Friday, Nov 22, 2024 // (IG): BB // GITHUB // SGM Jarrell
Debate Over DJI’s Role in US Drone Market Highlights Tensions Between Innovation and Security
Bottom Line Up Front (BLUF): DJI, the global leader in civilian drone manufacturing, faces growing scrutiny in the US due to alleged ties to the Chinese government and concerns over data security. While the company defends its independence and the benefits of its technology, lawmakers and industry competitors raise alarms about its impact on American sovereignty, security, and domestic manufacturing.
Analyst Comments: The debate over DJI exemplifies the broader tension between innovation, globalization, and national security. While DJI’s dominance is a testament to its engineering excellence and cost efficiency, concerns about its ties to the Chinese state cannot be ignored, particularly given its presence in critical infrastructure applications. US restrictions could foster domestic drone development, but achieving parity with DJI’s scale and affordability remains challenging. Policymakers face a complex choice: ensuring security without stifling technological advancement or creating economic disruptions.
FROM THE MEDIA: DJI, founded by Frank Wang in 2006, has revolutionized drone technology, offering affordable, high-performance drones used in industries from agriculture to emergency services. The company claims it is privately owned, with Wang holding over 70% of shares, despite small state-owned investments. Critics argue DJI’s links to the Chinese government pose risks to US national security, particularly regarding critical infrastructure surveillance. The US has labeled DJI as a military-linked company and imposed restrictions on its operations. Supporters of DJI counter that its products operate in secure, air-gapped modes and are indispensable for many industries, including law enforcement and search-and-rescue missions. US competitors like Skydio and 3D Robotics have struggled to compete with DJI’s pricing and production capacity. Critics also attribute DJI’s market dominance to alleged unfair advantages, including potential state subsidies and aggressive pricing strategies.
READ THE STORY: FT
US Defense Firms Warned of Russian Sabotage Amid Escalating Geopolitical Tensions
Bottom Line Up Front (BLUF): US intelligence agencies have issued a joint warning to American defense firms about potential sabotage by Russian operatives. The notice highlights the risk of insider recruitment and physical or cyber disruptions as Russia seeks to undermine support for Ukraine and Western defense efforts.
Analyst Comments: This advisory underscores Russia's broader strategy of hybrid warfare, targeting not only military operations but also critical industrial and economic infrastructures. Defense contractors supporting Ukraine face increasing risks, requiring heightened security measures to counter-espionage and sabotage. With the US ramping up armament production, ensuring the integrity of supply chains and operations will be vital. The transition to a Trump administration, with its potential shift in Ukraine policy, could further complicate the strategic landscape for these firms.
FROM THE MEDIA: US intelligence agencies, including the FBI and the National Counterintelligence and Security Center, warned American defense companies of potential sabotage by Russian actors, mainly targeting those aiding Ukraine’s military efforts. The advisory follows recent incidents in Europe, such as a foiled assassination plot against Rheinmetall AG’s CEO and reports of incendiary devices in air cargo shipments bound for North America. As part of its hybrid warfare tactics, Russia has allegedly employed intelligence services and recruited criminals to conduct arson, cyberattacks, and other forms of disruption. The warning comes as US and European firms work to increase production of munitions and missiles for Ukraine and replenish national stockpiles. President Biden’s administration recently approved long-range strikes into Russian territory and other measures to support Ukraine ahead of the Trump administration's planned transition in January. Trump has expressed intentions to end the war, which could influence future US defense strategies and Russia’s actions.
READ THE STORY: BNN
Winter is Coming, and So Are Sandworm’s Cyberattacks on Europe’s Energy Grid
Bottom Line Up Front (BLUF): Sandworm, a cyber threat group linked to Russian intelligence, is escalating its attacks on Europe’s energy infrastructure as winter approaches. Known for past disruptions in Ukraine, the group is now targeting the European energy grid, potentially exacerbating regional energy vulnerabilities.
Analyst Comments: The increased activity by Sandworm reflects a hybrid warfare strategy that merges cyberattacks with broader geopolitical maneuvers. Attacks on critical energy infrastructure could amplify existing energy supply challenges, particularly amid rising tensions and high gas prices. Sandworm's dual focus on destructive operations and intelligence gathering raises the stakes, as compromised systems could lead to prolonged disruptions or support broader intelligence objectives. Strengthening Europe’s energy cybersecurity posture is imperative as the group’s operations evolve.
