Start your day with intelligence. Get The OODA Daily Pulse.

Home > OODA Analysis and Briefs

Analysis

  • Imperfect System = Tortured Solutions

    Much rending of hair and gnashing of teeth has been taking place since a leak in the New York Times revealed the existence of a Presidentially authorized secret program to intercept and exploit the communications of suspected terrorists that might be operating in the US. Under a presidential order signed in 2002, [NSA] has monitored…

  • Hezbollah.com

    Via Judeoscope: [Hezbollah] — regarded by many as even more sophisticated than al-Qaeda — has sharpened its counterintelligence expertise over the years by keeping a step ahead of Mossad, Israel’s secret service. [They have] become ever more adept at intercepting electronic surveillance, penetrating cellphone networks and recruiting computer science technicians. “Hezbollah has a long history…

  • Unrestricted Warfare

    The following selections are taken from “Unrestricted Warfare,” a book published in China in February 1999 which proposes tactics for developing countries, in particular China, to compensate for their military inferiority vis-à-vis the United States during a high-tech war. The selections include the table of contents, preface, afterword, and biographical information about the authors printed…

Briefs

  • Infamous Lazarus hacking group targeting Mac users with fake job listings

    Infamous North Korean hacking group Lazarus is attempting to target Apple Inc. Mac users via fake job offers. Detailed Aug. 16 by security researchers at ESET s.r.o on Twitter, the new Lazarus campaign involves phony emails impersonating Coinbase Inc. developer job listings. The fake job emails include an attachment containing malicious files that can compromise both…

  • Is Mainstream Adoption of Cryptocurrencies Imminent?

    On Wednesday, March 9, President Joe Biden released an executive order regarding cryptocurrency and how his administration intends to approach the rapidly growing industry in 2022. However, after the release of this executive order, the question remains: Is mainstream adoption of cryptocurrency imminent in the U.S.? It’s evident that Joe Biden and his administration are…

  • Google Patches Chrome’s Fifth Zero-Day of the Year

    Google has patched an insufficient validation input flaw along with 11 other security vulnerabilities. The flaw allows for arbitrary code execution and is currently under active attack, according to Google. This marks the fifth zero-day vulnerability discovered and subsequently patched in Chrome this year. The patch was released on Wednesday of this week in a…

  • Hackers Deploy Bumblebee Loader to Breach Target Networks

    Threat actors associated with the malwares IcedID, TrickBot, and BazarLoader are increasingly turning to the malware Bumblebee to breach target networks, researchers say. The network breaches are followed by post-exploitation activities that aim to collect sensitive information. On Thursday, Cybereason published an advisory about the malware Bumblebee detailing the nature of the tool and the…

  • ATMZOW JS Sniffer Campaign Linked to Hancitor Malware

    Security researchers at Group-IB have made a connection between the ATMZOW JS Sniffer campaign and the Hancitor malware downloader, claiming that the same malicious actors may be behind both threats. The connection was made earlier this week after analyzing roughly 483 websites spanning four continents that had been successfully infected by ATMZOW since 2019. Group-IB…

  • Indian company to develop Nepal hydropower plant left by China

    Nepal signed a pact with an Indian company to develop a hydroelectric power plant in the west of the country after a Chinese firm backed out years ago. Nepal’s rivers have the potential to generate over 42,000 megawatts of hydroelectric power and they have now been opened to foreign players to develop its economy and…

  • Civilians killed in northern Syria marketplace missile attack

    At least 14 civilians were killed in a rocket attack in the town of al-Bab in northern Syria. Dozens others were injured according to the opposition’s Syrian Civil Defense. The town is held by Turkey-backed opposition fighters and the attack came days after an air attack killed Syrian troops and United States- backed Kurdish fighters…

