Daily Drop (858): | EU: RU GAS | Brazil X | WhisperGate | Stablecoins |Brazil X | Montana: Planned Parenthood | AI : US, UK and EU | CN: Economy | Tropic Trooper | Geespace | Microchip Tech | RU: IO |
09-06-24
Friday, Sept 06 2024 // (IG): BB // ScraperDaddy // Coffee for Bob
Measures of Effectiveness (MoE):
MoEs are used to assess how well a system or operation achieves its intended goals. They are qualitative or quantitative metrics that reflect the success of achieving desired outcomes. For example, in a cybersecurity context, an MoE could be the reduction in successful cyber-attacks after implementing new security protocols.
Results: We are seeing an uptick in “163.com”, “189.com” and “QQ” subscribers.
U.S. Seizes 32 Pro-Russian Propaganda Domains in Disinformation Crackdown
Bottom Line Up Front (BLUF): In a sweeping action, the U.S. Department of Justice seized 32 internet domains linked to the pro-Russian propaganda group Doppelganger, accusing it of violating U.S. laws to spread disinformation supporting Russia’s policies and undermining international support for Ukraine. The domains mimicked legitimate media outlets to influence voters and sow discord in the lead-up to the 2024 U.S. presidential election.
Analyst Comments: This operation highlights U.S. efforts to counter foreign disinformation campaigns, particularly those aiming to exploit social and political divisions. Russia’s use of cybersquatting and AI-generated narratives via fake influencers shows the evolving complexity of modern influence operations. The domain seizures, alongside sanctions and indictments, underscore the growing collaboration between U.S. government agencies to curb malign foreign influence, particularly in sensitive electoral periods.
FROM THE MEDIA: The DOJ's crackdown on Russian-backed disinformation led to the seizure of 32 domains used by the Doppelganger group, which posed as major news outlets like Fox News and Der Spiegel. The domains aimed to influence public opinion by promoting false narratives around Ukraine and the 2024 U.S. elections. Additionally, the DOJ indicted two Russian nationals for funneling funds into disinformation campaigns via U.S.-based media channels, with operations involving the creation of thousands of videos targeting American political divisions.
READ THE STORY: THN
Chinese Authorities Obscure Economic Reality Amid Internal Information Challenges
Bottom Line Up Front (BLUF): As China's economy faces its most severe downturn in a generation, the government is concealing key economic data, raising concerns about transparency. Censorship of critical views, such as economist Zhao Jian’s call for more government stimulus, reflects the state's reluctance to acknowledge the full extent of the economic crisis. The Communist Party's internal decision-making processes may also be hindered by flawed information systems, further complicating efforts to address the downturn.
Analyst Comments: The Chinese government’s suppression of critical economic discourse highlights its increasing focus on controlling narratives surrounding economic policy. While managing public perception is crucial for the Party's image, the lack of transparency risks misaligning policy responses to the reality of the economic situation. Internally, flawed information flows may contribute to poor decision-making, hampering efforts to stabilize the economy. This approach underscores broader concerns about China's governance model, where political control often trumps effective economic management.
FROM THE MEDIA: On August 16, 2024, economist Zhao Jian's article, critical of China's lack of economic stimulus, was swiftly censored, reflecting the state’s grip on economic discourse. Amid the most serious downturn in decades, China's government has provided limited economic data, making it difficult for markets and citizens to assess the true state of the economy. Zhao's article, which suggested decision-makers’ logic was inscrutable to the market, symbolizes the growing gap between China’s economic realities and the narratives the government allows. This lack of transparency risks undermining both domestic confidence and international credibility.
READ THE STORY: The Economist
Chinese-Speaking Hacker Group Targets Human Rights Research in the Middle East
Bottom Line Up Front (BLUF): The Chinese-speaking hacker group Tropic Trooper, active since 2011, has launched a cyber campaign against government entities in the Middle East, particularly those studying human rights, such as the Israel-Hamas conflict. Using known vulnerabilities in web applications, the group deployed malware, including the Crowdoor backdoor, to infiltrate servers hosting human rights content. While the attack was ultimately unsuccessful, the attempt demonstrates the group’s strategic shift towards targeting sensitive geopolitical issues.