FROM THE MEDIA: Sandworm, also known as APT44 or Seashell Blizzard, has intensified its focus on Europe’s energy infrastructure, according to Google’s threat intelligence division, Mandiant. At the Tallinn Digital Summit, Sandra Joyce, head of Mandiant’s intelligence team, warned about active hacking attempts on Europe’s energy grid. This Russian state-sponsored group, part of the GRU military intelligence agency, has a history of targeting energy systems, including Ukraine’s power grid in 2015 and 2023. Sandworm’s activities combine destructive cyberattacks, like deploying wiper malware, with intelligence operations to exfiltrate data and manipulate information. Europe’s energy sector has reported 48 publicly known cyberattacks since 2022, with Russia responsible for nearly two-thirds of global attacks in 2023. Recent incidents, such as undersea telecom cable sabotage and Gazprom's energy supply cuts, highlight the region's vulnerability to hybrid threats.
READ THE STORY: Politico
Microsoft Calls for Tougher US Stance on Nation-State Cyberattacks
Bottom Line Up Front (BLUF): Microsoft President Brad Smith urged President-elect Donald Trump to adopt a stricter approach to nation-state cyberattacks from Russia, China, and Iran. Smith emphasized the escalating threat posed by these actors and called for prioritizing cybersecurity in international relations and US policy.
Analyst Comments: The call for a more aggressive stance reflects the urgency of countering increasingly sophisticated cyber threats that target critical infrastructure, election systems, and government operations. While the Biden administration made progress in bolstering cybersecurity defenses, gaps in deterrence remain. A second Trump administration's approach could heavily influence US cyber policy, either escalating tensions with adversaries or addressing systemic vulnerabilities. However, Microsoft must also address its recent security lapses, including Chinese hackers exploiting its cloud services, to bolster its credibility.
FROM THE MEDIA: Brad Smith, president of Microsoft, highlighted the critical need for the US to strengthen its cybersecurity defenses against state-sponsored attacks. Smith pointed to a surge in ransomware incidents and cyber espionage campaigns attributed to Russian, Chinese, and Iranian actors, some of which directly targeted US elections and government officials. Smith acknowledged progress under the Biden administration but stressed the need for further deterrence measures to address the growing collaboration between nation-states and cybercriminal groups. He criticized governments, particularly Russia and China, that "tolerate or facilitate" such activities.
READ THE STORY: FT
Neuralink Receives Canadian Approval for Brain Chip Trials
Bottom Line Up Front (BLUF): Neuralink, Elon Musk’s neurotechnology company, has gained approval from Health Canada to recruit volunteers for its CAN-PRIME study, focusing on the N1 brain implant. The trial aims to help individuals with cervical spinal cord injuries or ALS control computers through thought, with completion expected in four years.
Analyst Comments: With Neuralink’s expansion into international trials demonstrates the company’s persistence despite early technical hurdles, such as issues with electrode threads retracting during human trials. Canada’s approval signals growing regulatory confidence, but the challenges in human and animal tests indicate a long road ahead. Success in this study could position Neuralink as a leader in the brain-computer interface space. Still, skepticism remains regarding Musk’s ambitious claims about the technology’s ultimate potential, especially for vision restoration.
FROM THE MEDIA: Health Canada has approved Neuralink to recruit participants for its CAN-PRIME study, targeting individuals with severe physical disabilities to test its N1 brain-computer interface. This implant, embedded via Neuralink’s robotic system, consists of over 1,000 electrodes designed to interpret neural activity. The trial follows mixed results from earlier studies, including issues with electrodes retracting in the brain, which required Neuralink to adjust its signal-processing software. While a second participant showed improvement, Neuralink has faced technical and ethical challenges during its development. The N1 implant trial is distinct from Neuralink’s Blindsight project, which aims to restore vision through electrodes in the visual cortex. While Musk touts eventual “better-than-natural” vision, experts warn of limitations for individuals blind since birth, as critical neural pathways for vision may never have formed. This Canadian trial could provide valuable data for refining the technology, though achieving widespread adoption remains a distant goal.
READ THE STORY: The Register
Microsoft Takes Down Egyptian Phishing-as-a-Service Operation ‘ONNX’
Bottom Line Up Front (BLUF): In collaboration with LF Projects, Microsoft has dismantled 240 websites linked to the phishing-as-a-service operation “ONNX.” This takedown targeted an Egyptian cybercriminal group led by Abanoub Nady, which sold phishing kits enabling attackers to bypass security and compromise Microsoft accounts, particularly in the financial sector.
