Daily Drop (900): Russian Criminal Influence | Olympic Cyber Infiltration | Logistical Military Risks | Spetsnaz Unit Decline | Iran Retaliation | RU: Currency Influence | Telegram Cyber Espionage

11-01-24

Nov 01, 2024

Friday, Nov 01 2024 // (IG): BB // ScraperDaddy // Cloud Email Harvester

Russia’s Covert Operations in Europe Escalate with Growing Ties to Organized Crime

Bottom Line Up Front (BLUF): Russian covert operations in Europe, including sabotage, cyber incursions, and assassination attempts, have increased since the Ukraine invasion, leveraging transnational criminal networks and private military actors like the Wagner Group. This expanded strategy aims to destabilize Europe and advance Russian geopolitical interests with plausible deniability.

Analyst Comments: Integrating criminal elements into state-directed covert operations marks an alarming evolution in Russia’s hybrid warfare. By outsourcing aggressive tactics to criminal networks, Russia gains flexibility and reduces direct attribution risks, complicating European counterintelligence efforts. This approach also shows Moscow’s adaptation to the limitations of conventional warfare and aligns with a global trend where states use criminal entities to circumvent international norms. As European nations, especially Germany and Poland, ramp up counterintelligence, they may also push for stronger international laws and cooperative frameworks to address this escalating security threat.

FROM THE MEDIA: Reports highlight a notable increase in Russian covert activities targeting European critical infrastructure, dissidents, and political stability. Russia’s GRU and other intelligence branches are reportedly expanding personnel and operational reach within Europe. These actions, involving both cyber and physical sabotage, are often facilitated by criminal organizations, amplifying Russia’s influence through "plausibly deniable" actors. The Wagner Group, a key player in these operations, has come under scrutiny for orchestrating sabotage within the UK. In response, European and U.S. intelligence agencies are intensifying countermeasures, with Germany and Poland leading these initiatives to address Russia's use of irregular warfare tactics and organized crime to destabilize its adversaries.

READ THE STORY: TF // Grey Dynamic

Iranian Cyber Group Emennet Pasargad Targets Paris Olympics Display Provider

Bottom Line Up Front (BLUF): The FBI, alongside the U.S. Department of Treasury and Israel’s National Cyber Directorate, confirmed that Iranian cyber group Emennet Pasargad targeted the 2024 Paris Olympics. The attackers attempted to hijack French display boards to project anti-Israel messages, marking a high-profile intrusion in the international event.

Analyst Comments: This attack reflects Emennet Pasargad's strategic use of high-visibility events like the Olympics for political influence, emphasizing Iran’s evolving cyber capabilities. By hijacking display systems and spreading disinformation, the group highlights the vulnerabilities in critical infrastructure, especially at high-profile venues. This incident could lead to enhanced cybersecurity measures for future global events and reinforce the need for international cooperation to counter cyber-enabled disinformation.

FROM THE MEDIA: In July 2024, Emennet Pasargad hacked a French display provider for the Paris Olympics, aiming to display content denouncing Israel’s participation. The U.S. FBI noted that the group used its cover organization, Aria Sepehr Ayandehsazan (ASA), to conceal its operations. Coordinated with disinformation tactics, the attackers circulated false news articles on a French media platform and impersonated the far-right group “GUD” to intimidate Israeli athletes. This follows a pattern of influence campaigns by Emennet Pasargad, which in the past targeted the U.S. and Israel through phishing, fake personas, and AI-generated videos.

READ THE STORY: The Record

U.S. Military Forced to Rely on Commercial Ships for Logistics in Potential China Conflict

Bottom Line Up Front (BLUF): The Pentagon increasingly relies on commercial shipping lines to transport essential supplies due to a shortage of military-owned cargo ships. This strategy, while necessary, exposes vulnerabilities in the U.S. military’s logistical capacity, mainly if a conflict with China arises.

Analyst Comments: The U.S. faces a significant logistical challenge with limited military shipping assets, aging vessels, and strained commercial partnerships. In a high-stakes Pacific conflict, U.S. supply chains would face unprecedented risks, particularly from cyberattacks and direct strikes by China’s military. This shortage in military cargo capacity could undermine the Pentagon's ability to sustain prolonged operations, highlighting an urgent need to revamp America’s military logistics infrastructure and invest in maritime resources that can operate under contested conditions.

