Sponsored by Spectra Group
12 Sep 23. China, Russia will use cyber to sow chaos if war starts, Pentagon says. China and Russia are prepared to unleash a flurry of cyberattacks on U.S. critical infrastructure and defense networks should war break out, according to a Pentagon strategy unveiled this week.
Such tactics, meant to sow chaos, divert precious resources and paralyze military mobilization, were observed in Eastern Europe during Russia’s invasion of neighboring Ukraine, a conflict that colors the Pentagon’s new 2023 Cyber Strategy. An unclassified summary of the document was made public Sept. 12.
“The United States is challenged by malicious cyber actors who seek to exploit our technological vulnerabilities and undermine our military’s competitive edge,” its introduction reads. “They target our critical infrastructure and endanger the American people. Defending against and defeating these cyber threats is a Department of Defense imperative.”
Defense officials have long considered China and Russia national security hazards. While China poses the most-serious and long-term threat, they say, Russia presents more-immediate concerns. Both countries wield serious cyber arsenals. An International Institute for Strategic Studies report in 2021 placed China and Russia in tier two of its cyber powerhouse rankings. The U.S. sat in first.
The strategy, which supersedes a 2018 version, describes China as a “broad and pervasive” cyber espionage threat, one capable of absconding with defense trade secrets and monitoring U.S. citizens. It further labels Russia an online manipulator and harasser of critical infrastructure such as pipelines, hospitals and transportation.
“Cyber issues everywhere — in critical infrastructure, domestically and abroad — are something that’s front and center on the minds of our key senior leaders,” Gregory Touhill, a retired Air Force brigadier general and former federal chief information security officer, said Sept. 11 at a conference in National Harbor in Maryland. His comments came before the publication of the strategy’s summary.
“We continue to see critical infrastructure as a target for cyber-enabled attacks, including things like denial-of-service, malicious software, ransomware, theft of intellectual property,” he added. “We’re very concerned about that.”
The Pentagon’s strategy cleaves with the White House’s digital defense plans, which were rolled out in March. In them, the Biden administration vowed to employ “all instruments of national power” to disrupt and dismantle malicious cyber actors near and far.
Doing so will require significant collaboration with foreign governments, industry leaders and more.
“The nation’s constellation of diplomatic and defense relationships represents a foundational strategic advantage,” the Pentagon strategy reads. “In cyberspace, the capabilities of allies and partners combine with those of the United States to enable timely information sharing and interoperability as well as contribute to our collective security.” (Source: glstrade.com/ C4ISR & Networks)
08 Sep 23. White House Situation Room gets cutting-edge tech in $50m upgrade. The White House Situation Room — a space of great mystique and even greater secrecy — just got a $50m facelift.
Actually, “room” is a misnomer. It’s a 5,500-square-foot (511-square-meter), highly secure complex of conference rooms and offices on the ground floor of the West Wing.
These are rooms where history happens, where the president meets with national security officials to discuss secret operations and sensitive government matters, speaks with foreign leaders and works through major national security crises.
Where President Barack Obama and his team watched the raid that took down al-Qaida leader Osama bin Laden in 2011. Where President Donald Trump monitored the 2019 operation that killed Islamic State leader Abu Bakr al-Baghdadi. Where President Lyndon Johnson went over Vietnam War plans.
The latest redo was no small update: The total gut renovation took a year to complete.
The White House opened the classified space to a group of reporters this week for a rare visit to check out the new look. President Joe Biden got a tour on Tuesday and then received an intelligence briefing in the space, said Marc Gustafson, the Situation Room director.
“He loved it, he thought the update was fantastic,” Gustafson said.
“Folks, the newly renovated White House Situation Room is up and running,” Biden said in a post on X, formerly Twitter. “My thanks to everyone who worked on this incredible facility.
