Daily Drop (663): Mega-Constellation, CN: Douyin, Putin Re imagines History, RCMP: Breach, HrServ.dll: Afghan, Furry: Reactor Lab, CN: Seek Asylum, Yurii Shchyhol, CN: Poaching CA, Douyin
11-25-23
Saturday, Nov 25, 2023 // (IG): BB // The Leek Sino-Satire // Coffee for Bob
China Launches Satellite for Internet Technology Test, Raising Questions About Its Mega-Constellation Ambitions
Bottom Line Up Front (BLUF): China recently launched an Internet Technology test satellite, marking the 54th rocket launch for the country this year. While official details about the satellite remain scarce, it is believed to be part of China's efforts to develop its own mega-constellation, similar to Starlink and Project Kuiper, for telecommunication and internet coverage.
Analyst Comments: The Long March 2D rocket carried the satellite into orbit from the Xichang Satellite Launch Center. China's media outlets have described the payload as a single satellite, possibly intended for testing technology related to space-based internet mega-constellations. Another payload with a similar purpose was launched earlier in the year. Although authorities claimed a single satellite for the previous launch, two objects have been cataloged, suggesting ongoing testing.
FROM THE MEDIA: China's mega-constellation project, named Guowang, aims to deploy thousands of satellites in low Earth orbit to enhance telecommunication and internet coverage. While the project was announced in 2021, testing and development appear to be ongoing. The launch of the Internet Technology test satellite raises questions about the progress of China's space-based internet initiatives and the potential challenges it may pose to astronomers due to increased objects in the sky.
READ THE STORY: The Register
China's Elderly Embrace Douyin: From Social Media Restrictions to Digital Connection
Bottom Line Up Front (BLUF): China's elderly population, comprising 267 million individuals, has increasingly turned to the short-form video app Douyin (Chinese TikTok) for connection and entertainment. Cheaper smartphones, eased access to data bundles, and a desire for companionship have driven this trend. Despite concerns about its addictive nature, many elderly users now find solace in Douyin, which offers not only entertainment but also access to diverse opinions and hobbies. The platform has bridged generational gaps and provided a sense of belonging to a segment of the population often struggling with loneliness and changing family dynamics.
Analyst Comments: There is a growing trend of elderly Chinese citizens embracing Douyin, China's version of TikTok, as a means of finding connection and entertainment. It highlights the shift from traditional television to short-form video apps among this demographic, driven by factors such as cheaper smartphones and data bundles. The article also explores how Douyin serves as a source of news and entertainment, allowing elderly users to engage with a variety of content, including political commentary and personal hobbies. Furthermore, it addresses the issue of loneliness among the elderly and how technology adoption, such as smartphone use, has become necessary in modern China. The article suggests that Douyin has not only provided entertainment but also a sense of belonging to older users.
FROM THE MEDIA: China's elderly population, numbering 267 million, has found a new source of connection and entertainment in Douyin, China's version of TikTok. This demographic has gradually shifted away from traditional television, with factors like cheaper smartphones and data bundles making it easier for them to embrace short-form video apps. Douyin has become a platform for not only entertainment but also news consumption, enabling elderly users to access diverse opinions and content. It has bridged generational gaps, helping older individuals adapt to modern technology and alleviating some of the loneliness that can come with changing family dynamics. For many elderly users, Douyin has become a vital part of their daily lives, offering a sense of belonging and interaction with a broader online community.
READ THE STORY: Wired
Vladimir Putin's Unusual Praise for Mongol Rule and Its Implications
Bottom Line Up Front (BLUF): Vladimir Putin's recent departure from his usual nationalist rhetoric surprised many as he praised the Mongol rulers of the Golden Horde for saving Russian lands from Western influences. This shift in narrative has raised questions about his motivations and signaled a strategic shift towards China. Putin's reinterpretation of history to justify autocratic rule challenges the traditional view of Mongol rule as a period of national humiliation, reflecting his willingness to distance Russia from Western values.
Analyst Comments: In a speech on November 3rd, Vladimir Putin diverged from his typical nationalist stance to express admiration for the Mongol rulers of the Golden Horde, who previously presided over Russia. This marked a significant departure from the conventional Russian perspective that views the centuries of Mongol rule as a time of national humiliation. Putin's praise for the Mongols has raised eyebrows and led to speculations about his strategic intentions. By portraying this historical period in a positive light, Putin is justifying a shift away from Western values and towards a more authoritarian style of governance.
