Daily Drop (711): CN: Texas Secession, Tesla Recall, APT28: NTLM v2, MOEA: CNC RU, Geely-02 SATS, IRGC Cyber, France Flight 447, Mastodon, Mozilla Critiques Edge, Meta's In-House AI Chips
02-03-24
Saturday, Feb 03 2024 // (IG): BB // ShadowNews // Coffee for Bob // Proxies
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
Chinese Media and Social Networks Amplify False Narrative of Texas Secession and War with US Federal Government
Bottom Line Up Front (BLUF): Chinese social media and news outlets have been propagating misinformation that Texas is in a state of war, aiming to secede from the United States. This narrative, fueled by the ongoing border crisis between Texas and the White House, has been widely shared on platforms like Sina Weibo, despite being unfounded. The situation highlights the growing trend of misinformation in international geopolitics, particularly involving China and the US.
Analyst Comments: The spread of this false narrative about Texas can be seen as a strategic move by Chinese media to underscore political divisions within the US. It reflects China's broader tactic of projecting internal issues of democratic nations to counter criticism of its own policies. However, this particular case also demonstrates the challenges of controlling misinformation in the digital age, where even state actors can engage in spreading unverified or false narratives for geopolitical advantage. This incident should alert media consumers and policymakers to the potential for significant geopolitical misinformation campaigns, which can have real-world implications.
FROM THE MEDIA: Major Chinese news outlets and social media platforms have been actively disseminating the idea that Texas is on the verge of secession due to the migrant crisis and disagreements with the Biden administration's immigration policies. This narrative has been bolstered by images and videos, often taken out of context, to create a perception of imminent civil unrest or war. The situation in Texas, however, remains a political and administrative dispute, far from the alleged state of war or secession. This case exemplifies how misinformation can be weaponized in international relations, especially in the context of the complex and often contentious US-China relationship.
READ THE STORY: BBC // Newsweek
Tesla Recalls Nearly 2.2 Million Vehicles for Software Update
Bottom Line Up Front (BLUF): Tesla is recalling nearly 2.2 million vehicles in the U.S. to address an issue with warning lights on the instrument panel that are smaller than federal safety standards require. This recall, announced by the National Highway Traffic Safety Administration (NHTSA), covers a wide range of models including the Model S, Model X, Model 3, Model Y, and the Cybertruck. The fix will be implemented through an online software update, set to commence with notifications to owners starting March 30.
Analyst Comments: Tesla's recall underscores the increasing regulatory scrutiny the electric vehicle maker faces, especially regarding safety standards and the reliability of its automated systems. This action, particularly involving a wide range of models, highlights the challenges automakers face in integrating advanced technology while adhering to safety norms. Tesla's proactive approach in addressing the issue through an online software update reflects the modern capabilities of vehicle maintenance, yet raises questions about the sufficiency of such measures in ensuring comprehensive safety. The move also follows a series of other safety concerns and recalls by Tesla, indicating a pattern of challenges as the company navigates the complex intersection of technology, safety, and regulatory compliance.
FROM THE MEDIA: The recall involves adjusting the size of the brake, park, and antilock brake warning lights on the instrument panel. Tesla discovered the issue following a routine safety compliance audit by the NHTSA on January 8. Although Tesla has reported three warranty claims potentially related to the problem, there have been no reports of crashes or injuries. This recall is part of Tesla's broader challenges with the NHTSA, including a December recall of over 2 million vehicles to update software related to its Autopilot monitoring system and a separate recall of nearly 363,000 vehicles with its "Full Self-Driving" system. Additionally, Tesla faces scrutiny over exported vehicles to China, with over 1.6 million Model S, X, 3, and Y electric vehicles recalled for issues related to automatic assisted steering and door latch controls. These series of recalls, along with regulatory pressures, signal a critical period for Tesla as it navigates safety, technological innovation, and market leadership challenges.
READ THE STORY: FT // NPR // Bloomberg
Russian APT28 Hackers Launch NTLM Relay Attacks on High-Value Global Targets
Bottom Line Up Front (BLUF): Russian state-sponsored hacking group APT28, also known as Fancy Bear, has been actively engaging in NTLM v2 hash relay attacks from April 2022 to November 2023. These attacks have targeted organizations across various sectors worldwide, including foreign affairs, energy, defense, and transportation. The attacks, characterized by brute-forcing into networks, are believed to have compromised thousands of email accounts.
