Daily Drop (583): China Sus. in Major Hack, China's IO Deception, Lessons Unlearned from, Ukraine, BRICS Expansion, Contests with Malicious Intent, RU: Spoofing WP & Fox News, Rust Libraries Targeted
08-29-23
Tuesday, Aug 29, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Chinese State-Backed Hackers Suspected in Major Japanese Cybersecurity Breach
Analyst Comments: The breach at NISC is a stark reminder of the escalating cyber threats nations face, especially from state-backed actors. Given Japan's strategic importance and its deepening military ties with the West, the security of its cyber infrastructure is crucial. The suspected involvement of Chinese hackers, if confirmed, could strain diplomatic relations between Japan and China. Japan's acknowledgment of its vulnerabilities and the comparison of its cyber defense capabilities with those of the US and China highlight the urgent need for Japan to bolster its cyber defenses. The incident also underscores the importance of international cooperation in countering state-sponsored cyber threats.
FROM THE MEDIA: Japan's National Center of Incident Readiness and Strategy for Cybersecurity (NISC) suffered a significant cyber breach, with hackers potentially accessing sensitive data for up to nine months. Sources believe Chinese state-backed hackers are behind the infiltration. This breach comes at a time when Japan is deepening its military ties with the US and other allies, raising concerns about its ability to securely handle sensitive data. Previous cyber incidents in Japan, including an attack on the port of Nagoya, have been attributed to Chinese tests of Japan's defenses. NISC has acknowledged the breach, stating that personal data linked to email exchanges might have been compromised.
READ THE STORY: FT // The Record
China's Massive Digital Deception
Analyst Comments: The revelation of this operation underscores the lengths to which nation-states, particularly China, are willing to go to exert influence and control narratives on global platforms. The fact that these efforts were of low quality and often missed their mark suggests a potential lack of sophistication or perhaps a rushed effort to meet quotas. However, the sheer scale of the operation indicates significant resources and intent. This event will likely strain diplomatic relations further and emphasizes the need for social media platforms to continually enhance their detection and mitigation strategies against state-sponsored influence operations.
FROM THE MEDIA: Meta, the company behind Facebook, has removed thousands of fake accounts linked to what is described as "the largest known cross-platform covert influence operation in the world." Researchers believe this operation is connected to individuals associated with Chinese law enforcement. Despite its vast scale, the campaign's efforts to shape public opinion were of low quality and often missed their intended audiences in countries like Taiwan, the US, Australia, the UK, and Japan. The operation, named Spamouflage, was first exposed in 2019 by Graphika, a social media analytics company. The U.S. Department of Justice had previously charged 34 officers in China's national police for creating fake online personas to harass critics of the Chinese Communist Party and spread Beijing's propaganda.
READ THE STORY: The Record
West's Cybersecurity Shortcomings
Analyst Comments: The West's inability to quickly adapt and learn from Ukraine's cyber defense strategies is concerning. Ukraine's collaborative approach, which has been effective against Russian cyber threats, contrasts with the West's more fragmented and bureaucratic response. The reluctance of companies to disclose breaches, the classification of certain details, and overlapping authority among agencies are some of the challenges faced by the West. The potential for tit-for-tat cyber-attacks has deterred more significant breaches, but a more unified and transparent approach is needed to address the evolving cyber threats effectively.
FROM THE MEDIA: At the Black Hat conference in Las Vegas, Viktor Zhora, a key figure in Ukraine's defense against Russian cyber-attacks, highlighted Ukraine's evolution in cyber warfare since Russia's annexation of Crimea in 2014. While the US and its allies have funded Ukraine's cyber defenses, they have not adequately internalized the lessons from Kyiv's experiences. Cybersecurity professionals argue that the West struggles to emulate the collaborative methods that have been effective in Ukraine, with regulatory and legal barriers hindering rapid responses. The US and its allies are engaged in low-level cyber activities against adversaries like Russia and China. However, when breaches occur, there's a slow sharing of critical information, which could help prevent similar attacks elsewhere.
