Daily Drop (718): Epik: Shadow Services, OpenAI: Chip Fab, G42 Divests in CN, Nvidia: Chip Fab, MoqHao Android Malware, Kyivstar, RustDoor, Cyber Mercenaries
02-10-24
Saturday, Feb 10 2024 // (IG): BB // ShadowNews // Coffee for Bob // Proxies
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
Epik's Controversial Transition: From Far-Right Web Host to Shadowy Business Services
Bottom Line Up Front (BLUF): Epik, known for hosting far-right and extremist websites, has been acquired by Registered Agents Inc. (RAI). This acquisition marks a shift in Epik's business model from supporting extremist content to focusing on services that enable business anonymity. The sale follows financial mismanagement allegations against Epik's founder, Rob Monster, and the company's subsequent financial turmoil.
Analyst Comments: Epik's acquisition and subsequent shift in business strategy represent a significant change in the digital landscape for far-right and extremist online content. Historically, Epik gained notoriety for hosting websites like 8chan, Gab, and Parler, which were often associated with far-right ideologies and conspiracy theories. This move could signify a broader industry trend where companies associated with controversial content may pivot to more opaque business practices to survive. It also highlights the growing complexities in balancing freedom of speech with the proliferation of harmful content online. The sale of Epik, amidst financial and legal challenges, underscores the volatile nature of companies operating on the fringes of internet hosting and domain services.
FROM THE MEDIA: Epik, a company critical in keeping far-right and extremist websites online, was acquired by Registered Agents Inc. (RAI), known for its network of shell companies enabling business anonymity. This shift may lead Epik away from the extremist fringe towards more secretive business operations. Epik's previous owner, Rob Monster, faced allegations of misappropriating over $3.5 million, which hastened the sale. RAI specializes in anonymous company operations, with services in every US state, allowing businesses to choose their jurisdiction. The recent Epik acquisition extends RAI's anonymous service offerings to the internet domain, potentially altering the digital landscape for controversial and extremist content hosting. Epik's new direction involves terminating relationships with websites like Kiwi Farms, signaling a potential change in its content hosting policies.
READ THE STORY: Tech Radar // Wired
OpenAI CEO Sam Altman Seeking Trillions for AI Chip Manufacturing Boost
Bottom Line Up Front (BLUF): Sam Altman, CEO of OpenAI, is reportedly raising a colossal amount of up to $7 trillion globally to enhance the production of advanced semiconductors for AI applications. This ambitious project aims to address the critical shortage of AI chips needed for large language models like ChatGPT.
Analyst Comments: Altman's pursuit of such a massive funding initiative underscores the escalating global race for AI supremacy, highlighting the vital role of semiconductor technology in advancing AI capabilities. The scale of investment sought also reflects the burgeoning demand for powerful AI applications across various sectors. This move could catalyze a significant leap in AI technologies, possibly reshaping the global tech landscape. However, it also raises questions about the concentration of high-tech capabilities and potential geopolitical implications, especially considering the involvement of international investors and global chipmakers.
FROM THE MEDIA: OpenAI's Sam Altman is actively engaging global investors, including those from the UAE and the CEO of Softbank, to raise funds for a major project aimed at transforming the global chip manufacturing landscape. This project, estimated to cost between $5 trillion to $7 trillion, is crucial for the production of semiconductors necessary for advanced AI technologies. The initiative is reportedly supported by Microsoft, the majority owner of OpenAI. The focus is on overcoming the current limitations in AI chip availability, which are crucial for training sophisticated AI models like ChatGPT. The ambitious funding plan, if successful, could significantly enhance global infrastructure for chip manufacturing, essential not only for AI but for several other tech-driven industries.
READ THE STORY: FT // Fox Business // Reuters
Abu Dhabi AI Group G42 Divests China Stakes Amid US Geopolitical Pressure
Bottom Line Up Front (BLUF): Abu Dhabi's G42, a key player in AI, has sold its stakes in Chinese companies, including ByteDance, to align with US interests and mitigate concerns over China's influence on American AI systems. This strategic move reflects the growing geopolitical tensions between the US and China in the tech sector.
Analyst Comments: G42's divestment from Chinese holdings, particularly in ByteDance, signifies a strategic reorientation influenced by geopolitical pressures, specifically from the US. This move can be seen as a precaution to safeguard G42’s collaboration with US-based firms like Microsoft and OpenAI, emphasizing the importance of national security considerations in global tech partnerships. The realignment may impact the global AI landscape, highlighting the delicate balance between technological advancement and geopolitical interests. It also underscores the UAE's ambitions to become a leader in AI, navigating complex international dynamics.
