China Claims Volt Typhoon is a Ransomware Group

It's as believable as a child saying they didn't eat the cookies

I returned from London last week to get punched in the face with pollen in Northern Virginia. While fighting allergies, I also decided to go for extra credit and catch a cold. While I’m on the upswing, if you see my writing trail off, then you know what to blame.

Not to worry, we still have some great stories to cover, including:

  • More GenAI enables disinformation…thanks China.

  • The real identity of Volt Typhoon? Thanks again, China.

  • This week’s notable cyber news.

-Jason

Spotlight
This is Why We Can’t Have Nice Things

The rapid advancement of GenAI capabilities is a mix of excitement, amazement, and a hint of terror, given the nefarious capabilities it unlocks. This week, Microsoft released VASA-1, an AI model that can create an animated video of a person talking or even Mona Lisa rapping (based on an audio track from Anne Hathaway performing on Conan O’Brien), with a single photo and existing audio track. The authenticity of it…well, you just have to see it.

Microsoft also reported that China has been using AI-generated content to further its political agenda. In a long-term campaign to influence the Taiwanese elections, China went all out using GenAI. This included:

  1. AI-generated memes targeting the then-Democratic Progressive Party (DPP) presidential candidate, William Lai

  2. AI-generated fake news anchors that reported false claims of mistresses and illegitimate children tied to Lai.

  3. AI-generated fake audio claiming Lai was an informant in the 1980s.

  4. AI-generated fake audio of the Foxconn owner and Taiwanese election candidate, Terry Gou, endorsing another candidate on election day.

China’s use of GenAI extends beyond just the Taiwanese elections. Microsoft included additional examples, such as:

  1. Claiming a US government “weather weapon” started the Maui wildfires, supported with AI-generated fire images.

  2. Amplifying outrage over Japan’s disposal of nuclear wastewater, including providing GenAI-supported content to social media influencers.

It’s obvious that GenAI will be a key tool for governments to push their agendas or control narratives. But even with all the advancements in GenAI, China still relies on a more primitive approach to dispel the truth…which we’ll cover next.

Deep Dive
Do People Actually Believe This?

Not all disinformation relies on GenAI. Sometimes, good old-fashioned lies do the trick. You have probably heard of the China state-sponsored hacking group Volt Typhoon. Earlier this year, the US DOJ and Lumen, an independent security firm, released details on KV-Botnet. Volt Typhoon hacked home routers to build the botnet, which allowed China to proxy network traffic in attacks against US critical infrastructure.

Then this week, the FBI reported that Volt Typhoon has been hacking into American companies in the telecom, energy, water, and other critical sectors to develop the ability to “physically wreak havoc on our critical infrastructure at the time of its choosing.”

The Chinese tabloid, Global Times, said wait just a minute. In an exclusive report, the tabloid claims that US politicians and intelligence companies created false claims about Volt Typhoon being a China-sponsored actor to hype the “China threat theory” and money. Specifically to gain more funding from Congress and for big security and tech companies to win lucrative government contracts.

To help fuel this obvious attempt at misdirection, China’s National Computer Virus Emergency Response Center, National Engineering Laboratory for Computer Virus Prevention Technology, and 360 Digital Security group reviewed data on Volt Typhoon to ascertain their actual affiliation. Their “findings,” which I’m sure had absolutely no bias and followed only the strictest scientific methods, came to an interesting conclusion.

They concluded that Volt Typhoon was actually…wait for it…a “ransomware cybercriminal organization without state or regional support background.” I’ll let you just mull that over for a second…

…because ransomware groups create sophisticated botnets that compromise home routers and proxy network traffic through them to attack US critical infrastructure…completely logical.

It should go without saying that the claim that Volt Typhoon is tied to a ransomware group is ridiculous. I guess everything you find on the Internet is not valid. What a novel thought.

News
What Else is Happening?

📶 Attackers are bribing T-Mobile and Verizon employees to conduct SIM swaps on their behalf. The going rate? $300 USD. A study from 2020 found that even with security questions in place, mobile carriers routinely would conduct a SIM swap even if questions weren’t answered.

♠️ MGM Resorts sued the FTC to stop its investigation into MGM’s response to the cyber attack that crippled their operations. They requested FTC Chair Lina Khan recuse herself from the case as she was visiting an MGM resort when the attack happened.

📵 The popular MFA and authentication provider, Duo (owned by Cisco), informed customers that their third-party provider used to send SMS MFA codes was compromised. Thankfully, the attackers did not access the message contents, which would have contained the MFA code. Impacted data included the user’s phone number, carrier, country, and state.

🚓 The US Department of Justice charged a 37-year-old Moldovan man for operating a large-scale botnet used to steal credentials, which were used to steal money from victims. Because that wasn’t enough, he also sold access to compromised systems to ransomware groups.

📈 While Palo Alto is dealing with their new critical vulnerability, the Cisco Talos research team warned of a global increase in brute-force attacks against VPNs and SSH services. The scanning is looking for commonly used passwords.

🐡 A Europol-led operation dubbed “PhishOFF” (they really stretched the creativity there) ended in the arrest of 37 people tied to a large Phishing-as-a-Service (PhaaS) operation known as LabHost.

If you enjoyed this, forward it to a fellow cyber nerd.

If you’re that fellow cyber nerd, subscribe here.

See you next week!

Reply

or to participate.