The renovated space has a modern-but-vintage vibe. Old floors, furniture, computers and other tech were stripped out and replaced with pristine mahogany paneling from Maryland, stonework from a Virginia quarry, LED lights that can change colors and flat-screen panels. See-through glass offices fade to opaque with the press of a button. The whole space has that new car smell. (Source: C4ISR & Networks)
14 Sep 23. Norway opts for new EW solutions from Rohde & Schwarz. The Norwegian Army will be equipped with new communications intelligence (COMINT) and jamming solutions from Rohde & Schwarz (R&S), Janes learnt at DSEI 2023. The new electronic warfare (EW) solutions are being delivered under the Heimdall project, which will enable the Norwegian Army to detect, locate, and analyse information faster and more efficiently while increasing their EW capabilities, Wolfgang Marchl, vice-president of R&S Government Solutions said in a company press release. Deliveries began in June 2023 and will conclude by the end of 2024, the managing director for the company’s Norwegian operations, Ove Ladegård, told Janes at DSEI. While Ladegård was unable to elaborate on specific technical details, he did mention that both new and existing vehicles will be equipped with the new EW systems. Norwegian publication ITromso reported on the Heimdall project noting that the military, specifically the Intelligence Battalion of the Army, are trialling the EW solutions at the Setermoen firing range. (Source: Janes)
15 Sep 23. Long-term cyber espionage campaign poses elevated risk to defence, pharmaceutical sectors. In a report released on 14 September, Microsoft disclosed information on Iranian state-sponsored actor ‘Peach Sandstorm’ (aka ‘APT33’, ‘Elfin’ and ‘HOLMIUM’). It stated the actor has used password spray techniques against thousands of organisations in a likely cyber espionage campaign since February 2023. The group uses a combination of public and custom tools for discovery, persistence and lateral movement, followed by data exfiltration in a small number of instances. This indicates that the operation is likely aimed at obtaining intelligence to bolster Iran’s strategic interests. The group also exploited known vulnerabilities in Atlassian Confluence (CVE-2022-26134) or Zoho ManageEngine (CVE-2022-47966) to gain initial access, rather than from password spraying. Peach Sandstorm targeted satellite, defence and pharmaceutical sectors globally in this campaign. These sectors therefore face elevated risks to reconnaissance operations by Peach Sandstorm in the medium to long term.(Source: Sibylline)
15 Sep 23. Cyber Executive summary.
- A new phishing campaign which exploits Microsoft Team’s chat function to distribute malware (‘DarkGate’) was observed using compromised external Office 365 accounts to trick users into opening a malicious ZIP file (see Sibylline Cyber Daily Analytical Update – 11 September 2023).
- An Iranian cyber threat group, ‘Charming Kitten’ conducted a long-term cyber espionage campaign targeting Brazil, Israel and the UAE using a previously undocumented backdoor (see Sibylline Cyber Daily Analytical Update – 12 September 2023).
- The Chinese-affiliated threat actor ‘Redfly’ was observed conducting a six-month long espionage campaign against an unnamed Asian national electric grid using the ‘ShadowPad’ malware to steal information (see Sibylline Cyber Daily Analytical Update – 13 September 2023).
- ‘Storm-0324’, a financially motivated threat group, is using Microsoft Teams to obtain access to networks via phishing messages; it then provides access for ransomware groups as part of a multi-stage campaign (see Sibylline Cyber Daily Analytical Update – 14 September 2023).
- The Iranian cyber threat group ‘Peach Sandstorm’ is using ‘password spray’ techniques against thousands of organisations as part of a cyber espionage campaign (see Sibylline Cyber Daily Analytical Update – 15 September 2023).
What you may have missed
North Korean threat actors are suspected of stealing approximately USD 53 m in cryptocurrency from the crypto-exchange CoinEx. The attack was picked up on 12 September when the exchange discovered unusual withdrawals from ‘hot wallets’ (online virtual currency wallets) storing user assets. Following the discovery, the exchange migrated all remaining assets to ‘cold’ (meaning offline) crypto storage wallets to prevent further theft. While CoinEx did not disclose further details about the campaign, the cyber security firm CertiK, attributed the attack to a North Korean threat group called ‘Lazarus’. The group has been responsible for around USD 377 m of crypto theft in 2023 as part of an effort to bolster Pyongyang’s missile development programme amid ongoing international trade sanctions against the country. As North Korea continues to struggle to generate legitimate economic profits, cryptocurrency will almost certainly remain a lucrative target for threat actors in the coming months.
Words of the week
Our cyber words of the week are: Tactics, Techniques and Procedures (TTPs) (Source: Sibylline)
12 Sep 23. DOD Releases 2023 Cyber Strategy Summary. Today, the Department of Defense (DOD) released an unclassified summary of its classified 2023 Cyber Strategy.