Analyst Comments: Tropic Trooper's focus on human rights studies marks an escalation in their cyber tactics, signaling a deeper interest in manipulating or accessing politically sensitive information. Their use of advanced techniques, including .NET exploitation and side-loading malware, highlights their capabilities in evading detection. This campaign aligns with a broader trend of nation-state actors targeting critical issues like human rights, potentially for espionage or influence operations. The involvement of high-value web platforms also suggests that these actors are expanding their target set beyond traditional government and industrial sectors.
FROM THE MEDIA: Since June 2023, Tropic Trooper has targeted government entities in the Middle East and Malaysia, focusing on servers connected to human rights research. The group, also known as APT23, deployed malware such as the Crowdoor backdoor via compromised web applications like Adobe ColdFusion and Microsoft Exchange. Despite Kaspersky detecting and preventing the attacks in June 2024, the group persisted, attempting to evade detection by uploading newer samples. This operation underscores their intent to access sensitive information related to human rights, particularly around contentious regional conflicts.
READ THE STORY: THN
Telegram’s Pavel Durov Criticizes French Authorities Following Arrest Over Content Moderation
Bottom Line Up Front (BLUF): Telegram CEO Pavel Durov, detained by French authorities on charges related to Telegram’s failure to moderate criminal content, has criticized the French government’s approach. Durov, under formal investigation, called the charges “misguided” and claimed that traditional legal action against the company, not him personally, would be more appropriate. He promised improvements in Telegram’s moderation but suggested the platform might leave markets incompatible with its principles.
Analyst Comments: Durov’s case highlights the ongoing tension between free speech, content moderation, and platform responsibility. His criticism of French authorities underscores the challenge governments face in holding tech executives accountable for platform misuse. While Durov promises enhanced moderation, his readiness to exit certain markets could escalate the debate over the balance between regulation and platform independence.
FROM THE MEDIA: Pavel Durov was detained in Paris on August 24 and charged with enabling criminal activities such as money laundering and drug trafficking through Telegram. Durov has expressed surprise at being held personally responsible for platform users' actions and reiterated Telegram's commitment to removing harmful content. However, he warned that the platform may exit markets with conflicting regulatory demands.
READ THE STORY: FT
Ex-Samsung Executive Faces Fresh Accusations of Stealing Chip Processing Technology
Bottom Line Up Front (BLUF): Former Samsung executive Choi Jinseog has been detained again in South Korea on fresh allegations of stealing advanced semiconductor technology related to 20-nanometre DRAM chips. Choi, who has been involved in a high-profile industrial espionage trial since 2023, is accused of attempting to replicate Samsung’s chip technology for use in a Chinese chipmaking venture. He denies the charges, claiming the information was publicly available.
Analyst Comments: The re-arrest of Choi Jinseog highlights the increasing tension between South Korea and China over industrial espionage in the semiconductor industry. As China seeks to catch up with global leaders like Samsung in chip manufacturing, these cases underscore the challenges South Korean firms face in protecting intellectual property. Given the geopolitical significance of semiconductor technology, this case could strain relations and lead to stricter controls on knowledge sharing.
FROM THE MEDIA: Choi Jinseog, a former Samsung executive who had been previously arrested for industrial espionage, was detained again on September 6, 2024, over new allegations of stealing DRAM chip processing technology. The case has drawn attention as part of South Korea’s broader crackdown on technology leaks to China. Choi’s lawyer insists that the information in question is publicly available, while Samsung has declined to comment.
READ THE STORY: Reuters
Montana’s Planned Parenthood Hit by Ransomware Attack, Threatens Sensitive Data Exposure
Bottom Line Up Front (BLUF): The Montana branch of Planned Parenthood fell victim to a ransomware attack by the RansomHub group, which threatens to leak 93 GB of stolen sensitive healthcare data. While incident response protocols have been activated and law enforcement is involved, the attack highlights growing concerns over cyberattacks on healthcare organizations.
