Here’s the million-dollar question nobody is asking about the Baltimore bridge collapse…

https://revolver.news/ ^ | 3/27/2024

[Paul R.]

No disagreement there. Although the Eggners Ferry Bridge replacement work was done under (mostly) hack Dems, they weren't completely incompetent hack Dems.

[Paul R.]

Attempting to back down @ full reverse may have played a large role too. IF that’s what happened - I’ve not seen anything from NTSB today, yet. (Have been doing chores and “honey do’s” [more like just “DO!] all day, so far.) A good question is whether the pilot or captain ever attempted or tried in a simulator such an emergency maneuver with this size ship?

[Paul R.]

I should add, we also don’t know about any lateral currents at the time.

[Paul R.]

Correct. Mud bottom (and dredged) — the anchor adds a little drag, that’s about it. Catch something solid and you rip out a chunk of the ship. One of the marine shipping people cited 1/2 knot as the maximum safe speed for a ship this massive to drop anchor if there’s any chance it will “catch”.

[hanamizu]

I saw one animation that described a smaller channel opening up to the main channel to the ship’s starboard. The opening can cause a slight drift to starboard. No problem with engines and control of rudder, but that’s right where the power failed.

[Elsie]

True, if all you do is drop the anchor, but there seems to be a really HEAVY chain attached to that anchor that does NOT want to be pulled up outta da hold!

[proud_dad_of_two]

That bridge will never be rebuilt period

It's absolutely being rebuilt. It's the Hazardous materials path around Baltimore and is part of the Interstate system. They'll absolutely rebuild it.

[Paul R.]

“What’s Going On With Shipping” thinks there may have been flow (current) coming out of that channel, and with little or no way to compensate, that current may have kicked the stern of the ship back into the main channel, turning the ship right into the bridge support.

[rodguy911]

Great thread thanks for posting it.

Here's is what I have found.

Microsoft Threat intel did a great piece on a chicom hacker group names volt Typhoon.These clowns use a technique called living off the land which makes it near impossible to find them. its described below:

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

...........................

Volt Typhoon and other Chinese groups accused of hacking the US and others

By Reuters

May 25, 202311:59 AM EDTUpdated 10 months ago

By Microsoft Threat Intelligence

SINGAPORE, May 25 (Reuters)

- Chinese hacking teams have been blamed by Western intelligence agencies and cybersecurity groups for digital intrusion campaigns across the world, targeting everything from government and military organizations to corporations and media groups.

Cybersecurity firms believe many of those groups are backed by China's government. U.S.-based Mandiant has said some Chinese hacking groups are operated by units of China's army.

China's authorities have consistently denied any form of state-sponsored hacking, saying China itself is a frequent target of cyberattacks. It has dubbed the U.S. National Security Agency (NSA) as "the world's largest hacker organization".

Some of the biggest Chinese hacking teams identified by intelligence agencies and cybersecurity groups are:

'VOLT TYPHOON'

Western intelligence agencies and Microsoft (MSFT.O), opens new tab said on May 24 that Volt Typhoon, a group they described as state-sponsored, had been spying on a range of U.S. critical infrastructure organizations, from telecommunications to transportation hubs.

They described the attacks in 2023 as one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure.

China's foreign ministry described the reports as part of a U.S. disinformation campaign.

'BACKDOORDIPLOMACY'

Palo Alto Networks, a U.S. cybersecurity firm, says its research showed BackdoorDiplomacy has links to the Chinese state and is part of the APT15 hacking group.

A Reuters report in May identified BackdoorDiplomacy as being behind a widespread series of digital intrusions over several years against key Kenyan ministries and state institutions. The Chinese authorities said it was not aware of such hacking and described the accusations as baseless.

https://encyclopedia.kaspersky.com/glossary/lotl-living-off-the-land/

A Living off the Land (LotL) attack describes a cyberattack in which intruders use legitimate software and functions available in the system to perform malicious actions on it.

Living off the land means surviving on what you can forage, hunt, or grow in nature. LotL cyberattack operators forage on target systems for tools, such as operating system components or installed software, they can use to achieve their goals. LotL attacks are often classified as fileless because they do not leave any artifacts behind.

LotL tools

Most LotL attacks employ the following legitimate tools:

PowerShell, a script-launching framework that offers broad functionality for Windows device administration. Attackers use PowerShell to launch malicious scripts, escalate privileges, install backdoors, and so on.

WMI (Windows Management Instrumentation), an interface for access to various Windows components. For adversaries, WMI is a convenient tool for accessing credentials, bypassing security instruments (such as user account control (UAC) and antivirus tools), stealing files, and enabling lateral movement across the network.

Risks associated with LotL attacks

Attackers do not leave traces in the form of malicious files on device hard drives, so Living off the Land attacks cannot be detected by comparing signatures.

Additionally, operating system tools, such as PowerShell and WMI, may appear in the security software's allowlist, which also impedes detection of their anomalous activity.

Finally, adversaries’ use of legitimate tools also complicates the investigation and attribution of cyberattacks.

