Daily Drop (655): Viasat: Space Infrastructure, Microchip Smuggling, Sandworm: Denmark, CN: 1.2 terabits per Sec Network, IPStorm Botnet, Israel Conflict, LockBit Attack, USTR, OpenAI: DDoS
11-16-23
Thursday, Nov 16, 2023 // (IG): BB // The Leek Sino-Satire // Coffee for Bob
The Impact of Cyberattacks on Space Infrastructure
Bottom Line Up Front (BLUF): Cyberattacks on space infrastructure pose a significant threat to critical sectors and require a shift towards redundancy and resilience. Recent attacks, such as the one on satellite company Viasat, highlight the need for comprehensive strategies to protect space assets.
Analyst Comments: The cybersecurity landscape is evolving, and space technology is becoming an increasingly attractive target for cyberattacks. The Cybersecurity and Infrastructure Security Agency (CISA) emphasizes the interdependency of space technology across critical sectors, making it a horizontal dependency. This means that virtually every sector relies on space assets, highlighting the potential consequences of a successful cyberattack on space infrastructure. The recent attack on Viasat is a prime example. The attack on Viasat, attributed to the Russian military, had widespread ramifications. It left KA-SAT modems inoperable in Ukraine, disrupted 5,800 Enercon wind turbines in Germany, and caused disruptions to numerous organizations across Europe. The primary goal of this cyberattack was to degrade the communication capabilities of the Ukrainian government and military.
FROM THE MEDIA: Cyberattacks targeting space infrastructure have far-reaching consequences, affecting various critical sectors. The recent attack on Viasat demonstrated the vulnerability of space assets and their interconnectedness with other industries. While this attack had severe implications for Viasat and its customers, the Ukrainian military's ability to maintain operational capability showcased the importance of resilience. The U.S. Space Force, along with cybersecurity agencies like CISA, is actively working on enhancing resilience in space technology. As attacks on space infrastructure extend beyond nation-states into the realm of criminal organizations, a comprehensive approach is needed. This includes cataloging space assets, which falls under the responsibility of organizations like the Federal Aviation Administration (FAA).
READ THE STORY: The Record
A Covert Operation Unveiled - The Story of Maxim Ermakov and the Microchip Smuggling Operation
Bottom Line Up Front (BLUF): A recent investigation by the Financial Times reveals a shadowy network led by Maxim Ermakov, who has been sanctioned by the US and UK governments, involved in smuggling European microchips into Russia. This operation, designed to provide Russia with essential technology for its military, sheds light on the challenges faced by Western governments in combating Russian state smuggling efforts. Specialized microchips, crucial to Russia's defense industry, have been at the center of this decades-long operation, involving a complex web of intermediaries and illicit routes to avoid export controls.
Analyst Comments: The investigation uncovers a sophisticated network that has been operating for decades, highlighting Russia's reliance on smuggled technology due to its inability to domestically produce certain advanced components. The use of intermediaries, front companies, and shifting routes demonstrates the network's adaptability and evasiveness. Despite recent sanctions and increased scrutiny, the network continues to procure technology for Russia's military needs. Western governments face significant challenges in enforcing export controls and preventing sensitive technology from reaching Russia.
FROM THE MEDIA: The Financial Times investigation reveals the covert operation led by Maxim Ermakov, aimed at smuggling European microchips into Russia for military purposes. Ermakov's network spans across various countries, with roots dating back to the 1990s. This operation highlights Russia's dependence on foreign components, as its domestic manufacturing capabilities lag behind Western and Asian counterparts. Since the annexation of Crimea in 2014 and subsequent sanctions, obtaining these vital components has become increasingly challenging for Russia. However, the investigation shows that networks like Ermakov's have adapted and continue to source technology for Russia's military.
READ THE STORY: The Record
Denmark's Critical Infrastructure Under Siege: Unraveling the Cyberattacks
Bottom Line Up Front (BLUF): In May 2023, Denmark experienced its most severe cyberattack on critical infrastructure to date, with 22 organizations falling victim to a series of relentless cyberattacks. The attacks forced some of these entities into an "island mode" operation, disconnecting them from the internet and non-essential networks. The breaches primarily exploited unpatched vulnerabilities in Zyxel firewalls, with some attackers employing undisclosed zero-day vulnerabilities. Multiple threat actors were involved, including suspicions of Russia's GRU-linked Sandworm operation. The incident underscores the critical need for improved cybersecurity practices and international collaboration.