Analyst Comments: This ransomware attack on Planned Parenthood demonstrates the increasing vulnerability of healthcare organizations, which store highly sensitive personal data. RansomHub's aggressive tactics, coupled with their rapid rise in the ransomware ecosystem, signal a broader shift in cybercriminal strategies. With Planned Parenthood’s critical role in Montana's reproductive health services, this breach could have severe implications for patient privacy and public trust in healthcare systems. The attack also highlights the need for stronger cybersecurity protections within the sector, a focus of new bipartisan legislation in the U.S.
FROM THE MEDIA: On August 28, 2024, Planned Parenthood of Montana discovered a cyberattack by the RansomHub group, known for numerous attacks in recent months. The group claims to have stolen 93 GB of sensitive data, though the full scope of the breach is still under investigation. Planned Parenthood has reported the incident to federal authorities and is working to restore its systems. RansomHub has rapidly risen in prominence by recruiting affiliates and offering aggressive payment models, having already targeted over 210 organizations in 2024. The attack raises alarms about the persistent threats facing healthcare providers.
READ THE STORY: The Record
China’s Geespace Launches 10 Satellites, Aims to Rival Starlink
Bottom Line Up Front (BLUF): Geespace, a subsidiary of Chinese automaker Geely, launched 10 low Earth orbit (LEO) satellites in September 2024, marking the third phase of its megaconstellation aimed at global broadband coverage. With 30 satellites now in orbit, Geespace seeks to create China's answer to SpaceX's Starlink, with plans to deploy nearly 6,000 satellites by 2025 to serve over 200 million users.
Analyst Comments: Geespace’s ambitious satellite project highlights China's growing focus on space-based internet services, rivaling SpaceX’s Starlink. The ability to deploy LEO satellites for cheaper and more efficient communications underlines China's strategy to dominate space technology and communication infrastructures. With state-backed ventures like SSST also entering the market, China aims to enhance global internet coverage while reducing dependency on foreign satellite networks, signaling a potential shift in the balance of space-based communications.
FROM THE MEDIA: Geespace successfully launched 10 new LEO satellites, bringing its total to 30, with plans for a 6,000-satellite constellation by 2025. This initiative, dubbed China’s private equivalent to Starlink, aims to provide 24-hour global communications. Other Chinese firms, like Shanghai Spacecom Satellite Technology, are also entering the LEO satellite race, signaling a competitive push against SpaceX’s Starlink in the global broadband market.
READ THE STORY: Reuters
Veeam Releases Critical Security Updates Fixing 18 Vulnerabilities
Bottom Line Up Front (BLUF): Veeam has released security updates addressing 18 vulnerabilities across its software products, with five critical flaws that could allow remote code execution. These include CVE-2024-40711, a Veeam Backup & Replication flaw with a CVSS score of 9.8, allowing unauthenticated remote code execution. Users are strongly advised to update to the latest versions to mitigate potential ransomware attacks.
Analyst Comments: Veeam’s recent patching of critical vulnerabilities highlights the growing threat landscape for enterprise backup solutions, making them prime targets for ransomware and data breaches. The potential impact of remote code execution flaws, especially those requiring low or no privilege access, is significant, as attackers could exploit these vulnerabilities to compromise entire networks. Organizations using Veeam should prioritize updating to the patched versions immediately to mitigate these risks.
FROM THE MEDIA: On September 5, 2024, Veeam released security updates fixing 18 vulnerabilities, including five critical ones affecting products like Veeam Backup & Replication, Veeam ONE, and Veeam Service Provider Console. These flaws could enable remote code execution, privilege escalation, and bypass of multi-factor authentication. Users are urged to update to the latest versions to protect their systems from potential exploitation by threat actors.
READ THE STORY: THN
U.S., UK, and EU Sign Historic AI Standards Agreement
Bottom Line Up Front (BLUF): The U.S., UK, and EU have signed a landmark legally binding treaty on AI standards, emphasizing the protection of human rights and democratic values in AI systems. The treaty, developed by the Council of Europe, has been supported by over 50 countries and aims to ensure accountability for harmful AI outcomes while promoting privacy and equality. Though lacking enforcement mechanisms like fines, the agreement marks a significant step toward global AI governance.
