Daily Drop (600): China: Base 37, Lab-Grown Meat, AMBERSQUID, China: Spy Balloon's, UNC3944, USDoD: Airbus Hackers, Britcoin, Retool: Pwnd, U.S. Economic: China, South China Sea: Mineral's
09-18-23
Monday, Sep 18, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Base 37: A New Frontier in China's Space Situational Awareness and Geopolitical Strategy
Analyst Comments: China's establishment of Base 37, as highlighted in the article, marks a significant step in its quest to enhance space situational awareness. Managed under the aegis of the People's Liberation Army's Strategic Support Force (PLASSF), this new military base is poised to play a pivotal role in tracking foreign space objects, improving threat identification, and safeguarding China's space assets. The article adeptly underscores the multifaceted objectives of Base 37, from its core surveillance functions to the development of an internal collision early warning system. Furthermore, the potential for China to cooperate with the U.S. in outer space safety, coupled with its ongoing collaboration with Russia in tracking space debris, paints a picture of China's dual approach: strengthening its space capabilities while fostering international partnerships.
FROM THE MEDIA: China is creating a new military base, Base 37, under the supervision of the People's Liberation Army's (PLA) Strategic Support Force (PLASSF) to bolster its space situational awareness. The PLASSF, formed in 2015, focuses on electronic warfare, cyber capabilities, and the management of China's space assets, including satellites. Base 37 will be responsible for tracking, analyzing, and identifying foreign space objects, enhancing China's space object catalog's accuracy. This initiative will help detect potential threats to PLA satellites, track space objects, and warn of approaching ballistic missiles. Additionally, it aims to build an internal collision early warning system. While the base could potentially facilitate cooperation with the United States in outer space safety, it might also signal China's intention to share its space catalog with the world, similar to Russia's 2016 initiative. China and Russia have collaborated on tracking space debris since 2018, indicating a potential strengthening of their partnership.
READ THE STORY: IE
Upside Foods: The Reality Behind the Lab-Grown Meat Hype
Analyst Comments: Despite the company's claims of being on the verge of a breakthrough in producing whole cuts of chicken at large volumes, the reality seems to be far from it. The company's approach, as described by insiders, is reminiscent of the Theranos scandal, where grand promises were made without the technology to back them up. Upside Foods' recent shift towards producing ground-chicken products, as opposed to whole-cut fillets, further raises questions about the company's earlier claims and its actual capabilities. The revelations about Upside Foods' production methods not only cast doubt on the company's transparency but also raise broader questions about the lab-grown meat industry's progress. With billions invested in the sector, the challenges faced by Upside Foods highlight the complexities of bringing cultivated meat to the mass market. The company's struggles underscore the need for a balance between innovation, transparency, and realistic expectations in the rapidly evolving world of lab-grown meat.
FROM THE MEDIA: Upside Foods, a prominent player in the lab-grown meat industry, has been under scrutiny for its claims regarding the production of cultivated meat. The company has garnered attention for its cultivated chicken fillets, suggesting a futuristic and scalable production process. However, insiders reveal a different narrative. While Upside Foods has showcased large bioreactors as the primary means of producing their chicken, sources indicate that the actual production heavily relies on a manual and labor-intensive process using small plastic flasks known as roller bottles. This method is not only inefficient but also expensive, making the mass production of whole cuts of meat a significant challenge.
READ THE STORY: Wired
UNC3944: From Data Theft to Ransomware Deployment
Analyst Comments: UNC3944's transition from data theft to ransomware deployment underscores the adaptability and evolving strategies of cyber threat actors. Their ability to impersonate employees and manipulate service desks to reset MFA codes is particularly concerning, highlighting the need for organizations to bolster their internal security protocols. The group's expansion into various sectors indicates their ambition and the growing threat they pose. Their association with the BlackCat ransomware group further amplifies their threat potential. Organizations must remain vigilant, continuously update their security measures, and educate employees about such evolving threats to mitigate risks.
