Daily Drop (813): Chip Wars | CISA | Nuke Power | CISA | NHLS | APT40: MSS | Internet Archive | Midnight Blizzard: APT29 | CloudSorcerer | EU CN EV | CNMF: ALRTS | RaaS: Eldorado | RegreSSHion | Iran
Daily Drop (813): Chip Wars | CISA | Nuke Power | CISA | NHLS | APT40: MSS | Internet Archive | Midnight Blizzard: APT29 | CloudSorcerer | EU CN EV | CNMF: ALRTS | RaaS: Eldorado | RegreSSHion | Iran
07-09-24
Tuesday, Jul 09 2024 // (IG): BB // ShadowNews // Coffee for Bob
*Started adding the Proof Of Concepts (PoC) if available for mentioned CVE’s :
A Proof of Concept (PoC) is a small exercise to test a certain hypothesis or demonstrate that a potential project can be viable. It's primarily used to verify that certain concepts or theories have the potential for real-world application. The purpose of a PoC is to showcase the feasibility, functionality, and potential of a concept before proceeding to the development of the full-scale project. *
Satellite Photos Reveal Iran Expanding Missile Production Capabilities
Bottom Line Up Front (BLUF): Recent satellite images show significant expansions at two major Iranian missile production facilities, indicating increased missile and drone manufacturing capabilities. This development follows Iran's agreement to supply missiles to Russia and raises concerns for the U.S. and its allies about Iran's growing missile arsenal and its support for proxy groups in the Middle East.
Analyst Comments: The expansion of Iran's missile production facilities, particularly at the Modarres military base and Khojir complex, underscores Tehran's commitment to enhancing its ballistic missile capabilities. This move aligns with Iran's strategic objective to bolster its influence in the region and support allies such as Hezbollah and the Houthis. The U.S. and its allies will likely intensify surveillance and countermeasures to mitigate the risks posed by Iran's expanding missile arsenal. The situation further complicates regional security dynamics, especially given the existing tensions with Israel and ongoing conflicts in Yemen and Ukraine.
FROM THE MEDIA: Satellite imagery analyzed by American researchers and confirmed by senior Iranian officials reveals substantial expansions at Iran's Modarres military base and Khojir missile production complex. These sites, overseen by the Islamic Revolutionary Guard Corps (IRGC), have seen the construction of over 30 new buildings, many of which are fortified with large dirt berms indicative of missile production activities.
READ THE STORY: Reuters
Europe's Battery Industry Faces Challenges from EV Slowdown and Chinese Competition
Bottom Line Up Front (BLUF): The current struggles of Europe's battery industry underscore the broader difficulties facing the region's transition to electric vehicles. The dual pressures of slower EV sales growth and aggressive competition from Chinese manufacturers highlight the need for strategic adjustments. European firms must enhance their production efficiency and secure long-term commitments from local car manufacturers to remain competitive. Additionally, there may be a need for increased governmental support to foster innovation and resilience in the face of global competition.
Analyst Comments: The current struggles of Europe's battery industry underscore the broader difficulties facing the region's transition to electric vehicles. The dual pressures of slower EV sales growth and aggressive competition from Chinese manufacturers highlight the need for strategic adjustments. European firms must enhance their production efficiency and secure long-term commitments from local car manufacturers to remain competitive.
FROM THE MEDIA: Europe’s battery industry, once poised for rapid growth, is now facing substantial setbacks due to a global slowdown in electric car sales and mounting competition from Chinese manufacturers. Investment plans for approximately 158-gigawatt hours of battery production have been canceled or postponed since the beginning of the year, affecting the capacity to power more than 2 million EVs annually. Prominent start-ups such as Northvolt and PowerCo have delayed or reevaluated their projects. Northvolt, a leading figure in European battery manufacturing, has launched a strategic review that could delay new factories in Germany, Canada, and Sweden. Similarly, PowerCo, Volkswagen’s battery division, has indefinitely postponed plans to build a fourth battery plant in Europe.
Nuclear Electricity Supply Could Be More Resilient to Attacks Than Renewables
Bottom Line Up Front (BLUF): Nuclear power stations, despite their concentrated nature, might be more dependable and resilient than renewable energy sources in the face of enemy attacks. The vulnerability of renewable energy systems, particularly their reliance on fewer key transmission points, could make them less reliable during wartime.
