Daily Drop (609): Taiwan: Submarine, Yaogan-33 04, Chinese Hackers: Cisco Routers, GPU Vulnerability, OpenAI's ChatGPT: Web Access, Chrome Zero-Day, Military-Specific Starlink, China: Disinformation
09-28-23
Thursday, Sep 28, 2023 // (IG): BB // Financial Enabler PODCAST // Coffee for Bob
Yaogan-33 04: China Remote Sensing Satellite
Bottom Line Up Front (BLUF): China has successfully launched its new remote sensing satellite, Yaogan-33 04, marking a significant advancement in its space capabilities and the 489th mission of its Long March carrier rocket series.
Analyst Comments: China's successful launch of the Yaogan-33 04 satellite underscores its growing prowess in space technology and its commitment to expanding its capabilities in remote sensing and scientific research. The consistent use of the Long March carrier rocket series, with this being its 489th flight mission, highlights China's reliance on its homegrown technology. This development could enhance China's position in global space endeavors and might prompt other nations to bolster their own space programs in response.
FROM THE MEDIA: On September 27, 2023, China launched the Yaogan-33 04 satellite from the Jiuquan Satellite Launch Center in northwestern China. The satellite was carried into its intended orbit aboard a Long March rocket. As per Chinese space authorities, the satellite will be utilized for a range of purposes including scientific experiments, land resource surveys, crop yield estimates, and disaster prevention and relief efforts.
READ THE STORY: The Tribune
Taiwan Boosts Defense with Indigenous Submarine
Bottom Line Up Front (BLUF): Taiwan has unveiled its first domestically built submarine, the "Narwhal," marking a significant step in its defense self-sufficiency efforts. This move comes as the island nation seeks to bolster its military deterrence capabilities in the face of escalating threats from China.
Analyst Comments: The unveiling of the "Narwhal" signifies Taiwan's commitment to strengthening its defense capabilities and reducing its reliance on foreign military hardware. This move is likely a response to China's increasing military activities around Taiwan and its claims over the island. The presence of international representatives at the unveiling suggests global interest and potential support for Taiwan's defense initiatives. However, the development could further strain relations between Taiwan and China, potentially leading to heightened tensions in the region.
FROM THE MEDIA: On September 28, 2023, in Kaohsiung, Taiwan, President Tsai Ing-wen presided over the launch ceremony of the "Narwhal," Taiwan's first-ever domestically constructed submarine. This achievement is a culmination of Tsai's defense policy initiated in 2016. The submarine is expected to play a pivotal role in Taiwan's asymmetric warfare strategies and deter potential Chinese invasions. While the exact specifications of the submarine remain undisclosed, its unveiling drew international attention, with representatives from the U.S., Japan, and South Korea in attendance. Taiwan aims to have three submarines operational by 2025 and plans to build a total of eight indigenous submarines.
READ THE STORY: CNN
Chinese Hackers Target Cisco Routers: A Joint Warning from US and Japan
Bottom Line Up Front (BLUF): US and Japanese cybersecurity agencies have jointly issued a warning about the Chinese 'BlackTech' hacking group's activities. This state-sponsored group is breaching network devices, specifically targeting Cisco routers, to install custom backdoors, granting them access to corporate networks.
Analyst Comments: The BlackTech group's sophisticated approach to hacking, especially their focus on routers, underscores the evolving nature of cyber threats. Their ability to compromise routers and use them as a pivot point to access broader corporate networks is particularly concerning. The group's focus on Cisco routers, a widely used brand, indicates a strategic choice to target vulnerabilities in popular infrastructure. The joint warning from the US and Japan emphasizes the international implications of such cyber threats and the need for collaborative defense efforts. Organizations are advised to be vigilant, update their devices, and monitor for any signs of unauthorized access or firmware modifications.
