Daily Drop (686): ISRL: GPS Gaza, GSK CN, Wood SAT, MongoDB, Kraft Heinz, UK: GRID, Pig Butchering: Crypto Scam, Ontario Public Library, Tokyo Electron, Putin Election, Tsingshan Holding Group
12-17-23
Sunday, Dec 17 2023 // (IG): BB // ShadowNews // Coffee for Bob
Israel's GPS Jamming Strategy in Gaza War Raises Security and Technological Concerns
Bottom Line Up Front (BLUF): Israel's military strategy during the recent Gaza conflict included the intentional jamming of GPS signals, a tactic aimed at hindering Hamas and Hezbollah drone and unmanned aircraft attacks. This strategy has brought attention to the vulnerabilities and countermeasures associated with satellite navigation systems like GPS, impacting both military and civilian sectors.
Analyst Comments: The Israeli Defense Forces (IDF) decision to jam GPS signals reflects an evolving military doctrine in response to asymmetric warfare threats, particularly from non-state actors like Hamas and Hezbollah. GPS, originally developed by the U.S. for military purposes, has become ubiquitous in civilian life, underpinning everything from personal navigation to critical infrastructure. Israel's approach demonstrates a strategic shift towards electronic and cyber warfare capabilities, highlighting the delicate balance between military objectives and civilian implications.
FROM THE MEDIA: The GPS disruptions began following a Hamas attack in the Gaza Envelope on October 7, 2023, with the IDF acknowledging their role in this. Researchers at the University of Texas identified significant GPS interferences, attributing them to an Israeli Air Force unit located on Mt. Meron. The GPS, vital for various sectors, operates through signals from satellites that are vulnerable to interference. Besides spoofing (falsifying signals), signal jamming (blocking signals) is a common method of disruption. Such interferences have civilian repercussions, as seen in complaints from Israeli farmers and drone operators, and can affect civil aviation. Despite the ease of GPS signal disruption, countermeasures, and alternative navigation systems are being developed and employed.
READ THE STORY: YNET
GSK Expands Presence in China with New Drug Deals and Partnerships
Bottom Line Up Front (BLUF): GlaxoSmithKline (GSK) is actively seeking pharmaceutical deals in China, leveraging the country's advanced chemical research capabilities. Recent partnerships include a $1.5 billion cancer drug deal with Hansoh Pharma and a $3 billion distribution agreement with Zhifei for a shingles vaccine. This move marks a significant recovery and strengthening of GSK's presence in China following a corruption scandal over a decade ago.
Analyst Comments: GSK's strategic shift towards China reflects a broader trend in the global pharmaceutical industry, recognizing China's growing influence in drug research and development. The emphasis on China not only allows GSK access to innovative molecules but also offers an opportunity to rebuild its reputation and business footprint in a key market. However, this strategy involves navigating complex regulatory landscapes and managing geopolitical risks. GSK's approach, focusing on partnerships and licensing rather than direct competition in obesity treatment drugs, suggests a cautious yet targeted expansion strategy.
FROM THE MEDIA: After recovering from a corruption scandal involving bribery to doctors, GSK has reestablished strong ties with the Chinese government and local companies. Luke Miels, GSK's Chief Commercial Officer, highlights China's high chemical research standards as a key factor in the company's decision to pursue deals there. The recent agreements with Hansoh Pharma and Zhifei represent GSK's renewed focus on China. In contrast to its competitor AstraZeneca, GSK had a smaller Chinese presence due to the past scandal, which resulted in a £300 million fine and staff dismissals in 2014. GSK's shares have underperformed compared to its European rivals, and the company is currently addressing lawsuits related to its heartburn medication Zantac. Miels indicated GSK's intention to continue global mergers and acquisitions, focusing on smaller deals in areas like respiratory and infectious diseases.
READ THE STORY: FT
Kyoto University's Innovative Wooden Satellites: A Potential Solution for Space Debris
Bottom Line Up Front (BLUF): Japanese scientists from Kyoto University are developing wooden satellites as a sustainable alternative to traditional metal ones. This initiative, using magnolia wood from Hokkaido, aims to address the growing issue of space debris and its environmental impact. The project includes a prototype called LingoSat, supported by the Japan Aerospace Exploration Agency (JAXA) and NASA.
Analyst Comments: Kyoto University's pursuit of wooden satellites represents a significant innovation in space technology, focusing on environmental sustainability. This approach addresses the dual challenges of space clutter and the environmental impact of metal satellites. The use of magnolia wood, known for its lightness and dimensional stability, is a creative application of natural resources for advanced technological purposes. The project also highlights the growing awareness and need for environmentally responsible practices in space exploration and technology.
