Daily Drop (836): | BlankBot | DPRK: Tactical Ballistic Missile | Evasive Panda: ISP | ElectraLith | TLS-BCT: EW | MegaTE | ControlLogix 1756 | cyberspace ID |
08-05-24
Monday, Aug 05 2024 // (IG): BB // ShadowNews // Coffee for Bob
Measures of Effectiveness (MoE):
MoEs are used to assess how well a system or operation achieves its intended goals. They are qualitative or quantitative metrics that reflect the success of achieving desired outcomes. For example, in a cybersecurity context, an MoE could be the reduction in successful cyber-attacks after implementing new security protocols.
Results: We are seeing an uptick in “163.com”, “189.com” and “QQ” subscribers.
China-Linked Hackers Exploit ISP to Deploy Malicious Software Updates
Bottom Line Up Front (BLUF): The Chinese cyber-espionage group known as Evasive Panda (aka StormBamboo) has escalated its operations by compromising an internet service provider (ISP) to push malicious software updates to target companies. This sophisticated attack involved DNS poisoning to deliver malware through insecure update mechanisms, affecting both macOS and Windows systems.
Analyst Comments: The use of DNS poisoning by Evasive Panda to manipulate automatic software updates underscores a significant evolution in cyber-espionage tactics. By compromising an ISP, the attackers were able to intercept and alter update requests, injecting malware directly into the victim’s system without user interaction. This attack highlights the critical need for secure update channels (preferably HTTPS) and stringent integrity checks on software updates. The targeting of multiple software vendors and the installation of a malicious Chrome extension to exfiltrate data further emphasizes the group’s high level of skill and adaptability in executing complex, multi-faceted cyber operations.
FROM THE MEDIA: Evasive Panda, an advanced persistent threat group active since at least 2012, compromised an ISP to deploy malware via poisoned DNS responses. The group targeted software with insecure update mechanisms, redirecting update requests to malicious IP addresses. This attack vector allowed the installation of backdoors like MACMA and POCOSTICK (MgBot), affecting macOS and Windows systems. The group also deployed a malicious Chrome extension to harvest browser cookies. Volexity, the cybersecurity firm that uncovered the attack, worked with the ISP to halt the DNS poisoning by taking affected network components offline.
READ THE STORY: Techworm // THN
Tencent Cloud's "MegaTE" Traffic Engineering System Halves WAN Latency
Bottom Line Up Front (BLUF): Tencent Cloud has introduced "MegaTE," an advanced traffic engineering (TE) system that optimizes network configurations based on the specific needs of individual traffic flows. This new system, which outperforms existing solutions like scFLOW and TEAL, significantly reduces WAN latency, improving service levels for high-priority applications.
Analyst Comments: MegaTE’s ability to tailor traffic flows at a granular level offers a substantial advantage in cloud computing environments, particularly for hyperscale operations like Tencent’s. By integrating technologies such as eBPF, MegaTE enhances efficiency and reduces latency, potentially setting a new standard for traffic engineering in cloud infrastructure. This could be particularly impactful for Tencent’s vast user base across its numerous digital services.
FROM THE MEDIA: Revealed at the SIGCOMM 2024 conference, Tencent's MegaTE system addresses inefficiencies in traditional TE tools by focusing on the specific requirements of each flow generated by virtual machines (VMs) or containers. It leverages a database of traffic engineering configurations and uses eBPF to optimize the network paths, reducing WAN latency by 51% while handling over 20,000 concurrent flows. This system has been operational in Tencent Cloud since 2022, across its global infrastructure.
READ THE STORY: The Register
US Homeland Increasingly Vulnerable to China and Russia's Hybrid Warfare Tactics
Bottom Line Up Front (BLUF): A recent US Army report highlights the growing risk of hybrid warfare from China and Russia, including conventional, cyber, and irregular attacks on US soil. These tactics aim to undermine military readiness by targeting critical infrastructure and exploiting vulnerabilities within the US homeland, previously considered a safe haven.
Analyst Comments: The report underscores a shift in threat perception, with the US homeland no longer seen as invulnerable. As China and Russia enhance their long-range conventional strike capabilities and hybrid warfare strategies, the US faces a more complex and multifaceted security environment. The potential for these adversaries to combine cyber operations with physical attacks on critical infrastructure could severely disrupt US military operations and national security.
FROM THE MEDIA: The US Army's Training and Doctrine Command (TRADOC) warns that China and Russia are preparing for hybrid warfare tactics targeting the US mainland. These include cyberattacks, disinformation campaigns, and conventional strikes on critical infrastructure. The report stresses that these near-peer adversaries are investing in capabilities that could challenge US military readiness and complicate force projection during large-scale combat operations. The increasing transparency of modern battlefields, combined with adversaries' anti-access/area denial (A2/AD) efforts, poses a significant threat to US national security.