FROM THE MEDIA: The FBI, NSA, CISA, and Japanese agencies NISC and NPA have released a joint report detailing the activities of the Chinese APT group, BlackTech. Active since at least 2010, BlackTech is known for its cyber espionage attacks on entities in Japan, Taiwan, and Hong Kong. Their primary targets span various sectors, including government, technology, media, and defense. The group employs custom malware, often signed with stolen code-signing certificates, to backdoor network devices. This malware aids in maintaining persistence, gaining initial access to networks, and redirecting traffic to servers controlled by the attackers. The hackers have shown the capability to modify firmware on routers, especially Cisco routers, to hide their activities and maintain a presence in the network. This modification allows them to bypass security measures, especially in older Cisco products. The group's tactics include disabling logging capabilities on routers, making their activities harder to trace.
READ THE STORY: BleepingComputer // The Record
GPU Vulnerability Exposes Sensitive Data: A New Side-Channel Attack
Bottom Line Up Front (BLUF): A newly discovered side-channel attack, named GPU.zip, makes almost all modern graphics processing units (GPUs) susceptible to information leakage, exploiting graphical data compression features present in integrated GPUs.
Analyst Comments: The discovery of GPU.zip underscores the evolving nature of cyber threats and the vulnerabilities inherent in modern technology. The ability to exploit graphical data compression in GPUs to leak information is a significant concern, especially given the widespread use of GPUs in various devices. The vulnerability's potential impact on browsers like Google Chrome, which has a vast user base, further amplifies the threat. It's crucial for GPU vendors and browser developers to address this vulnerability promptly and for users to stay updated on security patches and best practices.
FROM THE MEDIA: Researchers from the University of Texas at Austin, Carnegie Mellon University, University of Washington, and the University of Illinois Urbana-Champaign have unveiled a novel side-channel attack that targets modern GPUs. This attack, termed GPU.zip, leverages the data compression feature in integrated GPUs (iGPUs), which is designed to save memory bandwidth and enhance performance during frame rendering. The compression, which is executed in various undocumented ways specific to vendors, results in data-dependent DRAM traffic and cache occupancy that can be measured through a side-channel. Attackers can exploit this iGPU-based compression channel to execute cross-origin pixel stealing attacks in browsers using SVG filters. This is possible even when SVG filters are implemented at constant time. The reason is, that attackers can create patterns that are highly redundant or non-redundant based on a single secret pixel in the browser. As these patterns undergo processing by the iGPU, their varying redundancy levels cause the lossless compression output to depend on that secret pixel.
READ THE STORY: THN
OpenAI's ChatGPT Returns to the Web: Enhanced Browsing with Bing
Bottom Line Up Front (BLUF): OpenAI has reintroduced internet browsing capabilities to ChatGPT, allowing it to provide users with current information using Microsoft's Bing search engine. This feature, previously paused due to concerns over bypassing paywalls, is now available to paying customers, with plans for broader access soon.
Analyst Comments: OpenAI's decision to reinstate ChatGPT's browsing capabilities indicates the company's commitment to enhancing user experience and staying competitive. The measures taken to address paywall concerns show OpenAI's responsiveness to ethical and operational challenges. The rapid developments and growth in OpenAI's offerings underscore the increasing influence and value of AI chatbots in the tech industry.
FROM THE MEDIA: OpenAI's ChatGPT, a widely-used AI chatbot, has been updated to scan the internet for real-time information. This capability was initially introduced in May but was suspended within two months due to concerns that users might use it to circumvent paywalls on various websites. The issue of AI chatbots bypassing paywalls isn't unique to ChatGPT; Microsoft's Bing Chat and Google's Bard had similar issues, which have since been addressed. OpenAI has implemented new rules to ensure ChatGPT respects websites' robots.txt files and has added user agent identification to allow sites to control the chatbot's interactions. The browsing feature is currently limited to Plus and Enterprise users, but OpenAI plans to expand access to all users soon. This update follows another recent enhancement where ChatGPT was given the ability to listen, view images, and respond with AI-generated voices. These features will be available to free-tier users in two weeks. Amidst these advancements, OpenAI has seen significant growth, with UBS analysts naming ChatGPT the fastest-growing web app ever in February. There are also reports of OpenAI considering selling employee-held shares, potentially raising its valuation to $90 billion.