FROM THE MEDIA: Vladimir Putin's recent speech, where he commended the Mongol rulers of the Golden Horde for their role in protecting Russian lands from Western influences, has left observers puzzled. This surprising revision of history contradicts the traditional Russian view of Mongol rule as a period of national disgrace. Putin's flexibility in adopting different historical personas over his 24 years in power suggests a calculated approach. His admiration for the Mongols and their autocratic rule is seen as a strategic move, aligning Russia more closely with China and distancing it from Western values. This departure from the norm underscores Putin's willingness to reshape historical narratives to suit his political agenda and geopolitical ambitions.
READ THE STORY: WSJ
Privacy Commissioner of Canada Investigates Data Breach Affecting Military and RCMP Personnel
Bottom Line Up Front (BLUF): The Privacy Commissioner of Canada is launching an investigation into a recent cyberattack that compromised data related to current and former members of the Canadian armed forces and the Royal Canadian Mounted Police (RCMP). The breach was reported by two affiliated companies, Brookfield Global Relocation Services (BGRS) and Sirva Canada LP, who have been providing relocation services for Canadian personnel since 1995. The scale of the breach is significant, potentially affecting around 480,000 people who have used these services since 1999. The investigation will focus on assessing data safeguards and compliance with privacy laws.
Analyst Comments: In October, the Canadian government was alerted to a data breach by BGRS and Sirva Canada LP, companies responsible for managing relocation services for military and RCMP personnel. This breach has triggered concerns as it could impact not only current but also former members of these organizations. The sheer volume of data compromised has made it challenging to identify specific individuals affected. Personal and financial information provided by employees to these relocation service providers may have been accessed, raising potential privacy and security risks.
FROM THE MEDIA: The Privacy Commissioner of Canada has launched an investigation into a significant data breach that compromised the personal and financial information of military and RCMP personnel. This breach, reported by relocation service providers BGRS and Sirva Canada LP, has raised concerns due to its potential impact on a large number of individuals, both current and former members. The investigation will assess the effectiveness of data safeguards and compliance with privacy laws, including Canada's Privacy Act and PIPEDA. While fines for data protection violations are not covered under the Privacy Act, PIPEDA allows for penalties of up to $100,000 CAD per violation. The Canadian government is offering support to affected personnel, emphasizing the need for stringent data security measures in handling sensitive information, especially concerning national security personnel.
READ THE STORY: The Record
New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government
Bottom Line Up Front (BLUF): An undisclosed government entity in Afghanistan fell victim to a suspected Advanced Persistent Threat (APT) attack, featuring a previously undocumented web shell known as "HrServ.dll." Security researchers from Kaspersky revealed that this web shell demonstrates advanced capabilities, including custom encoding methods for communication and in-memory execution. The attack leverages various tactics, such as remote administration tools and mimicry of benign network traffic, making it challenging to detect malicious activity. While the identity of the threat actor remains unknown, the attack's characteristics suggest potential financial motivation alongside APT-like behavior.
Analyst Comments: In a recent cybersecurity development, an unidentified governmental organization in Afghanistan faced a potentially sophisticated APT attack, marked by the use of an unreported web shell named "HrServ.dll." Security analyst Mert Degirmenci of Kaspersky conducted an analysis, revealing the web shell's advanced functionalities. Notably, HrServ.dll employs custom encoding techniques for communication and can execute commands in memory, enhancing its stealth and evasiveness. Kaspersky researchers identified different variants of this malware dating back to early 2021, indicating a prolonged and evolving threat. Web shells like HrServ.dll are typically employed by threat actors to gain remote control over compromised servers, enabling various post-exploitation activities, including data theft, server monitoring, and lateral movement within networks.
FROM THE MEDIA: An undisclosed government entity in Afghanistan faced a suspected APT attack featuring an undocumented web shell named "HrServ.dll." This web shell, as analyzed by Kaspersky, exhibits advanced capabilities, including custom encoding methods for communication and in-memory execution of commands. The attack chain involves the use of remote administration tools, mimicking benign network traffic, and employing various HTTP parameters to determine actions. The threat actor's identity remains unknown, but the attack's characteristics suggest a blend of financial motivation and APT-like behavior. Detection and mitigation of such threats require vigilance and advanced cybersecurity measures to safeguard against potentially damaging cyberattacks.