Analyst Comments: The debate over the resilience of energy infrastructure during conflicts reveals that nuclear power could offer significant advantages over renewable sources. Historically, critical infrastructure, including energy supplies, has been a primary target during conflicts to disrupt economies and military operations. Nuclear power's inherent defensive measures and the challenges associated with attacking such sites might make it a more strategic choice for energy security in wartime.
FROM THE MEDIA: Nuclear power stations, although concentrated in a few large generating sites, could be more dependable than renewable energy sources in wartime, according to Graham Cummings. While renewable energy sources like wind and solar are dispersed, their supply-firming installations, such as batteries and peak-demand generators, are not as numerous and are vulnerable to targeted attacks. The analysis compares the vulnerability and recoverability of nuclear power stations versus renewable energy-firming installations. Nuclear power stations have robust passive defensive measures, making them harder targets. Even if penetrated, catastrophic releases of radiation are unlikely, and damage to ancillary systems could be repaired relatively quickly, similar to the time required to fix turbines or transformers in renewable setups.
READ THE STORY: ASPI
New APT Group "CloudSorcerer" Targets Russian Government Entities
Bottom Line Up Front (BLUF): The newly discovered advanced persistent threat (APT) group, CloudSorcerer, has been identified as targeting Russian government entities using sophisticated cyber espionage tools that leverage cloud services for command-and-control (C2) and data exfiltration. This development highlights the escalating geopolitical cyber threats and the innovative tactics employed by threat actors.
Analyst Comments: The emergence of CloudSorcerer underscores the increasing complexity and sophistication of state-sponsored cyber espionage. By utilizing cloud services like Microsoft Graph, Yandex Cloud, and Dropbox for C2 and data exfiltration, CloudSorcerer demonstrates advanced capabilities in evading detection and maintaining persistent access to targeted systems. This trend of using legitimate cloud infrastructure for malicious purposes complicates defensive measures, emphasizing the need for robust cybersecurity strategies and enhanced international cooperation to counter such threats.
FROM THE MEDIA: Kaspersky has identified a new APT group, CloudSorcerer, targeting Russian government entities with sophisticated cyber-espionage tools. Discovered in May 2024, CloudSorcerer uses cloud services such as Microsoft Graph, Yandex Cloud, and Dropbox for C2 communications and data exfiltration. The malware, controlled via APIs using authentication tokens, dynamically adapts based on the process it runs in, enhancing its stealth capabilities. CloudSorcerer's operations resemble those of CloudWizard, an APT group targeting Russian-occupied areas of Ukraine. However, CloudSorcerer uses distinct code and functionalities, indicating it may be a new actor. Initial C2 communication is established via GitHub, with further commands fetched from encrypted data on cloud services.
READ THE STORY: Silicon Angle // THN
US-China Chip Wars 'Mainly Ideological' Says Former ASML Boss
Bottom Line Up Front (BLUF): The former CEO of ASML, Peter Wennink, describes the ongoing US-China chip conflict as ideologically driven and predicts that the dispute will persist for decades. ASML, caught between Washington's export restrictions and China's demand for semiconductor technology, faces significant challenges in navigating these geopolitical tensions.
Analyst Comments: China’s counter-narrative regarding the "Volt Typhoon" cyber threat serves multiple strategic purposes. Historically, states engage in information warfare to shape global perceptions and secure geopolitical advantages. By accusing the U.S. of fabricating cyber threats, China aims to delegitimize U.S. accusations and cast doubt on the integrity of U.S. intelligence operations. This maneuver could help China present itself as a responsible and victimized actor in the international arena, seeking to align other countries against perceived U.S. hegemonic practices. The broader context of U.S.-China tensions over cybersecurity, trade, and territorial disputes adds layers to this complex geopolitical chess game.
FROM THE MEDIA: China has accused the U.S. of fabricating the "Volt Typhoon" cyber threat narrative, asserting that American intelligence agencies created this misinformation to justify the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act and to secure more funding from Congress. According to China's National Computer Virus Emergency Response Center, the U.S. and its allies, under the guise of cybersecurity concerns, aim to enhance their surveillance capabilities and maintain cyber hegemony. By framing the U.S. as the aggressor and manipulator, China seeks to gain international sympathy and support, positioning itself as a defender against unwarranted American cyber intrusion accusations. This strategy aims to shift the global narrative, casting doubt on U.S. motives and actions while promoting China's stance as a target of unjustified cyber allegations.
