Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+666: Kyivstar attack may represent a new cyber phase of the hybrid war. (CyberWire) Unattributed cyberespionage campaigns afflict both sides. The Kyivstar cyberattack is now regarded as the most effective Russian cyber operation since its attack against Viasat ground stations in the opening hours of the invasion.
The case of al-Shifa: Investigating the assault on Gaza’s largest hospital (Washington Post) Weeks before Israel sent troops into al-Shifa Hospital, its spokesman began building a public case.
Hamas leader says hostage deal is ‘all or nothing’ (The Telegraph) Yahya Sinwar has reportedly insisted on a lasting ceasefire and the release of all Palestinian prisoners, including high-profile figures
Israel Mostly Excluded From Talks as America Signals Support for UN Resolution Seeking Increase in Gaza Humanitarian Aid (The New York Sun) The scheme being considered has been tried before — under the now-infamous name of oil-for-food.
Israel’s Muddled Strategy in Gaza (Foreign Affairs) Time to make hard choices.
Opposition to Israel’s war for survival fails to understand Hamas’s goals (Atlantic Council) Calls for an immediate and permanent ceasefire, beyond humanitarian pauses, are implicitly advocating for a Hamas victory.
In Dealing With the Israeli-Palestinian Conflict, America Has No Easy Way Out (Foreign Affairs) Biden must take risks, talk straight, and act boldly.
Distortion by design (Atlantic Council) Almost as soon as the Israel-Hamas war began, it collided with the engineering and policy decisions of social media companies. On Telegram, terrorist content spread mostly uncontested; on X, false claims proliferated. Accusations of anti-Palestinian bias at Meta and pro-Palestinian bias at TikTok added to the confusion. Can the platforms thread this needle?
Opinion How the battle for democracy will be fought — and won (Washington Post) In September last year, three days after widespread protests broke out across Iran over the death of a young woman detained for not fully covering her hair with a hijab, the authorities blocked the internet.
Kyiv Targeted By Mass Russian Drone Attack (RadioFreeEurope/RadioLiberty) The Ukrainian capital, Kyiv, was targeted by more than two dozen drones launched by Russia early on December 22, injuring two people.
Analysts say Ukraine's forces are pivoting to defense after Russia held off their counteroffensive (AP News) A British military analysis says Ukraine’s armed forces are taking up a more defensive posture, after their summer counteroffensive failed to achieve a major breakthrough against Russia’s army and as winter weather sets in after almost 22 months of war.
Ukrainian spies vow to stab Russia ‘with a needle in the heart’ (POLITICO) Chief of SBU intelligence service warns Putin to expect ‘surprises’ in 2024.
Ukraine in Europe: One Hard-Earned Step Closer (Wilson Center) On December 14, 2023, the European Council adopted an historic decision to open membership negotiations with Ukraine and Moldova, and to grant candidate status to Georgia.
Orban acknowledges EU can provide aid to Ukraine without Hungary’s (EMEA Tribune) Hungarian Prime Minister Viktor Orban has acknowledged that European Union member states have the autonomy to provide assistance to Ukraine independently, bypassing the need for consensus within the
Orban Says He Accepted Zelenskiy's Invitation To Discuss Ukraine's EU Membership Hopes (RadioFreeEurope/RadioLiberty) Hungarian Prime Minister Viktor Orban says he has accepted an invitation from Ukrainian President Volodymyr Zelenskiy to hold a bilateral meeting, which would be the first between the two leaders since Russia launched its full-scale invasion of Ukraine.
Putin scents historic victory amid growing signs of Western weakness (Atlantic Council) Recent indications of growing Russian confidence in victory over Ukraine owe much more to Western weakness than to the Kremlin’s own military might, writes Peter Dickinson.
Europe Must Ramp Up Its Support for Ukraine (Foreign Affairs) Abandoning Kyiv would embolden Russia—and lead only to more war.
Ukraine Should Take a Page out of Finland’s Fight With Stalin (Real Clear Defense) Helsinki had to sacrifice territory for autonomy, but its pride and prosperity soared.
A majority of Congressmen want more military aid for Ukraine (The Economist) They are being prevented from voting for it in the name of phoney populism
Threat Actor 'UAC-0099' Continues to Target Ukraine (Deep Instinct) Deep Instinct’s Threat Research team explores recent activities by threat actor "UAC-0099," including recent attacks on Ukrainian targets. It also examines common tactics, techniques, and procedures (TTPs), including the use of fabricated court summons to bait targets in Ukraine into executing malicious files.
