Monday, Jun 24 2024 // (IG): BB // ShadowNews // Coffee for Bob
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
China-Linked Hackers Intensify Cyber Attacks on Taiwan
Bottom Line Up Front (BLUF): A suspected China-backed hacking group called RedJuliett (also known as Flax Typhoon) has ramped up cyber attacks against organizations in Taiwan, compromising at least 24 entities and targeting over 75 others between November 2023 and April 2024. The campaign focuses on government agencies, tech firms, universities, and diplomatic organizations, likely for intelligence-gathering purposes.
Analyst Comments: This escalation in cyber espionage activities targeting Taiwan aligns with China's strategic interests in gathering intelligence on the island's technological developments, diplomatic relations, and critical infrastructure. The sophisticated tactics employed, including exploiting vulnerabilities in internet-facing devices and using living-off-the-land techniques, demonstrate the group's advanced capabilities and persistent efforts to maintain long-term access to Taiwanese networks. This campaign underscores the ongoing cyber tensions between China and Taiwan and highlights the need for enhanced cybersecurity measures to protect against state-sponsored threats.
FROM THE MEDIA: RedJuliett exploited vulnerabilities in firewalls, VPNs, and other internet-facing devices to gain initial access to target networks. The group used tools like SoftEther VPN and web shells to maintain persistence in compromised systems. Cybersecurity firm Recorded Future reported that the hackers targeted organizations in Taiwan's technology industry, including semiconductor and aerospace companies with military contracts. The campaign also extended to targets in other countries, including Djibouti, Hong Kong, Kenya, and South Korea. Experts believe the primary goal of these attacks is to collect intelligence on Taiwan's economic policies, trade relations, and diplomatic ties.
READ THE STORY: Aljazeera // The Record
Underwater Drones Shape Conflict
Bottom Line Up Front (BLUF): A war-gaming experiment by the Center for a New American Security suggests that advanced underwater drones and increased autonomy could significantly impact a potential conflict between Taiwan and China.
Analyst Comments: This research highlights the evolving nature of drone warfare, particularly in maritime environments. The focus on underwater drones represents a shift from the current emphasis on aerial drones seen in conflicts like Ukraine. The potential for these technologies to influence naval operations, intelligence gathering, and anti-submarine warfare could reshape military strategies in the Taiwan Strait. However, the effectiveness of such systems in a real-world conflict remains untested, and both sides would likely race to develop countermeasures. This development underscores the need for military planners to adapt to rapidly changing technological landscapes and consider novel approaches to maritime defense and offense.
FROM THE MEDIA: The report suggests that underwater drones could be used for tasks such as scouting for submarines, launching attacks, and acting as decoys. China's Zhu Hai Yun autonomous carrier might deploy underwater drones to search for U.S. submarines. The geography of the Indo-Pacific poses challenges for the U.S., necessitating drones with long-range and endurance. The study also notes that autonomous technology is developing rapidly, with potential applications in swarming strategies.
READ THE STORY: MIT Tech Review
Multiple Actors Deploy Rafel RAT to Target Android Devices
Bottom Line Up Front (BLUF): Various threat actors, including cyber espionage groups, are using an open-source Android remote administration tool called Rafel RAT to target users by disguising it as popular apps like Instagram and WhatsApp. The malware provides extensive capabilities for remote control and data theft from infected Android devices.
Analyst Comments: The widespread adoption of Rafel RAT by diverse threat actors, including nation-state groups, highlights the growing sophistication and accessibility of mobile malware tools. The malware's ability to masquerade as legitimate apps and its extensive feature set make it a significant threat to Android users, particularly those with outdated devices. The involvement of APT groups like DoNot Team suggests that Rafel RAT is being leveraged not just for cybercrime but also for targeted espionage operations. This trend underscores the critical need for improved mobile security awareness, regular software updates, and robust vetting of app sources to mitigate risks to personal and potentially sensitive corporate data.
