The Daily Decrypt
The Daily Decrypt
Google’s AI Search Scams, Sanctions on APT31 Hackers, Discord Bot Supply Chain Poisoning - CyberSecurity News
Loading
/

The recent U.S. and UK sanctions against China-linked hackers targeting critical infrastructure, the unforeseen risks of Google’s AI search algorithms promoting malware, and a sophisticated supply chain attack compromising the Discord bot platform. Learn about the multifaceted challenges and strategies at play in safeguarding our digital landscape.

Timestamps:

  • [00:00] Introduction
  • [00:01:08] Protecting Yourself from Malicious Browser Notifications
  • [00:04:04] The Impact of Sanctions on US Critical Infrastructure Protection
  • [00:06:28] The Threat to Python Developers: Supply Chain Attacks
  • [00:08:46] Closing Thoughts and Social Media Engagement

Key Points:

  • Delve into the actions taken by the U.S. and UK against the clandestine maneuvers of China’s APT 31, threatening the core of American critical infrastructure.
  • Uncover the alarming revelation of Google’s AI-driven search results inadvertently leading users to malware-infested sites.
  • Examine the intricate supply chain assault on the largest Discord bot platform, a stark reminder of the persistent threats in the digital realm.

Explore More: For a deeper understanding of the episodes discussed, please visit the original articles:

Feedback: We invite our listeners to share their insights and experiences. How do these developments impact your view on digital security, and what measures do you think can enhance our defense against such cyber threats?

Follow us on Instagram @the_daily_decrypt

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

Tags for This Episode:

cybersecurity, sanctions, China, hackers, critical infrastructure, U.S. Treasury, Google AI, malware, scams, Discord bot, supply chain attack, APT 31, Google Search Generative Experience, phishing, tech support scams, iPhone giveaways, cyber threats, digital security, OFAC, UK sanctions, Python package, GitHub

Search Phrases That Should Lead to This Episode:

  • U.S. and UK sanctions against Chinese hackers
  • Impact of Google AI on search safety
  • Discord bot platform compromised by hackers
  • Strategies to combat cybersecurity threats in critical infrastructure
  • Latest actions by OFAC against cyber espionage
  • Understanding Google’s AI search vulnerabilities
  • How malware is spreading through Discord bots
  • Cybersecurity measures against APT 31 operations
  • Dealing with tech support and iPhone giveaway scams
  • Enhancements in digital security against cyber attacks
  • Exploring the Treasury’s sanctions on China-linked cyber activities
  • Effects of Python package and GitHub account compromises
  • Cyber threats targeting U.S. critical infrastructure sectors
  • Insights on global collaboration to fight cyber threats

Transcript:

00:00:05] Introduction to Today’s Tech News

Welcome back to the Daily Decrypt. Google’s latest AI search feature,

known as the Search Generative Experience, is inadvertently guiding users to scam websites, exposing them to all kinds of malware and deceptive practices.

How can you stay safe from these AI generated search suggestions?

In other news, hackers have launched an attack against the Discord community, compromising GitHub accounts and poisoning entire supply chains with malware infected Python packages, risking the personal data of developers and consumers alike.

And finally, the U. S. Department of Treasury takes a bold stance and sanctions a Wuhan based company and two Chinese nationals, all linked to the notorious APT31 hacking group, for cyber operations that threaten the critical infrastructure in the United States. And if you’ve been listening for a while, you’ve heard Lots of White House guidance about protecting critical infrastructure. Well, how is this going to affect that? Stick around to find out.

[00:01:08] Protecting Yourself from Malicious Browser Notifications

Google’s new AI powered search generative experience is inadvertently promoting scam sites that can mislead users with fake giveaways and malware.

These scam sites often redirect users through multiple pages, eventually leading them to fake giveaways or sites pushing unwanted software and browser extensions. Some of the scams that I’ve seen include fake tech support alerts and iPhone giveaways,

but Google acknowledges the challenge of keeping spam out of search results and is continuously updating its systems to combat these scams.. , So some things to look out for are really anything generated by AI in your search results, which you’ll see at the top, Google’s really pushing it for some reason,

probably continue to use Google as it was created to be used, going through the search engines yourself, use caution, but you will see redirects to YouTube videos or fake captchas is a really common thing by giving you that sense that. Your identity is being verified by this captcha. It’s just a tactic from scammers.

So if you see a captcha, maybe even look more scrutinously because it is a tactic. You’ll also see the top level domain like com or org, but for these ads, you’ll see online a lot.

But yeah, it’s pretty interesting. There have been recent campaigns to poison Google search results. By using generative content. I mean, Google is just pulling from the internet and what’s a lot of the internet scams and AI is having a hard time figuring this out. They’re even like posting Craigslist ads.

Like if you search for Australian Shepherd, there’s a screenshot in the article linked below that points you to Craigslist where there’s an Australian Shepherd for sale. Great!