FROM THE MEDIA: As tensions with China grow, the U.S. military increasingly depends on commercial shipping to transport 80% of its supplies for operations outside active war zones. Pentagon planners meet biweekly with shipping executives to ensure that these commercial partners will assist in wartime. However, concerns remain as Transcom’s reserve fleet is insufficient: 28 out of 44 ships will retire within the next eight years. In contrast, China has over 7,000 commercial vessels available, which could be quickly militarized. Transcom has implemented measures like hosting classified meetings with shipping partners and securing access to more ships. Still, U.S. logistics would remain vulnerable due to "the tyranny of distance" in the Pacific.

READ THE STORY: WSJ

Severe Losses in Ukraine Cripple Russia’s Spetsnaz Special Forces

Bottom Line Up Front (BLUF): Russia's Spetsnaz special forces, among its most elite units, have sustained significant losses throughout the war in Ukraine. Reports indicate that several Spetsnaz brigades are reduced to fractions of their original strength due to intense combat and Ukraine’s counteroffensives, compromising Russia's high-stakes operational capabilities.

Analyst Comments: The depletion of Spetsnaz forces reflects a substantial blow to Russia’s elite military capabilities, as these specialized units cannot be swiftly replaced due to the extensive training and experience required. This setback weakens Moscow’s capacity for future precision operations, a strategic disadvantage that could impact Russia’s response agility in future conflicts with near-peer adversaries. Rebuilding Spetsnaz strength could take Moscow up to a decade, potentially leaving gaps in Russian special operations capabilities and encouraging adversaries to capitalize on this vulnerability.

FROM THE MEDIA: Since the beginning of the Ukraine invasion, Spetsnaz units have been at the forefront, tasked with high-risk operations like attempted decapitation strikes on Ukrainian leadership. However, Ukraine’s robust resistance and counterattacks have exacted a heavy toll on these units, as reported by Pentagon leaks and corroborated by BBC sources. The losses have rendered some Spetsnaz brigades almost inoperable, marking a severe blow to Russia’s elite forces. Given the elite and irreplaceable nature of Spetsnaz soldiers, it could take Moscow years to restore these units to pre-war levels, a setback that analysts consider a critical weakening of Russia’s special operations framework.

READ THE STORY: MSN

Iran’s Revolutionary Guard Vows Retaliation Against Israel’s Airstrikes

Bottom Line Up Front (BLUF): Following recent Israeli airstrikes on Iranian targets, commanders from Iran’s Revolutionary Guard Corps (IRGC) have vowed severe retaliation, warning that any response could be "unimaginable." Iran is weighing whether to strike before the U.S. presidential election or wait for a diplomatic breakthrough, especially amid the ongoing conflict between Israel and Hezbollah.

Analyst Comments: The IRGC's declarations reflect Iran’s determination to maintain pressure on Israel and leverage regional tensions for strategic gains. While Tehran considers a response, Iran may also leverage indirect actions via Hezbollah to sustain pressure without escalating directly with Israel, especially given the current U.S. commitment to defend its allies. However, delays in retaliation could undermine Iran’s regional stance, leading to more aggressive moves to reassert dominance, especially if ceasefire efforts fail.

FROM THE MEDIA: IRGC Major General Hossein Salami warned that Iran’s response to Israeli airstrikes would be “unimaginable.” This escalation follows Israel’s October 26 airstrikes targeting Iranian missile facilities and air defense systems. Iranian leaders, including Brigadier General Ali Fadavi, expressed commitment to retaliate, a move they are considering before the upcoming U.S. election, which could alter the geopolitical landscape. Israeli officials insist on retaining their defense options, complicating ceasefire negotiations between Israel and Hezbollah. Tehran’s analysts suggest that indirect actions via proxies like Hezbollah might keep tensions high without forcing a confrontation.

READ THE STORY: FT

Iranian Cyber Group Emennet Pasargad Targets Paris Olympics Display Provider

READ THE STORY: The Record

CISA Chief Confirms No Foreign Interference in 2024 Election Infrastructure

Bottom Line Up Front (BLUF): CISA Director Jen Easterly has assured that less than a week before the U.S. election, there is no evidence of foreign interference in American election systems. While disinformation campaigns by foreign adversaries are ongoing, election infrastructure remains secure.