READ THE STORY: The Register
Google Patches Actively Exploited Chrome Zero-Day Vulnerability
Bottom Line Up Front (BLUF): Google has released a patch for a new actively exploited zero-day vulnerability in the Chrome browser. Identified as CVE-2023-5217, this high-severity flaw is a heap-based buffer overflow in the VP8 compression format in libvpx. Users are urged to update their Chrome browser to the latest version to protect against potential threats.
Analyst Comments: The discovery and active exploitation of this zero-day vulnerability in Chrome highlight the persistent threats facing widely-used software. Google's prompt response in addressing the issue underscores the importance of timely patches in cybersecurity. Users are reminded of the importance of keeping their software updated to protect against potential threats.
FROM THE MEDIA: On September 28, 2023, Google announced fixes for a zero-day vulnerability in the Chrome browser that is currently being exploited. The vulnerability, CVE-2023-5217, is a heap-based buffer overflow in the VP8 compression format in libvpx, a video codec library. Such buffer overflow vulnerabilities can lead to program crashes or arbitrary code execution. Clément Lecigne from Google's Threat Analysis Group discovered this flaw on September 25, 2023. It was noted that a commercial spyware vendor has been exploiting this vulnerability to target high-risk individuals. This is the fifth zero-day vulnerability in Google Chrome patched this year. Google has also addressed another critical flaw in the libwebp image library that was under active exploitation. Users of Chrome and other Chromium-based browsers are advised to update to the latest versions to mitigate these vulnerabilities.
READ THE STORY: THN
Military-Specific Starlink Version to Enhance Defense Satellite Internet Capabilities
Bottom Line Up Front (BLUF): SpaceX has secured its inaugural contract from the Pentagon for the development of Starshield, a military-specific version of its Starlink satellite internet system.
Analyst Comments: The Pentagon's investment in SpaceX's Starshield signifies a strategic move to enhance its satellite internet capabilities, leveraging SpaceX's proven expertise in the domain. With the Pentagon already being a significant buyer of SpaceX's rocket launches, this contract further solidifies their partnership. The specifics of Starshield's capabilities remain largely undisclosed, but its positioning as a dedicated solution for national security suggests it will offer features distinct from the standard Starlink network. This development could potentially set a precedent for other defense agencies globally to explore similar partnerships with private space companies.
FROM THE MEDIA: The Pentagon has officially awarded a contract to Elon Musk's SpaceX for the Starshield network, marking its first confirmed commitment to the project. This military-centric adaptation of SpaceX's Starlink satellite internet system is set to bolster the defense agency's capabilities. On September 1, SpaceX was granted a one-year contract for Starshield, with a ceiling value of $70 million. This award was part of a broader initiative that included 18 other companies, orchestrated by the Space Force's commercial satellite communications division. The contract encompasses comprehensive Starshield services via the Starlink constellation, user terminals, related equipment, network management, and other associated services. While SpaceX unveiled Starshield last year, the Pentagon has been a consistent high-value purchaser of SpaceX's rocket launches and has demonstrated growing interest in the Starlink satellite internet.
READ THE STORY: CNBC
China Identifies Fake News and Network Security as Top Digital Threats
Bottom Line Up Front (BLUF): KNP Logistics, a major UK logistics group, has declared insolvency, attributing its financial downfall to a ransomware attack that occurred in June. This incident has resulted in the redundancy of approximately 730 employees, emphasizing the severe business implications of ransomware attacks.
Analyst Comments: China's focus on digital risks underscores the nation's recognition of the internet's pivotal role in modern society and the associated security implications. The emphasis on fake news as a significant threat indicates China's concerns over information control and the potential for destabilization. The mention of international competition and the control of core technologies by foreign entities reflects China's ambition to achieve self-reliance in critical tech sectors. As the digital landscape continues to evolve, China's heavy use of misinformation campaigns success may be the reason behind this focus.
