Daily Drop (904): Bee's 1 Meta 0 | State Ran Cognitive Warfare | dstat[.]cc | RU: Weaponize Crime | Google’s VRED LLMs | CN: Addicted to Telecom's | MSS: Thugs | NATO: Hellscape Model | Evil llama |
11-05-24
Tuesday, Nov 05 2024 // (IG): BB // ScraperDaddy // Cloud Email Harvester
Russia’s Integration of Organized Crime as a Statecraft Tool
Bottom Line Up Front (BLUF): Since 2012, Russia has increasingly used organized crime networks to circumvent sanctions, conduct intelligence operations, and destabilize Western nations. This approach intensified after Russia’s 2022 invasion of Ukraine, with criminal syndicates supporting state objectives by smuggling restricted goods, facilitating financial flows, and engaging in cyber and intelligence activities.
Analyst Comments: The Kremlin’s deepening collaboration with criminal networks highlights a strategic shift where organized crime serves Russia’s geopolitical goals rather than merely financial gain. Criminal groups offer Russia operational flexibility, allowing it to sustain its economy amid sanctions and conduct covert operations that would be diplomatically risky otherwise. This symbiosis of state and criminal actors enables Russia to project power asymmetrically, creating new challenges for Western security frameworks. Effective countermeasures require strengthened international cooperation and adaptable sanctions that disrupt these hybrid state-criminal operations.
FROM THE MEDIA: In a recent report, “Gangsters at War,” Russia’s use of organized crime is revealed as a central element of its statecraft. Under President Vladimir Putin’s “mobilization state” strategy, Russia relies on these networks to obtain military-grade technology through black markets, launder funds, and engage in cyber and intelligence work. Russian intelligence agencies are known to work alongside criminal organizations to conduct cyberattacks, sabotage operations, and even targeted assassinations. Additionally, the Kremlin has weaponized migration by using smuggling routes to instigate political instability across Europe. This integration of criminal networks within state policy underscores Russia’s tactical shift toward using illicit activities to destabilize adversaries and evade sanctions, raising the need for an international response.
READ THE STORY: Global Initiative
Nakasone Views Election Influence Campaigns as Mark of U.S. Cybersecurity Success
Bottom Line Up Front (BLUF): Retired Gen. Paul Nakasone views the current transparency around foreign election influence efforts as a sign of improved U.S. cybersecurity. According to Nakasone, heightened awareness and public response to influence campaigns from adversaries like Russia and China reflects the progress made in securing U.S. elections since 2018.
Analyst Comments: Nakasone’s comments reflect the U.S. shift toward proactive cyber defense and transparency. He points out that rather than preventing influence entirely, modern strategy now involves detecting, publicizing, and mitigating foreign interference swiftly—an approach that could shape future defense policies. By highlighting the value of partnerships across the private sector, academia, and international allies, Nakasone also emphasizes the evolving nature of cyber defense, particularly in areas like AI-driven threat detection. Such a framework could set a precedent for tackling influence campaigns, underscoring the value of international and cross-sector cooperation.
FROM THE MEDIA: In an interview with The Record, Nakasone noted that U.S. election security operations have evolved since 2018, emphasizing both improved partnerships and better intelligence-sharing with the public. He remarked that past operations prioritized secrecy, but modern practice emphasizes identifying, exposing, and countering threats from groups like China’s Volt Typhoon and Salt Typhoon. Nakasone also praised AI platforms for their defensive capabilities, helping detect malign digital activity, including foreign influence. He voiced particular concern over China’s Salt Typhoon hacking group, which has infiltrated U.S. telecom systems for large-scale intelligence gathering.
READ THE STORY: The Record
Meta's Nuclear-Powered Datacenter Plans Halted by Environmental Concerns Over Bees
Bottom Line Up Front (BLUF): Meta's ambitious plan to power its AI data center with nuclear energy has been scrapped due to the discovery of a rare bee species on the proposed site and ensuing regulatory and environmental concerns.