Analyst Comments: This operation highlights the evolution and commercialization of phishing-as-a-service platforms, lowering the entry barrier for cybercriminals. By seizing ONNX’s infrastructure, Microsoft disrupts a significant segment of the cybercriminal supply chain, but gaps remain as similar operations will likely rise to fill the void. The increased use of advanced tactics, like quishing (QR code phishing), underscores the need for organizations to adopt proactive defenses and remain vigilant against emerging threats.
FROM THE MEDIA: Microsoft’s Digital Crimes Unit (DCU), supported by LF Projects, has successfully dismantled ONNX, a phishing-as-a-service operation accused of selling tools and templates that bypassed security to steal sensitive data. ONNX primarily targeted Microsoft 365 users, using advanced techniques such as embedding malicious QR codes in PDF files to redirect victims to phishing websites. Abanoub Nady, the alleged leader, operated ONNX through a network of 240 fraudulent websites and marketed his services via platforms like Telegram. The operation included subscription tiers, offering features and hands-on support to enable phishing campaigns. Microsoft redirected ONNX’s technical infrastructure to its servers, cutting off access for cybercriminals. Microsoft traced Nady’s activities back to 2017 when he operated similar services under different names, such as “Caffeine.” This history and professionalized service offerings point to the growing sophistication of phishing-as-a-service models.
READ THE STORY: The Record
Russia Tests Experimental Ballistic Missile Amid Escalating Tensions
Bottom Line Up Front (BLUF): Russia has launched an "experimental intermediate-range ballistic missile" targeting Ukraine, raising concerns about its advanced missile capabilities. U.S. officials are providing additional air defense resources to Ukraine, emphasizing the missile's potential to evade interception and Russia's strategic messaging of strength.
Analyst Comments: The test signals Russia’s intent to project advanced military capabilities, possibly to intimidate Ukraine and its allies amidst rising geopolitical tensions. The weapon’s use of a MIRV (Multiple Independently Targetable Reentry Vehicle) payload could overwhelm existing air defense systems, complicating interception efforts. However, despite the sophisticated display, it serves more as a psychological tool than a game-changer in the battlefield dynamics. Western allies must continue to bolster Ukraine’s defensive capabilities, focusing on intercepting complex threats like MIRVs and hypersonic missiles while maintaining a long-term strategy to counter Russian aggression.
FROM THE MEDIA: On November 21, 2024, Russia launched what U.S. officials described as an experimental ballistic missile at the Ukrainian city of Dnipro. The missile, believed to share traits with the RS-26 Rubezh intermediate-range ballistic missile, reportedly featured a MIRV payload capable of deploying multiple warheads to hit distinct targets. Ukraine’s air force identified the missile as an intercontinental ballistic-type weapon launched from Russia’s Astrakhan region. Although the missile’s classification remains unclear, analysts suggest it may represent a new variant of advanced missile technology. The attack caused significant damage to a medical rehabilitation center but resulted in no casualties as staff and patients had evacuated. Concurrent missile salvos, including hypersonic and cruise missiles, targeted other Ukrainian regions, causing temporary power outages. In response, the U.S. announced additional air defense support to Ukraine, including Patriot and AMRAAM missiles. Russian President Vladimir Putin claimed the missile tests validated its effectiveness in combat conditions, asserting that Western defenses would struggle to intercept such weapons.
READ THE STORY: FT // Defense One
Trump Administration Cybersecurity Leadership Shaping Up Amid Speculation
Bottom Line Up Front (BLUF): President-elect Donald Trump’s team is considering former officials with prior government cybersecurity experience for critical administrative roles. However, the selection process is reportedly unconventional and lacks transparency. Potential nominees include Karen Evans, Brian Harrell, and Matt Hayden. Cabinet-level controversies delay final decisions.
Analyst Comments: The emerging list of potential cybersecurity leaders reflects an effort to balance technical expertise with loyalty to Trump’s inner circle. If these individuals are selected, they bring public and private sector experience to critical cyber roles. However, lacking a formalized transition process and focusing on personal networks may lead to surprises or underqualified picks. This could impact the administration’s ability to address pressing cybersecurity challenges, including evolving nation-state threats and critical infrastructure vulnerabilities.
