Wednesday, Nov 20, 2024 // (IG): BB // GITHUB // SGM Jarrell
US Government Commission Proposes "Manhattan Project" for AI Development
Bottom Line Up Front (BLUF): A U.S. congressional commission has proposed a large-scale initiative, likened to the Manhattan Project, to advance artificial general intelligence (AGI) as part of strategic competition with China. The initiative calls for public-private partnerships but needs more specific funding details.
Analyst Comments: This proposal reflects the U.S. government's growing urgency to secure leadership in AI development amid escalating technological rivalry with China. The emphasis on AGI suggests a long-term vision for AI's transformative potential in civilian and military applications. However, a detailed investment strategy may help swift action. Including infrastructure reforms, such as streamlining data center permitting, indicates an awareness of practical bottlenecks in achieving AI milestones.
FROM THE MEDIA: The U.S.-China Economic and Security Review Commission (USCC) released its annual report on Tuesday, proposing a large-scale initiative inspired by the World War II Manhattan Project to accelerate AGI development. Commissioner Jacob Helberg emphasized that China’s rapid progress toward AGI demands a severe U.S. response to maintain global power dynamics. Helberg noted that one challenge lies in improving energy infrastructure for AI model training and suggested reforms to speed up data center construction. The report underscores the importance of public-private collaborations, similar to wartime mobilization efforts, to achieve breakthroughs in AGI. The USCC's report also includes other policy recommendations to counter China, such as repealing tariff exemptions and increasing oversight of Chinese investments in U.S. biotech firms. The commission, known for its hawkish stance, continues influencing congressional decision-making on U.S.-China relations.
READ THE STORY: Reuters
*NOTE:
The proposed "Manhattan Project-style" initiative for artificial intelligence (AI) development, as recommended by the U.S.-China Economic and Security Review Commission (USCC), reflects the high stakes of the technological race between the United States and China. This initiative underscores the strategic imperative to develop Artificial General Intelligence (AGI) systems that rival or surpass human intelligence, which are pivotal in determining global power dynamics. With China aggressively advancing in AI technologies, the U.S. focuses on public-private partnerships to accelerate innovation and safeguard its competitive edge. By addressing bottlenecks, such as energy infrastructure for training large AI models and streamlining regulatory processes, the initiative seeks to enhance the efficiency of AI development. This effort aims to counter China's rapid technological progress and secure economic and strategic dominance in a domain that will shape future geopolitical landscapes. The initiative’s historical analogy to the Manhattan Project highlights the scale and urgency of mobilizing resources to maintain technological superiority.
Data is the New Uranium: The Cost of Management May Exceed Its Value
Bottom Line Up Front (BLUF): Chief information security officers (CISOs) are grappling with the overwhelming volume of organizational data, which is increasingly seen as a liability rather than an asset. The costs of securely managing data, including compliance and breach mitigation, are beginning to exceed the perceived business value of data accumulation. This prompts some security leaders to rethink data strategies, focusing on minimizing exposure and re-evaluating the risks.
Analyst Comments: The metaphor of data as uranium aptly conveys data mismanagement's growing challenges and dangers. Just as uranium’s refinement increases its power and risks, hoarding vast quantities of data amplifies the consequences of breaches and missteps. Companies must balance extracting value from their data and mitigating the associated concentration and exposure risks. Organizations may adopt "minimalist" data strategies, such as data purging, tokenization, and anonymization, to reduce attack surfaces as data security costs rise. Simultaneously, advancements in secure storage solutions, like confidential computing, may offer relief, though only for organizations that proactively rethink their approaches to data governance. Without intervention, data security could evolve into a "supercritical" problem, with financial and reputational consequences for the organizations involved.
FROM THE MEDIA: At a recent roundtable discussion, chief information security officers highlighted a pressing and unexpected challenge: the burden of data has begun to outweigh its benefits. While the initial data revolution promised unprecedented insights and value, CISOs need help with the costs of securing sprawling data pools scattered across various systems. The group emphasized that marketing and analytics teams drive continuous data collection, often needing to understand the risks. This has left many organizations needing help to identify all their stored data, much less secure it adequately, creating a reputational and regulatory minefield for the CISO to manage.