Analyst Comments: This assessment by CISA signals progress in election cybersecurity since 2016, indicating that U.S. efforts to decentralize and fortify election systems have been effective. However, as the 2024 election approaches, the potential for disinformation remains high, particularly in battleground states, where close races might fuel tensions. This stability in election systems may help prevent disruptions, but vigilance will be critical to counter any attempts to sway public opinion through fake narratives or provocative misinformation.

FROM THE MEDIA: In a recent interview, Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency (CISA), stated that the U.S. election infrastructure shows no signs of foreign interference. Officials from the Office of the Director of National Intelligence also confirmed that no foreign actors have breached systems to alter votes. Although disinformation efforts by countries like Russia, China, and Iran aim to influence public opinion, the decentralized nature of U.S. election systems adds resilience, as each state operates independently. However, authorities remain alert, as Russia is suspected of circulating manipulated videos, including one falsely showing ballot destruction. Easterly emphasized the importance of citizens trusting local officials and encouraged unity in recognizing the election’s legitimacy.

READ THE STORY: The Record

Musk's X Faces Criticism for Failing to Curb US Election Misinformation

Bottom Line Up Front (BLUF): Elon Musk's social media platform X is under scrutiny for inadequate efforts to counteract the spread of false information about the 2024 U.S. election. A report by the Center for Countering Digital Hate (CCDH) reveals that the platform's Community Notes feature failed to alert all users to inaccuracies in 74% of reviewed posts containing election misinformation.

Analyst Comments: The findings underscore an urgent need for enhanced misinformation control measures on social media, particularly during election cycles where false information can disrupt democratic processes. X's reliance on crowd-sourced fact-checking may be insufficient, and with more robust moderation, the platform could avoid a heightened public and regulatory backlash. Musk's vocal support for Donald Trump has intensified concerns about X's commitment to objective content oversight, raising questions about the platform's future role in public discourse and misinformation management.

FROM THE MEDIA: According to a report published on October 31, 2024, by the CCDH, X's Community Notes feature needs to effectively counter misleading election-related content on the platform. Of the 283 posts reviewed by CCDH, 209—74%—lacked corrective notes visible to all users, leading to approximately 2.2 billion views of unchecked misinformation. The report follows a lawsuit filed by CCDH, accusing X of allowing a surge in hate speech and disinformation. This comes amid ongoing pressure from U.S. officials and other entities on X to address misinformation, as several state election officials have also criticized the platform for failing to correct AI-generated election falsehoods. Musk’s endorsement of Republican candidate Donald Trump has fueled debates on potential biases in X's moderation practices.

READ THE STORY: Reuters

BIS Exits mBridge, Leaving Currency Project Open to Russian and Chinese Influence

Bottom Line Up Front (BLUF): The Bank for International Settlements (BIS) has withdrawn from mBridge, a digital currency-based cross-border payment initiative, amid geopolitical concerns. Russian President Vladimir Putin reportedly sees the project as a blueprint for a BRICS-led payments system that could bypass U.S. sanctions, raising fears about the platform's use as a sanctions-evasion tool.

Analyst Comments: BIS’s departure from mBridge underscores the complex interplay of financial innovation and global power dynamics. Without BIS oversight, mBridge may serve as a powerful tool for countries like Russia and China to circumvent Western sanctions, diminishing the influence of the U.S. dollar in international transactions. Western central banks may feel heightened pressure as the platform evolves to develop alternatives that maintain sanction enforceability while delivering the efficiency gains of digital currency technology. This shift could hasten the race for a new financial system less dominated by Western controls.

FROM THE MEDIA: BIS launched mBridge in 2021 to streamline cross-border transactions using digital currencies, partnering with China, Hong Kong, the UAE, and Thailand. However, BIS quietly withdrew from the project on October 31, 2024, likely due to increased geopolitical tensions, as Russia’s recent BRICS summit suggested plans to replicate mBridge for a sanctions-proof payment system. Despite BIS’s assurances that the project was not intended to circumvent sanctions, Putin's interest in developing a similar platform has stirred opposition from Western officials. Analysts fear the mBridge project, now led primarily by China, may further weaken U.S. financial sanctions, as several nations increasingly seek non-dollar transaction methods.

