Daily Drop (722): OpenAI: APT's Caught, ASML's: AI Revolution, CN: Using Deepfakes, CN: EV Sales Fake, CVE-2024-21410, Munich Spirit, DPRK: Gambling Sites, CN: Spanish Propaganda
02-15-24
Thursday, Feb 15 2024 // (IG): BB // ShadowNews // Coffee for Bob // Proxies
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
OpenAI and Microsoft Caught CN, RU, IR and DPRK Weaponizing chatGPT
Bottom Line Up Front (BLUF): Microsoft and OpenAI have jointly reported that nation-state actors from Russia, North Korea, Iran, and China are integrating artificial intelligence (AI) and large language models (LLMs) into their cyber attack operations. The report highlights how these groups are using AI services for tasks like open-source information querying, translation, coding error identification, and basic coding. The companies have taken steps to disrupt the activities of these threat actors by terminating associated accounts and assets.
Analyst Comments: The integration of AI into cyber operations by nation-state actors represents a significant shift in the cybersecurity landscape. Historically, cyber threats have evolved from simple malware to sophisticated, state-sponsored cyber-espionage and sabotage operations. The use of AI and LLMs by these actors offers them enhanced capabilities in areas like social engineering, reconnaissance, and malware development. This development underscores the dual-use nature of AI technologies, capable of both beneficial applications and malicious exploitation. Microsoft and OpenAI's collaboration to counter these threats is a critical step in addressing the emerging challenges posed by AI in cybersecurity. However, the situation calls for broader industry and governmental efforts to establish robust frameworks for the ethical use and regulation of AI technologies in cybersecurity.
FROM THE MEDIA: Reports indicate that nation-state actors affiliated with Russia, North Korea, Iran, and China are experimenting with AI and LLMs to enhance their cyber attack capabilities. These actors, identified with code names such as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon, have used AI services for various purposes, including open-source research, translation, and coding tasks. For instance, the Russian group Forest Blizzard utilized AI for researching satellite communication protocols, while North Korean Emerald Sleet employed AI to identify defense-focused experts and organizations. Microsoft and OpenAI's report reveals that these activities primarily involve routine tasks rather than novel attack methods. Nonetheless, the misuse of AI tools for cyber operations poses significant risks, prompting Microsoft to develop principles for mitigating such threats and enhancing safety mechanisms around its models.
READ THE STORY: OpenAI // The New York Times // The Register
ASML's Advanced Chip Manufacturing Technology Signals a Shift Towards Hardware in AI Revolution
Bottom Line Up Front (BLUF): The Dutch technology company ASML has recently shipped a €350 million machine, the Twinscan Exe: 5000, to Intel in Oregon, marking a significant milestone in advanced chip manufacturing. This equipment, capable of printing 8-nanometer lines on silicon wafers, is set to boost computing power, memory, and energy efficiency, catering to the growing demands of AI-driven technology. This development underlines a shift in the tech economy from a software-centric to a more hardware-focused approach, as hardware becomes increasingly vital in powering AI software.
Analyst Comments: The shipment of ASML's Twinscan Exe: 5000 to Intel represents a pivotal moment in the tech industry, highlighting the crucial role of hardware in the burgeoning AI era. Traditionally, the focus has been on software's role in driving technological advancements. However, as AI's capabilities and applications expand, the underlying hardware, particularly advanced semiconductor technology, is gaining prominence. ASML's achievement, a decade in the making, not only showcases the company's innovation but also signifies a broader industry trend. The increasing complexity and cost of chip manufacturing create high barriers to entry, favoring established players like ASML and Nvidia. This shift towards hardware reliance could redefine investment strategies and fuel a new phase of competition and innovation in the tech sector.
FROM THE MEDIA: ASML's recent shipment of the Twinscan Exe: 5000 to Intel represents a major leap in chip manufacturing technology, capable of significantly enhancing computing power and efficiency. This development reflects the increasing importance of hardware in the tech economy, especially in the context of AI. ASML's high research and development investment and its near-monopoly position in the market underline the complexity and cost involved in leading-edge hardware manufacturing. While the semiconductor industry is notoriously cyclical and currently faces challenges like geopolitical risks and market volatility, the long-term demand for advanced hardware appears robust. The shift towards hardware is further evidenced by the growing market value of companies like Nvidia and ASML compared to traditional software giants. This trend suggests a significant investment cycle in AI deployment, emphasizing hardware's critical role in the future tech economy.