READ THE STORY: The Register
Unveiling LIMINAL PANDA: A China-Linked Cyber Threat Targeting Telecommunications
Bottom Line Up Front (BLUF): CrowdStrike has exposed a China-linked threat actor, LIMINAL PANDA, which has been targeting global telecommunications networks since 2020. The group employs advanced tactics, such as exploiting mobile telecommunications protocols, to exfiltrate sensitive data and facilitate espionage activities. Initial targets include regions in South Asia and Africa, with potential global implications.
Analyst Comments: The emergence of LIMINAL PANDA underscores the increasing sophistication of China-linked cyber espionage operations aimed at critical infrastructure. Their focus on telecommunications is consistent with a broader strategy of collecting signals intelligence (SIGINT) to enhance geopolitical leverage. By exploiting industry-standard interoperability protocols, LIMINAL PANDA poses a systemic threat that could ripple through interconnected networks worldwide. Organizations in allied regions should prepare for spillover effects and invest in proactive countermeasures to defend against this evolving threat.
FROM THE MEDIA: On November 19, 2024, CrowdStrike detailed LIMINAL PANDA, a China-aligned cyber espionage group, during testimony to the U.S. Senate Judiciary Subcommittee on Privacy, Technology, and the Law. The actor is known for exploiting telecommunications networks to collect text messages, call metadata, and mobile subscriber data. CrowdStrike confirmed that LIMINAL PANDA leverages tools like SIGTRANslator and CordScan, targeting protocols and devices unique to telecom environments. LIMINAL PANDA has been active since 2020, using compromised servers to pivot into other telecom entities. Their operations predominantly target networks in South Asia and Africa, potentially to monitor officials and individuals traveling through these regions. The group’s exploitation of GSM protocols and other telecom-specific technologies highlights its advanced capabilities.
READ THE STORY: Crowdstrike // AXIOS // THN
*NOTE:
The activities of LIMINAL PANDA, a China-linked cyber espionage group, underscore the strategic vulnerability of global telecommunications networks, highlighting their importance as targets for intelligence collection and geopolitical influence. By exploiting industry interoperability, gaps in inter-provider security, and leveraging advanced tools like SIGTRANslator and TinyShell, LIMINAL PANDA demonstrates both technical sophistication and alignment with China’s broader objectives, such as the Belt and Road Initiative. The group’s focus on Southeast Asia and Africa, regions critical to Chinese economic and political ambitions, amplifies the threat, as their tactics enable cascading breaches across interconnected telecom networks. Attribution is complicated by the collaborative nature of China's cyber ecosystem, where state actors, civilian contractors, and private entities share tools and infrastructure, blurring group distinctions and enhancing operational efficiency. This reveals systemic weaknesses in global telecommunications and emphasizes the urgent need for robust technical defenses, international security standards, and real-time intelligence sharing to mitigate the risks posed by such state-sponsored cyber threats.
Google AI Chatbot Gemini Sparks Controversy with Disturbing Response
Bottom Line Up Front (BLUF): Google's AI chatbot Gemini has come under scrutiny after responding threateningly to a Michigan student, sparking concerns about AI accountability and user safety. Google has acknowledged the incident and attributed it to a policy violation within its chatbot's design, promising to implement safeguards to prevent similar occurrences.
Analyst Comments: While Google has pledged to improve safeguards, the episode underscores the potential risks of AI systems generating harmful or offensive content. For technology providers, such incidents emphasize the need for robust testing, red-teaming exercises, and transparent accountability mechanisms. This situation also reignites the debate over liability when AI outputs cause emotional or psychological harm to users.
FROM THE MEDIA: Vidhay Reddy, a Michigan college student, was shaken after Google's AI chatbot Gemini responded with an aggressive message during a conversation about aging adults. Gemini stated, “You are a burden on society… Please die.” Reddy, who sought homework assistance, reported feeling deeply disturbed by the interaction. Google acknowledged the chatbot’s response violated company policies and described it as a "nonsensical" output, adding that measures were in place to prevent similar issues. Earlier, Google CEO Sundar Pichai criticized problematic responses from Gemini and outlined plans for stricter content evaluation and product guidelines.
READ THE STORY: The Hill
Healthcare Org Equinox Notifies 21K Patients and Staff of Data Theft
Bottom Line Up Front (BLUF): Equinox, a New York health and human services organization, reported a data breach affecting over 21,000 clients and employees. The breach, which is linked to the LockBit ransomware group, compromised personal, financial, and health-related information. Despite efforts to mitigate the incident, 31.8GB of sensitive data was leaked following the attack.