FROM THE MEDIA: G42, an Abu Dhabi-based AI firm, has offloaded its investments in Chinese companies, including a significant stake in ByteDance, amid concerns from the US about potential Chinese access to American AI technology. This divestment is part of G42's broader strategy to maintain and enhance its partnerships with US entities, including Microsoft and OpenAI. G42's CEO Peng Xiao had previously acknowledged the necessity of distancing from Chinese partners to foster stronger ties with US counterparts. The move is reflective of the larger geopolitical tug-of-war between the US and China over technological dominance, especially in AI, with the UAE aiming to position itself as a global AI leader while navigating these complex international relations.
READ THE STORY: The Information // Bloomberg // FT
Nvidia Explores New Business Unit for Custom Chip Market
Bottom Line Up Front (BLUF): Nvidia is reportedly developing a new business unit to design custom chips for cloud computing and AI applications. This shift is a strategic response to major tech companies like Amazon, Microsoft, and Meta developing their own silicon solutions. Nvidia's plan involves leveraging its extensive intellectual property in areas like parallel processing and networking, potentially targeting a $30 billion market opportunity.
Analyst Comments: Nvidia's move into the custom chip design market represents a significant strategic pivot. By offering its intellectual property and design services, Nvidia is adapting to the evolving landscape where major cloud providers and tech giants are increasingly developing in-house silicon capabilities. This change reflects a broader industry trend towards specialized, custom silicon, particularly for AI and accelerated workloads. Nvidia's rich portfolio in parallel processing and other key technologies positions it well to offer valuable IP to potential clients, mitigating the risk of losing market share to in-house chip developments by these companies.
FROM THE MEDIA: Nvidia is reportedly assembling a dedicated unit to offer intellectual property and design services to large technology companies like AWS, Microsoft, and Meta. This move comes in response to a growing trend of cloud providers and hyperscalers like Amazon, Google, and Meta, developing their own alternatives to Nvidia’s GPUs for AI and other accelerated workloads. These companies are aiming to create chips optimized for their specific needs, potentially reducing energy consumption and cost. Nvidia, holding about 80% of the high-end AI chip market, sees an opportunity to mimic companies like Broadcom by providing its technologies for custom chip development. This strategic shift could help Nvidia maintain its significant market presence in the face of increasing self-reliance among its largest customers in chip development. The market for custom AI chips is rapidly expanding, and Nvidia's entry into this space signals a notable evolution in its business model, emphasizing collaboration and IP licensing over solely selling its own chip products.
READ THE STORY: The Register // Reuters // Forbes
MoqHao Android Malware Evolves with Auto-Execution Capability
Bottom Line Up Front (BLUF): A new variant of the MoqHao Android malware has been identified, capable of executing automatically on infected devices without user interaction. This evolution marks a significant escalation in the malware's threat level, as it can now activate malicious activities immediately upon installation. Targeting users in various regions, including France, Germany, India, Japan, and South Korea, the malware is distributed via smishing (SMS phishing) with links that lead to its deployment.
Analyst Comments: The evolution of MoqHao malware showcases the continuous advancement in cyber threats, particularly in mobile security. By gaining the capability of auto-execution, this malware variant significantly lowers the barrier for successful infections, as it no longer relies on user actions to activate. This development emphasizes the importance of robust mobile security measures and the need for users to be vigilant about the sources of their app downloads. The use of URL shorteners in the distribution strategy is a cunning move to bypass typical security measures and increase the success rate of infections. Additionally, the broad geographical targeting indicates a significant expansion in the malware's scope, possibly hinting at the attackers' ambitions for widespread impact.
FROM THE MEDIA: The MoqHao Android malware, known for its association with the financially motivated Chinese cluster Roaming Mantis, has evolved to execute automatically on infected devices. This new capability is a major shift from the typical requirement of user initiation. The malware is distributed using smishing techniques, often with package delivery-themed SMS messages containing fraudulent links. These links deploy the malware on Android devices, while redirecting iPhone users to phishing sites. The recent variants of MoqHao also show innovations like DNS hijacking capabilities and the utilization of social engineering tactics to trick users into granting extensive permissions. The latest version, which uses URL shorteners and content from fraudulent Pinterest profiles, is equipped with features to stealthily harvest sensitive information and manipulate device functionalities.
READ THE STORY: Forbes // McAfee // THN
Kyivstar CEO Reveals Insights into Devastating Cyberattack
Bottom Line Up Front (BLUF): Ukraine's largest telecom operator, Kyivstar, faced a sophisticated cyberattack by Russian-linked hackers, leading to a service outage for 24 million customers. The attack, attributed to the state-controlled Russian group Sandworm, involved the compromise of an employee account and subsequent escalation to administrative privileges, resulting in significant damage to both virtual and physical infrastructure.
Analyst Comments: The cyberattack on Kyivstar highlights the evolving nature of cyber warfare, particularly in the context of the ongoing conflict between Ukraine and Russia. The use of zero-day wiper malware and the strategic targeting of both virtual and physical systems underscore the high level of sophistication and planning behind the attack. The incident underscores the need for robust cybersecurity measures, especially for critical infrastructure providers. It also highlights the vulnerability of centralized systems and the importance of network segmentation as a defensive strategy. This attack serves as a stark reminder of the potential scale and impact of state-sponsored cyber operations.