Analyst Comments: APT28's recent cyber campaign underscores the persistent and sophisticated nature of state-sponsored cyber threats. The use of NTLM relay attacks, despite being a well-known vulnerability, highlights the group's adaptability and continued focus on exploiting legacy systems. This approach demonstrates a strategic blend of aggressiveness and subtlety, where loud and repetitive campaigns mask more complex and stealthy initial intrusions and post-exploitation activities. APT28's operations signify a broader trend of nation-state actors leveraging cyber capabilities for espionage, indicating a continuing escalation in global cyber warfare tactics.
FROM THE MEDIA: APT28, which operates under Russia's GRU military intelligence service, has a history of engaging in significant cyber espionage activities. The group has been known to use spear-phishing campaigns and exploit critical vulnerabilities in software like Microsoft Outlook and WinRAR. These activities have been directed at high-value targets in sectors crucial to national security and economic stability. The group's methods involve modifying victim's mailbox permissions for persistence and utilizing anonymization layers such as VPN services and compromised routers for operations. Their recent campaign's success reflects the continued effectiveness of using older, well-known vulnerabilities in widespread and impactful cyber operations.
READ THE STORY: Vulnera // Medium // TrendMicro // THN
Taiwan Intensifies Export Controls Amid Reports of Equipment Shipped to Russian Defense Industry
Bottom Line Up Front (BLUF): Taiwan has enhanced its export control measures on machine tools to prevent their use by Russia in its conflict against Ukraine. This move follows a report by the Washington Post indicating that a Russian company, I Machine Technology, imported over $20 million worth of Taiwanese-made CNC machine tools, potentially for use in weapon manufacturing. Taiwan's Ministry of Economic Affairs (MOEA) has placed I Machine Technology on a blacklist and increased penalties for first-time violations of exporting to Russia. Additionally, measures are being taken to monitor exports to countries with high risks of reshipment to Russia and Belarus.
Analyst Comments: Taiwan's response to these revelations reflects its commitment to international norms and the sanctions regime against Russia. The incident underscores the complexities in global supply chains, where high-tech equipment can be diverted to unintended end-uses, highlighting the challenges of export control enforcement. Taiwan's swift action to tighten controls and increase penalties indicates a strong stance against the misuse of its exports in conflict zones, aligning with its broader geopolitical position as a U.S. strategic partner. The case also exposes the need for enhanced international cooperation and more robust mechanisms to prevent the circumvention of sanctions, especially in high-tech sectors.
FROM THE MEDIA: Reports revealed that I Machine Technology has been importing sophisticated CNC machine tools from Taiwan since January 2023, which are crucial for precision manufacturing in various industries, including weapons production. The Taiwanese government, condemning Russia's invasion of Ukraine, had already implemented technology export controls against Russia in April 2022 and further tightened them in January 2023. Despite these measures, the shipments to I Machine Technology, which totaled $20 million, likely violated the imposed prohibitions. In response, Taiwan's MOEA has blacklisted entities, including I Machine Technology, to prevent similar incidents and increased the penalty for first-time export violations to Russia to NT$1 million (about $32,055). Both I Machine Technology and Taiwan-based I Machine Tools have denied the accusations, claiming the shipments involved only spare parts, not subject to export controls.
READ THE STORY: The Washington Post // Focus Taiwan // Taiwan News // Ukrainska Pravda
Airbus NAVBLUE Flysmart+ Manager: Security Vulnerabilities in Electronic Flight Bags Exposed
Bottom Line Up Front (BLUF): Pen Test Partners revealed significant security vulnerabilities in Airbus' NAVBLUE Flysmart+ Manager, an app used in Electronic Flight Bags (EFBs) by pilots. The app lacked essential App Transport Security (ATS), exposing it to potential interception attacks that could tamper with critical flight data. Airbus responded promptly to the disclosure, resolving the issue within 19 months.
Analyst Comments: The revelation of such vulnerabilities in critical aviation software highlights the complex nature of cybersecurity in the aviation sector. The potential risks associated with these vulnerabilities, such as tailstrikes or runway excursions due to tampered engine performance calculations, underscore the importance of rigorous security measures. The case also reflects the unique challenges and extended timelines typical in addressing security issues within the aviation industry, given the stringent certification and safety standards. It's a reminder of the ongoing need for vigilance and proactive security assessments in critical infrastructure sectors.
