EclecticIQ

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

ChatGPT Vulnerability; LockBit Cyberattack On ICBC; US Water Authority Hacked

This issue of the Analyst Prompt addresses a ChatGPT vulnerability, a major cyberattack by LockBit against ICBC, an Iranian sponsored cyberattack against a US water authority, a new P2PInfect variant targeting MIPS devices, a Nation State actor targeting organizations in the Middle East, Africa, and the United States.

Ippolito Forni December 7, 2023

tap 23 - 2023

How Researchers Managed to Extract Sensitive Data from ChatGPT   

A recent paper demonstrated the ability to extract several megabytes of ChatGPT's training data for a relatively low financial cost, challenging the notion that aligned production models like ChatGPT are secure against data extraction. This breakthrough highlights significant vulnerabilities in similar models. The cyberattack method involved a simple prompt that caused the model to emit personal data and verbatim copies of its training dataset. The paper underscores the importance of comprehensive testing and red-teaming of language models, not just aligned models, to identify and address underlying vulnerabilities. It also differentiates between patching specific exploits and fixing inherent system vulnerabilities, emphasizing the need for a deeper understanding of these issues. The findings were responsibly disclosed to OpenAI following standard protocols, underscoring the ethical considerations in such research. This study raises critical concerns about data privacy and security in machine learning systems, calling for more rigorous analysis and safeguards. [1]  

LockBit Ransomware Exploits Citrix Vulnerabilities in Major cyberattack on ICBC's U.S. Operations          

The LockBit ransomware group launched a significant cyberattack on November 8th against the U.S. subsidiary of the Industrial & Commercial Bank of China Ltd (ICBC), the world's largest lender by assets, disrupting U.S. Treasury trading operations. This cyberattack exploited specific vulnerabilities in the Citrix NetScaler product suite, namely CVE-2023-4966, an information disclosure vulnerability, and CVE-2023-4967, a denial-of-service vulnerability. It severely impacted ICBC Financial Services (ICBC FS) and reverberated through the $26 trillion U.S. Treasury market. The breach hindered bank employees' access to corporate emails and the Depository Trust and Clearing Corporation, affecting critical U.S. Treasury trades and repurchase agreement transactions. In response, ICBC FS had to manually settle trades and inject $9 billion to cover unsettled trades. This cyberattack coincided with a poorly performing 30-year Treasury bond auction and led to a substantial increase in U.S. Treasury repo fails. [2]

Iranian-Backed Cyber Group Targets Municipal Water Authority of Aliquippa 

The Municipal Water Authority of Aliquippa in Pennsylvania reported that one of their auxiliary booster stations was hacked by an Iranian-backed cyber group called Cyber Av3ngers. The chairman of the board, Matthew Mottes, confirmed the incident, which triggered an immediate alarm. The targeted station, crucial for monitoring and regulating water pressure in Raccoon and Potter Townships, uses a system called Unitronics, partly Israeli-owned. Mottes assured that there was no known risk to the drinking water or water supply. The system has been disabled, and the Pennsylvania State Police have initiated a criminal investigation. Congressman Chris Deluzio is closely monitoring the situation. Cyber Av3ngers has claimed responsibility for several global cyberattacks, including 10 water treatment stations in Israel as of October 30, 2023. [3]    

Cross-Platform Botnet P2Pinfect Expands Reach to MIPS Devices 

Cado Security Labs identified a new variant of the P2Pinfect malware, specifically designed for MIPS (Microprocessor without Interlocked Pipelined Stages) architecture, signaling an escalated focus on compromising routers, IoT, and other embedded devices. This variant, notable for its advanced evasion techniques like VM detection, debugger detection, and anti-forensics on Linux is part of a growing cross-platform botnet. Initially exploiting Redis servers, including leveraging CVE-2022-0543, the malware now targets 32-bit MIPS processors to potentially infiltrate routers and IoT devices through brute-forcing SSH access. The sophistication of this malware, evident in its use of Rust for cross-platform functionality and complex evasion methods, points to the involvement of an advanced threat actor. The rapid expansion of this botnet and the developers' dedication to improving evasive tactics are a challenge for cybersecurity detection. [4]    

Unit 42 Exposes Advanced Malware Campaign Across Three Continents 

Unit 42 researchers recently identified a series of sophisticated cyberattacks targeting a variety of organizations across the Middle East, Africa, and the United States. These cyberattacks are characterized by the deployment of a newly identified set of malicious tools, which includes the Agent Raccoon and Ntospy malware, as well as a new customized iteration of the well-known Mimikatz tool, referred to as “Mimilite”. These advanced tools are being strategically utilized by cyberattackers to establish covert backdoors, execute command and control (C2) operations, steal sensitive user credentials, and exfiltrate confidential data from targeted organizations. The nature of these cyberattacks, along with the complexity of the custom tools involved, leads researchers to believe with medium confidence that these activities are likely linked to sophisticated nation-state actors. The wide range of industries impacted by these incidents includes educational institutions, real estate companies, retail businesses, non-profit organizations, telecom companies, and various government sectors. The findings from Unit 42 highlight a methodical approach, using temporary directories to deploy key components of their toolset and executing scripts to meticulously clean up traces post-attack. [5] 

Structured Data

Find the Analyst Prompt and earlier editions in our public TAXII collection for easy use in your security stack: https://cti.eclecticiq.com/taxii/discovery.

Please refer to our support page for guidance on how to access the feeds.

About EclecticIQ Intelligence and Research

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Intelligence and Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com or fill in the EclecticIQ Audience Interest Survey to drive our research toward your priority area.

You might also be interested in:

Sandworm Targets Ukraine's Critical Infrastructure; Overlooked AI Privacy Challenges

Navigating Cyber Challenges: Biden's AI Executive Order, Ransomware Attack on German Municipalities

Cisco IOS XE Web UI Privilege Escalation Vulnerability; Sandworm Targets Ukrainian Telecom

Appendix

[1] “Extracting Training Data from ChatGPT.” Accessed: Dec. 05, 2023. [Online]. Available: https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html 

[2] “Resecurity | ICBC Ransomware Attack cyberattack Strikes at the Heart of the Global Financial Order - LockBit on a Roll.” Accessed: Dec. 05, 2023. [Online]. Available: https://www.resecurity.com/blog/article/icbc-ransomware-attack-strikes-at-the-heart-of-the-global-financial-order-lockbit-on-a-roll 

[3] “Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group - CBS Pittsburgh.” Accessed: Dec. 05, 2023. [Online]. Available: https://www.cbsnews.com/pittsburgh/news/municipal-water-authority-of-aliquippa-hacked-iranian-backed-cyber-group/ 

[4] “P2Pinfect - New Variant Targets MIPS Devices,” Cado Security | Cloud Forensics & Incident Response. Accessed: Dec. 05, 2023. [Online]. Available: https://www.cadosecurity.com/p2pinfect-new-variant-targets-mips-devices/ 

[5] C. Garcia, “New Tool Set Found Used Against Organizations in the Middle East, Africa and the US,” Unit 42. Accessed: Dec. 05, 2023. [Online]. Available: https://unit42.paloaltonetworks.com/new-toolset-targets-middle-east-africa-usa/ 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2024 EclecticIQ B.V.
EclecticIQ. Intelligence, Automation, Collaboration.
Get demo