Tag Archives: Russia

image_pdfimage_print

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

Digital world map showing cyberattack paths with Midnight Blizzard, Microsoft, HPE logos, email symbols, and password spray illustrations.

Discover Russian Tactics by Midnight Blizzard

Midnight Blizzard, supported by Russian strategy, targeted Microsoft and HPE, orchestrating sophisticated cyberattacks. We delve into the facts, consequences, and effective protective measures such as PassCypher and DataShielder to combat this type of espionage.

2024 Digital Security

Europol Data Breach: A Detailed Analysis

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

Stay informed in our posts dedicated to Digital Security to follow its evolution thanks to our regularly updated topics

Explore our digital security feature on the Midnight Blizzard cyberattack against Microsoft and HPE by Jacques Gascuel. Stay updated and secure with our insights.

Updated March 20, 2024

Midnight Blizzard Cyberattack against Microsoft and HPE: A detailed analysis of the facts, the impacts and the lessons to learn

In 2023 and 2024, two IT giants, Microsoft and Hewlett Packard Enterprise (HPE), which has been using Microsoft 365 as its cloud messaging platform since 2017), fell victim to cyberattacks carried out by a hacker group linked to the Russian government. These attacks allowed hackers to gain access to the internal systems, source code, and sensitive data of companies and their customers. What are the facts, consequences and lessons to be learned from these incidents?

Update: Microsoft 365 Cyberattack Intensifies

Initial Underestimation: Researchers reveal the cyberattack on Microsoft 365 is far more severe than first anticipated.
APT Exploits Data: The APT group, orchestrating the attack, has leveraged exfiltrated data to delve deeper into Microsoft’s network.
Security Experts Raise Concerns: Security professionals express concerns over disjointed defense teams. They fear unidentified vulnerabilities may persist.
Microsoft’s Stance: Popular opinion suggests Microsoft is ‘caught off-guard’ against such sophisticated attacks.
Ongoing Efforts: Microsoft is now bolstering defenses, ensuring tighter coordination across security teams to address these challenges.

For more details, refer to the official Microsoft Security Response Center update.

How were the attacks carried out against Microsoft and HPE?

The attacks on Microsoft and HPE were carried out by the same hacker group, Midnight Blizzard, which is linked to the Russian government. The hackers used the same technique to infiltrate the networks of both companies: compromising Microsoft 365 email. This cloud-based messaging platform is used by many organizations to communicate and collaborate.

“Password Spray” Attack Method Against Microsoft and HPE

The compromise of Microsoft 365’s email and HPE’s email accounts was achieved through a simple but effective method known as “password spraying.” This technique, often used after a brute force attack, involves guessing a password by trying several combinations, usually from previous data breaches.

The hackers used this method to gain access to an old test account on Microsoft’s network. Once they gained access, they were able to infiltrate HPE’s email accounts.

“Password spraying” is a technique where hackers use common passwords to attempt to gain access to multiple accounts on the same domain. Using a list of commonly used weak passwords, a hacker can potentially gain access to hundreds of accounts in a single attack. This differs from “Credential Stuffing”, where a single set of credentials is used to attempt to access different accounts across multiple domains.

In the case of the Midnight Blizzard attack on Microsoft, the hacker group used a password spray attack to compromise a legacy non-productive test account and gain a foothold. They then used the account’s permissions to gain access to a very small percentage of Microsoft’s corporate email accounts, including members of the executive team and employees in cybersecurity, legal, and other functions. They managed to exfiltrate some emails and attached documents.

Once they gained access to email accounts, the hackers were able to exfiltrate sensitive data, such as emails, attachments, source code, and secrets.

Method of attack against Microsoft and HPE customers “phishing, malware or social engineering”

Midnight Blizzard also used this data to carry out subsequent attacks against Microsoft and HPE customers, using phishing, malware, or social engineering techniques.

Why were the attacks successful?

  • Hackers exploited security vulnerabilities such as the lack of multi-factor authentication, the persistence of legacy test accounts, or weak passwords.
  • The hackers acted in a discreet manner, using advanced and persistent techniques, such as encrypting communications, masking IP addresses, or imitating legitimate behavior.
  • The hackers were supported by the Russian government, which provided them with resources, information, and diplomatic protection.

Here’s a diagram that summarizes the steps to Microsoft 365 email compromise:

Microsoft 365 email compromise diagram

Diagram depicting the 'Midnight Blizzard' cyberattack against Microsoft and HPE using password spray tactics.

Stages of Microsoft’s Security Breach

Microsoft endured a multi-phase assault:

November 2023 saw the initial breach when attackers cracked an outdated test account via password spray attacks, cycling through many potential passwords.

By December, those intruders had penetrated select executive and security team email accounts, extracting sensitive emails and documents.

January 2024 brought Microsoft’s detection and countermeasures to thwart further unauthorized access. The company identified Midnight Blizzard, known by aliases such as APT29 and Cozy Bear, as the culprits.

Come March, it was disclosed that the invaders had also accessed Microsoft’s code repositories and internal systems, utilizing the stolen intel for subsequent assaults on Microsoft’s clientele, targeting to exploit vulnerabilities or clone functionalities.

