Daily Drop (910): Volt Typhoon Botnet | AI: Bullfrog System | SpaceX Dragon | China’s Stimulus | Putin-Trump Call | Africa’s Tech Sector | Dark Web Bitcoin Mixer | China-Nexus TAG-112 | NPUs |
11-13-24
Wednesday, Nov 13, 2024 // (IG): BB // GITHUB // SGM Jarrell
SGM Jarrell Family Support
Join us in honoring the legacy of a distinguished Auburn family man and Special Forces soldier, SGM Josh Jarrell. SGM Jarrell, AU '05, passed away after a one year battle with cancer. He is survived by his wife Lorraine and the five young children who live in the greater Atlanta area.
Your generous gift donations to the Special Forces Charitable Trust will ensure that the Jarrell children are able to fulfill education opportunities and are able to participate in enrichment opportunities in the sports, the arts and outdoor venues.
DAILY DROP (910)
Paul Nakasone on Exploding Pagers, AI Security, and New National Security Frontiers
Bottom Line Up Front (BLUF): Retired Gen. Paul Nakasone discusses the shifting nature of global threats, including the influence of adversarial alliances like China and Russia, emerging cyber warfare tactics, and the role of artificial intelligence in national defense. He also reflects on his new roles after leaving the NSA and Cyber Command, including potential returns to government service.
Analyst Comments: Gen. Nakasone’s interview illustrates a pivot in global power dynamics, with emerging alliances of authoritarian nations like China, Russia, and North Korea attempting to counter U.S. influence through cyber warfare and technology. His acknowledgment of North Korean troops in Ukraine and China’s persistent cyber intrusions signals a new era where conventional and cyber tactics are blended. As threats increasingly target critical infrastructure, his shift to AI underscores the U.S. effort to harness AI defensively, establishing safeguards against misuse by malicious actors. Nakasone’s openness to potential government service also suggests he views this time as pivotal in national defense, particularly as cyber tools become essential to U.S. military and intelligence strategy.
FROM THE MEDIA: In an interview with The Record’s Click Here podcast, Gen. Nakasone examined new threats, from North Korean troops in Ukraine to China's cyber campaigns against U.S. infrastructure. He explained how recent "exploding pagers" in Syria underscore vulnerabilities in the global tech supply chain. He also highlighted the importance of artificial intelligence for cybersecurity and alluded to his advisory role at OpenAI to secure AI against misuse. Nakasone hinted he might consider returning to government if asked, suggesting his expertise remains in high demand.
READ THE STORY: The Record
*NOTE:
In a recent interview, retired General Paul Nakasone, former NSA and U.S. Cyber Command head, shared his perspective on evolving global security threats, especially as authoritarian states like China, Russia, North Korea, and Iran become more coordinated in their efforts to undermine the U.S. Nakasone referred to this coalition as an “Axis of Authoritarianism,” pointing to examples like North Korea sending troops to aid Russia in Ukraine and Chinese hacking groups, such as Volt Typhoon and Salt Typhoon, targeting U.S. critical infrastructure. He praised Ukraine’s defense innovation, which has benefited from real-time intelligence and public-private partnerships, contrasting with Russia’s slower response due to rigid, outdated military planning. Now serving on the board of OpenAI, Nakasone emphasized the importance of U.S. leadership in AI, warning that if rivals like China surpass the U.S., they could use AI for cyber warfare and surveillance. His remarks stressed the need for a flexible, collaborative approach to cybersecurity as threats grow more complex and global.
China’s Volt Typhoon Botnet Rebuilds to Target U.S. Infrastructure
Bottom Line Up Front (BLUF): Chinese state-backed hacker group Volt Typhoon, previously dismantled by the FBI, has reemerged using compromised routers to regain access to U.S. critical infrastructure. Targeting outdated Cisco devices, the group has leveraged new command-and-control servers to prevent detection and continue cyberespionage activities.
Analyst Comments: Volt Typhoon’s swift resurgence signals China’s persistence in targeting U.S. infrastructure, aiming for an undetectable presence within essential networks. The group's adaptive techniques, including deploying new infrastructure on different platforms, demonstrate a long-term commitment to gathering intelligence and potentially preparing for disruptive attacks. This activity highlights vulnerabilities in end-of-life devices still in use across critical sectors, underscoring the need for enhanced network security and timely device upgrades in critical U.S. systems. Continued vigilance and rapid response to these evolving tactics will be essential to securing infrastructure.