Analyst Comments: This international treaty represents a critical milestone in the global effort to regulate AI, especially amid rapid technological advancements. While the lack of stringent enforcement may limit its immediate impact, the agreement signals a growing consensus on the need for cross-border cooperation to address AI's ethical implications. It sets the foundation for broader, more cohesive governance frameworks, balancing innovation with the protection of fundamental rights—a significant move as AI systems increasingly influence both public and private sectors.
FROM THE MEDIA: On Thursday, the U.S., UK, and EU signed the Council of Europe’s convention on AI, the first legally binding international treaty aimed at regulating AI systems. The treaty was negotiated by more than 50 countries, including Japan, Australia, and Israel, and requires accountability for discriminatory or harmful outcomes from AI technologies. The pact comes as governments ramp up AI regulation, with the EU's AI Act and California’s AI legislation also shaping the future of AI governance. However, critics point out the treaty’s reliance on monitoring rather than fines for compliance.
READ THE STORY: FT
Microchip Technology Suffers Cyberattack, Employee Data Stolen by Ransomware Gang
Bottom Line Up Front (BLUF): Microchip Technology, a major U.S. semiconductor manufacturer, suffered a cyberattack by the Play ransomware gang, which resulted in the theft of employee contact information and hashed passwords. While customer and supplier data appear unaffected, the full impact of the breach is still under investigation. The attack briefly disrupted operations, though the company is now processing orders and shipping products again.
Analyst Comments: This attack on Microchip Technology underscores the growing risk of ransomware targeting high-value industries, particularly in critical sectors like semiconductors. The Play ransomware gang, known for aggressive tactics, exploited the firm’s systems to steal employee data. Although hashed passwords were taken, these could become vulnerable if attackers crack the encryption. Microchip’s swift response and ongoing collaboration with cybersecurity experts are crucial in mitigating potential long-term damage, but the breach serves as a reminder of the persistent threats to industrial and technological infrastructures.
FROM THE MEDIA: In an 8-K filing, Microchip Technology revealed that hackers from the Play ransomware gang breached its systems on August 18, disrupting operations and stealing employee contact information and hashed passwords. The company has since restored most systems and continues to investigate the attack, working with law enforcement and cybersecurity experts. While the breach did not affect customer data, Play has claimed responsibility, highlighting its recent surge in global cyberattacks. The gang has attacked over 300 organizations since 2022.
READ THE STORY: The Record
Venezuela’s Oil Exports Surge to Four-Year High Amid Political Tensions
Bottom Line Up Front (BLUF): Venezuela's oil exports in August 2024 reached their highest level in over four years, averaging 885,000 barrels per day, driven by increased shipments to China, the U.S., and Europe. This surge comes amid rising political tensions following a disputed July presidential election and the threat of new U.S. sanctions on Nicolás Maduro’s government. Venezuela's state oil company PDVSA and joint ventures, including Chevron and Repsol, significantly expanded operations despite looming geopolitical risks.
Analyst Comments: Venezuela’s oil export recovery is noteworthy, especially in light of the political uncertainty and the potential reimposition of U.S. sanctions. The country’s ability to expand oil shipments reflects its strategic partnerships with foreign firms like Chevron and Repsol, which have capitalized on temporary U.S. authorizations. However, the ongoing political crisis following Venezuela's disputed election and reshuffling of key energy officials suggests that any economic gains could be short-lived, especially if sanctions are reinstated.
FROM THE MEDIA: In August 2024, Venezuela's oil exports hit 885,000 barrels per day, a 62% increase over the previous year. These gains came largely from exports to China, the U.S., and Europe, with Chevron alone accounting for 227,000 bpd. This growth occurs amid political instability, with both President Nicolás Maduro and opposition leader Edmundo Gonzalez claiming victory in the July elections. As the U.S. considers new sanctions, Maduro reshuffled his cabinet, promoting Delcy Rodriguez to oil minister and Hector Obregon to CEO of PDVSA.
READ THE STORY: Reuters
Tech and Crypto Firms Rush to Capitalize on Stablecoin Boom
Bottom Line Up Front (BLUF): Technology and crypto companies, including Ripple, PayPal, and Mercado Libre, are launching new stablecoins, seeking to profit from the growing digital assets market. However, experts warn that most new tokens, used primarily for crypto trading, lack distinct features and may struggle to compete with industry giants like Tether and Circle, which dominate the market.
