Daily Drop (714): SUNY RF Sues JSR, 5nm: SMIC & Huawei, Rocket Lab, DoS: Visa Restriction, JP FM, UK & FR: Reg Spyware, Penn Courts' : DDoS, Yandex: Sold, PH: CN Cyber, Ivanti VPN: SSRF, VajraSpy Mal.
02-06-24
Tuesday, Feb 06 2024 // (IG): BB // ShadowNews // Coffee for Bob // Proxies
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
SUNY RF Sues JSR Subsidiary Inpria Over Photoresist Technology Rights
Bottom Line Up Front (BLUF): The Research Foundation for the State University of New York (SUNY RF) is suing Inpria Corporation, a subsidiary of JSR Corporation, over alleged unauthorized commercialization and patenting of photoresist materials developed by SUNY RF. These materials, essential for advanced semiconductor manufacturing, were reportedly developed during a joint research project, raising questions about intellectual property rights and commercial licenses.
Analyst Comments: This lawsuit underscores the critical role of photoresist materials in the semiconductor industry, particularly in advanced Extreme Ultraviolet (EUV) lithography. The dispute highlights the complex interplay between academic research, intellectual property, and commercial interests in the rapidly evolving semiconductor sector. The legal battle also reflects broader trends in the semiconductor industry, where technological advances and strategic materials are at the forefront of global competition. This case could have significant implications for the semiconductor industry, potentially affecting supply chains and the development of cutting-edge technologies.
FROM THE MEDIA: SUNY RF alleges that Inpria, initially part of a research consortium, used the photoresist technology developed in collaboration with SUNY RF for commercial purposes without proper licensing. The technology, involving organometallic compounds such as tin-oxide photoresists, is crucial for EUV lithography, enabling manufacturing of semiconductors with process nodes as small as 2nm. SUNY RF's lawsuit claims breach of contract and seeks to correct patent inventorship records, an injunction against Inpria using the patents without a license, and compensation for profits from Inpria's alleged commercialization of the technology.
READ THE STORY: The Register // Complaint
SMIC and Huawei collaborate on 5nm chip production, aiming for technological self-sufficiency
Bottom Line Up Front (BLUF): China's major chipmaker SMIC, in collaboration with Huawei, is progressing in semiconductor technology, specifically in the development of 5nm chips for smartphones and AI processors. This development comes despite stringent U.S. export controls aimed at hindering China's access to advanced chipmaking equipment. SMIC's move aligns with Beijing's goal of achieving self-sufficiency in chip manufacturing.
Analyst Comments: China's strides in semiconductor technology, especially under the constraints of U.S. export controls, demonstrate a significant advancement in its technological capabilities. SMIC's efforts to mass-produce 5nm chips, although still lagging behind the global cutting-edge 3nm technology, indicate a substantial leap from their previous 7nm technology. This development is crucial for China, considering the strategic importance of semiconductors in global technology and defense industries. Historically, U.S. export controls have often spurred targeted nations to develop indigenous capabilities. China's progress in semiconductors could alter global tech dynamics, influencing everything from consumer electronics to AI and military technologies.
FROM THE MEDIA: SMIC's new semiconductor production lines in Shanghai aim to mass-produce 5nm chips designed by Huawei for use in smartphones and AI processors. Despite the U.S. tightening export restrictions in October, citing national security concerns, and efforts to block China's access to advanced chip tools, SMIC plans to utilize its stockpile of U.S. and Dutch-made equipment for this purpose. This move by SMIC is seen as a gradual but significant progression for China's semiconductor industry, showing resilience against U.S. export controls. Huawei's Mate 60 Pro smartphone, featuring a 7nm processor, marked a milestone in the company's technological advancement, boosting its shipments in China. If successful, SMIC's production of 5nm chips could narrow the gap with leading global chipmakers, despite facing higher production costs and lower yield rates compared to Taiwan's TSMC.
READ THE STORY: TNS // Asia Financial // FT
Rocket Lab's Resilience in the Competitive Space Launch Market
Bottom Line Up Front (BLUF): Rocket Lab, a smaller player in the space launch market, is maintaining a competitive stance amidst giants in the industry. With a focus on commercial launches and a packed schedule for 2024, CEO Peter Beck highlights Rocket Lab's unique position as a truly commercial provider, differentiating itself from government-backed and billionaire-funded competitors. Despite setbacks, Rocket Lab's vertical integration and quick problem-solving capabilities have kept it afloat in a challenging industry.
