Daily Drop (812): CN: Disinformation | Water & Wastewater Systems | CCP: Defense Minister | RU: VPN BAN | GROGs | Legacy Infrastructure | Polyfill supply chain attack | RU: PSYOPS | Antibot4Navalny

07-08-24

Monday, Jul 08 2024 // (IG): BB // ShadowNews // Coffee for Bob

*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :

A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *

China Accuses U.S. of Fabricating Cyber Threat Narrative to Mask Active CNO (CN Targeting CIKR)

Bottom Line Up Front (BLUF): China's accusations that the U.S. fabricated the "Volt Typhoon" cyber threat narrative can be seen as a strategic move to counteract negative perceptions and gain international favor. By portraying the U.S. as a manipulative actor, China aims to undermine U.S. credibility and position itself as a victim of misinformation, thereby garnering support from other nations.

Analyst Comments: China’s counter-narrative regarding the "Volt Typhoon" cyber threat serves multiple strategic purposes. Historically, states engage in information warfare to shape global perceptions and secure geopolitical advantages. By accusing the U.S. of fabricating cyber threats, China aims to delegitimize U.S. accusations and cast doubt on the integrity of U.S. intelligence operations. This maneuver could help China present itself as a responsible and victimized actor in the international arena, seeking to align other countries against perceived U.S. hegemonic practices. The broader context of U.S.-China tensions over cybersecurity, trade, and territorial disputes adds layers to this complex geopolitical chess game.

FROM THE MEDIA: China has accused the U.S. of fabricating the "Volt Typhoon" cyber threat narrative, asserting that American intelligence agencies created this misinformation to justify the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act and to secure more funding from Congress. According to China's National Computer Virus Emergency Response Center, the U.S. and its allies, under the guise of cybersecurity concerns, aim to enhance their own surveillance capabilities and maintain cyber hegemony. By framing the U.S. as the aggressor and manipulator, China seeks to gain international sympathy and support, positioning itself as a defender against unwarranted American cyber intrusion accusations. This strategy aims to shift the global narrative, casting doubt on U.S. motives and actions while promoting China's stance as a target of unjustified cyber allegations.

READ THE STORY:  FACTS: The Record // SCMAG // The Register DISINFO: GT

Polyfill Code Breach Much Bigger Than Previously Thought, with Nearly 400,000 Customers Affected

Bottom Line Up Front (BLUF): The Polyfill supply chain attack is significantly larger than initially reported, affecting approximately 384,773 websites. Despite the suspension of the malicious domain, the threat remains as many sites continue linking to it, highlighting the need for vigilance in managing supply chain dependencies.

Analyst Comments: The substantial increase in the number of affected websites underscores the pervasive nature of supply chain attacks and the critical need for robust security measures. Organizations must regularly audit their dependencies and implement monitoring to detect malicious activities swiftly. This incident serves as a stark reminder of the vulnerabilities inherent in widely-used open-source tools and the importance of maintaining updated and secure software ecosystems.

FROM THE MEDIA: The Polyfill supply chain attack, initially believed to affect around 100,000 websites, is now estimated to have impacted nearly 400,000 sites, according to the Censys Research Team. Polyfill, a JavaScript code allowing older browsers to run newer functions, was widely used by numerous websites. The domain serving this code was sold to a Chinese company, Funnul, which later used it to redirect visitors to malicious sites, including adult and gambling pages. Despite the domain being suspended, the attack's potential to resume remains if the domain is unsuspended or transferred. Among the affected websites are high-profile entities such as Hulu, Mercedes-Benz, Warner Bros., and several U.S. government sites.

READ THE STORY:  Yahoo News

VPN Services Targeted as Part of Russia's Ongoing Internet Control Measures

Bottom Line Up Front (BLUF): Apple has removed several VPN apps from its Russian App Store at the request of Russia's state communications watchdog, Roskomnadzor. This action is part of Russia's broader strategy to control internet access and content, particularly since the Russo-Ukrainian war.

