Welcome to Memetic Warfare.

We’ll start this week with a quick tip of the hat to Singapore, which recently published a landmark advisory on Chinese hacking activity targeting its telecom infra.

As per the advisory, Singapore kept to the same attribution of the Chinese APT as it did last time, referring to it by its Mandiant name and not explicitly naming China.

Also, we see that all four of Singapore’s major telecom firms were popped, and that they named the defensive operation Cyber Guardian, which is a bit lacking I must admit.

I can only imagine what sort of IO or StratCom response China may launch, but I’ll keep an eye on the CVERC to see if there’s any reference.

From there, I’ll shout out some other interesting publications that you should check out.

The first is CheckFirst’s look at Russian IO units, available here. If you’re interested in this type of stuff, relying mainly on unit insignias and logos, check it out to read more about the GRU and its various IO units:

We even get some really cool stuff such as geolocation of units:

Really great work here showing how looking at auction sites and tags and insignias can uncover some very interesting stuff:

Orange Cyber Defense has put out a solid primer on hacktivist activity online, available here. Give it a read, but I want to point out one section - hacktivism is mainly useful as “cognitive warfare” than anything else:

We’ll conclude with a guide from Censys. Censys has also put out some great work showing how to track bulletproof RDP instances, check it out here because it’s useful and educational. We don’t often get such useful guides, so check it out.