READ THE STORY: The Register
Industry Groups Call for Clearer Definitions and Reduced Scope in Cyber Incident Reporting Mandate
Bottom Line Up Front (BLUF): Public comments on the Cybersecurity and Infrastructure Security Agency's (CISA) latest cyber incident reporting mandate for critical infrastructure reflect widespread industry concerns. Key issues include the need for clearer definitions, reduced reporting scope, and more support for compliance, highlighting the challenges in balancing regulatory oversight with practical implementation.
Analyst Comments: The pushback from critical infrastructure organizations against CISA's proposed cyber incident reporting requirements underscores the complexity of implementing comprehensive cybersecurity regulations. Historically, balancing the need for detailed incident reporting with the operational capacities of organizations has been challenging. The feedback indicates a need for CISA to provide clearer guidelines, reduce the administrative burden, and offer more support to smaller entities to ensure effective compliance without overwhelming resources.
FROM THE MEDIA: Public comments on CISA's proposed cyber incident reporting mandate for critical infrastructure reveal significant industry pushback. Key concerns include the need for specific, clearly defined terms for what constitutes a "substantial cyber incident" to prevent over-reporting and resource strain. Industry representatives argue that an overly broad definition could lead to the submission of irrelevant data, overwhelming CISA's capacity to manage and act on the information. There are concerns about the requirement for reporting ransomware payments, with entities like the City of Dallas arguing that it could deter cooperation due to fears of reputational damage and financial scrutiny. There is also debate over which organizations should be required to report incidents, with various sectors, such as retail and food industries, arguing for exclusions based on their perceived lower impact on national security.
READ THE STORY: Cyberscoop
MSS-Backed APT40 Group's Targeting of Government and Private Sector
Bottom Line Up Front (BLUF): A coalition of countries led by Australia has accused China's Ministry of State Security (MSS) of directing cyberattacks through the hacker group Advanced Persistent Threat 40 (APT40). The group has targeted Indo-Pacific governments and private sectors, exploiting infrastructure vulnerabilities to intercept sensitive information.
Analyst Comments: The joint accusation against China's MSS by a broad coalition of nations underscores the growing international concern over state-sponsored cyberattacks. The involvement of major Western powers and regional allies highlights the strategic importance of cybersecurity in maintaining global stability and the ongoing challenge of cyber espionage. This unified stance could lead to stronger collective cyber defense measures and potentially further strain diplomatic relations with China.
FROM THE MEDIA: In a report spearheaded by Australia and supported by the US, UK, Canada, New Zealand, Japan, South Korea, and Germany, China’s Ministry of State Security (MSS) is accused of orchestrating cyberattacks via APT40. The report details APT40’s repeated targeting of government and private sector entities across the Indo-Pacific region. Notably, in April 2022, the group intercepted multi-factor authentication codes and stole hundreds of unique user names and passwords. APT40 believed to be working for the MSS, primarily exploits vulnerabilities in public-facing infrastructure rather than relying on phishing campaigns. This report marks a rare and explicit accusation from Australia against the Chinese government, especially amidst improving diplomatic relations since the election of the center-left Labor administration in May 2022.
READ THE STORY: Bloomberg
Cisco Warns of Appliances Vulnerable to RegreSSHion Vulnerability
Bottom Line Up Front (BLUF): Cisco has identified 42 of its networking and communications devices as vulnerable to a recently disclosed SSH vulnerability, with another 51 products under investigation. The remote code execution flaw, stemming from a race condition error in the OpenSSH server package, poses a significant security threat, necessitating immediate action by administrators to restrict SSH access to trusted hosts until a fix is available.
Analyst Comments: The RegreSSHion vulnerability presents a serious risk to Cisco's extensive product line, reflecting the broader challenges in securing enterprise networks against sophisticated threats. Administrators must act swiftly to mitigate potential exploits by restricting SSH access and ensuring devices are adequately prepared for upcoming software patches. This incident underscores the need for continuous monitoring and proactive vulnerability management, especially in environments with high-value targets like enterprise and service provider networks.
FROM THE MEDIA: Cisco has issued a warning about a critical SSH vulnerability affecting 42 of its networking and communications devices. This remote code execution flaw, which was recently disclosed in the OpenSSH server package, involves a race condition error that allows command injections, potentially leading to full device takeover. Cisco is also investigating another 51 products for possible exposure to this vulnerability. The affected product lines span Network Management and Provisioning, Network and Content Security, Enterprise and Service Provider Routing and Switching, Unified Computing, Unified Voice and Communications Devices, Video Streaming Telepresence and Transcoding, and Wireless. Meanwhile, 48 currently supported hardware and cloud services have been confirmed not vulnerable.
