Daily Drop (892): China Telecom | US: Data Brokers | ScienceLogic SL1 | JP: SME Sales | CN: DISINFO | RU: Romanian Air Space | APT41 | ICS | VMware: DCE/RPC | IN & CN: LAC | Cyprus: CIKR | CN: Chips |
Daily Drop (892): China Telecom | US: Data Brokers | ScienceLogic SL1 | JP: SME Sales | CN: DISINFO | RU: Romanian Air Space | APT41 | ICS | VMware: DCE/RPC | IN & CN: LAC | Cyprus: CIKR | CN: Chips |
10-22-24
Tuesday, Oct 22 2024 // (IG): BB // ScraperDaddy // Cloud Email Harvester
US Pressures Japan to Limit Chipmaking Equipment Sales to China
Bottom Line Up Front (BLUF): The US pressures Japan to strengthen export restrictions on semiconductor manufacturing equipment (SME) sold to China, threatening unilateral action and economic penalties if Japan does not comply. This escalates the ongoing "chip wars" as the US seeks to curb China's growing semiconductor capabilities.
Analyst Comments: This latest move demonstrates the intensifying US-China tech competition, with the US aiming to halt China's semiconductor advancements by leveraging allies like Japan. However, Japan is caught between US demands and China’s threats of economic retaliation, a complex balancing act given China's status as a key market for Japanese SMEs. Expanding US restrictions could further fragment global semiconductor supply chains and accelerate China’s push for self-reliance in chip manufacturing.
FROM THE MEDIA: US House Select Committee members of the Chinese Communist Party sent a letter to the Japanese Ambassador, urging Japan to curb sales of semiconductor manufacturing equipment to China. US lawmakers, led by John Moolenaar and Raja Krishnamoorthi, warned that failure to comply could result in US action, including expanded restrictions under the Foreign Direct Product Rule (FDPR). They argued that China's growing chip production capacity, including secret projects linked to Huawei, represents a significant national security threat. Japan, which has been hesitant to restrict exports due to economic concerns further, now faces pressure from both Washington and Beijing.
READ THE STORY: The Register
Stolen Access Tokens Lead to New Internet Archive Breach
Bottom Line Up Front (BLUF): The Internet Archive has suffered another cyber breach involving stolen access tokens for its Zendesk customer support system. Attackers claimed access to over 800,000 support tickets in 2018 following a series of cyberattacks targeting the organization.
Analyst Comments: This breach highlights the critical importance of prompt and comprehensive incident response after a cyberattack. Despite earlier attacks, the Internet Archive's failure to rotate API keys exposed it to further exploitation. Attackers’ persistent access indicates a potential security oversight, leaving sensitive customer information vulnerable. Organizations should prioritize rapid security audits and the rotation of access credentials to prevent repeat incidents, especially following a breach.
FROM THE MEDIA: The Internet Archive faced a fresh cyber breach involving stolen access tokens from its Zendesk customer service platform. Hackers sent an email from what appeared to be an authorized Zendesk server, claiming access to 800,000 support tickets and criticizing the Internet Archive for not rotating its API keys after an earlier breach. The breach follows a wave of attacks, including DDoS, website defacement, and the exposure of a GitLab configuration file that likely contained sensitive authentication data. Security experts urge the organization to audit its defenses and revoke compromised credentials to mitigate future threats.
READ THE STORY: INFO SECMAG
China’s Spamouflage Campaign Tests New Disinformation Tactics on Senator Marco Rubio
Bottom Line Up Front (BLUF): Chinese disinformation group Spamouflage has resumed targeting U.S. Senator Marco Rubio with new tactics designed to spread disinformation on platforms like X (formerly Twitter) and Reddit. Researchers believe this campaign may serve as a testing ground for China’s future disinformation operations.
Analyst Comments: China’s ongoing information campaigns against U.S. politicians like Marco Rubio reflect its growing interest in shaping U.S. domestic opinion, particularly against critics of the Chinese Communist Party. The fact that Spamouflage is now testing more sophisticated methods, potentially enhanced by AI, indicates an evolving strategy. This points to a broader shift in China's disinformation efforts, mirroring Russian tactics of exploiting social divisions while adapting to the digital environment with hijacked accounts and improved content creation.
FROM THE MEDIA: A report by Clemson University’s Media Forensics Lab revealed that China’s Spamouflage campaign has resumed targeting Republican Senator Marco Rubio, who is known for his critical stance on China. Starting in mid-September 2024, the campaign used hijacked and repurposed accounts to spread disinformation, including fabricated stories and images critical of Rubio. In 2022, Spamouflage similarly flooded social media platforms with pro-Rubio content during his re-election campaign, but this latest wave took a more aggressive, anti-Rubio approach. Researchers believe this new effort is a test of new techniques, potentially involving AI-generated content, that China could use more widely in the future. Rubio declined to comment on the campaign but acknowledged the growing threat of Chinese information operations.