Analyst Comments: Rocket Lab's journey, marked by its resilience despite being a smaller entity in a market dominated by larger players and government entities, is a testament to the company's agility and innovation. Beck's emphasis on commercial viability and efficiency, contrasting with the luxury of limitless funding available to some competitors, highlights the unique challenges and strengths of Rocket Lab. The company's ability to rapidly address and overcome technical failures, along with its ambitions for future projects like the Neutron rocket and potential missions to Venus, illustrate its dynamic approach to space technology and exploration. Rocket Lab's strategy of vertical integration, allowing for rapid diagnosis and resolution of issues, sets a precedent in the commercial space industry, emphasizing the importance of self-reliance and quick adaptability.
FROM THE MEDIA: Rocket Lab, led by CEO Peter Beck, stands out in the launcher marketplace, which is primarily dominated by government entities and billionaire-backed companies. Despite experiencing four failures out of 42 flights, the company's vertical integration has enabled quick problem-solving. Beck's approach contrasts with government-backed organizations like Arianespace, which has faced delays in returning to flight after failures. Rocket Lab's strategy includes recovering and potentially reusing its Electron boosters, a pivot from their original plan to use helicopters for recovery. This adaptability, along with the company's plans for the Neutron rocket, demonstrates Rocket Lab's focus on reusability and efficiency. Beck emphasizes the economic advantage of reusability in rocket design, critiquing the development of disposable vehicles by other programs as outdated. Rocket Lab's future, according to Beck, lies in full-service companies capable of handling all aspects of space services, from design to operation.
READ THE STORY: The Register // Yahoo Finance // AT // SN
New Policy Targets Individuals and Companies Misusing Commercial Spyware
Bottom Line Up Front (BLUF): The U.S. State Department has introduced a policy imposing visa restrictions on individuals and entities involved in the illegal use of commercial spyware for surveillance purposes. This move aims to enhance accountability and deter the misuse of spyware tools that have been linked to human rights abuses such as arbitrary detentions and extrajudicial killings.
Analyst Comments: This latest step by the U.S. government reflects a growing concern over the proliferation of commercial spyware and its implications for privacy, human rights, and national security. By targeting individuals and companies, including those that financially benefit from the misuse of these tools, the U.S. is sending a clear message about its stance on digital espionage and cyber surveillance. The inclusion of private sector offensive actors (PSOAs) in this policy highlights the increasing scrutiny of companies involved in the development and sale of spyware. The challenge, however, lies in the enforcement of these restrictions, especially for individuals from visa waiver countries. This policy aligns with the U.S.'s broader strategy to shape the behavior of foreign governments and entities engaged in malicious digital activities and indicates a significant shift in the global discourse on cybersecurity and surveillance.
FROM THE MEDIA: The U.S. State Department's new policy imposes visa restrictions on individuals linked to the illegal use of commercial spyware for surveillance of civil society members. Secretary of State Antony Blinken emphasized that the misuse of such spyware poses threats to privacy and fundamental freedoms. The policy covers those who use spyware tools for unlawful surveillance, harassment, suppression, or intimidation, as well as those who financially benefit from this misuse. It also targets companies that develop and sell these tools. The enforcement of the policy remains a subject of discussion, particularly for individuals from countries that don't require a visa to enter the U.S. This policy follows previous actions by the U.S. government, including sanctions against spyware vendors like NSO Group and Candiru, and an executive order by President Joe Biden barring federal agencies from using commercial spyware posing national security risks. The Commerce Department has also added several surveillance firms to its economic trade blacklist, emphasizing the U.S.'s commitment to combating malicious digital espionage activities.
READ THE STORY: The Washington Post // Bloomberg Law // THN
Japan's Foreign Ministry Targeted in Suspected Chinese Cyberattack -CONFIRMED
Bottom Line Up Front (BLUF): Japan's Foreign Ministry experienced a significant cyberattack in 2020, suspected to be orchestrated by China. This incident has raised serious concerns about Japan's cybersecurity and strained China-Japan relations further, coinciding with increased regional tensions over territorial disputes.
Analyst Comments: This cyberattack on Japan's Foreign Ministry symbolizes the escalating cyberwarfare tactics in international relations, particularly among major powers in the Asia-Pacific region. China's alleged involvement reflects its growing assertiveness in digital espionage, targeting not only geopolitical rivals but also key U.S. allies like Japan. Historically, Japan has maintained a cautious approach towards China, balancing economic ties with security concerns. However, recent events, including territorial disputes and China's broader regional ambitions, have pushed Japan to align more closely with U.S. strategic interests in countering Beijing's influence. This cyber incident underscores the necessity for stronger cybersecurity measures and international cooperation against cyber threats.