Ukrainian remote workers targeted in new espionage campaign (Record) A group tracked as UAC-0099 exploited a high-severity vulnerability in WinRAR software to target Ukrainians outside the country, researchers at Deep Instinct said.
Cyber-espionage group Cloud Atlas targets Russian companies with war-related phishing attacks (Record) The hacker group known as Cloud Atlas targeted a Russian agro-industrial enterprise and a state-owned research company in a new espionage campaign, researchers have found.
Fog of cyber war: spies from Cloud Atlas attack Russian companies under the guise of supporting SVO participants (FACCT) FACCT experts analyzed new attacks by the Cloud Atlas spy group
Kyivstar Restores Full Services After Massive Hacker Attack (KyivPost) Ukraine’s largest mobile telephone operator is running again after a huge cyber-attack. Kyivstar will also cancel the plan fee for its users and allocate millions of dollars for the AFU.
Ukrainian telecoms hack highlights cyber dangers of Russia's invasion (Atlantic Council) An unprecedented December 12 cyber attack on Ukraine's largest telecoms operator Kyivstar left tens of millions of Ukrainians without mobile services and underlined the cyber warfare potential of Russia's ongoing invasion, writes Mercedes Sapuppo.
U.S. and Europe Eye Russian Assets to Aid Ukraine as Funding Dries Up (New York Times) Despite legal reservations, policymakers are weighing the consequences of using $300 billion in Russian assets to help Kyiv’s war effort.
The pitfalls of seizing Russian assets to fund Ukraine (Financial Times) Moscow must be made to pay, but without risking harm to global financial stability
Russia Adds Two Of Navalny's Self-Exiled Associates To Its Wanted List (RadioFreeEurope/RadioLiberty) The Russian Interior Ministry on December 21 added two self-exiled associates of imprisoned opposition politician Aleksei Navalny to its wanted list on unspecified charges.
Russia Launches Probe Against Self-Exiled Opposition Politician Leonid Gozman (RadioFreeEurope/RadioLiberty) Sources in Russian law enforcement on December 22 said a probe had been launched against self-exiled opposition politician Leonid Gozman on charge of spreading "fake" information about Russia's armed forces involved in Moscow’s ongoing invasion of Ukraine.
Kazakhstan To Extradite U.S.-Wanted Russian Cybersecurity Expert To Moscow (RadioFreeEurope/RadioLiberty) Russia's Prosecutor-General's Office said on December 21 that the Kazakh authorities would extradite Russian cybersecurity expert Nikita Kislitsin to Moscow, although he is also wanted in the United States for allegedly buying illegally obtained personal data.
Attacks, Threats, and Vulnerabilities
Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector (The Hacker News) Iranian threat actor targets Defense Industrial Base sector with a new backdoor called FalseFont.
‘Today FBI Got Him, Tomorrow They Will Get Me’: LockBit, BlackCat Unite to Form Cyber Cartel (The Cyber Express) In the aftermath of a successful takedown of Alphv ransomware infrastructure, an unexpected alliance has emerged. LockBit and BlackCat/APLHV, two
Bandook - A Persistent Threat That Keeps Evolving (Fortinet Blog) FortiGuard Labs has uncovered a fresh threat - the latest generation of
Bandook is being distributed via a Spanish PDF file. Learn more.…
BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (Proofpoint) Overview Throughout the summer and fall of 2023, DarkGate entered the ring competing for the top spot in the remote access trojan (RAT) and loader category. It was observed in use by multiple cybe...
8220 Gang Targets Telecom and Healthcare in Global Cryptojacking Attack (Hackread) The 8220 gang, believed to be of Chinese origins, was first identified in 2017 by Cisco Talos when they targeted Drupal, Hadoop YARN, and Apache Struts2 applications for propagating cryptojacking malware.
BidenCash darkweb market gives 1.9 million credit cards for free (BleepingComputer) The BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals.
Android malware Chameleon disables Fingerprint Unlock to steal PINs (BleepingComputer) The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices — disable fingerprint and face unlock to steal device PINs.
Instagram users targeted in elaborate backup code phishing scheme (9to5Mac) A new strain of Instagram phishing emails has been detected, in which attackers attempt to trick victims into forking over...
An iPhone Thief Explains How He Steals Your Passcode and Bank Account (Wall Street Journal) Thieves are stealing iPhones, passcodes and thousands of dollars from their victims’ bank accounts. WSJ’s Joanna Stern sat down with a convicted thief in a high-security prison to find how—and how you can protect yourself. Photo illustration: The Wall Street Journal
Patient data stolen in ransomware attack affecting millions of healthcare victims (TechRadar) Supply chain attack resulted in the theft of sensitive patient data
Kansas City-area hospital transfers patients, reschedules appointments after cyberattack (Register) "We expect this process to take time," Missouri's Liberty Hospital said earlier this week as it began responding to a disruption to its systems.