Analyst Comments: The removal of VPN apps by Apple under pressure from Roskomnadzor is a significant development in Russia's efforts to tighten internet censorship. This move aligns with the Kremlin's broader agenda to limit free access to information and maintain control over digital content within its borders. Historically, VPN services have been crucial for users in restrictive environments to bypass censorship and access uncensored content. Apple's compliance with these demands could impact its global image, raising ethical concerns about the role of tech companies in supporting authoritarian regimes.

FROM THE MEDIA: Apple has removed 25 VPN apps from its Russian App Store following a directive from Roskomnadzor, Russia's state communications watchdog. The affected services include ProtonVPN, Red Shield VPN, NordVPN, and Le VPN. This move is part of Roskomnadzor's ongoing efforts to control internet access and content within Russia. The VPN services were included in Russia's "Unified register" of internet resources prohibited for public distribution. In response, some VPN providers, like Le VPN, have launched alternative services to circumvent the crackdown, such as using third-party open-source software and obfuscated VPN connections.

READ THE STORY:  THN

World Watching Beijing: Implications of Leadership Changes in China

Bottom Line Up Front (BLUF): The recent removal of two defense ministers in China under President Xi Jinping highlights significant shifts in China's military strategy and internal political dynamics. These changes suggest a concerted effort by Xi to consolidate control over the People's Liberation Army (PLA) and bolster China's defense capabilities amid growing regional tensions and global scrutiny.

Analyst Comments: The ousting of high-ranking military officials in China reflects a strategic realignment under Xi Jinping’s leadership, aimed at ensuring loyalty and operational efficiency within the PLA. Historically, such changes are carefully orchestrated to align with the ruling party’s overarching goals. Xi’s focus on modernizing the PLA and increasing military spending indicates a desire to project China’s power more assertively on the global stage. This move also signals Xi's intent to navigate complex geopolitical challenges, particularly in the South China Sea and Taiwan Strait, while maintaining domestic stability.

FROM THE MEDIA: The removal of two defense ministers in China marks a pivotal moment in the country’s military strategy under President Xi Jinping. This move is seen as part of Xi's commitment to strengthening China's defense apparatus amid regional tensions and global scrutiny. By reshuffling key military figures, Xi aims to ensure that the leadership within the PLA is aligned with his strategic vision for a rejuvenated China. Xi Jinping has emphasized the modernization and strengthening of the PLA, reflecting a desire to project China’s power and protect its interests more assertively. The leadership changes come against a backdrop of heightened tensions in the South China Sea and Taiwan Strait, where China’s assertive territorial claims have drawn international concern.

READ THE STORY:  Daily Tribune

Biden Administration Warns States of Cyberattack Threat to Water, Wastewater Systems

Bottom Line Up Front (BLUF): The Biden administration has issued a warning to state governors about the heightened risk of cyberattacks targeting water and wastewater systems. Given their essential nature and common lack of robust cybersecurity measures, these systems are particularly vulnerable. The administration urges immediate action to identify and mitigate potential risks.

Analyst Comments: The warning from the Biden administration highlights the critical need for enhanced cybersecurity in water and wastewater systems, which are often overlooked in broader infrastructure protection efforts. This move reflects the increasing sophistication and frequency of cyber threats from state-affiliated actors, such as those linked to Iran and China. Historically, critical infrastructure has been a primary target for cyberattacks due to its impact on public health and safety. Strengthening cybersecurity protocols is imperative to safeguarding these vital services from potential disruption.

FROM THE MEDIA: The Biden administration has warned state governors of significant cyber threats targeting drinking water and wastewater systems. In a letter from EPA Administrator Michael Regan and White House National Security Adviser Jake Sullivan, it was emphasized that these systems are attractive targets for cyberattacks due to their essential role and often insufficient cybersecurity measures. Regan and Sullivan highlighted that basic cybersecurity precautions, like resetting default passwords and updating software, are frequently neglected, leaving systems vulnerable to disruptive attacks. They specifically noted recent threats from cyber actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) and Chinese state-sponsored groups, which have compromised critical infrastructure, including water systems.

