Daily Drop (837): | Moonstone Sleet | Bitcoin Reserve | DARPA: C to Rust | OFBiz ERP | Musk vs Altman | Google Antitrust | Schulman: Rival | uBlock Origin | CN: HBM | IEA: Oil's Future | BreachForums
08-06-24
Tuesday, Aug 06 2024 // (IG): BB // ShadowNews // Coffee for Bob
Measures of Effectiveness (MoE):
MoEs are used to assess how well a system or operation achieves its intended goals. They are qualitative or quantitative metrics that reflect the success of achieving desired outcomes. For example, in a cybersecurity context, an MoE could be the reduction in successful cyber-attacks after implementing new security protocols.
Results: We are seeing an uptick in “163.com”, “189.com” and “QQ” subscribers.
Chinese Firms Stockpile Samsung Chips Amid Fears of New U.S. Export Curbs
Bottom Line Up Front (BLUF): Chinese tech giants, including Huawei and Baidu, are stockpiling high-bandwidth memory (HBM) chips from Samsung Electronics in anticipation of impending U.S. export restrictions. This strategic move underscores China's efforts to secure critical technology components as global trade tensions escalate.
Analyst Comments: The stockpiling of HBM chips by Chinese firms signals their strategic preparation for potential U.S. export controls that could restrict access to advanced semiconductor technology. As China relies heavily on these components for AI development, the anticipated curbs could severely impact its tech ambitions. Samsung, a key supplier, may face significant disruptions if the U.S. restrictions come into effect, especially given the high demand from Chinese companies. This situation also highlights the broader implications of the U.S.-China tech rivalry on the global semiconductor supply chain, potentially leading to tighter supplies and increased prices for these critical components.
FROM THE MEDIA: Chinese technology companies, including major players like Huawei and Baidu, are reportedly hoarding HBM semiconductors from Samsung Electronics in response to expected U.S. export restrictions. These chips are essential for advanced AI applications, and China's demand for them has surged, making up about 30% of Samsung's HBM revenue in the first half of 2024. The anticipated U.S. curbs, expected to be announced later this month, could further strain the global semiconductor supply chain, particularly for AI-capable memory chips. While Chinese firms have made progress in developing their own HBM chips, they remain several generations behind the latest models, increasing their reliance on foreign suppliers like Samsung.
READ THE STORY: Reuters
The IEA’s Strategic Shift Sparks Controversy Amid Peak Oil Predictions
Bottom Line Up Front (BLUF): The International Energy Agency (IEA) predicts global peak oil demand by 2029, driven by increased adoption of renewable energy and electric vehicles. This stance, championed by IEA head Fatih Birol, has drawn sharp criticism from oil companies and political figures who accuse the agency of compromising its neutrality in favor of climate politics.
Analyst Comments: The IEA’s pivot under Fatih Birol towards advocating for the energy transition reflects the evolving global consensus on climate action, but it also positions the agency at the center of a contentious debate. While the IEA's forecasts have become a critical resource for governments and investors navigating the energy transition, they have alienated key stakeholders in the fossil fuel industry. This growing divide underscores the challenges the IEA faces in balancing its traditional mandate of energy security with the pressing need to address climate change. As the agency continues to expand its influence, particularly among emerging economies, its role in shaping the global energy landscape is more significant—and controversial—than ever.
FROM THE MEDIA: Fatih Birol, executive director of the IEA, has transformed the agency from its traditional focus on energy security to a more aggressive advocate for the global energy transition. Under his leadership, the IEA has predicted that global oil demand will peak by 2029, a forecast that has intensified tensions with oil-producing nations and companies. Critics, including OPEC and U.S. political figures, argue that the IEA’s focus on climate change is politically motivated and could lead to destabilizing energy markets. Despite the pushback, Birol maintains that the energy transition is irreversible, emphasizing that the IEA’s data-driven approach is essential for guiding the world through this critical period of change. The agency's forecasts are now central to the strategies of governments and financial institutions worldwide, even as they provoke controversy among those with vested interests in the status quo.