FROM THE MEDIA: Pen Test Partners' investigation found that the Flysmart+ Manager application had deliberately disabled ATS, a key security feature, potentially allowing attackers to modify aircraft performance data or adjust airport information, such as runway lengths. This vulnerability was especially concerning given the routine use of these apps by pilots for safe flight operations. The issue was initially reported to Airbus in June 2022, and after confirming the vulnerability, Airbus communicated a fix to customers by May 2023. The researchers emphasized the difference in disclosure and remediation timescales in aviation compared to other industries, highlighting the sector's unique complexities. The successful closure of this vulnerability marks a significant achievement in enhancing aviation safety and security.
READ THE STORY: The Register // PTP
U.S. to Brief Taiwanese Firms on Chip Export Controls in March
Bottom Line Up Front (BLUF): U.S. officials are scheduled to brief Taiwanese semiconductor suppliers in March about the recent tightening of export controls, especially those targeting China. The briefings, organized by the American Institute in Taiwan (AIT), will include key industry players like Taiwan Semiconductor Manufacturing Co. (TSMC). The goal is to help Taiwanese firms understand the new rules and avoid sanctions. This initiative is part of a broader effort to prevent China from accessing advanced chip production technologies and equipment.
Analyst Comments: The U.S.'s decision to brief Taiwanese semiconductor companies reflects the strategic importance of Taiwan in the global chip manufacturing sector and the increasing geopolitical complexities surrounding technology trade. These briefings are critical for ensuring compliance and preventing inadvertent violations of U.S. export controls. They also underscore the U.S.'s continued efforts to restrict China's access to advanced semiconductor technologies, a move aimed at safeguarding national security interests. This development highlights the delicate balance Taiwan must maintain in its technological and trade relations, especially given its crucial role in the global supply chain and proximity to China.
FROM THE MEDIA: The briefings are a response to the U.S.'s recent actions to tighten export controls on semiconductors, primarily aimed at China. These measures include a ban on selling chips with computational performance density exceeding 4,800 Tera Operations Per Second (TOPS) to China and restrictions on Chinese producers of such chips from acquiring pure-play foundry services involving U.S. production technologies. The AIT had previously organized similar briefings in October 2023, following the implementation of the CHIPS Act in the U.S. This act, officially signed into law by President Joe Biden in 2022, allocated substantial funds for semiconductor research, development, manufacturing, and workforce development in the U.S. The briefings will likely include a Q&A session to address specific concerns and queries from Taiwanese suppliers, who are key players in the global semiconductor market.
READ THE STORY: Focus Taiwan // War on The Rocks // Reuters
Chinese Carmaker Adds 11 Satellites - Should Musk Be Worried
Bottom Line Up Front (BLUF): China has successfully launched 11 Geely-02 constellation satellites from the Xichang Satellite Launch Center in Sichuan Province. This marks the 508th flight mission of the Long March rocket series. The launch is a significant step in China's space endeavors, aiming to provide high-precision positioning support to autonomous vehicles and other commercial functions, including connectivity for consumer electronics.
Analyst Comments: China's successful deployment of the Geely-02 satellites represents a notable advancement in its space capabilities, particularly in the realm of autonomous navigation and consumer electronics. This development reflects China's growing presence in space technology and its ability to compete with global leaders in the satellite and space exploration sectors. The launch also underscores China's strategic focus on integrating space-based technologies into its broader technological and economic goals, enhancing its position in the global space race.
FROM THE MEDIA: The Geely-02 satellites, part of a planned larger constellation, are intended to augment China's capabilities in high-precision positioning and remote sensing, crucial for the development of autonomous vehicles and other cutting-edge technologies. The satellites possess AI remote sensing functions, capable of providing high-resolution imaging. This initiative is a key part of China's broader objective, outlined in its five-year plan, to create an integrated network of satellites for communications, remote sensing, and navigation. The successful launch reflects China's commitment to expanding its technological influence in space, aligning with its strategic objectives of technological leadership and economic growth.
READ THE STORY: Azertac // CNA // Reuters // Bloomberg
Iran-linked Hackers Allegedly Breach Albania's Institute of Statistics
Bottom Line Up Front (BLUF): An Iran-linked hacking group, Homeland Justice, has claimed responsibility for a recent cyberattack on Albania’s Institute of Statistics (INSTAT). The attack compromised the agency’s website and email services, leading to a postponement of official statistics release. While INSTAT asserts that recent census data was secure, the hackers claim to have accessed over 100 terabytes of geographic and population data.This incident highlights the escalating trend of cyber warfare involving state-sponsored groups. The targeting of a national statistical institute, a non-traditional but strategically valuable target, underlines the evolving nature of cyber threats. This attack could be part of a broader geopolitical strategy by Iran, considering its history of cyber operations against Albania, including past attacks on government and telecom sectors. The purported scale of data breach, if confirmed, signifies a significant escalation in the cyber capabilities of the Homeland Justice group, potentially indicating an increase in Iran's cyber warfare activities.
