Monthly IntSum - March 2024

Our monthly IntSum report is a compilation of the most important and relevant news stories.

Our team of cybersecurity experts are constantly monitoring the latest threats and vulnerabilities from around the world to provide you with the most up-to-date information.

4th March - 8th March: Researchers demonstrate Morris II worm that exploits generative AI applications

This week, a significant development was reported regarding the creation of a self-replicating worm, named Morris II, capable of extracting sensitive information from emails while spreading malware, spam, and disinformation.

This worm was crafted using an adversarial self-replicating prompt technique, triggering a generative AI model to continuously generate instructions for the worm's operation.

Researchers showcased an exploit targeting the auto-response feature of a generative AI email assistant utilising retrieval-augmented generation (RAG). By injecting malicious prompts into emails, they managed to compromise the AI's safety ruleset, resulting in potential security breaches. Additionally, they embedded such prompts in image files as another method of attack.

The emergence of generative AI worms poses a significant concern for cybersecurity experts, as these tools could become more prevalent in the next few years. Given the increasing integration of AI in workplace applications, such as email assistants, the potential for exploitation of AI-powered functionalities for malicious purposes is worrisome.

Orpheus has observed threat actors leveraging generative AI tools for nefarious activities, including the creation of information stealers and spear-phishing campaigns. As AI technology advances, companies must reassess their risk strategies and policies regarding AI tool usage. Implementing best practices and restricting AI privileges can mitigate the risks associated with their deployment in business operations.

11th March - 15th March: Russia accuses the US and Ukraine of election interference

Recent accusations by Russia's Foreign Intelligence Service (SVR) and Rostelecom, a Russian telecommunication provider, claim interference by the US and Ukraine in the upcoming Russian presidential election scheduled for 15 – 17 March 2024. The SVR accuses the Biden administration of planning to manipulate the remote electronic voting system to impact voter turnout. Rostelecom alleges Ukrainian attempts to disrupt election infrastructure. Meanwhile, Russian IT researchers have identified domains impersonating Russian election services.

Russian President Putin has warned against foreign interference, while the Kremlin denies meddling in the US 2024 elections. Despite no response from the US or Ukrainian governments, past cyber campaigns suggest the accusations may hold weight. Former US officials alleged covert operations authorised by former President Trump, and Meta disrupted a US military-linked influence operation targeting the Middle East and Russia in 2022. The prevalence of influence operations since the 2016 US elections underscores concerns about potential interference in upcoming elections globally, with Meta warning of preparations by Russia and China for 2024 elections in several countries, suggesting a broader trend of strategic influence efforts.

18th March - 22nd March: Russia reportedly deploys data-wiping malware against Ukraine

A new variant of the AcidRain wiper malware, called AcidPour, has emerged, targeting Linux x86 devices after the original version targeted MIPS architectures. This variant, believed to be more potent, poses a heightened risk to additional potential targets. Russian state-sponsored threat actors, linked to Sandworm, have reportedly deployed AcidPour against Ukrainian telecommunications providers, potentially affecting embedded devices like networking, IoT, and storage systems.

These actions coincide with a large-scale missile attack on Ukraine, including strikes on critical infrastructure like the Zaporizhzhia nuclear power plant and hydroelectric dam. These events signal a renewed offensive by Russia, combining kinetic force with cyber tools, as the conflict escalates.

25th March - 29th March: The UK, US, and Finland attribute Chinese-linked APT31 to espionage campaigns

Forensic investigation has linked Chinese nation-state unit APT31 to cyber campaigns targeting multiple countries including the UK, US, and Finland. Finnish authorities, with international collaboration, attributed APT31 to a breach of Finland’s parliament in 2021. During this campaign, APT31 accessed the email accounts of Finnish MPs, exfiltrating confidential information. In a similar incident on March 25, 2024, the UK Deputy Prime Minister accused APT31 of breaching the UK's Electoral Commission in 2021, exposing data of approximately 40 million voters. The US Treasury Department also sanctioned a Wuhan-based company used by the Chinese Ministry of State Security in cyber campaigns targeting US critical national infrastructure (CNI) organisations.

These incidents underscore APT31’s persistent focus on information theft and espionage against governments and CNI organisations. Past incidents include targeting Belgian government officials and organisations, phishing attempts against Belgium MP Samuel Cogolati, and campaigns against industrial organisations in Eastern Europe in 2022. These public attributions follow government advisories highlighting the threat posed by Chinese state adversaries, emphasising the need for enhanced cybersecurity resilience in critical infrastructure.

We are committed to keeping you informed and helping you stay ahead of the ever-evolving cybersecurity landscape.

By subscribing to our newsletter, you can ensure that you stay ahead of the ever-evolving cybersecurity landscape.

You'll receive monthly updates on the latest trends and threats, in-depth analysis and expert commentary. With this information at your fingertips, you can better protect yourself and your organisation from potential cyber-attacks. Subscribe here.

To see the Orpheus platform in action, click here.

We'll be exhibiting at UK Cyber Week!

Visit us at Stand E6-3 to discover how Orpheus specialises in providing comprehensive solutions for proactive cyber threat mitigation and also meet some of the Orpheus team.

Get your ticket here.