Category Archives: Department of Defense

Microsoft Reveals Continued Hacks of Technology Companies

Posted on by

The Russia-linked hackers behind last year’s compromise of a wide swath of the U.S. government and scores of private companies, including SolarWinds Corp. , have stepped up their attacks in recent months, breaking into technology companies in an effort to steal sensitive information, cybersecurity experts said.

In a campaign that dates back to May of this year, the hackers have targeted more than 140 technology companies including those that manage or resell cloud-computing services, according to new research from Microsoft Corp. The attack, which was successful with as many as 14 of these technology companies, involved unsophisticated techniques like phishing or simply guessing user passwords in hopes of gaining access to systems, Microsoft said.

***SolarWinds Hackers Accessed US Justice Department Email ...

Source: In a recent blog post to the company’s website, Microsoft’s corporate vice president of customer security and trust, Tom Burt, wrote that “state actor Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.”

Nobelium is “attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,” according to the company.

Burt wrote that 609 Microsoft customers had been informed that they’d been attacked between July and October of this year close to 23,000 times “with a success rate in the low single digits.”

The attacks, according to the executive, were not aimed at a specific flaw in any of the systems, rather, they were “password spray and phishing” attacks, which are aimed at stealing credentials that grant the attackers access to privileged information.

The Russian state-backed hacking group is, according to Burt, “trying to gain long-term, systematic access to a variety of points in the technology supply chain, and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government.”

***

Over 600 Microsoft customers targeted since July

“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium,” said Tom Burt, Corporate Vice President at Microsoft.

“We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.”

As Burt added, in all, more than 600 Microsoft customers were attacked thousands of times, although with a very low rate of success between July and October.

“These attacks have been a part of a larger wave of Nobelium activities this summer. In fact, between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits,” Burt said.

“By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years.”

Nobelium MSP attacks
Nobelium MSP attacks (Microsoft)

This shows that Nobelium is still attempting to launch attacks similar to the one they pulled off after breaching SolarWinds’ systems to gain long-term access to the systems of targets of interest and establish espionage and exfiltration channels.

Microsoft also shared measures MSPs, cloud service providers, and other tech orgs can take to protect their networks and customers from these ongoing Nobelium attacks.

Nobelium’s high profile targets

Nobelium is the hacking division of the Russian Foreign Intelligence Service (SVR), also tracked as APT29, Cozy Bear, and The Dukes.

In April 2021, the U.S. government formally blamed the SVR division for coordinating the SolarWinds “broad-scope cyber espionage campaign” that led to the compromise of multiple U.S. government agencies.

At the end of July, the US Department of Justice was the last US govt entity to disclose that 27 US Attorneys’ offices were breached during the SolarWinds global hacking spree.

In May, the Microsoft Threat Intelligence Center (MSTIC) also reported a phishing campaign targeting government agencies from 24 countries.

Earlier this year, Microsoft detailed three Nobelium malware strains used for maintaining persistence on compromised networks: a command-and-control backdoor dubbed ‘GoldMax,’ an HTTP tracer tool tracked as ‘GoldFinder,’ a persistence tool and malware dropper named ‘Sibot.’

Two months later, they revealed four more malware families Nobelium used in their attacks: a malware downloader known as ‘BoomBox,’ a shellcode downloader and launcher known as ‘VaporRage,’ a malicious HTML attachment dubbed ‘EnvyScout,’ and a loader named ‘NativeZone.’

Supply Chain Crisis and Where is the Defense Production Act?

Posted on by

What is the Defense Production Act?