FROM THE MEDIA: The threat actor UNC3944, known for its financial motivations, has shifted its focus towards ransomware deployment as a new means of monetization, as disclosed by Mandiant. UNC3944, also referred to as 0ktapus, Scatter Swine, and Scattered Spider, has been active since early 2022. Initially, the group employed phone-based social engineering and SMS-based phishing to acquire valid employee credentials, mirroring tactics used by another group, LAPSUS$. While their initial targets were telecom and business process outsourcing (BPO) companies, they have now broadened their scope to include sectors like hospitality, retail, media and entertainment, and financial services. A distinctive trait of UNC3944 is their method of using a victim's credentials to impersonate the employee and call the organization's service desk, aiming to obtain multi-factor authentication (MFA) codes or password resets. Recently, the group has been identified as an affiliate for the BlackCat ransomware group, using this association to breach MGM Resorts and distribute ransomware.
READ THE STORY: THN
China Suspends Spy Balloon Program: A Diplomatic Move
Analyst Comments: The suspension of China's spy balloon program appears to be a strategic move to ease tensions with the US. Given the timing, after the interception of a balloon in US airspace and ahead of a significant diplomatic summit, it's evident that China is keen on stabilizing its relationship with the US. The incident, while seemingly minor, had considerable diplomatic implications, highlighting the delicate nature of US-China relations. While China's official stance downplays the military or espionage nature of the balloon, the US's enhanced radar systems indicate a level of concern and preparedness for similar future occurrences. The upcoming summit in San Francisco will likely be a crucial determinant in the trajectory of this issue and the broader US-China relationship.
FROM THE MEDIA: In a recent development, China has officially suspended its spy balloon program, particularly over US airspace. This decision, as reported by US intelligence assessments, is seen as an attempt to mend US-China diplomatic ties. The move comes after an incident in February 2023, where a Chinese spy balloon was intercepted and neutralized in US airspace. Liu Pengyu, a spokesperson from the Chinese embassy, clarified that the balloon was an unmanned civilian airship used for research purposes and its entry into US airspace was unintentional. The US intelligence community, however, believes that the Chinese Communist Party (CCP) leaders had reprimanded the operators of the surveillance program over this incident. The incident had significant diplomatic repercussions, causing a delay in Secretary of State Antony Blinken's planned trip to Beijing. The spy balloon, believed to be part of a larger surveillance initiative by the Chinese military, had its origins in China's Hainan province and was detected over sensitive US sites. Christopher Johnson, a former CIA senior China analyst, suggests that the suspension might be China's strategy to stabilize its relations with the US, especially in light of an upcoming summit in San Francisco in November 2023.
READ THE STORY: IE
AMBERSQUID: A New Cryptojacking Threat on AWS
Analyst Comments: The discovery of AMBERSQUID underscores the evolving nature of cyber threats in the cloud environment. By targeting lesser-known AWS services, attackers are exploiting security blind spots, leading to significant financial implications for victims. The chaining of uncommon services in this attack is a fresh approach, indicating that cybercriminals are continuously adapting and seeking new avenues to exploit. While AWS was the platform of choice in this instance, the modus operandi suggests that other CSPs could be vulnerable to similar attacks. Organizations need to adopt a holistic approach to cloud security, ensuring that all services, not just the popular ones, are adequately protected.
FROM THE MEDIA: As the popularity of cloud-native computing rises, so does the threat from cybercriminals. Researchers from the Sysdig Threat Research Team have identified a new cryptojacking operation named "AMBERSQUID" that targets AWS services. Unlike conventional attacks that focus on EC2 instances, AMBERSQUID targets often-neglected services like AWS Amplify, AWS Fargate, and AWS Sagemaker. These services, due to their uncommon nature, are frequently overlooked from a security standpoint, making them prime targets. The operation can cost victims upwards of $10,000 daily. The malicious operation was detected after analyzing over 1.7 million Linux images. The initial container that led to the discovery was located on Docker Hub. The attack involves a series of scripts designed to activate services like Amplify, CodeBuild, Sagemaker, and ECS to exploit their compute resources for cryptomining. The researchers believe that the attackers might be Indonesian, based on the language used in scripts and usernames. The report emphasizes the need for broad threat detection and enhanced logging, cautioning that other Cloud Service Providers (CSPs) could be future targets.