Analyst Comments: This incident highlights the escalating trend of cyber warfare involving state-sponsored groups. The targeting of a national statistical institute, a non-traditional but strategically valuable target, underlines the evolving nature of cyber threats. This attack could be part of a broader geopolitical strategy by Iran, considering its history of cyber operations against Albania, including past attacks on government and telecom sectors. The purported scale of data breach, if confirmed, signifies a significant escalation in the cyber capabilities of the Homeland Justice group, potentially indicating an increase in Iran's cyber warfare activities.
FROM THE MEDIA: Reports suggest that the Homeland Justice group has a history of targeting Albanian infrastructure. In September 2022, similar cyberattacks were attributed to Iranian government-linked hackers against Albania's national police systems. The US Treasury Department has recently sanctioned six Iranian officials for attacks on critical infrastructure in the US and elsewhere, highlighting the global nature of Iranian cyber activities. This pattern of attacks demonstrates the increasing use of cyber operations in international relations, where state actors engage in digital warfare to exert influence, gather intelligence, or disrupt the operations of perceived adversaries.
READ THE STORY: Reuters // The Record // THN // Security Affairs
Navigating the Complexities of AI and Human Interaction: Lessons from Air France Flight 447
Bottom Line Up Front (BLUF): This news analysis focuses on the paradoxes of automation in aviation, exemplified by the crash of Air France Flight 447, and its parallels with artificial intelligence (AI) systems, like generative AI and decision-making algorithms. It explores how sophisticated automated systems, while beneficial, can lead to human operators becoming less adept at handling rare challenges, a phenomenon termed "the paradox of automation."
Analyst Comments: The tragedy of Air France Flight 447 provides a stark reminder of the double-edged sword that is automation in both aviation and AI. The paradox lies in how these systems, designed to mitigate human error, can ironically induce it under unusual circumstances. Historically, aviation has relied on technological advancements to enhance safety and efficiency, but this incident serves as a cautionary tale about over-reliance on automation. The analogy extends to AI in other sectors, where reliance on algorithmic decision-making might overshadow human judgment, potentially leading to unforeseen consequences. This analysis highlights the need for a balanced approach, where automation complements rather than replaces human expertise.
FROM THE MEDIA: The Financial Times article on the crash of Air France Flight 447 delves into the risks and rewards of artificial intelligence and automation in aviation. The crash, caused by pilot confusion with the Airbus 330’s automated systems, underscores the dangers of over-dependence on technology. The pilots, unaccustomed to flying without computer supervision, mishandled a critical situation leading to a catastrophic outcome. This incident, termed "the paradox of automation," reveals how advanced systems can create scenarios where human operators are ill-prepared for rare challenges. In the broader context of AI, the article discusses similar risks in other domains, including legal and recruitment, where excessive reliance on AI can lead to poor human judgment and decision-making. The article emphasizes the importance of understanding the limitations of technology and maintaining a balance between human expertise and automated assistance.
READ THE STORY: FT // Hackaday
Mastodon Vulnerability: Account Hijacking Risk in Decentralized Social Network
Bottom Line Up Front (BLUF): Mastodon, a decentralized social network, has disclosed a critical security flaw allowing attackers to impersonate and take over any account. The vulnerability, tracked as CVE-2024-23832, is rated 9.4 out of 10 in severity and affects all Mastodon versions prior to specific updates.
Analyst Comments: This vulnerability in Mastodon highlights the complex security challenges faced by decentralized platforms. While decentralized systems offer benefits like enhanced privacy and reduced censorship, they also pose unique security risks. This flaw, arising from insufficient origin validation, underscores the need for rigorous security measures and prompt updates in decentralized applications. Mastodon's federated structure, with independently operated servers, adds to the complexity of ensuring uniform security standards across all instances.