READ THE STORY:  MSN

SonarSource Reveals Four Severe Vulnerabilities in Gogs, Urges Immediate Mitigation Steps

Bottom Line Up Front (BLUF): Four critical security vulnerabilities have been disclosed in the Gogs open-source Git service, potentially allowing authenticated attackers to breach instances, steal or delete source code, and plant backdoors. Users are urged to take immediate action, including disabling the built-in SSH server and turning off user registration.

Analyst Comments: The disclosure of these vulnerabilities in Gogs highlights significant risks for users relying on this open-source Git service. Historically, open-source software can be a double-edged sword, offering flexibility and community support but also posing security challenges if not properly maintained. The failure of Gogs' maintainers to address these critical flaws is concerning, underscoring the importance of proactive security measures in open-source projects. Organizations using Gogs must urgently implement recommended mitigations to protect their code repositories from potential exploitation.

FROM THE MEDIA: SonarSource researchers Thomas Chauchefoin and Paul Gerste have identified four unpatched security flaws in the Gogs open-source, self-hosted Git service. These vulnerabilities include three critical issues (CVE-2024-39930, CVE-2024-39931, and CVE-2024-39932) with a CVSS score of 9.9 each, and one high-severity flaw (CVE-2024-39933) with a CVSS score of 7.7. The critical vulnerabilities can enable an authenticated attacker to execute arbitrary commands on the Gogs server, potentially allowing them to read, modify, or delete source code, target internal hosts, and gain elevated privileges. The flaws require the attacker to be authenticated, and some, like CVE-2024-39930, necessitate the built-in SSH server to be enabled.

READ THE STORY:  THN

Legacy Systems: The Achilles’ Heel of Critical Infrastructure Cybersecurity

Bottom Line Up Front (BLUF): Legacy systems within critical infrastructure pose significant cybersecurity risks, making them prime targets for nation-state actors like China. Immediate action is needed to identify and mitigate vulnerabilities associated with these outdated technologies to protect essential services from disruptive cyberattacks.

Analyst Comments: The reliance on legacy systems in critical infrastructure is a significant vulnerability that cannot be ignored. Historically, these systems often run outdated software and lack proper security measures, making them attractive targets for cyberattacks. The emphasis on cybersecurity by the Biden administration and the warnings from FBI Director Christopher Wray about China's aggressive targeting underscore the urgency of addressing these risks. By proactively updating and securing legacy systems, organizations can mitigate the threat of cyberattacks and ensure the resilience of essential services.

FROM THE MEDIA: Legacy systems in critical infrastructure are increasingly vulnerable to cyberattacks, as nation-state actors, including China, continue to probe defenses worldwide. Outdated and unsupported software or operating systems within these infrastructures create significant security gaps. FBI Director Christopher Wray highlighted the broad and unrelenting targeting of U.S. critical infrastructure by China, emphasizing that the goal is disruption rather than financial gain. Critical infrastructure, such as drinking water systems, is particularly vulnerable. The U.S. Environmental Protection Agency (EPA) recently issued an enforcement alert to community water systems, urging them to conduct risk assessments and develop emergency response plans. This follows the Biden administration's call for urgent action to safeguard the water sector’s critical infrastructure.

READ THE STORY:  CSO

Joint Investigation Unveils Russian Spy Plot to Instill Panic in the West

Bottom Line Up Front (BLUF): A joint investigation by The Insider and Der Spiegel has exposed a covert Russian intelligence operation, "Project Kylo," aimed at spreading disinformation and causing chaos in Western countries during the early months of Russia’s invasion of Ukraine.

Analyst Comments: The revelation of Project Kylo highlights the extent and sophistication of Russia’s disinformation campaigns. By targeting Western societies' vulnerabilities and exploiting geopolitical tensions, Russia aims to undermine trust, sow discord, and weaken international support for Ukraine. This case underscores the ongoing threat of state-sponsored disinformation and the need for robust countermeasures.