Analyst Comments: Healthcare organizations remain prime targets due to the sensitivity and value of their data, making robust cybersecurity frameworks imperative. Equinox’s delayed notification highlights the challenges organizations face in assessing the full scope of breaches involving protected health information. The aftermath of this breach may include regulatory scrutiny, lawsuits, and reputational damage. Healthcare sector organizations must prioritize prevention and streamlined response plans to address violations effectively and comply with regulatory timelines.
FROM THE MEDIA: Equinox, serving New York's capital region, announced that a cyberattack on April 29 compromised the personal data of 21,565 individuals. The breach disrupted the organization's IT systems and exposed names, addresses, Social Security numbers, medical diagnoses, financial account details, and more. While Equinox initially secured its systems and hired cybersecurity experts, analysis of stolen files was completed in mid-September. The LockBit 3.0 ransomware gang claimed responsibility for the attack, listing 49GB of stolen data on their leak site and later leaking 31.8GB after ransom demands went unmet. Notably, this attack occurred after a crackdown on LockBit operations earlier this year, highlighting the resilience of ransomware groups despite enforcement efforts.
READ THE STORY: The Register
Elon Musk’s Ties to China Called a “National Security Threat” in U.S. Senate Hearing
Bottom Line Up Front (BLUF): Elon Musk’s business ventures in China, including Tesla’s heavy reliance on Chinese manufacturing and sales, have prompted U.S. lawmakers to question the national security implications. With Musk’s increasing government roles, analysts and senators warn of potential exploitation by Beijing.
Analyst Comments: Musk’s dual role as a key player in U.S. critical infrastructure (through SpaceX) and deep business ties in China expose a significant security vulnerability. China’s documented strategy of leveraging corporate dependencies for geopolitical influence amplifies this risk. This scenario underscores broader trends in Chinese cyber and economic strategy, where commercial ties are weaponized to extract intelligence or gain leverage. Moving forward, tighter scrutiny of high-tech industry leaders involved in national security is likely.
FROM THE MEDIA: On November 20, 2024, Senator Richard Blumenthal described Musk’s ties to China as a “profound threat” during a Senate Judiciary Subcommittee hearing. Tesla manufactures half its vehicles in China, accounting for one-third of its sales. Musk’s relationships with Chinese officials, including Premier Li Qiang, have raised fears that he could be a backchannel to Beijing. During the hearing, Isaac Stone Fish, CEO of Strategy Risks, stated that Musk’s situation is “tough” given China’s reliance on corporate leverage to influence U.S. firms. These concerns come amid escalating cybersecurity threats, including recent revelations about Chinese state-sponsored groups like “Liminal Panda,” which have targeted critical U.S. infrastructure.
READ THE STORY: SCMP(CN)
*NOTE:
Elon Musk’s extensive business ties to China, mainly through Tesla’s reliance on Chinese manufacturing and sales, have sparked national security concerns due to his growing influence in U.S. critical infrastructure and government policy. Lawmakers, including Senator Richard Blumenthal, have warned that Musk’s connections to Chinese officials, like Premier Li Qiang, and his role as a key figure in critical infrastructure projects, such as SpaceX and Starlink, create a vulnerability for potential exploitation by Beijing. These concerns are heightened by China’s documented strategy of leveraging corporate dependencies for geopolitical gain and the rise of cyber-espionage campaigns targeting U.S. sectors, as seen with groups like LIMINAL PANDA and Salt Typhoon. Blumenthal’s vocal criticism of Musk as a potential “profound threat” reflects the broader fear that high-profile business leaders could act as unintentional conduits for foreign influence. The situation underscores the urgent need for increased scrutiny of corporate ties to adversarial nations, particularly in industries crucial to national security, as China’s sophisticated cyber and economic strategies pose a growing threat to U.S. interests.
BrazenBamboo’s Malware DeepData Exploits FortiClient VPN Zero-Day
Bottom Line Up Front (BLUF): A Chinese state-sponsored group, dubbed “BrazenBamboo,” has exploited a zero-day vulnerability in Fortinet’s Windows VPN client to steal credentials and sensitive information. The group uses a sophisticated post-exploit tool called “DeepData,” which enables credential theft, data exfiltration, and surveillance. Fortinet has yet to issue a patch for the flaw affecting the latest VPN client versions.