Analyst Comments: Denmark's critical infrastructure endured a wave of cyberattacks that targeted 22 organizations, posing a significant threat to the nation's security. The attacks exploited unpatched vulnerabilities in Zyxel firewalls, which were prevalent among the targeted entities. Some attackers leveraged undisclosed zero-day vulnerabilities, demonstrating a high level of sophistication. The involvement of multiple threat actors suggests a coordinated effort to compromise Denmark's critical infrastructure. Notably, suspicions arose regarding the infamous Sandworm operation, associated with Russia's GRU, although attribution remains uncertain due to limited evidence.
FROM THE MEDIA: Denmark faced an unprecedented cyberattack on its critical infrastructure in May 2023, resulting in 22 organizations falling victim to relentless assaults. Exploiting unpatched vulnerabilities in Zyxel firewalls, some attackers even used undisclosed zero-day vulnerabilities, raising concerns about their sophistication. The involvement of multiple threat actors, including suspicions of Russia's GRU-linked Sandworm operation, highlighted the complexity of the attacks. Coordination among the attackers was remarkable, indicating extensive planning and resources. Despite the challenges posed by the attacks, Denmark's critical infrastructure experts responded swiftly and efficiently to minimize the damage. This incident underscores the urgent need for enhanced cybersecurity measures and international cooperation to protect critical infrastructure from evolving threats.
READ THE STORY: THN // Bloomberg
China says it’s built the world’s fastest internet network
Bottom Line Up Front (BLUF): China has unveiled what it claims to be the world's most advanced internet network, boasting speeds of around 1.2 terabits per second (1,200 gigabits per second). Although these theoretical speeds won't be immediately available to consumers, the launch has significant implications for businesses, information transfer, stock trading, and national security. The backbone network, stretching 1,800 miles from Beijing to the south, was developed in partnership with Huawei, China Mobile, Beijing’s Tsinghua University, and Cernet, a government-funded research network. It has the capacity to support data transfers from technologies like 5G and electric vehicles.
Analyst Comments: China's announcement of the world's fastest internet network reflects the nation's ongoing efforts to assert its technological prowess. With speeds that far surpass current capabilities, the network has substantial implications for various sectors, including business and national security. While it doesn't pose a direct threat to the US, it could serve as a foundation for bandwidth-intensive Chinese businesses. The launch coincides with President Biden's meeting with Chinese President Xi Jinping, emphasizing China's commitment to establishing itself as a cyber power. Chinese authorities have independently controlled the entire system, including software and hardware, marking it as one of the world's most advanced networks. The strategic significance of such infrastructure extends beyond mere internet speed, as it can underpin the growth of cutting-edge technologies in China, potentially impacting various industries.
FROM THE MEDIA: China has introduced what it claims to be the world's fastest internet network, operating at speeds of 1.2 terabits per second. While not immediately available to consumers, this network has far-reaching implications for business, information transfer, and national security. Developed in collaboration with Huawei, China Mobile, Tsinghua University, and Cernet, the network spans 1,800 miles and is positioned to support data transfers from emerging technologies. Its launch reflects China's ambitions to establish itself as a cyber power, and its strategic implications extend beyond internet speed to influence various sectors and industries.
READ THE STORY: CNN
U.S. Takes Down IPStorm Botnet, Russian-Moldovan Mastermind Pleads Guilty
Bottom Line Up Front (BLUF): The U.S. government has announced the successful dismantling of the IPStorm botnet proxy network, with its infrastructure taken offline. The individual behind the operation, Sergei Makinin, a Russian-Moldovan national, has pleaded guilty to his involvement in deploying the botnet, which infected various devices, including Windows, Linux, Mac, and Android devices, worldwide. Makinin developed and used the botnet to turn these devices into proxies for profit, and the illicit services were advertised via proxx[.]io and proxx[.]net. The botnet leveraged the InterPlanetary File System (IPFS) to obscure its malicious traffic.
Analyst Comments: The takedown of the IPStorm botnet represents a significant victory against cybercriminals abusing legitimate technologies for malicious purposes. This botnet had a broad reach, infecting devices globally and offering its services to threat actors seeking to conceal their activities. Sergei Makinin, who orchestrated the operation, now faces a maximum prison sentence of 30 years and will be required to forfeit cryptocurrency wallets linked to his criminal activities. Collaboration between law enforcement and the private cybersecurity sector played a crucial role in shutting down this illegal operation.