Analyst Comments: The surge in stablecoin offerings reflects optimism around the potential of digital currencies to revolutionize payments, but practical use cases remain limited. Most stablecoins are currently used for trading other cryptocurrencies, rather than as a means of everyday payment. As established players like Tether earn billions from U.S. Treasury interest, smaller entrants may face significant challenges unless they offer clear regulatory advantages or innovative use cases, such as cross-border payments.
FROM THE MEDIA: Amid a resurgence in the digital assets market, companies such as Mercado Libre, Banking Circle, and Hong Kong’s IDA have unveiled stablecoin plans, following Ripple and PayPal. While stablecoins now have a combined market cap of $169 billion, critics caution that many new entrants will likely fail to rival established tokens. Despite ambitions to expand beyond crypto trading, stablecoin adoption for consumer payments remains low, with most usage confined to digital asset trading platforms.
READ THE STORY: FT
Accessing X Through VPNs Now Illegal Amid Brazil’s Social Media Ban
Bottom Line Up Front (BLUF): Following a Brazilian Supreme Court decision upholding a ban on X (formerly Twitter), accessing the platform through VPNs is prohibited and punishable by fines. Despite VPN use remaining legal in Brazil for other purposes, circumventing the X ban via VPN could lead to daily fines of up to 50,000 Brazilian reais ($8,900). While enforcement is technically challenging, authorities could potentially track VPN activity through metadata.
Analyst Comments: Brazil's X ban represents a significant development in the ongoing debate between online freedom and government-imposed restrictions. While VPNs offer users a way to bypass bans, the legal risks for those accessing X are high, as courts have ruled against "technological subterfuge." Tracking VPN use, though difficult, is possible, especially if users' data or connection leaks occur. The rapid shift of users to platforms like Bluesky also indicates resistance against such restrictions and raises questions about broader implications for freedom of speech online.
FROM THE MEDIA: On September 2, 2024, Brazil’s Supreme Court upheld a ruling banning access to X, targeting both the platform and any use of VPNs to circumvent the restriction. The ruling, enforced by Judge Alexandre de Moraes, carries steep penalties for violators, although VPN usage remains legal for other purposes. Lawyers and VPN providers suggest that while detecting VPN use for accessing X is difficult, it is not impossible, particularly if users’ metadata is exposed. Meanwhile, platforms like Bluesky saw a significant influx of Brazilian users as they searched for alternatives.
READ THE STORY: Cointelegraph
Does the U.S. Have Anything to Learn from Europe?
Bottom Line Up Front (BLUF): Amid discussions of Europe’s perceived economic decline, a growing narrative suggests the U.S. might be outperforming Europe, even in areas where Europe has traditionally excelled, such as redistribution and welfare. U.S. commentators question the merit of Europe’s economic model, while some data shows the U.S. redistributes a larger share of income to lower-income households, despite having a more unequal pre-tax economy. However, debates on public service provision, targeted welfare, and income inequality continue.
Analyst Comments: The U.S. and Europe diverge in their approaches to welfare and redistribution, with each model having its strengths and drawbacks. The U.S.'s targeted welfare system seems efficient, but Europe's broader public service provision, from healthcare to education, contributes significantly to lower market inequality. The debate illustrates the balance between cash transfers and public services, raising questions about the sustainability and fairness of both systems. Europe’s challenge is overcoming recent setbacks without sacrificing its social safety nets, while the U.S. must address growing inequalities beyond redistribution.
FROM THE MEDIA: European policymakers have expressed concern about lagging behind the U.S., especially after the Inflation Reduction Act. U.S. commentators, including Nicholas Kristof, have pointed to Europe's economic struggles, suggesting that overregulation and misallocated subsidies are to blame. A report by the Manhattan Institute also argues that the U.S. welfare state may be more effective than Europe’s, redistributing a larger share of income to the lower class. However, Europe’s emphasis on universal public services, such as healthcare and education, shifts the balance towards equality in a different way, focusing less on direct cash transfers and more on social support.
