Daily Drop (657): Ukraine: EW, Azersky-2, 8Base: SmokeLoader, Project Kuiper: Successful, UK: Sex Life Data, BDS: Less than GPS, 'Octo' Malware, Medicare: 330K Leaked, COP-Arm, ALPHV/BlackCat
11-19-23
Sunday, Nov 19, 2023 // (IG): BB // The Leek Sino-Satire // Coffee for Bob
The Ongoing Battle Over Radio Waves in Ukraine's Conflict
Bottom Line Up Front (BLUF): Electronic warfare has become a critical aspect of the conflict between Ukraine and Russia, involving tactics such as jamming, spoofing, and locating targets using radio signals.
Analyst Comments: Electronic warfare is having a significant impact on the ongoing conflict in Ukraine, with both sides deploying advanced technologies and adapting in real-time. These tactics, including jamming and spoofing, are affecting the outcome of the conflict. Experts note that electronic warfare has become as influential as weather and terrain in shaping the battle.
FROM THE MEDIA: In the ongoing conflict between Ukraine and Russia, electronic warfare has emerged as a decisive factor. Both sides are using advanced tactics such as jamming, spoofing, and locating targets through radio signals to gain an advantage. These techniques have become crucial, with Ukraine's top military commander recognizing their importance in breaking the stalemate. The conflict has turned into a proxy laboratory, closely observed by the United States, Europe, and China, who are studying these electronic warfare strategies for potential use in future conflicts.
READ THE STORY: The New York Times
Israel Sells Spy Satellites to Azerbaijan as Part of Azersky-2 Program
Bottom Line Up Front (BLUF): Israel Aerospace Industries has sold two multi-spectral electro-optical spy satellites to Azerbaijan's space agency, Azercosmos, as part of the Azersky-2 program.
Analyst Comments: The sale, worth around $120 million, involves the OptSat-500 model, marking its first announced sale. These satellites will replace an Airbus satellite used by Azerbaijan and are expected to be launched into orbit in 2026 and 2028. The new satellites offer improved resolution and a lower price compared to previous models.
FROM THE MEDIA: Israel Aerospace Industries has finalized a significant deal with Azerbaijan's Azercosmos, providing two advanced spy satellites as part of the Azersky-2 program. While the specific model and financial details were not disclosed, it is estimated to be worth approximately $120 million. These satellites will replace an existing Airbus satellite and offer enhanced capabilities, including higher-resolution imaging. The agreement also strengthens the partnership between the Israeli firm and Azercosmos in the field of space technology, while positioning Israel's reconnaissance capabilities closer to the Iranian border, impacting the ongoing conflict dynamics in the region.
READ THE STORY: MENAFN // YNEWS
8Base Group Utilizes Phobos Ransomware Variant via SmokeLoader in Financially Motivated Attacks
Bottom Line Up Front (BLUF): 8Base ransomware actors are employing a variant of the Phobos ransomware, utilizing SmokeLoader as a delivery mechanism for their attacks, as revealed by Cisco Talos.
Analyst Comments: Cisco Talos has observed increased activity by cybercriminals associated with 8Base ransomware. Their analysis indicates that the group employs Phobos ransomware, often delivered through SmokeLoader, a backdoor Trojan. Unlike typical deployments, in 8Base campaigns, the ransomware component is embedded within encrypted payloads, decrypted, and loaded into SmokeLoader's memory.
FROM THE MEDIA: The 8Base ransomware group has come under scrutiny due to its financial motivations and utilization of the Phobos ransomware variant. Cisco Talos has monitored their activities, noting the use of SmokeLoader as a conduit for Phobos ransomware. The group has been active since at least March 2022 and gained attention in mid-2023. Notably, this research highlights the distinctive approach of embedding ransomware components in encrypted payloads during 8Base campaigns. The Phobos ransomware, evolving from Dharma, is managed centrally and offered as ransomware-as-a-service (RaaS). The ransomware selectively encrypts files, and its extension blocklists suggest a coordinated effort among various groups using the same base sample over time. Additionally, the report mentions developments in the ransomware landscape, including the emergence of sophisticated ransomware products like UBUD and changes in negotiation tactics by groups like LockBit.