  • Billionaire Xiao Jianhua jailed for 13 years in China

    A court in Shanghai charged a Chinese-Canadian billionaire, Xiao Jianhua, and his company with embezzlement and bribery. His company, Tomorrow Holdings, was fined over $8 billion and Xiao was sentenced to 13 years in prison.  Xiao and Tomorrow Holdings were found guilty of absorbing public deposits, illegal use of funds, and breaching trust in the…

  • North Korea rejects South’s aid offer, calls President Yoon ‘really simple’

    The state media in North Korea reported on Friday that North Korea has rejected South Korea’s offer of economic support in exchange for denuclearization. Kim Yo Jong, a top official in North Korea criticized the offer. President of South Korea Yoon Suk Yeol has raised the idea of the economic cooperation deal since his inauguration…

  • Hack-Prone Blockchain Bridges Expose DeFi’s Achilles Heel

    If 2018 was the Year of the Hack for centralized crypto exchanges, decentralized blockchain bridges seem destined to win that honor this year. Over $1.9 billion was stolen in cross-chain hacks in the first half of 2022, according to a new blog post by crypto analytic firm Chainalysis. Cross-chain bridges have come under fire in recent weeks…

  • How to Trade on sudoswap, the NFT Market’s Answer to Uniswap

    sudoswap is making NFT trading even easier. Launched in May 2022, sudoswap is crypto’s first NFT automated market maker. The Ethereum-based platform functions similarly to Uniswap, letting users trustlessly trade assets through user-funded liquidity pools. However, instead of trading between two fungible tokens, sudoswap users can trade between NFTs and ETH. At first glance, it might be…

  • In Crypto, Base Layer Security Isn’t Enough

    Earlier this week a new type of stablecoin (aUSD), built on a platform (Acala), which itself was built on a blockchain (Polkadot), fell from its $1 peg to $0.009 (which rounds to zero as far as I’m concerned), following an attack on one of the platform’s liquidity pools. If the words following “attack on” seem…

  • deBridge Finance crypto platform targeted by Lazarus hackers

    Hackers suspected to be from the North Korean Lazarus group tried their luck at stealing cryptocurrency from deBridge Finance, a cross-chain protocol that enables the decentralized transfer of assets between various blockchains. The threat actor used a phishing email to trick company employees into launching malware that collected various information from Windows systems and allowed the…

  • Study: Insider trading occurs in 10% to 25% of cryptocurrency listings

    According to a recent study conducted by the University of Technology Sydney, researchers estimated that insider trading occurs in 10% to 25% of cryptocurrency listings. In deriving the conclusion, researchers first sampled 146 token listing announcements on cryptocurrency exchange Coinbase between September 25, 2018, and May 1, 2022. Afterward, researchers examined the price movements of the…

  • ‘Operation Sugarush’ Mounts Concerning Spy Effort on Shipping, Healthcare Industries

    Researchers at Mandiant have identified a Persian-speaking threat group targeting a range of industries such as healthcare and energy. However, the group appears to have a specific focus on the shipping sector. Mandiant has named the group UNC3890. The threat group uses email social-engineering lures and a watering hole hosted on the login page of…

  • APT Lazarus Targets Engineers with macOS Malware

    North Korean advanced persistent threat actor Lazarus is leveraging the current popularity of the blockchain and cryptocurrency industry to target organizations and individuals running Apple and Intel-based systems. The cyber espionage campaign recently identified consists of Lazarus deploying fake job postings for Coinbase. The job posting contains a malicious Mac executable and was identified by…

  • RubyGems Mandates MFA for Top-100 Package Maintainers

    RubyGems, the official package manager for the Ruby programming language, has announced that it will mandate multi-factor authentication to boost security on the top 100 RubyGems packages. The announcement was released on Monday. Owners of gems with over 180 million downloads will be required to enroll in multi-factor authentication. This protects the package itself from…