READ THE STORY: SCMAG
New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems
Bottom Line Up Front (BLUF): The new ransomware-as-a-service (RaaS) operation called Eldorado, which targets both Windows and Linux systems, has surfaced. The malware, developed with cross-platform capabilities, employs sophisticated encryption techniques and has already impacted various industries across multiple countries. This highlights the persistent and evolving nature of ransomware threats, necessitating heightened cybersecurity vigilance and proactive measures.
Analyst Comments: Eldorado's emergence underscores the ongoing evolution of ransomware tactics and the adaptability of cybercriminals. By targeting both Windows and Linux systems with advanced encryption methods, Eldorado represents a significant threat to a wide range of industries. The use of Golang for cross-platform capabilities and the adoption of robust encryption algorithms like Chacha20 and RSA-OAEP indicate a high level of sophistication. Organizations must enhance their cybersecurity frameworks, focusing on robust network segmentation, advanced threat detection, and comprehensive incident response plans to mitigate the risks posed by such advanced RaaS operations.
FROM THE MEDIA: The ransomware-as-a-service (RaaS) operation known as Eldorado has been identified as a new cyber threat targeting both Windows and Linux systems. First observed in March 2024 on the ransomware forum RAMP, Eldorado employs Golang for its cross-platform capabilities and uses advanced encryption methods, including Chacha20 for file encryption and RSA-OAEP for key encryption. This sophisticated malware can encrypt files on shared networks via the Server Message Block (SMB) protocol. Eldorado's encryptor is available in multiple formats (esxi, esxi_64, win, and win_64), and its data leak site already lists 16 victims, including companies in the U.S., Italy, and Croatia. The affected sectors span real estate, education, professional services, healthcare, and manufacturing.
READ THE STORY: THN
South Africa National Lab Says Ransomware Recovery to Last Until Mid-July
Bottom Line Up Front (BLUF): South Africa’s National Health Laboratory Service (NHLS) is working to restore its systems following a severe ransomware attack in June. The agency aims to have some systems back online by mid-July, but the disruption continues to impact the dissemination of test results, posing significant challenges for public health management.
Analyst Comments: The NHLS ransomware attack highlights the critical vulnerabilities in healthcare infrastructure and the significant impact such incidents can have on public health services. Historically, healthcare systems have been prime targets for ransomware attacks due to the critical nature of their operations and often outdated cybersecurity measures. This incident underscores the urgent need for robust cybersecurity protocols and rapid response strategies in healthcare institutions to mitigate the effects of cyberattacks and ensure the continuity of essential services.
FROM THE MEDIA: South Africa's National Health Laboratory Service (NHLS) is striving to recover from a ransomware attack that began in June, with plans to have some systems operational by mid-July. The ransomware attack has disrupted the dissemination of test results, particularly affecting the WebView portal used by healthcare professionals. In response, NHLS has implemented temporary measures such as delivering urgent test results via phone and limiting test requests to critical cases. The attack has significantly impacted efforts to manage concurrent health crises, including pox, HIV, and tuberculosis.
READ THE STORY: The Register
Internet Archive Faces Outages Due to "Environmental Factors"
Bottom Line Up Front (BLUF): The Internet Archive experienced significant outages due to environmental factors following a power failure in one of its data centers. This incident underscores the critical role the Archive plays and highlights the potential impact if the ongoing legal battles force it to cease operations.
Analyst Comments: The recent outage at the Internet Archive, caused by a power failure and subsequent environmental issues, demonstrates the fragility of even the most robust digital repositories. Given the Archive's pivotal role in preserving digital content, this incident brings into sharp focus the broader implications of its potential shutdown due to ongoing legal battles with major publishers. As the Internet Archive continues to face legal challenges that threaten its existence, the temporary outage serves as a stark reminder of what could be lost—a crucial resource for historical, cultural, and academic preservation.
FROM THE MEDIA: The Internet Archive, known for its extensive digital collections and the Wayback Machine, faced a significant service disruption overnight due to a power outage followed by environmental factors likely related to cooling issues. The outage, which has mostly been resolved by now, affected users worldwide and underscored the Archive's vulnerability despite its critical importance. This incident comes amid the Archive's ongoing legal struggles with major US publishers over copyright infringement claims. In March 2023, a US federal judge ruled against the Archive's right to lend digital copies of printed books, leading to potentially massive financial liabilities. The case is currently under appeal.
