In the Spotlight this Week:
- Taiwan’s Presidential Office Website Hit By Cyber Attacks and Suspected Drones Found Flying Near Kinmen, Expecting to See Increased ‘Psychological Warfare’ after Nancy Pelosi Visit
- Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike
- New Digital and Intelligence Service (DIS) to be Set Up After Amendments to the SAF Act
- Australian Hacker Charged with Creating, Selling Spyware to Cyber Criminals
- Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys
The Taiwan’s presidential office fell victim to an overseas cyber attack on Tuesday, before US House of Representatives Speaker Nancy Pelosi’s arrival later that day. The website was malfunctioning for a short period of time. Taiwanese authorities have claimed that the overseas cyber attacks were launched by China and Russia and that cyber attacks had officially surpassed 15, 000 gigabits, 23 times higher than the previous daily record.
Taiwan expects to see increased ‘psychological warfare’ in the upcoming days that aim to sway public opinion via misinformation and influence campaigns.
Following the highest-level US visit to Taiwan in 25 years, the Taiwanese government has pledged to step up security at the country’s key infrastructures, including power plants and airports as well as increasing the cyber security alertness level across government offices after finding suspicious drones flying over outlying Taiwanese islands and fired flares to drive the drones away.
Cyber security researchers have disclosed a new offensive hacking framework called Manjusaka used by Chinese hackers. This new framework carries similarities to Sliver and Cobalt strike, which are both legitimate adversary emulation frameworks that have been repurposed by hackers to move laterally within the network. Manjusaka is written in Rust, and has the capability to target both Windows and Linux operating systems. Some of its supported functionalities include executing arbitrary commands, and harvesting credentials from browsers amongst other things. Preliminary evidence suggests active development of Manjusaka or that its components are being used as part of ransomware-as-a-service (Raas).
The Singapore Armed Forces (SAF) will establish a new Digital and Intelligence Service (DIS) after new amendments to the SAF Act and the Constitution were passed in parliament. These changes will grant the Chief of Digital and Intelligence Service (CDI) legal power to discharge their duty and authority to lead the DIS during a conflict, as part of the SAF.
The digital domain has increasingly become a battle terrain which has the ability to severely impact the security and sovereignty of a country if left unchecked. With increasing prevalence of disinformation in warfare and cyber threats, the SAF needs the dedicated service of the DIS to raise, train, and sustain cyber troops to defend Singapore’s digital borders.
An Australian national has been charged with creating and selling spyware for use by domestic violence perpetrators and child sex offenders. The 24-year-old Australian national created the remote access trojan (RAT) when he was 15 while also administering the tool for 6 years. He then sold the spyware under the name Imminent Monitor (IM) to more than 14,500 individuals across 128 countries. The investigation, codenamed Cepheus, started in 2017 saw 85 search warrants for the Australian National executed globally in collaboration with more than a dozen European law enforcement agencies. This culminated in the confiscation of 434 devices and arrests for 13 people who were deploying the malware maliciously. 201 individuals obtained the RAT in Australia with 14.2% of these buyers named on domestic violence orders.
Cyber security researchers have recently uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, which can be utilized to gain unauthorized access to the relevant Twitter accounts by leaking legitimate Consumer Key and Consumer Secret information. Once they have access to these accounts, hackers can carry out a range of actions such as reading direct messages or arbitrary actions such as retweeting, liking and deleting tweets, following accounts, removing followers amongst other things. A malicious threat actor in possession of this information can then create a Twitter bot army that could be leveraged to spread disinformation, or to launch large-scale malware campaigns.