READ THE STORY: THN
Amazon's Project Kuiper Satellites Achieve 100% Success Rate in Protoflight Mission
Bottom Line Up Front (BLUF): Amazon's Protoflight mission for Project Kuiper has achieved a 100% success rate, proving the functionality of prototype satellites in space. The successful tests include streaming video, two-way video calls, and making purchases on Amazon. Mass production is set to commence, with beta testing expected next year.
Analyst Comments: Amazon's Project Kuiper has made significant progress with its prototype satellites, showcasing their ability to perform various tasks successfully. The recent test confirmed the functionality of critical components, including thrusters, flight computers, solar arrays, and RF communications payload. The success of these tests has paved the way for mass production of satellites and beta testing of the service in the coming year.
FROM THE MEDIA: Amazon's Project Kuiper has reported a 100% success rate in its Protoflight mission, signifying a major milestone in its satellite-based internet service venture. The recent tests demonstrated the functionality of prototype satellites, validating their thrusters, flight computers, solar arrays, and RF communications payload. The successful tests included streaming 4K video from Amazon Prime Video, conducting two-way video calls, and making an Amazon.com purchase via satellite. This achievement sets the stage for the mass production of Project Kuiper satellites, with plans for full-scale deployment to begin in the first half of 2024. Customers can expect beta testing of the service to commence later next year. While this successful mission demonstrates the viability of Project Kuiper, the team plans to continue testing the prototype satellites in orbit over the next few months to ensure their reliability in extended space operations
READ THE STORY: The Register
Rising Concerns Over Surge in Ransomware Attacks Targeting UK Government
Bottom Line Up Front (BLUF): The United Kingdom has witnessed an alarming surge in ransomware attacks on government organizations, with a record number of incidents reported in the first half of 2023. Among the concerning developments is the theft of sensitive data related to individuals' sex lives, raising questions about data security and government preparedness.
Analyst Comments: The Information Commissioner's Office (ICO) released data showing a significant increase in ransomware attacks, doubling the total number of successful attacks on government departments since records began in 2019. In just the first half of 2023, ransomware criminals compromised 667 organizations in the UK, suggesting that efforts to combat this criminal ecosystem are falling short. This rise in incidents extends beyond government offices, affecting sectors like finance, utilities, and technology.
FROM THE MEDIA: The surge in ransomware attacks targeting the UK government has raised concerns about data security and preparedness. Of particular note is the theft of sensitive "sex life data," although the department from which it was stolen remains undisclosed. Efforts to tackle ransomware have included international pledges to never pay extortion fees, but these measures may not prevent payments by private sector organizations. With ransomware attacks on the rise, it is imperative for the UK government to strengthen its cybersecurity defenses and develop effective strategies to combat this growing threat.
READ THE STORY: The Record
Beidou Navigation System Gains International Recognition but Lags Behind GPS Standard
Bottom Line Up Front (BLUF): The International Civil Aviation Organization (ICAO) of the United Nations has officially recognized China's Beidou Navigation Satellite System as a global standard for satellite navigation in civil aviation. While this marks a significant achievement for Beidou, it still lags behind the well-established GPS standard, which poses challenges in its quest for global dominance.
Analyst Comments: The recognition of Beidou by the ICAO is a noteworthy accomplishment, demonstrating its growing influence in the global satellite navigation arena. However, it faces an uphill battle in catching up with the GPS standard, which has enjoyed widespread adoption for years. Beidou must overcome various technical and logistical challenges to compete effectively on a global scale.
FROM THE MEDIA: China's Beidou Navigation Satellite System has achieved international recognition as a global standard for civil aviation navigation by the International Civil Aviation Organization (ICAO). This recognition, while significant, highlights the system's ongoing challenge of closing the gap with the well-established GPS standard. Beidou's path to global prominence will require overcoming technical and logistical hurdles to compete effectively with GPS, which has enjoyed widespread use for many years.