READ THE STORY: The Register
TeamViewer Breach Thwarted by Network Segmentation
Bottom Line Up Front (BLUF): TeamViewer's swift response and robust network segmentation prevented a significant data breach from impacting customer data and critical systems. The intrusion, attributed to the advanced persistent threat group Midnight Blizzard (APT29), was contained within the internal corporate IT environment.
Analyst Comments: TeamViewer's recent breach underscores the critical importance of network segmentation and proactive cybersecurity measures in protecting organizational infrastructure. The company's ability to quickly detect, isolate, and mitigate the threat illustrates best practices in incident response and highlights the value of maintaining segregated networks to prevent lateral movement by attackers. As cyber threats from sophisticated actors like APT29 continue to evolve, such defensive strategies are essential in safeguarding sensitive data and maintaining customer trust.
FROM THE MEDIA: TeamViewer, the popular remote access software company, has concluded its investigation into a breach detected in late June 2024, confirming that the attack was confined to its internal corporate IT environment. The company reassured customers that the breach did not affect the separated product environment, connectivity platform, or customer data. The breach was detected on June 26, 2024, when anomalous activities from a standard employee account were observed. TeamViewer’s security team swiftly cut off the threat actor and commenced a thorough investigation. The attackers, identified as the advanced persistent threat group Midnight Blizzard (APT29), managed to copy employee directory data, including names, corporate contact information, and encrypted employee passwords.
READ THE STORY: Help Net Security
GitHub Copilot Lawsuit Narrowed to Two Claims as Judge Dismisses Key Allegations
Bottom Line Up Front (BLUF): A class-action lawsuit against GitHub, Microsoft, and OpenAI, alleging copyright infringement by the GitHub Copilot coding assistant, has been significantly narrowed. The judge dismissed most claims, leaving only two allegations standing: an open-source license violation and a breach of contract complaint.
Analyst Comments: The recent judicial decision to dismiss the majority of claims in the GitHub Copilot lawsuit reflects the complexity of applying existing intellectual property laws to AI-generated content. While the case continues with two remaining claims, the ruling underscores the challenges plaintiffs face in proving direct copyright infringement by AI systems. This outcome highlights the need for clearer legal frameworks to address the nuances of AI technology and its implications for intellectual property rights.
FROM THE MEDIA: Developers who filed a class-action lawsuit against GitHub, Microsoft, and OpenAI in November 2022, claiming that GitHub Copilot unlawfully copied their code, have seen their case significantly narrowed. Initially encompassing 22 claims, the lawsuit has been whittled down through successive court rulings. On July 5, 2024, Judge Jon Tigar dismissed three more claims, leaving only two active allegations: an open-source license violation and a breach of contract complaint. The lawsuit centers on accusations that Copilot, an AI-powered coding assistant, suggests code snippets derived from open-source projects hosted on GitHub without adhering to the original licenses, thereby violating the developers' intellectual property rights. The plaintiffs argued that Copilot's output often replicates their copyrighted code without proper attribution or adherence to license terms.
READ THE STORY: The Register
Cyber Command's Malware Alert System Transforms Amid Evolving Cyber Threat Landscape
Bottom Line Up Front (BLUF): U.S. Cyber Command's Cyber National Mission Force (CNMF) has transitioned from publicly sharing malware samples via social media to a more discreet approach involving direct collaboration with private sector partners. This strategic shift aims to enhance real-time threat information sharing while maintaining operational security and efficacy.
Analyst Comments: The evolution of CNMF's malware alert system from public disclosure on platforms like Twitter to private sector collaboration through initiatives such as the Under Advisement program highlights a significant strategic shift. This change reflects the need for more detailed, real-time exchanges that are better suited for mitigating cyber threats. While public disclosures served to raise awareness and deter adversaries, the current approach focuses on leveraging industry partnerships to enhance cybersecurity resilience and rapid response capabilities.
FROM THE MEDIA: In the lead-up to the 2018 midterm elections, U.S. Cyber Command's Cyber National Mission Force (CNMF) launched a novel initiative to publicly share malware samples via Twitter and VirusTotal, aiming to deter foreign interference by naming and shaming adversaries like Russia, Iran, and North Korea. This unprecedented move garnered praise from the cybersecurity community for its transparency and effectiveness.