FROM THE MEDIA: SecurityScorecard reports that Volt Typhoon, a cyber group linked to the Chinese government, has reconstituted its botnet, exploiting outdated Cisco and Netgear routers to infiltrate critical infrastructure. Originally disrupted in January 2024, the group has set up new command-and-control servers on Digital Ocean and Vultr, using traffic routes through New Caledonia as a cover for their activities. These covert connections create a “silent bridge” between the Asia-Pacific and the U.S., allowing Volt Typhoon to reestablish persistent access to sensitive networks. The FBI has not commented on the group’s resurgence, but ongoing escalations point to a sustained Chinese strategy aimed at U.S. infrastructure access.
READ THE STORY: Axios // The Register
Italian Police Uncover Pan-European Forgery Network Selling Fake Artworks by Banksy, Picasso, Warhol
Bottom Line Up Front (BLUF): Italian authorities have dismantled a major forgery network spanning several European countries, responsible for producing and distributing counterfeit art attributed to renowned artists like Banksy, Pablo Picasso, and Andy Warhol.
Analyst Comments: This discovery underscores the persistent issue of art forgery and highlights the high demand for artwork by famous modern and contemporary artists, often attracting illicit actors seeking substantial profit. The sophistication of this network, which included exhibitions and catalogs to lend credibility to the fakes, signals an elevated level of deception within the European art market. As authorities tighten regulations and intensify scrutiny, this case may encourage further cross-border cooperation to protect art authenticity.
FROM THE MEDIA: This discovery underscores the persistent issue of art forgery and highlights the high demand for artwork by popular modern and contemporary artists, often attracting illicit actors seeking substantial profit. The sophistication of this network, which included exhibitions and catalogs to lend credibility to the fakes, signals an elevated level of deception within the European art market. As authorities tighten regulations and intensify scrutiny, this case may encourage further cross-border cooperation to protect art authenticity.
READ THE STORY: Reuters
*NOTE:
Italian police have uncovered a vast art forgery network spanning multiple European countries, with suspects accused of producing and selling fake works by prominent artists like Banksy, Picasso, and Warhol. The investigation, initiated in 2023 after the seizure of forged art from a businessman in Pisa, led authorities to 38 individuals under investigation across Italy, Spain, France, and Belgium. Over 2,100 counterfeit artworks valued at roughly €200 million were seized, along with six active forgery workshops, primarily in Italy. Suspects allegedly boosted the credibility of their fakes by organizing high-profile Banksy exhibitions. Italian authorities coordinated with experts from the Banksy archive, who called this operation a significant victory in protecting the artist’s legacy. The investigation sheds light on the scale and sophistication of European art forgery operations, emphasizing the ongoing challenges in combating art-related crime across borders.
SpaceX Dragon Reboosts ISS Altitude
Bottom Line Up Front (BLUF): SpaceX’s Dragon spacecraft successfully demonstrated its ability to boost the International Space Station (ISS) with a 12.5-minute thruster burn, raising its orbit by nearly a mile. This marks the first time Dragon has been used for this purpose, which could support ISS maintenance until its planned retirement and eventual deorbit.
Analyst Comments: The reboost demonstration by SpaceX highlights NASA’s ongoing shift toward relying on commercial partners for critical ISS support roles previously filled by government-operated spacecraft. With Dragon’s proven capability, the U.S. gains greater flexibility in managing ISS altitude, offering NASA an alternative to Russia's Progress vehicle and Northrop Grumman’s Cygnus. As the ISS retirement approaches, the experience from this reboost test may contribute directly to developing SpaceX’s approach to deorbit the ISS safely.
FROM THE MEDIA: SpaceX’s Dragon delivered over 6,000 pounds of cargo to the ISS and performed a 12-minute, 30-second burn on November 8 to adjust the station's altitude. The maneuver followed NASA’s decision to have SpaceX handle the eventual controlled deorbit of the ISS. This recent reboost provides critical data for future missions, enhancing U.S. options for maintaining and retiring the ISS as other spacecraft phase out.
