Zelenskiy's media machine produces another piece - When photos emerged of one of his ceramic cockerels surviving the bombardment of Borodianka, it was adopted as a reflection of Ukrainian resilience, quickly becoming a meme online.
The photo that sparked the cockerel’s adoption as a symbol showed a high-rise building that had partially collapsed under intense shelling. (An exposed kitchen cabinet survived intact, the cockerel somehow still standing atop it among the destruction.)
Ceramic cockerels surprise Boris Johnson and Volodymyr Zelenskiy on Kyiv walk
Johnson and Zelenskiy walk through Kyiv – video
Mostafa RRichman
Sat 9 Apr 2022 23.05 EDTLast modified on Sun 10 Apr 2022 00.53 EDT
". . .When a single ceramic cockerel, sitting atop a kitchen cabinet, survived a bombardment of Borodianka, it became a symbol of Ukrainian resistance. So when Boris Johnson and Volodymyr Zelenskiy were given one each as a gift as they walked through Kyiv, it carried an added significance.
— MFA of Ukraine πΊπ¦ (@MFA_Ukraine) April 9, 2022
When photos emerged of one of his ceramic cockerels surviving the bombardment of Borodianka, it was adopted as a reflection of Ukrainian resilience, quickly becoming a meme online.
As both leaders strolled through the eerily empty streets of the Ukrainian capital, surrounded by armed soldiers, a woman approached and gave them the two ceramic jugs in the shape of the cockerel. . .
Johnson was in Kyiv on an unannounced visit, holding meetings with the Ukrainian president to set out a new package of financial and military aid.
The visit came a day after Johnson announced a further £100m worth of UK military assistance for Ukrainian forces, including anti-tank and anti-aircraft weaponry.
Introduction: Scott Ritter is a former US Marine Corps intelligence officer and author of 'SCORPION KING: America's Suicidal Embrace of Nuclear Weapons from FDR to Trump.'
He served in the Soviet Union as an inspector implementing the INF Treaty, served in General Schwarzkopf's staff during the Gulf War, and from 1991 to 1998 served as a chief weapons inspector with the UN in Iraq.
Mr Ritter currently writes on issues pertaining to international security, military affairs, Russia, and the Middle East, as well as arms control and nonproliferation.
"The US intelligence community has long claimed that integrity in the search for truth was its core value. In March 1992, Robert Gates, who at that time was serving as director of Central Intelligence, addressed the CIA’s analytical community on the issue of politicized intelligence.
“Bourne Cockran [note: an Irish-American politician known for his oratory skills who mentored Winston Churchill],” Gates noted, “wrote to Winston Churchill in 1895 that, ‘What the people really want to hear is the truth – it is the exciting thing – speak the simple truth. Twenty years later, Churchill himself wrote, ‘The truth is incontrovertible; panic may resent it; ignorance may deride it; malice may destroy it, but there it is.’ Truth, insofar as we can determine it, is what our [i.e., the CIA’s] work is all about.”
Moreover, Gates pointed out, “because seeking truth is what we [the CIA] are all about as an institution, as professionals, and as individuals, the possibility – even the perception – that that quest may be tainted deeply troubles us, as it long has and as it should.”
The “taint” Gates was speaking of was the politicization of intelligence. When defining this taint, Gates noted that “it involves deliberately distorting analysis or judgments to favor a preferred line of thinking irrespective of evidence.”
The recent acknowledgement to NBC News by unnamed sources that the US government was declassifying intelligence to share with allies and the public to pre-empt and disrupt Russian planning, “undermine Moscow’s propaganda and prevent Russia from defining how the war is perceived in the world,” on the surface appears to avoid the pitfalls of politicization laid out by Gates 30 years ago. After all, according to these unnamed officials, this process of public disclosure was “underpinned by a rigorous review process by the National Security Council and the Intelligence Community to validate the quality of the information and protect sources and methods.” They added that “we only approve the release of intelligence if we are confident those two requirements are met.”
Not so fast.
According to the same NBC News report: “Multiple US officials acknowledged that the US has used information as a weapon even when confidence in the accuracy of the information wasn’t high. Sometimes,” the report noted, “it has used low-confidence intelligence.” The purpose for using intelligence which, to quote NBC News, “wasn’t rock solid”, was to deter Russian actions by keeping Russian President Vladimir Putin “off balance.”
So much for the intelligence community’s commitment to the “incontrovertible truth.”
