reportedly in opposition to Putin's government, claimed responsibility for the attack. However, experts remain skeptical of this claim. According to Russian reports, the company could take up to two weeks to fully recover. Dozor-Teleport's general director, Alexander Anosov, confirmed the breach and said preliminary investigations point to the company being breached through a third-party cloud provider. The attackers claimed on Telegram that they delivered malware to several satellite terminals, causing them to go offline.
READ THE STORY: DarkReading
Japan’s largest port stops operations after ransomware attack
Analyst Comments: The ransomware attack on the Port of Nagoya has significant implications, both economically and operationally, for Japan. Given the port's crucial role in Japan's trade, the attack's disruption of container processing has wide-ranging effects, potentially impacting supply chains and causing financial losses. This event highlights the critical importance of cybersecurity in the infrastructure sector and the potential impact that a successful cyberattack can have on a country's economy and essential services.
FROM THE MEDIA: The Port of Nagoya, Japan's largest and busiest port, has been hit by a ransomware attack that has affected the operation of its container terminals. The attack, which occurred on July 4, 2023, at approximately 06:30 AM local time, disrupted the "Nagoya Port Unified Terminal System" (NUTS), the central system controlling all container terminals in the port. As a result, all container loading and unloading operations using trailers have been halted, causing significant financial losses and disrupting the flow of goods in and out of Japan. The port, which handles about 10% of Japan's total trade volume, is used by major automaker Toyota to export most of its cars. The identity of the threat actor responsible for the attack is yet unknown.
READ THE STORY: Bleeping Computer
Chip War Intensifies As China Threatens More Retaliation Against U.S. Export Controls
Analyst Comments: The escalating trade tensions between the US and China have taken a new turn with China's threat to restrict exports of key materials used in the production of advanced chips and other high-tech components. This move represents a significant step in the ongoing tech cold war, as it can severely impact global supply chains and potentially hamper the ability of many companies to manufacture products. The move can also be seen as a strategic one, aimed at pressuring the US to relax its restrictions on China's access to advanced computer chips. This further heightens the risk of a broader trade conflict that could impact a range of industries and markets worldwide.
FROM THE MEDIA: In a retaliatory move, Chinese officials have warned of further measures against the US, following Washington's attempts to limit China's access to advanced computer chips. As part of these measures, China's Commerce Ministry has announced restrictions on the export of gallium and germanium - critical materials in the production of high-tech components - from August 1st, citing national security interests. While the US has yet to respond, fears are growing that China may also curb the export of rare earth elements, vital for the manufacture of semiconductors and electric vehicles. China is the leading global producer of these materials, and this move has the potential to significantly impact the global tech industry.
READ THE STORY: Forbes
China accuses US of turning Taiwan into a powder keg with its latest sales to self-governing island
Analyst Comments: This recent sale of US military equipment to Taiwan further complicates the already tense US-China relations, particularly concerning Taiwan. As the US continues its support to Taiwan under its 'One China' policy, China perceives this as an intrusion into its internal affairs, escalating tensions across the Taiwan Strait. It also raises questions about potential military confrontations in the region. The reactions and support of other global players, such as the European countries and Asian allies like Japan, South Korea, and the Philippines, could play a crucial role in maintaining peace and stability in the region. The recent moves by Honduras, which has shifted its allegiance from Taiwan to China, and the revelation of the Chinese spy base in Cuba, underscore China's increasing influence and intelligence capabilities, making it a major player on the global stage.
FROM THE MEDIA: The US State Department has approved a military equipment sale worth $440.2 million to Taiwan, drawing criticism from China's Defense Ministry, which accused the US of escalating tensions in the Taiwan Strait. The approved sale includes ammunition, spare parts for Taiwan's vehicles, small arms, combat weapon systems, and logistical support items. China, which views Taiwan as its own territory, said it had lodged "stern representations" with the US. Meanwhile, Taiwan's foreign minister has asked for European countries' support to maintain peace and stability in the Indo-Pacific region.