FROM THE MEDIA: Check Point researchers identified about 120 different malicious campaigns using Rafel RAT, targeting high-profile entities across multiple countries. The malware can perform various malicious activities, including wiping SD cards, deleting call logs, stealing notifications, and even functioning as ransomware. Most victims had Samsung phones, with 87.5% of infected devices running outdated Android versions. The DoNot Team APT group has used Rafel RAT in attacks exploiting a design flaw in Foxit PDF Reader. The malware uses HTTP(S) for command-and-control communications and can also utilize Discord APIs. An Iran-linked attacker has also employed Rafel RAT in a ransomware operation targeting a victim in Pakistan.
READ THE STORY: THN
DARPA Study Finds Mixed Results for Quantum Computing's Revolutionary Potential
Bottom Line Up Front (BLUF): DARPA's Quantum Benchmarking program has released results from a comprehensive assessment of quantum computing's potential to solve problems that challenge classical computers. The study found promising applications in chemistry and materials science, but also identified significant challenges in other areas.
Analyst Comments: This DARPA study provides a crucial reality check on the often-hyped potential of quantum computing. While identifying some promising applications, particularly in chemistry and materials science, the research also highlights significant obstacles in areas like computational fluid dynamics. The mixed results underscore the need for continued research and development in both quantum hardware and algorithms. The findings suggest that quantum computing's impact may be more focused and gradual than some predictions have suggested, with near-term benefits likely limited to specific scientific domains. This nuanced assessment should inform policy decisions and investment strategies in quantum technology.
FROM THE MEDIA: DARPA's program involved eight interdisciplinary teams that identified over 200 potential applications and created 20 candidate benchmarks. The research focused on three broad categories: chemistry, materials science, and non-linear differential equations. Seven pre-press papers were published, with some showing potential advantages in areas like nuclear magnetic resonance spectroscopy and certain chemistry applications. However, other papers indicated that quantum computers are unlikely to provide near-term utility for applications like computational fluid dynamics without significant algorithmic advancements. The research also considered the hardware requirements for fault-tolerant quantum computers, suggesting that a machine with 2,000,000 physical qubits could serve scientifically interesting applications.
READ THE STORY: The Register
T-Mobile denies it was hacked
Bottom Line Up Front (BLUF): Popular data leaker IntelBroker claims to be selling a database allegedly belonging to T-Mobile, but the company denies any breach of its systems, stating it is investigating a potential issue with a third-party service provider.
Analyst Comments: This incident highlights the ongoing challenges companies face in securing their data, especially when working with third-party vendors. The discrepancy between the hacker's claims and T-Mobile's denial raises questions about the true extent of the potential breach and the security of the company's supply chain. IntelBroker's track record of leaking data from high-profile organizations adds credibility to their claims, but T-Mobile's firm denial suggests either strong confidence in their security or a potential attempt to minimize reputational damage. This situation underscores the importance of robust third-party risk management and the need for rapid, transparent incident response in the face of cyber threats.
FROM THE MEDIA: IntelBroker claims to be selling T-Mobile source code, SQL files, images, and other sensitive data allegedly breached in June 2024. They shared screenshots showing access to a Confluence server and Slack channels. T-Mobile denies any compromise of their systems, stating they are investigating a potential issue with a third-party provider. A source suggests the screenshots are old and were posted to a third-party vendor's server. IntelBroker has previously claimed breaches of other major companies like AMD, HPE, and General Electric.
READ THE STORY: MSN
Xi Eyes Military Supremacy as China Reorganizes Armed Forces
Bottom Line Up Front (BLUF): Chinese President Xi Jinping is overseeing a major reorganization of China's armed forces, aimed at enhancing their capabilities to "fight and win in modern warfare" and potentially surpass the United States militarily in the long term.
Analyst Comments: This restructuring, which includes the elimination of the Strategic Support Force and the creation of new divisions directly under Xi's control, signals a significant shift in China's military strategy. The changes reflect Xi's dissatisfaction with the pace of modernization and his desire for tighter control over the armed forces. The ongoing purges within the military, particularly in the Rocket Force, suggest deep-rooted issues that Xi is determined to address. This reorganization, coupled with recent displays of military might around Taiwan, underscores China's ambition to become the dominant military power in the region and globally. However, the frequent changes and purges may also indicate underlying weaknesses and challenges in achieving these goals.
