Summary:
The US Justice Department and FBI carried out an operation to reprogram devices that were running hacked software from the Chinese group Volt Typhoon. The software had been detected several months prior, and its exact purpose was not known, but it seemed to have an affinity for critical infrastructure sites, such as ISPs. Fearing that it might establish a botnet to create command and control capability that could disable critical services in a time of conflict, US law enforcement identified and deleted the malicious software from affected sites.

Summary:
The Volt Typhoon software, which may have formed a large botnet residing in sites that are part of US and European critical infrastructure, was disabled recently, as noted above, but it had probably been growing, undetected, for several years. CISA Director Jenn Easterly and FBI Director Christopher Wray testified to Congress about the intrusion and said that "that Chinese hackers could disrupt Americans' way of life."

Summary:
Chinese hacking is a sophisticated business with a wide reach in the US and many other places. Volt Typhoon is one of many services contracted by the Chinese government. FBI Direction Christopher Wray is quoted as saying: "In fact, if you took every single one of the F.B.I.'s cyberagents and intelligence analysts and focused them exclusively on the China threat, China's hackers would still outnumber F.B.I. cyberpersonnel by at least 50 to one." This has happened despite a decade of effort by the US to derail the activity. One result has been the diversification of the hacker companies as they find the Chinese government to be an unreliable source of income. Seeking new revenue sources, they turn to cybercrime, creating an expanding sphere of disruption.

Summary:
People who are known to have been involved with commercial spyware for "misuse" may be subject to visa restrictions under a new US policy. The new policy is meant to crackdown on spyware, such as Pegasus and Predator, that has been used to "target" journalists, activists, etc. The misuse involves monitoring the activities and communications of individuals for the purpose of thwarting or harming them. The announcement did not identify any specific people who might have their visas "restricted."

Summary:
In a first for the US Treasury Department, it issued ban against a spyware manufacturer, Intellexa. Anyone, in the US or outside, who transacts with Intellexa, its founder, or its 4 subsidiaries is prohibited from from doing business with the US. A similar spyware company, the NSO Group, had previously been subjected to additional regulations, but not sanctioned.

Intellexa make Predator, a piece of spyware that turns a victims phone into a surveillance device reporting to an operator. It has been used against two active members of the US Congress.

Summary:
There are rewards available for information about the leaders of a ransomware group that has targeted hospitals and related service. A cybercriminal group known as "Hive" has used ransomware to extort over one billion dollars from service providers in the healthcare industry. The FBI said that it had gained access to the group's computer systems for several months, and during that time it "managed to prevent $130 million in ransom payments from victims."

That was not enough to shut down the group, and the US State Department will pay $10M USD for information about their leaders and $5M USD for information that leads to arrests or convictions. There are bounties available for information about other cybercriminals as part of this program.

Summary:
Anyone's router might have been cleansed of Russian malware in an operation conducted by the FBI. The specific software identified as "Moobot" was created by the GRU (foreign military intelligence agency of the General Staff of the Armed Forces of the Russian Federation). It is said to be involved in global espionage, particularly spearfishing directed at US officials. After obtaining a court order, the FBI removed the software from routers located many homes and small businesses.

This story might be easily confused with the reports of eliminating Chinese software from critical infrastructure components (as report above), but it seems to be an entirely separate operation.

Summary:
Authorities in the US and Europe coordinated their efforts to effectively end the command and control servers for the notorious LockBit ransomware operation. This resulted in the seizure of ransomware assets and indictments against several individuals. The LockBit server(s) now display a takedown announcement and links to helpful information for avoiding victimization. The TechCrunch article quotes Allan Liska, a ransomware expert and threat intelligence analyst at Recorded Future, as saying that this action "is absolutely the end of the LockBit operation in its current form."

Summary:
This is a research paper about an interesting flaw in the secure version of the Domain Name System (DNSSEC). The primary function of DNSSEC is to provide the resources for storing certificates for the DNS hierarchy and for performing verification of data lookups. The public key operations are time-consuming, but there are resolvers capable of handling the load, which is distributed through the hierarchy.

The problem is that in the usual implementations, the validation for a lookup is done in one thread, and that can be tied up for a very long time by a lookup for a domain that has a malicious construction. Thus, a server can be overwhelmed by an small number of lookups that require a huge amount of computation. The fact that the computation is so great arises from a requirement to try all keys in the domain before returning a failure message. The researchers found that some lookups can result in trying n^2 public key operations where n is the number of keys. A malicious domain could have many keys and improperly signed data. The researchers call this an "algorithm attack" that results in resource exhaustion.

Summary:
Change Healthcare provides technology for handling United Healthcare's insurance claims, and they were severely compromised by a likely ransomware attack on February 21. That has led to frantic attempts to get necessary medication, to clarify insurance status, and to get payments to health care providers. The company said that they could not bring all systems back online until they could be sure that they had eliminated the malware. In the meantime, everyone dependent on United Healthcare insurance scrambled to find ways to get prescription drugs and payment in a chaotic void.

According to NBC news, experts at the cybersecurity companies Recorded Future and Tenable identified a bitcoin wallet that received a payment of more than $22 million last Friday. The wallet belonged to the hacker group Alphv. Wired magazine reported on the incident and the argument between AlphV and a hacker group that claimed they were owed money for helping to carry out the attack.

Summary:
Microsoft corporate email systems were infiltrated in January, the problem was detected, but apparently the lurkers were not fully repelled. In a recent SEC filing the company said that some of their software source code was probably accessed using credentials revealed in company email. The email attack was based on flaws in Solar Winds email systems, but those were believed to have been fixed in 2020.

Summary:
China makes a lot of the equipment for unloading ships at ports around the world, the ZPMC-made giant cranes for lifting containers are ubiquitous. As more and more automation goes into heavy equipment, the number of electronic components increases. However, when someone pointed out that these particular cranes came with cellular modems, questions ensued. Why does a cargo crane need world-wide communication capabilities? Perhaps because the Chinese government wants to base a secret communication network at ports around the world and then to use it to impede port operations during times of tension. The US government believes that it is important to eliminate Chinese cranes at US ports, and several initiatives are planned to make that possible.

Summary:
Instead of buying cargo cranes from China, the US plans to buy them from the U.S. subsidiary of Japanese company Mitsui. The company will get an investment of over $20 billion over the next five years, according to the WSJ. The $1 trillion bipartisan infrastructure bill passed by Congress in 2021 will be tapped for this investment.

Summary:
Congress has sent a letter to the Chinese company ZPMC asking why cellular modems were installed on cranes in US ports. There was no contractual agreement about this equipment that appears to allow remote monitoring and control.

Summary: