+++ P.O. (BBG) North Korea Tests Missile as Tillerson Calls for Sanctions

P.O.

By George!

Zombies!

…With all probability, and as the previous one, this missile was “suicided” with a special software…

…There have been several indirect suggestions of this in the US media…

…And this has reminded me of the numerous earthquakes around Iran’s nuclear facilities…

…Haarp…

High Frequency Active Auroral Research Program

…It has also reminded of the famous Stuxnet…

…In Wikipedia:

«Stuxnet is a malicious computer worm, first identified in 2010, that targets industrial computer systems and was responsible for causing substantial damage to Iran’s nuclear program. The software was designed to erase itself in 2012 thus limiting the scope of its effects. The worm is believed by many experts to be a jointly built American-Israeli cyberweapon, although no organization or state has officially admitted responsibility. Anonymous American officials speaking to The Washington Post claimed the worm was developed during the Bush administration to sabotage Iran’s nuclear program with what would seem like a long series of unfortunate accidents.

Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. Exploiting four zero-day flaws, Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart. Stuxnet’s design and architecture are not domain-specific and it could be tailored as a platform for attacking modern supervisory control and data acquisition (SCADA) and PLC systems (e.g., in factory assembly lines or power plants), the majority of which reside in Europe, Japan and the US. Stuxnet reportedly ruined almost one fifth of Iran’s nuclear centrifuges.

Stuxnet has three modules: a worm that executes all routines related to the main payload of the attack; a link file that automatically executes the propagated copies of the worm; and a rootkit component responsible for hiding all malicious files and processes, preventing detection of the presence of Stuxnet.

Stuxnet is typically introduced to the target environment via an infected USB flash drive. The worm then propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the codes and giving unexpected commands to the PLC while returning a loop of normal operations system values feedback to the users.

In 2015, Kaspersky Labs’ research findings on another highly sophisticated espionage platform created by what they called the Equation Group, noted that the group had used two of the same zero-day attacks used by Stuxnet, before they were used in Stuxnet, and their use in both programs was similar. The researchers reported that “the similar type of usage of both exploits together in different computer worms, at around the same time, indicates that the Equation Group and the Stuxnet developers are either the same or working closely together”. Costin Raiu, the director of Kaspersky Lab’s global research and analysis team, believes that the Equation Group cooperates with the Stuxnet and Flame groups only from a position of clear superiority, giving them their “bread crumbs”.»

Please read the entire article in https://en.wikipedia.org/wiki/Stuxnet

…And please also read the entire article …http://virus.wikidot.com/stuxnet

Excerpt:

«Stuxnet is a worm sometimes referred to as the first “cyber super weapon”. It is both the first worm to spy on industrial as well as the first to reprogram them. The worm specifically targets industrial control systems, like the kinds found in nuclear power plants among other facilities. It was later revealed to have been a weapon of the US and Israeli governments against Iranian nuclear facilities.

Behavior

Stuxnet exploits a vulnerability in the Windows Print Spooler service to spread over networked machines. It sends a specially crafted print request to a networked printer. This allows its code to be executed on that remote system. It “prints” two files, winsta.exe, a dropper in the system folder and one additional file, sysnullevnt.mof, to the subdirectory wbemmof in the system folder.

When a removable drive infected with Stuxnet is connected to a computer, it copies itself as the files mrxcls.sys and mrxnet.sys in the “drivers” subdirectory of the system folder. It then creates two local machine registry keys that register these files as a service*.

When it is unable to gain administrator privileges in other ways, it exploits a vulnerability in Win32k.sys to elevate its privileges. The worm loads a file as a keyboard layout file which contains exploit code allowing it to execute code with SYSTEM privileges.

The worm copies itself to the root of any removable drives as the files ~WTR4132.tmp and ~WTR4141.tmp. While they have a .tmp extension, they are actually .dll files. It also copies the shortcuts linking to ~WTR4132.tmp named Copy of Shortcut to.lnk, Copy of Copy of Shortcut to.lnk, Copy of Copy of Copy of Shortcut to.lnk and Copy of Copy of Copy of Copy of Shortcut to.lnk.

Stuxnet exploits the zero-day LNK/PIF (shortcut file) automatic execution vulnerability to execute on the target system. When an application that can view an executable icon views the link files, the files show it the code that executes ~WTR4132.tmp. ~WTR4132.tmp exists for little other purpose than executing ~WTR4141.tmp. This file has a certificate issued by VeriSign to Realtek Semiconductor.

It spreads over network shares, copying itself as the file “DEFRAG(random number).tmp. The random number will be the tick count, the number of milliseconds since the system started in hexadecimal numbers. Like the files it copies to removable drives, this is also a .dll file. This file is set to be run by Rundll32.exe the next day.

It creates encrypted copies of itself in the inf subdirectory of the Windows folder named oem6C.PNF, oem7A.PNF, mdmcpq3.PNF and mdmeric3.PNF. The mrxcls.sys file in the drivers directory decrypts these if an attempt is made to remove the worm from the system.

Stuxnet disables or bypasses the system security to protect itself, while performing its intended actions. It gets past firewalls by injecting itself into the iexplorer.exe process. It also ends 10 processes, all security related:
avguard.exe
bdagent.exe
ccSvcHst.exe
ekrn.exe
fsdfwd.exe,
Mcshield.exe
rtvscan.exe
tmpproxy.exe
UmxCfg.exe
vp.exe

The worm is set to self-destruct on 2012.06.24.»

That’s All Folks!

Francisco (Abouaf) de Curiel Marques Pereira

(BBG) North Korea test-fired a ballistic missile just hours after U.S. Secretary of State Rex Tillerson mounted an effort at the United Nations to rally pressure against Kim Jong Un’s regime.