FROM THE MEDIA: Minister Chen Yixin highlighted the increasing digital risks China faces. He emphasized that the internet has become a significant source of various risks, where minor incidents can escalate into major public opinion crises. Fake news, in particular, can amplify small events into significant societal disruptions. Chen also pointed out the challenges posed by data leaks and covert dissemination of terrorism-related content. The minister expressed concerns over the intense competition in cyberspace between major global powers. He criticized international initiatives that use "risk removal" as a pretext to create technology circles that exclude Chinese tech, such as the "Clean Network" and "Chip Alliance." Chen believes these actions are driven by a desire to establish technological monopolies rather than genuine security concerns.
READ THE STORY: The Register
China's Technological Ambitions: A Quest for Global Dominance
Bottom Line Up Front (BLUF): China is intensifying its focus on science and technology to bolster its global power, aiming to achieve both hard power and "meta-power." This push is driven by a desire to lead in technological innovation and to set international standards, potentially reshaping the existing global order.
Analyst Comments: China's aggressive push in science and technology signifies its ambition to not only achieve hard power but also "meta-power," the ability to shape international systems, rules, or frameworks. This move could challenge the existing U.S.-led international order based on values like freedom, democracy, and human rights. As China's influence grows, countries supporting the current international order, such as the U.S., Europe, and Japan, must collaborate to counterbalance China's rising hard and meta-power.
FROM THE MEDIA: The global landscape is witnessing a shift in power dynamics due to globalization, leading to a race for technological supremacy. This race is particularly evident between the U.S., the current superpower, and China, an emerging superpower. Since 2017, the U.S. has imposed restrictions on Chinese tech giants like Huawei and ZTE. Despite these challenges, China continues its efforts to digitally transform its economy, acquire overseas technologies, and integrate military-civil strategies. In 2022, Chinese leader Xi Jinping outlined China's long-term development goals through 2035. These goals emphasize economic growth, scientific advancements, and self-reliance in science and technology. China is actively working to overcome technological bottlenecks, inviting foreign investments, and transitioning from imitation to innovation. To achieve these goals, China has restructured its governmental bodies. The Central Science and Technology Commission was created to enforce consistent science and technology policies across government agencies.
READ THE STORY: The Japan Times
H&R Block, Google, and Meta Face Class-Action RICO Lawsuit Over Data Privacy
Bottom Line Up Front (BLUF): A class-action lawsuit has been filed against H&R Block, Google, and Meta, alleging that the companies collaborated to embed "spyware" on H&R Block's website to profit from scraped tax return data. The suit claims that this joint conduct represents a pattern of racketeering on a large scale.
Analyst Comments: The lawsuit against H&R Block, Google, and Meta underscores the growing concerns around data privacy and the commercial use of personal information. If the allegations are proven true, it could have significant implications for the companies involved and potentially set a precedent for future cases related to data privacy and racketeering. The case also highlights the need for clearer regulations and consumer protections in the digital age, especially concerning sensitive financial data.
FROM THE MEDIA: Los Angeles-based trial lawyer, R. Brent Wisner of Wisner Baum, has initiated a lawsuit against H&R Block, Google, and Meta. The lawsuit alleges that H&R Block, in collaboration with Google and Meta, embedded "spyware" on its website, enabling them to profit from the data of tax returns. This class-action suit is being filed under the Racketeer Influenced and Corrupt Organizations Act (RICO), typically used for organized crime cases. The suit claims that the companies did not sufficiently inform consumers that their data was being sold and established a deceptive program to share customer data for financial gain. A congressional report from July revealed that Meta and Google collaborated with H&R Block to place tracking pixels on parts of the tax preparation company's website where customers input sensitive information. These tracking pixels are small files that help websites gather information about visitors. Wisner stated that H&R Block essentially handed over customer tax information to advertisers, likening it to posting sensitive financial details on social media platforms like Facebook.
READ THE STORY: The Record
The Chinese Tech Giant's Deepening Ties with Indonesia's Digital Infrastructure Sparks Debate on Benefits and Risks
Bottom Line Up Front (BLUF): Huawei's deepening involvement in Indonesia's digital infrastructure, particularly through its partnership with the Del Institute of Technology (IT Del), has raised concerns about potential "digital colonization" by China. While the collaboration offers advanced training and research opportunities for Indonesian students and faculty, there are apprehensions about the Chinese tech giant's dominance and potential security risks.