READ THE STORY: The Register
Hacker "USDoD" Aims to Trade in Military Intelligence
Analyst Comments: The revelations by USDoD highlight the evolving and complex landscape of cyber threats. While the hacker denies political motivations, his target list, predominantly comprising defense and law enforcement agencies, suggests a strategic intent. The claim of operating under the protection of a high-ranking official in Spain, if true, underscores the potential nexus between cybercriminals and state actors. Organizations, especially those in the defense sector, need to be vigilant and enhance their cybersecurity measures. The intent to sell military intelligence on the dark web further emphasizes the need for robust intelligence sharing and collaboration among nations to counter such threats.
FROM THE MEDIA: The hacker known as "USDoD", responsible for the recent attacks on the FBI and Airbus, has disclosed that his intentions are not politically motivated. However, he has expressed a desire to steal and subsequently sell US and European military intelligence. In a detailed interview with databreaches.net, USDoD shared personal details, including his South American origin, dual citizenship in Portugal and Brazil, and current residence in Spain. He claims to operate freely in Spain due to protection from a high-ranking official. The hacker, previously known as "NetSec" on the defunct cybercrime forum RaidForums, has denied any pro-Russian affiliations or political motivations behind his attacks. He also revealed a list of future targets, including Deloitte, NATO, CEPOL, Europol, and Interpol. USDoD's ultimate aim is to establish a private company that sells military intelligence on the dark web, focusing primarily on US and European classified data.
READ THE STORY: CyberNews // IBtimes
The group's escalating cyber thefts coincide with North Korea's efforts to fund its weapons programs.
Analyst Comments: The Lazarus Group's intensified hacking activities signal North Korea's increasing reliance on cyber theft as a means to bypass international sanctions and fund its weapons programs. The country's strategy of deploying freelance IT workers abroad with falsified identification further underscores its commitment to these cyber operations. The international community should be on high alert, given the scale and sophistication of these attacks, and the potential geopolitical implications they carry.
FROM THE MEDIA: The Lazarus Group, affiliated with North Korea, is suspected of stealing approximately $240 million in cryptocurrency since June 2023. This marks a significant increase in the group's hacking activities. Reports from Certik, Elliptic, and ZachXBT suggest that the group might be behind the recent theft of $31 million in digital assets from the CoinEx exchange on September 12, 2023. This heist is part of a series of attacks targeting various platforms, including Atomic Wallet, CoinsPaid, Alphapo, and Stake.com. Elliptic's analysis indicates that the Lazarus Group is transitioning its focus from decentralized services to centralized ones, possibly due to advancements in smart contract auditing and the opportunities presented by centralized exchanges through social engineering attacks. This surge in cyber theft coincides with North Korea's efforts to bypass sanctions and fund its weapons programs. The country has also been deploying freelance IT workers abroad with fake identification to obscure their nationality. The Lazarus Group, along with other North Korean hacking entities, has been involved in various malicious operations, including software supply chain attacks and targeting open-source repositories.
READ THE STORY: THN
"Britcoin" Privacy Concerns Addressed by Bank of England
Analyst Comments: The debate surrounding the Digital Pound highlights the challenges central banks face in introducing digital currencies. While the potential benefits of a centralized digital currency are numerous, including cost savings and increased efficiency, the concerns about privacy and state oversight are genuine. The Bank of England's approach, as outlined by Breeden, suggests a cautious and measured path forward, emphasizing the importance of public trust and legislative oversight. As digital currencies become more prevalent, it will be crucial for central banks and governments to strike a balance between innovation and the protection of individual rights.