READ THE STORY: FT
Data Leak Exposes Information of BreachForums v1 Members
Bottom Line Up Front (BLUF): A data leak has exposed the personal information of over 212,000 members of the notorious hacker platform BreachForums v1. The leaked data, which includes user IDs, login names, email addresses, and IP addresses, originated from a backup made in November 2022 and is now reportedly in the hands of malicious actors.
Analyst Comments: The exposure of BreachForums v1 member data highlights the inherent risks within the cybercriminal ecosystem. This incident not only compromises the anonymity of individuals involved in illicit activities but also exposes them to potential law enforcement action or retaliation from rival threat actors. The leak also underscores the vulnerabilities even within forums dedicated to illegal activities, where users often assume a higher level of security and anonymity. As these data breaches continue to occur, they may contribute to increasing mistrust and paranoia within cybercriminal communities, potentially driving them to adopt even more stringent security measures.
FROM THE MEDIA: Members of BreachForums v1, a platform known for facilitating the trade of stolen data, have had their personal information exposed in a significant data leak. The leak affects over 212,000 members and includes sensitive details such as user IDs, email addresses, and IP addresses. The leaked information was reportedly obtained from a database backup made in November 2022 and was allegedly offered for sale by the forum's owner, Conor Fitzpatrick, also known as Pompompurin. The data has since been purchased by multiple threat actors, raising concerns about the potential misuse of the information.
READ THE STORY: iZOOlogic
Google Chrome’s Manifest v3 Transition Signals End for uBlock Origin
Bottom Line Up Front (BLUF): Google's transition from Manifest v2 to Manifest v3 in Chrome will soon render popular ad-blocking extension uBlock Origin (uBO) non-functional. uBO creator Raymond Hill confirmed that uBO will not be adapted to work with Manifest v3, urging users to seek alternatives before Chrome's support for v2 ends.
Analyst Comments: The impending shift to Manifest v3 in Chrome marks a significant change for browser extensions, particularly those focused on content blocking like uBlock Origin. Manifest v3 is designed to enhance security and performance, but it also limits the capabilities of extensions that rely on the deep access provided by Manifest v2. This transition reflects broader industry trends towards stricter extension frameworks, which could lead to reduced functionality in ad blockers and privacy tools. Users loyal to uBO may migrate to other browsers, such as Firefox, which still supports the more powerful extension model, or explore alternatives like uBlock Origin Lite, though these come with limitations.
FROM THE MEDIA: Google's Chrome Web Store has begun notifying users that uBlock Origin will soon be incompatible with Chrome, as the browser phases out support for Manifest v2. The stable release of Chrome 127, which debuted in late July 2024, included warnings for uBO users, marking the beginning of the end for the widely-used extension. Raymond Hill, uBO's creator, has stated that he will not adapt uBO to the new Manifest v3 framework due to its limitations. Instead, users are advised to transition to uBlock Origin Lite, a more basic version compatible with Manifest v3, though it lacks many of the features that made uBO popular. As the transition nears, some users have already expressed their dissatisfaction, with many threatening to abandon Chrome altogether for browsers that continue to support more robust ad-blocking capabilities.
READ THE STORY: The Register
New Android Spyware LianSpy Targets Russian Users, Evades Detection via Yandex Cloud
Bottom Line Up Front (BLUF): A newly discovered Android spyware, dubbed LianSpy, has been targeting Russian users since 2021. The malware, uncovered by Kaspersky, uses Yandex Cloud services for command-and-control (C2) operations to avoid detection and bypasses Android security features to exfiltrate sensitive data.
Analyst Comments: LianSpy represents a sophisticated evolution in Android malware, particularly in its use of legitimate cloud services like Yandex Cloud to evade detection. The malware’s ability to bypass Android 12’s privacy indicators and gain root access via a modified su binary suggests a high level of technical expertise and possibly state-sponsored origins. Its focus on Russian targets aligns with the growing trend of region-specific cyber espionage. As this malware continues to evolve, it underscores the critical need for robust mobile security measures and vigilant monitoring of unusual app behaviors.