Analyst Comments: Meta’s pivot to nuclear power highlights a growing trend among tech giants seeking stable, emissions-free energy sources for data centers supporting AI. Nuclear energy offers an appealing solution to AI's vast power demands without increasing carbon footprints. However, Meta’s setback underscores the increasing importance of biodiversity and environmental protections, which could impede similar projects as they come under scrutiny from regulators and environmental groups. Companies may face heightened pressure to mitigate ecological impacts through careful site selection and enhanced regulatory compliance as the tech industry leans into nuclear power.
FROM THE MEDIA: The proposed facility would have been powered through a partnership with an existing nuclear plant to deliver emissions-free energy. This setback follows similar environmental and regulatory challenges faced by Amazon and Microsoft in their nuclear energy initiatives. Meta’s increased 2024 capital expenditure budget, rising to up to $40 billion, reflects its ongoing commitment to building AI-driven data centers despite challenges with eco-friendly energy sources. The Electric Power Research Institute (EPRI), which advocates for pollinator-friendly energy sites, has shown that nuclear-powered locations can support ecological efforts. However, Meta has yet to confirm further plans.
READ THE STORY: The Register
Evil llama: Ollama AI Framework Enable DoS, Model Theft, and Poisoning Attacks
Bottom Line Up Front (BLUF): Six significant vulnerabilities have been identified in the open-source Ollama AI framework. These allow attackers to execute DoS attacks, steal and poison AI models, and exploit critical flaws with a single HTTP request. Only four vulnerabilities have been patched so far, leaving some exploits available.
Analyst Comments: The Ollama framework vulnerabilities underline the risks of deploying large language models (LLMs) without robust access control. With over 9,800 internet-facing instances, this breach could open the door to abuse if endpoint access isn’t restricted. The two unpatched vulnerabilities are particularly concerning as they enable attackers to poison models or steal intellectual property. Ollama’s issues mirror growing cybersecurity challenges in AI deployment, where frameworks, often configured with default settings, face risks akin to exposing critical Docker sockets to the internet.
FROM THE MEDIA: Oligo Security researchers revealed six vulnerabilities in Ollama, a popular framework for local AI model deployment. These flaws, including denial-of-service (DoS) and file traversal attacks, were discovered across multiple API endpoints, enabling attackers to crash services, conduct model poisoning, or steal AI models. Four vulnerabilities were assigned CVE identifiers and patched, with CVSS scores reaching up to 8.2 (CVE-2024-39720), which enables DoS attacks. The remaining flaws allow model tampering and theft and are unpatched; Ollama recommends filtering endpoint access to mitigate these risks. Despite these recommendations, Oligo Security found that one in four Ollama instances remains vulnerable worldwide, with the most significant cases exposed in China, the U.S., and Germany. This revelation follows a severe remote code execution flaw (CVE-2024-37032) reported earlier this year.
READ THE STORY: THN
NATO Requires a “Hellscape” Defense Modeled on U.S. Replicator Speed
Bottom Line Up Front (BLUF): NATO needs a rapid-response "hellscape" defense model, utilizing low-cost, autonomous unmanned vehicles (UVs) on a large scale. By following the U.S. Department of Defense’s Replicator model, which deploys thousands of autonomous systems within two years, NATO can significantly strengthen its deterrent capability against Russian aggression while minimizing costs.
Analyst Comments: This “hellscape” approach represents a paradigm shift in defense, emphasizing affordability, lethality, and adaptability through unmanned systems. Rapidly acquiring and deploying unmanned vehicles can fill gaps in NATO’s current readiness, particularly as Russia increases its military capabilities. NATO’s emphasis on traditional force structures has left it vulnerable to faster, more flexible threats, so adopting the Replicator model could offset NATO's existing shortfalls and rebalance power in Europe. To be fully effective, however, NATO must also enhance cybersecurity, supply chains, and strategic prepositioning to ensure these systems are secure and ready to counter multidomain threats.