FROM THE MEDIA: The project began with tests in 2022, sending samples of cherry, birch, and magnolia wood into space, with magnolia emerging as the preferred material due to its properties. The small wooden prototype satellite, LingoSat, has shown promising results. Concerns about space debris and its environmental impact, such as metal particles in the stratosphere and damage to the ozone layer, have escalated with the increasing number of satellite launches. The Kyoto University initiative aims to mitigate these issues by using wood, which is less harmful and reduces metal clutter in space. Additionally, the European Space Agency's Clean Space initiative and other international efforts are increasingly focusing on sustainable and environmentally friendly space exploration practices.
READ THE STORY: The Japan Times
MongoDB Faces Security Breach, Customer Data Exposed
Bottom Line Up Front (BLUF): MongoDB, an American database software company, experienced a security breach resulting in unauthorized access to corporate systems and the exposure of customer account metadata and contact information. Detected on December 13, 2023, the company is actively investigating the incident and has advised customers to enhance security measures.
Analyst Comments: MongoDB's breach underscores the persistent threat landscape in the digital domain, especially for data-centric companies. The breach's impact, focusing on customer metadata and contact information, raises concerns about potential phishing and social engineering attacks targeting MongoDB's customers. The incident also highlights the importance of robust cybersecurity measures, including phishing-resistant multi-factor authentication (MFA) and regular password updates. MongoDB's proactive response in terms of incident response activation and customer advisories is commendable, yet the event serves as a reminder of the critical need for continuous vigilance and advanced security protocols in protecting sensitive data.
FROM THE MEDIA: The breach involved unauthorized access to MongoDB's corporate systems, with the initial detection of abnormal activities on December 13, 2023. MongoDB emphasized that there has been no known exposure of data stored in MongoDB Atlas, its database service. The company is experiencing elevated login attempts, causing difficulties for customers accessing Atlas and the Support Portal, although this is reportedly unrelated to the breach. MongoDB has recommended customers be vigilant against social engineering and phishing attacks, enforce phishing-resistant MFA, and change their Atlas passwords.
READ THE STORY: THN
Snatch Ransomware Gang Allegedly Hacks Kraft Heinz
Bottom Line Up Front (BLUF): The Snatch ransomware group has claimed responsibility for a cyberattack on the food giant Kraft Heinz. The company is investigating the incident, which reportedly occurred on a decommissioned marketing website.
Analyst Comments: The attack on Kraft Heinz by the Snatch ransomware group highlights the ongoing threat posed by ransomware to large corporations, including those in critical sectors like food and agriculture. The tactic of targeting decommissioned or less active digital assets underscores the need for comprehensive cybersecurity strategies that cover all digital footprints of an organization. The Snatch ransomware group, known for its method of rebooting infected computers into Safe Mode to bypass security measures, has been active since 2019 and has targeted various critical infrastructure sectors.
FROM THE MEDIA: The Snatch ransomware group added Kraft Heinz to its list of victims on December 14, claiming the attack occurred in August. Kraft Heinz confirmed it is investigating a potential cyberattack on a decommissioned marketing website. The internal systems of the company are reportedly operating normally, with no evidence of a broader attack. The Snatch ransomware group has a history of targeting various sectors, using tactics like data exfiltration and double extortion. The FBI and CISA have previously issued alerts about the Snatch ransomware operation, noting its evolving tactics and widespread targeting. The group has claimed attacks on other high-profile entities, including the Department of Defence South Africa and HENSOLDT France.
READ THE STORY: Security Affairs // The Register
National Grid Ends Contract with Beijing-Backed Supplier Amid UK Cyber Security Concerns
Bottom Line Up Front (BLUF): National Grid, a major British electricity company, has terminated contracts with NR Electric UK, a subsidiary of China's Nari Technology, and begun removing its components from the UK's electricity transmission network due to cyber security concerns. The decision reflects a growing cautious approach in the West regarding Chinese involvement in critical national infrastructure.
Analyst Comments: National Grid's move to distance itself from a Beijing-backed supplier marks a significant shift in the UK's stance on foreign involvement in critical infrastructure, particularly from China. The decision, influenced by advice from the National Cyber Security Centre, underscores the escalating apprehensions about potential cyber vulnerabilities and espionage activities associated with foreign-supplied critical components.
FROM THE MEDIA: National Grid's decision to end its contract with NR Electric UK and remove its components from the UK's electricity grid came after consultations with the National Cyber Security Centre. Concerns centered around components used in controlling and balancing the electricity grid, vital for minimizing blackout risks. NR Electric UK, a significant supplier of grid management components, is largely state-controlled and part of China’s state-owned grid company. The UK government's increasing scrutiny of Chinese involvement in its critical infrastructure is evident from interventions under the National Security and Investment Act and decisions like banning Huawei equipment from the 5G network and buying out China General Nuclear from the Sizewell C nuclear power project.