READ THE STORY: FT
Advanced Mobile Banking Malware Attacks in Asia-Pacific by Chinese Hackers Using Deepfakes
Bottom Line Up Front (BLUF): A Chinese-speaking cybercrime group, codenamed GoldFactory, is deploying advanced banking Trojans, including a new iOS malware called GoldPickaxe. These Trojans, capable of harvesting identity documents, facial recognition data, and intercepting SMS, are targeting users in the Asia-Pacific region, mainly Thailand and Vietnam. The attacks involve deepfake technology and sophisticated social engineering techniques, posing significant threats to mobile banking security.
Analyst Comments: The emergence of GoldFactory's advanced Trojans, particularly the iOS-targeted GoldPickaxe, signifies a worrying trend in cybercrime where sophisticated malware and AI technologies like deepfakes are employed for financial fraud. This group's ability to circumvent strict security measures, including the use of facial recognition for banking transactions, demonstrates the evolving sophistication of cybercriminals. The use of social engineering, leveraging local languages and masquerading as legitimate government or banking apps, further complicates the threat landscape. Financial institutions and users in the targeted regions must heighten their vigilance and adopt comprehensive cybersecurity measures to mitigate these evolving threats.
FROM THE MEDIA: The GoldFactory cybercrime group, active since mid-2023, has been attributed to the development of highly sophisticated banking Trojans targeting the Asia-Pacific region. Their arsenal includes GoldPickaxe for iOS and Android, and GoldDigger for Android. These Trojans, distributed through smishing, phishing, and fake websites, deceive users into installing them by masquerading as local banks and government organizations. The iOS Trojan, GoldPickaxe, uniquely employs Apple's TestFlight platform and Mobile Device Management (MDM) profiles for distribution, granting complete control over the devices. GoldPickaxe stands out for its capability to bypass security measures that require facial recognition for transactions. It prompts victims to record a video in the fake app, which is then used to create deepfake videos for unauthorized access to banking accounts. The Android version, an evolutionary successor of GoldDiggerPlus, also poses significant risks with its capabilities to steal login credentials and personal information.
READ THE STORY: Group-IB // MicroSoft // VOA // THN
Widespread Exploitation of Critical Exchange Server Vulnerability (CVE-2024-21410)
Bottom Line Up Front (BLUF): Microsoft has confirmed that a critical vulnerability in Exchange Server, tracked as CVE-2024-21410 with a CVSS score of 9.8, is being actively exploited. This privilege escalation flaw, patched in the recent Patch Tuesday updates, allows attackers to relay a user's leaked Net-NTLMv2 hash and authenticate as the user on a vulnerable Exchange Server.
Analyst Comments: The active exploitation of CVE-2024-21410 in Microsoft Exchange Server underscores the persistent threat of sophisticated cyberattacks targeting critical infrastructure and business systems. The severity and nature of this flaw highlight the importance of rapid patch implementation and vigilant cybersecurity practices for organizations. Past incidents involving similar vulnerabilities have been leveraged by state-affiliated groups, including Russian hacking crews, for intricate NTLM relay attacks. This vulnerability, alongside other patched flaws such as CVE-2024-21351 and CVE-2024-21412, indicates a trend of attackers exploiting system and network security features. The reliance on complex attack vectors combining phishing and system exploits calls for enhanced security measures, including robust monitoring and incident response capabilities.
FROM THE MEDIA: Microsoft's latest security advisory reveals active exploitation of CVE-2024-21410, a critical Exchange Server flaw allowing privilege escalation. This flaw enables attackers to relay leaked Net-NTLMv2 hashes, thereby authenticating on the Exchange Server as the victim user. Following its Patch Tuesday updates, Microsoft has made Extended Protection for Authentication (EPA) default in Exchange Server 2019 CU14 to mitigate this vulnerability. Russian state-affiliated hacking groups, such as APT28 (Forest Blizzard), have historically exploited similar vulnerabilities in NTLM relay attacks. Trend Micro reported these groups' active engagements in NTLM relay attacks since April 2022, targeting sectors like foreign affairs, energy, defense, and transportation. Other critical vulnerabilities addressed by Microsoft include CVE-2024-21351 and CVE-2024-21412. CVE-2024-21412, exploited by the Water Hydra group, involves bypassing Windows SmartScreen protections and has been used to deploy the DarkMe trojan. CVE-2024-21413, another critical flaw in Microsoft Office, can lead to remote code execution by bypassing security measures like Protected View.