FROM THE MEDIA: A joint investigation by The Insider and Der Spiegel has uncovered an elaborate plot by Russia’s Foreign Intelligence Service (SVR) to instill “panic and terror” in Western countries, known as Project Kylo. Presented in May 2022, just months after Russia's invasion of Ukraine, the plan was masterminded by SVR officer Mikhail Kolesov. Project Kylo aimed to create and disseminate disinformation to deepen internal contradictions in Western societies, especially in the United States. The operation involved various tactics, such as creating fake news headlines, establishing bogus NGOs, and manipulating social media content. The SVR also hired individuals to stage protests in Western countries, filming and spreading these events online to amplify their impact. A key target was the Ukrainian refugee crisis, with the SVR creating fake websites and articles to incite resentment towards refugees.

READ THE STORY:  Regtechtimes

U.S. Tech Giants Ramp Up Security Amid Chinese Espionage Fears

Bottom Line Up Front (BLUF): Researchers at Recorded Future identified thousands of individuals accessing child sexual abuse material (CSAM) on the dark web using infostealer malware logs. This study exposed user identities, aiding law enforcement efforts against CSAM distribution.

Analyst Comments: The move to intensify security checks by companies such as Google, Microsoft, and OpenAI underscores the significant threat posed by state-sponsored cyber espionage. While these measures are crucial for protecting intellectual property and national security, they also raise concerns about potential bias against individuals of Chinese descent, impacting diversity and inclusion within the tech sector.

FROM THE MEDIA: Leading U.S. technology firms, including Google, OpenAI, Sequoia Capital, and Microsoft, have bolstered their security protocols amidst warnings from the U.S. government about Chinese espionage efforts targeting American intellectual property and technology. Enhanced background checks, particularly scrutinizing connections to China, have been implemented to mitigate these threats. An example of the personal impact is seen in the case of Zheng, a Chinese graduate student in the U.S. focusing on cybersecurity. Seeking political asylum, Zheng perceives his background as an asset in the fight against Chinese cyber threats.

READ THE STORY:  msn

Russian MOD Officer Conducting PSYOPS via Facebook in France

Bottom Line Up Front (BLUF): Ukrainian hacktivists revealed that a Russian Ministry of Defense officer has been conducting psychological operations (PSYOPS) via Facebook in France, attempting to influence French public opinion and political processes.

Analyst Comments: The exposure of Russian PSYOPS targeting France through social media underscores the sophisticated and covert nature of modern information warfare. The Russian Ministry of Defense's use of social media platforms, despite official bans, reveals a strategic attempt to manipulate foreign audiences and political landscapes. This operation highlights the ongoing need for robust cybersecurity measures and vigilant monitoring of social media activities to protect against foreign interference.

FROM THE MEDIA: In November 2023, Ukrainian hacktivists from the Cyber Resistance team breached the global media monitoring system Katyusha, operated by the Russian Ministry of Defense's Department of Information and Mass Communications (DIMC). They accessed the email correspondence of several DIMC officers, including Alexander Denisovich Razroev, who was involved in international media operations. Razroev used Facebook to post sponsored content targeting French audiences, promoting disinformation campaigns against President Macron and supporting political figures like Marine Le Pen. These operations coincided with psychological operations on social media in France, aiming to undermine French support for Ukraine and create political discord.

READ THE STORY:  Info Napalm

Antibot4Navalny: Countering Disinformation in Ukraine

Bottom Line Up Front (BLUF): Antibot4Navalny is an anonymous group of disinformation researchers dedicated to exposing Russian influence operations on social media. They aim to reveal the underlying agendas of disinformation campaigns, focusing on the channels spreading false narratives rather than debunking individual stories.

Analyst Comments: The emergence of Antibot4Navalny signifies a significant step in combating Russian disinformation. By focusing on the broader mechanisms and channels of misinformation, the group provides a strategic approach to countering state-sponsored propaganda. Their efforts to collaborate with global researchers and media outlets enhance the credibility and reach of their findings, making it harder for disinformation campaigns to succeed. This method also highlights the importance of understanding the broader objectives of disinformation, such as undermining public trust and creating societal divisions.