READ THE STORY: The Register
Putin-Trump Call Dismissed by Kremlin
Bottom Line Up Front (BLUF): The Kremlin has officially denied reports claiming that President-elect Donald Trump spoke with Russian President Vladimir Putin recently, calling the story “pure fiction.” Kremlin spokesperson Dmitry Peskov stated there are no current plans for any contact between the two leaders.
Analyst Comments: This incident illustrates the ongoing information dynamics between the Kremlin, the Western media, and U.S. government sources. The Kremlin’s quick response highlights Russia’s interest in controlling narratives about its relationship with Trump, especially as both nations face heightened geopolitical tensions. Such a denial can be seen as Moscow’s attempt to reduce speculation on its influence or involvement in U.S. politics, especially given the visibility of Trump’s return to the political stage. This may underscore a more cautious Kremlin approach to avoid igniting controversies tied to U.S.-Russia relations.
FROM THE MEDIA: Initial reports from The Washington Post suggested that Trump advised Putin against escalating the Ukraine conflict, which Reuters echoed based on an unnamed source. However, Kremlin spokesperson Dmitry Peskov firmly rejected these reports, stating, “This is completely untrue. This is pure fiction; it’s just false information.” Peskov also noted that while the Kremlin is open to discussions, no specific plans for a call between Trump and Putin are in place.
READ THE STORY: Reuters
*NOTE:
Recent reports suggested that U.S. President-elect Donald Trump and Russian President Vladimir Putin engaged in a phone conversation about the Ukraine conflict, with Trump allegedly advising Putin against escalating the war and expressing interest in further discussions to resolve the situation. According to The Washington Post, Trump reportedly urged Putin to avoid heightening tensions in Ukraine. However, the Kremlin has firmly denied that such a call occurred, with Kremlin spokesperson Dmitry Peskov calling the report “completely untrue” and “pure fiction.” Adding to the complexity, Ukraine’s foreign ministry also denied being informed about any such call between Trump and Putin. Ukrainian foreign ministry spokesperson Heorhii Tykhyi clarified that reports suggesting Kyiv was aware of the conversation were false. While some media outlets have reported a call between Trump and Putin, both Russian and Ukrainian officials deny that it happened.
Mitigating External Cybersecurity Risks in Africa’s Tech Sector
Bottom Line Up Front (BLUF): African countries face substantial cybersecurity challenges due to reliance on foreign technology providers. Prioritizing security, promoting vendor diversity, and strengthening regional cyber governance can help mitigate risks associated with foreign control over Africa’s critical technology infrastructure.
Analyst Comments: Heavy reliance on foreign tech providers, particularly from China and the U.S., raises cybersecurity risks across Africa’s infrastructure. African nations can build greater resilience by prioritizing cybersecurity, increasing vendor diversity, and strengthening regional cyber governance. Local expertise development and cross-border collaboration on cyber initiatives will be critical to advancing digital autonomy and security.
FROM THE MEDIA: The Africa Center for Strategic Studies reports significant foreign control over Africa's telecommunications, notably by companies like Huawei and ZTE, has led to concerns over espionage risks, including incidents of data breaches at the African Union headquarters. While foreign tech is essential for Africa’s digital progress, increased competition and more robust cybersecurity policies are necessary to secure digital sovereignty. African governments are urged to implement comprehensive cybersecurity regulations to protect critical infrastructure and ensure foreign technology partnerships are balanced and secure.
READ THE STORY: Africa Center
Dark Web Bitcoin Mixer Operator Sentenced to Over 12 Years
Bottom Line Up Front (BLUF): Roman Sterlingov, the Russian-Swedish operator of the Bitcoin Fog cryptocurrency mixer, has been sentenced to 12.5 years in U.S. prison. He was also ordered to repay over $395 million, derived from laundering proceeds related to crimes such as drug trafficking, identity theft, and child exploitation.