READ THE STORY: The Record
Romania Reports Airspace Violation Amid Russian Drone Attacks on Ukraine
Bottom Line Up Front (BLUF): On October 19, 2024, Romania scrambled fighter jets after detecting an unidentified object during a Russian drone attack on Ukraine. This was the second airspace violation within the same week. The object vanished from radar before contact, and authorities are investigating a possible cyber interference in Romania's defense systems.
Analyst Comments: The repeated incursions into Romanian airspace highlight the growing risks of the Russia-Ukraine conflict spilling over into NATO territories. Russia may experiment with tactics to undermine defensive radars or communication systems if cyber attacks were involved. This raises concerns for NATO, as Romania’s defenses could be vulnerable to similar threats in the future. NATO's readiness and response capabilities will be scrutinized more closely as these incidents increase in frequency.
FROM THE MEDIA: The Romanian Ministry of Defense detected an unidentified object near the Black Sea during a Russian drone assault on Ukraine. This triggered the scramble of Romanian and Spanish fighter jets, but the object disappeared from radar before visual contact was made. Romanian Prime Minister Marcel Ciolacu suggested that a cyber attack might have disrupted radar systems. This follows a similar incident on October 17, when Romania and Belarus dispatched jets in response to aerial targets during another Russian drone strike. Throughout the ongoing invasion of Ukraine, Romanian airspace has been breached multiple times, with debris from Russian drones landing on its territory.
READ THE STORY: The Kyiv Independent
Biden Administration Proposes New Rules Governing Data Transfers to Adversarial Nations
Bottom Line Up Front (BLUF): The Biden administration is advancing new regulations to prohibit data brokers from selling sensitive personal and federal data to six adversarial nations—China, Russia, Iran, North Korea, Venezuela, and Cuba. These restrictions aim to protect U.S. citizens' biometric, health, financial, and geolocation data from being exploited by foreign adversaries for espionage and cyberattacks.
Analyst Comments: The proposed rules are part of a broader U.S. effort to curb national security threats from adversarial countries leveraging big data. By tightening regulations on data brokers and companies, the U.S. aims to reduce the exploitation of sensitive American data for cyberattacks, disinformation campaigns, and espionage. This move also indicates the growing recognition of the risks associated with AI-powered data analysis, which adversaries can use to manipulate or surveil individuals and infrastructure.
FROM THE MEDIA: Bidens administration announced new proposed rules designed to regulate the transfer of sensitive personal and federal data to six adversarial nations: China, Russia, Iran, North Korea, Venezuela, and Cuba. These rules would prohibit U.S. companies from transferring more than pre-set volumes of Americans’ biometric, health, financial, and personal identifier data to entities in those countries. Special restrictions would also apply to data concerning military personnel and federal employees. The regulations target data brokers and companies involved in transactions with adversarial nations, requiring compliance with new cybersecurity standards, including encryption and data minimization. Violations could result in civil penalties or criminal prosecution.
READ THE STORY: The Record // The Register
Chinese Nation-State Hackers APT41 Target Gambling Sector for Financial Gain
Bottom Line Up Front (BLUF): Chinese state-sponsored hacking group APT41 has been linked to a prolonged cyberattack targeting the gambling industry. Over nine months, the group exploited stealthy tactics to gather critical data, including passwords and network configurations, while adapting their strategies to evade detection.
Analyst Comments: APT41’s activities demonstrate their dual focus on espionage and financial gain, using sophisticated cyberattacks on sectors like gambling to compromise critical infrastructure and steal sensitive information. Their ability to adapt mid-attack by adjusting tools and methods showcases a highly organized operation likely backed by state-level resources. The ongoing threat posed by APT41 indicates that companies in high-revenue industries like gambling remain vulnerable unless robust, adaptive defenses are maintained.
FROM THE MEDIA: Brass Typhoon/Wicked Panda has been implicated in a series of cyberattacks targeting the gambling industry, lasting at least nine months in 2024. According to Israeli cybersecurity firm Security Joes, APT41’s campaign focused on harvesting sensitive information like administrative passwords and network data, using sophisticated tools and strategies to maintain persistent access to compromised systems. The attackers continuously updated their methods to bypass security measures. The exact entry point is still under investigation, but spear-phishing is suspected. The hackers employed advanced tactics such as Phantom DLL Hijacking and DCSync attacks and exploited legitimate tools like wmic.exe to execute further malicious code.