READ THE STORY: The Register // THN // DarkREADING // KrebsonSecurity
The ‘Munich Spirit’: Major Discussions at 2024 Security Conferences
Bottom Line Up Front (BLUF): The Munich Security Conference (MSC) and Munich Cyber Security Conference (MCSC) in 2024 are set to host a wide array of global leaders and experts for crucial discussions on pressing security issues. Key topics include cyber resilience, AI threats and opportunities, election security, strategic competition, and regional conflicts. The MSC aims to address the challenges of strategic competition and the global response to regional conflicts, while the MCSC focuses on specific cybersecurity challenges.
Analyst Comments: The concurrent hosting of MSC and MCSC in Munich signifies the growing complexity and interconnectedness of global security issues. The MSC, entering its 60th year, remains a pivotal platform for discussing traditional security and geopolitical challenges. In contrast, the MCSC, though smaller, addresses critical cybersecurity concerns and fosters dialogue between policymakers and industry experts.
FROM THE MEDIA: The presence of high-level officials from various nations, including the U.S., U.K., Germany, and France, underscores the conferences' significance in shaping international security policies. Discussions at MSC are expected to focus on global strategic competition, regional conflicts, and the implications of strategic posturing by major powers like China and the U.S. The MCSC will likely delve into the nuances of cybersecurity, examining the balance between resilience and technological advancements, and the implications of AI in national security. These forums are crucial for not only airing grievances and concerns among allies but also for fostering a shared understanding that could influence future diplomatic and security decisions. The 'Munich spirit' referenced by Peter Möhring, managing director of Security Network Munich, highlights the importance of these gatherings in fostering a collaborative atmosphere for addressing global security challenges.
READ THE STORY: UNN // DoD // The Record
Russia's Alleged Space Weapon Raises Global Concerns: What We Know
Bottom Line Up Front (BLUF): The House Intelligence Committee has issued a warning about a potential national security threat posed by Russia's development of a space-based weapon, which could target satellites using nuclear technology. While details remain scarce, concerns are mounting about the implications for civilian and military communications, as well as the lack of defense mechanisms against such a weapon.
Analyst Comments: The White House's response, including plans to brief congressional leaders, reflects a proactive approach to address concerns raised by the House Intelligence Committee. While specifics about the threat remain undisclosed, officials emphasize the need for deliberate discussions and actions to safeguard national security interests. President Biden's involvement underscores the seriousness with which the administration is treating the matter, prioritizing the protection of American interests in the face of evolving threats.
FROM THE MEDIA: The Committee's revelation of a potential Russian space-based weapon underscores the gravity of the situation, prompting concerns about its impact on global security. With limited information available, stakeholders are urged to prioritize discussions and actions to mitigate the risks posed by this emerging threat.
READ THE STORY: Newsweek // BBC // abc NEWS
Google Cloud's 2024 Threat Horizons Report Highlights Emerging Cloud Security Threats
Bottom Line Up Front (BLUF): The latest Google Cloud Threat Horizons Report offers a detailed view of the cloud security landscape for 2024. Key concerns include credential abuse, cryptomining, ransomware, and data theft. The report emphasizes the increase in sophisticated threats across all IT environments and highlights the need for robust cloud security strategies. It also points to the growing challenge posed by nation-state actors, particularly those affiliated with the People's Republic of China, targeting cloud infrastructure.
Analyst Comments: The report signifies a crucial shift in cloud security dynamics. The continued prevalence of credential abuse and cryptomining underscores the persistent nature of these threats. Ransomware and data theft, compounded by evolving attack methodologies, necessitate advanced data loss prevention strategies. The emphasis on security event logging and the innovative manipulation of these logs by threat actors indicate an evolving cybersecurity battlefield. Additionally, the role of geopolitical tensions, notably the cyber warfare dynamics between Russia and Ukraine, underscores the broader implications of cloud security in international relations. The report's focus on AI and machine learning in cybersecurity showcases the potential of these technologies to revolutionize threat detection and response.
FROM THE MEDIA: The 2024 Google Cloud Threat Horizons Report provides vital insights and actionable recommendations for cloud security. Key findings include the persistent issue of credential abuse leading to cryptomining, with threat actors exploiting weak or absent passwords to access cloud instances. The report notes a shift in threat actor objectives, with ransomware and data theft remaining significant concerns across IT environments. The growing sophistication in evading detection, such as manipulating security event logs, is highlighted. The report also points to the increasing targeting of cloud services by PRC-affiliated espionage actors due to the global adoption of cloud technologies. With high-profile events like the 2024 Summer Olympics and worldwide elections, cloud vulnerabilities are likely to be exploited by threat actors for various malicious activities. Google Cloud provides several security features to counter these threats, including two-factor authentication, strong password policies, IAM policies, Cloud Audit Logs, and Security Command Center. The report emphasizes the importance of public-private collaboration in cybersecurity and identifies critical investment areas for global businesses, including security awareness training, vulnerability management, detection and response, encryption, and IT security governance.
