Intel Reports

Activity Summary - Week Ending on 16 November 2023:

• Red Sky identified 27,491 connections from ‘new’ unique IP addresses
• Amazon NoVa in Virginia hit 24x
• 31 ‘new’ Botnets hits
• Predator AI
• Tkinter-based GUI
• The GPTj Class
• StealerBuilder
• CozyBear
• UK fake AI audio clips
• Denmark Govt Hit – SektorCERT Brief

Red Sky Alliance Compromised (C2) IP’s 

On 15 November 2023, Red Sky Alliance identified 27,491 connections from new unique IP addresses, which are checking in with one of the many Red Sky Alliance sinkholed domains.

Red Sky Alliance Malware Activity   

For a full black list – contact analysts: info@redskyalliance.com

Red Sky Alliance Botnet Tracker

On 15 November 2023, analysts identified 31 new IP addresses participating in various botnets (call for full .csv Blacklists, below are only a small sampling of botnet trackers). 

Keylogger IOCs available upon request. 

MALICIOUS CYBER TRENDS:

Predator AI is advertised through Telegram channels related to hacking. The main purpose of Predator is to facilitate web application attacks against various commonly used technologies, including content management systems (CMS) like WordPress, as well as cloud email services like AWS SES. However, Predator is a multi-purpose tool, much like the AlienFox and Legion cloud spamming toolsets. These toolsets share considerable overlap in publicly available code that each repurposes for their brand’s own use, including the use of Androxgh0st and Greenbot modules.

Predator is an actively developed project. In September 2023, a member of the primary Telegram channel inquired about Predator adding a Twilio account checker, to which the developer replied they could deliver in about 2 weeks. In October, the developer posted an update showing the new Twilio checking feature. The version we analyzed has Twilio features, which suggests it is a recent build.[1]

At the top of the script, there is a message from the developer which states that the tool is protected by copyright law. The message also has a disclaimer saying the tool is for educational purposes and the author does not condone any illegal use.

Developer’s message at the top of the Predator script

Targeting & Technical Details:  Predator is a Python application with over 11,000 lines. The application runs entirely through a Tkinter-based graphical user interface (GUI): there is no standalone command line interface (CLI) mode, which distinguishes Predator from many similar tools. The Tkinter approach requires several JSON configuration files.

Predator GUI

The script has 13 global classes defined, which roughly segment the different features.

Predator has features that can be used to attack many popular web services and technologies, including:

Predator’s web application attacks look for common weaknesses, misconfigurations or vulnerabilities in Cross Origin Resource Sharing (CORS), exposed Git configuration, PHPUnit Remote Code Execution (RCE), Structured Query Language (SQL), and Cross-Site Scripting (XSS).

The following technologies are targeted:

• Drupal
• Joomla
• Laravel
• Magento
• OpenCart
• osCommerce
• PrestaShop
• vBulletin
• WordPress

Variables that hold output from web service scanning features

Laravel environment parsing

Predator AI | The GPTj Class:  The GPTj class contains the ‘Predator AI’ feature, which is a chat-like text processing interface that connects the user to Predator’s features.  The actor designed Predator AI to try to find a local solution first before querying the OpenAI API, which reduces the API consumption.  This class searches the user’s input for strings associated with a known use case centered around one of Predator’s web application and cloud service hacking tools.  There are more than 100 cases where Predator handles the data internally or through a free third-party service, such as an IP reputation lookup service.  This class contains several partially implemented utilities related to AWS SES and Twilio, as well as utilities to get information about IP addresses and phone numbers.

Predator queries the ChatGPT API only when there is no test case to handle the input. There are several driving functions defined inside this class that handle the activity flow or enable ChatGPT interaction:

• generate_text

This function requires two arguments: prompt and api_key.  The function uses the OpenAI model text-davinci-003 with a maximum token length of 400 and temperature 0.7.  The code makes a POST request to https://api.openai.com/v1/completions and returns the result for handling via the Tkinter UI.

generate_text function in GPTj class

Ai_Backend - This function takes one argument, usrMsg.  This code contains the hardcoded OpenAI API key and calls the generate_text function on the usrMsg object with the API Key.  The OpenAI server response is returned.

aiRes - This function takes two arguments, msg and patch.  This function only calls Ai_Backend–and OpenAI as a result–when the patch argument is equal to 0, or not given.  Predator has 106 references to aiRes and each reference has a patch value that should not equal 0.  This means the OpenAI functionality is designed to handle edge cases that the script has not natively handled.  The function processes whether a patch is present and modifies the UI result based on the length of the response from OpenAI or the patched result.

ChatEvent - This function contains the modular utilities offered by the class. It takes no arguments.

ChatEvent function’s help message highlights the different utilities it offers

When the user command is not routed to ChatGPT, several functions handle the request locally or through alternate API calls. We break them down by category.

