Cyber Watch – March 22, 2024

Cyber Watch | DigitalXForce


Welcome to Cyber Watch series for today, March 22, 2024. At DigitalXForce, our Cyber Intelligence team curates a list of the latest cybersecurity news to keep you informed of stories that matter every week.  

This week’s Cyber Watch top 10 list is a compilation of stories from 50+ relevant news sources across the web – all ranked according to the risk impact. We encourage you to review these stories and take steps to protect your organization. Click on each headline to read the full story.


U.S. Sanctions Russian Individuals, Companies for Cyber Influence Operations

The U.S. Treasury Department has announced sanctions against two Russian nationals and their respective companies for engaging in malign cyber influence operations. The targeted individuals, Ilya Andreevich Gambashidze and Nikolai Aleksandrovich Tupikin, along with their companies Social Design Agency (SDA) and Company Group Structura LLC, have been accused of providing services to the Russian government in connection with a foreign influence campaign known as Doppelganger.

The Doppelganger campaign, active since at least February 2022, has targeted audiences in Europe and the U.S. through the creation of inauthentic news sites and social media accounts. According to the Treasury Department, SDA and Structura were responsible for creating websites designed to impersonate government organizations and legitimate media outlets in Europe, as well as disseminating content originating from those spoofed sites.

The sanctions highlight the U.S. government’s ongoing efforts to counter Kremlin-backed disinformation campaigns and protect democratic processes from foreign interference. The move comes amid heightened concerns over Russia’s use of cyber influence operations to further its strategic interests, particularly in the context of its ongoing war against Ukraine.

In addition to the sanctions, the U.S. House of Representatives recently passed bills aimed at protecting Americans’ sensitive data from foreign adversaries and addressing national security concerns surrounding the Chinese-owned video-sharing platform TikTok.

Malware-as-a-Service Campaign Targets Indian Android Users

A malicious campaign offering malware-as-a-service (MaaS) is actively targeting Android users based in India. According to cybersecurity firm Broadcom, this campaign distributes malicious APK packages disguised as helpful apps, such as customer support services, online bookings, or billing and courier services.

The primary objective of this campaign is to steal sensitive information from victims’ devices, including banking information, SMS messages, and other confidential data. This poses a significant threat to the privacy and security of affected Android users in India.

Broadcom’s findings reveal that the malicious actors behind this campaign are leveraging the appeal of seemingly legitimate and useful applications to lure unsuspecting users into downloading and installing the malware-laden packages. Once installed, these malicious apps can silently operate in the background, gathering and exfiltrating sensitive data without the user’s knowledge or consent.

To protect themselves from this ongoing threat, Android users in India are advised to exercise caution when downloading applications and to rely solely on trusted sources such as official app stores. Additionally, keeping devices updated with the latest security patches and utilizing reputable security software can help mitigate the risks associated with this malware-as-a-service campaign.

Proposed Bill Mandates Labeling of AI-Generated Content to Combat Deepfakes

Legislation has been introduced in the House of Representatives that would require the identification and labeling of online images, videos, and audio generated using AI. This move aims to rein in the rapidly developing technologies that, if misused, could easily deceive and mislead the public.

Deepfakes, created by AI, have become increasingly sophisticated and challenging to distinguish from genuine media. These AI-generated content can mimic voices, impersonate celebrities, and even depict world leaders in compromising situations, raising concerns about the potential for widespread misinformation, exploitation, and erosion of public trust.

The proposed legislation seeks to address these concerns by mandating that AI developers identify content created using their products with digital watermarks or metadata, similar to how photo metadata records the location, time, and settings of a picture. Online platforms like TikTok, YouTube, or Facebook would then be required to label the content in a way that notifies users of its AI-generated nature.

Key provisions in the bill would task the National Institute of Standards and Technology (NIST), a small agency within the U.S. Department of Commerce, with crafting the final details of the proposed rules. Violators of these rules would be subject to civil lawsuits.