READ THE STORY: AP
North Korea’s Failed Spy Satellite Wasn’t Ready for Military Use, Seoul Analysis Shows
Analyst Comments: The failed launch signifies a setback in North Korea's pursuit of more advanced surveillance and potential nuclear strike capabilities, but it also demonstrates their determination to continue testing such technologies. The country's disregard for international norms concerning rocket testing is a cause for concern. Despite the current technological limitations, the intention to enhance military and surveillance capabilities poses significant security risks to the region and beyond.
FROM THE MEDIA: North Korea's first attempt to launch a spy satellite into space ended in failure, with the satellite exploding mid-flight and falling into the Yellow Sea. South Korea, after a joint analysis with the US of the recovered debris, announced on July 5, 2023, that the North Korean satellite should not be considered military grade. Specifics about the satellite's components, its engine, and the fuel used in the rocket were not discussed. South Korea's assessment implies that North Korea is far from achieving global standards for military use. Despite the failed test, North Korea has promised to attempt another satellite launch in the near future.
READ THE STORY: WSJ
Items of interest
China’s efforts to understand Europe remain a work in progress
Analyst Comments: China seems to be grappling with the depth of Europe's principled stance on Ukraine and appears unable to navigate the ideological differences. Its interpretation of the Ukraine conflict is heavily skewed by its long-standing suspicion of NATO and its own political bias, which complicates its understanding of the situation. China's attempt to soften its language and charm Europe hints at a strategic goal to divide and conquer European alliances. However, its understanding of European solidarity appears flawed, and its tactics might not yield the expected results. In the end, the sustainability of European unity over Ukraine will be a decision for Europeans themselves.
FROM THE MEDIA: China's understanding of European support for Ukraine has been characterized by a significant cognition gap. Chinese international relations experts, focused heavily on economic interests and power, underestimated Ukraine's resistance to Russian aggression and the level of European backing for Ukraine. The Chinese leadership also failed to anticipate the damage that President Xi Jinping's close relationship with Russia's Vladimir Putin could inflict on Beijing's foreign relations. China's elite now attribute Europe's support for Ukraine to the resurgence of ideology, asserting that it has clouded Europe's ability to identify its real interests. However, Europeans see their backing for Ukraine as grounded in principles such as peace, sovereignty, and collective self-defense. The Chinese narrative is largely influenced by its historical suspicion of NATO, leading it to align with Russia's portrayal of the organization as an aggressor. China's recent attempts to understand European perspectives reveal a shifting narrative, from predicting economic chaos in Europe to identifying potential weaknesses in European alliances over Ukraine.
READ THE STORY: FT
Noam Chomsky - Manufacturing Consent (Video)
FROM THE MEDIA: In "Manufacturing Consent," Noam Chomsky argues that the primary function of the mass media in the US is to mobilize public support for the special interests that dominate the government and private sector. These interests are held by a relatively concentrated network of major corporations and conglomerates that control the major executive positions in the government, own the media, and dominate the resources needed to satisfy their interests. Chomsky outlines a propaganda model, in which the elite media sets the general framework for national and international affairs, and shapes the perception of the current world on the part of the politically active educated classes.
Noam Chomsky: On China, Artificial Intelligence, & The 2024 Presidential Election (Video)
FROM THE MEDIA: The transcript is an interview with Noam Chomsky covering various topics such as the upcoming 2024 Presidential Election, climate change, nuclear war, artificial intelligence, American democracy, and global politics. Chomsky expresses his concern about the destruction of human life on Earth due to the threat of nuclear war and the impact of climate change. He also criticizes the Republican Party, calling them a radical insurgency, and expresses doubt about American democracy surviving in any form. Chomsky also discusses the role of artificial intelligence in creating disinformation and the need for taking action to improve the financial crisis, improve American healthcare, and reduce the use of fossil fuels.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.