FROM THE MEDIA: A recent Atlantic Council report underscores the urgency for NATO to adopt a “hellscape” defense approach inspired by the U.S. Replicator model. This strategy would rely on the mass deployment of affordable, autonomous UVs across NATO’s key front lines and European maritime zones. The U.S. aims to deploy thousands of these UVs in the Indo-Pacific by 2025, and NATO could replicate this framework in Europe to counter potential Russian advances. The authors recommend prepositioning these capabilities in NATO’s northeast and bolstering defense infrastructure in vulnerable areas like the Baltic and Black Seas. Key to success would be expanding industrial production for unmanned systems across Europe, engaging private cybersecurity firms to safeguard supply chains, and preparing critical infrastructures like energy and logistics to withstand potential Russian disruptions.
READ THE STORY: AC
Turning the Tables: Google’s LLMs Uncover Hidden Software Vulnerabilities
Bottom Line Up Front (BLUF): Google’s researchers used a large language model (LLM) to identify an undisclosed vulnerability in the widely used SQLite database, marking the first known use of AI to discover a real-world, memory-safety flaw in the software. The bug was patched swiftly, demonstrating AI’s potential as a proactive cybersecurity tool.
Analyst Comments: This breakthrough shows the emerging role of AI in fortifying cybersecurity defenses by automating the identification of vulnerabilities before they can be exploited. Although this AI-assisted approach remains experimental, its success underscores how AI can extend beyond traditional fuzzing techniques to locate complex, elusive bugs. If fully developed, this technology could shift the cybersecurity landscape by reducing the time attackers have to weaponize vulnerabilities, potentially reversing the asymmetry that has long favored cyber attackers.
FROM THE MEDIA: Google revealed that it used a large language model to identify a previously unknown vulnerability in SQLite. The flaw was reported to SQLite’s developers in October and patched the same day, preventing any risk to end users. Part of Google’s Big Sleep initiative—a collaboration between Project Zero and Google DeepMind—this success follows AI-assisted research launched after a similar SQLite vulnerability was found at DEFCON in August. While fuzzing remains a popular vulnerability-testing technique, Google’s team believes AI could better detect hard-to-find bugs, mainly variants of known vulnerabilities. In 2022, over 40% of zero-days were found to be re-exploitable variations, an issue this AI tool aims to mitigate.
READ THE STORY: The Record
German Authorities Dismantle DDoS-for-Hire Platform dstat[.]cc
Bottom Line Up Front (BLUF): German police have shut down dstat[.]cc, a DDoS-for-hire platform that enabled even non-technical users to launch powerful distributed denial-of-service attacks. Two suspects have been arrested, marking a significant step in the PowerOFF operation aimed at dismantling criminal infrastructures supporting DDoS and narcotics trafficking.
Analyst Comments: The dismantling of dstat[.]cc underscores law enforcement’s expanding focus on “stresser” and “booter” services, which enable malicious actors to conduct DDoS attacks with minimal expertise. Platforms like dstat[.]cc, which review and facilitate access to DDoS services, play a central role in democratizing cyberattack capabilities, allowing even low-skilled actors to target websites. The PowerOFF operation’s success reflects a growing trend in international cooperation against cybercrime. Yet, it also highlights the persistent challenge of anonymous and resilient dark web infrastructure that continues to evolve and evade law enforcement.
FROM THE MEDIA: Germany’s Federal Criminal Police Office (BKA) announced the successful disruption of dstat[.]cc, a platform that provided access to DDoS-for-hire services. Dstat[.]cc reportedly enabled users to rent botnets and evaluate DDoS services, lowering technical barriers for cybercriminals to execute attacks against various online targets. The platform also connected users to reviews and contact information for other “booter” services, facilitating comparison and selection for malicious purposes. In connection with the takedown, two individuals aged 19 and 28 were apprehended for alleged involvement in DDoS operations and an unrelated online narcotics trafficking operation on a platform called "Flight RCS." The takedown of dstat[.]cc forms part of “PowerOFF,” an ongoing multinational initiative that has led to the closure of multiple DDoS-for-hire sites, including digitalstress[.]su and Anonymous Sudan.