FROM THE MEDIA: The Bank of England's incoming deputy governor of Financial Stability, Sarah Breeden, recently addressed concerns surrounding the privacy of the proposed Digital Pound, colloquially termed "Britcoin". During her testimony to the UK's Treasury, Breeden emphasized the importance of managing privacy challenges and ensuring that the state's role is clearly defined. The discussion was prompted by concerns that the Digital Pound could potentially mirror China's programmable digital currency system, which allows the government significant oversight into individual spending habits. Breeden assured that while the technical design is still in its early stages, privacy concerns are recognized as genuine and will be addressed. The Bank and Treasury aim to summarize the consultation's response by the end of the year. Breeden also touched on the broader implications of introducing a digital pound, suggesting it would serve as an anchor for all digital money, much like banknotes do for physical currency.
READ THE STORY: The Register
27 Cloud Clients Compromised Due to Google's Cloud Sync Feature
Analyst Comments: The Retool incident underscores the vulnerabilities associated with cloud synchronization features and the evolving sophistication of phishing attacks, especially those utilizing deepfake technology. It emphasizes the need for companies to be vigilant about security updates and the potential pitfalls of relying solely on cloud-based authentication methods. Organizations should consider reinforcing their multi-factor authentication systems and invest in continuous employee training to recognize and counteract phishing attempts. The resemblance of the attack to the tactics of known threat actor, Scattered Spider, also suggests a need for businesses to stay updated on the modus operandi of prominent cyber threat groups.
FROM THE MEDIA: Software development company, Retool, has disclosed a breach affecting 27 of its cloud clients, resulting from a targeted SMS-based social engineering attack. The severity of the breach was exacerbated by a Google Account cloud synchronization feature introduced in April 2023. This feature inadvertently converted what was initially a multi-factor authentication into a single-factor one. The attack, which took place on August 27, 2023, began with a phishing SMS targeting Retool employees. One employee was deceived, leading to a chain of events where attackers gained elevated access to Retool's internal systems, compromising accounts of 27 crypto industry customers. The breach resulted in a loss of approximately $15 million in cryptocurrency for one of the affected users, Fortress Trust.
READ THE STORY: THN
The U.S. Economic Offensive Against China
Analyst Comments: The U.S.'s aggressive economic policies towards China reflect a broader strategy of containment and competition. While the intention might be to protect U.S. economic interests and maintain its global hegemony, such strategies can have unintended consequences. By cornering China economically, the U.S. might be pushing it towards alternative alliances, self-reliance, or even desperate measures. The historical parallel with Japan's actions in 1941 serves as a cautionary tale. Economic strangulation can indeed be a precursor to conflict. For global stability, it's crucial to consider the broader implications of such policies and seek collaborative solutions that ensure mutual growth and security.
FROM THE MEDIA: China's economic growth has been under scrutiny, with many commentators suggesting that the nation isn't contributing adequately to global economic growth. This criticism often comes from countries, notably the United States, that have actively sought to hinder China's economic progress. The Wall Street Journal recently declared the end of China's 40-year economic boom, pointing to signs of economic distress. The Trump administration initiated an economic war against China, imposing tariffs on Chinese products worth around $360 billion. This was despite evidence suggesting that trade with China had significantly increased the purchasing power of U.S. households. The Biden administration has escalated these measures, threatening to delist Chinese companies from the U.S. stock exchange and restricting outbound investments to China. Such policies, while aiming to protect U.S. interests, might inadvertently push China towards a more self-reliant development model or even a state of desperation, reminiscent of Japan's situation leading up to the attack on Pearl Harbour in 1941.
