shift change 2024-01-18
Welcome to your shift change, reports from the off-going watch to the oncoming on anything interesting in privacy, security, or intelligence.
1. Microsoft warns: be careful, that journalist could be an Iranian cyber spy trying to infect your network!
If you don’t know who Mint Sandstorm is, or APT 35, or Charming Kitten—they are part of Iran’s Islamic Revolutionary Guard Corps, a quasi-national guard and interior police force that has outsized military and political influence in Iran because religion.
Iran is one of the Big 4 cyber actors (with Russia, China, and North Korea), and Mint Sandstorm has been associated with targeting US critical infrastructure just last year, and targeting Iranian dissidents. Now, Microsoft warns:
“In this campaign, Mint Sandstorm masqueraded as high-profile individuals including as a journalist at a reputable news outlet,” they added.
“In some cases, the threat actor used an email address spoofed to resemble a personal email account belonging to the journalist they sought to impersonate and sent benign emails to targets requesting their input on an article about the Israel-Hamas war.”
Several other cases involved legitimate but compromised email accounts belonging to the people they attempted to impersonate. Some of the initial emails did not carry any malicious content as the hackers sought to develop a relationship with their targets before beginning the espionage process.
Once a target agreed to look at an article or document, the hackers sent a link to a malicious domain that took the victim to a .rar file allegedly containing the documents.
These kinds of tactics “might have played a role in the success of this campaign,” Microsoft noted. In several cases, the hackers dropped custom backdoors onto victim systems allowing them to maintain their access.
The Chinese government compels Chinese companies, like DJI (the market leader in personal and commercial drones) to provide access to data collected by the business for intelligence purposes. So, picture a local gas or electric utility that bought a DJI system to remotely monitor power or gas lines. Make sense right? Easier to toss a drone in the sky, fly it along the line and use the high definition camera to send the image of whatever-is-going-on back to the company than sending a person in a truck. CISA and the FBI warn that trying to keep your lines clear can also give DJI (and through DJI, the Chinese government) a survey of your gas and power lines, courtesy of the same video that you took for benign purposes. It’s free surveillance!
The advisory is short—if you are interested in drones, data security, or critical infrastructure, issues like securing the data at rest, the connection for the data in transit, and who has access to all that will be issues for years to come. If it is convenient now, it is likely a risk always.
3. The Markup’s series “Gentle January” continues with: Ditch Google Maps (they recommend Apple Maps as a less creepy alternative, if you have an iPhone). Apple does have a feature that allows offline map use, but so far that pesky requirement for an Apple product remains.
## The shift change is a collection of timely stories of interest in the security, privacy, and intelligence worlds. Thanks for reading, and feel free to reach out to will@signaltonoise.fyi for any questions, comments, or thoughts on items you’d like to see highlighted.