READ THE STORY: THN
Chinese State-Sponsored Hackers Allegedly Breach SingTel in Global Telecommunications Attacks
Bottom Line Up Front (BLUF): Chinese Advanced Persistent Threats (APTs) have increased operational sophistication by exploiting vulnerabilities in edge devices over the years, starting notably during the pandemic. These devices, situated at the network periphery, are both points of entry and operational nodes for broader botnet attacks.
Analyst Comments: The reported breach at SingTel adds to a troubling pattern of state-sponsored cyber intrusions into telecommunications, a sector vital for national security. This incident underscores the high stakes as foreign actors embed themselves within critical infrastructure, potentially to exploit vulnerabilities later or collect intelligence. The alleged involvement of Chinese groups, including Volt Typhoon and Salt Typhoon, in similar attacks globally may indicate a strategic push by China to increase its cyber control over essential communication systems, particularly during geopolitical tension.
FROM THE MEDIA: A recent Bloomberg report revealed that Volt Typhoon, a Chinese-linked hacking group, breached Singapore Telecommunications Ltd. (SingTel) earlier this year as part of a coordinated campaign to access global telecommunications systems. Anonymous sources familiar with the investigation suggest this campaign may serve China's long-term strategic goals, possibly enabling future surveillance or infrastructure control. This incident follows reports of similar intrusions in U.S. telecom networks, with Salt Typhoon allegedly infiltrating systems used by AT&T and Verizon for wiretapping, prompting significant security concerns. The FBI and the UK’s National Cyber Security Centre have provided technical assistance to affected entities and released details on malware like “Pygmy Goat,” observed in compromised systems. While the Chinese government denies these accusations, security experts warn of potential risks to data privacy and national security if such access is used in future geopolitical disputes.
*NOTE:
Attacking telecommunications networks offers China a multipurpose advantage, integrating cyber espionage with strategic military readiness. By gaining access to telecom systems, China can surveil or intercept sensitive communications, especially those of high-value targets, while maintaining the option to degrade or disrupt services if needed. This capability is essential for potential "informationized warfare," allowing China to weaken its rivals' communications in crises without confrontation. This approach aligns with China’s "Active Defense" doctrine, aiming to control information flows and preserve strategic stability in an era of escalating cyber competition
READ THE STORY: TOC
Schneider Electric Hit by Cyberattack; Ransomware Gang Claims Breach
Bottom Line Up Front (BLUF): Schneider Electric is investigating a cyberattack on its project tracking system, allegedly carried out by the HellCat ransomware group. The group claims to have accessed Schneider’s Jira system, exfiltrating approximately 40GB of sensitive project and user data, demanding a $125,000 ransom.
Analyst Comments: This incident highlights a troubling trend of ransomware gangs targeting critical infrastructure firms like Schneider Electric. The access to the Jira project tracking system suggests a potential avenue through which sensitive operational data could be used to expose supply chain or security weaknesses in the industrial automation sector. HellCat's rapid emergence amid ongoing ransomware disruptions led by the FBI may signal a reconfiguration of ransomware actors who are increasingly focusing on high-value engineering and data-rich companies. Schneider Electric's quick incident response will be critical, especially given its prior ransomware issues earlier this year.
FROM THE MEDIA: French energy management and automation giant Schneider Electric confirmed that it is addressing a cyber incident involving its internal project tracking platform, believed to be within an isolated environment. On Saturday, the recently surfaced HellCat ransomware group took responsibility, alleging unauthorized access to the company’s Atlassian Jira system. They claimed to have stolen around 40GB of data, including project documents and user information, and issued a $125,000 ransom threat. This attack follows a prior breach in January that affected Schneider's sustainability-focused tools. The FBI's recent interventions against ransomware may have led to smaller, more aggressive ransomware cells, like HellCat, seeking high-value targets with more concentrated attack methods.
