GEOPOLITICAL AND CYBERSECURITY RISK WEEKLY BRIEF 1 MARCH 2021

1 March 2021

EXECUTIVE SUMMARY

Four members of the Five Eyes (FVEY) international alliance have issued a joint advisory regarding the ongoing cyberattacks leveraging the Accellion File Transfer Appliance (FTA). The vulnerabilities have reportedly been exploited to target multiple federal and state government organisations, as well as private sector firms in the medical, legal, telecommunications, finance, and energy fields. This activity has impacted organisations in Australia, New Zealand, Singapore, the UK, and the US. Fewer than 25 victims are thought to have "suffered significant data theft". 

US President Joe Biden reversed restrictions on green card and skilled worker visas imposed during the Trump administration in April 2020 in response to the coronavirus pandemic. In Canada, members of parliament (MPs) voted overwhelmingly to declare China’s treatment of its ethnic Uyghur population as ‘genocide’. Beijing’s most senior official in Hong Kong emphasised the Chinese government’s requirement for ‘patriots’ to be in control of the territory. The Dutch parliament passed a non-binding motion describing the treatment of Uyghurs in China as ‘genocide’. 

A recent malspam campaign has led to the identification of a new advance persistent threat (APT) group dubbed LazyScripter. The group is believed to have been active since at least 2018 using phishing to target those immigrating to Canada for work, going through airlines, or the International Air Transport Association (IATA).

In Europe, federal prosecutors in Germany charged a German citizen with passing blueprints and building plans of the Bundestag parliament building to a suspected Russian operative between late July and early September 2017. A Swedish national suspected of handing over sensitive information to a Russian diplomat was also indicted.

The Division of Structural Biology (Strubi), an Oxford University lab researching coronavirus, was targeted by threat actors in mid-February 2020, with access to affected machines subsequently being sold on the darknet. The university has stated that no clinical research was exposed in the attack.

In the Middle East, US military airstrikes targeted Iran-backed locations near the Syrian-Iraqi border. Iran officially began restricting inspections by members of the International Atomic Energy Agency (IAEA) of its nuclear facilities.

In Sub-Saharan Africa, World Health Organization (WHO) officials called on Tanzanian authorities to share data regarding the country’s COVID-19 outbreak and prepare mass vaccinations. In the DRC, diplomats are restricted from travelling outside the capital following the killing of the Italian ambassador.

Security researchers have uncovered a new wave of LinkedIn-themed credential harvesting malspam. The attackers are sending malicious links to “LinkedIn Private Shared Documents”, which is not a real service and was invented for this campaign. The danger of this campaign is that the more accounts the attackers can compromise using this technique the more convincing and effective their campaigns become.


ADDITIONAL AREAS COVERED IN THE REPORT: 

Attacks and cybersecurity news
Data breaches, fraud and vulnerabilities
APT activity and malware campaigns
Geopolitical threats and impacts