FROM THE MEDIA: President-elect Trump’s transition team has yet to publicly prioritize cybersecurity, but insiders suggest several key figures are under consideration for high-level roles. Karen Evans, a former DHS CIO and DOE official, and Brian Harrell, previously an assistant secretary at DHS, are seen as strong contenders. Matt Hayden, another former DHS assistant secretary, is also reportedly in the mix. Sean Plankey, with a background in cybersecurity at DOE and the NSC, is another possibility. Additional names speculated for roles include Rob Strayer for the State Department's cyber ambassador post and Lucian Niemeyer for the assistant secretary of defense for cyber. Both bring relevant government and private sector experience but might be reluctant to leave their current roles.
READ THE STORY: The Record
Chinese APT Gelsemium Expands to Linux with WolfsBane Backdoor
Bottom Line Up Front (BLUF): The Chinese APT group Gelsemium has been observed using WolfsBane, a Linux backdoor designed for cyber espionage, marking its first confirmed foray into Linux malware. WolfsBane and other tools like FireWood are used to steal sensitive data and maintain stealthy, persistent access, signaling an expanded focus by this threat actor.
Analyst Comments: Gelsemium’s use of WolfsBane highlights the APT ecosystem’s increasing shift toward Linux systems, driven by enhanced defenses against Windows-targeted attacks like endpoint detection and response (EDR) and disabled VBA macros. This evolution underscores the growing need for robust Linux security solutions in previously considered less targeted environments. Using kernel rootkits and stealthy tools suggests a strategic pivot, enabling long-term intelligence gathering with minimal detection. To mitigate risks, organizations should assess their Linux infrastructure for vulnerabilities, particularly in web applications and exposed systems.
FROM THE MEDIA: The Chinese APT Gelsemium, active since at least 2014, has added Linux systems to its target pool with WolfsBane, a backdoor malware that mimics its earlier Windows-focused Gelsevirine. Discovered by ESET, WolfsBane was identified in multiple samples uploaded to VirusTotal from East and Southeast Asia, including Taiwan, the Philippines, and Singapore. WolfsBane enables attackers to steal credentials, access specific files, and execute commands stealthily. It leverages open-source tools like the BEURK userland rootkit to hide activity. Meanwhile, FireWood, another Linux malware possibly linked to Gelsemium, uses a kernel driver rootkit to evade detection and enhance stealth. The initial infection is suspected to occur via the exploitation of unknown web application vulnerabilities, allowing the attackers to deploy web shells and deliver the malware. This activity reflects a broader trend among APT groups to exploit Linux systems due to their increasing use in critical infrastructure and enterprise environments.
READ THE STORY: THN
GlobalFoundries Receives $1.5 Billion CHIPS Act Funding Despite Sanctions Violation
Bottom Line Up Front (BLUF): GlobalFoundries, a major U.S.-based semiconductor manufacturer, has secured up to $1.5 billion in CHIPS Act funding to expand domestic production, despite recently paying a $500,000 fine for sanctions violations involving shipments to a Chinese affiliate of SMIC. The funding is aimed at boosting U.S. chipmaking capacity to address concerns about national security and supply chain resilience.
Analyst Comments: This development underscores the U.S. government's commitment to securing its semiconductor supply chain, even when recipients like GlobalFoundries face scrutiny for regulatory lapses. The CHIPS Act seeks to mitigate vulnerabilities exposed during the COVID-19 pandemic by prioritizing domestic manufacturing. However, the fine for unauthorized shipments to blocklisted entities highlights ongoing compliance challenges in balancing international trade with geopolitical strategy. The decision to fund GlobalFoundries reflects the critical need for American-made chips to support key sectors such as defense and automotive, though political and operational risks remain.
FROM THE MEDIA: GlobalFoundries has received up to $1.5 billion under the CHIPS Act to fund three major projects to boost domestic semiconductor production. These include an expansion of the Malta, New York, fabrication plant for automotive chips, modernization of the Essex Junction, Vermont, gallium nitride semiconductor production facility, and construction of a new fab at the Malta campus. The funding will be released incrementally based on project milestones such as construction and production targets. The announcement comes shortly after the company was fined $500,000 for unauthorized shipments to SJ Semiconductor, an affiliate of China’s Semiconductor Manufacturing International Corporation (SMIC), between 2021 and 2022. GlobalFoundries attributed the sanctions breach to a data entry error.