FROM THE MEDIA: Kaspersky researchers have identified a new strain of Android spyware, LianSpy, which has been active since 2021. The spyware targets users in Russia, leveraging Yandex Cloud for C2 communications to avoid detection. LianSpy can capture screencasts, exfiltrate files, and harvest call logs and app lists, all while bypassing security features like Android 12’s privacy indicators. The malware disguises itself as legitimate apps, such as Alipay or Android system services, and operates covertly using root privileges obtained through a renamed su binary. The reliance on legitimate cloud services and sophisticated evasion techniques highlights the growing complexity of Android spyware threats.
READ THE STORY: THN
Trump's Bitcoin Reserve Proposal Sparks Debate in Cryptocurrency Circles
Bottom Line Up Front (BLUF): Donald Trump, during a recent campaign speech, proposed the creation of a national Bitcoin reserve if elected, a move that has sparked significant debate within the cryptocurrency community. The U.S. government already holds a substantial amount of Bitcoin, largely from criminal seizures, but the idea of an official strategic Bitcoin stockpile raises questions about its potential impact on the market and the fundamental decentralized ethos of Bitcoin.
Analyst Comments: Trump's proposal for a U.S. Bitcoin reserve highlights the growing intersection between cryptocurrency and politics, particularly as digital assets become more mainstream. While the notion of a state-controlled Bitcoin reserve could stabilize and potentially increase the value of Bitcoin, it also conflicts with the decentralized principles that underpin the cryptocurrency. Additionally, the concentration of Bitcoin in government hands could lead to market manipulation fears and reduce the availability of Bitcoin for private investors, raising concerns among crypto enthusiasts about state interference in a system designed to be free from such control.
FROM THE MEDIA: In a speech at a Nashville crypto convention, Donald Trump suggested that, if elected, his administration would establish a strategic national Bitcoin stockpile, retaining all Bitcoin the U.S. government currently holds or acquires. This proposal, alongside similar ideas from politicians like U.S. Senator Cynthia Lummis and independent candidate Robert F. Kennedy Jr., has ignited discussions about the feasibility and implications of such a reserve. The U.S. government’s Bitcoin holdings, estimated at $11.1 billion, primarily originate from criminal seizures. While proponents argue that a government Bitcoin reserve could bolster the currency's value, critics worry about the potential reduction in tradable Bitcoin and the contradiction it presents to Bitcoin's decentralized nature. The concept also raises complex questions about how such a reserve would be managed and its potential impact on the broader crypto market.
READ THE STORY: Reuters
Kazakh Organizations Targeted by 'Bloody Wolf' Cyber Attacks Using STRRAT Malware
Bottom Line Up Front (BLUF): A cyber threat group known as Bloody Wolf has been targeting organizations in Kazakhstan with STRRAT malware, using phishing emails to impersonate government agencies. The attacks leverage malicious Java archive (JAR) files to gain control over corporate systems and exfiltrate sensitive data.
Analyst Comments: The Bloody Wolf campaign underscores the ongoing risk posed by commodity malware like STRRAT, particularly when coupled with social engineering tactics such as phishing. By masquerading as government agencies and using less common file types like JAR files, the attackers effectively bypass conventional security measures, making these types of campaigns particularly dangerous for under-prepared organizations. The use of legitimate services like Pastebin for command-and-control further complicates detection and response, highlighting the need for robust cybersecurity measures, including user education, to defend against such sophisticated attacks.
FROM THE MEDIA: Kazakh organizations are under attack by a cyber threat group dubbed Bloody Wolf, which uses phishing emails to distribute the STRRAT malware. Disguised as official communications from the Ministry of Finance, the emails lure victims into downloading malicious JAR files hosted on a website mimicking the Kazakh government’s portal. Once installed, the malware persists by modifying the Windows Registry and runs stealthily, exfiltrating data and executing commands via Pastebin. The attackers’ use of JAR files and legitimate web services enables them to evade detection and maintain control over compromised systems, posing a significant threat to targeted organizations.
READ THE STORY: THN
Critical Zero-Day Vulnerability in Apache OFBiz ERP Allows Remote Code Execution
Bottom Line Up Front (BLUF): A critical zero-day vulnerability, CVE-2024-38856, has been discovered in Apache OFBiz, an open-source ERP system, allowing remote code execution on affected versions. With a severity score of 9.8/10, this flaw is particularly dangerous as it bypasses authentication mechanisms, exposing critical endpoints to attackers. The vulnerability impacts versions prior to 18.12.15 and is related to a previous path traversal flaw.