READ THE STORY: FT
Microsoft Warns of Advanced Phishing Techniques: AiTM Attacks on the Rise
Analyst Comments: The evolution of phishing techniques, especially with the integration of AiTM capabilities in PhaaS platforms, poses a significant threat to online security. AiTM attacks are particularly concerning because they can bypass traditional MFA protections, which many users rely on for added security. Microsoft's warning highlights the need for continuous advancements in cybersecurity measures and the importance of user education on emerging threats. The mention of services like PerSwaysion incorporating AiTM capabilities indicates that cybercriminals are continuously refining their methods to exploit vulnerabilities in even the most secure systems.
FROM THE MEDIA: Microsoft has raised an alarm over the growing trend of adversary-in-the-middle (AiTM) phishing methods, which are now being offered as part of the phishing-as-a-service (PhaaS) cybercrime model. The tech company has observed an increase in AiTM-capable PhaaS platforms, with existing services like PerSwaysion integrating AiTM features. These advancements allow attackers to launch large-scale phishing campaigns designed to bypass multi-factor authentication (MFA) protections.
READ THE STORY: THN
BRICS Expansion and the New Era of Multipolar World
Analyst Comments: The expansion of BRICS signifies a strategic shift towards a more multipolar world order, challenging the dominance of Western institutions. The inclusion of diverse nations from Africa, Latin America, and the Middle East indicates a broadening of the bloc's geopolitical and economic horizons. South Africa's role becomes pivotal as a bridge between BRICS and the African continent. However, the simultaneous occurrence of Russia's presidential election could influence the dynamics and priorities of the bloc, especially with Putin's likely continuation in power. The evolution of BRICS will be crucial in determining the balance of global economic and political power in the coming years.
FROM THE MEDIA: Russia is poised to lead BRICS (Brazil, Russia, India, China, and South Africa) from January 1, 2024, marking a significant phase with the induction of six new members: Egypt, Ethiopia, Argentina, Iran, Saudi Arabia, and the United Arab Emirates. This move is designed to amplify the bloc's global clout and fortify trade relations with influential emerging economies. BRICS has also pledged to bolster Africa's industrial and infrastructural growth. South Africa, amidst its economic recovery efforts, stands to gain from this expansion. This growth of BRICS, the first in 13 years, positions it as a counterbalance to Western-centric institutions. Meanwhile, 2024 will also witness Russia's presidential elections, with Vladimir Putin anticipated to retain his position.
READ THE STORY: ModernDiplomacy
UK Air Traffic Disruption: Technical Glitch Grounds Flights
Analyst Comments: The disruption to the UK's air traffic system underscores the vulnerabilities inherent in complex technical systems that are crucial for national infrastructure. While the issue was resolved within a few hours, the impact on flight schedules and the ripple effect on passengers and airlines can be significant. It's essential for organizations like NATS to have robust backup systems and rapid response protocols in place to address such technical glitches. The comparison to the US FAA's incident also highlights the global nature of such challenges and the need for international collaboration and best practices sharing in addressing them.
FROM THE MEDIA: The UK's National Air Traffic Service (NATS) faced a "technical issue" that disrupted flights across the country on a bank holiday Monday. The problem, which began at 1210 UK time, led to the application of traffic flow restrictions to ensure safety. Two hours into the disruption, NATS identified the issue as being related to its flight plan processing system, forcing officials to manually input each flight plan. This manual process reduced the volume of flight plans they could handle, leading to further delays. By 1515, NATS announced that the technical problem had been identified and remedied, with operations slowly returning to normal. Several UK airlines confirmed the disruption, with Loganair suggesting that the problem was due to "a network-wide failure of UK air traffic control computer systems." The incident is reminiscent of a similar outage faced by the US Federal Aviation Administration in January, which was caused by the accidental deletion of essential files.