READ THE STORY: THN
Russia Identified as Leading Election Threat by U.S. Intelligence
Bottom Line Up Front (BLUF): U.S. intelligence agencies have identified Russian disinformation as the most active foreign threat to the 2024 election, aimed at undermining public confidence and sowing discord. Russian influence operations, primarily targeting swing states, include fabricated videos and articles questioning election integrity.
Analyst Comments: Russia’s use of digital disinformation campaigns to manipulate public sentiment and fuel political tensions has been a staple tactic in recent election cycles. The ongoing activity suggests that Moscow remains committed to exploiting U.S. political divisions as a form of asymmetric warfare, intending to weaken U.S. institutions without confrontation. The prominence of influence operations in swing states reflects a calculated strategy to amplify polarization in areas with potential impact on election outcomes. The U.S. intelligence community's emphasis on vigilance reflects a deepening need for resilience against these persistent influence operations.
FROM THE MEDIA: The Office of the Director of National Intelligence, FBI, and CISA issued a joint statement naming Russia as the foremost threat to election integrity. Russian operatives are said to be producing and disseminating false media—including videos suggesting widespread voter fraud. Recent examples include fake clips of a Haitian migrant allegedly planning to vote for Vice President Kamala Harris in multiple counties, which Georgia’s Secretary of State dismissed as targeted disinformation. Russia’s embassy in the U.S. responded with a denial, labeling these accusations “baseless.” Meanwhile, U.S. intelligence also flagged Iran as a significant foreign influence actor, noting past threats to disrupt voting or incite violence.
READ THE STORY: Newsweek // FBI // VOA
China’s Ministry of State Security Urges Public Vigilance Amid Foreign Espionage Threats, Hints at Reciprocity
Bottom Line Up Front (BLUF): China’s Ministry of State Security (MSS) warned of increasing espionage by foreign entities targeting China’s sensitive data, calling on the public to strengthen data security in daily life. The MSS's message implicitly acknowledges the reality of mutual espionage activities among global powers, a subtle nod to China’s intelligence operations.
Analyst Comments: In calling for public vigilance, the MSS's advisory subtly acknowledges the ongoing global espionage dynamics where China is both a target and an active player. As China’s digital economy expands, its data infrastructure becomes a strategic target for foreign agencies—yet this advisory serves as a reminder that espionage cuts both ways. By framing data security as a public responsibility, China aims to bolster domestic awareness and control over data, reflecting its dual approach of restricting foreign influence while likely intensifying its intelligence-gathering capabilities. This message reinforces China’s position that data is an asset of national security, emphasizing protective measures that state actions could mirror.
FROM THE MEDIA: China’s MSS issued an advisory stating that foreign intelligence agencies are escalating efforts to infiltrate China’s data sector, aiming to steal sensitive information. The ministry emphasized that the public must protect national and personal data across all data-handling stages—from collection to destruction. The MSS’s call for vigilance implicitly recognizes the complexities of global data espionage, including potential reciprocity in China’s intelligence posture. Highlighting that China’s digital economy now constitutes a significant portion of GDP, the MSS cautioned that external attempts to access this data threaten national and economic security. This advisory underscores China’s growing focus on data sovereignty and controlled digital growth in response to global intelligence pressures.
*NOTE:
The Ministry of State Security (MSS) is China’s primary civilian intelligence, security, and counterintelligence agency. It is responsible for protecting national security and conducting intelligence operations domestically and abroad. Often described as the Chinese attempted equivalent of a combined CIA and FBI, the MSS is tasked with various activities, including counterespionage, political intelligence, surveillance, cyber operations, and countering foreign influence.