You might also get those pop ups when you use Google Chrome that asks if you want to allow the browser to send you notifications, allow or deny. I personally hate those , but this is another tactic being used by attackers to send you unwanted spam. Once you click that allow, they can send you whatever.

they want. Continuously trying to trick you into clicking. So for those of you listening out there, I didn’t know this before now, but you can actually go into the Google Chrome settings and

see all of the sites you’ve allowed to send you notifications. You just go to Chrome, Settings, Content, and Notifications. Under Allowed to Send Notifications you will see a list of sites that you have subscribed to Browser Notifications.

So make sure that’s only. websites that you trust. I like having my youtube. com notifications on both as a creator and a consumer. Facebook, Instagram, what else do you really need notifications for? So until AI has fully taken over the world, probably don’t trust it when doing your searches and try to avoid clicking allow on browser notifications on Google Chrome.

[00:04:04] The Impact of Sanctions on US Critical Infrastructure Protection

The U. S. Department of the Treasury has imposed sanctions on Wuhan Science and Technology Company, Wuhan XRZ, and two Chinese nationals for cyber operations endangering U. S. national security, focusing on U. S. critical infrastructure sectors. So this is probably what has led to all of this guidance coming out of the White House on how to protect against attacks on our critical infrastructure because they’ve been seeing these attacks.

and analyzing them and providing this guidance. This move is in response to activities linked to the Chinese state sponsored APT31 group, which has targeted a broad range of U. S. national security components, including high ranking officials and critical sectors such as defense, information technology, and energy.

The sanctions that have been imposed block all property and interests in property of the designated persons and entities within the U. S. and prohibit transactions with them unless authorized by OFAC.

Some past activities from this hacking group, APT31, include spearfishing campaigns against the U. S. Naval Academy and the U. S. Naval War College’s China Maritime Studies Institute, demonstrating their focus on acquiring sensitive information. So this is likely a nation state actor group

trying to get a foothold in the U. S. economy by hacking. grabbing as much sensitive data as they can, or

poking around in the networks of our critical infrastructure, possibly to craft an attack down the line. Maybe they don’t have anything planned at this time, but it is in our enemy’s best interest to have these footholds in our networks, and maybe once they get enough footholds they might launch a nationwide attack.

or something along those lines. So recently the U S government has realized they can’t do everything on their own. They need the help of these critical infrastructure, IT departments, and have been doing their part to provide guidance in securing these networks. So if you’re listening and you work in IT and a critical infrastructure, check out all the guidance has come out of the white house and maybe even reach out to the white house or the FBI for help because they have a vested interest in your security.

[00:06:28] The Threat to Python Developers: Supply Chain Attacks

And finally, sophisticated hackers compromised GitHub accounts, including a high profile incident involving top. gg, using stolen browser cookies to push malicious code into repositories. targeting data theft. So top. gg is a platform that serves as a search and discovery directory for discord servers, bots, and other related tools.

It offers a comprehensive database where users can find and add bots to their discord servers to enhance functionality. automate tasks, or integrate new features. So if you’ve ever run a Discord server or have been on Discord, you’ve probably interacted with top. gg. Well, they’re the subject of this attack.

The attackers orchestrated a supply chain attack by creating a fake Python package mirror, tricking developers into downloading trojanized versions of popular packages like Colorama. So this specifically applies to Python developers, which I am one, I’ve developed multiple bots using Python. Check to see what packages you’ve downloaded recently and see if they’re the actual packages.

It’s so easy to install these packages. It’s just like a couple words in your command line, pip install. package name. If you have a typo, or if you Google search for the package, or find some documentation for the wrong package, this would be a very easy mistake. And maybe it even contains the same functionality that the actual package contains. just

injects some sort of malware into your system or into your discord server or into the bot that other people are integrating into their discord server.

So let’s, let’s go double check those.

The malware deployed through this campaign is multifaceted, capable of stealing a wide array of data including browser cookies, crypto wallet info, and social media tokens, with persistent mechanisms via Windows Registry modifications..

I don’t think I’ve ever realized this before at how easy it would be for me to make a typo in my Python package. Cause there’s no real checks when you’re doing these installations. So this supply chain attack really calls for added vigilance. in the Python package download process, I think. There’s a lot of room for improvements.

[00:08:46] Closing Thoughts and Social Media Engagement

And that’s all we’ve got for you today. Thanks so much for tuning in. We’d love to hear your thoughts on Instagram or Twitter. You can find us at TheDailyDecrypt or DailyDecryptPod if you search for it. Hopefully we’re coming up on the top search results for the name DailyDecrypt.

There was a Cryptopod in 2016 with the same name. So you might get some of that. That’s not us. We’ve been posting content on YouTube and Instagram almost daily. So give us a shout, give us a follow, and we’d love to hear your thoughts.

And again, thanks so much for listening. And we will talk to you some more tomorrow