The 2023 DOD Cyber Strategy, which DOD transmitted to Congress in May, is the baseline document for how the Department is operationalizing the priorities of the 2022 National Security Strategy, 2022 National Defense Strategy, and the 2023 National Cybersecurity Strategy. It builds upon the 2018 DOD Cyber Strategy and will set a new strategic direction for the Department.
“This strategy draws on lessons learned from years of conducting cyber operations and our close observation of how cyber has been used in the Russia-Ukraine war,” Assistant Secretary of Defense for Space Policy John Plumb said. “It has driven home the need to work closely with our allies, partners, and industry to make sure we have the right cyber capabilities, cyber security, and cyber resilience to help deter conflict, and to fight and win if deterrence fails.”
The United States faces diverse, growing threats in cyberspace and the strategy outlines how DOD is maximizing its cyber capabilities in support of integrated deterrence and employing cyberspace operations in concert with other instruments of national power.
The strategy highlights DOD’s actions to invest in and ensure the defense, availability, reliability, and resilience of its cyber networks and infrastructure to support non-DOD agencies in their related roles and to protect the defense industrial base.
“Distinct from previous iterations, the strategy commits to increasing our collective cyber resilience by building the cyber capability of allies and partners.” Deputy Assistant Secretary for Cyber Policy Mieke Eoyang said. “It also reflects the department’s approach to defending the homeland through the cyber domain as well as prioritizing the integration of cyber capabilities into our traditional warfighting capabilities.”
The strategy is the fourth iteration for the Department, and the first to be informed by years of significant cyberspace operations. You can read the full summary on Defense.gov. (Source: US DoD)
14 Sep 23. Graphcore and Hadean to develop UK-sovereign artificial intelligence capabilities for national security. British spatial computing company, Hadean, and British AI/ML technologists, Graphcore, are joining forces to accelerate AI in defence by deploying best-in-class specialised AI hardware and software. The partnership aims to tackle problems at the heart of innovation in the defence space and ensure that national security services are able to harness and exploit new capabilities at the speed-of-relevance.
In the Defence industry, staying ahead of global competitors and adversaries requires reliable information to enable the clearest situational awareness, comprehensive training, and fastest decision-making possible. For AI-integrated training environments to enable “training as we fight” in the AI Age, you must have the best software capabilities and access to the best AI resources today. With the meteoric rise of AI being used in a majority of production, analysis, and business operations, ensuring these resources are available and working optimally with the right solution can be challenging. For the UK in particular, lack of sovereign control over the AI ecosystem presents risks to the country and its reliability to friends and allies.
Graphcore’s AI acceleration and Hadean’s Platform for Defence provides an optimal AI hardware and software solution. Graphcore’s specialised hardware design circumvents the manufacturing bottlenecks that beset GPU solutions, ensuring a ready supply of specialised AI hardware for defence applications. Hadean’s software, running on and uniquely optimised for Graphcore hardware, is empowered to deliver best-in-class AI capabilities, including in virtual training environments and integrated with the common operating pictures which Hadean deploys today. Together, Hadean and Graphcore will enable first class AI capabilities for first-class situational awareness, responsiveness, integration, and decision-making. This partnership of UK companies represents a significant contribution towards a UK-sovereign AI defence ecosystem.
Hadean CEO, Craig Beddis said: “Our partnership with Graphcore will turbo-charge the development and deployment of native AI capabilities and deliver the tools defence and national security leaders need to keep our democracies safe. Joining forces with a like-minded organisation like Graphcore is at the core of our partnership approach as we continue to build on our success of exploiting novel technologies and accelerating the digital transformation of defence.”
Sally Doherty, CMO & CRO at Graphcore, said: “Hadean’s metaverse infrastructure integrates legacy and AI-based simulations into a robust and scalable single synthetic environment and increasingly LLM / generative AI models which take advantage of Graphcore’s leading edge hardware and software. We are working closely with Hadean to ensure that our capabilities are fully optimised and integrated and that customers have access to the AI compute they need at the scale they need.”