READ THE STORY: FT
Four Individuals Charged in $80 Million Pig Butchering Cryptocurrency Scheme
Bottom Line Up Front (BLUF): Four men have been charged in a U.S. federal court for laundering over $80 million obtained through a "pig butchering" cryptocurrency scheme. This scam involved tricking victims into making investments through fraudulent platforms, leading to significant financial losses.
Analyst Comments: This case illustrates the evolving sophistication and global reach of cyber criminals, particularly in the realm of cryptocurrency scams. The 'pig butchering' method, where scammers slowly gain the victims' trust before defrauding them, represents a manipulative approach in cybercrime, blending social engineering with financial fraud. The involvement of shell companies and bank accounts for money laundering further highlights the complexity of these operations. Such cases underscore the need for heightened awareness and vigilance among internet users, especially when dealing with investments and relationships formed online. The increasing prevalence of cryptocurrency in these scams also points to a need for more robust regulatory frameworks and international cooperation to combat such transnational cybercrimes effectively.
FROM THE MEDIA: The accused individuals, three from California and one from Illinois are charged with various counts of money laundering. The scheme involved establishing relationships with victims on social media and other platforms, and then coaxing them into making investments using cryptocurrency. Victims were initially led to believe they were profiting, but ultimately could not withdraw or recover their funds. The scammers used shell companies to launder the money, involving over 284 transactions with more than $20 million directly deposited into accounts associated with the defendants. The global threat posed by investment scams, particularly those involving cryptocurrency, has been growing, with the FBI reporting a 183% increase in cryptocurrency-related scams from 2021 to 2022.
READ THE STORY: The Record
Ontario Public Library Closes Services Following Cyberattack
Bottom Line Up Front (BLUF): The London Public Library in Ontario, Canada, has temporarily closed most of its services due to a cyberattack. This incident highlights a growing trend of ransomware attacks targeting public libraries worldwide, affecting operational capabilities and risking data breaches.
Analyst Comments: The cyberattack on the London Public Library underscores the vulnerability of public institutions, like libraries, to cyber threats. Libraries often hold sensitive information and provide critical community services, making them attractive targets for cybercriminals. The incident aligns with a pattern of increasing cyberattacks on libraries, as seen in recent attacks on the Toronto Public Library and the British Library. The closure of key services, including internet access, disrupts essential community functions, especially for low-income residents relying on these resources.
FROM THE MEDIA: The cyberattack led to the shutdown of various services at the London Public Library, including phones, email, WiFi, website, catalogs, computers, and digital resources. The library confirmed the cause as a "major" systems outage from the cyberattack, with investigations underway. Several branches have been closed until early January. The attack forms part of a worrying trend, following similar incidents at other major libraries globally. Recent ransomware attacks have targeted not just operational aspects but also customer data, leading to concerns about information leaks on the dark web.
READ THE STORY: The Record
US Congress Approves Extension of Section 702 Surveillance Powers in Defense Bill
Bottom Line Up Front (BLUF): The US Congress has approved a four-month extension of Section 702 as part of the $886 billion National Defense Authorization Act (NDAA). Section 702 is a controversial surveillance tool allowing US intelligence agencies to conduct warrant less surveillance, including potentially spying on American citizens and residents.
Analyst Comments: The inclusion of Section 702's extension in the NDAA highlights the legislative strategy of embedding contentious provisions in must-pass bills, such as defense funding. Section 702, part of the Foreign Intelligence Surveillance Act (FISA), has been criticized for enabling warrant less surveillance that could infringe on the privacy rights of US citizens and residents. This extension reflects ongoing debates over balancing national security needs with privacy rights. The extension postpones more comprehensive discussions on surveillance reform, including debates over warrant requirements for US person queries.
FROM THE MEDIA: The NDAA, a critical defense policy bill, includes a four-month extension of Section 702, which would have otherwise expired. The extension means US intelligence agencies can continue their warrant less surveillance practices for foreign intelligence purposes. However, concerns have been raised about the incidental collection of data involving US persons. The extension comes amid heightened scrutiny over the use of Section 702 by agencies like the FBI for purposes beyond counterterrorism, including probing protesters and campaign donors. Multiple legislative proposals are circulating in Congress, reflecting differing views on how to reform Section 702. The Protect Liberty and End Warrant less Surveillance Act and the FISA Reform and Reauthorization Act of 2023 are among the key proposals, each offering different approaches to reauthorizing and reforming Section 702.
READ THE STORY: The Register
Tokyo Electron Adapts to US-China Tensions, Sells Less Advanced Chip Tools to China
Bottom Line Up Front (BLUF): Tokyo Electron, Asia's largest semiconductor equipment maker, is successfully navigating US-China geopolitical tensions by selling less advanced chipmaking tools to China, compensating for the impact of export controls. This strategy has allowed the company to maintain robust sales while complying with regulations.