The Defense Production Act is the primary source of presidential authorities to expedite and expand the supply of materials and services from the U.S. industrial base needed to promote the national defense. DPA authorities are available to support: emergency preparedness activities conducted pursuant to title VI of the Stafford Act; protection or restoration of critical infrastructure; and efforts to prevent, reduce vulnerability to, minimize damage from, and recover from acts of terrorism within the United States. DPA authorities may be used to:

  • Require acceptance and preferential performance of contracts and orders under DPA Title I. (See Federal Priorities and Allocations System (FPAS).)
  • Provide financial incentives and assistance (under DPA Title III) for U.S. industry to expand productive capacity and supply needed for national defense purposes;
  • Provide antitrust protection (through DPA voluntary agreements in DPA Title VII) for businesses to cooperate in planning and operations for national defense purposes, including homeland security.

But national security? Yes. We remain the midst of the Covid 19 pandemic and those affected could and often are our protectors, not only medically but when it comes to legally or militarily.

While we are fretting over shortages and necessities in our daily lives there are two real areas of major concern, they are medicines and micro-chips (semiconductors) used for advanced technology of many varieties.

China Is Getting Ready to Take On the World's Biggest ...

Basic medicines in use either by prescription or over the counter are manufactured in Asia, mostly China that is. It is a fact we learned in the early days of the pandemic. Imagine now that we are faced with a shortage of antibiotics, insulin, aspirin or Lasix and Dyazide. Could we once again face personal protection equipment shortages?

DOD Announces $74.9 Million in Defense Production Act ...

When it comes to semiconductors, the following is important to know:

In part from a senate committee: To mitigate supply chain risks and ensure that semiconductors used in sensitive military systems do not have malware embedded in them, in 2004 the Department of Defense established the “Trusted Foundry Program.” Under this program the government identifies companies deemed secure and trustworthy enough to produce chips exclusively for the military. Two facilities currently operate under this program, one in Vermont and one in New York.

The program only produces a small percentage of the nearly 2 billion semiconductors DOD acquires each year. Some observers have expressed concern that the trusted foundries are falling behind technologically compared to commercial fabrication facilities in East Asia. This could leave the U.S. military at a technological disadvantage to China and other countries that buy superior chips.

In 2017, the Defense Advanced Research Projects Agency launched the Electronics Resurgence Initiative, which seeks to address market and technological trends and challenges in the microelectronics sector.

Sounds shaky right? It is as we need results and we need them now. So where is that order by the Biden administration for the Defense Production Act which would jump start real action in all the various reasons for the log jam at ports around the United States? There is no one single reason for the cargo ships being stacked up in Long Beach, Los Angeles, Port Houston, Savannah to name a few.

The United States can relieve the cargo pressures immediately by deploying the National Guard, signing waivers on regulations and by stopping all the financial payments that encourage people to simply not go to work.


The BBC reports in part: 

The shortages hitting countries around the world

A “perfect storm” in China is hitting shoppers and businesses at home and overseas.

It is affecting everything from paper, food, textiles and toys to iPhone chips, says Dr Michal Meidan from the Oxford Institute for Energy Studies.

She says these items “may end up being in short supply this Christmas”.

Then there is the Department of Transportation and the Secretary has been absent….his involvement in this?

Maritime administration –>

U.S. maritime ports are critical links in the U.S. domestic and international trade supply-chain.  Ports serve as centers of commerce where freight and commodities are transferred between cargo ships, barges, trucks, trains, and pipelines.

The Port Infrastructure Development Program supports the efficient movement of commerce upon which our economy relies through discretionary grant funding that helps strengthen, modernize, and improve our country’s maritime systems and gateway ports. Grants are awarded on a competitive basis and support the Nation’s long-term economic vitality.

Port Infrastructure Development grants provide planning, operational and capital financing, and project management assistance to improve port capacity and operations.

Authorization History

The Port Infrastructure and Development Program was authorized by Congress as part of the National Defense Authorization Act for Fiscal Year 2010 (Public Law 111-84). The legislation states that “The Secretary of Transportation, through the Maritime Administrator, shall establish a port infrastructure development program for the improvement of port facilities.”