Analyst Comments: The sentencing of Sterlingov underscores the U.S. Justice Department’s ongoing focus on cryptocurrency mixers used to launder criminal proceeds. This case is significant for the scale of funds laundered and its potential impact on the dark web community that relies on mixers for anonymity. While mixers are not inherently illegal, their misuse in criminal activities continues to attract law enforcement attention. This sentencing may increase skepticism within dark web networks regarding the reliability and security of mixers while emphasizing the challenges law enforcement faces in tracking illicit financial flows across encrypted platforms.
FROM THE MEDIA: Bitcoin Fog, operating from 2011 to 2021, facilitated the laundering of over 1.2 million Bitcoins, approximately $400 million. U.S. prosecutors highlighted how the service enabled anonymity for criminals, including those involved in drug sales, identity theft, and computer misuse. With blockchain analysis advancing, authorities could trace Sterlingov’s transactions, eventually leading to his arrest. While mixers are sometimes used for privacy in oppressive regimes, their frequent exploitation by cybercriminals for laundering large sums continues to prompt crackdowns.
READ THE STORY: The Register
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike
Bottom Line Up Front (BLUF): The China-linked threat group TAG-112 has targeted Tibetan media and university websites to distribute Cobalt Strike payloads. This attack, part of a larger espionage campaign, aims to gather intelligence on the Tibetan community and other groups Beijing perceives as subversive.
Analyst Comments: Using Cobalt Strike by TAG-112 highlights a growing trend among Chinese cyber actors leveraging legitimate cybersecurity tools to achieve espionage goals. This campaign reflects China's long-term strategy to monitor and control ethnic, religious, and political groups. TAG-112’s use of the Cobalt Strike payload, rather than custom malware, suggests a more opportunistic approach than its counterpart, Evasive Panda. However, it underscores a coordinated strategy to exploit vulnerabilities in older CMS systems, like Joomla, used by targeted organizations. As China-linked groups continue to develop, they will likely intensify attacks against groups opposing Chinese policy, underscoring the need for proactive defenses within high-risk communities.
FROM THE MEDIA: The websites of Tibet Post and Gyudmed Tantric University were hacked in late May by TAG-112, a China-linked hacking group associated with state-sponsored espionage. Recorded Future’s Insikt Group reports that TAG-112 used compromised sites to deliver a Cobalt Strike payload by disguising it as a “security certificate” for site visitors to download. While TAG-112 has operational similarities to the well-known Evasive Panda group, researchers note that the group appears to lack the same sophistication. TAG-112 primarily targets the Tibetan community, which has long been subject to surveillance by Chinese-backed cyber-espionage groups. The attackers exploited vulnerabilities in the Joomla CMS on the targeted sites, allowing them to deliver malware aimed at gathering intelligence on the Tibetan community, a long-standing priority for Chinese authorities.
READ THE STORY: The Record
AI Machine Gun Targets Drone Threats with Bullfrog System
Bottom Line Up Front (BLUF): The Pentagon is testing a new AI-driven counter-drone machine gun, the "Bullfrog," developed by Allen Control Systems. Designed to detect and shoot down drones autonomously, this system represents a low-cost, precise solution for countering small, fast-moving threats, particularly in conflict zones where drones pose a growing danger.
Analyst Comments: The Bullfrog showcases a blend of advanced computer vision and robotics to address evolving battlefield needs, marking a shift toward autonomous defense capabilities. Its precision in targeting fast-moving drones from significant distances may enhance U.S. military responses to drone threats, especially in environments with limited personnel. However, the debate continues over autonomous systems' role in lethal combat scenarios, with potential future policy changes influencing how autonomous the Bullfrog system might become.
FROM THE MEDIA: First demonstrated at the Technology Readiness Experimentation event in August, the Bullfrog combines a 7.62-mm machine gun with AI and computer vision, achieving impressive accuracy in neutralizing small drones. Developed by former military engineers, the system eliminates the need for complex directed-energy weapons by delivering precise gunfire at a fraction of the cost. It requires a human to authorize firing, but it could operate autonomously if defense policy changes. Its development coincides with the Pentagon's increased focus on counter-drone solutions under its Replicator initiative.
READ THE STORY: Wired
Mistrust Between Russia and the West: A Persistent Reality Beyond the Trump Era
Bottom Line Up Front (BLUF): Vladimir Putin's longstanding mistrust of the West, reinforced by political instability in the U.S., remains central to his foreign policy agenda. Trump’s presidency may offer temporary advantages for Russia, but deep-rooted geopolitical conflicts between Moscow and Western powers are likely to persist.
