Thursday, February 17, 2022 // (IG): BB //Weekly Sponsor: BLKTRIANGLE
Ukraine accuses Russia of cyber-attack on two banks and its defense ministry
FROM THE MEDIA: Ukraine accused Russia on Wednesday of being behind a cyber-attack that targeted two banks and its defense ministry, which the country’s deputy prime minister said was the largest of its type ever seen. The Kremlin denied it was behind the denial of service attacks – attempts to overwhelm a website by flooding it with millions of requests – but the disruption reignited wider concerns of ongoing cyberconflict. Ilya Vityuk, cybersecurity chief of Ukraine’s SBU intelligence agency, said it was too early to definitively identify specific perpetrators, as is typically the case with cyber-attacks, where perpetrators make efforts to cover their tracks. But the official added: “The only country that is interested in such … attacks on our state, especially against the backdrop of massive panic about a possible military invasion, the only country that is interested is the Russian Federation.” Denying responsibility, Kremlin spokesperson Dmitry Peskov said: “We do not know anything. As expected, Ukraine continues blaming Russia for everything”. He added that Russia had had “nothing to do with” the denial of service attacks.
READ THE STORY: The Guardian
A QUICK LOOK:
Russian Actors Targeting US Defense Contractors in Cyber Espionage Campaign, CISA Warns
FROM THE MEDIA: State-sponsored threat actors from Russia have stolen unclassified but sensitive data on US weapons development and specific technologies used by the US military and government as part of a broader and ongoing cyber espionage campaign going back to at least January 2020. The campaign's victims have included big and small private companies and contractors that have obtained security clearance to do work for the US Department of Defense and the intelligence community, the US Cybersecurity and Infrastructure Security Agency (CISA) said in an alert Wednesday. These cleared defense contractors (CDCs) support contracts for the US government in multiple areas, including weapons and missile development, intelligence and surveillance, combat systems, and vehicle and aircraft design. The CISA alert did not identify any Russian state actor by name. But in describing several of the tactics, techniques, and procedures (TTPs) used In the campaign, the report pointed to a MITRE group description of APT28, aka Fancy Bear, a threat group that the US government has linked to GRU, Russia's main intelligence directorate. The threat actor has been associated with numerous high-profile cyber incidents, including the breach at the Democratic National Committee during the run-up to the 2016 presidential election and a sustained campaign against the World Anti-Doping Agency between 2014 and 2018. In 2018 the US indicted seven Russian intelligence officers for their roles in the campaign.
READ THE STORY: Darkreading
A QUICK LOOK:
Cyber's rules of engagement fuzzy
FROM THE MEDIA: President Joe Biden couldn't have been more blunt about the risks of cyberattacks spinning out of control. "If we end up in a war, a real shooting war with a major power, it's going to be as a consequence of a cyber breach of great consequence," he told his intelligence brain trust in July. Now tensions are soaring over Ukraine with Western officials warning about the danger of Russia launching damaging cyberattacks against Ukraine's NATO allies. While no one is suggesting that could lead to a full-blown war between nuclear-armed rivals, the risk of escalation is serious. The danger is in the uncertainty about what crosses a digital red line. Cyberattacks, including those that cripple critical infrastructure with ransomware, have been on the rise for years and often go unpunished. It's unclear how grave a malicious cyber operation by a state actor would have to be to cross the threshold to an act of war. "The rules are fuzzy," said Max Smeets, director of the European Cyber Conflict Research Initiative. "It's not clear what is allowed, what isn't allowed."
READ THE STORY: The Roanoke Times
A QUICK LOOK:
Cyber soldiers and the final frontier will influence the next war. Is Australia ready?
FROM THE MEDIA: Australia’s cyber spy agency now has a warning for criminal hackers and other nation states: if you attack us, we have the capabilities to attack you. This is the message Australian Signals Directorate boss Rachel Noble sent when she talked about her agency’s “offensive capabilities” at the National Press Club in Canberra. “Offensive cyber has been fully integrated into ASD’s signals intelligence and cyber security functions and is a mature component of the OneASD mission – to protect our national security,” she said. Noble’s speech in November marked the completion of an important shift under way for a number of years at ASD, which had previously only ever talked about its defensive capabilities. Cyber attacks are already a key feature of the “grey zone” warfare being waged by authoritarian countries like China, Russia and Iran. The grey zone refers to a growing area of political warfare that falls somewhere between war and peace and also includes disinformation campaigns, intellectual property theft, coercion and propaganda. While western democracies engaged in the grey zone extensively during the Cold War, they may have dropped the ball after the fall of the Soviet Union and let authoritarian countries gain ascendancy in this arena. Because they are not restricted by the same rules and norms, authoritarian regimes love to compete in the grey zone as they can seek an advantage by asymmetric means.