READ THE STORY: THN
China Ramps Up Semiconductor Patents Amid US Export Restrictions
Bottom Line Up Front (BLUF): China has accelerated its semiconductor patent filings by 42% in 2023-24 as it pushes for self-reliance in chip production amidst tightening US export controls. With geopolitical tensions driving this surge, China's domestic semiconductor sector is rapidly innovating to reduce dependency on foreign technologies.
Analyst Comments: The surge in China’s semiconductor patent filings reflects its strategic response to U.S. export restrictions, which have cut off access to advanced chipmaking technologies. While China is still behind in cutting-edge semiconductor production, the rapid increase in R&D efforts signals a focused push toward achieving technological independence. This could significantly shift the global semiconductor landscape in the next decade as China looks to close the gap in AI hardware and sub-10nm chip technologies. However, the U.S., bolstered by initiatives like the Inflation Reduction Act, is also ramping up its chip production, setting the stage for heightened competition.
FROM THE MEDIA: According to a report from Mathys & Squire, global semiconductor patent applications increased by 22%, with China leading the charge at 42% growth. This surge is primarily attributed to China’s efforts to counteract U.S. export controls that limit access to advanced semiconductors. Chinese chipmaker Loongson, for instance, is attempting to catch up with Intel and AMD, though still trailing by several years. Despite these efforts, U.S. projections indicate that by 2032, the U.S. could produce 28% of the world’s advanced chips, compared to just 2% for China. The rise of AI has further accelerated semiconductor innovation across the globe, with both nations racing to secure their place in the chipmaking industry.
READ THE STORY: The Register
Addressing Vulnerabilities in Critical ICS Products: Siemens, Rockwell, and Delta
Bottom Line Up Front (BLUF): Vulnerabilities identified in industrial control systems (ICS) from major manufacturers like Siemens, Rockwell, and Delta have raised concerns about critical infrastructure security. These vulnerabilities pose significant risks, including unauthorized access and operational disruptions.
Analyst Comments: The discovery of vulnerabilities in ICS products from Siemens, Rockwell, and Delta highlights the growing cybersecurity challenges organizations depend on operational technology face. Given the potential for catastrophic failures in sectors such as energy and water, addressing these vulnerabilities is crucial. The increasing complexity of interconnected systems makes ICS environments more attractive targets for threat actors. Companies must implement a proactive approach by regularly applying patches, monitoring systems, and isolating ICS networks to mitigate risks.
FROM THE MEDIA: The ICS sector has faced heightened attention due to several vulnerabilities impacting Siemens, Rockwell, and Delta products. According to a recent CISA report, these vulnerabilities could allow threat actors to execute arbitrary code, threatening the operational security of critical infrastructure like power grids and water systems. Cyble has identified 54 vulnerabilities across multiple vendors, urging organizations to prioritize patching and updates. In particular, Siemens products were flagged for critical flaws, while Rockwell and Delta also had significant security gaps that attackers could exploit, risking widespread disruptions to essential services.
READ THE STORY: The Cyber Express
Cyprus' Critical Infrastructure Targeted by Pro-Palestine Cyberattacks
Bottom Line Up Front (BLUF): A coordinated cyberattack, claimed by pro-Palestine hacker groups, targeted critical infrastructure in Cyprus, including government websites, banks, and airports. The attacks caused temporary disruptions, mostly through DDoS tactics, though sensitive data may have been exfiltrated in some cases.
Analyst Comments: These attacks reflect how political conflicts, like the Israel-Palestine situation, increasingly extend into the cyber domain, targeting nations perceived to support opposing sides. Cyprus, despite its neutral stance in the conflict, became a target due to its historical support of Israel's military. The use of DDoS and data exfiltration techniques points to an attempt by hacker groups to pressure Cyprus politically while testing its ability to disrupt essential services. Companies and government agencies must remain vigilant and bolster their defenses against further cyber operations tied to geopolitical tensions.
FROM THE MEDIA: Cyprus’ critical infrastructure came under attack from several pro-Palestine hacker groups, including LulzSec Black, Moroccan Soldiers, and Anonymous Syria. The groups claimed responsibility for DDoS attacks that targeted banks, airports, and government websites, temporarily disrupting services. Although most systems were quickly restored, some hackers claimed to have exfiltrated sensitive data. The attacks were politically motivated, with the hackers stating that Cyprus was being "punished" for its support of Israel. Local authorities and cybersecurity firms have been on high alert since the attacks, with government officials urging preparedness but discouraging panic.