Analyst Comments: The discovery of CVE-2024-38856 in Apache OFBiz underscores the persistent risks posed by vulnerabilities in widely-used enterprise software. Given its high CVSS score and the ease with which it can be exploited, organizations using OFBiz must prioritize patching to prevent potential breaches. This vulnerability is part of a troubling pattern of serious security flaws in OFBiz, which has already been targeted by threat actors to deploy malware such as the Mirai botnet. The situation emphasizes the critical need for robust patch management and continuous monitoring to safeguard ERP systems against evolving threats.
FROM THE MEDIA: A new zero-day vulnerability in Apache OFBiz, tracked as CVE-2024-38856, has been disclosed, affecting versions prior to 18.12.15. Discovered by SonicWall, the flaw allows unauthenticated attackers to achieve remote code execution by exploiting a weakness in the authentication mechanism. This vulnerability is notably severe, with a CVSS score of 9.8, and bypasses previous patches intended to fix related security issues, such as CVE-2024-36104. The flaw lies in the override view functionality, which exposes critical endpoints, making the system vulnerable to remote attacks through specially crafted requests. The security community is urging immediate updates to mitigate this high-risk vulnerability, especially given the history of similar exploits in Apache OFBiz being used for botnet deployments.
READ THE STORY: THN
Elon Musk Sues OpenAI Again, Alleging Betrayal by Sam Altman
Bottom Line Up Front (BLUF): Elon Musk has filed a new lawsuit against OpenAI and its CEO, Sam Altman, claiming that he was deceived into supporting the company under false pretenses. Musk alleges that OpenAI's transition from a non-profit to a for-profit model constitutes a betrayal of its original mission and demands compensation for his financial contributions and damages.
Analyst Comments: Musk’s renewed legal battle against OpenAI and Sam Altman highlights the ongoing friction between the original vision of OpenAI as an altruistic, open-source initiative and its current for-profit direction. Musk's accusations of betrayal reflect his dissatisfaction with OpenAI's evolution, especially given the significant financial and reputational support he provided during its early days. This lawsuit could have far-reaching implications for OpenAI's operations, particularly its high-profile partnerships with companies like Microsoft, which could be scrutinized further if Musk's claims gain legal traction.
FROM THE MEDIA: Elon Musk has reignited his legal dispute with OpenAI, filing a new, more comprehensive lawsuit against the organization and its CEO, Sam Altman. The complaint, which expands on a previously dropped lawsuit, accuses Altman of misleading Musk into supporting OpenAI under the guise of it being an open, non-profit entity dedicated to safe AI research. According to Musk, OpenAI's later shift to a for-profit model, particularly its exclusive deals with Microsoft, was a deliberate attempt to profit from technology developed with his support. The lawsuit outlines multiple charges, including breach of contract and fraud, and seeks not only financial restitution but also the dismantling of key agreements that have benefited OpenAI's business. OpenAI has yet to comment on the latest filing, maintaining its previous stance that Musk's accusations are unfounded.
READ THE STORY: The Register
North Korean Hackers Deploy Malicious npm Packages to Target Windows Systems
Bottom Line Up Front (BLUF): The North Korea-affiliated hacking group Moonstone Sleet continues its campaign by pushing malicious npm packages to infect Windows systems. These packages, published in July 2024, were quickly removed but underscore the persistent threat posed by state-sponsored cyber actors exploiting popular software repositories like npm.
Analyst Comments: Moonstone Sleet's latest activity reflects a sophisticated and persistent approach to cyber espionage, leveraging widely-used platforms such as npm to spread malware. The reuse of code from legitimate GitHub repositories in these malicious packages highlights the growing challenge of securing open-source ecosystems against state-sponsored threats. Organizations must remain vigilant, implementing strict controls and monitoring dependencies to mitigate the risks posed by such sophisticated attacks. The incident also emphasizes the importance of rapid detection and response mechanisms to limit the impact of these threats.