The law specifically authorizes the Administrator to:

  1. Receive funds provided for the project from Federal, non-Federal, and private entities that have a specific agreement or contract with the Administrator to further the purposes of this subsection;
  2. Coordinate with other Federal agencies to expedite the process established under the National Environmental Policy Act of 1969 (42 U.S.C. 4321 et seq.) for the improvement of port facilities to improve the efficiency of the transportation system, to increase port security, or to provide greater access to port facilities;
  3. Seek to coordinate all reviews or requirements with appropriate local, State, and Federal agencies; and
  4. Provide such technical assistance and financial assistance, including grants, to port authorities or commissions or their subdivisions and agents as needed for project planning, design, and construction.

The authorizing legislation also established a Port Infrastructure Development Fund for use by the Administrator in carrying out projects under the program. The fund is available for the Administrator to:

  1. Administer and carry out projects under the program;
  2. Receive Federal, non-Federal, and private funds from entities which have specific agreements or contracts with the Administrator; and
  3. Make refunds for projects that will not be completed.

There are also additional legislative provisions for the crediting and transfer of monies into the fund.

 

The Cancelled Hypersonic Development has the U.S. Scrambling until the Space Force

Posted on by

Primer: China is signaling that a stunning new missile test that reportedly surprised U.S. intelligence officials was not designed to accelerate an arms race with the West but rather to grant Beijing a strategic advantage to seize control of the Taiwan Straits and other hotly contested territory in its region.China tests hypersonic missile, surprises US intelligence .... source

The country’s English-language Global Times, considered a mouthpiece for the Chinese Communist Party, did not directly confirm details from a bombshell report in the Financial Times over the weekend that Beijing had successfully tested a nuclear-capable hypersonic missile in August. However, after repeating many of the report’s key details in an op-ed released late Sunday, it added that, if true, they amount to “a new blow to the U.S.’ mentality of strategic superiority over China.”

“China’s military buildup will focus on the Taiwan Straits and the South China Sea,” the op-ed stated, after claiming China does not seek to challenge America’s dominant military position globally. “It is inevitable that China will take an upper hand over the U.S. military strength in these areas thanks to the geographical proximity and the continuous increase of China’s input.” More detail here.

***

Although there were challenges on advanced weapons systems development, it was not until the Trump administration was there direction and funding included too by the establishment of the Space Force.

Lockheed Martin expects to have hypersonics sales of USD1.5 billion in 2021, up 25% from USD1.2 billion in 2020, said Kenneth Possenriede, the US defence contractor’s chief financial officer.

Several Lockheed Martin programmes are poised to achieve key development milestones or ramp up production over the next few years, fuelling revenue increases. Although one programme, the Hypersonic Conventional Strike Weapon (HCSW), was cancelled by the US Air Force last year, the funding has shifted to other Lockheed Martin efforts, said Possenriede.

“We had a couple risk retirements at the end of the year, so our programmes are performing,” he said.

Lockheed Martin is also growing its hypersonics revenue through acquisitions, such as its November 2020 purchase of the Hypersonics portfolio of US-based Integration Innovation Inc (i3). The proposed acquisition of US-based rocket engine maker Aerojet Rocketdyne for USD4.4 billion would also bolster Lockheed Martin’s hypersonics capabilities.

Possenriede made his comments as Lockheed Martin reported that its total net sales rose 7.3% to USD17 billion in the fourth quarter of 2020. All four of the company’s business segments saw strong sales gains. Net earnings totalled USD1.8 billion in the fourth quarter, up 19.6% from the same period in 2019.

Despite operational and supply chain challenges caused by the coronavirus, Lockheed Martin’s net sales for 2020 climbed 9.3% to USD65.4 billion, while its net earnings jumped 9.7% to USD6.8 billion. The company ended the year with a USD147.1 billion backlog, up more than USD3 billion from 2019. source

***Hypersonic Weapons Are Literally Unstoppable (As In ...

RELATED READING: R&D of advanced weapons systems to compete with China

Known as HCSW (pronounced “Hacksaw”) was defunded in order to shift resources to its other program, the Air-launched Rapid Response Weapon (ARRW). Both prototypes are designed by Lockheed Martin Corp.