FROM THE MEDIA: Antibot4Navalny, an anonymous group of disinformation researchers, has been actively exposing Russian influence operations since November 2023. The group focuses on revealing the channels and underlying agendas of disinformation rather than debunking individual stories. They identified and exposed the Doppelgänger group, which began operations in mid-2022, promoting fake articles and narratives to dissuade Western support for Ukraine. Antibot4Navalny’s work involves tracking and analyzing bot activity, promoting their findings through media outlets, and using patterns and automation to identify new disinformation campaigns.

READ THE STORY:  The Record

Europe Seeks Industry Views on China's Legacy Chip Production

Bottom Line Up Front (BLUF): The European Commission is consulting the semiconductor industry to assess the impact of China's expansion in producing older generation chips. This move comes amid rising tensions and new trade measures between the EU and China, with potential implications for global chip supply chains and market competition.

Analyst Comments: China's strategic focus on legacy chip production, bolstered by state subsidies, is a direct response to U.S.-led restrictions on advanced technology. This shift could significantly impact global semiconductor markets, particularly in sectors heavily reliant on these chips, such as automotive and consumer electronics. Europe's proactive stance in gathering industry feedback underscores its concern over supply chain dependencies and potential market distortions. The imposition of tariffs on Chinese electric vehicles (EVs) marks a broader trend of protectionist measures aimed at safeguarding European industries. Future EU actions may include further regulatory and trade interventions to counterbalance China's market influence.

FROM THE MEDIA: The European Commission has begun surveying the semiconductor industry regarding China's increased production of legacy chips. This follows new tariffs imposed by the EU on Chinese EVs, indicating a toughened stance against Beijing. China's investment in older chip technologies is partly driven by restrictions on advanced chip access, raising concerns in the West about oversupply and long-term market impacts. The Commission's survey, broader than the U.S. Commerce Department's security-focused survey, aims to gather detailed industry insights to inform potential joint EU-U.S. measures. The move reflects ongoing EU efforts to protect its industries from Chinese competition and maintain technological sovereignty.

READ THE STORY:  Reuters

Items of interest

Why Claude 3.5 Sonnet is the AI to Watch, Not ChatGPT-4o

Bottom Line Up Front (BLUF): Claude 3.5 Sonnet emerges as a strong competitor to ChatGPT-4o, excelling in various AI metrics, coding, reasoning, and visual processing. With innovative features and significant performance improvements, it offers a compelling alternative in the AI landscape.

Analyst Comments: Claude 3.5 Sonnet's advancements highlight the rapid evolution in AI technology, challenging OpenAI's dominance. This competition drives innovation, ultimately benefiting users with more specialized and efficient tools. Claude's focus on diverse content generation and enhanced security measures sets it apart, reflecting a strategic approach to address the growing demands and concerns in AI applications.

FROM THE MEDIA: Claude 3.5 Sonnet has garnered attention for surpassing GPT-4o in coding, reasoning, and visual processing capabilities. The new Artifacts feature allows users to generate a wide range of content, from documents and code to visual diagrams, making it a versatile tool for diverse applications. It is praised for its speed, cost efficiency, and high benchmark performance, with future updates promising memory features and expanded models. Despite its limitations in handling voice queries, Claude 3.5 Sonnet offers a conversational approach and strong security measures, making it a formidable competitor in the AI space.

READ THE STORY:  techopedia

15 INSANE Use Cases for NEW Claude Sonnet 3.5 (Video)

FROM THE MEDIA: Claude 3.5 Sonnet offers groundbreaking features, making it a versatile AI tool for a wide range of applications, from creating web applications and animations to building real-time object detection systems and interactive dashboards.

Claude 3.5 Deep Dive: This new AI destroys GPT (Video)

FROM THE MEDIA: The latest update in Claude 3.5 Sonnet showcases significant advancements, reinforcing its position as a leader in the AI industry. Its ability to handle diverse tasks efficiently highlights the rapid progression and potential of AI technologies in everyday applications.

The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.