FROM THE MEDIA: Reports indicate that the cyberattack targeted the Japanese Foreign Ministry's telecommunications system, potentially compromising classified diplomatic information. The U.S. had previously warned Japan about vulnerabilities in its online systems as early as 2020. Following the breach, Japan and the U.S. collaborated to address potential vulnerabilities in key agencies, including the Cabinet Intelligence and Research Office and the Defense Ministry. This event coincides with increased tensions in the region, notably over the disputed Senkaku Islands and the recent designation of China as the hypothetical enemy in a joint Japan-U.S. military drill. Public sentiment in Japan towards China has soured significantly, with a government poll showing 87% of Japanese feeling unfriendly towards China, a record high. These developments, combined with regional shifts such as Taiwan's recent election results and the Philippines' changing stance under President Marcos, indicate a growing regional resistance to China's assertiveness.
READ THE STORY: Breitbart // The Washington Times // DTR
UK and France Lead International Efforts to Regulate Commercial Spyware
Bottom Line Up Front (BLUF): The UK and France are hosting a diplomatic conference at Lancaster House in London to initiate a new international agreement on the proliferation of commercial cyber intrusion tools. Attended by 35 nations, major tech companies, and human rights defenders, the conference aims to launch the 'Pall Mall Process', a joint-action initiative to address the misuse of spyware tools. This effort follows increasing concerns over the use of commercial spyware by state actors for unlawful surveillance and human rights abuses.
Analyst Comments: The Lancaster House conference symbolizes a significant step in international diplomacy to regulate the growing market of commercial spyware. This initiative reflects a global consensus on the need to curb the misuse of cyber intrusion tools, which have been used by authoritarian regimes and democratic governments alike to target journalists, activists, and political dissidents. The conference's diverse attendees, including tech giants and human rights defenders, indicate a multi-faceted approach to addressing this complex issue. However, the effectiveness of the 'Pall Mall Process' and its enforcement mechanisms remains to be seen. The UK and France's leadership in this endeavor highlights their proactive stance in shaping global cyber policy, but the challenge lies in achieving a binding and enforceable international agreement that balances national security interests with human rights protections.
FROM THE MEDIA: The UK and France are spearheading a diplomatic effort to address the proliferation of commercial spyware, hosting a conference at Lancaster House in London with representatives from 35 countries, tech leaders, legal experts, and human rights defenders. The focus of the conference is on developing and signing the 'Pall Mall Process', an international initiative to take joint action against the misuse of spyware tools. This move follows GCHQ's warning that over 80 countries have purchased spyware, often using it for unlawful surveillance and targeting journalists, activists, and political figures. The conference is a response to the growing international concern over the misuse of these technologies, previously highlighted in a joint statement by 11 countries, including the UK and the US. The Biden administration's executive order banning federal agencies from using commercial spyware that poses security risks also underscores the urgency of addressing this issue.
READ THE STORY: The Record // Just Security // COE // GOV.UK
Pennsylvania Courts Resume Operations After DDoS Cyberattack
Bottom Line Up Front (BLUF): The Pennsylvania state courts' website experienced a Distributed Denial-of-Service (DDoS) attack over the weekend, affecting several computer systems including online docket sheets and an electronic case document filing portal. The attack did not result in data compromise, and the courts resumed regular operations with alternative methods for court filings.
Analyst Comments: The DDoS attack on Pennsylvania’s court system underscores the ongoing vulnerabilities of government digital infrastructure to cyberattacks. While it's reassuring that no data was compromised, the incident highlights the need for robust cybersecurity measures and contingency plans for government entities. Such attacks not only disrupt services but can also erode public trust in digital government platforms. The Pennsylvania courts' ability to continue operations through alternative methods demonstrates a commendable level of preparedness. However, as cyber threats evolve, continuous assessment and enhancement of cybersecurity practices remain crucial for all government sectors.
FROM THE MEDIA: Over the weekend, the Pennsylvania state courts' website was targeted by a DDoS attack, disrupting key computer systems but not compromising any data. Chief Justice of Pennsylvania Debra Todd confirmed that certain website functions, including PACFile and web dockers, were restored and that the courts continued to function using paper and mail for court filings. The courts’ IT team worked closely with the FBI and Homeland Security to investigate the cyberattack. This incident follows similar cyber incidents in other states, reflecting a broader trend of increasing cyberattacks on government systems. The Pennsylvania courts' experience emphasizes the importance of cybersecurity in maintaining the integrity and reliability of judicial systems.