AWS Features - Though the core utility is present, not all of the following functions are called inside the script, suggesting the developer is still working on these features.  This code has significant overlap with AlienFox, Legion, and other earlier iterations of these tools. Based on what is currently in the script, there is no indication that AWS-related data would be sent to the ChatGPT service.  Instead, the script parses the input for the presence of aws.c and calls the following functions when present.  If these features were fully implemented, the attacker could use them to perform the following when they have valid AWS account credentials:

• Check for all email accounts in an AWS SES environment.
• Check send quotas.
• Create a new account, assign administrative privileges, and delete the old account.

TwilioChecker - This function queries https://api.twilio.com/2010-04-01/Accounts.json with SID and token as arguments.  If "message":"Authenticat" is not in the response, the script parses the response for the fields status, type, and balance. If “status” is not in the response, the script parses the response for balance and currency fields.  If status returns as active, the script logs the values of SID, TOKEN,  TYPE,  STATUS,  BALANCE to the file Result/TwilioChecker/result.txt.

GhostTrack - There are several other utilities nested under a function named GhostTrack.

• IP_Track: Collects information about a given IP address via the ipwho[.]is
• phoneGW: Uses the phonenumbersPython module to format input phone numbers in a standard way and check information about the phone number, such as whether it is a landline or mobile number.
• TrackLu: Checks one of 23 social media services for a username matching the input argument. The function checks for a 200 status code, which is not effective in the case of private profiles and there are likely many site-specific edge cases.
• checkIP: Queries abuseipdb[.]comto collect information about the given IP address related to abuse metrics, such as an abuse confidence score.

The author included several conditions to handle a user query about the nature of the chat utility, along with a statement that claims the author spent three days developing this feature.

Message inside GPTj class
A query given through the Predator AI interface and the response from ChatGPT fed into the UI

StealerBuilder - This class contains configuration variables to build an infostealer.  On 16 October 2023, the project developer posted a video about Predator that shows the Stealer build process.  A user asked if the resulting executable is fully undetectable, to which the developer replied, “Of course.”

The stealer can be configured to use Discord or Telegram webhooks for C2.  The operator can specify an existing executable to insert the infostealer code into.  During testing, we were unable to successfully use this feature as the required configuration files were not available.  The features visible in the script we analyze indicate that Predator parses files from a Scripts directory and uses those to build either a Windows Portable Executable (PE) file or a Python script version of the stealer module.

StealerBuilder configuration variables

Conclusion:  The discovery of Predator AI is an entirely expected evolution that has previously been undocumented in the hacktool space.  Since the recent wave of AI technologies entered the public domain, security professionals have questioned whether this technology was already aiding threat actors and how it could be used to scale actor operations.  There were several projects like BlackMamba that ultimately were more hype than the tool could deliver.  Predator AI is a small step forward in this space: the actor is actively working on making a tool that can utilize AI.  While Predator AI is likely somewhat functional, this integration does not substantially increase an attacker’s capability.  The feature has not yet been advertised on the actor’s Telegram channel, and there are likely many edge cases that make it unstable and potentially expensive.

Like other cloud service attack tools, organizations can reduce the impacts from these tools by keeping web services patched and up to date, as well as keeping internet access restricted to what is necessary.  Use cloud security posture management (CSPM) tools to validate that configurations are secure. Consider dedicated logging and detections for anomalous behaviors on cloud service provider (CSP) resources, such as new user accounts being added and deletion of another user account immediately after.

Indicators of Compromise:

• SHA-1 Hash
• 88d40f86eefee5112515b73cce2d2badb7f49ffd – main.py Predator Python script
• Hardcoded Strings
• “jSDSgnditikunggobloktolol” – hardcoded AWS account name string
• “titid” – hardcoded username in AWS GPT functionality
• “Adminn” – hardcoded username in AWS GPT functionality
• “Predator123” – hardcoded password from the Settings class
• “admainkontolpaslodsajijsd21334#1ejeg2shehhe” – hardcoded password for ‘Kontolz’ user account
• arn:aws:iam::320406895696:user/Kontolz – example ARN for Kontolz user

GLOBAL TRENDS:

Russian Bears - Cyber-espionage operation on embassies linked to Russia’s Cozy Bear hackers.  Russian state-sponsored hackers have targeted embassies and international organizations in a recent cyber-espionage campaign, Ukrainian government cybersecurity researchers have found.  The attacks were attributed to the infamous hacker group labeled APT29, also known as Cozy Bear or Blue Bravo.  Analysts previously have linked it to Russia's Foreign Intelligence Service (SVR), which gathers political and economic information from other countries.