READ THE STORY: THN
US Nuclear Reactor Lab Targeted by 'Gay Furry Hackers' in Cybersecurity Breach
Bottom Line Up Front (BLUF): The Idaho National Laboratory (INL), a significant nuclear research facility in the United States, has experienced a cybersecurity breach orchestrated by the self-proclaimed "gay furry hackers" of SiegedSec. This unconventional group claimed responsibility for infiltrating INL's computer systems and stealing records of thousands of employees. The compromised data includes sensitive information such as Social Security numbers, physical addresses, and bank account details. SiegedSec has offered to remove the stolen records if INL engages in experimental research, demonstrating an unusual twist in cyber extortion.
Analyst Comments: In a surprising turn of events, SiegedSec, a group of hackers self-identifying as "gay furry hackers," has successfully breached the cybersecurity defenses of the Idaho National Laboratory (INL). INL, a prominent nuclear research institution, operates under the purview of the US Department of Energy's Office of Nuclear Energy. The breach resulted in the theft of critical employee data, including Social Security numbers, physical addresses, and bank account information. The lab acknowledged the cyberattack on its human resources (HR) systems, which occurred through a federally approved vendor system supporting INL's cloud HR services. INL promptly initiated security measures to safeguard employee data and has informed law enforcement authorities about the incident.
FROM THE MEDIA: The Idaho National Laboratory (INL), a significant player in nuclear research, has fallen victim to an unconventional cyberattack led by the self-identified "gay furry hackers" of SiegedSec. The breach resulted in the theft of sensitive employee data, including Social Security numbers and bank account information. SiegedSec has offered to remove the stolen records if INL engages in research related to "IRL catgirls," a request far removed from the laboratory's nuclear expertise. The incident highlights the evolving nature of cybersecurity threats and the need for comprehensive defenses in critical research institutions.
READ THE STORY: The Register
Sam Altman's Ousting: A Geopolitical Thriller in the AI World
Bottom Line Up Front (BLUF): The recent turmoil at OpenAI, involving the abrupt firing and subsequent reinstatement of its leader, Sam Altman, unveils a complex narrative that goes beyond internal power dynamics. At its core, this saga raises questions about the future of humanity, AI breakthroughs, and geopolitics. Altman's pursuit of artificial general intelligence (AGI), coupled with a vast supply chain of AI-related technologies, has far-reaching implications for global innovation and security, challenging conventional borders and notions of control.
Analyst Comments: The recent events at OpenAI, characterized by Sam Altman's dismissal and subsequent reinstatement, signify more than a corporate power struggle. Beneath the surface lies a narrative that intertwines humanity's destiny, AI advancements, and geopolitical maneuvering. The drama began when OpenAI's board decided to terminate Sam Altman, a revered AI guru and charismatic figurehead. However, the situation escalated when over 700 OpenAI employees declared their intent to depart alongside Altman. In response to this extraordinary show of solidarity, Altman was swiftly reinstated. Reports suggest that Altman's firing came on the heels of a momentous AI discovery known as "Q*" or Q-Star, which had the potential to pose a "threat to humanity." Q-Star represented a breakthrough in OpenAI's quest for artificial general intelligence (AGI), a form of AI surpassing human intelligence. Altman envisioned merging AGI with a comprehensive ecosystem, including AI chips, AI phones, AI robotics, and vast data repositories, collectively named "Tigris."
FROM THE MEDIA: The recent turmoil at OpenAI, revolving around the removal and reinstatement of Sam Altman as its leader, transcends a mere corporate struggle for power. It unveils a narrative that encompasses the future of AI, global geopolitics, and the boundaries of control. Altman's pursuit of artificial general intelligence (AGI) and a vast AI supply chain challenges traditional borders and notions of security. It also highlights the contrast between Western and Chinese approaches to AI, with far-reaching consequences for humanity's future.
READ THE STORY: UnHerd
The 'Run Philosophy': Chinese Citizens Seek Asylum in the United States Amid Political Frustration
Bottom Line Up Front (BLUF): Over the past year, there has been a significant increase in the number of Chinese citizens apprehended while crossing the U.S.-Mexico border, with over 24,000 individuals making this journey – a number greater than the total over the previous decade. These Chinese migrants follow a challenging route, flying to Ecuador, traveling through the treacherous jungle between Colombia and Panama, and ultimately seeking asylum in the United States. While most succeed in their asylum claims, a lack of cooperation from China in taking back its citizens poses a unique challenge for American authorities, with approximately 100,000 Chinese individuals among the 1.3 million facing deportation orders.