  • Deadly blast rips through crowded Kabul mosque

    An explosion ripped through a crowded mosque in the capital of Afghanistan, Kabul, killing 21 people and injuring 33. The blast occurred Wednesday evening during evening prayers. The mosque’s imam AMir Muhammad Kabuli is among the people who were killed by the explosion.  It is unclear who executed the attack. The attack occurred one week…

  • Threat Group Ramps-Up Attacks on Travel Sector in 2022

    Researchers have identified new details regarding a prolific threat group that has deployed 15 malware families over the past four years. The group, TA558, is financially motivated and mainly targets organizations in Latin and North America. The group switches between English, Spanish, and Portuguese when it conducts its attacks, according to Proofpoint. The group typically…

  • US and Taiwan agree to start talks on a trade and investment pact

    According to statements released by Washington and Taipei, the United States and Taiwan have agreed to launch negotiations on a new investment and trade pact. The US-Taiwan Initiative of the 21st Century Trade was unveiled in June after US President Joe Biden excluded Taiwan from the Indo-Pacific Economic Framework.  The negotiations will cover 11 topics…

  • TINA Issues Warning Letters to Celeb NFT Endorsers

    From Eminem to Snoop Dog, Tony Hawk to Lionel Messi, William Shatner to Brie Larson, music, sports, and Hollywood celebrities have eagerly jumped on the NFT (non-fungible token) bandwagon. Whether launching their own collections, purchasing an expensive profile pic, or simply endorsing new artists, celebrities have embraced blockchain technology and have been extolling the virtues…

  • This new Wi-Fi 6e mesh router uses the blockchain to secure your passwords

    While most of the best Wi-Fi 6 routers have built-in security, Gryphon’s new Wi-Fi 6E router is one of just a few that will use Blockchain for this purpose; through a project called MetaSafe, it will protect passwords and other valuable information. Although a single Gryphon 6E can provide a strong Wi-Fi signal to a 3,000…

  • Forrester Report Cautions About Web3 Security

    The next generation web — Web3 — has been hailed as more secure than the current incarnation of cyberspace, but a report released Tuesday warns that may not be so. While Web3 may be difficult to subvert on an infrastructure level, there are other points of attack that may offer threat actors more opportunity for mischief…

  • Losses from crypto hacks surged 60% to $1.9 billion in Jan-July: Chainalysis

    Losses arising from cryptocurrency hacks jumped nearly 60% in the first seven months of the year to $1.9 billion, propelled by a surge in funds stolen from decentralized finance (DeFi) protocols, according to a blog post from blockchain analysis firm Chainalysis released on Tuesday. In the same period last year, stolen funds from hacking amounted…

  • Federal Reserve issues guidance for banks considering crypto activities

    The U.S. Federal Reserve on Tuesday issued additional guidance for banks considering activities involving cryptocurrencies, emphasizing that firms must notify the Fed beforehand and make sure whatever they do is legally permitted. The Fed said in a statement that while cryptocurrencies could present “potential opportunities” to banks, firms needed to make sure they had systems in…

  • U.K. Water Supplier Hit with Clop Ransomware Attack

    A UK water supplier has suffered from a ransomware attack that disrupted corporate IT systems. The attackers misidentified the victim in a post on its website containing leaked stolen data, however, the water supplier confirmed the cyberattack. Thankfully, the organization’s water supply was not impacted. The Clop ransomware group claimed that the attack occurred against…

  • Healthcare Provider Issues Warning After Tracking Pixels Leak Patient Data

    Novant Health, a US healthcare provider, has notified patients that their personal information may have been leaked via a tracking tool that has been linked to Facebook. The company announced the data breach in a blog post published last Friday. The organization also apologized for the concern caused to its patients. It is unclear how…

  • Two Additional Malicious Python Libraries Found on PyPI Repository

    Security researchers at Kaspersky have identified two more malicious Python packages in the Python Package Index repository. This occurred just days after Check Point researchers found 10 malicious Python packages. Kaspersky has released a blog post detailing the additional packages, both of which were masquerading as popular open-source packages. The attacker used a description of…