It is well known that Ukraine maintains an expansive and capable information warfare capability. Units such as the Ukrainian Intelligence Service’s 72nd Center for Information and Psychological Operations (PSO) have been carrying out a sophisticated propaganda campaign designed to enhance the perception of Ukrainian strength and resolve while denigrating the Russian special military operation underway in Ukraine. Indeed, the 72nd PSO was considered by Russia to be such a threat that the Russian military singled out its headquarters for destruction early on in the conflict.
Moreover, it has been reported that, in the aftermath of the February 2014 “Maidan Revolution” in Ukraine, the US intelligence community has initiated and maintained in-depth contacts with their Ukrainian intelligence and security counterparts, a relationship which has only expanded in scope and scale over the course of the preceding eight years. Logic dictates that information operations targeting Russia would be an area of joint interest, and that the US would be assisting Ukraine in this effort following the initiation of the current Russian-Ukrainian conflict on February 24, 2022.
Providing declassified intelligence to Ukraine for it to be repackaged and disseminated as anti-Russian propaganda is very much a legitimate use of intelligence information. Moreover, under certain conditions relating to covert political action, US intelligence organizations may use manufactured information to help breathe life and credibility into a false narrative designed to undermine the operations of a designated enemy. Under such conditions, however, the information must not be able to be sourced back to the US and, most importantly, this information should not be disseminated in a manner which would misinform US policymakers.
The admission on the part of unnamed US national security officials, however, that the US is releasing sub-standard (i.e., potentially false and misleading) intelligence for the purpose of shaping a public narrative designed to be absorbed and believed by civilian consumers at home and abroad, thereby creating genuine political pressure on the Russian leadership, is a massive deviation from the normal precepts of covert information warfare. In fact, it is the perfect example of the deliberate distortion of analysis or judgments to achieve an objective irrespective of evidence that Robert Gates warned about in 1992.
“The absolute integrity of our analysis,” Gates said, “is the most important of the core values of the Central Intelligence Agency. Policymakers, the Congress, and the American people must know that our views – right or wrong – represent our best and most objective possible effort to describe the threats and opportunities facing the United States. They must know our assessments are the product of the highest quality and the most honest intelligence analysis available anywhere in the world.”
Not anymore.
Gates had quoted Churchill in his defense of the truth. Churchill had gone on to famously state that “in wartime, truth is so precious that she should always be attended by a bodyguard of lies.” By this statement, Churchill was underscoring the fact that truth is such a precious commodity that it must be guarded by deception and subterfuge to ensure it didn’t fall into enemy hands.
The US intelligence community has, today, perverted that logic, eliminating any notion of actual truth while elevating the “bodyguard of lies” to mimic truth, not for the purpose of defending it, but rather to promulgate the lie itself.
The US intelligence community has been walking on thin ice since its use of politicized intelligence to manufacture a case for war against Iraq in 2003. Now, the revelations that the US intelligence community is releasing sub-standard intelligence, knowing that it might be false and misleading, to shape US and global public opinion against Russia, should drive a stake through the heart of US credibility – or at the very least make the American public, and the world community, ask themselves whether they can ever again take US intelligence assertions at face value."
A hacking group used the Conti's leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations.
While it is common to hear of ransomware attacks targeting companies and encrypting data, we rarely hear about Russian organizations getting attacked similarly.
This lack of attacks is due to the general belief by Russian hackers that if they do not attack Russian interests, then the country's law enforcement would turn a blind eye toward attacks on other countries.
However, the tables have now turned, with a hacking group known as NB65 now targeting Russian organizations with ransomware attacks.
Ransomware targets Russia
For the past month, a hacking group known as NB65 has been breaching Russian entities, stealing their data, and leaking it online, warning that the attacks are due to Russia's invasion of Ukraine.
The attack on VGTRK was particularly significant as it led to the alleged theft of 786.2 GB of data, including 900,000 emails and 4,000 files, which were published on the DDoS Secrets website.
More recently, the NB65 hackers have turned to a new tactic — targeting Russian organizations with ransomware attacks since the end of March.
What makes this more interesting, is that the hacking group created their ransomware using the leaked source code for the Conti Ransomware operation, which are Russian threat actors who prohibit their members from attacking entities in Russia.
BleepingComputer first learned of NB65's attacks by threat analyst Tom Malka, but we could not find a ransomware sample, and the hacking group was not willing to share it.
However, this changed yesterday when a sample of the NB65's modified Conti ransomware executable was uploaded to VirusTotal, allowing us to get a glimpse of how it works.
Almost all antivirus vendors detect this sample on VirusTotal as Conti, and Intezer Analyze also determined it uses 66% of the same code as the usual Conti ransomware samples.