The campaign, analyzed by Ukraine’s National Cyber Security Coordination Center (NCSCC), occurred in September of this year.  The group used similar tools and tactics in its previous campaigns, particularly during an operation against embassies in Kyiv in April.  The most recent operation had “the primary goal of infiltrating embassy entities,” the NCSCC said, including targets in Azerbaijan, Greece, Romania and Italy. Another victim was the major Greek internet provider Otenet, the NCSCC said.

Diplomatic accounts, especially those associated with the foreign affairs ministries in Azerbaijan and Italy, suffered the most, according to researchers. One possible reason is that Russian intelligence was attempting to gather information regarding Azerbaijan's strategic activities, especially leading up to the Azerbaijani invasion of the Nagorno-Karabakh region.  In total, APT29’s campaign targeted over 200 email addresses, but it's not clear how many attacks were successful.

Tactics and techniques - APT29 exploited a recently discovered vulnerability in the Windows file archiver tool WinRAR. Identified as CVE-2023-3883, the bug was utilized by state-controlled hackers connected to Russia and China in early 2023 before being patched. Unpatched versions of the tool remain vulnerable.  According to NCSCC, this vulnerability still “poses a significant threat” as it allows attackers to execute arbitrary code through the exploitation of a specially crafted ZIP archive.

In the recent campaign, Cozy Bear sent victims phishing emails containing a link to a PDF document and a malicious ZIP file that exploits the vulnerability, potentially granting attackers access to the compromised systems.  To convince their targets to open malicious files, the hackers created emails claiming to have information about the sale of diplomatic BMW cars.  The same lure was used during the group’s attack on the embassies in Kyiv this spring.  In this campaign, the attackers introduced a novel technique for communicating with the malicious server, researchers said. In particular, they used a legitimate tool called Ngrok that allows users to expose their local servers to the internet.  Ngrok is commonly used during web development and testing to provide temporary public URLs for local web servers but cybercriminals deployed it to obfuscate their activities and communicate with compromised systems while evading detection.  By exploiting Ngrok's capabilities in this way, threat actors can further complicate cybersecurity analysis and remain under the radar, making defense and attribution more challenging, NCSCC said.

Cozy Bear’s previous attacks - During the war in Ukraine, APT29 has carried out cyberattacks against the Ukrainian military and its political parties, as well as diplomatic agencies, think tanks and nonprofit organizations.  This April, for example, the group launched a spying campaign targeting foreign ministries and diplomatic entities in NATO countries, the European Union and, “to a lesser extent,” Africa.  The hackers' tactics were like those used in the September campaign.  In particular, they sent phishing emails impersonating the embassies of European countries to specific personnel, usually including a malicious link either in the body of the message or an attached PDF inviting the target diplomat to access the ambassador's calendar.  APT29 has been blamed for several high-profile incidents prior to the war, including the SolarWinds supply chain attack in 2020 that affected thousands of organizations globally and led to a series of data breaches.

UK - Tom Tugendhat, Britain’s minister of state for security and a Conservative Party politician decried on Tuesday AI-generated fake audio clips that intended to damage the reputations of high-profile opposition politicians in the United Kingdom.  The minister, who chairs a government task force focused on protecting the country’s democratic integrity from foreign interference, warned that both visual and audio fakes were “something that we’re seeing appear more and more,” and described the increase as “a real challenge,” although he did not attribute the recent smears to a foreign power.[2]

In a bipartisan message delivered onstage at Recorded Future’s Predict 2023 conference in London, Tugendhat warned that two recent attempts to “besmirch” both Keir Starmer, the Labor Party leader, and Sadiq Khan, the Labor Party mayor of London, were unlikely to be isolated events and cautioned “no doubt, we’ll see it done to others in the coming days.”  Starmer was targeted by a since-debunked audio clip posted to social media last month, which purported to reveal the politician verbally abusing his staff.  Despite attempts to publicize that the clip was a fake, it was not removed by the social media platform X and the original post has currently been viewed more than 1.6 million times. 

Last week, another faked audio clip impersonating Khan attempted to defame the mayor, who is Muslim, by falsely suggesting he was hostile towards observing Remembrance Day (the British version of Veterans Day) and instead favored a pro-Palestine march set to take place on the same day.