  • FBI, CISA warn over ransomware gang that can make million dollar demands

    Earlier this week, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a report detailing the tactics of the ransomware group referred to as Zeppelin. The group has been targeting organizations in the US and Europe, often issuing massive ransomware demands once they have compromised an organization’s network.…

  • Cuba bids for foreign investment to tackle goods shortages

    Cuba will allow foreign investors to invest in its wholesale and retail trade for the first time in 60 years. This move overturns a 1960s Fidel Castro policy  of nationalizing retail. Cuba is facing its most severe economic crisis in decades causing rising prices and increasing public discontent.  The change in foreign investment policy is…

  • North Korea fires two cruise missiles toward sea off its west coast, South Korean officials say

    On Wednesday morning, North Korea fired two cruise missiles off its west coast from the coastal town of Onchon. Military  officials from South Korea and the United States were analyzing the launch for further details.  After the launch, South Korea’s national security adviser held a meeting to assess the security situation and examine the South…

  • Cross-chains in the crosshairs: Hacks call for better defense mechanisms

    2022 has been a lucrative year for hackers preying on the nascent Web3 and decentralized finance (DeFi) spaces, with more than $2 billion worth of cryptocurrency fleeced in several high-profile hacks to date. Cross-chain protocols have been particularly hard hit, with Axie Infinity’s $650 million Ronin Bridge hack accounting for a significant portion of stolen…

  • Crypto Mixing Service Caught Up in Storm of Controversy

    Earlier this year, Roman Semenov, co-founder Tornado Cash, a mixing service for cryptocurrencies, said that it would be “technically impossible” for sanctions to be enforced against decentralized protocols. “All we do is write code and publish it on GitHub,” Semenov told Bloomberg, referring to the internet hosting service. “This is pretty close to the definition of…

  • Monero hard fork makes hackers’ favorite coin even more private

    Monero, the privacy-oriented decentralized cryptocurrency project, underwent a planned hard fork event on Saturday, introducing new features to boost its privacy and security. The network upgrade was delayed from July 13, when it was first planned for release, due to multi-sig security fixes, critical security patches, and more time needed to resolve hardware wallet incompatibility issues. Completed…

  • Crypto scams have declined, but hackers remain resilient in bearish markets

    When it comes to crime, illicit activity is still abundant regardless of crypto volatility, according to a new Chainalysis report. “Cryptocurrency transaction volumes this year for both illicit and legitimate entities are tracking behind 2021 through July,” the report stated. “Overall, criminal activity appears to be more resilient in the face of price declines: Illicit volumes…

  • Three Arrows Capital blew through billions with risky cryptocurrency bets

    The now bankrupt Three Arrows Capital (3AC) presented signs of mismanagement before the cryptocurrency hedge fund’s ultimate collapse. A report from New York Magazine reveals that 3AC co-founders Kyle Davies and Su Zhu faced criticism from banks and other traders before the company even entered the crypto market. In its early days, the Singapore-based 3AC got…

  • Xiaomi Phone Bug Allowed Payment Forgery

    In a report published released last week at the annual DEF CON conference in Las Vegas, Check Point researchers revealed that a flaw in the smartphone maker Xiaomi could lead to mobile transactions being disabled, created, and signed by attackers. Xiaomi is the world’s third largest phone maker. The company has since patched the vulnerability,…

  • Luckymouse Uses Compromised MiMi Chat App to Target Windows and Linux Systems

    Threat actor Luckymouse has reportedly used a trojanized version of the cross-platform messaging app MiMi to install backdoors on Windows, macOS, and Linux operating systems. The group is also identified as Emissary Panda, APT27, and Bronze Union. The news was reported by Trend Micro. According to the report, Luckymouse modifies installer files and uses the…

  • Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium

    Microsoft has announced that it disrupted a Russian-state backed threat group that is believed to have run espionage campaigns against several different NATO countries. According to the tech giant, the prolific hacking group that is identified by the name “Seaborgium” focuses most of its attacks on entities located in the US and UK. In addition,…