UN Adopts First Global AI Resolution to Protect Human Rights

The United Nations General Assembly unanimously adopted the world’s first global resolution on artificial intelligence (AI) on Thursday. Proposed by the United States and co-sponsored by 122 nations, including China, this non-binding resolution aims to address the potential risks posed by AI systems and safeguard human rights.

The resolution calls for the protection of personal data, monitoring of AI for risks, and the strengthening of privacy policies. It acknowledges the potential dangers of the “improper or malicious design, development, deployment and use of artificial intelligence systems,” which could undermine human rights and fundamental freedoms.

Negotiated over three months, the resolution represents a truly global consensus on the responsible development and use of AI. It strikes a balance between furthering technological advancement while upholding human rights and values, as stated by a senior US administration official.

This initiative comes amid growing concerns over the potential misuse of AI for disrupting democratic processes, enabling fraud, or causing job losses. While non-binding, the resolution sets a precedent for future international efforts to regulate AI and mitigate its potential harms.

Russia Targets Ukrainian Telecoms with New ‘AcidPour’ Wiper Malware

Cybersecurity researchers at SentinelLabs have uncovered a new and more potent malware variant being used by Russia to target Ukrainian telecommunication networks. Dubbed ‘AcidPour,’ this wiper malware is an advanced version of the previously employed ‘AcidRain,’ which was instrumental in disrupting vital Ukrainian military communications during the early stages of the Russian invasion.

The discovery of AcidPour coincides with ongoing internet service disruptions experienced by Ukrainian internet service providers (ISPs), raising alarms about a potential coordinated cyberattack. Analysts have confirmed the connection between AcidPour and the infamous AcidRain, linking the new malware to threat clusters previously attributed to Russian military intelligence.

Wipers are a particularly destructive form of malware designed to permanently erase or sabotage data on compromised systems, often employed as part of larger cyber warfare campaigns. SentinelLabs warns that AcidPour expands upon AcidRain’s capabilities, amplifying its destructive potential and posing a grave threat to Ukraine’s telecommunication infrastructure.

Polycab India Hit by Ransomware Attack, Core Operations Unaffected

Polycab India Limited, a prominent manufacturer of wires and cables, has reported a significant ransomware attack on its IT infrastructure. The company promptly disclosed the breach in compliance with the SEBI (Listing Obligations and Disclosure Requirements) Regulations, demonstrating transparency and adherence to regulatory norms.

Upon detecting the cyber-attack, Polycab India swiftly initiated containment measures and commenced a comprehensive assessment of the breach’s impact. The company has proactively informed the relevant authorities and is currently collaborating with cybersecurity experts to mitigate the effects of the ransomware attack and fortify its defenses.

While the ransomware incident’s severity cannot be understated, Polycab India has reassured stakeholders that its core systems remain operational, and manufacturing processes have not been compromised. This swift response has enabled the company to maintain continuity in its operations, minimizing potential disruptions.

The ransomware attack serves as a stark reminder of the ever-present cybersecurity threats facing businesses, particularly those in critical sectors such as manufacturing and infrastructure. Polycab India’s transparent disclosure and swift actions underscore the importance of robust cybersecurity measures and incident response protocols in safeguarding operations and upholding stakeholder trust.

CISA Warns of Imminent Chinese Cyber Threat to U.S. Critical Infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning to leaders of critical infrastructure organizations regarding an imminent cyber threat posed by Chinese state-sponsored actors known as “Volt Typhoon.” The warning comes after a significant advisory released on February 7, 2024, in collaboration with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and other partners.

The advisory confirms that Volt Typhoon has been actively infiltrating networks of U.S. critical infrastructure organizations across various sectors, including communications, energy, transportation systems, and water and wastewater systems. This infiltration is seen as a strategic move to potentially disrupt or destroy critical services in the event of escalating geopolitical tensions or military conflicts involving the United States and its allies.

In response to this imminent threat, CISA and its partners have released a fact sheet providing guidance to executive leaders of critical infrastructure entities on prioritizing the protection of critical infrastructure and functions. The fact sheet emphasizes recognizing cyber-risk as a core business risk, essential for both good governance and national security.