FROM THE MEDIA: North Korean hacking group Moonstone Sleet, also known as Stressed Pungsan, has been found pushing malicious npm packages aimed at infecting Windows systems. The packages, named harthat-api and harthat-hash, were designed to execute a pre-install script that checks the operating system before downloading and executing additional payloads from a remote server. Though these packages were quickly taken down, their existence highlights the ongoing risks posed by malicious actors leveraging popular open-source platforms to distribute malware. Security researchers have linked these activities to broader campaigns targeting specific sectors, including recent attacks in South Korea, which involved malware distribution through compromised software update mechanisms.
READ THE STORY: THN
Federal Judge Rules Google’s Default Search Deals Violate Antitrust Law
Bottom Line Up Front (BLUF): A federal judge has ruled that Google’s practice of paying to make its search engine the default on smartphones and browsers violates U.S. antitrust law. This decision marks a significant victory for the Department of Justice in its efforts to curb Big Tech's monopolistic practices. The ruling could have far-reaching implications for Google's business model and the broader tech industry.
Analyst Comments: The ruling against Google underscores the growing judicial scrutiny of Big Tech’s market dominance, particularly concerning practices that stifle competition. By labeling Google as a monopolist under the Sherman Act, the decision could lead to significant changes in how tech giants conduct business, especially in terms of default agreements and exclusive deals. However, the complexity of crafting a remedy that effectively restores competition without disrupting the market presents a significant challenge for the courts. As Google plans to appeal, this case could set a precedent for future antitrust actions in the tech industry.
FROM THE MEDIA: In a landmark decision, Judge Amit Mehta ruled that Google’s payments to secure its position as the default search engine on smartphones and web browsers violate U.S. antitrust law. The ruling follows a lengthy trial and could force Google to alter its agreements with device manufacturers and browser developers. While Google’s ad management platform, Search Ads 360, was cleared of antitrust violations, the judge found that Google’s dominance in general search and search advertising allowed it to raise prices without concern for competition, effectively monopolizing the market. Despite acknowledging Google’s superior search quality, the court emphasized that its monopolistic behavior limits consumer choice and stifles competition. Google intends to appeal the decision, arguing that it unfairly penalizes them for providing a high-quality service that consumers prefer.
READ THE STORY: The Register
OpenAI Co-Founder John Schulman Departs for Rival AI Firm Anthropic
Bottom Line Up Front (BLUF): John Schulman, a co-founder of OpenAI, has left the company to join rival AI firm Anthropic, citing a desire to focus more on AI alignment and return to hands-on technical work. His departure adds to the recent series of significant exits from OpenAI, including other key figures like Ilya Sutskever and Andrej Karpathy.
Analyst Comments: Schulman’s departure from OpenAI to Anthropic highlights the increasing movement of top talent within the competitive AI industry. His focus on AI alignment at Anthropic suggests a deepening of the divide between AI firms in their approach to the ethical development and deployment of AI technologies. OpenAI’s recent loss of multiple high-profile employees could signal internal shifts or strategic disagreements, particularly as the company faces increased scrutiny and legal challenges. As Anthropic continues to attract talent from leading AI organizations, its role in shaping the future of AI ethics and safety will likely become more prominent.
FROM THE MEDIA: John Schulman, one of the founding members of OpenAI, announced his departure from the company to join Anthropic, a rival AI firm, in a move motivated by his desire to concentrate on AI alignment and engage in more technical work. This exit follows a string of other significant departures from OpenAI, including co-founders Ilya Sutskever and Andrej Karpathy. OpenAI is currently undergoing substantial personnel changes, raising questions about its internal dynamics as it navigates ongoing challenges, including a revived lawsuit from Elon Musk. Anthropic, known for its focus on AI safety, continues to bolster its team with prominent figures from the AI research community.
READ THE STORY: Reuters
International Operation Shuts Down Cryptonator Wallet in Major Money Laundering Bust
Bottom Line Up Front (BLUF): Cryptonator, a digital wallet and cryptocurrency exchange, was taken down in an international law enforcement operation involving the FBI, IRS, and German police. The platform is accused of facilitating extensive money laundering activities, processing millions in transactions linked to criminal activities, including ransomware and dark web markets.