  • Last French troops leave Mali, ending nine-year deployment

    France has announced that its final troops have left Mali, completing a withdrawal after a nine-year operation in the country. The operation was at the center of the Sahel region’s security crisis. On Monday, the French army said it had completed the logistical challenges of the pullout and it was completed in an orderly and…

  • Russia blames sabotage for new Crimea blasts

    A week after a Ukrainian attack on a Russian military base in Crimea, a series of explosions hit an arms store on another depot. Russian officials first said a fire caused the blasts in the Dzhankoi area, but then blamed sabotage.  A separate fire broke out at a power substation and a railway  was damaged.…

  • Chinese research ship Yuan Wang 5 docks at Sri Lanka’s Hambantota port

    Despite security concerns by India about the vessel’s presence, a Chinese research ship docked at a southern Sri Lankan port. The port workers at Hambantota gave the Tuan Wang 5 an enthusiastic welcome. The ship’s arrival has created tensions between New Delhi and Beijing.  New Delhi and Beijing have both  spent billions of dollars on…

  • How Blockchain is Disrupting Secure Messaging

    Blockchain is evolving into a new foundation for the internet. What began as a closed web is transitioning into an open source system driven by decentralized systems. Every sector is now adopting this technology to better serve its customers. Social communication, in particular, is seeing a lot of promise from blockchain solutions. Popular messaging apps…

  • Trust, transparency and reliability are keys to Web3 success

    Web3 is on the horizon and will likely have a large effect on the cybersecurity field. But what exactly is it — and what are the implications of this latest iteration of the internet for organizations? It’s perhaps easiest to describe Web3 by contrasting it with its predecessors, Web 1.0 and Web 2.0. Web 1.0 refers to…

  • Network and token freeze after Acala exploit raises questions

    The Acala Network’s aUSD stablecoin depegged by over 99% over the weekend and forced the Acala team to pause a hacker’s wallet, raising concerns about its claim of being decentralized. On Sunday, a hacker took advantage of a bug on the iBTC/aUSD liquidity pool which resulted in 1.2 billion aUSD being minted without collateral. This…

  • What the Inflation Reduction Act Means for Cryptocurrency Regulation

    For the crypto industry, many are looking for 2022 to be the year of comprehensive regulatory and legislative clarity regarding crypto assets for the United States. Indeed, President Biden’s Executive Order earlier this year actually mandated and directed federal agencies to provide this kind of clear, ordered, and meaningful guidance. We’ve seen in the past that…

  • BlueBenx fires employees, halts funds withdrawal citing $32M hack

    BlueBenx, a Brazilian crypto lending platform, reportedly blocked all of its 22,000 users from withdrawing their funds following an alleged hack that drained $32 million (or 160 million Brazilian real). While no details about the hack were made available, the company allegedly laid off most of its employees. BlueBenx joins the growing list of crypto companies…

  • Taliban celebrates ‘victory day’, as Afghans face economic crisis

    The Taliban has marked the first year anniversary  of its return to power in Afghanistan. Taliban members celebrated the “day of victory” in the capital, Kabul. The group captured Kabul in a lightning offensive against government forces as US-led troops were leaving the country after two decades of intervention.  Exactly one year ago, on August…

  • Ukraine hits Russian Wagner mercenary HQ in east

    A headquarters of the Russian Wagner paramilitary group of mercenaries has been hit by Ukrainian artillery in eastern Ukraine. Serhiy Hayday, Ukrainian governor of the Luhansk region, announced the attack in Popasna, however the details remain unclear, along with the number of casualties.  Wagner was deployed to Crimea and the Donbas region in 2014 in…