The missile was fired at 5:30 a.m. Saturday local time from northeast of Pyongyang and appears to have failed, according to a text message from South Korea’s Joint Chiefs of Staff. The U.S. Pacific Command said it didn’t leave North Korean territory and posed no threat to North America. It was likely a medium-range KN-17 ballistic missile and broke up minutes after launch, the Associated Press reported, citing an unidentified U.S. official.

In a tweet shortly after the launch, President Donald Trump referenced a growing divergence between North Korea and its main ally China: “North Korea disrespected the wishes of China & its highly respected President when it launched, though unsuccessfully, a missile today. Bad!” Trump has praised Chinese leader Xi Jinping’s actions on North Korea since the two leaders met in Florida earlier this month.

North Korea disrespected the wishes of China & its highly respected President when it launched, though unsuccessfully, a missile today. Bad!

Trump has stepped up pressure on North Korea to prevent it from obtaining the capability to hit North America with a nuclear weapon. He has threatened to act unilaterally if China fails to do more to curb its neighbor’s activities.

China’s Foreign Ministry didn’t immediately reply to phone and email messages Saturday seeking comment on the test-firing.

Kim’s regime has test-fired ballistic missiles six times this year, including a failed test earlier this month following a high-profile military parade through Pyongyang. He’s launched dozens of projectiles and conducted three nuclear tests since coming to power after his father’s death in 2011, and claimed in January to be almost ready to test-fire an intercontinental ballistic missile that would threaten the continental U.S.

Tillerson told Fox News earlier this week that China had warned Kim’s regime it would impose further sanctions if it conducted a sixth nuclear test. China banned coal imports from North Korea this year and the Global Times, a nationalist newspaper affiliated with Communist Party, warned earlier this month that another nuclear test might prompt oil curbs.

“The Security Council is mobilized,” Francois Delattre, France’s ambassador to the UN, said in reaction to news of the North Korean missile launch hours after the Security Council met to discuss the country. “The Security Council has to assume its responsibilities to be very firm in terms of the implementation of existing sanctions, in terms of adopting new sanctions if necessary, and tightening the regime of sanctions.”

At the UN on Friday, Tillerson called on other nations to cut diplomatic and economic ties with North Korea. He spelled out a renewed U.S. effort to compel the country’s regime to give up its nuclear weapons and ballistic missile programs after decades of defiance.

Speaking before the United Nations Security Council for the first time as the top U.S. diplomat, Tillerson proposed three ways to pressure North Korea: UN member states should “fully implement” existing sanctions against North Korea, downgrade or suspend diplomatic ties with the country and increase its financial isolation with new and tighter sanctions.

“North Korea exploits its diplomatic privileges to fund its illicit nuclear and missile technology programs, and constraining its diplomatic activity will cut off the flow of needed resources,” Tillerson said Friday. Normal ties with the country “are simply not acceptable,” he added, urging economic sanctions against nations that do business with North Korea.

The Security Council meeting capped a flurry of U.S. activity this week aimed at injecting urgency into resolving the threat posed by North Korea’s nuclear and missile programs, which are banned under UN resolutions. Trump has said he’s fed up with decades of failure by U.S. presidents from both parties to stop the program. He’s called on China to rein in its neighbor and sent an aircraft carrier battle group and nuclear submarine to the region.

The USS Car Vinson battle group and Japan’s Maritime Self-Defense Force conducted exercises from the Tsushima Strait off Nagasaki into the Sea of Japan on Saturday after the North Korean test-firing, Kyodo News reported.

Tillerson told the Security Council that all of its members must share responsibility, saying those that don’t enforce existing sanctions “fully discredit this body.” He demanded countries suspend North Korean imports, particularly coal, and stop accepting North Korean guest workers.

Those were references to China, which accounts for the vast majority of trade with North Korea, and Russia, which allows North Korean workers in cities and towns near its border with the country in the Far East.

The response from some other nations suggested the U.S. still has a long way to go to persuade them. China’s Foreign Minister Wang Yi on Friday again offered his country’s proposal that the U.S. suspend military drills with South Korea in exchange for the North suspending its nuclear and missile programs. The U.S. rejects that idea.

Wang also delivered a pointed rebuke to Trump, who said in an interviewwith Reuters Thursday that a “major conflict” with North Korea was possible if diplomatic solutions fail.

China “strongly urges all parties to remain calm, exercise restraint and avoid provocative rhetoric or actions that will lead to miscalculation,” Wang said. He added that the key to solving the North Korea nuclear problem “does not lie in the hands of the Chinese side.”

The exchanges were more cordial at the start of a one-on-one meeting later in the day between Tillerson and Wang.

Xi-Trump Ties

“I appreciate the constructive way that China has engaged with the United States to address the challenges on the Korean Peninsula that are common to both of us,” Tillerson said at the opening of the meeting. He added that Trump and Xi “have developed a very good understanding of one another and a level of trust, which allows them to communicate openly and that is translated to all of us.”

During the Security Council session, Tillerson said that the U.S. goal isn’t to overthrow Kim’s regime but ruled out talks unless the North Korean leader takes “concrete steps to reduce the threat that illegal weapons programs pose to the United States and our allies.” As the meeting concluded, Tillerson reiterated that the U.S. wouldn’t agree to talks unless North Korea abides by existing Security Council resolutions.

“The takeaway from today’s Security Council ministerial meeting is that Secretary Tillerson is trying to take sanctions that exist on paper and turn them in into steel bars that block North Korea from proliferating,” Daniel Russel, former assistant secretary of state for East Asian and Pacific Affairs who’s now a diplomat in residence at the Asia Society Policy Institute, said in an interview. “What I interpret his message to be is a consciousness-raising effort and a spine-stiffening effort.”