READ THE STORY: The Economist

Emeraldwhale Gang Leaks Thousands of Stolen Credentials in Cloud Configuration Error

Bottom Line Up Front (BLUF): A new cybercrime group, Emeraldwhale, inadvertently exposed over 15,000 stolen credentials from cloud and email services after mistakenly storing them in an open AWS S3 bucket. The credentials discovered by Sysdig’s Threat Research Team include access to over 10,000 private repositories, resulting from a targeted campaign exploiting misconfigured Git and Laravel environment files.

Analyst Comments: This breach highlights the persistent vulnerability posed by misconfigured cloud storage and web services, which attackers like Emeraldwhale continue to exploit. This incident's scale points to the gang’s technical acumen and operational risk, as the accidental exposure may compromise their network. Emeraldwhale’s use of French-based malware suggests collaboration or origin in Francophone regions, hinting at the international nature of cybercrime. The incident reinforces the need for organizations to audit and secure cloud configurations rigorously.

FROM THE MEDIA: In an attack between August and September, cybercriminals known as Emeraldwhale conducted extensive scans to find exposed Git and Laravel configuration files, compromising tens of thousands of credentials from cloud and email providers. Sysdig security engineer Miguel Hernandez reported that these misconfigurations granted access to over 10,000 private repositories. While the stolen credentials were intended for phishing campaigns and were valued at hundreds of dollars each on underground markets, the gang’s misstep of storing the data in an accessible AWS S3 bucket led to its discovery. Sysdig alerted AWS, which promptly secured the exposed data. The tools used, including malware strains MZR V2 and Seyzo-v2, trace back to French-speaking developers, adding a geographic clue to the gang’s possible origin.

READ THE STORY: The Register

Items of interest

Russian Hackers Target Ukrainian Military with Malware Distributed via Telegram

Bottom Line Up Front (BLUF): Russian cyber actors, operating under the code name UNC5812, are deploying malware targeting Ukrainian military personnel through Telegram channels. The attack leverages malware named SUNSPINNER, PURESTEALER, and CRAXSRAT to compromise both Windows and Android devices, stealing sensitive information and tracking military recruitment activities.

Analyst Comments: This operation illustrates the expanding use of social media and messaging apps like Telegram in cyber-espionage campaigns, exploiting its reach and ease of use. By focusing on Ukrainian recruitment systems, Russian threat actors demonstrate a tactical approach to undermining military mobilization efforts. The campaign's sophisticated multi-platform approach and social engineering tactics underscore the strategic importance of securing communication channels and implementing rigorous app vetting processes.

FROM THE MEDIA: Google’s Threat Intelligence Group reported that in September 2024, Russian hackers began distributing malware through a Telegram channel and website disguised as a Ukrainian military recruitment tracker. On Windows, users are tricked into downloading SUNSPINNER, a decoy app, and PURESTEALER, an info-stealer targeting browser credentials and crypto wallets. Android users are targeted through CRAXSRAT, which enables extensive surveillance and device control. The attack was promoted on Ukrainian Telegram channels, including a missile alert group, with the malware connecting to a command-and-control server for data exfiltration. The operation includes an influence campaign with anti-mobilization messaging spread across pro-Russian social media.

READ THE STORY: CSN

Counter Deception: Defending Yourself in a World Full of Lies (Video)

FROM THE MEDIA: The Internet was supposed to give us access to the world's information, so that people, everywhere, would be able to know the truth. But that’s not how things worked out. Instead, we have a digital deception engine of global proportions. Nothing that comes through the screen can be trusted, and even the things that are technically true have been selected, massaged, and amplified in support of someone’s messaging strategy.

On Your Ocean's 11 Team, I'm the AI Guy (technically Girl) (Video)

FROM THE MEDIA: One of the best parts of DEF CON is the glitz and glam of Vegas, the gambling capital of the world. Many have explored hacking casinos (on and off stage). Unfortunately, it’s just not like it is portrayed in the Oceans franchise.. in real life there’s much less action, no George Clooney, and it’s a lot harder to pull off a successful heist.

The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.

Bob’s Newsletter

Discussion about this post