READ THE STORY: AsianTimes
Neuralink Implants Second Patient with Brain Chip, Expanding Clinical Trials
Bottom Line Up Front (BLUF): Neuralink has successfully implanted its brain-computer interface device into a second patient, as announced by Elon Musk. This device aims to allow paralyzed individuals to control digital devices through thought alone, marking significant progress in Neuralink’s clinical trials.
Analyst Comments: Neuralink's advancements reflect the broader trend of merging human cognition with technology, offering new hope for individuals with spinal cord injuries. While the technology is still in its early stages, the ability of these implants to restore some independence to paralyzed patients could revolutionize neurorehabilitation. The progress made in these trials also highlights the growing intersection of health technology and AI, where real-time brain signal processing plays a crucial role.
FROM THE MEDIA: Neuralink has implanted its brain-computer interface in a second patient, who, like the first, suffers from a spinal cord injury. This implant allows the user to interact with digital devices by thought alone. The first patient, Noland Arbaugh, reported significant improvements in his ability to control a computer cursor using the implant, despite some initial technical challenges. Neuralink plans to continue its trials with more patients throughout the year.
READ THE STORY: Reuters
China Begins Testing National Cyber-ID System Ahead of Official Adoption
Bottom Line Up Front (BLUF): China has initiated a pilot program for a national cyberspace ID system that utilizes facial recognition and real names, involving major apps like WeChat and Taobao. Despite the system being open for public comment until August 25, a pilot is already underway, raising concerns about privacy and government overreach.
Analyst Comments: The rapid rollout of China's cyber-ID pilot program suggests a strong government push to centralize digital identity verification. While intended to streamline identity management and enhance security, the program has sparked privacy concerns, especially given China's extensive surveillance capabilities. The program's early implementation, even before the public consultation period has ended, highlights Beijing's top-down approach to digital governance, potentially setting a precedent for more intrusive data management practices.
FROM THE MEDIA: Chinese app developers, including those behind WeChat and Taobao, are testing a new national cyber-ID system that integrates facial recognition and real-name verification. The ID system, which has yet to be officially adopted, aims to consolidate identity management by eliminating the need for citizens to provide personal information to internet service providers. However, the system has drawn criticism for potentially reducing user privacy and expanding government surveillance, with legal challenges already emerging in Beijing.
READ THE STORY: The Register
New Android Trojan "BlankBot" Targets Turkish Users' Financial Data
Bottom Line Up Front (BLUF): A new Android banking trojan called "BlankBot" has been discovered targeting Turkish users, with the ability to steal financial data by leveraging Android’s accessibility services. The malware is in active development and poses a significant threat due to its capabilities for keylogging, screen recording, and intercepting SMS messages.
Analyst Comments: BlankBot represents a sophisticated evolution in Android malware, utilizing advanced techniques to bypass security measures introduced in Android 13. Its focus on Turkish users suggests a region-specific threat, but the trojan’s adaptability means it could quickly spread to other regions. Users should be cautious of installing apps from untrusted sources and ensure their devices are updated with the latest security patches.
FROM THE MEDIA: Discovered by Intel 471, BlankBot operates by abusing Android’s accessibility services to gain control over infected devices. The malware installs itself via APKs that bypass restricted settings and proceeds to harvest bank account credentials, payment data, and other sensitive information. Google is responding with enhanced security measures, including options to disable 2G networks and null ciphers to protect against similar threats.
READ THE STORY: THN
Rio Tinto-Backed Start-Up Seeks $15 Million for Lithium Extraction Breakthrough
Bottom Line Up Front (BLUF): ElectraLith, an Australian start-up backed by Rio Tinto, is raising $15 million to commercialize a breakthrough lithium extraction technology. This innovation, using a process called Direct Lithium Extraction-Refining (DLE-R), could dramatically reduce costs, increase global lithium production, and reduce reliance on China for refining this critical battery material.
Analyst Comments: The potential impact of ElectraLith's DLE-R technology cannot be understated. If successful, this innovation could transform the lithium supply chain, much like shale did for the oil industry. By refining lithium without water or chemicals, and with the backing of Rio Tinto, ElectraLith's approach aligns well with global efforts to diversify critical mineral sources away from China, which currently controls 65% of lithium refining. However, the technology’s long development timeline and limited commercial use so far warrant cautious optimism.
FROM THE MEDIA: ElectraLith, a start-up from Melbourne's Monash University, has developed a process called DLE-R that could revolutionize lithium extraction and refining by using electrodialysis, bypassing traditional water-intensive methods. The technology could help the U.S. and Australia reduce their dependence on China for lithium refining, particularly as demand for the material is set to surpass supply. The start-up is seeking $15 million to build its first facility, with interest already shown by major oil, and gas companies, and government departments
READ THE STORY: FT
North Korea Delivers Tactical Ballistic Missile Launchers to Frontline Troops
Bottom Line Up Front (BLUF): North Korean leader Kim Jong Un oversaw the delivery of 250 new tactical ballistic missile launchers to frontline troops, raising tensions with South Korea. These launchers, designed by Kim, are positioned near the South Korean border, highlighting the North's growing military capabilities and its defiance against the U.S. and South Korea's joint military exercises.