Data stolen in cyber attack on St Vincent's Health network (ABC) St Vincent's Health says there is evidence that "some data" has been removed from its system, but it is still working to determine what information had been stolen.
Title insurance giant First American offline after cyberattack (BleepingComputer) First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack.
First American is the latest cybersecurity attack victim (HousingWire) First American suffers cybersecurity attack less than a month after the firm agreed to pay New York $1 million in cybersecurity settlement.
Breach exposed data of more than 1,400 detainees and 400 staff members, Wyatt detention facility says (Boston Globe) The Wyatt detention facility in Central Falls said it discovered a data breach on Nov. 2, and that personal data has been posted on the dark web, including financial and medical information.
What Hacked Files Tell Us About The Studio Behind Spider-Man 2 (Kotaku) Internal documents show how a big PlayStation studio plans its future
CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-49897 FXC AE1021, AE1021PE OS Command Injection Vulnerability
CVE-2023-47565 QNAP VioStor NVR OS Command Injection Vulnerability
Security Patches, Mitigations, and Software Updates
OpenAI rolls out imperfect fix for ChatGPT data leak flaw (BleepingComputer) OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL.
Google Rushes to Patch Eighth Chrome Zero-Day This Year (SecurityWeek) Google warns of in-the-wild exploitation of CVE-2023-7024, a new Chrome vulnerability, the eighth documented this year.
ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature (SecurityWeek) ESET has patched CVE-2023-5594, a high-severity vulnerability that can cause a browser to trust websites that should not be trusted.
ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products (Security Affairs) ESET fixes flaw in Secure Traffic Scanning Feature that could have been exploited to cause web browsers to trust untrustworthy sites
Microsoft deprecates Defender Application Guard for some Edge users (BleepingComputer) Microsoft is deprecating Defender Application Guard (including the Windows Isolated App Launcher APIs) for Edge for Business users.
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool (Cybersecurity and Infrastructure Security Agency | CISA) CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations’ Microsoft 365 (M365) cloud services. This guidance release is accompanied by the updated SCuBAGear tool that assesses organizations’ M365 cloud services per CISA’s recommended baselines.
CISA Releases Two Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency | CISA) CISA released two Industrial Control Systems (ICS) advisories on December 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Trends
NCC Group Monthly Threat Pulse - November 2023 (NCC Group) Ransomware attacks in November rise 67% from 2022
Cyber Threat Intelligence Report - November 2023 (NCC Group) Welcome to NCC Group’s monthly Cyber Threat Intelligence Report, bringing you exclusive insight into the latest Threat Intelligence, updates on recent and emerging advances in the threat landscape and a deep understanding of the latest Tactics, Techniques and Procedures (TTPs) of threat actors.
Twitter’s Demise Is About So Much More Than Elon Musk (The Atlantic) TikTok is eating microblogging as we’ve always known it.
America’s Spam-Call Scourge (The Atlantic) How robocalls disturbed a nation
Marketplace
Cisco to Acquire Isovalent, Add eBPF Tech to Cloud Portfolio (SecurityWeek) Isovalent raised about 70 million in funding from prominent investors including Microsoft’s venture fund, Google, and Andreessen Horowitz.
Cisco to acquire cloud-native networking and security startup Isovalent (TechCrunch) Cisco is acquiring cloud native networking and security startup Isovalent, giving it a key set of cloud native technologies.
Is Microsoft The Answer To Cybersecurity Risks Or The Problem? (Investor's Business Daily) Its cybersecurity business is booming. So what about those hacks that gave it a black eye?
DeNexus expands re/insurance and Insurance-Linked Securities expertise with new senior hire (PR Newswire) DeNexus Inc, a provider of second-generation cyber risk quantification and management services to industrial enterprises and critical...
GCA Announces Three New Appointments for its Board of Directors (Global Cyber Alliance) The Global Cyber Alliance (GCA), an international nonprofit that builds communities to deploy tools, services, and programs that provide cybersecurity at global scale, announced the appointment of three new Board Members: Michael Lashlee, Executive Vice President, Deputy Chief Security Officer at Mastercard, who has been a long term strategic advisor to GCA with Mastercard being a valued Premium Partner and sponsor of our Cybersecurity Toolkit for Small Business; Kiersten Todt, former Chief of Staff of the Cybersecurity and Infrastructure Security Agency (CISA), and Greg Kapfer, formerly Board Member of the Public Interest Registry (PIR).