READ THE STORY: SMH
A QUICK LOOK:
Moses Staff Hackers Targeting Israeli Organizations for Cyber Espionage
FROM THE MEDIA: The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff is believed to be sponsored by the Iranian government, with attacks reported against entities in Israel, Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S. Earlier this month, the hacker collective was observed incorporating a previously undocumented remote access trojan (RAT) called "StrifeWater" that masquerades as the Windows Calculator app to evade detection. "Close examination reveals that the group has been active for over a year, much earlier than the group's first official public exposure, managing to stay under the radar with an extremely low detection rate," findings from FortiGuard Labs reveal. The latest threat activity involves an attack path that leverages the ProxyShell vulnerability in Microsoft Exchange servers as an initial infection vector to deploy two web shells, followed by exfiltrating Outlook Data Files (.PST) from the compromised server.
READ THE STORY: THN
A QUICK LOOK:
Reconnaissance Hacking, The New Russia/China Alliance, Ukraine, And What That Means For The World
FROM THE MEDIA: Reconnaissance Hacking, The New Russia/China Alliance, Ukraine, and What That Means for The World. With things moving quickly in real time regarding the ongoing Ukraine crisis, a new cyber offensive. Thought to be initiated by Russia, is menacing the Ukraine with DDOS attacks. But regardless of whether or not Russian forces actually attack Ukraine. The world should have concern over the recently announced Russia-China alliance that’s declaring a “new era” in geopolitics. The new cooperative seeks to challenge the US as the world’s top superpower. And involves the two most prolific hacking nation-states in the world. The fact is, that both Russia and China have been engaging in the practice of reconnaissance hacking. For upwards of a decade! And that gives both nations an ability to remotely attack American or international targets. Although any Russian attacks against Ukraine would certainly confront force from NATO. The Kremlin, and potentially their newly reinforced ally China, could immediately initiate a widespread cyber offensive operation in retaliation. And if the allies of Russian and Chinese, cyber powers Iran and North Korea, join the fray, things could get very ugly very quickly. Since about mid-January, the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Agency (CISA) have issued warnings of potential cyberattacks. Their fear is based on years of consistent cyberattacks coming from both Russian and Chinese intelligence agencies, with assistance from their respective state-sponsored hacking groups, known as Advanced Persistent Threats (APTs).
READ THE STORY: Rebellion Research
A QUICK LOOK:
US says Russian hackers have collected intelligence from American defense contractors
FROM THE MEDIA: Russian government-backed hackers have acquired sensitive information on the development and deployment of US weapons by breaching American defense contractors over the last two years, US security agencies said in a public advisory on Wednesday. The information gathered is unclassified, but offers "significant insight into US weapons platforms development and deployment timelines," and also covers export-controlled technology, according to the FBI, National Security Agency and US Cybersecurity and Infrastructure Security Agency (CISA). It's one of the clearest public statements yet from the US government on how Kremlin-linked hackers have gathered intelligence on US defense contractors — a problem Washington has faced for years. The intrusions hit contractors supporting every US military branch, including the Air Force, Army, Navy and Space Force, as well as firms that work on defense and intelligence programs, US officials said.
READ THE STORY: CNN
A QUICK LOOK:
US-China Tensions and the Fight Over Semiconductor Supply Chains
FROM THE MEDIA: As the COVID-19 pandemic continues to disrupt production and distribution, Western countries must reassess the geostrategic risks of global supply chains. This is a prime opportunity for the United States to show leadership. Supply chains are increasingly at the center of the technological cold war between the U.S. and China—none more so than the semiconductor supply chain. This trillion-dollar industry presents the U.S. with unique strategic challenges and national security risks, which illuminates both the importance and fragility of the semiconductor supply chain. Semiconductors, typically called chips, are ubiquitous in modern life. They are found not only in critical defence systems but also in energy, finance, and communications products. The production of a single computer chip often requires more than a thousand steps, passing through numerous international borders. This complicates trust in the supply chain and increases opportunities for foul play by malicious insiders and foreign agents alike, who can exploit and steal sensitive technology. William Evanina, former director of the National Counterintelligence and Security Center, explains, “Exploitation of our supply chains by foreign adversaries—especially when executed in concert with cyber intrusions and insider threat activities—represents a direct and growing threat to strategically important U.S. economic sectors and critical infrastructure.” If economic espionage and supply chain security are not taken seriously, America’s long-term competitive economic advantage will be unfairly eroded, and its security compromised. This increases the need to develop U.S. supply chain resilience through a layered defense that addresses both cyber weaknesses and insider threats.