The different consequences of this attack on Microsoft

Consequences for Microsoft and its customers

The attack had significant consequences for Microsoft and its customers. On the one hand, Microsoft had to tighten its security measures, notify affected customers, investigate the extent of the compromise, and restore trust in its services.

On the other hand, Microsoft’s customers faced the risk of being targeted by subsequent attacks using information stolen from Microsoft, such as secrets, source code, or sensitive data. Some customers may have suffered financial losses, reputational damage, or privacy breaches.

Geopolitical consequence

The attack also had geopolitical consequences, as it revealed the Russian government’s involvement in large-scale cyber espionage operations against Western interests. It has drawn condemnation from several countries, including the United States, the United Kingdom, France and Germany, which have called for a coordinated and proportionate response to the threat. It also reinforced the need to strengthen international cooperation on cybersecurity and to define common standards to prevent conflicts in cyberspace.

Steps to attack HPE

Midnight Blizzard executed the attack on HPE, leveraging Microsoft 365 email for entry—the platform HPE adopted in 2017.

Initially, in May 2023, the hackers infiltrated SharePoint, extracting a select set of files. Post-breach, HPE, alongside cybersecurity experts, promptly engaged in containment and recovery efforts.

Come December, new breaches surfaced; targeted mailboxes related to cybersecurity and business operations were compromised. These intrusions were suspected to be connected to the earlier SharePoint incident.

Finally, in January 2024, HPE disclosed the breach to the SEC, affirming the implementation of measures to remove the threat, alert impacted clients, gauge the breach’s scope, and reinstate service integrity.

The different consequences of this attack on HPE

First, the attack had similar consequences to the attack on Microsoft, but on a smaller scale.

Restoring trust in its services to their customersOn the one hand, HPE had to strengthen its security measures, inform affected customers, and restore trust in its services. HPE’s customers faced the risk of being targeted by subsequent attacks using information stolen from HPE, such as sensitive data.

Justify the lack of economic impact as a result of this attack

On the other hand, HPE stated that the incident did not have a material impact on its operations, financial condition or results of operations.

The similarities and differences between the two attacks

Both attacks were carried out by the same hacking group, Midnight Blizzard, which is linked to the Russian government. Both attacks used the same means of access, Microsoft 365 email, which is a cloud-based email platform used by many organizations. Both attacks allowed hackers to exfiltrate sensitive data, such as emails, attachments, source code, or secrets. Both attacks had consequences for the victim companies, their customers, and geopolitics.

There were also differences between the two attacks. The attack on Microsoft was longer, deeper, and more widespread than the attack on HPE. The attack on Microsoft lasted several months, while the attack on HPE lasted a few weeks. The attack on Microsoft allowed the attackers to gain access to the company’s source code repositories and internal systems, while the attack on HPE was limited to email and SharePoint files. The attack on Microsoft affected thousands of customers, while the attack on HPE did not specify how many customers were affected.

What types of data does Midnight Blizzard exfiltrate?

What types of data does Midnight Blizzard exfiltrate?

Midnight Blizzard is the name given to a group of cybercriminals who have carried out cyber attacks against Microsoft, HPE, and their customers. This group is also known as Nobelium, Cozy Bear, or APT29. It managed to break into these companies’ cloud email systems and steal sensitive data. Microsoft said that Midnight Blizzard also accessed some of its source code and internal systems, but that it did not compromise Microsoft-hosted client systems.

“In recent weeks, we have seen Midnight Blizzard [Nobelium] use information initially exfiltrated from our corporate email systems to obtain, or attempt to obtain, unauthorized access,” Microsoft said in a blog post. “This includes access to some of the company’s source code repositories and internal systems. To date, we have found no evidence that Microsoft-hosted client systems have been compromised.”

Midnight Blizzard Exfiltrated Data Category

The data exfiltrated by Midnight Blizzard can be grouped into three main categories:

Communication data

Communication data is data that relates to interactions between Microsoft and HPE employees, partners, or customers. They include emails, attachments, contacts, calendars, notes, or instant messages. This data may contain confidential, strategic or personal information, such as trade secrets, project plans, contracts, reports, opinions, identifiers. This data was exfiltrated at Microsoft and HPE.

Source code data

Source code data is data that relates to the development of Microsoft’s products or services. They include files, repositories, versions, comments, or tests related to the source code. This data may reveal technical, functional, or security information, such as algorithms, architectures, features, vulnerabilities, patches, or backdoors. This data was exfiltrated only at Microsoft.

Internal system data

Communication and internal system data is data that relates to the exchange and operation of Microsoft and HPE’s internal systems. This includes emails, attachments, contacts, calendars, notes, instant messages, files, configurations, logs, audits, or scans of internal systems. This data may contain confidential, strategic or personal information, such as trade secrets, project plans, contracts, reports, opinions, identifiers. This data can also provide information about the performance, security, or reliability of internal systems. This data was exfiltrated at Microsoft and HPE.

What are the estimated values of the data exfiltrated by Midnight Blizzard?

It is difficult to estimate the exact value of the data exfiltrated by Midnight Blizzard, as it depends on several factors, such as the quantity, quality, freshness, rarity, or usefulness of the data. However, an approximate range can be attempted based on official sources or existing studies.

