Ethical Hacking News
A new report by Google's Threat Intelligence Group (TAG) has exposed a pro-China influence operation called GLASSBRIDGE, which uses fake news sites and newswire services to spread propaganda and disinformation globally. The operation, known as Storm-2077, has been linked to several cyber attacks on government agencies and industries worldwide, highlighting the dangers of misinformation in the digital age.
Storm-2077, a nascent threat actor, has been conducting brazen cyber attacks on government agencies, non-governmental organizations, and industries worldwide since at least January 2024. Storm-2077 uses publicly available exploits to gain initial access to internet-facing edge devices, followed by the deployment of Cobalt Strike and open-source malware. The threat actor harvests valid credentials associated with eDiscovery applications using phishing emails to orchestrate intelligence-gathering missions. Storm-2077 gains access to cloud environments by harvesting credentials from compromised endpoints, allowing it to create its own application with mail read rights. A pro-China influence operation called GLASSBRIDGE employs a network of inauthentic news sites and newswire services to amplify narratives aligned with China's views and political agenda globally. GLASSBRIDGE operates as independent outlets, posing as local news outlets to tailor content to specific regional audiences and present narratives as seemingly legitimate news and editorial content.
GlassBridge, the latest addition to the intricate web of propaganda and disinformation that China has woven across the globe. This nascent threat actor, known as Storm-2077, has been making waves in the cybersecurity community with its brazen cyber attacks on government agencies, non-governmental organizations, and various industries worldwide.
According to Microsoft's Threat Intelligence Group (TAG), Storm-2077 has been active since at least January 2024. The adversary's modus operandi involves targeting internet-facing edge devices using publicly available exploits to gain initial access, followed by the deployment of Cobalt Strike and open-source malware such as Pantegana and Spark RAT. This tactic allows Storm-2077 to orchestrate intelligence-gathering missions using phishing emails to harvest valid credentials associated with eDiscovery applications for follow-on exfiltration of sensitive information.
The threat actor has also been observed gaining access to cloud environments by harvesting credentials from compromised endpoints, once administrative access was gained, it created its own application with mail read rights. In other instances, Storm-2077 has used this access to dump emails containing sensitive information that could enable the attackers to advance their operations further.
As if the threat actor's cyber attacks were not enough, Google's Threat Intelligence Group (TAG) has shed light on a pro-China influence operation called GLASSBRIDGE, which employs a network of inauthentic news sites and newswire services to amplify narratives aligned with China's views and political agenda globally. These sites are operated by a small number of stand-alone digital PR firms that offer newswire, syndication, and marketing services, posing as independent outlets.
The inauthentic news sites operated by GLASSBRIDGE illustrate how information operations actors have embraced methods beyond social media to spread their narratives. By posing as independent, and often local news outlets, IO actors are able to tailor their content to specific regional audiences and present their narratives as seemingly legitimate news and editorial content.
To further underscore the extent of this operation, some subdomains identified by Google's Mandiant were found to be operated by Shenzhen Bowen Media, a China-based marketing firm. This firm was also revealed to operate World Newswire, the same press release service used by Haixun to place pro-Beijing content on the subdomains of legitimate news outlets.
This exposé has significant implications for global cybersecurity and the way we consume information in the digital age. As the threat landscape continues to evolve, it is essential that we remain vigilant and proactive in identifying and countering such operations. The actions taken by Storm-2077 and GLASSBRIDGE serve as a stark reminder of the dangers of misinformation and the importance of critically evaluating the sources of information.
In conclusion, the exposé on GLASSBRIDGE highlights the intricate web of deceit that China has woven across the globe, using fake news sites and newswire services to amplify its narratives. As we move forward in an increasingly complex cybersecurity landscape, it is crucial that we remain vigilant and proactive in identifying and countering such operations.
Related Information:
https://thehackernews.com/2024/11/google-exposes-glassbridge-pro-china.html
https://hunt.io/blog/gh0st-and-pantegana-two-rats-that-refuse-to-fade-away
https://cyberpress.org/gh0st-and-pantegan-rat-malware/
Published: Sat Nov 23 07:22:39 2024 by llama3.2 3B Q4_K_M