READ THE STORY: The Daily Signal
A QUICK LOOK:
Researchers Warn of a New Golang-based Botnet Under Continuous Development
FROM THE MEDIA: Cybersecurity researchers have unpacked a new Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. "Kraken already features the ability to download and execute secondary payloads, run shell commands, and take screenshots of the victim's system," threat intelligence firm ZeroFox said in a report published Wednesday. Discovered first in October 2021, early variants of Kraken have been found to be based on source code uploaded to GitHub, although it's unclear if the repository in question belongs to the malware's operators or if they simply chose to start their development using the code as a foundation. The botnet – not to be confused with a 2008 botnet of the same name – is perpetuated using SmokeLoader, which chiefly acts as a loader for next-stage malware, allowing it to quickly scale in size and expand its network. Kraken's features are said to be constantly evolving, with its authors fiddling with new components and altering existing features. Current iterations of the botnet come with functions to maintain persistence, download files, run shell commands, and steal from different cryptocurrency wallets.
READ THE STORY: THN // ZeroFox
A QUICK LOOK:
Nuclear Regulators Want Machines to Monitor Cyberattacks on Power Plants
FROM THE MEDIA: Federal nuclear regulators want external researchers to demonstrate how artificial intelligence and machine learning can pinpoint cyberattacks against the nation’s nuclear power plants. “To prepare to regulate nuclear applications of AI/ML, the [Nuclear Regulatory Commission] plans to conduct research activities to develop insights and fundamental knowledge about AI/ML and the AI/ML use case,” NRC officials wrote in a recent federal contracting notice. This request comes almost a year since the commission asked for feedback regarding how AI and ML technologies are used in nuclear power operations—and will be used down the line. For this latest work, the NRC wants to collaborate with an entity that can provide existing personnel, equipment and facilities to implement a test case for full assessment. “The research conducted by the vendor is expected to produce data that evaluates the impacts of AI/ML concepts, technologies and applications on nuclear power cybersecurity outcomes and programs, especially those outcomes and programs that may be relevant to new and advanced reactor designs,” officials wrote.
READ THE STORY: Cyber Reports
A QUICK LOOK:
Items of interest
Poisoned pipelines: Security researcher explores attack methods in CI environments(Article)
FROM THE MEDIA: A security researcher has described how abusing permissions in source code management (SCM) repositories can lead to CI poisoning, or ‘poisoned pipeline attacks’. Developer environments, including continuous integration (CI) and continuous delivery (CD) platforms, are fundamental building blocks for merging code, automating software builds, testing, and delivering code to DevOps projects. Omer Gil, head of research at Cider Security, said in a technical blog post dated February 8 that due to the critical functions CI and CD environments play, they are also a “major part of today’s attack surface” and often contain an organization’s secrets and credentials. Attackers able to compromise CI/CD environments may be able to access production areas or delivery mechanisms for wider supply chain attacks. Recent examples include poisoned software updates delivered by SolarWinds and Codecov, as well as an intrusion at Kaseya.
READ THE STORY: Cyber Reports
Can Nuclear Power Plants Be Hacked? (Video)
FROM THE MEDIA: Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, speaks to Sr. Producer Nate Nelson about the cybersecurity of Nuclear facilities. How protected are modern nuclear power plants?
High Resolution - Russia's Private Military Companies(Video)
FROM THE MEDIA: In recent years, Russia has expanded its overseas use of private military companies (PMCs) to increase its influence through irregular means, warranting a more substantive and coordinated response from the United States and its partners. In this episode of High Resolution, CSIS’s Seth G. Jones and Joseph S. Bermudez Jr. discuss this growing trend, including evidence from satellite imagery of Russian PMC bases.E
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com