The Department of Commerce emphasized GF’s role as one of only four non-China foundries capable of meeting demand for mature process nodes and the sole US-headquartered player of its scale, justifying the investment as critical to national security and supply chain resilience.
READ THE STORY: The Register
Over 145,000 Industrial Control Systems Exposed Online Across 175 Countries
Bottom Line Up Front (BLUF): A new study by Censys has revealed over 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. accounting for over 48,000 of these systems. These ICS, critical for infrastructure operations, use outdated protocols, making them vulnerable to cyberattacks.
Analyst Comments: The exposure of such a significant number of ICS devices underscores a persistent gap in securing operational technology (OT). While attacks targeting ICS systems remain relatively rare, the rise in ICS-specific malware, like FrostyGoop, highlights the increasing interest of threat actors in exploiting these vulnerabilities. Organizations must prioritize updating legacy systems, segmenting networks, and monitoring for malicious activity. Without proactive measures, critical infrastructure worldwide remains at risk from targeted nation-state attacks and opportunistic cybercriminal activity.
FROM THE MEDIA: Censys researchers identified over 145,000 ICS devices exposed online, with a substantial 38% located in North America. Standard ICS protocols such as Modbus and IEC 60870-5-104, which date back decades, are heavily used but need modern security enhancements. In North America, BACnet and C-more are predominant, while Europe uses protocols like Modbus and S7 more widely. Notable incidents include the discovery of FrostyGoop malware targeting Modbus TCP to disrupt OT networks and a U.S.-based water authority breach that exploited internet-exposed programmable logic controllers (PLCs). Many exposed systems are tied to mobile or business-grade ISPs, complicating attribution and remediation. Censys stressed that while ICS protocols rarely reveal identifying information, Human-Machine Interfaces (HMIs) often do, necessitating cooperation from ISPs to secure these systems. With botnet malware increasingly targeting OT devices for DDoS attacks, data wiping, and other malicious purposes, robust network segmentation and default credential updates are critical.
READ THE STORY: THN
Items of interest
New York Times Alleges OpenAI Deleted Evidence in Copyright Case
Bottom Line Up Front (BLUF): The New York Times has accused OpenAI of accidentally deleting critical evidence in an ongoing copyright lawsuit. The deletion impacted data from virtual machines provided by OpenAI, forcing plaintiffs to repeat extensive searches for copyrighted material allegedly used to train AI models.
Analyst Comments: This case highlights the complexities of discovery in AI-related litigation, especially when proprietary datasets and extensive computing resources are involved. OpenAI’s claim of accidental deletion raises concerns about transparency and data handling in legal proceedings. If the court sides with the Times, OpenAI may face stricter obligations to disclose training data in similar lawsuits, potentially setting a precedent for future AI-related copyright disputes.
FROM THE MEDIA: In a filing to the Southern District of New York, New York Times attorneys revealed that OpenAI engineers had erased significant portions of data from virtual machines meant for identifying the newspaper’s copyrighted works in OpenAI’s training datasets. While OpenAI recovered some data, losing folder structures and filenames rendered much of the information unreliable. The Times spent 150 person-hours redoing searches for evidence of misuse, which they claim was hampered further by OpenAI’s delay in responding to additional search requests. The newspaper has requested that OpenAI directly identify any copyrighted material it used instead of placing the burden on the plaintiffs. OpenAI denied intentional wrongdoing and plans to respond to the allegations. This lawsuit is one of several high-profile cases questioning the legality of using copyrighted material in training generative AI systems like ChatGPT.
READ THE STORY: The Register
NYTimes vs OpenAI: Generative AI and the Law with Cecilia Ziniti, Founder and CEO of GC AI (Video)
FROM THE MEDIA: In this episode, Nathan sits down with tech lawyer Cecilia Zeniti, Founder & CEO of GC AI, the AI for in-house counsel. They discuss the origins of IP law in the US Constitution to promote creativity, the "fair use doctrine" and how OpenAI could argue ChatGPT is transformative, Google's patenting strategy around the transformer, and much more.
The DOJ Goes After Google Chrome (Video)
FROM THE MEDIA: Bloomberg's Caroline Hyde discusses the DOJ's push on Google to sell off its Chrome browser over concerns of a "search" monopoly. And, Roblox aims to enhance its child safety policies with the aid of AI. Plus, SpaceX hopes for a "catch" repeat as it readies to launch its Starship rocket with President-elect Trump in attendance.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.