Analyst Comments: Huawei's expanding footprint in Indonesia's digital landscape presents both opportunities and challenges. While the collaboration offers advanced technological training and infrastructure development, it also raises concerns about potential security risks and over-reliance on a single foreign entity. The situation underscores the broader geopolitical tensions surrounding Huawei and China's global ambitions, with countries having to balance the benefits of technological advancement with potential security and sovereignty implications.
FROM THE MEDIA: The Del Institute of Technology, located amidst the scenic hills of Toba, Indonesia, has been collaborating with Huawei since 2013. This partnership provides students and faculty members with access to state-of-the-art training, certification, and research opportunities in areas like cloud computing, artificial intelligence, and cybersecurity. IT Del's deputy president, Humasak Simanjuntak, views this collaboration as mutually beneficial, emphasizing Huawei's support for education in Indonesia. Huawei's engagement in Indonesia is part of China's broader Belt and Road Initiative, aimed at expanding its economic and political influence globally. Indonesia's digital economy is expected to hit US$124 billion by 2025, making it a prime target for such investments. However, Huawei's dominant position has sparked concerns, especially given warnings from the U.S. and other Western nations about the company's alleged involvement in espionage activities, which Huawei denies.
READ THE STORY: RFA
AtlasCross Threat Actor Uses Red Cross-Themed Phishing to Deploy New Backdoors
Bottom Line Up Front (BLUF): A new threat actor named AtlasCross has been discovered using Red Cross-themed phishing campaigns to deploy two previously unknown backdoors, DangerAds and AtlasAgent. The attacks are believed to be targeted and part of a larger effort to penetrate specific domains.
Analyst Comments: The discovery of AtlasCross and its use of Red Cross-themed phishing campaigns highlights the evolving tactics of threat actors. Leveraging trusted entities like the Red Cross in phishing campaigns can increase the likelihood of victims opening malicious documents, emphasizing the need for continuous cybersecurity awareness training. The use of previously undocumented backdoors also underscores the importance of staying updated on the latest threat intelligence to detect and mitigate new threats.
FROM THE MEDIA: AtlasCross, a newly identified threat actor, has been leveraging Red Cross-themed phishing lures to distribute two undocumented backdoors named DangerAds and AtlasAgent. The phishing attacks are described as part of the attacker's strategy to target specific entities and are their primary method for in-domain penetration. The attack begins with a Microsoft document, seemingly about a blood donation drive from the American Red Cross. When this document is opened, a malicious macro runs, setting up persistence and sending system metadata to a remote server. This server is a sub-domain of a legitimate U.S.-based structural and engineering firm's website. The attack also involves extracting a file named KB4495667.pkg (DangerAds), which acts as a loader to launch shellcode. This leads to the deployment of AtlasAgent, a C++ malware with capabilities like gathering system information, operating shellcode, obtaining a reverse shell, and injecting code into specified processes. Both backdoors have features that help them evade detection by security tools.
READ THE STORY: THN
Inside the Kremlin: Gallyamov's Revelations on Putin and Prigozhin
Bottom Line Up Front (BLUF): Abbas Gallyamov, once a speechwriter for Vladimir Putin, provides a unique perspective on Putin's leadership style, the unexpected rise of Yevgeny Prigozhin as a political and military figure, and the evolving political dynamics within Russia.
Analyst Comments: The insights provided by Gallyamov offer a rare glimpse into the inner workings of the Russian political machine. The transformation of figures like Putin and Prigozhin suggests a volatile political landscape in Russia, where personal ambitions and national interests often clash. The potential disbandment of the Wagner Group and the upcoming elections could mark a turning point in Russia's political trajectory. The international community should closely monitor these developments, as they could have broader implications for global geopolitics.