READ THE STORY: The Register
Cybercrime's Lucrative Literary Arena
Analyst Comments: The emergence of such contests on cybercrime forums underscores the evolving nature of the cybercrime ecosystem. It's not just about hacking anymore; there's a community aspect, where knowledge sharing, recognition, and financial incentives play a significant role. The substantial prize money indicates the profitability of cybercrime and the value placed on innovative techniques. The fact that these contests have been compared to legitimate cybersecurity events like Black Hat and Defcon is concerning. It suggests that the line between legitimate cybersecurity research and malicious intent is blurring, with cybercriminals adopting best practices from the legitimate side. This trend could make future cyber threats more sophisticated and harder to counter.
FROM THE MEDIA: Russian-language cybercrime forums are hosting writing contests, offering substantial prize money, sometimes up to $80,000, for the best articles on cybercrime techniques and strategies. These contests have been a peculiar feature of these forums for over a decade. The competitions are not just about the money; they also offer a platform for cybercriminals to showcase their skills, share knowledge, and gain recognition within the community. While some entries are innovative, others recycle existing information. The contests have rules to ensure originality and quality, but instances of cheating and vote rigging have been reported. These contests reflect the increasing sophistication of the cybercrime community and its parallels with legitimate cybersecurity research events.
READ THE STORY: Wired
Russian Disinformation Targets US Media
Analyst Comments: The Doppelganger operation signifies a new level of sophistication in disinformation campaigns. By impersonating reputable news outlets, the campaign aims to exploit the trust that readers place in these institutions. The focus on Western media outlets indicates a strategic attempt to influence public opinion in countries that support Ukraine. The persistence of this operation, despite disruptions and sanctions, underscores the challenges in combating state-sponsored disinformation. The fact that this campaign has expanded its target from European countries to the US suggests that its orchestrators are undeterred by previous exposures and are continuously adapting their strategies.
FROM THE MEDIA: A Russian disinformation campaign has been impersonating major US media outlets, The Washington Post and Fox News, to spread fake stories aimed at undermining Western support for Ukraine. This information comes from a recent threat report by Meta. The campaign, named Doppelganger, is orchestrated by two Russian companies, Structura National Technology and Social Design Agency. Both companies were previously sanctioned by the European Union. Their operation has been described as the most aggressive Russian covert influence operation since 2017. The fake stories often criticize Ukraine’s President, Volodymyr Zelensky, or the US policy on Ukraine. Meta has been actively disrupting this campaign, but the operation continues to adapt and persist.
READ THE STORY: The Record
Malicious Rust Libraries Target Developers
Analyst Comments: The discovery of malicious packages on the Rust programming language's crate registry is a concerning development in the realm of software supply chain attacks. Developers, with their access to sensitive infrastructure and intellectual property, are becoming lucrative targets for cybercriminals. The modus operandi of using legitimate-looking libraries to capture and transmit data is not new but is becoming increasingly sophisticated. The use of Telegram as a medium to exfiltrate data is a clever tactic, leveraging a platform that is widely used and less likely to raise immediate suspicions.
FROM THE MEDIA: Developers using the Rust programming language's crate registry are being warned of malicious packages that have been discovered on the platform. These libraries, uploaded between August 14 and 16, 2023, by a user named "amaperf," were found to capture the operating system information and send this data to a Telegram channel. While the exact purpose of this campaign remains unclear, it is believed that the threat actor might be aiming to compromise many developer machines to deliver rogue updates with enhanced data exfiltration capabilities. This incident underscores the increasing trend of software supply chain attacks targeting developers.
READ THE STORY: THN
Microsoft Entra ID Vulnerability: Cybercriminals Could Exploit for Elevated Privilege
Analyst Comments: The discovery of this vulnerability in Microsoft Entra ID highlights the intricate methods cybercriminals can employ to exploit even seemingly minor oversights in system configurations. The use of an abandoned reply URL, in this case, could have had significant implications, allowing unauthorized individuals to gain elevated system privileges. The rapid response from Microsoft, patching the vulnerability a day after its disclosure, underscores the importance of timely and responsible vulnerability reporting. It also emphasizes the need for organizations to regularly audit and review their system configurations to identify and rectify potential weak points.