BleepingComputer gave NB65's ransomware a run, and when encrypting files, it will append the .NB65 extension to the encrypted file's names.
Files encrypted by NB65's ransomware Source: BleepingComputer
The ransomware will also create ransom notes named R3ADM3.txt throughout the encrypted device, with the threat actors blaming the cyberattack on President Vladimir Putin for invading Ukraine.
"We're watching very closely. Your President should not have commited war crimes. If you're searching for someone to blame for your current situation look no further than Vladimir Putin," reads the NB65 ransomware note displayed below.
Ransom note for NB65 ransomwareSource: BleepingComputer
A representative for the NB65 hacking group told BleepingComputer that they based their encryptor on the first Conti source code leak but modified it for each victim so that existing decryptors would not work.
"It's been modified in a way that all versions of Conti's decryptor won't work. Each deployment generates a randomized key based off of a couple variables that we change for each target," NB65 told BleepingComputer.
"There's really no way to decrypt without making contact with us."
At this time, NB65 has not received any communications from their victims and told us that they were not expecting any.
As for NB65's reasons for attacking Russian organizations, we will let them speak for themselves.
"After Bucha we elected to target certain companies, that may be civilian owned, but still would have an impact on Russias ability to operate normally. The Russian popular support for Putin's war crimes is overwhelming. From the very beginning we made it clear. We're supporting Ukraine. We will honor our word. When Russia ceases all hostilities in Ukraine and ends this ridiculous war NB65 will stop attacking Russian internet facing assets and companies.
Until then, fuck em.
We will not be hitting any targets outside of Russia. Groups like Conti and Sandworm, along with other Russian APTs have been hitting the west for years with ransomware, supply chain hits (Solarwinds or defense contractors)... We figured it was time for them to deal with that themselves."
"A new Android banking malware named Octo has appeared in the wild, featuring remote access capabilities that allow malicious operators to perform on-device fraud.
The new variant has been discovered by researchers at ThreatFabric, who observed several users looking to purchase it on darknet forums.
On-device fraud capabilities
Octo's significant new feature compared to ExoCompact is an advanced remote access module that enables the threat actors to perform on-device fraud (ODF) by remotely controlling the compromised Android device.
The remote access is provided through a live screen streaming module (updated every second) through Android's MediaProjection and remote actions through the Accessibility Service.
Octo uses a black screen overlay to hide the victim's remote operations, sets screen brightness to zero, and disables all notifications by activating the "no interruption" mode.
By making the device appear to be turned off, the malware can perform various tasks without the victim knowing. These tasks include screen taps, gestures, text writing, clipboard modification, data pasting, and scrolling up and down.
On-Device Fraud allows complete takeover of the compromised device Source: ThreatFabric
Apart from the remote access system, Octo also features a powerful keylogger that can monitor and capture all victims' actions on infected Android devices.
This includes entered PINs, opened websites, clicks and elements clicked, focus-changing events, and text-changing events.
Finally, Octo supports an extensive list of commands, with the most important being:
Block push notifications from specified applications
Enable SMS interception
Disable sound and temporarily lock the device's screen
Launch a specified application
Start/stop remote access session
Update list of C2s
Open specified URL
Send SMS with specified text to a specified phone number
Campaigns and attribution
Octo is sold on forums, such as the Russian-speaking XSS hacking forum, by a threat actor using the alias "Architect" or "goodluck."
Of particular note, while most posts on XSS are in Russian, almost all posts between Octo and potential subscribers have been written in English.
Due to the extensive similarities with ExoCompact, including Google Play publication success, Google Protect disabling function, and the reverse engineering protection system, ThreatFabric believes there's a good chance that 'Architect' is either the same author or a new owner of ExoCompact's source code. . .
A dangerous new breed
Trojans featuring remote access modules are becoming more common, rendering robust account protection steps such as two-factor codes obsolete as the threat actor completely controls the device and its logged-in accounts.
Anything the user sees on their device's screen becomes within the access of these malware variants, so after infection, no information is safe, and no protection measure is effective.
That said, users need to remain vigilant, keep the number of apps installed on their smartphones at a minimum, and regularly check to ensure Play Protect is enabled.
The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks.
A new traffic direction system (TDS) called Parrot is relying on servers that host 16,500 websites of universities, local governments, adult content platforms, and personal blogs.
Parrot's use is for malicious campaigns to redirect potential victims matching a specific profile (location, language, operating system, browser) to online resources such as phishing and malware-dropping sites.
Threat actors running malicious campaigns buy TDS services to filter incoming traffic and send it to a final destination serving malicious content.