Analyst Comments: Putin sees Trump’s win validating his skepticism toward Western stability and consistency. The Kremlin anticipates that Trump’s focus on domestic issues and potential European divisions could weaken Western support for Ukraine, possibly enabling a pause in hostilities that benefits Russia’s strategic goals. However, this fragile peace, should it come to pass, wouldn’t shift Russia’s broader objectives or alignments, as Putin relies on anti-Western sentiment to unify his government and sustain his rule.
FROM THE MEDIA: Following Trump’s U.S. election win, Putin publicly expressed optimism about potential shifts in U.S. foreign policy, notably concerning Ukraine. However, Russia’s leaders remain wary, significantly, as Trump’s energy policy could pressure Russia’s oil-dependent economy. Moscow anticipates that Trump’s reduced support for Ukraine might lead to a freeze in the conflict but not a complete concession to Russia’s broader demands. Putin’s administration also expects Trump’s inward focus to deepen U.S. political divisions and bolster populist movements in Europe—developments that the Kremlin views as favorable. Nonetheless, Russia’s alignment with China remains steadfast, as Moscow prioritizes its enduring rivalry with the West over opportunistic gains under Trump’s administration.
READ THE STORY: FT
*NOTE:
Trump's election could reshape U.S.-Russia relations and impact broader Western alliances, particularly in terms of U.S. support for Ukraine. Putin might see this shift as a chance to solidify territorial gains, especially if Trump favors a ceasefire that leaves current frontlines intact, allowing Russia to rebuild its military capacity. Such a move could create divisions within NATO, as some European allies firmly back Ukraine’s sovereignty and may resist policies they see as advantageous to Russia. Despite any short-term diplomatic or strategic benefits for Moscow, underlying mistrust between Russia and the West remains a persistent obstacle. Putin’s administration views the U.S. political landscape as unpredictable, driving Russia to seek more stable partnerships, especially with China, whose strategic alignment is less impacted by U.S. electoral shifts. Consequently, while Trump’s foreign policy might provide Russia with temporary openings, Europe could respond by strengthening NATO and recalibrating its defense strategies to ensure regional stability.
The NPU Debate: Marketing Hype or Genuine Need?
Bottom Line Up Front (BLUF): Companies like Intel, AMD, and Qualcomm are marketing neural processing units (NPUs) as essential for AI-driven computing. Despite their promises of increased efficiency, the practical benefits of NPUs for average users still need to be improved, especially in laptops where power savings from offloading AI tasks are marginal.
Analyst Comments: While NPUs offer efficiency improvements for specific tasks, the impact on mainstream applications is minimal, suggesting that these units are more of a marketing upsell than a necessity for most consumers. The die space allocated to NPUs could enhance CPU or GPU capabilities, providing more noticeable performance improvements for typical users. The emphasis on TOPS (trillions of operations per second) metrics highlights theoretical performance rather than everyday advantages, revealing NPUs as a solution primarily for niche AI use cases, not a must-have feature for most consumers.
FROM THE MEDIA: Intel, AMD, and Qualcomm have embedded NPUs in their processors, like Intel’s Meteor Lake VPU and AMD’s Ryzen AI, pushing these components as the future of computing. NPUs have been marketed as crucial for AI-driven experiences. Still, experts argue that most AI features managed by NPUs—like background blurring or audio cleanup—are already handled by existing processors. The extra efficiency NPUs provide, while valuable in specific scenarios, has limited impact on broader computing tasks, with some calling the feature an “upsell” rather than a necessity. Consumers may see incredible benefits from investments in CPUs or GPUs until AI applications become indispensable.
READ THE STORY: The Register
China’s Stimulus Disappoints, Markets Drop
Bottom Line Up Front (BLUF): Chinese stock markets fell as investors reacted to Beijing’s latest fiscal stimulus package, which primarily targets local government debt restructuring rather than consumer spending. The Hang Seng index dropped 2.1%, reflecting investor disappointment over the package’s lack of measures to boost consumer demand.