“Due to budget priorities, the Air Force down-selected to one hypersonic weapon prototyping effort this year,” spokeswoman Ann Stefanek said. Instead, she said, the service will concentrate efforts on ARRW, which is “on track for an early operational capability in fiscal 2022.”U.S. military unveils hypersonic weapon that travels 5 ...

Given the complexity of the threat, and the pace at which potential adversaries are evolving hypersonic weapons, it is by no means surprising that Mozer said Space Force and Air Force Research Laboratory are working closely with the Navy, Defense Advanced Research Projects Agency and Missile Defense Agency to share developmental data and technologies with a mind to maturing interoperable, multi-domain defensive systems able to track and ultimately deter hypersonic attacks.

The U.S. has Agreed to Financial Aid to Afghanistan

Posted on by

An interagency delegation of U.S. officials met this weekend with senior representatives with the Taliban and called the two-day meeting in Doha “candid and professional,” a statement from the State Department obtained by Fox News read.

The meetings covered a lot of ground and ranged from terrorism concerns to human rights in the country. The statement said the delegation also called for the safe passage for U.S. citizens and others in the country.

The U.S. delegation—once again—told the Taliban that they will be judged on their actions, not only their words, Ned Price, the spokesman, said.

Taliban political spokesman Suhail Shaheen told the Associated Press there would be no cooperation with Washington on containing the increasingly active Islamic State group in Afghanistan.

IS has taken responsibility for a number of recent attacks, including a suicide bombing Friday that killed 46 minority Shiite Muslims and wounded dozens as they prayed in a mosque in the northern city of Kunduz.

Last month, the White House said there is “no rush” to recognize the Taliban as the official government of Afghanistan, saying that recognition from the U.S. will be “dependent” on their actions, as the group announced the formation of its new government.

***

Afghanistan’s state power company has appealed to a United Nations-led mission to give $90 million to settle unpaid bills to Central Asian suppliers before electricity gets cut off for the country given that the three-month deadline for payments has passed. source

Afghanistan's Crippled Power Grid Exposes Vulnerability of Besieged Capital - The New York Times source

(AP) — A month after the fall of Kabul, the world is still wrestling with how to help Afghanistan’s impoverished people without propping up their Taliban leaders — a question that grows more urgent by the day.

With the Afghan government severed from the international banking system, aid groups both inside Afghanistan and abroad say they are struggling to get emergency relief, basic services and funds to a population at risk of starvation, unemployment and the coronavirus after 20 years of war.

Among the groups struggling to function is a public health nonprofit that paid salaries and purchased food and fuel for hospitals with contributions from the World Bank, the European Union and the U.S. Agency for International Development. The $600 million in funds, which were funneled through the Afghan Health Ministry, dried up overnight after the Taliban took over the capital.

Now, clinics in Afghanistan’s eastern Khost Province no longer can afford to clean even as they are beset with COVID-19 patients, and the region’s hospitals have asked patients to purchase their own syringes, according to Organization for Health Promotion and Management’s local chapter head Abdul Wali.

“All we do is wait and pray for cash to come,” Wali said. “We face disaster, if this continues.”

Donor countries pledged during a United Nations appeal this week to open their purse strings to the tune of $1.2 billion in humanitarian aid. But attempts by Western governments and international financial institutions to deprive the Taliban-controlled government of other funding sources until its intentions are clearer also has Afghan’s most vulnerable citizens hurting.

The World Bank, the International Monetary Fund and the European Union suspended financing for projects in Afghanistan, and the United States froze $7 billion in Afghan foreign reserves held in New York. Foreign aid to Afghanistan previously ran some $8.5 billion a year — nearly half of the country’s gross domestic product.

