Daily Drop (913): U.S. Untangle Defense Supply Chains | Reinvent the US | RuNet | Government | UA: Drone Production | RU: Gas Exports | FortiClient VPN | WezRat Malware | Glove Stealer Malware |
11-16-24
Saturday, Nov 16, 2024 // (IG): BB // GITHUB // SGM Jarrell
Elon Musk and Vivek Ramaswamy Lead Trump’s Plan to Reinvent US Government
Bottom Line Up Front (BLUF): Elon Musk and Vivek Ramaswamy have been appointed to spearhead the Department of Government Efficiency (Doge) under Donald Trump's administration. Their mission is to slash $2 trillion from the federal budget by eliminating bureaucracy and streamlining government processes. Despite bold ambitions, historical challenges, and ethical concerns may limit the impact of this initiative.
Analyst Comments: The appointment of Elon Musk and Vivek Ramaswamy reflects Trump’s inclination towards disruptive, private-sector-style leadership to address government inefficiency. However, the duo's aggressive approach and potential conflicts of interest—especially Musk’s vested stakes in defense and regulatory agencies—might hinder bipartisan cooperation. While modernization and technological improvements are overdue in federal operations, the complexities of legislative sign-offs and entrenched systems could stall their agenda. This initiative could redefine federal operations if successful, but skepticism remains over its feasibility and impartiality.
FROM THE MEDIA: Donald Trump’s incoming administration has tasked Elon Musk and Vivek Ramaswamy with heading Doge, a project aimed at slashing $2 trillion from the $6.75 trillion federal budget. Musk, who has publicly expressed frustration over regulatory delays affecting SpaceX and Tesla, views this role as an opportunity to overhaul government bureaucracy. Ramaswamy has advocated for measures like shutting down the Department of Education and bypassing federal employee protections to enable mass layoffs. Critics, including ethics watchdogs, worry about conflicts of interest, particularly Musk’s ability to influence agencies such as the NHTSA and FTC, which regulate his businesses. Meanwhile, Musk has amplified criticism of isolated government expenditures, such as PTSD research and defense experiments, but has yet to outline a detailed cost-cutting strategy.
READ THE STORY: FT
Ukraine Ramps Up Autonomous Drone Production to Counter Russian Forces
Bottom Line Up Front (BLUF): Ukraine is leveraging advanced autonomous drone technology to maintain its edge against Russian forces. Companies like Auterion and Vyriy are mass-producing affordable autopilot-enabled drones, which can operate independently of human pilots during critical phases of attacks. This innovation aims to counteract Russian electronic jamming and improve strike efficiency at reduced costs.
Analyst Comments: Ukraine’s shift toward scalable production of autonomous drones marks a pivotal moment in modern warfare, showcasing the role of affordable, adaptable technologies in leveling asymmetrical conflicts. While Russia has superior manufacturing capacity, Ukraine’s decentralized and innovative approach leverages small, agile startups to outpace Russian adaptation. This advancement also raises strategic implications for global conflicts, where low-cost, high-impact technologies could redefine traditional military power structures. However, sustaining these gains may require external support, especially as geopolitical shifts, such as a potential U.S. funding reduction, loom.
FROM THE MEDIA: Autonomous drone technology is rapidly advancing on the Ukrainian battlefield, with the integration of low-cost computers enabling precise, independent operations. Auterion's Skynode system and Vyriy Drone's autopilot technology are key innovations allowing drones to bypass Russian jamming efforts. Autopilot-enabled drones engage targets using terminal guidance, improving strike success rates to nine out of ten in tests. Companies like Vyriy aim to keep production costs under $50 per unit, fostering a competitive domestic industry reliant on local components and minimal imports. These drones’ ability to execute complex maneuvers autonomously significantly extends their range and resilience against interference.
READ THE STORY: WSJ (Yahoo)
Russia Tests RuNet’s Readiness for Isolation from Global Internet
Bottom Line Up Front (BLUF): Russia’s censorship agency, Roskomnadzor, plans to test the RuNet, the country’s internal internet infrastructure, in December to ensure its readiness for isolation from the global web. The move raises concerns about censorship and freedom of information.
Analyst Comments: The RuNet test reflects Russia’s long-term ambition to insulate itself digitally, a strategy bolstered by geopolitical tensions and domestic control policies. While ensuring cybersecurity and sovereign control, such isolation risks stifling innovation, international collaboration, and citizens' access to unbiased information. If successful, the test could serve as a model for other authoritarian regimes looking to centralize digital control, creating a more fragmented and politically driven global internet landscape.
FROM THE MEDIA: Roskomnadzor’s December exercise will involve isolating certain regions to evaluate RuNet’s ability to replace global internet services. Official statements claim the test will ensure resilience against external threats, with key infrastructure readiness as a priority. Implemented under a 2018 law allowing the government to control domestic internet networks, the RuNet aims to secure critical services like banking during crises. Critics highlight the growing suppression of information, noting the blocking of VPNs and independent media since the Ukraine conflict escalated. Leaked communications, such as one from Russia's Central Bank, advise institutions to prepare for potential disruptions while reassuring the public of uninterrupted services.
READ THE STORY: The Barents Observer
Russian Gas Exports via Ukraine Remain Stable Despite Austria Supply Cuts
Bottom Line Up Front (BLUF): Russian gas exports through Ukraine to Europe maintained steady volumes at 42.4 million cubic meters despite Austria ceasing to receive gas due to a contractual dispute. The current stability masks broader shifts, as Russia's reliance on the Ukraine transit route dwindles amid geopolitical tensions and expiring agreements.
Analyst Comments: Reducing gas flows to Austria signals a strategic recalibration of Russia’s energy export dynamics. As Europe's reliance on Russian gas decreases, nations like Hungary and Slovakia remain vital customers. However, this raises questions about their energy security in 2025, when the Ukraine transit agreement expires. The cessation underscores Europe's push for diversification, driven by Russia’s shifting alliances and geopolitical strategies.
FROM THE MEDIA: Gazprom confirmed stable gas flows to Europe through Ukraine despite earlier announcements to suspend supplies to Austria. Austrian energy company OMV, traditionally a significant recipient, was notably absent from the recipient list following the suspension, which accounts for about 40% of the Ukraine transit volume. While Austria faces supply disruptions, Hungary and Slovakia continue to receive gas via alternate routes, including pipelines through Turkey. Before the Ukraine conflict, Russian gas met 40% of the EU's energy needs, a figure that has sharply declined due to sanctions and alternative sourcing efforts. Previously central to Gazprom’s European exports, the Ukraine route now operates at reduced capacity, highlighting the region's volatile energy landscape.
READ THE STORY: Reuters
Fortinet Patches Critical VPN Vulnerabilities to Prevent Exploitation
Bottom Line Up Front (BLUF): Fortinet has addressed two high-severity vulnerabilities in its FortiClient VPN software, including a privilege escalation flaw (CVE-2024-47574) with a CVSS score of 7.8 and a registry manipulation issue (CVE-2024-50564). Both flaws have been resolved in FortiClient 7.4.1, ensuring users can mitigate these risks by upgrading promptly.
Analyst Comments: These vulnerabilities highlight the critical need for timely patching in cybersecurity, especially for VPN applications that are a common target for attackers. The privilege escalation issue, exploiting Windows named pipes, and the ability to alter SYSTEM-level registry values could give attackers significant control over compromised systems. While these flaws have not been exploited in the wild, organizations should not delay in applying the patches, as the techniques detailed by researchers could quickly find their way into attacker arsenals.
FROM THE MEDIA: Fortinet released fixes for FortiClient VPN vulnerabilities that could allow unauthorized users or malware to gain higher privileges and execute code. The bugs affect multiple versions of FortiClient, including 7.4.0, 7.2.x, 7.0.x, and 6.4.x, and were reported by Pentera Labs’ researcher Nir Chako. Exploiting these flaws could result in actions like deleting log files or connecting users to attacker-controlled servers. The patches, included in version 7.4.1, are confirmed to mitigate these issues, with Fortinet planning further advisories in December. No active exploitation has been reported so far.
READ THE STORY: The Register
Iranian Hackers Deploy WezRat Malware in Targeted Attacks Against Israeli Organizations
Bottom Line Up Front (BLUF): Iranian state-sponsored actors have deployed a newly developed remote access trojan (RAT), WezRat, to infiltrate Israeli organizations. The malware, capable of executing commands, keylogging, and stealing cookies, was distributed via phishing emails masquerading as security updates from Israel's cyber authority.
Analyst Comments: WezRat's evolution from a simple RAT to a feature-rich espionage tool underscores Iran's ongoing investment in cyber-capabilities. The malware's modularity, which enables dynamic updates and obfuscation, demonstrates a strategic focus on maintaining stealth and adaptability. Targeting entities in Israel, a known geopolitical adversary, aligns with broader Iranian cyber-espionage objectives, including information theft and disruption. Future campaigns may expand to other regions, emphasizing the need for enhanced vigilance against phishing and RAT threats.
FROM THE MEDIA: Check Point researchers revealed WezRat as a sophisticated malware actively used by the Iranian group Cotton Sandstorm, also known as Emennet Pasargad. Initially observed in September 2023, WezRat has evolved to include advanced surveillance features like screenshot capture and a keylogger, managed through DLL modules fetched from its command-and-control (C&C) server. The attack methodology involves phishing emails impersonating the Israeli National Cyber Directorate (INCD). Victims were lured with a malicious "Google Chrome security update," which deployed a second executable alongside the legitimate Chrome installer to compromise the target. The malware communicated with its C&C server "connect.il-cert[.]net," enabling real-time data theft and system manipulation.
READ THE STORY: THN
Glove Stealer Malware Exploits Chrome App-Bound Encryption Bypass to Harvest Sensitive Data
Bottom Line Up Front (BLUF): Glove Stealer, a .NET-based malware, employs a novel technique to bypass Chrome’s App-Bound encryption via the IElevator service. It targets cookies and sensitive data from browsers, extensions, and applications. It leverages phishing campaigns and social engineering tactics to infect systems, posing a growing threat to user privacy and digital assets.
Analyst Comments: The emergence of Glove Stealer underscores the evolving sophistication of info-stealer malware, particularly its ability to exploit recently disclosed vulnerabilities. By targeting App-Bound encryption, Glove Stealer raises concerns about browser security and the effectiveness of current protective measures. Organizations and users must adopt stricter endpoint security policies, conduct phishing awareness training, and update systems regularly to mitigate such threats. The malware’s early development phase suggests it could evolve further, broadening its attack surface.
FROM THE MEDIA: Researchers from Gen Digital uncovered Glove Stealer, which targets browser cookies, cryptocurrency wallets, 2FA authenticators, and other sensitive data. Distributed via phishing campaigns, it bypasses Chrome’s App-Bound encryption using the IElevator service—a method disclosed in October 2024. The malware disguises itself as a system utility, collecting data by downloading a zagent.exe module into Chrome’s Program Files directory. This module retrieves and decodes the App-Bound encryption key stored locally to extract cookies and confirm the bypass to its command-and-control (C2) server. Infection vectors include phishing emails containing HTML attachments and tricking users into executing malicious scripts through terminal commands or the Run prompt.
READ THE STORY: Security Affairs
US Pushes to Untangle Defense Supply Chains from Chinese Influence Amid Drone Technology Sanctions
Bottom Line Up Front (BLUF): Chinese sanctions on US drone-maker Skydio underscore the continued reliance of American defense supply chains on Chinese components, sparking renewed efforts to secure alternative sources. The Defense Innovation Unit (DIU) and private firms are racing to ensure compliance with upcoming legislative mandates to eliminate Chinese-sourced batteries by 2027.
Analyst Comments: The sanctions are a stark reminder of vulnerabilities within US military supply chains, particularly regarding critical technologies like drones and batteries. The Defense Department’s push for autonomy in sourcing aligns with strategic priorities to reduce dependency on adversarial nations. While startups like Lyten aim to address gaps through domestic production, scaling up to meet demand presents significant challenges. The lessons learned from Ukraine’s high-volume drone use also emphasize the need for a robust, self-sufficient manufacturing ecosystem to meet operational requirements.
FROM THE MEDIA: The DIU’s David Michelson highlighted that the Chinese sanctions on Skydio were a “signal” of the US’s interconnectedness with Chinese supply chains, especially in areas like batteries. Skydio, which supplies drones to the US military and Ukraine, revealed that the sanctions severed its access to Chinese battery suppliers, forcing it to ration existing stock and accelerate development of alternative sources. This situation ties into broader Pentagon concerns about Chinese components in battlefield technologies. Efforts like the Blue UAS program aim to ensure that Department of Defense suppliers eliminate reliance on adversarial sources. The 2024 National Defense Authorization Act mandates the use of domestically produced batteries starting October 2027, prompting firms like Lyten to ramp up production of Lithium-Sulfur batteries.
READ THE STORY: Breaking Defense
Pony AI Seeks $4.48 Billion Valuation in Long-Awaited U.S. IPO
Bottom Line Up Front (BLUF): Chinese self-driving technology company Pony AI is advancing its plans for a U.S. IPO on the Nasdaq, targeting a valuation of up to $4.48 billion. The move signals renewed momentum among Chinese firms pursuing U.S. listings, despite geopolitical and economic uncertainties.
Analyst Comments: Pony AI’s IPO reflects the company’s growth ambitions and broader trends in the autonomous vehicle (AV) industry. While its valuation target is a steep drop from 2022 estimates, it highlights regulatory hurdles, safety concerns, and intense R&D costs. The participation of Toyota and other high-profile backers underscores the long-term optimism in AV technologies. However, geopolitical tensions—especially involving U.S.-China relations—could complicate market reception and operational strategies.
FROM THE MEDIA: Pony AI plans to raise $195 million by offering 15 million American Depositary Shares priced between $11 and $13. Concurrent private placements could add $153.4 million, with notable investors including BAIC Group. This IPO follows a string of challenges for the company, including a failed SPAC deal in 2021 amid Beijing’s crackdown on tech firms. Although China has eased offshore listing restrictions, U.S. policymakers are contemplating bans on Chinese-developed AV systems, citing security concerns. Pony AI, which operates a fleet of over 250 robotaxis, will trade under the ticker symbol “PONY,” backed by underwriters like Goldman Sachs and BofA Securities.
READ THE STORY: Reuters
*NOTE:
Pony AI's decision to pursue a U.S. IPO at a reduced valuation reflects the complexities facing the autonomous vehicle sector and the evolving dynamics of U.S.-China relations. While the company’s fleet of robotaxis and robotrucks underscores its technological progress, its valuation cut from $8.5 billion to $4.48 billion highlights the market's tempered expectations, driven by challenges such as high R&D costs, regulatory scrutiny, and safety concerns. The IPO also comes amidst renewed geopolitical tensions, with the White House reportedly considering restrictions on vehicles using Chinese-developed systems, which could impede Pony AI's U.S. expansion. On the other hand, the firm’s swift regulatory approvals in China and support from prominent backers like Toyota and Saudi Arabia's NEOM demonstrate confidence in its long-term potential. However, its profitability challenges, compounded by the capital-intensive nature of autonomous technology, remain significant barriers. The IPO will test investor sentiment toward the industry’s prospects and signal the resilience of Chinese firms navigating global markets amidst geopolitical and economic headwinds.
Ukraine Ramps Up Autonomous Drone Production to Counter Russian Forces
Bottom Line Up Front (BLUF): Ukraine is leveraging advanced autonomous drone technology to maintain its edge against Russian forces. Companies like Auterion and Vyriy are mass-producing affordable autopilot-enabled drones, which can operate independently of human pilots during critical phases of attacks. This innovation aims to counteract Russian electronic jamming and improve strike efficiency at reduced costs.
Analyst Comments: Ukraine’s shift toward scalable production of autonomous drones marks a pivotal moment in modern warfare, showcasing the role of affordable, adaptable technologies in leveling asymmetrical conflicts. While Russia has superior manufacturing capacity, Ukraine’s decentralized and innovative approach leverages small, agile startups to outpace Russian adaptation. This advancement also raises strategic implications for global conflicts, where low-cost, high-impact technologies could redefine traditional military power structures. However, sustaining these gains may require external support, especially as geopolitical shifts, such as a potential U.S. funding reduction, loom.
FROM THE MEDIA: Autonomous drone technology is rapidly advancing on the Ukrainian battlefield, with the integration of low-cost computers enabling precise, independent operations. Auterion's Skynode system and Vyriy Drone's autopilot technology are key innovations allowing drones to bypass Russian jamming efforts. Autopilot-enabled drones engage targets using terminal guidance, improving strike success rates to nine out of ten in tests. Companies like Vyriy aim to keep production costs under $50 per unit, fostering a competitive domestic industry reliant on local components and minimal imports. These drones’ ability to execute complex maneuvers autonomously significantly extends their range and resilience against interference.
READ THE STORY: WSJ (MSN)
China’s AI Dependency: Balancing Innovation and Foreign Reliance
Bottom Line Up Front (BLUF): China’s AI advancements are deeply rooted in foreign technologies, particularly U.S.-sourced semiconductors, open-source AI models, and cloud computing services. However, Beijing is pushing for domestic innovation to reduce reliance on foreign tech.
Analyst Comments: China’s dependence on U.S. technology reflects a critical vulnerability in its AI ambitions. While leveraging foreign open-source models like Meta’s Llama has accelerated its capabilities, geopolitical tensions, and export restrictions could significantly hinder progress. Beijing’s strategic investments in domestic semiconductor and AI infrastructure aim to mitigate these dependencies, but closing the gap with global leaders remains challenging. In the short term, reliance on foreign expertise and tools will likely persist, keeping the U.S.-China AI codependency in a delicate balance.
FROM THE MEDIA: The People’s Liberation Army (PLA) has leveraged Meta’s Llama for tasks like situational analysis, mission planning, and psychological warfare. Customization efforts have included techniques like Low-Rank Adaptation (LoRA), reinforcement learning, and multimodal integration, enabling the model to process real-time data and support decision-making in constrained environments. For example, based on Llama, the PLA’s "ChatBIT" model outperforms existing systems like Stanford's Vicuna in interpreting nuanced military contexts. PLA-affiliated researchers have also deployed Llama-derived models for predictive policing and electronic warfare simulations, achieving a reported 31% improvement in interference strategies. Despite Meta’s licensing terms prohibiting military use, enforcement mechanisms remain ineffective against such adaptations.
READ THE STORY: Bloomberg // The Jamestown Foundation
*NOTE:
China's strategic focus on artificial intelligence (AI) development as a cornerstone of its national defense strategy reflects its ambition to achieve technological superiority and enhance military effectiveness. Guided by the 2017 "New Generation Artificial Intelligence Development Plan," China emphasizes integrating AI into defense applications through initiatives like military-civil fusion, accelerating the transfer of private-sector innovations to military use. The People's Liberation Army (PLA) prioritizes "intelligentized" warfare, leveraging AI for autonomous systems, battlefield awareness, and operational decision-making. Recent advancements, such as adapting Meta's Llama model for tools like "ChatBIT" to enhance intelligence and operational planning, underscore China's commitment to using AI for strategic military gains. These efforts aim to modernize defense capabilities while addressing national security challenges, positioning China as a leader in AI-driven military innovation.
Vietnamese Hacker Group Deploys PXA Stealer in Attacks Across Europe and Asia
Bottom Line Up Front (BLUF): Vietnamese threat actors are leveraging PXA Stealer, a new Python-based malware, to target government and educational organizations in Europe and Asia. This advanced stealer collects sensitive data, including credentials, browser cookies, and financial information, employing sophisticated delivery mechanisms like phishing emails and Rust-based loaders.
Analyst Comments: The deployment of PXA Stealer reflects a broader trend of nation-state actors utilizing sophisticated malware to pursue geopolitical and financial goals. The inclusion of advanced features like browser master password decryption and Facebook session hijacking indicates a focus on high-value targets, particularly in the ad and business sectors. This campaign and the group's active marketing of stolen data on Telegram underscores the blending of espionage and profit motives in state-aligned cyber operations. Organizations in Europe and Asia should enhance email filtering and endpoint security to counteract this growing threat.