READ THE STORY: The Record
Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites
Bottom Line Up Front (BLUF): A recent analysis of information-stealing malware logs published on the dark web has revealed approximately 3,300 users linked to child sexual abuse material (CSAM) sites. The findings highlight how stolen credentials can be used to combat serious crimes by identifying individuals involved in illegal activities.
Analyst Comments: The use of info-stealer malware logs to unmask consumers of CSAM represents a significant development in cybercrime investigation. Historically, tracking down perpetrators of such crimes has been challenging due to the anonymity provided by the dark web. This approach not only aids law enforcement in identifying offenders but also demonstrates the broader potential of leveraging cyber threat intelligence to address various forms of criminal activity. Continued collaboration between cybersecurity firms and law enforcement is essential to maximize the impact of such discoveries and improve overall cyber safety.
FROM THE MEDIA: An analysis conducted by Recorded Future's Insikt Group has identified around 3,300 unique users with credentials on known child sexual abuse material (CSAM) sites. The analysis, covering data from February 2021 to February 2024, found that 4.2% of these users had credentials for multiple CSAM sources, indicating a higher likelihood of repeated criminal behavior. The study utilized logs from info-stealer malware, which has become a prevalent threat targeting various operating systems. This malware typically harvests sensitive data such as credentials, cryptocurrency wallets, and payment card information, which are then sold on the dark web. The widespread use of such malware has created a complex ecosystem where stolen information is circulated and utilized for various illicit activities.
READ THE STORY: THN
Google's Unavailability in China Drives Microsoft's Shift to Apple Devices
Bottom Line Up Front (BLUF): Microsoft is requiring its employees in China to switch to iPhones for work starting in September, citing security reasons and the unavailability of Google's mobile services in the country. This move is part of Microsoft's broader Secure Future Initiative to enhance internal security practices.
Analyst Comments: Microsoft's decision to mandate iPhones for its China-based staff underscores the significant security challenges posed by regional technology restrictions. By opting for Apple devices, which support critical security applications unavailable on Android in China, Microsoft aims to bolster its defense against sophisticated cyber threats. This shift highlights the intricate balance global tech companies must maintain between operational security and regional compliance.
FROM THE MEDIA: Microsoft has announced that employees in China must transition to using iPhones for work purposes by September, according to an internal memo reported by Bloomberg. This decision stems from the unavailability of Google's services, including the Google Play Store, in China, which hinders the use of essential security apps like Microsoft Authenticator and Identity Pass. The mandate is part of Microsoft's Secure Future Initiative, introduced last November, which aims to strengthen internal security measures. Employees who do not own an Apple device will be provided with an iPhone 15 by the company. Personal Android devices can still be used for non-work-related activities.
READ THE STORY: Business Insider Africa
Items of interest
Mandiant Highlights Russian and Chinese Cyber Threats to NATO on Eve of 75th Anniversary Summit
Bottom Line Up Front (BLUF): Mandiant has identified significant cyber threats from Russian and Chinese actors targeting NATO and its member states. With the 75th anniversary summit approaching, these threats include espionage, disinformation, and disruptive attacks, necessitating increased vigilance and cooperation within the alliance.
Analyst Comments: The cybersecurity landscape for NATO is increasingly complex, with both Russian and Chinese state-sponsored actors employing sophisticated techniques to undermine the alliance. The focus on cyber espionage, disinformation, and disruptive attacks reflects a broader strategy of hybrid warfare. The coordination between NATO and private sector technological capabilities is crucial to counter these evolving threats.
FROM THE MEDIA: Cyber threats targeting NATO and its member states have intensified, particularly with the ongoing war in Ukraine. Mandiant’s chief analyst, John Hultquist, has identified the primary adversaries as Russian and Chinese nation-state actors, financially motivated criminals, and ideologically driven hacktivists. The motivations behind these cyber activities include espionage, spreading disinformation, and conducting disruptive attacks to weaken public resolve and support for NATO.
READ THE STORY: SecurityWeek
Tornado (Video)
FROM THE MEDIA: "Axie Infinity" is like many other online video games. You raise cute axolotls (salamander-like amphibians) and battle them against other players' creatures to level them up and earn rewards. The big difference is that "Axie" lives on the blockchain, and high level creatures are sold for big Ethereum bucks.
"For criminals, by criminals:" How the FBI Tried to Wire Tap the World (Video)
FROM THE MEDIA: A special phone, made from top-to-bottom with privacy, hidden apps and encryption to protect your data from prying eyes. Sounds great, right? There's only one problem: It has a secret back door that funnels everything you do to law enforcement.
The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.