READ THE STORY: The Record
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
Bottom Line Up Front (BLUF): VMware has released patches to fix a critical remote code execution (RCE) vulnerability (CVE-2024-38812) in the vCenter Server, which could allow attackers to execute malicious code remotely. The vulnerability is rated 9.8 on the CVSS scale and stems from a heap overflow issue in the DCE/RPC protocol implementation.
Analyst Comments: The severity of CVE-2024-38812, along with its potential to allow remote code execution, makes it critical for organizations using vCenter Server to apply the latest patches immediately. While there are no reports of in-the-wild exploitation, the vulnerability could still become a target for cybercriminals if systems remain unpatched. VMware's swift action to reissue patches after the initial fix in September underscores the importance of staying up to date with security updates.
FROM THE MEDIA: VMware released updates to address a critical vulnerability in vCenter Server, tracked as CVE-2024-38812. The vulnerability, a heap overflow in the DCE/RPC protocol, could allow malicious actors with network access to trigger remote code execution by sending specially crafted network packets. Despite being initially patched in September, VMware acknowledged the fix was incomplete and has released additional updates for versions 8.0 U3d, 8.0 U2e, and 7.0 U3t, along with asynchronous patches for VMware Cloud Foundation versions 5.x, 5.1.x, and 4.x. Users are urged to update immediately to prevent exploitation.
READ THE STORY: THN
How Russia Weaponizes Energy to Wage Hybrid Warfare on Ukraine
Bottom Line Up Front (BLUF): Russia has integrated energy into its hybrid warfare against Ukraine, combining military attacks, cyberattacks, and disinformation to destabilize the country’s infrastructure and erode public trust. This multifaceted strategy also targets international support for Ukraine and exploits global reliance on fossil fuels.
Analyst Comments: The weaponization of energy is a key feature of Russia's hybrid warfare, leveraging Ukraine’s energy vulnerabilities to disrupt its economy and governance. The simultaneous use of missile strikes, cyberattacks, and media manipulation ensures that the damage extends beyond physical infrastructure to public perception and foreign alliances. Ukraine’s push towards renewable energy represents a critical pathway for undermining Russia’s leverage in this sector and achieving long-term security and independence.
FROM THE MEDIA: Since the onset of its invasion, Russia has continuously attacked Ukraine’s energy infrastructure, with over 50% of facilities now damaged. In 2024, the Russian-backed hacker group Sandworm launched numerous cyberattacks against Ukrainian energy, water, and heating systems, further destabilizing the sector. These cyberattacks are designed to coincide with missile strikes, compounding the disruption. Russia’s disinformation campaigns also aim to create public fear about new energy projects, such as Ukraine's Khmelnytskyi Nuclear Power Plant. This tactic extends globally, with Russian propaganda infiltrating Western media and political discourse to undermine Ukraine’s progress and shift toward renewable energy sources.
READ THE STORY: LA Progressive
China Telecom's Next 150,000 Servers to Feature Domestic Processors
Bottom Line Up Front (BLUF): China Telecom’s 2024 server tender largely favors domestic technology. Over 100,000 servers are expected to use locally produced processors from companies like Loongson and Zhaoxin, reducing reliance on foreign suppliers such as Intel and AMD. This aligns with China’s national strategy to achieve greater technological self-sufficiency.
Analyst Comments: China Telecom's shift toward domestic processors underscores Beijing's push to reduce dependence on Western technology amid ongoing trade tensions. While foreign players like Arm will still see some involvement, Intel and AMD are increasingly sidelined, signaling a significant shift in the global semiconductor market. China’s diversification of server architectures could present management complexities but align with its broader goal of fostering tech independence.
FROM THE MEDIA: China Telecom, one of the nation’s largest telecom providers, has placed a tender for over 150,000 servers in 2024, primarily opting for domestic manufacturers using local technology. Most of these servers will feature Chinese processors such as Loongson's RISC-V/MIPS hybrid, Zhaoxin’s Yongfeng architecture, and Shenwei’s SW chips. Non-Chinese suppliers, including Intel and AMD, will only supply around a third of the required servers. This development aligns with China’s tech strategy, aiming to reduce import reliance and foster domestic semiconductor production. Significant players like Lenovo, Inspur, and H3C have secured spots on China Telecom’s procurement list.
READ THE STORY: The Register
China and India to Implement Solutions on Border Conflict
Bottom Line Up Front (BLUF): China has announced that it reached a resolution with India to address its longstanding border conflict and plans to implement solutions through diplomatic and military channels. This comes after years of heightened tensions along the Line of Actual Control (LAC).