READ THE STORY: StatesScoop // InfoSecMag // The Cyber Express
Yandex Parent Company Sells Russian Businesses for $5.2 Billion Amid Geopolitical Tensions
Bottom Line Up Front (BLUF): Yandex N.V., the Netherlands-based parent company of Yandex group, has announced the sale of its Russian businesses to local investors for $5.2 billion. This move, influenced by geopolitical tensions and sanctions, marks the largest corporate exit from Russia since the Ukraine invasion. The deal, which includes a mandatory discount imposed by the Kremlin, will result in the separation of Yandex into distinct Russian and Dutch entities.
Analyst Comments: Yandex's divestment from Russia reflects the complex interplay of business and geopolitics in the tech sector. The mandatory discount required by the Russian government for sales by companies in 'unfriendly' countries highlights the economic impact of international tensions on corporate decisions. The split of Yandex into separate Russian and Dutch firms underlines the challenges multinational corporations face in navigating geopolitical landscapes. This transaction is significant not only for its size but also as an indicator of the shifting dynamics in global tech industries amid political strife. The future of Yandex N.V., retaining its non-Russian assets, points to potential growth and development in new markets, albeit under a different brand identity.
FROM THE MEDIA: Yandex N.V. has agreed to sell its Russian operations, including internet services like search, e-commerce, and online advertising, to a consortium of local investors, amidst increased geopolitical tensions. This decision comes after the Dutch parent company faced pressures due to the Netherlands' support for Ukraine, leading to a mandatory discount on the sale of Russian assets. The move signifies a major shift in the Russian tech landscape, with Yandex having been a prominent player in the market. The deal will see Yandex's Russian management and a group of investors, including a fund owned by Lukoil, acquire the largest stake. The split will result in Yandex N.V. retaining its international businesses and other non-Russian assets, focusing on AI cloud platforms, education technology services, and self-driving technology.
READ THE STORY: Yandex // The Record // Reuters
Philippines Thwarts Cyberattacks from China-Based Hackers
Bottom Line Up Front (BLUF): The Philippines' Department of Information and Communications Technology (DICT) reported attempted cyberattacks on various government websites and email systems, including the president's, originating from China. The attacks were unsuccessful, but they raise concerns about cybersecurity and national security amid heightened tensions in the South China Sea.
Analyst Comments: This incident of attempted cyberattacks by China-based hackers on Philippine government websites is a stark reminder of the growing cyber threats in international relations, particularly in geopolitically sensitive regions like the South China Sea. The ability of the Philippines to ward off these attacks demonstrates an increasing focus on cybersecurity measures. However, this event underscores the need for continuous vigilance and strengthening of cyber defenses, especially for nations involved in territorial disputes. It also highlights the complex nature of state-sponsored cyber activities and the challenges in attributing and responding to these threats in a geopolitical context.
FROM THE MEDIA: Hackers operating from China attempted to infiltrate websites and email systems of key Philippine government agencies and the president's office. The targets included the National Coast Watch and the Department of Information and Communications Technology (DICT). These attacks, traced to services used by Chinese state-owned Unicom, come amid escalating tensions over disputed territories in the South China Sea. The Philippines is working on enhancing its cybersecurity strategies and has announced plans for a five-year strategy to bolster defenses against such attacks. The incident has led to calls for an inquiry into the attacks and the formulation of measures to strengthen national security against digital threats.
READ THE STORY: Reuters // GOV PH
Mass Exploitation of SSRF Flaw in Ivanti VPN Products
Bottom Line Up Front (BLUF): A critical server-side request forgery (SSRF) vulnerability, identified as CVE-2024-21893, in Ivanti Connect Secure and Policy Secure products, is experiencing mass exploitation. Over 170 unique IP addresses have been observed exploiting this flaw, aiming to establish reverse shells and access restricted resources without authentication.
Analyst Comments: This incident of mass exploitation of the SSRF vulnerability in Ivanti VPN products highlights a concerning trend in cybersecurity where disclosed vulnerabilities quickly become targets for widespread attacks. The combination of CVE-2024-21893 with another vulnerability, CVE-2024-21887, for unauthenticated remote code execution, further exacerbates the threat. Organizations using Ivanti VPN products must urgently apply the official patches released by Ivanti to mitigate these vulnerabilities. Additionally, the use of out-of-date open-source components in Ivanti VPN appliances, as highlighted by security researcher Will Dormann, is a critical reminder for vendors to maintain up-to-date software components to prevent security lapses.