FROM THE MEDIA: Cisco Talos researchers identified PXA Stealer as a Python-based malware employed by a Vietnamese-speaking actor to infiltrate government and educational institutions in Europe and Asia. The malware targets sensitive data, including account credentials, browser cookies, and financial records, and decrypts browser master passwords to exfiltrate stored login information. Connections to Vietnam were established via Vietnamese-language comments in the malware and a Telegram account linked to the group, which included national symbols and affiliations with CoralRaider, another known threat actor. The malware was propagated through phishing emails containing a ZIP file with a Rust-based loader and batch scripts. These scripts executed PowerShell commands to disable antivirus protections and deploy the stealer, displaying a decoy PDF as part of the ruse.
READ THE STORY: THN
Renovation of Historic Bletchley Park's H Block Celebrates Computing Legacy
Bottom Line Up Front (BLUF): The National Museum of Computing at Bletchley Park has completed a £500,000 renovation of H Block, the historic home of the Colossus II, to mark its 80th anniversary. Upgrades include a new roof and enhanced exhibits, preserving this key piece of computing history for future generations.
Analyst Comments: Renovations like these underscore the importance of preserving the roots of modern computing. H Block not only housed the world’s first programmable digital computers but also represents a pivotal moment in cryptography and intelligence. These efforts honor the groundbreaking work of pioneers like Tommy Flowers and the invaluable contributions of the Bletchley Park codebreakers. Ensuring public access to such sites is vital for inspiring future generations and fostering an appreciation for the evolution of technology.
FROM THE MEDIA: Originally constructed in 1944, Block H at Bletchley Park was purpose-built to house Colossus II computers, designed to decrypt the Lorenz-encrypted communications of Nazi leadership. The National Museum of Computing’s renovations include a repaired roof and updates to exhibits, ensuring preservation amid celebrations for Colossus II's 80th anniversary. The museum hosts a replica of Colossus II alongside artifacts and stories from those who worked on the project. These upgrades, supported by contributions from the Post Office Remembrance Fellowship, ensure the site remains a vibrant educational hub for computing enthusiasts.
READ THE STORY: The Register
Items of interest
Web Scraping for Threat Hunting Using Python
Bottom Line Up Front (BLUF): Python can simplify threat intelligence operations by automating web scraping for critical data extraction. Tools like Beautiful Soup enable analysts to gather high-severity vulnerabilities efficiently, reducing manual efforts and ensuring timely action.
Analyst Comments: Automating data collection for cybersecurity is increasingly critical as organizations face growing vulnerabilities. This Python-based web scraper for CISA’s weekly bulletins exemplifies how easily accessible tools can boost efficiency in threat hunting. As organizations enhance their capabilities, integrating web scraping and other automation can reduce response times to emerging threats. Expanding such tools to monitor multiple sources or integrating with alert systems would further strengthen an organization’s defense posture.
FROM THE MEDIA: This Python tutorial demonstrates the creation of a web scraper that extracts high-severity vulnerabilities from CISA’s weekly vulnerability summary page. Using Beautiful Soup, the script navigates HTML tables, parses relevant data, and outputs it into a CSV file for further analysis. Key fields like product, vendor, CVE, CVSS score, and published date are captured. By leveraging Python’s libraries, such as requests for fetching web pages and csv for structured data storage, the tool simplifies a previously manual and time-intensive process. Analysts can use this CSV output to prioritize vulnerabilities needing immediate patching.
READ THE STORY: Kraven Security
*NOTE:
This a fundamental approach - as you develop, you’ll want to automate, so you want to start practicing identifying API endpoints.
How to Scrape Telegram with Python
FROM THE MEDIA: Scraping Telegram for threat intelligence is a vital practice due to the platform’s widespread use by threat actors. While it provides unique, real-time insights into the cyber threat landscape, organizations must address challenges like data reliability, legal compliance, and language diversity. When integrated with other intelligence sources, Telegram scraping can significantly enhance an organization’s ability to detect, prevent, and respond to threats.
This is How I Scrape 99% of Sites (Video)
FROM THE MEDIA: API scraping is a cornerstone for effective data collection in threat intelligence and other fields requiring timely, structured, and reliable information. Despite challenges like access limitations and legal considerations, it offers unparalleled efficiency, scalability, and accuracy. Organizations leveraging API scraping can enhance decision-making, improve situational awareness, and stay ahead in dynamic environments.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.