READ THE STORY: FT
U.S. Indicts Russian GRU Unit for WhisperGate Cyberattacks on Ukraine
Bottom Line Up Front (BLUF): The U.S. government indicted five members of Russia's GRU Unit 29155 and a civilian for orchestrating cyberattacks, including the WhisperGate malware campaign, targeting Ukrainian government institutions. These indictments highlight the unit’s role in Russia’s cyber warfare, particularly during the lead-up to the invasion of Ukraine. U.S. agencies have offered a $10 million reward for information that could lead to prosecution.
Analyst Comments: This indictment underscores the persistent cyber threat posed by Russian state actors like GRU Unit 29155, notorious for espionage and sabotage across Europe. The focus on WhisperGate malware, used against civilian and non-military Ukrainian targets, aligns with Russia's broader hybrid warfare strategy. The DOJ's efforts to hold these individuals accountable also reflect increased international collaboration on cyber defense, with NATO countries frequently targeted.
FROM THE MEDIA: On September 5, 2024, U.S. federal agencies unsealed an indictment against five GRU officers and one civilian, accusing them of conspiring to hack Ukrainian government systems using WhisperGate malware. This campaign, which began in early 2022, targeted Ukrainian critical infrastructure, aiming to destabilize the country before Russia’s full-scale invasion. WhisperGate was deployed against civilian agencies like the State Treasury and the Ministry of Internal Affairs. The GRU’s cyber unit has since expanded its reach, targeting NATO members and other global entities through sophisticated hacking tools obtained from dark web sources.
READ THE STORY: The Record
Items of interest
Austria, Hungary, and Slovakia Still Rely on Russian Gas Flowing Through Ukraine
Bottom Line Up Front (BLUF): Despite Russia's significantly reduced gas exports to the European Union, its remaining supplies to several countries, including Austria, Hungary, and Slovakia, still pass through Ukraine. The recent capture of Sudzha, a key Russian gas terminal, by Ukrainian forces in August 2024 caused European gas prices to spike to a yearly high, highlighting Europe’s continued dependence on Russian energy despite efforts to diversify.
Analyst Comments: Europe's energy crisis, exacerbated by the ongoing war between Russia and Ukraine, underscores a broader dilemma: balancing energy security with political and economic sanctions. While many European nations have moved to reduce reliance on Russian gas, countries like Austria and Hungary remain critically dependent on the supplies flowing through Ukraine. The Ukrainian capture of a vital terminal is a reminder of the geopolitical risks tied to Europe's energy infrastructure, showing that the war's impact extends far beyond the battlefield.
FROM THE MEDIA: In August 2024, Ukrainian forces captured Sudzha, a strategic town in Russia that houses one of the last major terminals for gas exports to Europe via Ukraine. This event spurred a significant reaction in European energy markets, causing the benchmark gas price to rise to its highest point of the year. Although Russia’s gas exports to the EU have drastically declined due to sanctions and the war, key countries like Austria, Hungary, and Slovakia still rely on these supplies. Europe's energy dependency persists despite its reduced consumption of Russian gas, especially in light of the risks posed by the conflict.
READ THE STORY: The Economist
Why the EU is still buying Russian energy (Video)
FROM THE MEDIA: Since the beginning of the war in Ukraine, the European Union has radically reduced its imports of coal, oil and natural gas from Russia. In fact, the bloc's stated goal is to eliminate all Russian fossil fuel imports by 2027. But there is one glaring exception to this trend: Liquefied Natural Gas - or LNG, which the EU has been importing in record volumes from Russia. Video features report by DW’s Jack Parrock, as well as expert analysis from Carole Nakhle, CEO and founder of Crystol Energy, a consulting group.
Europe's Gas Reserves Hit Winter Levels Early as Russia Struggles with Sanctions (Video)
FROM THE MEDIA: Europe has successfully reached its winter gas storage levels two months ahead of schedule, signaling resilience against Russian energy pressure. As the EU reduces its dependence on Russian gas, reaching just 15% in 2023, Moscow faces significant challenges in compensating for the loss. Efforts to shift gas exports to China and liquefied natural gas (LNG) markets are hindered by sanctions and stalled negotiations. This report dives into the shifting dynamics of global energy markets and Russia's struggle to maintain its influence.
The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.