READ THE STORY: Help Net Security // Google Cloud
DPRK IT Group Sells Gambling Websites with Embedded Malware
Bottom Line Up Front (BLUF): The National Intelligence Service (NIS) of South Korea reports that North Korea is operating a lucrative cyber-crime venture by selling malware-infected gambling websites. These sites, linked to North Korea's secretive Office 39, are reportedly rented out for $5,000 monthly, with additional charges for tech support. The malware embedded in these sites targets personal data, especially bank account details, and poses significant cybersecurity threats.
Analyst Comments: This development marks a concerning trend in state-sponsored cybercrime. North Korea's use of such tactics to generate revenue reflects its adaptive strategies in circumventing international sanctions. The involvement of Office 39, known for generating illicit revenue for North Korea's leadership, highlights the state's increasing reliance on cyber operations for financial gains. The targeting of South Korean cybercrime organizations as buyers shows a focused approach towards exploiting vulnerabilities in regional cybersecurity. North Korea's ability to disguise its operations as Chinese IT initiatives indicates a sophisticated understanding of international cybersecurity landscapes and the means to exploit them. This situation underscores the need for enhanced international collaboration in cybersecurity measures and intelligence sharing to counter such threats effectively.
FROM THE MEDIA: The NIS has identified an IT organization, "Gyeongheung," affiliated with North Korea's Office 39, as being responsible for creating and selling gambling websites pre-loaded with malware. These sites, costing around $5,000 per month with additional tech support fees, are part of a larger strategy to generate revenue for North Korea's regime. The malware embedded in these sites enables the theft of personal information, including details from PayPal accounts of Chinese nationals. To avoid detection and sanctions, the group behind these operations has masqueraded as Chinese IT workers, using forged identification and stolen credentials. This covert operation has reportedly generated billions in profits for North Korea. The NIS's findings also reveal that some clients were aware of the North Korean origins of these services but chose to engage due to low costs and language convenience. The activities of Gyeongheung and its clients highlight the complex challenges in combating state-sponsored cybercrime, especially when entangled with international sanctions and geopolitical dynamics.
READ THE STORY: The Register // CoinDesk // RFA
Analyzing OpenAI's Rapid Growth and the Challenge of Sustaining Superintelligence Development
Bottom Line Up Front (BLUF): OpenAI, one of the fastest-growing AI companies, faces critical questions about the long-term sustainability of its business model. Despite achieving over $2 billion in annualized revenue, the company confronts the immense cost of developing Artificial General Intelligence (AGI). The challenge lies in whether OpenAI can continue to innovate and maintain its lead in AI technology without exhausting its financial resources.
Analyst Comments: OpenAI's journey reflects a typical Silicon Valley startup narrative, marked by rapid growth and ambitious goals. However, the company's focus on developing AGI, a technology that surpasses human intellectual capabilities, represents a significant leap in AI development. This ambition comes with high costs, raising questions about the company's financial sustainability. OpenAI's current success with products like ChatGPT and GPT-4 has attracted significant attention, but translating this into a viable, long-term business model remains a challenge. The company's ability to maintain its technological lead while managing the costs of advanced AI development will be crucial.
FROM THE MEDIA: OpenAI, led by CEO Sam Altman, has experienced rapid growth, surpassing $2 billion in revenue, driven by its products like ChatGPT and GPT-4. The company's success has attracted significant investments, pushing its valuation to $86 billion. However, the costs associated with developing and running advanced AI models like GPT-4 are substantial. Altman has suggested that reaching AGI could cost up to a trillion dollars. While OpenAI has formed strategic partnerships and expanded its product offerings, the long-term viability of its business model is uncertain. OpenAI's relationship with Microsoft, its biggest backer, is a key factor in its growth strategy. Microsoft has integrated OpenAI's technology into its suite of productivity apps, offering AI tools like Copilot to its users. This partnership extends OpenAI's reach but also brings competition, as Microsoft holds a significant stake in OpenAI's profits. The future of OpenAI hinges on balancing the costs of advanced AI development with the generation of sustainable revenue, amidst growing competition in the AI space.