Government response to AI threat - Tugendhat praised the prime minister for the “extraordinarily important” job of brining countries together at the UK’s AI Safety Summit “to discuss some of the challenges that we face,” including those to do with fake media.  The summit also addressed other challenges, as raised by Recorded Future’s chief executive Christopher Ahlberg, regarding whether regulating the companies involved in AI risked consolidating the dominance of market leaders.  The Record is an editorially independent unit of Recorded Future.  “What we’ve got to be aware of is, of course, there are and I know this will be an extraordinary statement to this audience, it is sometimes the case, very occasionally sometimes the case, that companies follow Peter Thiel’s lesson that the purpose of a company is to achieve a monopoly.   And they will look to the government to help secure barriers to entry,” the minister said.  “So we’ve got to be careful that what we’re not doing is creating barriers to innovation or barriers to entry.  What we are doing is making sure that we’re creating an environment in which the genuine risks of artificial intelligence can be discussed and where the opportunities can also be realized.”[3]

The world is now “achieving levels of complexity the likes of which simply couldn’t have been imagined even 15 years ago, let alone 50,” said Tugendhat, adding that it was “simply impossible to understand modern supply chains.”   He referenced the famous 1958 essay I, Pencil by Leonard Read which written from the point of view of the pencil itself which explains how despite the apparent simplicity of the device, “not a single person on the face of this earth knows how to make me,” but instead its existence depended on a remarkable supply chain from tree loggers in Oregon through to mill workers in California and graphite miners in Sri Lanka.   Today, the “making of a car or any other product” is even more complex, said Tugendhat.  “That means that we’ve got to address complexity, we’ve got to have mechanical assistance to complexity.  That mechanical assistance is effectively AI.  How we use it to source to understand and to generate knowledge that is usable what is fundamental to making sure we have an economy that can deliver for everybody,” the minister added.  “Now that is a real challenge, let’s not kid ourselves.  But we do need artificial intelligence to augment human intelligence.  What we also need is to make sure that augmented intelligence is not undermining, threatening, or destroying some of the stability that human civilizations require in order to maintain themselves.”

Denmark - In May, Danish critical infrastructure faced the biggest cyber-attack on record that hit the country, reported SektorCERT, Denmark’s Computer Security Incident Response Team (CSIRT) for the critical infrastructure sectors.  A first wave of attacks was launched on 11 May, then after a short pause, a second wave of attacks began on 22 May.  SektorCERT became aware of the attacks on 22 May.  SektorCERT reported that threat actors compromised the networks of 22 companies operating in the energy infrastructure.  According to the report, 11 companies were immediately compromised.  The attackers exploited zero-day vulnerabilities in Zyxel firewalls used by many critical infrastructure operators in Denmark.

On 25 April 25 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771, in a number of their firewalls.  The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.  A remote, unauthenticated attacker can trigger the flaw by sending specially crafted packets to a vulnerable device and executing some OS commands remotely.  Zyxel released security patches to address the vulnerability and urges customers to install them.  “Improper error message handling in some firewall versions could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.” reads the advisory published by the vendor.  “The vulnerability itself was exploited by sending a single specially crafted data packet to port 500 over the protocol UDP towards a vulnerable Zyxel device.  The packet was received by the Internet Key Exchange (IKE) packet decoder on the Zyxel device.  Precisely in this decoder was the said vulnerability.  The result was that the attacker could execute commands with root privileges directly on the device without authentication.” reported the SektorCERT. “An attack that could be performed by sending a single packet towards the device.  11 companies were compromised immediately.  This means that the attackers gained control of the firewall at these companies and thus had access to the critical infrastructure behind it.”

The SektorCERT experts believe the attackers had detailed information about the targets, likely obtained through a previously undetected reconnaissance activity.  At this time, there was no public information about which organizations were using vulnerable firewalls.

Below is the Cyber Kill Chain for the overall attack described in the report:

Denmark critical infrastructure attack chain

“To this day, there is no clear explanation of how the attackers had the necessary information, but we can state that among the 300 members, they did not miss a single shot.” continues the report.  The experts also pointed out that the attackers were able to attack many companies at the same time, avoiding that impacted infrastructure could have shared information on the attack with peers.  This kind of coordination requires planning and resources.

Threat actors were able to exploit the zero-day flaw in a large-scale campaign, this circumstance suggests the attackers could be an APT group.  Experts believe the attackers have been carried out by multiple threat actors, and at least one can be attributed to the Russia-linked Sandworm group.  The report includes indicators of compromise (IOCs) that have been observed in the attacks.  “Whether Sandworm was involved in the attack cannot be said with certainty. Individual indicators of this have been observed, but we have no opportunity to either confirm or deny it.  A situation which as such is not unusual.  Cyber-attacks are notoriously difficult to attribute to a specific attacker and often it is small, almost insignificant errors from the attacker that can indicate who the attacker may be.  There is therefore no evidence to accuse Russia of being involved in the attack.” concludes the report.  “The only thing we can ascertain is that Danish critical infrastructure is in the spotlight and that cyber weapons are being used against our infrastructure, which require careful monitoring and advanced analysis to detect.”

[1] https://www.sentinelone.com/labs/predator-ai-chatgpt-powered-infostealer-takes-aim-at-cloud-platforms/

[2] https://therecord.media/tom-tugendhat-uk-fake-ai-attempts-against-politicians/

[3] https://voice.ai/hub/use-case/deep-fake-voice-generator/