Data Center Digest
Posts
Who wants to Cyber? Illegal malware, spear phishing and more

Who wants to Cyber? Illegal malware, spear phishing and more

also DTC or immersion, who's got cooler chips?

TDR
March 31, 2023

Morning, this is the Cold Isle. Infrastructure/investment, IT and communications are right now converging in the form of data centers. That’s what this newsletter is about.

What we have here:

Wanna Cyber?: Illegal malware and spear phishing and more
GPT4 Prompts so good we forget about our coming annihilation
Sydney vs Bard face-off: Who comes out on top?
LinkCity
Daily Dall-E 🎨

Come get smarter about data centers…

Good old-fashioned, illegal cyber sects…

A number of articles have come out this week detailing the unmasking of a major cybercrime gang linked to the North Korean regime. Security firm Mandiant says APT43 is a spear-phishing outfit that’s been stealing and laundering crypto prolifically over the past 5 years.

You should read Mandiant’s full breakdown HERE.

This morning we’re looking at a few other notorious international cyber gangs - who they are and how they operate.

EvilCorp (Winner of ‘best name’)

These guys are a loosely affiliated international cybercrime organization based out of Russia. (You will find that to be a common theme).
EvilCorp is responsible for many of the most powerful pieces of ransomware and malware on the internet, one of which is the infamous Dridex that’s been beguiling banks and businesses for over a decade.

All in all they’ve stolen over $100 million since 2009. And despite the notoriety, the leaders are literally flexing their supercars on Instagram as I type.

@FBI@NCSC@TheJusticeDept Members of Evil Corp are living a lavish lifestyle, funded by the life savings of their victims.
If Maksim Yakubets, who used the online identity of ‘Aqua’, ever leaves the safety of Russia he will be arrested and extradited to the US.
— National Crime Agency (NCA) (@NCA_UK)
5:41 PM • Dec 5, 2019

Fin7

These gentlemen are heavily invested in credit card information and they get it through compromised point-of-sale tools and e-commerce sites.
They usually sell this private info to a third party, but they’re not above threatening their victims for payment if need be.

Also based in Russia, Fin7 targets almost exclusively American retail operations and they’ve been a major threat since at least 2015.

This group has hit Saks 5th, Red Robin’s, Chili’s, Omni Hotels, and a ton of other major companies.
In 2020 they breached a company’s servers by mailing a package to an employee with a fake Bestbuy gift card and a flash drive. Instructing the employee to plug in the flash drive to access the gift card.

Needless to say, the group does not have a LinkedIn page.

Lapsu$

The new guys in town. This group isn’t as organized as others, but they’ve got some big names under their belts.
Lapsu$ has extorted both Samsung and Nvidia using hacked confidential files.

Most recently they breached Microsoft which landed at least 7 of the leaders in prison. However, be they never deterred, the group is still active.

—

There are a bunch of good lists on cybergangs if you want to go down the rabbit hole. HERE’S ONE

If you’re interested in how these cyber syndicates intersect with the very real infrastructure of our data world check these out:

DataCenterDynamics delves into what it looks like to take down one of these gangs, HERE.
DataCenterKnowledge explores the tangible, physical infrastructure of cyber security, and the challenges therein, HERE.
This cybersecurity report by DHS is… exhaustive.

Small Bites

GPT4 is so good it’s legitimately scary. (If you’re not scared, listen to this) And if you’ve used it enough, you realize pretty quickly that it’s only limited by your ability to prompt it.
There are a bunch of good ChatGPT prompt guides, and this one I saw on LinkedIn is one of them. Pretty useful for being a free post on Linkedin.
Seems like a big deal? Amazon launches “Sidewalk”, its long-range, low-bandwidth network. At launch, it covers 90% of the United States and Amazon says this is what’s going to connect the next billion devices. Right now it’s open only for developers to play around with, but when it goes online potentially billions more devices will have internet access.

Sidewalk coverage map. Source: Amazon.com

“Reporting requirements should be tied to the prospective harm done to consumers.” That’s what telecom industry groups are telling the FCC in response to their new reporting requirements. The industry is saying these requirements are too strenuous and warned that too broad a definition could lead to consumers being inundated with breach notices.
The FCC has a good argument as well, and if you want to know about it, you can do that here.

LinkCity

👷 Primer on data center safety (not a sponsor, just a good blog post.) ServerLift

🕴 Our executive branch (US) is seeking more control of commercial foreign spyware CSOonline

😎 Direct to chip vs immersion, who’s cooler? DataCenterDynamics

🤷 What are UPS Batteries? (the answer may surprise you!) Vertiv

More stuff

And more

Daily Dall-E 🎨

Last night I dreamt I was the first ever conscious thought inside an AI’s brain. Here’s a painting I did of it:

That’s it. I hope this was helpful. Shoot me an email and tell me what works and what doesn’t. Thanks.