HPE’s SEC filing indicates that the security incident’s repercussions on their operational, financial, or business performance were minimal. This suggests the exfiltrated data’s worth is on the lower end, possibly just a few thousand dollars. On the other hand, Microsoft’s annual report documents a staggering $168.1 billion in revenue for 2023, with $60.7 billion attributed to their cloud division. Such figures lead to the conclusion that the stolen data from Microsoft could be highly valuable, potentially in the millions. Further, the Ponemon Institute’s study reports the average data breach cost in 2023 at $4.24 million, the highest to date, encompassing various associated costs. These costs include activities like detection and response, as well as indirect losses like diminished productivity and tarnished reputation. Therefore, it stands to reason that the value of data taken from Microsoft and HPE’s customers is similarly high, potentially reaching tens of millions of dollars.

What are the potential consequences of the data exfiltrated by Midnight Blizzard?

The data exfiltrated by Midnight Blizzard can have serious potential consequences for the victim companies, their customers, and geopolitics. Here are a few examples:

  • Communication data can be used to carry out phishing, malware, or social engineering attacks, impersonating trusted individuals, exploiting security vulnerabilities, or manipulating emotions. These attacks can aim to steal other data, take control of systems, destroy or alter data, or extort ransoms.
  • Source code data can be used to discover and exploit vulnerabilities, to copy or modify functionality, to create competing products or services, or to infringe intellectual property. These actions may adversely affect the security, quality, innovation, or competitiveness of Microsoft or HPE products or services.
  • Internal system data may be used to understand and disrupt Microsoft or HPE’s operations, organization, or performance, to reveal sensitive or confidential information, to create false information or rumors, or to influence decisions or behaviors. These actions may damage the reputation, trust, satisfaction, or loyalty of Microsoft or HPE customers, partners, or employees.

How could PassCypher HSM have prevented the cyberattack on Microsoft and HPE?

The cyberattack on Microsoft and HPE used weak or reused passwords to access email accounts. PassCypher NFC HSM or PassCypher HSM PGP is a hardware-based password manager, which allows you to create and use strong, unique, and random passwords, without knowing, remembering, displaying, or entering them manually. It uses Freemindtronic’s EviCore HSM PGP or EviCore NFC HSM technology to communicate contactlessly with compatible devices, and has a complicated and complex random password generator with self-entropy control based on shannon mathematical calculation.

With PassCypher NFC HSM or PassCypher HSM PGP solutions, users can effectively protect themselves against password spray attacks quickly, easily, and even free of charge. This is because PassCypher HSM PGP is originally completely free. He presented for the first time in Marseille on 6-7 March 2024 at AccessSecurity at the PhosPhorus Technology stand, partner of Fullsecure Andorra.

How could DataShielder have protected email messages and email attachments from being exfiltrated by hackers?

As you read more in this article, the cyberattack against Microsoft and HPE exfiltrated communication data, such as emails, attachments, contacts, notes, or instant messages. DataShielder NFC HSM or DataShielder HSM PGP are solutions for encrypting post-quantum data via NFC HSM or HSM PGP. Users encrypt and decrypt their communication data, only from their HSMs via physically outsourced segmented keys from the IT or phone systems. It works without a server or database and without any dependency on the security of communication systems. Of course, without the need to connect to an online service, or entrust your encryption keys to a third party. They have a random AES-256 encryption key generator. In particular, it embeds Freemindtronic’s EviCypher technology, which also encrypts webmail such as Outlook. With DataShielder solutions, users can protect themselves from data exfiltration by hackers and ensure the confidentiality, integrity, and authenticity of their communications.

Recommendations to protect yourself from cyber threats

The cyberattacks against Microsoft and HPE show that cyber threats are real, growing, and sophisticated. They also show that businesses of all sizes, industries, and locations need to take cybersecurity seriously and adopt best practices to protect themselves effectively. Here are some recommendations:

  • Enable multi-factor authentication, which involves requiring two or more credentials to log in to an account, such as a password and a code sent via SMS or email. This helps reduce the risk of being compromised by a password spray attack.
  • Review account permissions, which determine access rights to company resources and data. This helps limit the risk of an attack spreading from a compromised account.
  • Monitor suspicious activity, which may indicate an attempted or successful attack, such as unusual logins, file changes, data transfers, or security alerts. This makes it possible to detect and stop an attack as early as possible.
  • Use security solutions that provide protection, detection, and response to cyber threats, such as antivirus, firewalls, intrusion detection and prevention systems, or monitoring and analytics services. This makes it possible to strengthen the security of the information system and to benefit from the expertise of cybersecurity professionals.
  • Educate users, who are often the weakest link in the security chain, and who can fall victim to phishing, malware, or social engineering. This includes training them in good cybersecurity practices, informing them of the risks and instructions to follow in the event of an incident, and encouraging them to adopt responsible and vigilant behavior.

In conclusion

In conclusion, Midnight Blizzard’s cyberattacks expose critical vulnerabilities in global tech infrastructure. Through these incidents, we learn the importance of robust security measures like PassCypher and DataShielder. Moving forward, adopting advanced defenses and staying informed are key to combating future threats. Let’s embrace these lessons and protect our digital world.