Analyst Comments: The takedown of Cryptonator underscores the growing global cooperation in combating cryptocurrency-related crimes, particularly those involving money laundering and illicit transactions. Cryptocurrencies have long been exploited by criminal networks due to their perceived anonymity and ease of cross-border transactions. The operation's success reflects the increasing sophistication of law enforcement agencies in tracing and seizing digital assets linked to illegal activities. This case also highlights the risks associated with cryptocurrency platforms that fail to implement robust compliance measures, as they become prime targets for both criminals and law enforcement.
FROM THE MEDIA: Cryptonator, a digital wallet and cryptocurrency exchange, was shuttered over the weekend following an international operation spearheaded by the FBI, IRS, and German law enforcement. The platform, allegedly used for laundering money linked to various criminal enterprises, processed over $150 million in transactions tied to illicit activities, including ransomware payments and dark web transactions. Roman Boss, the CEO of Cryptonator, was implicated in the operation, with charges including money laundering and operating an unlicensed money transmitting business. Authorities are seeking his arrest and the forfeiture of all illegal proceeds associated with the platform. The operation is a significant blow to cryptocurrency-fueled money laundering networks.
READ THE STORY: The Register
Items of interest
DARPA's TRACTOR Initiative Aims to Convert Legacy C Code to Rust Using AI
Bottom Line Up Front (BLUF): DARPA has launched the TRACTOR project, aiming to automate the conversion of C code to Rust using AI, in order to enhance memory safety in critical software systems. While promising, the initiative faces significant technical challenges, especially in handling complex C constructs.
Analyst Comments: This acquisition reflects the growing importance of electronic warfare (EW) in modern conflicts, particularly in the context of the Ukraine-Russia war where EW has been pivotal in jamming communications, disrupting enemy operations, and providing tactical intelligence. The integration of TLS-BCT Manpacks into US Army brigade combat teams marks a significant enhancement in their operational capabilities, allowing them to conduct multi-domain operations with greater efficiency and precision. The deployment of this advanced technology underscores the military's shift towards more sophisticated, tech-driven warfare strategies, ensuring they remain competitive in the increasingly contested electromagnetic spectrum.
FROM THE MEDIA: DARPA's TRACTOR project, short for "TRanslating All C TO Rust," is an ambitious effort to employ machine-learning tools for converting legacy C code into Rust, a language known for its inherent memory safety. The goal is to mitigate vulnerabilities like buffer overflows, which are prevalent in C and C++ code. The project reflects the broader shift in the tech industry towards memory-safe programming, spurred by advocacy from major companies like Google and Microsoft, and supported by government bodies like the US Cybersecurity and Infrastructure Security Agency (CISA). However, experts caution that the automated conversion process is fraught with challenges, such as handling C's flexible but risky use of pointers, which Rust strictly regulates. Despite these hurdles, the initiative is seen as a crucial step in enhancing cybersecurity in systems where legacy C code is still prevalent.
READ THE STORY: The Register
Cyberspace and Electronic Warfare (EW) Operations for Army 2030 (Video)
FROM THE MEDIA: The Army plans to develop and employ integrated EW capabilities that provide ground commanders at all echelons with the ability to see itself, see the adversary, and affect the adversary in the EMS. The EW Ecosystem is interdependent with the Mission Command, Fires, Air Defense, Protection, Maneuver, and Intelligence ecosystems spanning the terrestrial, aerial, stratosphere, and space layers. The overall objective is to develop EW capabilities that serve as a force multiplier to counter extant and emerging threats while taking advantage of opportunities to detect, deny, deceive, disrupt, degrade, and destroy electromagnetic spectrum capabilities upon which our adversaries rely; while also serving to maintain our own EMS awareness to ensure freedom of maneuver in contested and congested environments.
Data Science Support to Cyber Electromagnetic Activities (Video)
FROM THE MEDIA: As more users gravitate to the Cloud and Smart Technologies there is an ever-present transmission of data from one point to another. With such an increase, it becomes more challenging for collectors and analysts alike to discern between the relevant intelligence information and the clutter. In this session, we will discuss how applying data science techniques can assist Cyber Electromagnetic Activities (CEMA) operators in processing Big Data while increasing analytic production.
The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.