  • Raila Odinga and William Ruto await verdict in Kenya election

    The much-awaited presidential election in Kenya will have the results revealed shortly according to the electoral body. The electoral body are preparing for the declaration in the national tallying center in Nairobi.  In the latest count, Deputy President William Ruto has a narrow lead over ex-Prime Minister Raila Odinga. The final results are expected to…

  • Critical Infrastructure at Risk as Thousands of VNC Instances Exposed

    Security researchers have warned that several global organizations are vulnerable to remote compromise due to exposed Virtual Network Computing (VNC) instances. Security researchers at Cyble reported that more than 8,000 VNC instances are vulnerable to attack. The majority of the instances are managed by critical infrastructure organizations located across the world. This includes crucial facilities…

  • Suspected developer of crypto mixer Tornado Cash arrested

    The Dutch government agency responsible for investigating financial crimes said it has arrested an individual suspected of being a developer of the U.S.-sanctioned crypto mixing service Tornado Cash in a move that has rattled some crypto and privacy advocates. The Fiscal Information and Investigation Service said Friday that the arrested 29-year-old man is suspected to be…

  • Let Ugly Ducklings Grow: Why Crypto Needs a Safe Harbor

    Asked for his views on cryptocurrencies, Securities and Exchange Commission Chairman Gary Gensler likes to quote the poet James Whitcomb Riley, who wrote, “When I see a bird that walks like a duck and swims like a duck and quacks like a duck, I call that bird a duck.” The point of Gensler’s “duck test”…

  • Following Solana Wallet Hacks, Polkadot Ambassador And Hiro CTO Call For Action To Keep DeFi Safe

    Last week, millions of dollars were hacked from Solana’s ecosystem. While its blockchain wasn’t hacked directly, hackers were able to drain funds from Solana wallets. It’s still unclear exactly how the hackers were able to access the funds, but it appears that they were able to do so by uncovering users’ private keys. Private keys…

  • North Korean Cryptocurrency Hacking Poised to Get Even Worse

    Widening mainstream acceptance of cryptocurrency will intensify state-sponsored cybertheft by North Korea, potentially adding to the hereditary despotic monarchy’s billions of funds stolen through hacking, participants in a Washington think tank panel said. North Korean-controlled cybercrime groups have stolen more than $2 billion. Pyongyang has recently turned to cryptocurrency theft, including a more than $600 million…

  • Open source software is needed to prevent future crypto hacks, Polygon CISO says

    The pace of crypto hacks hasn’t slowed in the dog days of summer, with tens of millions of dollars stolen in August alone. As the crypto community carries on in the wake of the expensive exploits, many web3 users are biting their tongue waiting for the next big one to strike. On August 1, Nomad,…

  • Starlink Successfully Hacked Using $25 Modchip

    Earlier this week at the Black Hat security conference, Belgian researcher Lennert Wouters revealed how he can mount a successful fault injection attack on a terminal for SpaceX’s satellite-based internet system. The successful hack was conducted using a homemade circuit board that Wouters claims cost roughly $25 to develop. The satellite dish used to access…

  • Recovery From NHS Ransomware Attack May Take a Month

    Last week, a key NHS IT partner suffered from a ransomware attack that could take up to a month to recover from. The company, Advanced, operates several key systems for the health service. This includes clinical patient management and financial software. One of Advanced’s key healthcare clients is NHS 111, which is a phone and…

  • UK recession looms as households feel pain of soaring energy bills

    The economy in the UK may be starting to shrink and a new forecast is suggesting that the average annual energy bills could be as high as the equivalent of $6,000 next year. The country’s GDP dropped by 0.1% in the second quarter of this year and analysts believe the recession forecast by the Bank…

  • Germany suspends military mission in Mali amid diplomatic tension

    The local military-led government of Mali refused to give a United Nations peacekeeping mission fly-over rights on Friday. After this move, Germany has suspended most of its operations in the country until further notice. The operations included those of the reconnaissance forces and CH-53 transport flights.  Germany was prepared to participate in an international peacekeeping…