Sources:

Telegram and the Information War in Ukraine

Telegram and the information war in Ukraine
Telegram and the Information War in Ukraine written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

How Telegram Shapes the Information War in Ukraine

In this article, we explore how Telegram and Ukraine’s information warfare are intertwined. We look at how the messaging app is influencing the Russia-Ukraine conflict, and how it can be used for good or evil. We also discuss the benefits and risks of using Telegram, as well as how security and freedom of expression can be enhanced with EviCypher NFC HSM technology.

2024 Digital Security

Europol Data Breach: A Detailed Analysis

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

How Telegram Influences the Conflict between Russia and Ukraine

Telegram and the information war in Ukraine are closely related. Telegram is a messaging app that offers users a secure and confidential way to communicate, thanks to its end-to-end encryption system. It has a large user base around the world, especially in Eastern Europe, where it plays a vital role in the information war between Russia and Ukraine.

Telegram’s Usage in Ukraine: Updated Statistics

Popularity and Download Trends

According to the report of the research company SimilarWeb, Telegram is the second most downloaded messaging app in Ukraine, after Viber, with 3.8 million downloads in 2021. It is also the fourth most used app in terms of time spent, with an average of 16 minutes per day. Telegram has about 10 million active users in Ukraine, which is almost a quarter of the country’s population.

Telegram’s Role in Ukrainian Media Landscape

Telegram is particularly appreciated by Ukrainians for its channel functionality, which allows to broadcast messages to a large audience. Some of these channels have become influential but controversial sources of information, as their owners and sources are often unknown. Among the most popular channels in Ukraine, we can mention:

  • @Zelenskyi, the official channel of President Volodymyr Zelensky, which has more than 2 million subscribers. It publishes announcements, speeches, interviews and videos of the head of state. It was created in 2019, during Zelensky’s election campaign, who was then an actor and a comedian.
  • @NashyGroshi, the channel of the journalistic project “Our Money”, which has more than 1.5 million subscribers. It publishes investigations, reports and analyses on corruption, abuse of power, political scandals and judicial cases in Ukraine. It was created in 2008, by journalist Denys Bihus, who received several awards for his work.
  • @Resident, the channel of blogger and activist Anatoliy Shariy, which has more than 1.3 million subscribers. It publishes comments, criticisms and sarcasms on the political and social news in Ukraine. He is known for his pro-Russian, anti-European and anti-government positions. He is currently in exile in Spain, where he is wanted by the Ukrainian justice for high treason and incitement to hatred.

These channels illustrate the diversity and complexity of the Ukrainian media landscape, which is marked by the conflict with Russia, the democratic transition, the fight against corruption and the polarization of society. They are also a reflection of the issues and challenges related to the use of Telegram, which can be both a tool of communication, information and manipulation.

Oleksiy Danilov’s Stance on Telegram’s Usage in Ukraine

Concerns Over National Security

Oleksiy Danilov is the secretary of the National Security and Defense Council of Ukraine, the body responsible for coordinating and controlling the activities of the executive bodies in the fields of national security and defense. He is also the head of cybersecurity of the country, and in this capacity, he expressed his reservations about the use of Telegram by Ukrainians. In February 2022, he stated that some anonymous and manipulative Telegram channels represented a threat to national security, and that they should be de-anonymized and regulated. He particularly targeted the channel @Resident, which broadcasts pro-Russian and anti-Ukrainian comments, and which is suspected of being linked to the Russian intelligence services. He also criticized the channel @Zelenskyi, which according to him, is not controlled by the Ukrainian president, but by advisers who seek to influence his policy.

Debating Telegram’s Influence in Ukraine

These statements provoked mixed reactions in Ukraine. Some supported Danilov’s position, believing that it was necessary to fight against misinformation and propaganda that undermine the sovereignty and democracy of the country. Others denounced an attempt at censorship and an attack on freedom of expression, recalling that Telegram was one of the few spaces where Ukrainians could access independent and diverse information.

How Telegram Influences the Information War in Ukraine

The Benefits and Risks of End-to-End Encryption

Telegram is a messaging app that lets you send messages, photos, videos, documents, and make voice and video calls. Its privacy policy is based on data encryption and non-cooperation with authorities. You can also create groups and channels that can reach thousands or millions of users.

End-to-end encryption is a technology that makes sure only the people in a conversation can read the messages, not even the service provider. Telegram has this option, but it is not on by default. You have to choose it for each chat, by switching to the “secret chat” mode. However, Telegram’s encryption is not based on standard protocols, and security experts have found some flaws.

Anonymous Channels and Their Impact on the Ukrainian Conflict

The channels are spaces where an administrator can send messages to a large audience. They can be public or private, and they can have millions of followers. Some channels are influential but controversial sources of information, as their owners and sources are often unknown. The channels can spread misinformation, propaganda, fake news, or violence.

Telegram and Russian propaganda have a strong connection, as many pro-Russian channels use the app to influence the public opinion in Ukraine and other countries. Telegram and the Ukrainian resistance also use the app to communicate and organize their actions against the Russian aggression.