Analyst Comments: The surge of Chinese migrants crossing the U.S. southern border reflects a growing trend of citizens escaping China's harsh pandemic-related restrictions and authoritarian governance under Xi Jinping's leadership. Referred to as the "run philosophy," Chinese citizens are seeking refuge in various countries, including Japan, Europe, and the United States. The journey for these migrants typically begins with a flight to Ecuador, where no visa is required. From there, they enlist smugglers to guide them through the perilous jungle between Colombia and Panama en route to the United States. Upon arrival, they voluntarily surrender to border officials and often seek asylum.
FROM THE MEDIA: The surge of Chinese migrants crossing the U.S.-Mexico border reflects a growing trend of citizens seeking refuge abroad due to frustrations with China's political environment and pandemic-related restrictions. Over 24,000 Chinese citizens have been apprehended crossing into the United States in the past year, a number exceeding the total for the past decade. They typically embark on a challenging journey through the jungles of South America, seeking asylum upon reaching the United States. What distinguishes these migrants is their relatively high success rate in obtaining asylum and China's reluctance to repatriate its citizens, even those with deportation orders. This poses a unique challenge for American authorities, as they cannot compel countries to accept their nationals.
READ THE STORY: The New York Times
Yurii Shchyhol, Ex-Head of State Service for Special Communications and Information Protection, Faces Allegations of Embezzlement and Corruption
Bottom Line Up Front (BLUF): Ukraine's former cybersecurity chief, Yurii Shchyhol, has been released from detention on a $700,000 bail as part of an investigation into an embezzlement scheme. Shchyhol, along with his former deputy Viktor Zhora, was dismissed earlier this week amid allegations of corruption related to the procurement of software for the State Service for Special Communications and Information Protection (SSSCIP). Prosecutors claim to have found a crypto wallet containing $1.5 million in Bitcoin and Tether on Shchyhol's phone. Both Shchyhol and Zhora assert their innocence.
Analyst Comments: The release of Yurii Shchyhol on bail signifies a development in the ongoing investigation into allegations of corruption within Ukraine's cybersecurity leadership. The investigation centers around the procurement of software for SSSCIP, with prosecutors alleging embezzlement of $1.72 million between 2020 and 2022. Shchyhol and Zhora have been prominent figures in the international cyber community, responsible for safeguarding Ukraine's critical infrastructure and state information resources. The presence of cryptocurrency in the case raises questions about potential financial misconduct.
FROM THE MEDIA: Yurii Shchyhol, the former head of Ukraine's State Service for Special Communications and Information Protection (SSSCIP), has been released on $700,000 bail amid allegations of corruption related to software procurement for the agency. Shchyhol's release comes after his detention earlier this week, with prosecutors revealing the discovery of a crypto wallet containing $1.5 million in Bitcoin and Tether on his phone. Alongside his former deputy Viktor Zhora, Shchyhol was dismissed from his position. Both individuals maintain their innocence and assert that the software procurement was carried out in compliance with the law. The investigation also implicates intermediary companies linked to businessman Roman Koval in the alleged embezzlement scheme. The case highlights the challenges of addressing corruption in government agencies and the prominence of cybersecurity officials in Ukraine's cyber landscape.
READ THE STORY: The Record
Concerns Arise Over Chinese Talent Programs and Potential Loss of Proprietary Information
Bottom Line Up Front (BLUF): Canada's intelligence agency, the Canadian Security Intelligence Service (CSIS), has issued a warning regarding a Chinese recruitment campaign targeting Canadian government officials and academics. The alert, sent to federal employees, highlights a large-scale email effort aimed at luring individuals into an overseas talent program. CSIS expresses concern that the People's Republic of China (PRC) may exploit this campaign to gain access to Canadian knowledge and expertise, potentially resulting in the misappropriation of government resources and the loss of sensitive information.