READ THE STORY: IPD
The South China Sea: A Nexus of Geopolitical Tensions and Environmental Concerns
Analyst Comments: The South China Sea's significance is multi-dimensional, encompassing geopolitical, economic, and environmental aspects. The region's abundant natural resources, both fossil fuels and "green" minerals, make it a hotspot for international competition. While the transition from fossil fuels to renewable energy is crucial for combating climate change, the methods employed to achieve this transition, such as deep-sea mining, can have detrimental environmental impacts. The geopolitical tussle between major powers, especially China and the US, further complicates matters. Their military posturing and strategic moves, ostensibly to secure energy resources, can escalate tensions and potentially lead to conflict. It's essential to strike a balance between harnessing the South China Sea's resources and preserving its fragile ecosystem. International cooperation and adherence to environmental standards will be pivotal in ensuring that the pursuit of "green" minerals doesn't lead to an environmental disaster.
FROM THE MEDIA: The South China Sea, spanning 1.3 million square miles, has become a focal point of geopolitical tensions between major powers, particularly China and the United States. While the potential for military conflict remains, the region has already witnessed significant ecological degradation. Over-harvesting has led to a drastic decline in fish populations, and coral reefs are under threat from both climate change and militarization efforts. The region is rich in oil and gas, with the US government estimating reserves of 11 billion barrels of oil and 190 trillion cubic feet of natural gas. This has intensified territorial disputes, with multiple countries pursuing oil and gas projects in these contested waters. The US accuses China of militarizing the region and violating international law, while the US itself has been increasing its military presence, notably through the Australia-United Kingdom-United States (AUKUS) security pact. However, beyond fossil fuels, the South China Sea is gaining attention for its potential reserves of "green" minerals like cobalt, copper, and lithium, essential for renewable energy technologies. China, already a dominant player in the global supply of these minerals, is keen on exploring the seabed's vast resources. Deep-sea mining, while promising in terms of resources, poses significant environmental risks, threatening marine biodiversity and delicate habitats.
READ THE STORY: Fair Observer
Items of interest
Imperial College London's ICE-Cube Thruster offers a green propulsion system for the burgeoning small satellite market
Analyst Comments: The ICE-Cube Thruster is a significant advancement tailored for the rapidly expanding small satellite market, especially nanosats weighing under 10 kg. The thruster addresses the challenges of integrating conventional propulsion systems into these small satellites by offering a compact, low-power, and eco-friendly solution. The use of water as a propellant not only ensures non-toxicity and ease of storage but also capitalizes on hydrogen and oxygen's efficiency as chemical propellants. The thruster's manufacturing process, which employs a micro-electrical mechanical systems (MEMS) approach, allows for precision, scalability, and cost-effectiveness. With the small satellite market predicted to grow exponentially, the ICE-Cube Thruster, along with its higher thrust variant, the ICE-200 Thruster, showcases the potential of water as a sustainable and efficient propellant for future space missions.
FROM THE MEDIA: Researchers from Imperial College London have unveiled a groundbreaking rocket engine, the Iridium Catalyzed Electrolysis CubeSat Thruster (ICE-Cube Thruster), which operates on water. This innovative propulsion system is based on the principle of electrolysis, where water is split into hydrogen and oxygen using an electric current. The core of the ICE-Cube Thruster is an electrolyzer that functions on a mere 20-watt current. The resulting hydrogen and oxygen gases are then channeled into a combustion chamber, producing thrust without the need for large storage tanks typically required for gaseous propellants.
READ THE STORY: IE
Can you use water as rocket fuel (Video)
FROM THE MEDIA: The thruster's manufacturing process, which employs a micro-electrical mechanical systems (MEMS) approach, allows for precision, scalability, and cost-effectiveness. With the small satellite market predicted to grow exponentially, the ICE-Cube Thruster, along with its higher thrust variant, the ICE-200 Thruster, showcases the potential of water as a sustainable and efficient propellant for future space missions.
The Next Generation of Ionic Plasma Thrusters (BSI MARK 2) (Video)
FROM THE MEDIA: After considerable redesign, the BSI Mark II is the most potent ionic thruster of modular design yet. It improves upon my first Ionic thruster in every category imaginable and is structurally very solid. The future of flight is, is ionic. This video details the struggles and successes I had as I designed an ionic thruster worthy of the BSI title. Here’s the first version of the thruster.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.