READ THE STORY: PDO (STATE SPONSORED)
New 'Octo' Malware Poses Threat to Android Users' Bank Details
Bottom Line Up Front (BLUF): A new malware named "Octo" has emerged, posing a significant threat to Android users, including those in New Zealand. Russian cybercriminals are behind this malware, which tricks Android phone users into sharing their banking information using fake login screens. While there have been no reported cases in New Zealand, the malware's sophistication is a cause for concern.
Analyst Comments: Octo is a dangerous malware that not only compromises bank account information but also disrupts Android phones, rendering users helpless. This malware has already affected customers from 15 banks in Australia, including major institutions like ANZ and Westpac. It's important to note that cyber threats like Octo are evolving rapidly, targeting anyone with a bank account.
FROM THE MEDIA: A new malware called "Octo" is causing alarm among Android users, with Russian cybercriminals using it to trick individuals into revealing their banking details through deceptive login screens. Although no cases have been reported in New Zealand so far, the malware's capabilities and its impact on Android devices are a significant concern. Vigilance when downloading apps and granting permissions is crucial to prevent falling victim to such threats.
READ THE STORY: RNZ
Russian Ransomware Gang Targets Medicare, Exposing Sensitive Data of Over 330,000 Recipients
Bottom Line Up Front (BLUF): In a recent disclosure, the U.S. Center for Medicare & Medicaid Services (CMS) revealed that more than 330,000 Medicare recipients have been affected by a breach resulting from a Russian ransomware gang's exploitation of the popular MOVEit file transfer service. This breach has exposed sensitive personal and medical data, including names, Social Security numbers, addresses, and healthcare history. The breach occurred due to vulnerabilities in a contractor's network, emphasizing the ongoing challenges of securing healthcare data in the digital age.
Analyst Comments: The breach in question stems from a cyberattack on Maximus Federal Services, a CMS contractor that utilized Progress Software's MOVEit Transfer. The compromised data includes highly sensitive information, such as Social Security numbers, medical history, and insurance claims, putting affected Medicare recipients at risk of identity theft and other malicious activities. The breach underscores the growing threat of cyberattacks on healthcare organizations and their partners.
FROM THE MEDIA: More than 330,000 Medicare recipients have had their personal and medical information exposed in a breach resulting from a Russian ransomware gang's exploitation of the MOVEit file transfer service. The affected contractor, Maximus Federal Services, has reported that only copies of files saved within the MOVEit application were accessed. CMS and Maximus are taking steps to notify impacted individuals and offer free credit monitoring services for 24 months. This incident highlights the ongoing need for robust cybersecurity measures in the healthcare sector to safeguard patient data from cyber threats.
READ THE STORY: The Record
COP-Arm Instances Aim to Deliver Efficient AI Processing at Lower Costs
Bottom Line Up Front (BLUF): Scaleway and Ampere Computing have announced the availability of cost-optimized COP-Arm instances for AI-driven applications. These instances are designed to provide efficient AI processing while potentially costing a fraction of what GPU-accelerated solutions do. However, specific pricing details have not been disclosed yet.
Analyst Comments: At the ai-PULSE conference in Paris, Scaleway and Ampere Computing unveiled COP-Arm instances, which are tailored for AI workloads such as chatbots, real-time analytics, and video content analysis. These instances leverage Ampere's Altra family of Arm-based datacenter processors. While powerful GPUs are often used for AI training, inference workloads, which involve using pre-trained models for tasks like speech recognition, can be efficiently handled by general-purpose CPUs like Ampere's. Scaleway has not yet disclosed the configuration and pricing of COP-Arm instances, making it difficult to assess their cost-efficiency claims.
FROM THE MEDIA: Scaleway and Ampere Computing are jointly offering COP-Arm instances optimized for AI workloads. These instances are expected to provide efficient AI processing at a potentially lower cost compared to GPU-accelerated solutions. While Ampere claims that their CPUs are well-suited for AI inference tasks, specific pricing and configuration details for COP-Arm instances are still awaited, making it necessary to wait for further information to assess their cost-effectiveness.
