Menu Close

Cyber Newsletter (#6) – February 2024

How chatbots have been utilised by the cybercrime industry
United States

DarkGPT, EscapeGPT, WormGPT, DarkBARD … these are all generative AI chatbots developed by cybercriminals specifically to be able to code computer viruses, write phishing e-mails, build fake websites or scan a site’s computer vulnerabilities. 

team from Indiana University identified 212 malicious LLM applications (malla) that are sold for between 4.60 and 184 euros and are effective for most of them. 

Cybercriminals have either used open source models that they have specialized to carry out malicious tasks, or commercial models that they have managed to circumvent using “jailbreak”. 

The researchers are calling for the creation of a “Malla” observatory to track the evolution of such practices. They also call for restrictions on existing models to be increased, to make it more difficult to circumvent them.

Fake data leak created by generative AI

On a specialized forum, a hacker claimed to have stolen personal data from no less than 48 million Europcar customers and wanted to sell it to the highest bidder. Except… the data seems to be completely invented, certainly created with ChatGPT (or equivalent). On checking the sample data, Europcar found that “the number of records was completely wrong and inconsistent” since “addresses don’t exist, zip codes don’t match, first and last names don’t match e-mail addresses” among other things. “Above all, none of these e-mail addresses are present in our customer database”, says the company spokesperson. 

This case shows how hackers will be able to claim false data leaks to ransom companies, a technique facilitated by the use of generative AI tools.

Le groupe de hackers LockBit a été démantelé par Interpol

Lockbit infrastructure seized in global police operation

An extensive international police operation, codenamed “Operation Cronos”,  was recently orchestrated by eleven authorities to seize Lockbits technical infrastructure. Including Europol, the CIA, and the NCA, authorities targeted the hacking group and successfully seized 34 servers across 8 countries and authorities froze 200 cryptocurrency wallets associated with the group. Moreover, two of LockBit’s members have been apprehended in Poland and Ukraine.

As a result of the operation, LockBit’s public websites now prominently display a message from the authorities, assuring victims that decryption keys for their data will be made available. While this seizure deals a severe blow to LockBit’s operations, experts caution that it may not spell the end of the group’s presence in the cybercrime arena.

LockBit has been responsible for orchestrating thousands of attacks, including 1,700 in the US since 2019, amassing a staggering $91 million in ransom payments. Europol has branded LockBit as the most “prolific and dangerous group in the world”, attributing much of their success to their “ransomware as a service” model.

India approves massive $15 billion investment in 3 semiconductor plants

The Indian Cabinet has signed off on a plan to invest $15 billion in its semiconductor industry through the creation of 3 semiconductor plants, alongside another plan by the Tata Group to build India’s first chip factory. This comes amidst a recent earnings call by semiconductor giant Nvidia, which declared record profits and continues to dominate the industry. Countries continue to invest in their native industries to join the accelerating chip production race.

These units, slated to commence construction within the next 100 days, will be a part of the ‘Development of Semiconductors and Display Manufacturing Ecosystems in India’ initiative, launched in December 2021. The fund has already helped US memory maker Micron establish a $2.75 billion assembly facility in Gujarat.

France accuses Russia of 'online interference' over Star of David graffiti  in Paris

Star of David affair: Russian disinformation campaign targets multiple European countries
Russia, France

In late October 2023, Star of David symbols were discovered on numerous walls throughout Paris and its surrounding suburbs. The subsequent arrest of a Moldovan couple prompted speculation regarding a potential effort to manipulate French public opinion, coinciding closely with the outbreak of hostilities between Israel and Hamas.

Following thorough investigation, it was revealed that this manipulation campaign, which also involved the widespread sharing of Star of David photos on social media platforms, was orchestrated by the FSB (Federal Security Service of the Russian Federation). Moreover, it was part of a broader disinformation initiative aimed at various European nations. According to French authorities, the primary objective was to sow discord among the populace and destabilize European governments.

The campaign commenced in Poland during the spring of the same year, marked by the extensive dissemination of anti-NATO propaganda. Pro-Russian sentiments and anti-NATO demonstrations also occurred in Spain, Latvia, Romania, Austria, and Germany, as part of the orchestrated effort to undermine European unity and foster division across the continent.

Russia-aligned Winter Vivern is targeting Polish, Ukrainian, and Georgian organizations for cyberespionage
Russia, Belarus

Russia and Belarus-aligned threat actors known as Winter Vivern (or TAG-70), they have carried out a large-scale espionage campaign exploiting cross-site scripting vulnerabilities in Roundcube webmail servers to target over 80 organizations in Georgia, Poland, and Ukraine, as well as Iran’s embassy in Russia and the Netherlands or the Georgian Embassy in Sweden. 

The campaign aimed to gather intelligence on European states’ political and military activities, Iran’s stance on Russia’s involvement in Ukraine, as well as Georgia’s EU and NATO aspirations.

teiss - News - Major data breach at iSoon exposes China's espionage  operations

Data leak exposes Chinese tech company and State collusion

recent data leak has exposed the involvement of the Chinese tech security firm, I-Soon, in espionage data breaches targeting foreign governments, NATO, democracy groups in Hong Kong, and universities, including Sciences Po Paris. 

In a bid to secure contracts in Xinjiang—where China faces serious allegations of human rights abuses against the Uyghur population—the leaked documents also revealed that I-Soon marketed its services by boasting about past counterterrorism work. The company showcased its ability to target counterterrorism centers in Pakistan and Afghanistan as evidence of its capabilities in this domain. 

The leak, though its authenticity is under scrutiny, sheds light on the urgent need for enhanced cybersecurity measures amid persistent state-sponsored cyber threats.

ChatGPT violated European privacy law according to Italian privacy watchdog
Italy, World

Italian regulators said they told OpenAI that its ChatGPT artificial intelligence chatbot has violated European Union’s stringent data privacy rules. The country’s data protection authority, known as Garante, said Monday that it notified San Francisco-based OpenAI of breaches of the EU rules, known as General Data Protection Regulation.

The watchdog started investigating ChatGPT last year, when it temporarily banned within Italy the chatbot that can produce text, images and sound in response to users’ questions. Based on the results of its “fact-finding activity,” the watchdog said it “concluded that the available evidence pointed to the existence of breaches of the provisions” in the EU privacy rules.

New PickAxe malware steals biometric data from Vietnamese users to authorize illicit transfers

Chinese-speaking hacker group GoldFactory has been targeting Vietnamese and Thai users with a sophisticated mobile banking Trojan GoldPickaxe. Among other features, this malware collect facial recognition data to perform face-swapping with the help of AI and bypass biometric security measures for banking transaction approval. For iOS malware distribution, it uses Apple’s legitimate TestFlight and Mobile Device Management profiles. Another malware from the group, GoldDigger, targets more than 50 Vietnamese banking apps.”

Illustration shows miniature of robot and toy hand

Japan joins global AI regulation race with comprehensive 2024 legislative push

The Liberal Democratic Party of Japan plans to introduce new legislation aimed at regulating generative AI technologies in 2024. This is a part of a wider effort to tackle the challenges and opportunities presented by emerging technologies. The legislative campaign comes amidst an economic downturn in Japan, and Tokyo may see regulation as a way to promote innovation and growth. 

Earlier in the year, guidelines for AI firms were proposed, which emphasized transparency efforts such as training data disclosure. Similar initiatives have been taken internationally, such as the adoption of the EU AI Act, and efforts in the US and China.