FROM THE MEDIA: Recently, a significant SSRF vulnerability in Ivanti Connect Secure and Policy Secure products has been exploited en masse. Traced back to over 170 unique IP addresses, the attackers are leveraging this flaw, CVE-2024-21893, to gain unauthorized access to restricted resources. Ivanti had previously acknowledged targeted attacks against a limited number of customers, but the situation escalated following public disclosure and the release of a proof-of-concept exploit by Rapid7. Ivanti's initial mitigation measures were bypassed by attackers, forcing the company to issue a second mitigation file and start releasing official patches as of February 1, 2024. Google-owned Mandiant and Palo Alto Networks Unit 42 have reported active exploitation of this vulnerability, underlining the widespread impact and critical nature of the threat.
READ THE STORY: THN // AKB // PoC: CVE-2024-21893
Patchwork APT Group Uses Romance Scam Lures for VajraSpy Malware Infection
Bottom Line Up Front (BLUF): The Patchwork APT group, suspected of Indian origins, has been using romance scam tactics to lure victims in Pakistan and India into downloading Android apps infected with the VajraSpy malware. These apps, some of which were available on the Google Play Store, are designed for espionage, stealing a wide range of personal data and compromising device security.
Analyst Comments: The use of romance scam lures for espionage purposes by Patchwork APT indicates a strategic approach to target specific demographics in the region. The ability to extract sensitive information like WhatsApp and Signal messages, and even record phone calls, underscores the significant threat posed by VajraSpy. The presence of such apps on the Google Play Store, despite being removed, raises concerns about the effectiveness of current app vetting processes. This campaign exemplifies the evolving tactics of APT groups in leveraging social engineering for targeted cyber espionage, emphasizing the need for heightened awareness and security measures among users in the affected regions.
FROM THE MEDIA: ESET researchers identified 12 espionage apps carrying the VajraSpy malware, used by Patchwork APT for espionage activities against users in Pakistan and India. Six of these apps were available on Google Play, downloaded over 1,400 times between April 2021 and March 2023. VajraSpy can steal contacts, files, call logs, SMS messages, and even access WhatsApp and Signal messages. It is capable of recording phone calls and taking pictures with the camera. The malicious apps, often masquerading as messaging applications, likely reached victims through a romance scam tactic. This method of infection points to a highly targeted approach, focusing on individual users rather than broad-based malware distribution.
READ THE STORY: THN // ESET // Broadcom
Items of interest
Commerce Department Proposes KYC and Cybersecurity Rules for Cloud Services and AI Training
Bottom Line Up Front (BLUF): On January 29, 2024, the Commerce Department’s Bureau of Industry and Security (BIS) released a proposed rulemaking introducing a Customer Identification Program (CIP) and additional cybersecurity requirements for U.S. providers and foreign resellers of Infrastructure as a Service (IaaS) products. The proposal also includes reporting obligations concerning foreign transactions involving U.S. cloud services used in training "dual-use" AI foundational models that might facilitate malicious cyber activities.
Analyst Comments: The proposed rule aims to enhance cybersecurity measures by implementing a Know-Your-Customer (KYC) program for IaaS providers, requiring them to collect and verify customer identities, including beneficial owners. Foreign resellers must also comply with this program. Special measures may be imposed on foreign persons or jurisdictions involved in malicious cyber activities, and reports on AI training runs with potential cybersecurity risks will be required.
FROM THE MEDIA: The Commerce Department is accepting public comments on the proposed rules until April 29, 2024. Key components include the Customer Identification Program (CIP) for IaaS providers, special measures for certain foreign actors, and reporting requirements for AI training runs. The proposed rules aim to bolster cybersecurity safeguards in the cloud services and AI training sectors, with a focus on protecting national security and critical infrastructure. Companies involved in these areas should review the proposed rules and consider providing feedback during the comment period.
READ THE STORY: JDSupra // FR // NLR
Knowledge Session on KYC/AML Master Directions and its RegTech Impact
FROM THE MEDIA: In our recent webinar, we discussed the crucial amendments made to the KYC/AML guidelines, highlighting the changes introduced in 2023. These amendments have significant implications for financial institutions and businesses operating in regulated sectors.
How to use AI in Anti-Money Laundering (AML) Tutorial (Video)
FROM THE MEDIA: AML has traditionally relied on rule-based systems and manual processes to identify suspicious transactions. However, AI is revolutionizing this field by utilizing machine learning algorithms, natural language processing, and data analytics to analyze vast amounts of financial data in real-time.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.