Hackers Exploit JetBrains Flaw to Deliver Ransomware, RATs, and Miners

Threat actors are actively exploiting a critical authentication bypass vulnerability in JetBrains’ TeamCity software to deploy a range of malicious payloads, including ransomware, remote access tools (RATs), and cryptocurrency miners, according to research published by Trend Micro on Tuesday.

The vulnerability, tracked as CVE-2024-27198, along with a high-severity directory traversal flaw (CVE-2024-27199), was fixed and disclosed by JetBrains on March 4th. However, within just one day of the disclosure, Trend Micro researchers observed the first signs of active exploitation, with multiple malicious actors leveraging the vulnerability to carry out their attacks.

Among the post-exploitation payloads observed were the Jasmin ransomware, SparkRAT backdoors, and XMRig cryptocurrency miners, highlighting the diverse range of threats posed by this vulnerability. Trend Micro’s Vice President of Threat Intelligence, Jon Clay, expressed concern over the rapid exploitation of newly disclosed vulnerabilities, stating that “once new vulnerabilities are disclosed, and public proof-of-concept codes are published, we regularly start seeing many attacks by many adversaries taking advantage of these quickly.”

The critical nature of the vulnerability, which enables unauthenticated attackers to create administrator accounts and achieve remote code execution on on-premises instances of the TeamCity continuous integration and continuous development (CI/CD) platform, has made it an attractive target for cybercriminals.

Unidentified Chinese APT Group Compromises 70 Organizations Globally

A sophisticated and previously undetected cyberespionage campaign, dubbed “Earth Krahang” by researchers at Trend Micro, has been attributed to an advanced persistent threat (APT) group with suspected links to China. Over the course of two years, this formidable threat actor successfully compromised at least 70 organizations across 23 countries, primarily targeting government entities.

The findings, published on March 18th, reveal a well-coordinated and far-reaching campaign that employed a multifaceted approach to infiltrate its targets. Earth Krahang exploited known vulnerabilities in public-facing servers, leveraged spear-phishing emails, and deployed previously unseen backdoor malware to establish a foothold within compromised networks.

Notably, the campaign exhibited a strong focus on Southeast Asia, although organizations in America, Europe, and Africa were also targeted. Researchers Joseph Chen and Daniel Lunghi highlighted the group’s abuse of trust between governments as a key tactic, frequently using compromised government web servers to host their malicious payloads and disseminate download links to other government entities through carefully crafted spear-phishing emails.

US DOJ Sues Apple Over Messaging Monopoly, Alleging Security Compromises

In a landmark antitrust lawsuit filed on Thursday, the U.S. Department of Justice (DOJ), joined by 16 state and district attorneys general, has accused Apple of illegally maintaining a monopoly over smartphones, undermining the security and privacy of users when messaging non-iPhone users.

The complaint alleges that Apple selectively compromises privacy and security interests when it aligns with the company’s financial and business interests. Specifically, it cites the degradation of security for text messages sent from iPhones to non-Apple devices, which default to the less secure SMS format instead of the end-to-end encrypted iMessage protocol.

Furthermore, the lawsuit alleges that Apple has blocked attempts by third-parties to bring secure cross-platform messaging experiences between iOS and Android platforms. The case of Beeper, a service that reverse-engineered the iMessage protocol to offer an Android client, is highlighted, with Apple shutting down the efforts citing security and privacy risks.

The DOJ argues that these limitations create a powerful network effect, driving consumers to continue buying iPhones and making them less likely to switch to competing devices. By rejecting solutions that would allow for cross-platform encryption, Apple continues to make iPhone users less secure than they could otherwise be, the lawsuit states.

The complaint comes amidst increasing scrutiny over Apple’s tightly-controlled software ecosystem, often referred to as the “walled garden,” which regulators say locks in customers and developers. Apple has defended its practices, stating that the lawsuit threatens the company’s principles and could set a dangerous precedent for government intervention in technology design.

That’s all for today. Stay tuned for our next episode. See you next week!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top

How Can We Help?

Lets collaborate for mutual success