FROM THE MEDIA: Cybersecurity researchers have identified a vulnerability in Microsoft Entra ID (previously known as Azure Active Directory) that could allow cybercriminals to escalate privileges. The vulnerability stems from an abandoned reply URL. Attackers could exploit this URL to redirect authorization codes to themselves, subsequently exchanging these codes for access tokens. With these tokens, they could then access the Power Platform API via a middle-tier service, obtaining elevated privileges in the process. Microsoft has since addressed the issue after its disclosure on April 5, 2023. SecureWorks has also released an open-source tool to help organizations scan for similar abandoned reply URLs.
READ THE STORY: THN
US and China Discuss Chip Bans, No Resolution in Sight
Analyst Comments: The dialogue between the US and China signals a potential thaw in trade relations, but the absence of tangible outcomes underscores the complexities and sensitivities involved. The US's decision to delist 27 Chinese companies might be perceived as a conciliatory move, but it's unclear if this will lead to reciprocal actions from China or pave the way for more substantive negotiations in the future.
FROM THE MEDIA: The US Commerce Department has announced an agreement with Chinese authorities to facilitate the exchange of export control enforcement information. This agreement signifies that both nations will discuss tech export bans without making any immediate changes. The discussions included China's restrictions on US chipmakers, Intel and Micron. The goal of the export info exchange is to reduce policy misunderstandings. While specific chiptech concerns were addressed, no concrete outcomes were reached. The US Commerce Department emphasized that their export controls are focused on technologies with clear national security or human rights impacts and are not aimed at containing China's economic growth. Before these discussions, the US Commerce Department removed 27 Chinese companies from a list that restricted them from accessing US technology.
READ THE STORY: The Register
Items of interest
SEC Scrutinizes NFTs: Regulatory Tensions Rise
Analyst Comments: The SEC's move to classify certain NFTs as securities indicates a tightening regulatory grip on the rapidly evolving digital asset space. The dissenting opinion from within the SEC suggests that the regulatory landscape for NFTs remains uncertain and contentious. As the digital asset market continues to grow, clear regulatory guidelines will be crucial for both issuers and investors. The Impact Theory case serves as a precedent, signaling to other NFT issuers the potential legal implications of their actions.
FROM THE MEDIA: The U.S. Securities and Exchange Commission (SEC) has taken its first enforcement action regarding non-fungible tokens (NFTs), suggesting that they could be viewed as conventional securities in certain situations. This implies that issuers would need to adhere to securities regulations, including registering NFTs. The SEC's recent action involves a settlement with Impact Theory, a media and entertainment company, which allegedly raised around $30 million through unregistered NFT sales. While the SEC views these NFTs as securities, two of its commissioners have expressed dissent, arguing against this classification.
READ THE STORY: The Register
Episode 13: Bob Bragg (Video)
FROM THE MEDIA: “In the ever-evolving world of intelligence, the ability to gather, analyze, and disseminate open-source information has become invaluable. Today, we're privileged to have a true master of this domain. A former service member not only has he been at the forefront of the military intelligence landscape, but he's also a recognized leader and expert in open-source intelligence collection. “
Episode 10: Sidney Jacques (Video)
FROM THE MEDIA: Sidney Jacques, an exceptional Army officer, visionary, Ranger, mentor, and trailblazer, is a remarkable individual whose influence transcends boundaries. With an unwavering determination and a tenacious spirit, Sidney has carved a path of inspiration and empowerment for all who encounter her story. Regardless of background or circumstance, Sidney's transformative perspective offers invaluable lessons for those navigating life's challenges. Through her unparalleled grit and resilience, she has emerged as a mentor figure capable of igniting the fire within others. Prepare to embark on a journey of learning and growth as you delve into the extraordinary life of Sidney Jacques, a true beacon of wisdom and motivation.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.