Bots, Payment Services and Unique Usernames: A Double-Edged Sword

Bots are programs that interact with users. They offer services, information, or entertainment. Anyone can create them. They can be part of chats or channels. Bots can be helpful or harmful. They can collect personal data, send spam, or spread viruses.

Payment Services: Handy or Dishonest?

You can also use payment services via Telegram. These features use third-party platforms, such as Stripe or Apple Pay. They need bank or credit card information. Payment services can be handy or dishonest. They can steal sensitive data, scam users, or fund illegal activities.

Unique Usernames: Fun or Troublesome?

Another feature of Telegram is the unique usernames. They let users contact each other easily, without sharing their phone number. Users can create and change them at any time. Unique usernames can be fun or troublesome. They can enable harassment, identity theft, or account sale.

These features of Telegram raise issues of cybersecurity, privacy, end-to-end encryption, and application security. They can be used by bad actors, who want to harm Ukraine or its people. They can also be regulated by the authorities, who want to control the information or access the data of the users.

Telegram and the Information War in Ukraine: A Challenge

One of the main challenges of Telegram and the information war in Ukraine is to balance the freedom of expression and the protection of national security. Telegram and the Ukrainian conflict are closely intertwined. The app is used by both sides to communicate, inform, and influence. Telegram and Russian propaganda have a strong connection. Many pro-Russian channels use the app to sway the public opinion in Ukraine and other countries. Telegram and the Ukrainian resistance also use the app to coordinate and organize their actions against the Russian aggression. Telegram and cybersecurity in Ukraine are also crucial. The app can be a source of threats or a tool of defense.

Telegram VS Other Messaging Apps: A Comparative Analysis

WhatsApp: Popular but Questionable Confidentiality

WhatsApp is the most popular messaging app in the world, with more than 2 billion users. It offers end-to-end encryption by default for all conversations, which guarantees the protection of data. However, it belongs to Facebook, which has a dubious reputation in terms of respect for privacy, and which has raised fears about the sharing of data with other applications of the group. WhatsApp is also subject to the requests of the authorities, who can demand access to the metadata, such as the phone number, the IP address or the location of the users.

Signal: High Security but Limited User Base

Signal is a messaging app that claims to be the most secure and confidential on the market. It also offers end-to-end encryption by default for all conversations, and it does not collect any personal data. It is developed by a non-profit organization, which does not depend on advertising or investors. It is recommended by personalities such as Edward Snowden or Elon Musk. Signal is however less popular than WhatsApp or Telegram, with about 50 million users. It also offers fewer features, such as file sharing, information channels, bots or payment services.

Telegram: Innovative but Security Concerns

Telegram is between these two apps, offering more features than Signal, but less security than WhatsApp. Telegram allows users to choose the level of encryption and privacy they want, by opting for the “secret chat” mode or the “normal chat” mode. Telegram also allows users to enjoy innovative services, such as channels, bots, payments or unique usernames. However, Telegram also presents risks, such as fakes news, inappropriate content, privacy breaches or cyberattacks. Telegram is therefore an app that offers advantages and disadvantages, and that requires vigilance and discernment from users.

Telegram’s Global Perception and Regulation

Russia: Origin and Opposition

Russia is the country of origin of Telegram, but also its main adversary. The Kremlin tried to block the app in 2018, invoking reasons of national security and fight against terrorism. It demanded that Telegram provide it with the encryption keys to access the messages of the users, which Pavel Durov refused. It then ordered the telecom operators to block access to Telegram, but this measure proved ineffective, as Telegram used cloud servers to bypass the blocking. Many Russian users also use VPNs or proxies to access the app. In 2020, the Kremlin finally lifted the ban on Telegram, acknowledging its failure and stating that the app had cooperated with the authorities to remove extremist content. However, some observers suspect that Telegram made concessions to the Kremlin to lift the blocking, such as collaborating with the Russian services or censoring some channels.

France: Striving for Digital Regulation

France is a country that wants to be at the forefront of the regulation of digital platforms, especially in terms of fighting online hate. It adopted in 2020 a law that obliges the platforms to remove illegal content, such as incitement to violence, discrimination or terrorism, within 24 hours, under penalty of financial sanctions. This law also applies to messaging apps, such as Telegram, which must set up reporting and moderation mechanisms for content. France recognizes the right of users to privacy and end-to-end encryption, but it also asks the service providers to cooperate with the law enforcement to access the encrypted data when needed. France is also a country where Telegram is used by radical groups, such as jihadists or yellow vests, who take advantage of the app to organize, mobilize or defend themselves.

Ukraine: Balancing Utility and Risks

Ukraine is a country that has an ambivalent attitude towards Telegram, recognizing its usefulness, but also its dangers. On the one hand, Telegram is a source of information and a tool of resistance for many Ukrainians, who face the threat of Russian aggression and the challenges of democratic transition. On the other hand, Telegram is also a vector of misinformation and propaganda, which can undermine the sovereignty and stability of the country. Ukraine does not have a specific law to regulate Telegram, but it has some legal provisions to protect national security and public order, which can be used to restrict or block the app if necessary. Ukraine also cooperates with international organizations, such as the EU or NATO, to counter the cyber threats and the hybrid warfare that target the country.