Analyst Comments: Tokyo Electron's approach to the US-China tech rivalry exemplifies how companies can adapt to geopolitical shifts in the semiconductor industry. By focusing on older technologies not subject to export restrictions for its Chinese clients, Tokyo Electron is capitalizing on the demand created by these limitations. This two-track strategy of compliance in China and advancement in other markets demonstrates a pragmatic response to the complex landscape of international trade and technology controls. The company's ability to maintain a strong revenue stream from China, despite export controls, indicates a significant demand for semiconductor technologies in the Chinese market.
FROM THE MEDIA: Tokyo Electron has shifted its focus in China to selling less advanced semiconductor equipment, which is not affected by the recent Japanese and US export controls. This move has resulted in increased revenues from China, with a notable rise from 24% to 43% in a year. The company is also investing in technological development with leading clients in other key markets, positioning itself as a significant player in the global semiconductor supply chain. The Japanese firm's strategy reflects a broader trend among companies trying to balance commercial interests with the geopolitical realities of the US-China tech rivalry. There is growing recognition among Japanese industry leaders of a potential split in global supply chains, with companies choosing to align with either the US or China.
READ THE STORY: FT
Russian War Report: Putin's Re-Election Bid and Impact on Annexed Ukrainian Regions
Bottom Line Up Front (BLUF): Russian President Vladimir Putin has announced his candidacy for re-election in the 2024 presidential elections, with plans to include the annexed regions of Ukraine. Meanwhile, Russia continues to face challenges in replenishing its armed forces, leading to conscription roundups targeting students and migrants.
Analyst Comments: Putin's announcement to run for re-election signifies his intent to maintain a stronghold on Russian politics, particularly in the context of the ongoing conflict with Ukraine. Including the annexed Ukrainian regions in the election process is a strategic move to solidify Russia's claim over these territories, despite international condemnation. The targeting of students and migrants for conscription reflects the mounting pressure on Russia's military resources, as it struggles to sustain its military campaign in Ukraine.
FROM THE MEDIA: Russian President Vladimir Putin's announcement to run for another term is a significant development in the context of the ongoing conflict with Ukraine. It underlines his intent to maintain a firm grip on power and influence in Russia. Incorporating the annexed Ukrainian territories into Russia's electoral process is a strategic move to legitimize their controversial annexation and to reinforce Russia's claims over these regions. This step has been met with international condemnation, highlighting the deepening geopolitical rifts. Additionally, the targeting of students and migrants for military conscription reflects the growing pressures faced by the Russian military.
READ THE STORY: AC
Items of interest
Tsingshan Holding Group's Battery Unit to Debut in Hong Kong IPO
Bottom Line Up Front (BLUF): Tsingshan Holding Group, China's largest nickel producer, is set to raise HK$2.39 billion ($306 million) in an IPO for its battery-making subsidiary, REPT Battero Energy, in Hong Kong. This marks one of the largest IPOs in Hong Kong this year amidst a generally subdued market for new listings.
Analyst Comments: The IPO of REPT Battero Energy, against the backdrop of a relatively dull year for Hong Kong's IPO market, signifies a strategic move by Tsingshan and its founder, Xiang Guangda, to expand their footprint from raw material supply into electric vehicle (EV) battery manufacturing. This move is aligned with the global trend of transitioning to clean energy and the growing market for EVs. However, the listing occurs amidst challenges, including a highly competitive lithium-ion battery industry and concerns over REPT's profitability, given its current loss-making status despite increased sales.
FROM THE MEDIA: REPT Battery Energy's IPO is seen as a test of investor sentiment in a market that has seen a decline in IPO activities, with Hong Kong's stock exchange ranking seventh globally in 2023, down from the top spot in 2019. The listing is part of Tsingshan founder Xiang Guangda's strategy to extend the company's business from supplying raw materials to manufacturing EV batteries. REPT's goal to become an international enterprise involves expanding infrastructure in various countries, including Indonesia and Europe. Despite the company's significant sales growth, questions about its profitability and financial health remain, especially given the high number of related transactions between REPT and its parent company, Tsingshan. This IPO comes at a time when the EV battery market is facing intense competition, with larger rivals expanding their production capacities.
READ THE STORY: FT
Chinese EV battery maker CATL sues competitor over alleged IP violation (Video)
FROM THE MEDIA: China’s biggest electric car battery maker Contemporary Amperex Technology is suing competitor China Lithium Battery Technology for patent infringement.
How China's CATL Makes an EV Battery (Video)
FROM THE MEDIA: Contemporary Amperex Technologies or CATL is China's leading EV battery supplier. As of this writing, it is the only Chinese EV battery company that has begun to export its products abroad.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.