READ THE STORY: GT (CN State)
Malware Campaign Targets npm Developers Using Ethereum Smart Contracts
Bottom Line Up Front (BLUF): A malware campaign exploits hundreds of typosquat npm packages, tricking developers into deploying malicious JavaScript code. This campaign uses Ethereum smart contracts to obscure command-and-control (C2) servers, making blocking or shutting down the malware’s infrastructure difficult.
Analyst Comments: This innovative use of blockchain for C2 in a software supply chain attack highlights the growing sophistication of cybercriminal tactics targeting open-source ecosystems. The decentralized architecture adds resilience to the attack, allowing malicious actors to update IP addresses and bypass traditional blocklisting quickly. Russian-language error messages suggest that the attackers could be Russia-based, possibly leveraging this infrastructure to launch wider-scale attacks. Developers using npm must adopt rigorous package verification and dependency monitoring to mitigate such threats, as blockchain-based C2 infrastructure may set a precedent for future supply chain attacks.
FROM THE MEDIA: Security researchers from Checkmarx, Phylum, and Socket warned of a typosquatting campaign on npm targeting popular libraries like Puppeteer and Bignum.js. Over 287 fake packages containing obfuscated JavaScript code were identified. Once installed, the code connects with an Ethereum smart contract to retrieve IP addresses of C2 servers, bypassing traditional defenses and allowing dynamic updates to evade detection. Researchers observed similarities to previous attacks like EtherHiding, which used Binance Smart Chain for similar purposes. While the identities behind this campaign remain unverified, Russian-language debugging messages suggest a Russian origin.
READ THE STORY: THN
Items of interest
Inside China’s Cognitive Warfare Strategy
Bottom Line Up Front (BLUF): China is advancing a cognitive warfare strategy to shape global perceptions and influence adversaries' behavior through information control and narrative manipulation. This non-kinetic approach leverages artificial intelligence (AI) and media influence to embed China's viewpoints and counter Western influence, particularly across developing regions and within Western societies.
Analyst Comments: This cognitive warfare approach is a natural evolution of China’s longstanding focus on influence operations, now supercharged by advanced technology. Such a strategy provides a non-confrontational means to disrupt adversaries, subtly undermining democratic values and societal cohesion. For the West, the failure to prioritize cognitive defenses may risk its alliances, public trust, and the integrity of democratic systems. Given the rapid advancement of AI, Beijing’s ability to influence public opinion and policy on issues like Taiwan is only expected to grow.
From the Media: State-controlled outlets, including CGTN and China Daily, employ both direct propaganda and subtle content integration in Western publications, where pro-China narratives appear in “sponsored” sections or as “advertorials.” Social media influencers with indirect ties to state media—such as Vica Li—present lifestyle content while reinforcing government perspectives. The People’s Liberation Army (PLA) emphasizes cognitive warfare as a core tactic to impact international audiences and adversarial decision-making processes. By using AI-driven content strategies, Chinese platforms such as TikTok now foster pro-China narratives, often stifling discussions critical of its policies in regions like Xinjiang and Hong Kong, enhancing Beijing's reach and influence across borders.
READ THE STORY: GIS
Chinese Cognitive Warfare: Josh Baughman (Video)
FROM THE MEDIA: Andy talks about the complexities and goals of China's cognitive warfare program with Josh Baughman, an analyst at the China Aerospace Studies Institute at Air University.
China's Military Cyber Operations: Has the Strategic Support Force Come of Age? (Video)
FROM THE MEDIA: China's military cyber operations have showcased a noticeable strategic shift in recent years. The Strategic Support Force (SSF) – the joint information warfare (IW) command of the People's Liberation Army (PLA) – is gradually finding its ground. Established in 2015 during the massive reorganization of the PLA undertaken by Xi Jinping himself, the SSF does not often get as much of the limelight as its more aggressive foreign intelligence counterpart, the Ministry of State Security (MSS).
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.