Analyst Comments: The alert raises significant concerns about the PRC's efforts to recruit Canadian government employees and academics through enticing offers. It underscores the potential risk of espionage and foreign interference activities associated with such talent recruitment initiatives. Furthermore, the involvement of over 200 Chinese "talent recruitment programs" is noted, highlighting the extensive scope of these efforts. The FBI's assessment suggests that participants in these programs may be compelled to share proprietary information and subject themselves to Chinese laws.
FROM THE MEDIA: CSIS has issued a warning to Canadian government employees about a Chinese recruitment campaign targeting them. The alert emphasizes that the PRC may seek to acquire Canadian knowledge and expertise, posing risks to government resources and sensitive information. The recruitment email, titled "2024 invitation for overseas talents to apply for the Global Excellent Scientists Fund in China," solicits significant personal information and promises substantial salaries. CSIS cautions that these initiatives may serve espionage and foreign interference purposes, exploiting Canada's research and innovation sector's open nature. While not explicitly mentioning China, CSIS has also advised academics and researchers to be cautious about offers of lucrative placements or collaboration opportunities. The agency has become increasingly vocal about research security concerns in recent years.
READ THE STORY: CBC
Roskomsvoboda: Battling Kremlin Censorship in an Orwellian Russia
Bottom Line Up Front (BLUF): Running an internet freedom organization in an authoritarian country is never easy, but for Roskomsvoboda, the past two years have been particularly difficult due to Russia's tightening grip on the internet and expanded censorship laws.
Analyst Comments: Until Russia's invasion of Ukraine in 2022, the Moscow-based nonprofit group experienced some inconveniences from the state but had managed to remain largely intact for nearly a decade. However, the Kremlin designated Roskomsvoboda as a “foreign agent” last December, subjecting it to additional audits, imposing judicial restrictions, and prohibiting it from hosting public events. As a result, nearly half of Roskomsvoboda’s members had to leave the country, and those who stayed are trying to avoid publicity to be safe.
FROM THE MEDIA: Roskomsvoboda, which translates to "freedom," was founded in 2012 and aimed to promote privacy, anonymity, access to information, openness of the state, and public control over government digital activities. It initially tried to maintain a friendly relationship with the government, influencing tech regulation and providing judicial assistance to those affected by censorship laws. However, the organization's cooperation with the government came to an end after being designated as a "foreign agent."
READ THE STORY: The Record
Items of interest
German Budget Ruling Raises Uncertainty Over Chip Fab Funding for Intel and TSMC
Bottom Line Up Front (BLUF):A recent ruling by Germany's Federal Constitutional Court has created doubts regarding funds allocated for subsidizing the construction of local chip factories by companies like TSMC and Intel. The court declared that reallocating €60 billion from pandemic support to the Climate and Transformation Fund in 2022 was unconstitutional, potentially affecting subsidies for chip manufacturing in the country. The rise of generative AI has been a prominent topic in cybersecurity in 2023, providing security teams with predictive technology to combat cyber threats. However, this advancement has a darker side, as cyber criminals are quick to harness the power of generative AI for their malicious purposes.
Analyst Comments: The court's ruling has cast uncertainty over the subsidies earmarked for chipmaking facilities in Germany, including Intel's wafer fabrication facility and TSMC's 300mm wafer fabrication facility. The subsidies were crucial for these projects, with Intel's subsidies covering a quarter of its construction cost and TSMC's covering half of its expenses. Germany's State Secretary for Economic Affairs has expressed concerns about the future of these chip settlements without the Climate and Transformation Fund.
FROM THE MEDIA: The ruling has created a significant challenge for the German government and industrial projects. The fate of these chip manufacturing facilities remains uncertain if the subsidies are not provided. Both Intel and TSMC have faced revenue declines in recent times due to market conditions, making these subsidies even more critical. The ruling's impact on the country's budget and industrial initiatives is a matter of concern for the government and industry stakeholders.
READ THE STORY: The Register
Semiconductor Chip War: America's Edge Over China (Video)
FROM THE MEDIA: Patrick Bet-David explains the importance of semiconductor chips and how the United States and China compare in their chip-building capabilities. PBD also discusses how the Biden administration's new restrictions on China are making it difficult to build their own semiconductor chips.0:02 / 2:49
How ‘Chip War’ Puts Nations In Technology Arms Race (Video)
FROM THE MEDIA: The incredibly complex, high-stakes $550 billion business of making semiconductors has always been a battle of corporate giants. Now it’s also a race among governments.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.