TDS are also legitimately used by advertisers and marketers, and some of these services were exploited in the past to facilitate malspam campaigns.
Used for RAT distribution
Parrot TDS was discovered by threat analysts at Avast, who report that it’s currently used for a campaign called FakeUpdate, which delivers remote access trojans (RATs) via fake browser update notices.
Site displaying the fake browser update warning(Avast)
The campaign appears to have started in February 2022 but signs of Parrot activity have been traced as far back as October 2021.
“One of the main things that distinguishes Parrot TDS from other TDS is how widespread it is and how many potential victims it has,” comments Avast in the report
“The compromised websites we found appear to have nothing in common apart from servers hosting poorly secured CMS sites, like WordPress sites.”
Malicious JavaScript code seen in compromised sites(Avast)
Threat actors have planted a malicious web shell on compromised servers and copied it to various locations under similar names that follow a “parroting” pattern.
Moreover, the adversaries use a PHP backdoor script that extracts client information and forwards requests to the Parrot TDS command and control (C2) server.
In some cases, the operators use a shortcut without the PHP script, sending the request directly to the Parrot infrastructure.
Parrot's direct and proxied forwarding(Avast)
Avast says that in March 2022 alone its services protected more than 600,000 of its clients from visiting these infected sites, indicating the massive scale of the Parrot redirection gateway.
Most of the users targeted by these malicious redirections were in Brazil, India, the United States, Singapore, and Indonesia.
Parrot's redirection attempts heatmap(Avast)
As Avast details in the report, the particular campaign’s user profile and filtering are so fine-tuned that the malicious actors can target a specific person from thousands of redirected users.
This is achieved by sending that target to unique payload-dropping URLs based on extensive hardware, software, and network profiling.
The payload dropped on the targets' systems is the NetSupport Client RAT set to run in silent mode, which provides direct access to the compromised machines. . .
Phishing Microsoft credentials
While the RAT campaign is currently the main operation served by the Parrot TDS, Avast analysts have also noticed several infected servers hosting phishing sites.
Those landing pages resemble a legitimate-looking Microsoft login page asking visitors to enter their account credentials.
One of the phishing sites served by the Parrot TDS(Avast)
For users who browse the web, having an up-to-date internet security solution running at all times is the best way to deal with malicious redirections.
For admins of potentially compromised web servers, Avast recommends the following actions:
Scan all files on the webserver with an antivirus.
Replace all JavaScript and PHP files on the webserver with original ones.
Use the latest CMS version and plugins versions.
Check for automatically running tasks on the web server like cron jobs.
Always use unique and strong credentials for every service and all accounts, and add 2FA where possible.
Use some of the available security plugins for WordPress and Joomla
GM hopes to crush, under a brawny Hummer wheel, the notion that green cars must look like a Prius. “We want to turn EV skeptics into EV believers,” said Mikhael Farah, a GM spokesperson. This Hummer has even been endorsed as a climate boon by the White House – in November, Joe Biden screeched around GM’s Detroit plant in a Hummer EV. “This sucker is something else!” the president, a self-confessed “car guy”, exclaimed.
I test-drove the all-electric Hummer. Can it win over America’s EV skeptics?
(The new electric Hummer aims to retain its outlandishly masculine aesthetic while shedding its former gargantuan fuel consumption. Photograph: Oliver Milman)
A climate-friendly version of the macho, gas-guzzling pickup is aimed at obdurate devotees of US’s supersized car culture
It is the weight of an elephant, can move like a crab and in a previous life was reviled by environmentalists. The Hummer, that avatar of gas-guzzling machismo, has returned as an electric vehicle with an unlikely billing as an ally in the effort to avert the worsening climate crisis.
The reincarnation of the hulking pickup truck, test-driven by the Guardian in the searing heat of Arizona, has been lauded by manufacturer General Motors (GM) as proof that electric vehicles (EVs) can now reach even middle America’s most obdurate devotees of supersized car culture.
. . .The electric resurrection of the Hummer, first announced in 2020, has produced a vehicle that does not emit the carbon pollution that overheats the planet nor many of the other toxins that routinely kill thousands of Americans, and millions worldwide, who inhale befouled air.
But in many ways it still pushes the boundaries of absurdity. The vehicle weighs more than 4.5 tons, a bulk closer to that of a small bulldozer than the sort of cars typically seen on American streets a decade or so ago. The huge Ultium battery that powers the vehicle is nearly 3,000lb, about the same as two grand pianos. The wheels look like they could traverse Mars. . .