READ THE STORY: FT
China's Limited Success in Spanish-Language Propaganda Efforts
Bottom Line Up Front (BLUF): A comprehensive study by Chile's Center for Analysis for Democracy highlights China's significant efforts to influence Spanish-speaking audiences through its state media on YouTube. Despite having over 800,000 subscribers and publishing more than 80,000 videos across three major channels, the impact remains minimal, with most videos receiving very few views. The report indicates a focus on promoting Chinese culture, development, and the CCP's governance model, while often portraying the United States negatively. However, the low engagement levels suggest limited effectiveness in swaying public opinion in Latin America and Spain.
Analyst Comments: China's strategic expansion in media influence through YouTube channels in Spanish illustrates Beijing's intent to project soft power and shape international perceptions. This effort aligns with China's broader global outreach, aiming to counter Western narratives and promote its governance model. The emphasis on culture and development, coupled with critiques of the U.S., reflects China's approach to international diplomacy and propaganda. However, the limited viewership and engagement with these channels suggest a gap between China's ambitions and its actual influence. This scenario underscores the challenges faced by state-run media in appealing to diverse international audiences, especially in the digital age where content consumption is driven by user preferences and credibility.
FROM THE MEDIA: The Center for Analysis for Democracy's report on China's Spanish-language YouTube channels – CGTN Español, Xinhua Español, and Hola China – shows a concerted effort by China to influence Spanish-speaking audiences, particularly in Latin America and Spain. These channels, active since 2009, have a substantial number of subscribers and a high volume of content. However, the majority of their videos have garnered minimal viewership, indicating a lack of impact on the target audience. The content primarily promotes China's governance system, cultural aspects, and development achievements while often portraying the United States negatively. Notably, the report also highlights instances of disinformation and the amplification of narratives from Russia and regional governments aligned with Beijing's interests. Despite the significant investment in these media channels, their actual influence appears to be relatively minor, raising questions about the effectiveness of China's propaganda strategies in the Spanish-speaking world.
Items of interest
U.S. Auto Industry Concerned Over Chinese Electric Vehicles (Fake Numbers)
Bottom Line Up Front (BLUF): The U.S. auto industry is increasingly alarmed by the potential entry of Chinese electric vehicles (EVs) into the American market. While Chinese-branded cars are not yet sold in the U.S., their low cost and growing sophistication pose a significant threat to established automakers like Ford and General Motors. Stellantis CEO Carlos Tavares and Tesla CEO Elon Musk have expressed concerns about the competitive pressure from Chinese EVs, which benefit from government support, access to cheaper batteries and labor, and have significantly improved in quality.
Analyst Comments: The apprehension within the U.S. auto industry regarding Chinese EVs underscores a pivotal moment in the global automotive landscape. The rise of China as a major player in electric vehicles is reminiscent of past market disruptions caused by Japanese and Korean automakers. The potential entry of budget-friendly Chinese EVs into the U.S. market, following their success in China and Europe, could significantly alter competitive dynamics. U.S. automakers are forced to reassess their strategies, focusing on cost reduction and innovation to compete with the anticipated influx of affordable Chinese EVs. This scenario highlights the increasingly global nature of the automotive industry and the rapid evolution of the EV sector, where technological advancement and cost-efficiency are becoming key battlegrounds.
FROM THE MEDIA: American automakers are viewing the potential entry of Chinese electric vehicles into the U.S. market as a major threat. The concern stems from the advancements made by Chinese automakers in producing attractive and affordable electric cars, as exemplified by the sub-$11,000 Seagull EV from BYD. Chinese automakers have been supported by government policies and have access to cheaper components, enabling them to produce low-cost EVs. This development has prompted American companies like Ford and General Motors to reconsider their strategies, focusing on producing more affordable EVs and cutting costs. The situation is further exacerbated by the presence of Chinese cars in Mexico, which could serve as a gateway for Chinese vehicles into the U.S. market. This challenge is not only about competing with Chinese brands but also adapting to the shifting landscape of the automotive industry, where electric vehicles are becoming increasingly central.
READ THE STORY: Axios
How China's BYD Overtook Tesla (Video)
FROM THE MEDIA: Elon Musk’s Tesla has been overtaken by China’s BYD as the world’s top selling electric carmaker. BYD’s rise is the result of long-term strategic thinking by both the company and the Chinese government. And it’s setting up China to be a dominant player in the global automotive industry. Here are the three most important things that have made BYD the king of EVs.
China is Throwing Away Fields of Electric Cars - Letting them Rot! (Video)
FROM THE MEDIA: Hundreds of Thousands of EVs just being left to rot in fields.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.