Protection against LotL

To counter LotL attacks, cybersecurity professionals use solutions based on behavioral analysis. The technology detects anomalous program and user activity – actions that could signify an attack in progress.

Tools and techniques that can counter LotL attacks include EDR solutions and threat hunting.

Here's a clip about volt typhoon

Microsoft Defender XDR

Living off the land

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.

Microsoft is choosing to highlight this Volt Typhoon activity at this time because of our significant concern around the potential for further impact to our customers. Although our visibility into these threats has given us the ability to deploy detections to our customers, the lack of visibility into other parts of the actor's activity compelled us to drive broader community awareness and further investigations and protections across the security ecosystem.

https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/

.....................

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a

[rodguy911]

more on this:

https://joehoft.com/breaking-exclusive-synergy-marine-group-managed-ship-that-hit-baltimore-bridge-and-has-a-strong-business-relationship-with-china-it-specializes-in-remote-system-monitoring/

BREAKING EXCLUSIVE: SYNERGY MARINE GROUP MANAGED SHIP THAT HIT BALTIMORE BRIDGE AND HAS A STRONG BUSINESS RELATIONSHIP WITH CHINA – IT SPECIALIZES IN REMOTE SYSTEM MONITORING

The Dali is owned by Grace Ocean Pte. Ltd., managed by Synergy Marine Pte. Ltd. and covered by The Britannia Steam Ship Insurance Association Ltd., or Britannia P&I Club. Protection and indemnity (P&I) clubs are mutual insurance organizations that insure and pool liability for the global shipping industry.

All crew members and the two pilots operating the Dali have been accounted for, according to a statement from a Britannia P&I Club spokesperson. The statement noted that the “exact cause of the incident is yet to be determined.”

To sum up, a Chinese related company managed the cargo ship that hit and collapsed the Baltimore bridge. This company, Synergy, specializes in remote system monitoring.

[rodguy911]

Here's more:

https://www.reuters.com/technology/chinese-groups-accused-hacking-microsoft-us-others-2023-05-25/

Volt Typhoon and other Chinese groups accused of hacking the US and others By Reuters

May 25, 202311:59 AM EDTUpdated 10 months ago

Here's what Reuters has on some possible hacking groups

NGAPORE, May 25 (Reuters) - Chinese hacking teams have been blamed by Western intelligence agencies and cybersecurity groups for digital intrusion campaigns across the world, targeting everything from government and military organizations to corporations and media groups.

Cybersecurity firms believe many of those groups are backed by China's government. U.S.-based Mandiant has said some Chinese hacking groups are operated by units of China's army. China's authorities have consistently denied any form of state-sponsored hacking, saying China itself is a frequent target of cyberattacks. It has dubbed the U.S. National Security Agency (NSA) as "the world's largest hacker organisation".

Some of the biggest Chinese hacking teams identified by intelligence agencies and cybersecurity groups are:

1.'VOLT TYPHOON'

Western intelligence agencies and Microsoft (MSFT.O), opens new tab said on May 24 that Volt Typhoon, a group they described as state-sponsored, had been spying on a range of U.S. critical infrastructure organisations, from telecommunications to transportation hubs.

They described the attacks in 2023 as one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure.

Volt is high on my list of hackers since they use the living off the land techniques.

China's foreign ministry described the reports as part of a U.S. disinformation campaign.

'BACKDOORDIPLOMACY'

Palo Alto Networks, a U.S. cybersecurity firm, says its research showed BackdoorDiplomacy has links to the Chinese state and is part of the APT15 hacking group.

A Reuters report in May identified BackdoorDiplomacy as being behind a widespread series of digital intrusions over several years against key Kenyan ministries and state institutions. The Chinese authorities said it was not aware of such hacking and described the accusations as baseless.

2. APT 41 Chinese hacking team APT 41, which is also known as Wintti, Double Dragon and Amoeba, has conducted a mix of government-backed cyber intrusions and financially motivated data breaches, according to U.S.-based cybersecurity firms FireEye and Mandiant.

The U.S secret service said the team had stolen U.S. COVID relief benefits worth tens of millions of dollars between 2020-2022.

Taiwan-based cybersecurity firm TeamT5 said the group had targeted government, telecoms, and media victims in Japan, Taiwan, Korea, the United States and Hong Kong.

APT 41 was named by the U.S Department Justice in September 2020 in relation to charges brought against seven hackers for allegedly compromising more than 100 companies around the world.

The Chinese authorities have described such reports as "groundless accusations".

3. APT 27

Western intelligence agencies and cybersecurity researchers say Chinese hacking team APT 27 is sponsored by the state and has launched multiple attacks on Western and Taiwanese government agencies.

APT 27 claimed responsibility for cyber attacks against Taiwan in 2022 during a visit by then U.S House of Representatives Speaker Nancy Pelosi, saying it acted as a protest because Pelosi defied China's warnings not to visit. Cybersecurity firm Mandiant said last year, opens new tab the group compromised the computer networks of at least six U.S. state governments between May 2021 and February of 2022, while the German authorities named blamed it for attacks against German pharmaceuticals, technology and other companies.

Reporting by Fanny Potkin; Editing by James Pearson and Edmund Blair