FROM THE MEDIA: Discovered by security researcher arcanicanis, the CVE-2024-23832 vulnerability in Mastodon stems from an "origin validation error," allowing attackers to hijack user accounts. Affected versions include all prior to 3.5.17, as well as specific older versions in the 4.0.x, 4.1.x, and 4.2.x series. Mastodon is delaying the release of detailed technical information about the flaw until February 15, 2024, to allow server admins sufficient time for updates. The decentralized nature of Mastodon, with servers run by individual administrators, necessitates timely security patching by each admin to safeguard against potential exploits. This incident follows previous critical vulnerabilities addressed by Mastodon, emphasizing the ongoing need for vigilant security practices in the evolving landscape of decentralized social networks.
READ THE STORY: THN
Mozilla's Critique of Microsoft's Browser Practices: Examining the Accusations and Industry Impact
Bottom Line Up Front (BLUF): Mozilla has criticized Microsoft for employing 'dark patterns' to steer Windows users towards using its Edge browser, alleging manipulative design elements that hinder free browser choice. This issue, while not new, has gained attention due to the possible harms to consumers and market competition, with the European Union's Digital Markets Act (DMA) enforcement looming as a potential game-changer.
Analyst Comments: Mozilla's report comes at a crucial time in the tech industry, where the balance of power, user choice, and fair competition are under scrutiny. Microsoft's alleged use of manipulative design patterns to promote Edge raises significant questions about the ethics of software design and market dominance. It reflects a larger trend where tech giants leverage their platform control to favor their products, potentially stifling competition and consumer freedom. The upcoming DMA enforcement could be a significant step towards addressing these concerns, emphasizing the need for clearer regulations and more balanced competitive environments in the tech industry.
FROM THE MEDIA: According to Mozilla's report, Microsoft has been pushing its Edge browser to Windows users through various manipulative design techniques categorized as 'dark patterns'. Examples include the reintroduction of Edge shortcuts, overriding user preferences, and embedding Edge promotions in non-standard formats, resembling Windows interface elements. This strategy, Mozilla argues, not only limits user choice but also undermines trust in Microsoft's role as an OS provider. The accusation isn't solely about promoting Edge but also about the broader implications of such tactics on user autonomy and market health. The focus on Microsoft's practices in this context highlights ongoing concerns about dominant players in the tech industry using their platform power to limit competition and influence consumer behavior.
READ THE STORY: The Register // Mozilla
Items of interest
Meta's In-House AI Chips: A Strategic Move for AI Advancements
Bottom Line Up Front (BLUF): Meta Platforms, the parent company of Facebook, is set to deploy its custom AI chips, known as Meta Training Inference Accelerator (MTIA), into its data centers in 2024. This strategic move aims to supplement existing Nvidia and AMD GPU deployments, potentially reducing dependency on external chip providers and controlling rising AI workload costs.
Analyst Comments: Meta's venture into developing its own AI silicon reflects a growing trend among tech giants to create specialized, in-house hardware for AI applications. This mirrors efforts by Amazon and Google, who have already integrated custom AI chips for internal use. Meta's focus on deploying an inference-optimized processor (Artemis) indicates a targeted approach to handling specific AI workloads efficiently. The successful deployment could lead to significant cost savings and greater control over their AI infrastructure, aligning with Meta's intensified focus on AI-driven products and services.
FROM THE MEDIA: Meta's AI chip development journey has been a long-term investment, aligning with its broader strategy to enhance AI capabilities across its platforms. The MTIA family, particularly the Artemis chip, is designed to optimize AI workloads, complementing commercially available GPUs. Meta's decision to deploy its in-house chips is a critical step towards self-reliance in the AI domain, reflecting a wider industry trend towards customized hardware solutions for specific technological needs. The deployment also aligns with the company's significant investments in AI, including plans to implement a large number of Nvidia H100 processors. While Meta's custom chips won't replace GPUs, they signify a significant shift in the company's AI strategy, emphasizing efficiency and tailored performance for specific tasks.
READ THE STORY: The Register // Reuters
MTIA - Meta's First-Generation AI Inference Accelerator (Video)
FROM THE MEDIA: This work is a part of a full-stack solution that includes silicon, PyTorch and our recommendation models. Building custom silicon, especially for the first time, is a significant undertaking. From this initial program, we've learned invaluable lessons that we are incorporating into our roadmap that will lead to improved performance and scale of future systems. We're excited about how this work will enable even more AI workloads across Meta.
How Chips That Power AI Work (Video)
FROM THE MEDIA: The technology behind generative AI like ChatGPT has exploded, fueling a demand for chips that can handle the complex processing power these programs need. Big tech companies Microsoft, Amazon and Google are all designing their own chips because they can optimize their computing workloads for the software that runs on their cloud. But what does the future of the industry look like?
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.