FROM THE MEDIA: The reorganization involves eliminating the Strategic Support Force, which was responsible for space and cyber warfare capabilities. New divisions for these areas will now be directly under Xi's supervision through the Central Military Commission. Xi has stressed the need for military officials to "deeply self-reflect" and rectify problems. The changes come amid what's been described as the biggest purge in Chinese military history, with key leaders being fired or disappearing, particularly within the elite Rocket Force. Recent military exercises around Taiwan and the launch of China's most advanced aircraft carrier demonstrate the country's growing military capabilities.
READ THE STORY: Aljazeera
Cut-price anti-drone weapons could be ready next year
Bottom Line Up Front (BLUF): Thales UK is developing a radio frequency directed energy weapon (RFDEW) that can disable multiple drones simultaneously by disrupting their electronics. The system, which costs only 10p per use and has a 1km range, could be ready for deployment as early as next year.
Analyst Comments: This development represents a significant advancement in counter-drone technology, potentially offering a cost-effective solution to the growing threat of drone warfare. The low cost per use and ability to target multiple drones simultaneously could provide a substantial tactical advantage, especially in conflicts where drone use is prevalent, such as in Ukraine. However, the system's effectiveness in real-world combat situations remains to be seen, and potential adversaries may develop countermeasures. The rapid development timeline from field testing to potential deployment underscores the urgency of addressing drone threats in modern warfare. This technology could reshape defense strategies and procurement priorities for many nations facing similar challenges.
FROM THE MEDIA: The RFDEW is being field tested with the UK military over the summer. It can be mounted on military vehicles and uses a mobile power source to produce radio frequency waves or pulses to interfere with drone electronics. Thales UK, leading the development as part of an industrial consortium, has seen a 20% increase in UK sales over the past two years, reaching £1.1bn by the end of 2023. The company is also doubling its output of other weapons systems, such as the Starstreak short-range air defense system, in response to increased demand following Russia's invasion of Ukraine.
READ THE STORY: FT
ExCobalt Targets Russian Sectors
Bottom Line Up Front (BLUF): The cybercrime gang ExCobalt is targeting various Russian sectors using a new Golang-based backdoor called GoRed. The group, believed to have ties to the notorious Cobalt Gang, has been active since at least 2016 and is focusing on cyber espionage.
Analyst Comments: ExCobalt's emergence and targeting of Russian organizations highlight the evolving landscape of cyber threats, where former members of established cybercrime groups form new entities with refined tactics. The use of a custom Golang backdoor demonstrates the group's technical capabilities and adaptability. Their focus on multiple sectors, including government and critical infrastructure, suggests a broad intelligence-gathering operation, possibly with state sponsorship. The group's ability to exploit supply chain vulnerabilities and use sophisticated tools indicates a high level of threat that requires enhanced cybersecurity measures across Russian industries.
FROM THE MEDIA: ExCobalt has targeted various Russian sectors over the past year, including government, IT, metallurgy, mining, software development, and telecommunications. They use tools like Metasploit, Mimikatz, ProcDump, and Linux privilege escalation exploits. The GoRed backdoor allows for command execution, credential theft, and system information gathering. The group has shown flexibility in their tactics, adapting to changes in security measures.
READ THE STORY: THN // Security Affairs
My Memories Are Just Meta's Training Data Now
Bottom Line Up Front (BLUF): Meta plans to use public content posted by Facebook and Instagram users to train AI algorithms, effectively turning users' digital histories into training data for artificial intelligence systems.
Analyst Comments: This development represents a significant shift in how personal data is being utilized by tech companies, raising important questions about privacy, consent, and the long-term implications of AI training on user-generated content. The fact that this practice extends beyond Meta to other major tech companies like Google and Microsoft highlights an industry-wide trend towards leveraging user data for AI development. This approach could lead to more advanced and culturally aware AI systems, but it also risks exposing personal information in ways users may not have anticipated when originally posting content. The pause in implementation for European users due to regulatory concerns underscores the growing tension between technological advancement and privacy protection. As AI continues to evolve, this issue is likely to become increasingly contentious, potentially leading to new regulations and changes in how users interact with social media platforms.
FROM THE MEDIA: Meta announced that public posts, photos, and user names from Facebook and Instagram will be used as training data for AI starting June 26, 2024, for non-European users. European implementation is paused due to privacy concerns. Other tech companies like Google, Microsoft, and LinkedIn are also using various forms of user-generated content for AI training, though often with limitations on personal or work-related data. Privacy advocacy groups are challenging these practices, arguing for clearer opt-out mechanisms and greater user control over personal data.
READ THE STORY: Wired
SoftBank CEO Predicts 'Artificial Superintelligence' Within 3-5 Years
Bottom Line Up Front (BLUF): DARPA's Quantum Benchmarking program has released results from a comprehensive assessment of quantum computing's potential to solve problems that challenge classical computers. The study found promising applications in chemistry and materials science but also identified significant challenges in other areas.
Analyst Comments: Son's prediction reflects the growing hype and expectations surrounding artificial intelligence, particularly in the wake of recent advancements in large language models. However, his timeline for achieving artificial superintelligence is extremely ambitious and not widely shared by AI researchers. While rapid progress in AI is undeniable, the development of a system with capabilities vastly surpassing human intelligence across all domains faces significant technical, ethical, and philosophical challenges. Son's optimistic forecast should be viewed with caution, as it may be influenced by SoftBank's investments in AI and related technologies. Nonetheless, his comments highlight the increasing focus on AI's potential to transform various industries and the need for proactive planning to address its societal impacts.
FROM THE MEDIA: Speaking at SoftBank's annual general meeting, Son suggested that artificial superintelligence could arrive in 3-5 years, but would likely change society profoundly within a decade. He cited the replacement of logistics by robots as an example of potential disruption. Son assured investors that SoftBank would adapt to use AI and develop technologies to power it. He also emphasized that Arm, in which SoftBank is a majority shareholder, is well-positioned to benefit from AI developments and has already secured major cloud computing customers.
READ THE STORY: The Register
U.S. to curb investments in China's AI and semiconductor sectors
Bottom Line Up Front (BLUF): The U.S. government is moving forward with plans to restrict investments by U.S. individuals and companies in China's AI, semiconductor, and quantum computing sectors. The Treasury Department aims to finalize these rules by the end of the year, with public feedback open until August 4.
Analyst Comments: This move represents a significant escalation in the U.S.-China tech rivalry, focusing on limiting China's access to critical technologies and expertise. The targeted approach to specific high-tech sectors demonstrates the U.S. government's concern about China's technological advancements and their potential military applications. While these restrictions may slow China's progress in key areas, they could also lead to reduced economic cooperation and potentially spur China to accelerate its efforts towards technological self-sufficiency. The involvement of U.S. allies in similar initiatives suggests a coordinated Western approach to managing China's tech rise. However, the effectiveness of these measures may be limited by the global nature of tech investment and the challenge of enforcing such restrictions in practice. This development is likely to further strain U.S.-China relations and could have far-reaching implications for the global tech industry and supply chains.
FROM THE MEDIA: The proposed regulations target AI, semiconductors, and quantum computing investments, aiming to prevent U.S. expertise from aiding China's technological advancements. The rules will impact various types of transactions, including equity acquisitions, debt financing convertible to equity, greenfield investments, and joint ventures. Exceptions include transactions serving U.S. national interests and those involving publicly traded securities. The U.S. is also discussing these investment restrictions with allies to ensure a coordinated approach, with the European Commission and the United Kingdom considering similar measures.
READ THE STORY: Toms Hardware
US approves $360 million arms sale to Taiwan for missiles, drones
Bottom Line Up Front (BLUF): The U.S. State Department has approved a potential $360 million arms sale to Taiwan, including drones and missiles, to bolster the island's defense capabilities against potential Chinese aggression.
Analyst Comments: This arms sale represents a significant step in the U.S. commitment to Taiwan's defense, coming amid escalating tensions between Taiwan and China. The inclusion of loitering munitions and drones suggests a focus on enhancing Taiwan's asymmetric warfare capabilities, potentially making it more challenging for China to mount a successful invasion. However, this move is likely to further strain U.S.-China relations and could lead to increased military posturing in the region. The timing of this approval, following recent Chinese military exercises around Taiwan, underscores the urgency with which the U.S. views the need to strengthen Taiwan's defensive capabilities. While these arms sales may help deter Chinese aggression in the short term, they also risk escalating the arms race in the Taiwan Strait, potentially increasing the likelihood of miscalculation or conflict.
FROM THE MEDIA: The sale includes Switchblade 300 anti-personnel and anti-armor loitering munitions for $60.2 million and ALTIUS 600M-V drones for $300 million. Taiwan's defense ministry welcomed the sale, noting these weapons' ability to detect and strike in real-time, responding quickly to enemy threats. The U.S. Defense Security Cooperation Agency stated that the sale would help improve Taiwan's security and maintain regional stability. China has not yet responded to this specific arms sale announcement.
READ THE STORY: Reuters // Breaking Defense
DARPA's military-grade 'quantum laser' will use entangled photons to outshine conventional laser beams
Bottom Line Up Front (BLUF): DARPA has awarded a $1 million grant to researchers developing a prototype "quantum photonic-dimer laser" that uses quantum entanglement to create a more powerful and resilient laser beam capable of operating over long distances and in adverse conditions like thick fog.
Analyst Comments: This development represents a significant advancement in laser technology with potential military applications. The use of quantum entanglement to "glue" photons together could overcome current limitations of conventional lasers, particularly in challenging environments. This technology could enhance military capabilities in areas such as communications, targeting, and surveillance. The ability to maintain precision and strength over greater distances and in adverse conditions could provide a strategic advantage in various military operations. However, the development of such advanced technology also raises concerns about potential escalation in military capabilities and the need for updated international regulations governing the use of such technologies in warfare.
FROM THE MEDIA: The quantum photonic-dimer laser works by binding pairs of photons through quantum entanglement, creating photonic dimers that act as a single entity. This process increases the energy and stability of the laser, making it more effective over long distances and in adverse conditions like extreme temperatures and fog. The technology has potential applications in quantum computing and telecommunications, possibly leading to faster and more secure data transmission methods. Previous research by the team explored using this technology for deep brain imaging, demonstrating its potential beyond military applications.
READ THE STORY: The Register
U.S. East Asia envoy says South China Sea situation deeply concerning
Bottom Line Up Front (BLUF): U.S. Assistant Secretary of State for East Asia and Pacific Affairs Daniel Kritenbrink expressed deep concern over the situation in the South China Sea, particularly regarding China's recent actions around the Second Thomas Shoal, which he described as "irresponsible, aggressive, dangerous, and deeply destabilizing."
Analyst Comments: Kritenbrink's statements highlight the escalating tensions in the South China Sea, particularly between China and the Philippines. The U.S. diplomat's strong language and reaffirmation of U.S. support for the Philippines under their mutual defense treaty signals a firm stance against China's assertive actions in the region. This situation poses significant risks for regional stability and international maritime law. The U.S. emphasis on respecting international law and responsible behavior in maritime domains appears aimed at countering China's expansive territorial claims. However, the delicate balance of power in the region and the economic interdependencies among nations involved make resolving this conflict particularly challenging.
FROM THE MEDIA: Kritenbrink made these comments during a visit to Hanoi, emphasizing U.S. commitment to stand with its Filipino allies. He mentioned that Washington had made it clear to Beijing that its mutual defense treaty obligations with the Philippines were "ironclad." The U.S. official also stressed the need for all countries in the region, including China, to respect international law and behave responsibly in the maritime domain. The article notes that China claims almost the entire South China Sea, a vital conduit for global trade, despite a 2016 ruling by the Permanent Court of Arbitration in The Hague that China's claims had no legal basis.
READ THE STORY: Reuters
US Imposes Sanctions on Kaspersky Lab Executives Over Cybersecurity Risks
Bottom Line Up Front (BLUF): The Biden administration has imposed sanctions on 12 senior executives of AO Kaspersky Lab, citing cybersecurity risks. This action follows the US government's announcement to ban the sale of antivirus software from the Russian company.
Analyst Comments: This move signifies a significant escalation in the US government's efforts to mitigate perceived cybersecurity threats associated with Russian technology companies. The targeting of Kaspersky Lab's leadership, rather than just the company itself, demonstrates a more aggressive approach to addressing potential risks. While Kaspersky denies any ties to the Russian government, the US actions reflect ongoing concerns about the potential for Russian cyber operations to leverage widely-used software platforms. This development is likely to have broader implications for international technology companies operating in politically sensitive environments and may prompt other nations to reassess their cybersecurity policies regarding foreign software providers.
FROM THE MEDIA: The sanctions target various company leaders, including heads of business development, operations, legal officials, and corporate communications. Deputy Treasury Secretary Brian Nelson stated that the action affirms the US commitment to ensuring cyber domain integrity and protecting citizens from cyber threats. Kaspersky Lab called the move "baseless and unfair" but noted it would not affect the company's resilience as it does not target the parent company, subsidiaries, or CEO Eugene Kaspersky. The US government claims the software poses a serious risk due to Russia's influence on the company and the potential for data theft or malware installation through software updates.
READ THE STORY: VOI
Items of interest
Samsung Hints at Entering GPU Market with New Investment
Bottom Line Up Front (BLUF): Samsung has approved an "Investment in GPU business" according to its FY 2023 Corporate Governance Report, but has not provided specific details about its plans in this space.
Analyst Comments: Samsung's potential entry into the GPU market could significantly impact the semiconductor industry landscape. While a direct challenge to established players like Nvidia seems unlikely, Samsung may be positioning itself to enhance its foundry capabilities for GPU production or develop in-house GPUs for its mobile devices. This move aligns with broader industry trends toward vertical integration and could strengthen Samsung's position in the mobile and AI markets. However, the lack of details leaves room for speculation, and the company faces significant technical and competitive challenges if it aims to compete in the high-end GPU space. Samsung's strategy will likely focus on leveraging its existing strengths in semiconductor manufacturing and mobile devices rather than attempting to disrupt the standalone GPU market dominated by established players.
FROM THE MEDIA: The news emerged from Samsung's FY 2023 Corporate Governance Report, which recorded a March 19, 2024 Management Committee meeting approving "Investment in GPU business." Possible strategies include expanding foundry capabilities to build GPUs for other companies, developing in-house GPUs for Exynos SoCs to replace AMD technology, or tooling up to offer an alternative to TSMC for GPU manufacturing. Building standalone GPUs to compete directly with Nvidia seems unlikely given the challenges faced by even established players like Intel in this market. Samsung has not provided further details about its GPU plans at this time.
READ THE STORY: The Register
Why Nobody Is Buying Graphics Cards Anymore (Video)
FROM THE MEDIA: It genuinely seems like manufacturers may have over extended or over estimated how much people were willing to pay for new hardware as people are showing no interested in these recently released graphics cards nor are they excited for what’s coming in the future. There was no reason out there to justify the insane price hikes we’ve gotten for the latest hardware from Nvidia and AMD. Inflation plays a role for sure but to hike up cards by around $400 from the last gen is ridiculous. The hype has been killed. Hardly anyone is buying these new cards. People have tuned out from the market they’re choosing the used market, staying with what they have, and looking at alternatives like the console market.
The Dire State Of Intel...What Happened? (Video)
FROM THE MEDIA: Once upon a time, Intel was by far the strongest player in the semiconductor industry. In fact, the famous Moore’s Law was created by Intel’s founder and everyone was familiar with the Intel jingle. But, fast forward a few decades, and Intel is in more pathetic state than ever. One of the main reasons for this is that Intel became stagnant after conquering the consumer CPU market. They’re still dominant within this market despite competition from Apple and AMD, but the real problem is that the chip industry has grown to be much larger than just CPUs, and that’s where Intel has really lost the lead. This includes mobile chips, machine learning chips, crypto mining chips, and of course AI chips. These industries are where companies like Qualcomm, TSMC, and Nvidia were able to far outshine Intel leaving the semiconductor giant in the dust. This video explains the fall of Intel and the future of the chip giant.
These open-source products are reviewed by analysts at InfoDom Securities, providing possible context about current media trends related to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.