READ THE STORY: The Register
ALPHV/BlackCat Cybergang Accuses MeridianLink of Failing to Report Cyber Incident
Bottom Line Up Front (BLUF): In an unprecedented move, the notorious ransomware group ALPHV/BlackCat has filed a "failure to report" complaint against its own victim, digital lending company MeridianLink, with the U.S. Securities and Exchange Commission (SEC). The cybergang claims to have stolen data from MeridianLink in a breach and alleges that the company failed to report the incident as required by new SEC rules. This marks the first instance of hackers weaponizing the SEC complaint system against a victim.
Analyst Comments: ALPHV/BlackCat publicly posted screenshots of the reported SEC complaint against MeridianLink, asserting that it executed a "significant" breach compromising customer data and operational information. While MeridianLink has stated that no user data was breached and that it promptly responded to the cybersecurity incident, the ransomware group continues to press its claims. The incident underscores the evolving tactics of ransomware groups, combining cyberattacks with legal maneuvering, and poses new challenges for both cybersecurity professionals and regulatory authorities.
FROM THE MEDIA: ALPHV/BlackCat, a notorious ransomware group, has taken the extraordinary step of filing a "failure to report" complaint with the SEC against its victim, MeridianLink, a digital lending company. The cybergang alleges that MeridianLink failed to disclose a significant breach in compliance with SEC rules. MeridianLink has countered by stating that it identified a cybersecurity incident but found no evidence of unauthorized access to its production platforms. ALPHV/BlackCat's use of the SEC complaint system as a leverage tactic introduces a novel and complex dimension to cyber extortion, raising concerns for cybersecurity and legal professionals alike.
READ THE STORY: SCMAG
Items of interest
Ukraine Collects Evidence of 109,000 Alleged Russian War Crimes, Including Cyberattacks
Bottom Line Up Front (BLUF): Ukrainian Prosecutor General Andriy Kostin has reported that the Ukrainian government has compiled evidence of approximately 109,000 alleged Russian war crimes, encompassing physical and cyberattacks. Over 400 suspected perpetrators have been identified, with around 300 indicted and 66 convicted. These efforts aim to document and prosecute every incident of war crimes, including cybercrimes and crimes against the environment.
Analyst Comments: Ukraine has been actively collecting evidence of war crimes, focusing on crimes against humanity, since the full-scale invasion by Russia in 2022. The evidence is intended for presentation to the International Criminal Court in the Hague. Notably, this effort includes investigations into cyber war crimes and crimes against the environment, which is a new initiative by Ukraine during the ongoing conflict. Convicting Russian citizens who may not be present in Ukraine or have evaded capture presents challenges, but some have already faced trial in absentia. Ensuring a fair trial for all, including Russian war criminals, is a priority for Ukraine.
FROM THE MEDIA: Ukrainian Prosecutor General Andriy Kostin revealed that Ukraine has amassed evidence of approximately 109,000 alleged Russian war crimes, spanning physical and cyberattacks. Over 400 suspected perpetrators have been identified, with hundreds indicted and dozens convicted. This comprehensive effort seeks to document and prosecute every war crime, including those against the environment and in the realm of cyber warfare. Ukraine's commitment to holding accountable those responsible for war crimes remains steadfast, even as challenges in convicting Russian citizens who may not be physically present in Ukraine persist.
READ THE STORY: Politico
Ukraine’s prosecutor general on investigating alleged Russian war crimes (Video)
FROM THE MEDIA: Ukrainian Prosecutor General Andriy Kostin is leading the charge for an international investigation into alleged Russian war crimes committed in Ukraine. Kostin joins Washington Post Live to discuss the challenges in building accountability, the International Criminal Court’s arrest warrant for Russian President Vladimir Putin and the state of Ukraine more than a year into the war with Russia.
Putin's Attack on Ukraine: Documenting War Crimes (Video)
FROM THE MEDIA: “Putin’s Attack on Ukraine: Documenting War Crimes” draws on original footage; interviews with Ukrainian citizens and prosecutors, top government officials, and international war crimes experts; and a vast amount of previously unpublished evidence obtained and verified by the AP — including hundreds of hours of surveillance camera videos and thousands of audio recordings of intercepted phone calls made by Russian soldiers around Ukraine's capital city, Kyiv.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.