Hadean is a UK-based spatial computing company that’s modernising the military training and simulation ecosystem. Our technology provides the spatial compute infrastructure that enables allies, domains, systems and technologies to deliver next generation multi-domain training, decision support, test and evaluation, and wargaming. Our customers and partners include BAE Systems, CAE, UK Ministry of Defence, British Army, Microsoft and Cervus. For more visit: https://defence.hadean.com/
Graphcore compute systems are accelerating the AI revolution. Powered by the ground breaking Intelligence Processing Unit (IPU), Graphcore delivers leading-edge AI performance with unprecedented efficiency. IPU platforms are used around the world by organisations building their intelligent compute capabilities, including AI-centric start ups, large multi-national corporations, Governments and public and private research institutions.
The company is based in Bristol, UK, with offices across Europe, Asia and North America. For more visit https://www.graphcore.ai/
12 Sep 23. KBR, DEWC partner to deliver spectrum security tech to ADF. KBR has announced a collaborative partnership with veteran-owned DEWC Services (DEWC) to work on activities related to spectrum security technology in support of the Australian Defence Force (ADF).
As part of the collaborative agreement, KBR and DEWC will share skills and experiences to develop novel solutions to meet some of the evolving electronic spectrum challenges currently faced by the ADF.
Nic Maan, vice-president of government solutions APAC at KBR, said, “We are very keen to get ahead of the curve in meeting the nation’s defence and security ambitions and we see enormous potential in our two companies working together.”
KBR’s global enterprise plays a central role in developing leading edge space and related capabilities including satellite, ground systems, space communications, and mission operations support across NASA and the US Department of Defense.
“KBR will leverage our history in space and spectrum management, protection and assurance from the US to transfer knowledge and capabilities to our Australian business in collaboration with DEWC,” Maan added.
DEWC is an Australian based specialist Command Control, Communications and Computing, Intelligence, Surveillance, Reconnaissance and Electronic Warfare (C4ISREW) business that supports the Department of Defence and related organisations in the areas of capability development, science and technology research, and operational support.
Alan Dundas, chief executive officer of DEWC, highlighted the role this collaborative partnership would play in future-proofing the ADF, saying, “DEWC is committed to supporting Defence via a range of mission-critical activities within C4ISREW. Working together, I believe that both DEWC and KBR can build upon our shared experience, helping increase mission success and ensure our warfighters can operate safely and effectively.”
KBR employs approximately 33,000 people performing diverse, complex, and mission-critical roles in 33 countries.
(Source: Defence Connect)
12 Sep 23. Iranian APT highlights increased risks facing firms using vulnerable internet-facing servers. On 11 September, the cyber security company ESET released a report about a long-term cyber espionage campaign conducted by the Iranian-linked threat group ‘Charming Kitten’ (also known as ‘Ballistic Bobcat’, ‘APT35’ and ‘Phosphorus’) between March 2021 and June 2022. The campaign affected various organisations in Brazil, Israel and the UAE by exploiting a previously undocumented backdoor. It targeted entities in the education, government and healthcare sectors, as well as human rights activists and journalists (common targets of Charming Kitten). Beyond the use of known Microsoft Exchange server vulnerabilities, ESET researchers noted that cyber attacks were likely opportunistic rather than premeditated (the group used scanning methods to discover vulnerable servers). The use of an indiscriminate scan-and-exploit model during the campaign underscores the potential for the threat group to test new malware abilities prior to using them in targeted cyber operations. Entities operating in the human rights, media, government, healthcare and education sectors will face increased risks stemming from groups like Charming Kitten, particularly those operating in the Middle East region. (Source: Sibylline)
Spectra Group (UK) Ltd
Spectra Group (UK) Ltd, internationally renowned award-winning information security and communications specialist with a proven record of accomplishment.
Spectra is a dynamic, agile and security-accredited organisation that offers secure Hosted and Managed Solutions and Cyber Advisory Services with a track record of delivering on time, to spec and on budget.
With over 15 years of experience in delivering solutions for governments around the globe, elite militaries and private enterprises of all sizes, Spectra’s platinum and gold-level partnerships with third-party vendors ensure the supply of best value leading-edge technology.
Spectra was awarded the prestigious Queen’s Award for Enterprise (Innovation) in 2019 for SlingShot.
In November 2017, Spectra Group (UK) Ltd announced its listing as a Top 100 Government SME Supplier by the UK Crown Commercial Services.
Spectra’s CEO, Simon Davies, was awarded 2017 Businessman of the Year by Battlespace magazine.
Founded in 2002, the Company is based in Hereford, UK and holds ISO 9001:2015, ISO 27001:2013 and Cyber Essentials Plus accreditation.