EviCypher NFC HSM: Enhancing Telegram’s Security

The Role of Contactless Encryption Technology

One of the main challenges of using Telegram is to ensure the security and confidentiality of the data exchanged, especially in a context of information war. To meet this challenge, a possible solution consists of using EviCypher NFC HSM technology, which is a contactless encryption technology developed by Freemindtronic, an Andorran company specializing in the design of counter-espionage solutions implementing in particular contactless security with NFC technology. EviCypher NFC HSM uses two types of encryption algorithms for data:

  • Symmetric encryption in AES-256 for data such as texts (messages), thanks to its sub-technology EviCrypt. It uses a unique key, which is randomly generated and segmented into several parts. This key is used to encrypt and decrypt messages with the AES 256-bit algorithm.
  • Asymmetric encryption in RSA-4096 for symmetric encryption keys. It uses a pair of keys, which is generated and used from the NFC HSM device and which is based on the RSA 4096-bit algorithm. This pair of keys is used to share the symmetric key of at least 256 bits between the NFC HSM devices remotely, by encrypting the symmetric key with the public key of the recipient and decrypting the symmetric key with the private key of the recipient. The symmetric key is then stored and re-encrypted in the NFC HSM device of the recipient, with the trust criteria imposed by the sender if he has encapsulated them in the shared encryption key.

Practical Applications of EviCypher NFC HSM

EviCypher NFC HSM is a technology that uses hardware security modules (HSM) to store and use encrypted secrets. It allows contactless encryption with the NFC communication protocol. You can integrate the NFC HSM into various media, such as a card, a sticker, or a key ring. Then, you can pair it with an NFC phone, tablet, or computer. This way, you can encrypt everything before using any messaging service, including Telegram. EviCypher NFC HSM also has anti-cloning, anti-replay, and counterfeit detection mechanisms. It is part of the DataShielder product range, which offers serverless and databaseless encryption solutions.

Telegram and the Ukrainian conflict

EviCypher NFC HSM is compatible with Telegram, a messaging app that influences the information war between Russia and Ukraine. It offers more security and confidentiality than Telegram’s end-to-end encryption, which is not based on recognized standards. It also gives you more flexibility and control than Telegram’s secret chat mode, as you can choose the trust criteria for the encryption keys. Moreover, it is more convenient and simple than Telegram’s normal chat mode, as you can encrypt and decrypt messages with a simple gesture.

Telegram and cybersecurity in Ukraine

EviCypher NFC HSM is a useful technology with Telegram, as it enhances the security and confidentiality of the data exchanged, especially in a context of information war. It is also a universal technology, as you can use it with any other messaging app, such as WhatsApp, Signal, Messenger, etc. It is also an innovative technology, as it uses the NFC communication protocol to perform contactless encryption, without requiring any connection or installation.

Concluding Insights on Telegram’s Role in Ukraine

In this article, we have seen how Telegram plays a vital role in the information war between Russia and Ukraine, and what issues and challenges there are in using this messaging app. We have also seen how the technology EviCypher NFC HSM can be a useful solution to enhance the security and confidentiality of the data exchanged with Telegram. We hope that this article has been informative and interesting for you, and that it has helped you to better understand the situation of Telegram in Ukraine and in other countries. Thank you for reading.

Overview of Cited Sources

Here are the sources of the article, which are valid, reliable, relevant and if possible official links that allow to justify and verify the statements made in this article:

  • [Liga.net]: the news site that published the interview of Oleksiy Danilov on November 2, 2023, in which he expresses his concerns about Telegram.
  • [NV.ua]: the news site that reported the statement of Oleksiy Danilov, who alerted the nation to the critical vulnerabilities of Telegram, on November 2, 2023.
  • [RT – Pravda]: the Ukrainian news site that related the remarks of Oleksiy Danilov, who answered the questions of journalists during a press conference on November 3, 2023.
  • [Number of Telegram Users in 2023? 55 Telegram Stats (backlinko.com)]: an article that gives figures on the use of Telegram in the world and in Ukraine.
  • [NV.ua -NSDC]: the official website of the National Security and Defense Council of Ukraine, which published the press release of Oleksiy Danilov, who clarified his recent comments on Telegram, on November 15, 2023
  • [Ukrainians turn to encrypted messengers, offline maps and Twitter amid Russian invasion]: an article that describes how Ukrainians use Telegram and other digital tools to protect themselves and get informed in the face of the Russian aggression.
  • [Pravda – France 24]: the French news site that contains a video of the interview of Oleksiy Danilov with the journalist Gulliver Cragg, dated January 23, 2023.
  • [NFC HSM Technology – Freemindtronic]: an article that explains the NFC HSM technologies and how they work.
  • [EviCypher NFC HSM technology – Freemindtronic]: a page that contains articles and videos on the NFC HSM technologies.
  • [FAQ for the Technically Inclined – Telegram APIs]: a page that provides technical information about the Telegram APIs and the MTProto protocol.

Ommic case: How a French company allegedly handed over military secrets to China and Russia

Ommic case: The story of a French semiconductor company accused of spying for China and Russia

Ommic case by Jacques Gascuel: This article will be updated with any new information on the topic.  