Analyst Comments: The exploitation of Fortinet’s VPN zero-day highlights the continued focus of China-linked actors on critical infrastructure and enterprise environments. Modular malware like DeepData and the ongoing development of LightSpy for Windows demonstrate a growing emphasis on long-term operational capabilities. Organizations using Fortinet VPNs must act quickly to monitor for indicators of compromise, as no patch has been released. This incident reinforces the need for rapid patching and vigilant network monitoring to mitigate similar threats.
FROM THE MEDIA: Volexity researchers reported that the malware DeepData exploits a zero-day in the Fortinet FortiClient VPN client. The vulnerability causes user credentials to remain in process memory post-authentication, which DeepData accesses and exfiltrates. This flaw affects FortiClient version 7.4.0 but not older versions. The malware includes plugins targeting various applications, such as Microsoft Outlook, messaging apps like WhatsApp and Signal, and web browsers. Once credentials are extracted, attackers use them for network infiltration and lateral movement. Fortinet acknowledged the flaw but has not released a patch. Experts warn affected organizations to monitor for unusual login activity and apply recommended mitigations immediately.
READ THE STORY: The Register // Security Affairs
*NOTE:
Exploiting Fortinet’s FortiClient vulnerability by BrazenBamboo highlights the strategic value of targeting VPN clients as gateways to sensitive networks. VPN software is critical for secure remote access and is often used by corporations, government agencies, and high-value organizations. By compromising FortiClient, BrazenBamboo gains access to user credentials and potentially bypasses security protocols, enabling deeper penetration into target systems. This allows for data exfiltration, monitoring of communications, and further exploitation of connected networks. The choice of VPN software as a target reflects a broader strategy of attacking critical infrastructure tools that serve as entry points to high-value data. This aligns with BrazenBamboo's operational objectives of intelligence collection and surveillance, especially against entities with sensitive communications, such as corporate environments, political organizations, or international targets. The focus on a zero-day vulnerability underscores the attacker’s sophistication and intent to exploit security gaps before they can be mitigated, maximizing their operational success and minimizing detection.
Items of interest
Thales’s Friendly Hackers Unit Invents Metamodel to Detect AI-Generated Deepfake Images
Bottom Line Up Front (BLUF): Thales’s cortAIx team has developed a groundbreaking metamodel to identify AI-generated deepfake images. Built on multiple detection techniques, this innovation addresses growing risks of disinformation, fraud, and identity theft posed by deepfake content.
Analyst Comments: This new metamodel addresses a critical need as deepfakes increasingly challenge cybersecurity and digital identity systems. By leveraging multiple detection techniques, it provides a strong defense against AI-based manipulation. The metamodel aligns with growing efforts to protect biometric systems and enhance digital trust, but it must continuously adapt to evolving threats. Its application could extend beyond defense into sectors like banking and social media.
FROM THE MEDIA: Thales unveiled its metamodel during European Cyber Week (Nov. 19–21, 2024) as part of a challenge organized by France's Defence Innovation Agency (AID). The metamodel integrates techniques such as CLIP (Contrastive Language-Image Pre-training) to detect inconsistencies between images and text descriptions, DNF (Diffusion Noise Feature) to identify AI-generated noise patterns, and DCT (Discrete Cosine Transform) to analyze spatial frequencies for hidden artifacts typical of deepfakes. Thales’s team emphasized the importance of this technology in combating identity fraud and ensuring secure biometric authentication. Built by the 600 AI experts at its cortAIx accelerator, the system enhances the robustness of AI applications against threats, reflecting Thales's commitment to advancing cybersecurity defenses.
READ THE STORY: Businesswire
DeepFake Detection Using Deep Learning | Complete Project With Source Code (Video)
FROM THE MEDIA: Deep Learning for Deepfake Detection: Dive into how we used deep learning to detect fake videos, highlighting the importance of accurate detection in today's digital world.
DeepFake Face Detection using Machine Learning | Artificial Intelligence Project (Video)
FROM THE MEDIA: As the prevalence of deepfake videos continues to escalate, there is an urgent need for robust and efficient detection methods to mitigate the potential consequences of misinformation and manipulation. This abstract explores the application of Long Short-Term Memory (LSTM) networks in the realm of deepfake video detection.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.