Analyst Comments: This development is a significant step toward reducing military tensions between two of the world’s most populous nations. A peaceful resolution could stabilize the region, but the implementation phase will be critical, as past agreements have faltered amid mutual distrust. Ongoing communication and tangible de-escalation actions, like troop withdrawal and infrastructure agreements, will ensure long-term stability.
FROM THE MEDIA: China's foreign ministry spokesperson, Lin Jian, confirmed that China and India had agreed on solutions to resolve their border conflict and are committed to implementing these resolutions. The spokesperson emphasized that both nations have maintained close communication through diplomatic and military channels. This announcement follows years of tension along their disputed border, particularly in the Himalayas, where violent clashes in 2020 led to casualties on both sides. The nature of the resolution has yet to be detailed, but it represents a notable shift toward de-escalation.
READ THE STORY: Reuters
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack
Bottom Line Up Front (BLUF): The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the critical vulnerability CVE-2024-9537, affecting ScienceLogic SL1, to its Known Exploited Vulnerabilities (KEV) catalog after it was actively exploited in a zero-day attack. The flaw, which allows remote code execution, has now been patched in newer software versions.
Analyst Comments: The active exploitation of CVE-2024-9537 underscores the ongoing risk posed by unpatched vulnerabilities, particularly in widely used IT management platforms like ScienceLogic SL1. The zero-day nature of the attack highlights the sophistication of threat actors in identifying and exploiting unpatched systems. Organizations using ScienceLogic SL1 must urgently apply the security patches, as this type of attack could be leveraged for espionage or further network compromises.
FROM THE MEDIA: CISA added CVE-2024-9537 to its Known Exploited Vulnerabilities catalog after reports of active exploitation as a zero-day. The vulnerability affects ScienceLogic SL1, a platform used for infrastructure monitoring, and could allow remote code execution. The vulnerability has been addressed in multiple versions, including 12.1.3 and higher. The exploit was first reported when Rackspace confirmed that an attack targeting its internal monitoring systems resulted in unauthorized access. The affected systems have since been patched, and impacted customers were notified. Federal agencies are required to apply patches by November 11, 2024.
READ THE STORY: THN
Items of interest
Hagerty, Peters Applaud Committee Approval of Bipartisan Legislation to Protect American Genetic Data from China-Controlled Companies
Bottom Line Up Front (BLUF): The Senate Foreign Relations Committee has approved a bipartisan bill to prohibit U.S. taxpayer dollars and federal contracts from going to Chinese-controlled biotechnology companies, such as the BGI Group, that pose national security risks by collecting and transferring Americans’ genetic data to China.
Analyst Comments: This legislation reflects growing bipartisan concerns about adversarial nations exploiting genetic data, particularly China. The bill aims to curb potential threats like bioweapon development and genetic surveillance. Similar to past actions against Huawei, this marks a strategic move to prevent foreign dominance in critical industries that could compromise U.S. security. This is a crucial step in safeguarding sensitive personal and genetic information, but its success will depend on effective enforcement and monitoring of global biotech supply chains.
FROM THE MEDIA: On March 6, 2024, the Senate Foreign Relations Committee approved the Prohibiting Foreign Access to American Genetic Information Act, a bipartisan bill introduced by Senators Bill Hagerty (R-TN) and Gary Peters (D-MI). The legislation aims to prevent U.S. taxpayer dollars from funding Chinese-controlled biotechnology companies, such as BGI Group and WuXi AppTec, known for collecting and transferring genetic data back to China for potential malign purposes. The bill bans federal contracts, grants, and loans from being awarded to these companies and establishes criteria for identifying other firms with similar risks. Representatives Mike Gallagher (R-WI) and Raja Krishnamoorthi (D-IL) introduced a companion bill in the House.
READ THE STORY: Senate
JM Webinar: Genetic Data: Potential Uses and Misuses in Marketing (Video)
FROM THE MEDIA: Exponential growth of the direct-to-consumer genetic testing (DTC-GT) industry has led to vast, privately-owned datasets containing individual-level genetic measures. Global companies, such as Spotify and AirBnB, have already partnered with DTC-GT companies and started incorporating genetic data into their business strategies.
How Your DNA Data Can Be Used Against You (Video)
FROM THE MEDIA: "In The Loop" brings viewers a distinctive deep dive into the news every weeknight. Host Christian Bryant keeps things real through a mix of creative explainers, on-the-ground storytelling, and some off-the-wall fun to unpack one big story each night and showcase a range of Newsy’s best reporting. You can find "In The Loop" on Newsy’s streaming apps for Roku, Fire TV and Vizio every Monday-Friday starting at 9pm EST, or head to newsy.com/stream to catch the full show.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.