Ommic case: A scandal of military industrial espionage

Ommic, a French semiconductor company, suspected of spying for China and Russia. Alleged delivery of military material and processes for radars, missiles or drones. Economic and political consequences for France and Europe. Questions about the protection and control of dual-use technologies. Article on the Ommic case, the technological secrets, the measures taken by the French government and other cases of military industrial espionage in the world.

2024 Digital Security

Europol Data Breach: A Detailed Analysis

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

2024 Digital Security

Apple M chip vulnerability: A Breach in Data Security

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2024 DataShielder Digital Security PassCypher Phishing

Midnight Blizzard Cyberattack Against Microsoft and HPE: What are the consequences?

2024 Digital Security

PrintListener: How to Betray Fingerprints

Ommic case: The story of a French semiconductor company accused of spying for China and Russia

The Ommic case is a scandal of industrial espionage that involves a French company specialized in the manufacture of high-tech semiconductors. According to the charges brought by the French justice, Ommic would have delivered to China and Russia material and processes sensitive to the military, used in particular by the French army. The French general manager of the company, as well as three other people, were indicted in March 2023 for “delivery to a foreign power of processes, documents or files likely to harm the fundamental interests of the Nation”. The French state took temporary control of the company and seized several tens of millions of euros. In June 2023, Ommic was sold to an American owner and changed its name to Macom. This case raises questions about the protection of French technological know-how and the risks associated with the transfer of strategic technologies to foreign powers.

What is Ommic?

Ommic, located near Paris in Limeil-Brévannes, has a history of more than 40 years in material science, semiconductor wafer processing and monolithic microwave integrated circuit (MMIC) design. Its differentiated manufacturing capabilities include several semiconductor processes and products qualified by the European Space Agency (ESA). Ommic uses notably gallium arsenide (GaAs) and gallium nitride (GaN) technologies, which allow to produce high-performance electronic components for high-frequency applications. Ommic counts among its customers major players in the space sector, such as Thales Alenia Space or Airbus Defence and Space.

Why did Macom buy Ommic?

Macom is an American supplier of semiconductor products for the telecommunications, industrial and defense and data center sectors. Macom announced in February 2023 that it had entered into a definitive agreement to acquire the assets and operations of Ommic for approximately 38.5 million euros. Macom sees Ommic’s high-frequency MMIC product portfolio and design capability as an aid to address microwave applications on target markets. Macom also said that acquiring Ommic should allow it to focus more on European markets and expand its wafer production capacity.

What are the technological secrets delivered by Ommic?

According to the information revealed by the French press, Ommic would have delivered to China and Russia material and processes sensitive to the military, which could have been used to manufacture radars, missiles or drones. These would include machine tools capable of engraving GaN wafers, a highly sought-after technology for its performance in terms of power, efficiency and thermal resistance. Ommic would also have transmitted digital files containing integrated circuit plans, source codes or algorithms. These technological secrets would have an estimated value of several hundred million euros.

What are the consequences of the Ommic case?

The Ommic case had legal, economic and political consequences. On the legal level, four people were indicted and placed under judicial control. They face 15 years in prison and 225 000 euros fine.

On the economic level, the French state took temporary control of the company. It also seized several tens of millions of euros. Moreover, it launched an audit to assess the damage to national defense. Additionally, it strengthened the security and competitiveness of the French semiconductor industry.

On the political level, the Ommic case provoked contrasting reactions. Some denounced a national betrayal and a threat to technological sovereignty. Others minimized the scandal and welcomed the takeover by Macom. The French government affirmed its vigilance and reminded that France had other leading players in this field.

The Ommic case also had implications for the world of semiconductors. This is a strategic sector for many applications. The case revealed the vulnerability of some European companies to foreign espionage and competition. The case also highlighted the importance of protecting intellectual property rights and preventing technology transfers. The case also raised questions about Macom’s role and responsibility.

How did Macom react to the Ommic case?

Macom reacted to the Ommic case by expressing its support for the French authorities and its commitment to comply with all applicable laws and regulations. Macom stated that it was not aware of any wrongdoing by Ommic or its employees before or during the acquisition process. Macom also stated that it had conducted a thorough due diligence on Ommic’s business and operations before closing the deal. Macom said that it was cooperating fully with the French authorities and that it was confident that it would be able to demonstrate its good faith and integrity.

Macom also tried to reassure its customers and partners about its ability to continue to provide high-quality products and services based on Ommic’s technologies. Macom said that it had taken steps to ensure the continuity of Ommic’s operations and to preserve its know-how and expertise. Macom also said that it had implemented strict security measures to protect Ommic’s intellectual property and trade secrets from unauthorized access or disclosure.

Macom also emphasized the strategic value of acquiring Ommic for its growth and innovation objectives. Macom said that Ommic’s high-frequency MMIC product portfolio and design capability were complementary to its own offerings and would enable it to address microwave applications on target markets. Macom also said that acquiring Ommic would allow it to focus more on European markets and to expand its wafer production capacity.

Are these measures enough to ensure the security and competitiveness of France in the field of semiconductors?

According to experts, these measures are necessary but not sufficient. It would also be necessary to strengthen European cooperation, which is essential to cope with global competition, especially from China and the United States. It would also be necessary to anticipate technological changes and market needs, which are constantly changing. It would finally be necessary to develop a coherent and ambitious industrial and commercial strategy, which values the assets and specificities of France.