FROM THE MEDIA: Gallyamov, who served as Putin's speechwriter from 2000 to 2010, recalls Putin as a rational leader, focused on finding solutions. This contrasts with Putin's later actions, especially concerning Ukraine. Gallyamov's interactions with Yevgeny Prigozhin, the former leader of the Wagner Group, revealed a businessman who became a significant political figure after the war's commencement. Prigozhin's "March for Freedom" was a pivotal event, suggesting a desire to reform the system rather than overthrow it. Gallyamov, now in Israel and a critic of Putin, anticipates significant political shifts in Russia, especially with the upcoming presidential election. He predicts the Wagner Group's dissolution, with its members integrating into other Russian structures.
READ THE STORY: The Record
Inside the Kremlin: Gallyamov's Revelations on Putin and Prigozhin
Bottom Line Up Front (BLUF): The Raspberry Pi 5, launching in October, promises a significant performance boost over its predecessor but comes with a modest price hike and some design modifications.
Analyst Comments: The Raspberry Pi 5, with its marked improvements, stands as an attractive proposition for both enthusiasts and professionals. However, the design alterations and price elevation might give pause to some prospective purchasers. The device's evolution from a basic enthusiast's gadget to a potent computer is evident, and the market's reaction to these shifts remains to be seen.
FROM THE MEDIA: The Raspberry Pi, once designed primarily for hobbyists and educators, has evolved into a formidable piece of technology over the years. The latest iteration, the Raspberry Pi 5, exemplifies this evolution by offering a 2-3x CPU performance boost with its 64-bit quad-core Arm Cortex-A76 processor, enhanced graphics through an 800MHz VideoCore VII GPU, and accelerated storage capabilities, particularly when paired with the right SD card. Additionally, it introduces a real-time clock, albeit needing an external battery, and a design shift that replaces the two-lane MIPI camera and display interfaces with more potent four-lane 1.5Gbps MIPI transceivers. However, it's essential to note some significant changes and potential drawbacks. These include the removal of the audio and composite jack due to space limitations, a price increase to $60 for the 4GB model and $80 for the 8GB version, the absence of built-in cooling technology—which may be concerning considering the Pi 4's heating challenges—and a new case requirement due to altered port locations.
READ THE STORY: The Register
Items of interest
AI in Nuclear Warfare: A Game of Unpredictable Consequences
Bottom Line Up Front (BLUF): The integration of AI into nuclear warfare presents both potential advantages and significant risks. While AI can enhance decision-making and battlefield awareness, it also accelerates the pace of warfare, potentially reducing the time leaders have to make crucial decisions. The unpredictability of AI, coupled with human psychology, can lead to unintended escalations in conflict.
Analyst Comments: The integration of AI into nuclear strategies is a double-edged sword. On one hand, it offers the promise of enhanced capabilities, precision, and rapid response. On the other, it introduces new vulnerabilities and complexities, especially when combined with human psychology and biases. As nations continue to explore the intersection of AI and nuclear strategy, it is imperative to approach with caution, ensuring robust safeguards and continuous evaluation of potential risks.
FROM THE MEDIA: James Johnson's article delves into the complexities of AI's role in nuclear warfare, highlighting the Russo-Ukrainian War as a backdrop. The rapid advancement of AI technology has sparked debates on its potential delegation in nuclear launch authority. While AI could ensure swift retaliation and reduce human error, the risk of accidental launches remains a grave concern. The digital age introduces new vulnerabilities, such as mechanical failures and unauthorized launches, which could escalate conflicts to a nuclear level. The article also emphasizes the psychological aspects of nuclear deterrence and how AI might influence these dynamics. Human emotions, biases, and evolutionary predispositions can impact decision-making during crises, and AI's role might exacerbate these challenges.
READ THE STORY: War on the Rocks
Israel deploys AI-powered robot guns that can track targets in the West Bank (Video)
FROM THE MEDIA: The artificial intelligence-powered guns can track targets to enhance accuracy when firing tear gas, stun grenades and sponge-tipped bullets.
Israel a world leader in AI (Video)
FROM THE MEDIA: Israel will have a ‘huge role’ to play in the artificial intelligence revolution.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.