Analyst Comments: The latest stimulus illustrates China’s focus on financial stabilization rather than aggressive economic growth. While the government’s $1.4 trillion plan to tackle local debt is significant, the lack of consumer-focused policies leaves investors unconvinced of near-term growth prospects. This fiscal approach suggests caution from Beijing in an increasingly uncertain global economy, especially as it faces trade tensions with a newly elected U.S. administration. Investor expectations are now pivoting to December’s Central Economic Work Conference for potential clarity on broader economic policy.
FROM THE MEDIA: After a week of stock gains driven by expectations for a robust stimulus, Chinese markets fell on Monday. Analysts noted that the new package, authorized by China’s National People’s Congress, addresses local debt through bond issuance but omits direct consumer support measures. Financial Minister Lan Fo’an suggested potential future measures for bank recapitalization and consumer support but provided no specifics. Nomura analysts echoed investor disappointment, emphasizing the stimulus's stabilization focus rather than driving consumption. The market now turns to China’s December economic conference for additional policy direction.
READ THE STORY: FT
*NOTE:
China’s recent $1.4 trillion fiscal stimulus package, aimed at restructuring local government debt, has disappointed investors who had anticipated broader measures to stimulate consumption. This led to a drop in key Chinese markets, with Hong Kong’s Hang Seng index falling by 2.1% and the CSI 300 slipping as investors adjusted their positions, reflecting skepticism that the debt restructuring plan alone would spark major economic gains. The central bank’s move to set the renminbi at a lower level further suggested downward pressure amid market outflows and concerns about future U.S.-China trade tensions under the new U.S. administration. Analysts highlighted the lack of targeted measures to boost consumer spending, and investors are now turning their focus to the Central Economic Work Conference in December for potential policy updates.
Items of interest
Enhanced EU Training for Ukrainian Troops Using Museum Tanks and Trench Systems
Bottom Line Up Front (BLUF): The EU’s military training mission has incorporated museum Soviet tanks and trench systems to better prepare Ukrainian troops, simulating actual battlefield conditions faced against Russian forces. The initiative has trained around 18,000 Ukrainian soldiers with a blend of historical and advanced equipment.
Analyst Comments: This use of old Soviet-era tanks and trench layouts highlights training adaptation to closely mirror Ukrainian battlefield conditions, where troops encounter modern warfare and remnants of older combat tactics. By blending high-tech simulators with outdated equipment still in Russian use, the EU mission aims to provide nuanced combat readiness training. Incorporating drones into this training further reflects the prominence of drone surveillance and attacks in the conflict, ensuring Ukrainian soldiers are well-prepared for both technological and tactical threats.
FROM THE MEDIA: According to Lieutenant General Andreas Marlow, the EU’s Special Training Command near Berlin has begun incorporating Soviet tanks borrowed from museums into Ukrainian training exercises. This approach gives troops a realistic understanding of booby traps and other risks associated with abandoned Russian equipment. Additionally, German forces have recreated trench systems resembling Russian designs to familiarize trainees with expected battlefield layouts. Alongside older military assets, modern technology is employed in combat simulations, including high-tech dummies for medical training and surveillance drones to reflect current frontline challenges. Since its start in 2022, the EU’s training mission has prepped thousands of Ukrainian soldiers, and the mission was recently extended by two years.
READ THE STORY: Reuters
How Ukrainian DIY Drones Are Taking Out Russian Tanks
FROM THE MEDIA: Since the Ukrainian counteroffensive against Russian forces began, there’s been a dramatic increase in Ukraine’s use of FPV, or first-person view drones, to execute kamikaze-style attacks on Russian tanks, troop positions, and other large-scale weapons. The aim is to operate cheaply and to make the military less dependent on Western armaments.
Ukraine builds miles of frontline trenches and bunkers to repel Russian army (Video)
FROM THE MEDIA: Nvidia’s H100 chips are crucial to technology, from their use in smartphones to training complex AI chatbots. However, Nvidia outsources its production to one company in Taiwan: Taiwan Semiconductor Manufacturing Company, or TSMC. With China threatening to use force to take Taiwan if necessary, the U.S. worries about a devastating impact on TSMC, which is at the heart of the AI revolution.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.