What are the challenges and opportunities that arise for the future?

The challenges are numerous, but so are the opportunities. The field of semiconductors is indeed a key sector for many applications, such as aeronautics, automotive, space, health or digital. The global demand is strong and should continue to grow in the coming years. France has recognized skills and innovative players in this field, who can differentiate themselves by their quality, reliability or performance. France can therefore play a major role in the development and dissemination of tomorrow’s technologies.

What are some other examples of military industrial espionage cases in the world?

Military industrial espionage is the practice of spying on or stealing information from other countries or companies that are involved in the development, production, or sale of military equipment, technology, or services. Military industrial espionage can have serious consequences for national security, economic competitiveness, and international relations.

There are many examples of military industrial espionage cases in the world, involving different actors, methods, and targets. Here are some of them:

  • In 2019, a former engineer at Raytheon, a US defense contractor, was arrested and charged with exporting sensitive missile technology to China. Wei Sun, a Chinese-born US citizen, admitted that he took a laptop containing classified information about Raytheon’s products to China without authorization. He also admitted that he shared some of the information with Chinese professors and students at a university in China1.
  • In 2018, a former employee of the French aerospace company Thales was convicted of spying for China. Henri Dumoulin, a French citizen, was accused of passing confidential documents about radar systems and missile guidance to Chinese intelligence agents. He was sentenced to six years in prison and fined 40,000 euros2.
  • In 2017, a former employee of the German engineering company Siemens was found guilty of selling trade secrets to Russia. Evgeny Kaspersky, a Russian citizen, worked as a software developer at Siemens and had access to the source code of a software used to control gas turbines. He copied the code and sold it to a Russian company that was linked to the Russian military. He was sentenced to two years and nine months in prison3.
  • In 2016, a former employee of the British defense company BAE Systems was arrested and charged with attempting to sell jet fighter secrets to Iran. Simon Finch, a British citizen, worked as a software engineer at BAE Systems and had access to sensitive information about the Typhoon fighter jet. He allegedly tried to sell the information to Iranian officials through an encrypted messaging app. He was later acquitted after claiming that he acted out of frustration over his treatment by BAE Systems.

How to prevent and combat military industrial espionage?

Military industrial espionage is a widespread and dangerous phenomenon for the security and competitiveness of countries and companies involved in the military industry. It involves spying or stealing sensitive information or technology for military purposes. Therefore, it is important to implement effective measures to prevent and combat this type of espionage. These measures may include:

  • Strengthening the protection and control of classified or proprietary information and technology.
  • Enhancing the awareness and education of employees and contractors about the risks and responsibilities.
  • Increasing the cooperation and coordination among national and international authorities and partners.
  • Prosecuting and sanctioning those who engage in or facilitate military industrial espionage.

The Ommic case is not an isolated case of military industrial espionage in the world. There are many cases where countries or companies have tried to appropriate or transfer sensitive information or technology. Some of these technologies are dual-use, meaning that they can have both civilian and military applications. This is the case for data encryption and messaging.

The complexity and dynamics of industrial espionage with a military character

Industrial espionage with a military character is a complex and dynamic phenomenon, which evolves according to technological advances, geopolitical power relations and the strategies of the actors involved. It poses significant challenges for the security and competitiveness of countries and companies that are victims or targets of this practice. It therefore requires constant vigilance and continuous adaptation to prevent and combat this threat.

The Ommic case is a concrete and recent example of industrial espionage with a military character that illustrates one of the methods that this practice can take. It also shows the flaws and risks associated with dual-use technologies, i.e. technologies that can have both civilian and military applications. It invites us to think about the future prospects and challenges posed by industrial espionage with a military character in an increasingly connected and competitive world.

Conclusion: The Ommic case and the challenges of industrial espionage with a military character

Industrial espionage with a military character is a complex and dynamic phenomenon, which evolves according to technological advances, geopolitical power relations and the strategies of the actors involved. It poses significant challenges for the security and competitiveness of countries and companies that are victims or targets of this type of espionage. It therefore requires constant vigilance and continuous adaptation to prevent and combat this threat.

In this article, we have presented the Ommic case, a scandal of industrial espionage with a military character that involves a French company specialized in the manufacture of high-performance electronic components for high-frequency applications. We have explained the facts, the actors, the stakes and the consequences of this case. We have also shown how this case illustrates one form of industrial espionage with a military character by transfer, according to the means and methods used. In the next article, we will address other methods such as infiltration, surveillance, hacking, subversion.

In the next article, we will also talk about the counter-espionage technologies such as those designed, developed and manufactured by Freemindtronic, which include innovative digital security solutions based on quantum cryptography. These solutions allow to protect sensitive data from theft, falsification or corruption, using unbreakable encryption keys and tamper-proof transactions.

We will explain how these solutions can help countries and companies to protect themselves from attacks of industrial espionage with a military character, using cutting-edge and environmentally friendly technologies.

If you want to learn more about how to protect your data and communication from industrial espionage with a military character, stay tuned for our next article on Freemindtronic’s innovative solutions based on quantum cryptography.