FROM THE MEDIA: The U.S. government has successfully taken down the IPStorm botnet proxy network, leading to the arrest of Sergei Makinin, the individual responsible for deploying the botnet. This malicious network infected various devices globally, turning them into proxies for profit. The botnet leveraged the InterPlanetary File System (IPFS) to obfuscate its malicious traffic. Makinin has pleaded guilty and faces a potential prison sentence of up to 30 years. This operation underscores the importance of international collaboration in countering cyber threats and emphasizes the commitment of law enforcement and cybersecurity experts to disrupt cybercriminal activities.
READ THE STORY: THN
NSA's Rob Joyce Discusses Cyber Threats to Israel Amid Conflict
Bottom Line Up Front (BLUF): During a panel at the Aspen Cyber Summit, Rob Joyce, the head of the National Security Agency's (NSA) Cybersecurity Directorate, discussed the cyber threats faced by Israel in the midst of its conflict with Hamas. Joyce highlighted that Israel is under significant cyber pressure from various adversaries, including Iran, hacktivists, and ransomware criminals. While most of the attacks are not highly impactful, they pose a challenge to Israel's cybersecurity infrastructure. Joyce emphasized the importance of Israel improving its cyber defenses in response to these threats, with Iran being a primary source of malicious activity.
Analyst Comments: Rob Joyce's remarks shed light on the cyber challenges that Israel is currently confronting during its conflict with Hamas. He identified three key threat actors targeting Israel's cybersecurity landscape. Firstly, Iran, as a long-time supporter of Hamas, poses a significant threat by potentially leveraging its formidable digital capabilities in the conflict. Secondly, hacktivists, whose ties to nation-states remain uncertain, are also a source of concern. Lastly, ransomware criminals have exploited the situation to conduct cyberattacks.
FROM THE MEDIA: Israel is currently facing a substantial amount of cyber pressure from multiple adversaries as it grapples with its conflict against Hamas. Rob Joyce, the head of the NSA's Cybersecurity Directorate, revealed these insights during a panel discussion at the Aspen Cyber Summit. While most of the cyberattacks may not have a high impact individually, they collectively pose challenges to Israel's cybersecurity infrastructure. The primary threat actors include Iran, hacktivists (with ambiguous affiliations), and ransomware criminals. Joyce also highlighted the significant impact of misinformation in the ongoing struggle. To counter these threats, Israel has been working to enhance its cyber defenses and protect critical infrastructure.
READ THE STORY: The Record
ICBC, World's Largest Lender, Pays Ransom After LockBit Attack
Bottom Line Up Front (BLUF): China's Industrial and Commercial Bank (ICBC), the world's largest lender, reportedly paid a ransom to the Russia-backed LockBit ransom-as-a-service gang after suffering a cyberattack. The attack disrupted ICBC's systems and caused temporary issues in the U.S. Treasury market on November 9, 2023. While the ransom payment and its amount have not been independently confirmed, a LockBit representative stated that "they paid a ransom, and the deal closed." LockBit has gained notoriety for its modular and evasive malware, which involves stealing and releasing data unless a ransom is paid.
Analyst Comments: ICBC's payment of a ransom to the LockBit gang highlights the serious impact of ransomware attacks on even the largest financial institutions. The cyberattack on ICBC disrupted its operations, affecting the U.S. Treasury market. LockBit's ransomware tactics involve threatening to release sensitive data unless a ransom is paid, making it a formidable adversary. Notably, LockBit recently targeted Boeing, warning of data leaks and subsequently publishing a significant amount of stolen data when the aerospace giant refused to pay the ransom. This incident underscores the audacity and persistence of cybercriminals in their pursuit of ransom payments.
FROM THE MEDIA: China's Industrial and Commercial Bank (ICBC), the world's largest lender reportedly paid a ransom to the LockBit gang after experiencing a cyberattack that disrupted its systems and affected the U.S. Treasury market. LockBit's ransomware tactics involve data theft and threats of data release unless a ransom is paid, making them a formidable cyber threat. The incident reflects a broader trend of major organizations falling victim to ransomware attacks and facing the difficult decision of whether to pay ransom. LockBit's extensive impact in the U.S., affecting around 1,700 organizations since 2020, underscores the need for enhanced cybersecurity measures, especially for entities vulnerable to remote monitoring and management tool exploitation.