Analyst Comments: The deployment of these launchers by North Korea signifies an escalation in its military posture, particularly as South Korea and the U.S. prepare for joint exercises. This move could be seen as a response to perceived threats from these drills, and it underscores Pyongyang's intent to maintain a robust deterrent against perceived aggression. The presence of Kim's daughter, Kim Ju Ae, at the event also suggests ongoing efforts to reinforce the leadership's legitimacy and continuity.
FROM THE MEDIA: Kim Jong Un oversaw the delivery of 250 new tactical ballistic missile launchers to North Korea's frontline troops. These launchers, capable of short-range attacks, are positioned near the South Korean border. During the ceremony, Kim blamed the U.S. for creating a "nuclear-based military block," justifying the need to bolster North Korea's military capabilities. Analysts suggest that this move is aimed at countering the U.S.'s extended nuclear deterrence and South Korea's defense strategies, particularly in light of the upcoming joint military exercises.
READ THE STORY: Reuters
Critical Vulnerability in Rockwell Automation Devices Allows Unauthorized Access
Bottom Line Up Front (BLUF): A high-severity security flaw (CVE-2024-6242) has been identified in Rockwell Automation ControlLogix 1756 devices, potentially allowing attackers to bypass security measures and execute unauthorized commands on industrial controllers.
Analyst Comments: This vulnerability underscores the critical importance of securing operational technology (OT) environments, particularly in industries reliant on automated control systems. Given the potential impact on industrial operations, organizations should prioritize updating affected devices to the latest firmware versions to mitigate the risk of unauthorized access and system compromise.
FROM THE MEDIA: The vulnerability, discovered by Claroty and addressed by Rockwell Automation, could allow attackers to bypass the Trusted Slot feature in ControlLogix controllers, enabling them to execute Common Industrial Protocol (CIP) commands that could alter system configurations. The flaw has been patched in updated firmware versions, and affected users must implement these updates to secure their systems against potential exploitation.
READ THE STORY: THN
Items of interest
US Army Acquires $100 Million in Electronic Warfare Backpacks, Leveraging Ukraine and Russia's Battle-Tested Tech
Bottom Line Up Front (BLUF): The US Army is set to purchase nearly $100 million worth of portable electronic warfare systems, known as the Terrestrial Layer System-Brigade Combat Team Manpack (TLS-BCT), a technology that has proven critical in the ongoing Ukraine-Russia conflict. These systems will enhance the Army's ability to dominate the electromagnetic spectrum (EMS) on the battlefield.
Analyst Comments: This acquisition reflects the growing importance of electronic warfare (EW) in modern conflicts, particularly in the context of the Ukraine-Russia war where EW has been pivotal in jamming communications, disrupting enemy operations, and providing tactical intelligence. The integration of TLS-BCT Manpacks into US Army brigade combat teams marks a significant enhancement in their operational capabilities, allowing them to conduct multi-domain operations with greater efficiency and precision. The deployment of this advanced technology underscores the military's shift towards more sophisticated, tech-driven warfare strategies, ensuring they remain competitive in the increasingly contested electromagnetic spectrum.
FROM THE MEDIA: The US Army has announced the acquisition of nearly $100 million worth of the Terrestrial Layer System-Brigade Combat Team Manpack, a portable electronic warfare system developed by Mastodon Design LLC, a subsidiary of CACI. This system, which fits into a standard backpack, will be used by electronic warfare units to monitor, jam, and collect signals within the electromagnetic spectrum, providing real-time data and situational awareness to commanders. Similar technologies have been used by both Ukrainian and Russian forces in their ongoing conflict, showcasing the vital role of EW in modern warfare. The system will be fielded later this year, offering the US Army a tactical edge in multi-domain operations.
READ THE STORY: MSN
Cyberspace and Electronic Warfare (EW) Operations for Army 2030 (Video)
FROM THE MEDIA: The Army plans to develop and employ integrated EW capabilities that provide ground commanders at all echelons with the ability to see itself, see the adversary, and affect the adversary in the EMS. The EW Ecosystem is interdependent with the Mission Command, Fires, Air Defense, Protection, Maneuver, and Intelligence ecosystems spanning the terrestrial, aerial, stratosphere, and space layers. The overall objective is to develop EW capabilities that serve as a force multiplier to counter extant and emerging threats while taking advantage of opportunities to detect, deny, deceive, disrupt, degrade, and destroy electromagnetic spectrum capabilities upon which our adversaries rely; while also serving to maintain our own EMS awareness to ensure freedom of maneuver in contested and congested environments.
Data Science Support to Cyber Electromagnetic Activities (Video)
FROM THE MEDIA: As more users gravitate to the Cloud and Smart Technologies there is an ever-present transmission of data from one point to another. With such an increase, it becomes more challenging for collectors and analysts alike to discern between the relevant intelligence information and the clutter. In this session, we will discuss how applying data science techniques can assist Cyber Electromagnetic Activities (CEMA) operators in processing Big Data while increasing analytic production.
The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.