 

Naval Engineer Arrested for Passing Classified Submarine Data to Foreign Entity

Posted on by
His code name is Alice. Making use of dead drops tells he watched too many Hollywood movies.
FOR IMMEDIATE RELEASE
Sunday, October 10, 2021

Maryland Nuclear Engineer and Spouse Arrested on Espionage-Related Charges

Jonathan and Diana Toebbe, both of Annapolis, Maryland, were arrested in Jefferson County, West Virginia, by the FBI and the Naval Criminal Investigative Service (NCIS) on Saturday, Oct. 9. They will have their initial appearances on Tuesday, Oct. 12, in federal court in Martinsburg, West Virginia. For almost a year, Jonathan Toebbe, 42, aided by his wife, Diana, 45, sold information known as Restricted Data concerning the design of nuclear-powered warships to a person they believed was a representative of a foreign power. In actuality, that person was an undercover FBI agent. The Toebbes have been charged in a criminal complaint alleging violations of the Atomic Energy Act.

“The complaint charges a plot to transmit information relating to the design of our nuclear submarines to a foreign nation,” said Attorney General Merrick B. Garland. “The work of the FBI, Department of Justice prosecutors, the Naval Criminal Investigative Service and the Department of Energy was critical in thwarting the plot charged in the complaint and taking this first step in bringing the perpetrators to justice.”

Jonathan Toebbe is an employee of the Department of the Navy who served as a nuclear engineer and was assigned to the Naval Nuclear Propulsion Program, also known as Naval Reactors. He held an active national security clearance through the U.S. Department of Defense, giving him access to Restricted Data. Toebbe worked with and had access to information concerning naval nuclear propulsion including information related to military sensitive design elements, operating parameters and performance characteristics of the reactors for nuclear powered warships.

The complaint affidavit alleges that on April 1, 2020, Jonathan Toebbe sent a package to a foreign government, listing a return address in Pittsburgh, Pennsylvania, containing a sample of Restricted Data and instructions for establishing a covert relationship to purchase additional Restricted Data. The affidavit also alleges that, thereafter, Toebbe began corresponding via encrypted email with an individual whom he believed to be a representative of the foreign government. The individual was really an undercover FBI agent. Jonathan Toebbe continued this correspondence for several months, which led to an agreement to sell Restricted Data in exchange for thousands of dollars in cryptocurrency.

On June 8, 2021, the undercover agent sent $10,000 in cryptocurrency to Jonathan Toebbe as “good faith” payment. Shortly afterwards, on June 26, Jonathan and Diana Toebbe traveled to a location in West Virginia. There, with Diana Toebbe acting as a lookout, Jonathan Toebbe placed an SD card concealed within half a peanut butter sandwich at a pre-arranged “dead drop” location. After retrieving the SD card, the undercover agent sent Jonathan Toebbe a $20,000 cryptocurrency payment. In return, Jonathan Toebbe emailed the undercover agent a decryption key for the SD Card. A review of the SD card revealed that it contained Restricted Data related to submarine nuclear reactors. On Aug. 28, Jonathan Toebbe made another “dead drop” of an SD card in eastern Virginia, this time concealing the card in a chewing gum package. After making a payment to Toebbe of $70,000 in cryptocurrency, the FBI received a decryption key for the card. It, too, contained Restricted Data related to submarine nuclear reactors. The FBI arrested Jonathan and Diana Toebbe on Oct. 9, after he placed yet another SD card at a pre-arranged “dead drop” at a second location in West Virginia.

Trial Attorneys Matthew J. McKenzie and S. Derek Shugert of the National Security Division’s Counterintelligence and Export Control Section, Assistant U.S. Attorneys Jarod J. Douglas and Lara Omps-Botteicher of the Northern District of West Virginia, and Special Assistant U.S. Attorney Jessica Lieber Smolar for the Western District of Pennsylvania are prosecuting the case on behalf of the government. The FBI and the NCIS are investigating the case.