READ THE STORY: MSSPAlert
China Gains as U.S. Abandons Digital Policy Negotiations
Bottom Line Up Front (BLUF): The United States Trade Representative (USTR) has surprised allies and alarmed lawmakers by abandoning its previous stance on digital policy negotiations that protected cross-border data flows, opposed forced data localization, safeguarded source code, and prevented discrimination against digital products in the World Trade Organization (WTO). This abrupt shift in policy has created a void that China, a staunch proponent of stricter control over data, is poised to fill. While the USTR's retreat might seem to address domestic policy concerns, it aligns with Beijing's vision of cyber sovereignty and gives credence to China's restrictive approach to digital governance.
Analyst Comments: The USTR's decision to relinquish its support for open data flows and data sovereignty protections in international negotiations has elicited a bipartisan backlash. Lawmakers, including Senate Finance Committee Chairman Ron Wyden, criticize the move for potentially abandoning democratic allies and ceding ground to China in critical digital policy negotiations. This decision undermines the longstanding U.S. position advocating for an open and free global internet and digital economy, with significant consequences across various sectors, including trade, national security, cybersecurity, privacy, law enforcement, human rights, and diplomacy.
FROM THE MEDIA: The U.S. Trade Representative's decision to reverse its support for international policies protecting cross-border data flows, opposing data localization, and promoting open digital trade has sparked bipartisan criticism and consequences across various domains. This move potentially allows China to take the lead in shaping digital governance and cyber sovereignty, undermining the United States' position as a proponent of an open and free global internet and digital economy. The decision carries risks for economic interests, human rights, and global leadership in digital technology governance and challenges the Biden administration's vision of promoting an open, secure digital environment.
READ THE STORY: Lawfare
OpenAI Attributes ChatGPT Outages to a DDoS Attack Claimed by a Russian Hacktivist Group
Bottom Line Up Front (BLUF): OpenAI has confirmed that recent outages of its ChatGPT service were the result of a targeted Distributed Denial of Service (DDoS) attack, which has been claimed by a hacktivist group called Anonymous Sudan. While the group's origin is uncertain, it is suspected of having links to Russia. OpenAI is actively working to mitigate the effects of the attack, but intermittent service disruptions have occurred.
Analyst Comments: OpenAI, a prominent AI research organization, has faced a significant challenge as its ChatGPT service experienced disruptions due to a DDoS attack. The attack, which coincided with messages from a group called Anonymous Sudan claiming responsibility, disrupted access to ChatGPT for users, leading to error messages and sign-in problems. While OpenAI has not definitively linked the attack to any specific group, security experts have noted similarities between Anonymous Sudan and another group known as Killnet, which is associated with Russia. OpenAI CEO Sam Altman initially attributed the outages to increased usage resulting from the introduction of new features.
FROM THE MEDIA: OpenAI's ChatGPT service experienced disruptions attributed to a targeted DDoS attack, with a hacktivist group called Anonymous Sudan claiming responsibility. The attack raised concerns about the security of AI-powered chatbots and their impact on users' productivity. While OpenAI is actively addressing the issue, it underscores the need for enhanced security measures to protect AI chatbots from cyber threats.
READ THE STORY: CPOMAG
Countering China's "Intelligentized" Military Demands That Pentagon Embraces New Technology
Bottom Line Up Front (BLUF): A recent report by the Department of Defense (DoD) highlights China's rapid and substantial investment in its military, posing a significant challenge to the United States. China's "intelligentized warfare" strategy, featuring extensive AI development and advanced technologies, demands a proactive response from Washington. The Pentagon must prioritize adopting and deploying cutting-edge technology to effectively counter China's military advancements and secure its position as the leading military force.
Analyst Comments: China's military ambitions, marked by a 7.1% increase in defense spending, emphasize modernization and proficiency improvement across all warfare domains. Central to this approach is "intelligentized warfare," which leverages dual-use AI and advanced technologies, presenting a formidable threat to the United States and its allies. This strategy is not merely a future concern but a current reality, evident in China's actions toward Taiwan. One facet of "intelligentized" warfare involves cyber capabilities to disrupt or infiltrate enemy networks, communication systems, and infrastructure. Recent incidents, such as cyber-attacks during Speaker Nancy Pelosi's visit to Taiwan, highlight China's willingness to employ these tactics.
FROM THE MEDIA: China's "intelligentized warfare" strategy poses a substantial challenge to the United States and its allies. The Pentagon must take swift action to adopt advanced technology and streamline innovation adoption processes. This includes expediting procurement, increasing private-public experimentation, and simplifying certification for small businesses. By embracing these strategies and fostering a culture of innovation and experimentation, the U.S. can maintain its technological superiority and effectively counter China's military advancements.
READ THE STORY: LNJ
International Botnet IPStorm Dismantled by FBI: Hacker Pleads Guilty to Three Charges
Bottom Line Up Front (BLUF): Sergei Makinin, the mastermind behind the IPStorm botnet, faces prison time and a significant fine after admitting guilt to hacking-related charges. The FBI's successful takedown of this global botnet highlights the complex nature of cyber threats and the importance of international collaboration in addressing them.
Analyst Comments: The Federal Bureau of Investigation (FBI) has effectively dismantled the IPStorm botnet, a global cyber threat comprising over 23,000 proxies, following the hacker responsible, Sergei Makinin, pleading guilty to three hacking-related charges. Each charge carries a maximum sentence of 10 years, signifying the severity of the cybercrimes committed. Makinin's botnet, known as IPStorm or InterPlanetary Storm, utilized a peer-to-peer (P2P) network based on the InterPlanetary File System's (IPFS) P2P network protocol, making it challenging to detect malicious traffic.
FROM THE MEDIA: IPStorm, also recognized as InterPlanetary Storm was first identified in 2019 by Anomali for its unique utilization of a legitimate P2P network, which camouflaged malicious activities within legitimate traffic. The botnet initially targeted Windows systems but soon expanded its reach to infect Linux, Mac, and Android devices worldwide, including North and South America, Europe, and Asia. Its widespread presence posed a significant threat to individuals and organizations globally.
READ THE STORY: SCMAG
Items of interest
ICAO Recognizes China's BDS as Global Standard
Bottom Line Up Front (BLUF): The International Civil Aviation Organization (ICAO) has formally acknowledged China's BeiDou Navigation Satellite System (BDS) as one of its standards for civil aviation. This recognition elevates BDS to the status of a globally accepted satellite navigation system for civil aviation. BDS, a satellite navigation system developed and operated by China, prioritizes national security and socio-economic development. It joins the ranks of other recognized global navigation systems, including the United States' GPS, Russia's GLONASS, and the European Union's Galileo. BDS has a wide user base spanning more than 200 countries and regions.
Analyst Comments: The Civil Aviation Administration of China announced that the latest revised version of Annex 10 to the International Civil Aviation Convention, which includes standards and recommended measures for BDS, has officially taken effect. This marks the formal inclusion of BDS within the ICAO standards framework. BDS was developed by China with a strong emphasis on national security and socio-economic development. It is one of four global satellite navigation systems recognized by the United Nations, alongside GPS, GLONASS, and Galileo. BDS has a significant global presence, serving users in over 200 countries and regions. Its official recognition by ICAO underscores its status as a trusted and widely accepted satellite navigation system for civil aviation.
FROM THE MEDIA: The International Civil Aviation Organization (ICAO) has officially recognized China's BeiDou Navigation Satellite System (BDS) as a global standard for civil aviation. BDS, developed by China, is now on par with other recognized global satellite navigation systems, including GPS, GLONASS, and Galileo. This recognition reinforces BDS's position as a trusted and widely accepted satellite navigation system, serving users in over 200 countries and regions. It highlights China's commitment to advancing space technology and enhancing global aviation navigation and safety.
READ THE STORY: ChinaDaily (CN STATE SPONSORED)
China's Beidou, the road to overcome obstacles (Video)
FROM THE MEDIA: On May 17th at 10:49 a.m. Beijing time, China successfully launched the 56th BeiDou navigation satellite using the Long March 3B carrier rocket at the Xichang Satellite Launch Center. This satellite is the first backup satellite of the BeiDou-3 project and, after being placed into orbit and completing in-orbit testing, it will be integrated into the BeiDou satellite navigation system.
How China Is Threatening U.S. GPS Dominance (Video)
FROM THE MEDIA: For decades, the United States has been a leader in satellite navigation technology. The U.S. Global Positioning System, or GPS as most of us know it, was originally designed as a military tool but has also become indispensable in the lives of civilians, with over 6 billion users around the world. But the U.S. is not the only country with its own global navigation satellite system.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.