Products, Services, and Solutions
Socure Eliminates More Than 200K Synthetic Identities in 2023 (PR Newswire) Socure, the leading provider of artificial intelligence for digital identity verification, sanction screening, and fraud prevention, today...
NetSPI Celebrates Momentous Year for its Partner Program, Achieves 30% Growth in 2023 (PR Newswire) NetSPI, the global leader in proactive security, today celebrates the achievements of its Partner Program in 2023, which experienced...
QuSecure™ Launches QuProtect™ Post-Quantum Cryptography Cybersecurity Software in AWS Marketplace (Yahoo Finance) QuSecure™, Inc., a leader in post-quantum cryptography (PQC), today announced the availability of its cutting-edge cybersecurity software QuProtect™ in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that makes it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS). This strategic move marks a significant milestone not only for QuSecure but also for the PQC market...
Technologies, Techniques, and Standards
DOD Issues Civilian Harm Mitigation, Response Instruction (U.S. Department of Defense) Defense Department officials have completed work on a DOD instruction that incorporates the direction of the department's civilian harm mitigation and response action plan.
DOD INSTRUCTION 3000.17: CIVILIAN HARM MITIGATION AND RESPONSE (U.S. Department of Defense) Consistent with Section 936 of Public Law 115-232, also known and referred to in this
issuance as the “John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year
(FY) 2019”, as amended and codified as a note in Section 134 of Title 10, United States Code (U.S.C.),
this issuance:
• Establishes policy, assigns responsibilities, and provides procedures for civilian harm mitigation and
response (CHMR).
• Helps implement U.S. Government (USG) policy prescribed in Executive Order 13732.
• Helps implement the August 25, 2022 DoD Civilian Harm Mitigation and Response Action Plan
(CHMR-AP).
• Will be implemented through the phased approach established by the CHMR-AP.
As British Library faces fallout of cyber attack—what can arts bodies do to combat ransomware threats? (The Art Newspaper) A hack that has limited the British Library’s access to its digital systems is the latest in a series of online raids on cultural institutions
Design and Innovation
How to Build Trust in Artificial Intelligence (The Information) Last month, OpenAI fired and then rehired CEO Sam Altman. When the dust settled, Open AI emerged looking even more like a for-profit corporation than a nonprofit, with a board that is indistinguishable from those of other tech startups—right down to the lack of diversity. This is a clear ...
Legislation, Policy, and Regulation
The Premature Quest for International AI Cooperation (Foreign Affairs) AI regulation must start with national governments.
Can AI be creative? Global copyright laws need an answer. (Atlantic Council) Advances in generative artificial intelligence have revealed serious shortcomings in global copyright laws.
New rules in UK could reimburse fraud victims up to £415,000 ($525,000) (Record) Expected in October 2024, the new rules represent a radical change to who is liable for losses incurred in fraud such as romance and investment scams.
Cyber Security Association of India Emphasizes Importance of Cyber Security in Power Sector (India Technology News) Cyber Security Association of India (www.ncsai.in) under the chairmanship of Lt Gen (Dr.) Rajesh Pant, Former National Cyber Security Coordinator organised Power Sector
Congress wants spy agencies to hire more experts in financial intelligence, emerging technology (Federal News Network) Congress wants spy agencies to hire more experts in financial intelligence, emerging technology
Litigation, Investigation, and Law Enforcement
Turkey’s ‘disinformation law’ weaponized to target journalists: int’l NGOs (Turkish Minute) A new report released jointly by several international NGOs details the worsening press freedom environment in Turkey, accusing the government of instrumentalizing the recently passed “disinformation law” to harass and silence journalists, the Stockholm Center for Freedom reported, citing the Evrensel newspaper.
Teen Who Leaked ‘Grand Theft Auto VI’ as Part of Lapsus$ Gang Put in Secure Hospital by UK Judge (Bloomberg) Arion Kurtaj placed in hospital to protect public from harm. Two teens sentenced for hacking, blackmailing tech firms.
Teenage Lapsus$ hacker sentenced to indefinite hospital confinement (Computing) An 18-year-old hacker associated with the cybercrime group Lapsus$ has been sentenced to an indefinite stay in a secure hospital after being involved in high-profile data breaches and extortion attempts.
U.S. appeals court finalizes mandate for forfeiture of Silk Road bitcoin (The Block) A U.S. appeals court finalized a mandate on Wednesday that formalizes the forfeiture of 69,370 bitcoin connected to the Silk Road.
Darknet site “Kingdom Market” has fallen (Cybernews) Law enforcement has taken down the illegal marketplace known as “Kingdom Market,” which specialized in drug trade and malware.