North Korea semiconductor hacks, ALPHV goes dark, China AI vouchers
North Korea targets semiconductor industry
South Korea’s National Intelligence Service reports that North Korean-linked threat actors breached at least two companies involved in semiconductor manufacturing in the last three months. These attacks stole product design illustrations and site photos. The attackers didn’t attempt to use external malware, instead using a live-off-the-land approach to obtain data. NIS believes North Korean actors performed the attacks as the country prepares to produce its own semiconductors.
(The Record )
ALPHV infrastructure goes dark
The pernicious ransomware group shut down its data leak blog late last week. Bleeping Computer reported its negotiation sites remained up over the weekend, but came down as of March 4th. On the Tox messaging platform the group uses for communication, it posted a message in Russian that translates to “Everything is off, we decide.” An analyst at Recorded Future shared a message that alleges ALPHV banned an affiliate responsible for a ransomware attack on Optum that resulted in a $22 million ransom. This infrastructure shutdown could indicate an exit scam to walk away with those funds, or possibly a rebranding effort by the group.?
China to offer computing vouchers to AI startups
Over a dozen city governments in China, including Shanghai pledged to offer “computing vouchers” to new AI startups, worth up to the equivalent of $280,000. Startups can use these vouchers at data centers to train models and run LLMs. This comes as the US continues to impose sanctions on sales of high-end AI-focused chips to China. The Financial Times’ sources say these sanctions have seen Alibaba, Tencent, and ByteDance limiting the rental of theire Nvidia GPU’s for internal use. Sources say the vouchers could reduce startup computing costs by up to 50% at state-owned data centers.?
Anthropic releases new chatbot models
The AI-startup announced three new models for its Claude chatbot, Opus, Sonnet, and Haiku. Developers can now access the more powerful Opus and Sonnet models, with the light and quick Haiku model available in the next few weeks. Anthropic focused on designing these models to answer with less hallucinations, with the ability to cite sources. The new models will feature image analysis capabilities but not the ability to generate wholly new images from prompts.?
(Bloomberg )
领英推荐
Huge thanks to our sponsor, Conveyor
Researchers create AI worm
A group of Cornell Tech researchers, led by Ben Nassi, claims they created the first worm able to spread across generative AI systems. Dubbed Morris II, the worm successfully attacked generative AI email assistants in test environments to steal data and send spam. The worm used an “adversarial self-replicating prompt,” where the output of a prompt generated a set of further instructions for the model. The researchers did this with both a text-based prompt and one embedded within an image file. The researchers shared findings with OpenAI and Google. The paper detailing the worm says this approach speaks not only to the security measures on LLM models, but a warning about “bad architecture design” across the wider developer ecosystem.?
(Wired )
AMEX cards exposed in breach
American Express filed a data breach notification in Massachusetts that a data breach at a third-party service provider resulted in exposed credit card information. The company was careful to note it was not compromised in an incident. Attackers accessed account numbers, names, and card expiration dates. The company said it would notify impacted card members and customers will not be responsible for fraudulent changes. It’s unclear how many people this breach impacted.?
Modern PLCs pose a security risk
Researchers at the Georgia Institute of Technology published a paper detailing the expanded attack surface posed by modern programmable logic controllers that use web server front-ends. The researchers deployed malware called IronSpider on these PLCs through network access to it’s web-based interface, could survive firmware updates, connect to C2 servers even on a network isolated PLC, and disrupt functionality. IronSpider specifically targeted Wago PLCs, but the researchers found the same approach would work across a variety of vendors.?
Ukraine claims Russian hack
Ukraine’s GUR intelligence unit claims it exfiltrated data as part of a breach on Russia’s Ministry of Defense. It claimed to obtain information on encryption software, troop orders and reports, organizational documents about the ministry, and working documents from the Deputy Minister of Defense. The GUR released screenshots of database queries meant to corroborate its operation. Unlike previous operations by the intelligence unit, the GUR did not claim to destroy any data in these attacks.?