Inside, the Hummer EV is more comfortable than the original and features designs of the moon’s topography – a nod to GM’s role in creating a lunar-roving buggy, which of course was electric – but it maintains a certain butch aesthetic. This points to the Hummer’s broader significance – a demonstration that electric vehicles can now provide the sheer power, size and sensibilities that US buyers cherish, even if they still command only a small fraction of sales.
“What we wanted to do is get a truck buyer who would never buy an EV in his life, or never even think about it,” said Brian Malczewski, a chief exterior designer of the new Hummer.
. . .GM is not alone in attempting this. Ford has announced an electric version of its F-150 truck, which has been the best-selling vehicle in America since Ronald Reagan was president, Tesla has its much-hyped Cybertruck and newcomers such as Rivian have garnered plenty of attention. At a different end of the market, you will even be able to get an electric Maserati this year, even if the price, like many EVs, is eye-watering.
Tesla’s CEO, Elon Musk, unveils the Cybertruck in 2019, another pitch for a similar market to that targeted by the new Hummer. Photograph: Sipa US/Alamy
“” said Chris Gearhart, director of NREL’s Center for Integrated Mobility Sciences. “The torque profile of an electric motor will give these vehicles a lot of towing power, and the potential for using some of the electrical power in the batteries to directly power worksites and provide backup power could make these vehicles incredibly useful.”
While EV options are expanding, it’s still unclear whether production levels, and sales, will ramp up with the urgency of the climate crisis. GM has vowed to sell 1m EVs in 2025 before going all-electric a decade later but delivered only 26 electric cars to customers in the final quarter of last year. Toyota wants to sell 3.5m EVs annually by 2030 but currently has none for sale in the US. Public charging infrastructure, meanwhile, remains spotty across the US and Biden’s attempt to fund 500,000 new chargers has yet to be fulfilled by Congress.
Phasing out gasoline cars by 2035, which the US must do if it is reach net zero emissions by 2050 and help avoid climate catastrophe, remains a steep challenge but several experts say replacing them with similar electric alternatives will be the quickest, and most pragmatic, way of slashing emissions from car-dominated American life.
“EVs are by far the best and most economic way to reduce greenhouse gases in transportation,” said Sperling. He added that better public transport, cycle paths and denser housing would be beneficial too but these actions are “far less important for reducing greenhouse gases, at lease in the US and other affluent car-centric countries. . ."
“The Hummer scares me – it’s massive and not compatible with life in cities,” Miller said, adding that SUVs also can be dangerous. “These large vehicles use up a lot of space and are expensive. I’m disappointed that Biden is championing them and not other forms of mobility, such as walking and biking infrastructure. Cars should fill in the niches for some people, not be the default.
“I’m not against EVs – they are the future, but you’ve got to support buses, walking and cycling too or it’s like rearranging the deckchairs on the Titanic. People need options. Unfortunately, car culture is so ingrained that even painting a bike path can get a huge amount of pushback.”
In total, Forbes estimates that Woods has earned $1.7 billion before taxes and agents’ fees during his 26-year career. He has earned more prize money—$121 million—than any other professional golfer in history, but tournament winnings account for less than 10% of his overall take. The bulk of it comes from endorsement deals with brands like Nike, TaylorMade and Monster Energy. Woods also has a golf course design business, a TV deal with Discovery's GolfTV streaming service and a recently delayed memoir coming from HarperCollins.
Inside Tiger Woods’ $1.7 Billion Career
Matt Craig assistant editor covering Sports Money and Games.
The improbable return of golf’s greatest to Augusta is just the latest triumph in a 26-year professional journey that once made him the world’s highest-earning athlete for a decade running.
"A rare isotope of helium, bubbling up along mid-ocean ridges, is proving to be a vital clue to our planet’s origins.
Just 2kg of helium-3 – enough to fill a balloon the size of your desk – leaks out of the Earth each year. Very little of this rare isotope is produced on the Earth’s surface today, and most of it dates to the big bang, where it would have been incorporated into planets as they grew out of the dust and debris spinning around the early sun.
Peter Olsen and Zachary Sharp, both from the University of New Mexico in Albuquerque, used the modern helium-3 leak rate to estimate how much of it might still be sitting inside the Earth’s core today. Their results, published in Geochemistry, Geophysics, Geosystems, indicate the core still contains a vast reservoir of helium-3 (up to a petagram – 1015grams).
According to Olsen and Sharp, the most likely way for our planet to acquire such high quantities of the gas within its interior is for Earth to have formed deep within an active solar nebula – not on its fringes or in a waning nebula.
Finding other nebula-created gases, such as hydrogen, leaking at similar rates and from similar locations will help to strengthen the evidence."
0
.jpg)