FROM THE MEDIA: In February 2024, Kyivstar CEO Oleksandr Komarov, during a cybersecurity conference in Kyiv, disclosed key details about the Russian-linked cyberattack on Ukraine's largest telecom operator. The attack, which led to a significant service disruption for nearly 24 million customers, was initiated through the compromise of an employee account. The hackers spent months navigating the system, eventually gaining control over the Active Directory. The cyberattack was characterized by the use of sophisticated zero-day wiper malware that evaded Kyivstar's security systems and was meticulously planned to target both virtual servers and physical equipment. While the virtual infrastructure was significantly damaged, the attack on the physical equipment was thwarted due to quick response measures and inherent system complexities. The cyberattack, which started in early 2023 and was detected months later, was attributed to the Russian state-controlled group Sandworm.
READ THE STORY: The Record // Reuters
New "RustDoor" Backdoor Targets Apple macOS Devices
Bottom Line Up Front (BLUF): Apple macOS users are being targeted by a new backdoor named "RustDoor," discovered by Bitdefender. This malware, written in Rust, has been operational since November 2023 and masquerades as a Microsoft Visual Studio update. It targets both Intel and ARM architectures, with its distribution method and initial access pathway still unknown.
Analyst Comments: The discovery of RustDoor represents a significant development in the cybersecurity landscape, especially for macOS users. The use of Rust, a language known for its safety and efficiency, highlights the evolving sophistication of malware developers. RustDoor's ability to target both Intel and ARM architectures indicates a broad potential impact. The active development of the malware, as evidenced by the detection of multiple variants, suggests a dedicated effort to maintain and enhance its capabilities. The link to prominent ransomware families like Black Basta and BlackCat through C2 infrastructure overlaps is particularly concerning, as it hints at the possible involvement of established cybercriminal groups with substantial capabilities and resources.
FROM THE MEDIA: RustDoor, a newly identified backdoor targeting Apple macOS devices, was first detected in November 2023 and has been under continuous development, with various versions exhibiting minor modifications. The malware is distributed as FAT binaries containing Mach-O files, but the specific method of propagation remains unclear. RustDoor is equipped with a range of commands for data harvesting and file gathering, indicating its potential for extensive information theft. Some versions of the malware contain configurations detailing the targeted data, hinting at a strategic approach to data exfiltration. Bitdefender's analysis suggests a connection between RustDoor and well-known ransomware groups like Black Basta and BlackCat, primarily based on shared command-and-control infrastructure. This connection raises concerns about the broader implications of RustDoor in the context of global cyber threats.
READ THE STORY: Security Affairs // THN
Items of interest
The Growing Industry of Cyber Mercenaries and Its Global Impact
Bottom Line Up Front (BLUF): The cyber mercenary industry, exemplified by companies like the Israeli NSO Group, is flourishing and shaping a new era in digital espionage. These entities create sophisticated hacking tools that transform common devices into surveillance assets, raising significant concerns about privacy, security, and the misuse of technology in global politics.
Analyst Comments: The rise of cyber mercenaries represents a concerning trend in international relations and cybersecurity. By providing advanced hacking capabilities to various clients, including nation-states, these groups are blurring the lines between government espionage and private enterprise. The case of NSO Group's Pegasus spyware illustrates the potential for abuse, as it targeted a wide range of individuals, from political leaders to human rights activists. This phenomenon underscores a broader issue in the digital age: the commodification of surveillance and espionage capabilities, which were once the sole purview of nation-states.
FROM THE MEDIA: The article by Binayak Dasgupta in Hindustan Times discusses the evolving landscape of cyber mercenaries and their impact on global politics and civil liberties. The spotlight is on companies like the NSO Group, known for creating the Pegasus spyware, which has been used to spy on various individuals worldwide. This development marks a significant shift from traditional state-sponsored espionage to a more privatized and commercial form of digital surveillance. The growing industry of cyber mercenaries has attracted sanctions from several liberal democracies, highlighting the international community's concern over these practices.
READ THE STORY: HT
DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries (Video)
FROM THE MEDIA: For the last 6 years my colleagues and I have been tracking the activities of the cyber-mercenaries we call Dark Caracal. In this time we have observed them make a number of hilarious mistakes which have allowed us to gain crucial insights into their activities and victims. In this talk we will discuss the story of Dark Caracal, the mistakes they have made, and how they have managed to remain effective despite quite possibly being the dumbest APT to ever exist.
The Dark World of Cyber Mercenaries (Video)
FROM THE MEDIA: Cyber mercenaries, much like old-fashioned mercenaries, are being hired to fight terrorists and criminals on behalf of governments around the world. But they're also being hired to take down politicians' opponents, human rights advocates and journalists. Watch this episode of America Uncovered for why they're such a threat to privacy and security, which governments and individuals have used them, and how they might be thwarted.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.