GEOPOLITICAL AND CYBERSECURITY RISK WEEKLY BRIEF 26 APRIL 2021

26 April 2021

EXECUTIVE SUMMARY

In the Americas, US President Joe Biden pledged to reduce the country’s carbon emissions by between 50 and 52 per cent in a boost to clean energy industries. Meanwhile, racial tensions are set to remain high despite the conviction of former Minneapolis police officer Derek Chauvin in the death of George Floyd in May 2020.

In Asia, a Dutch report said Huawei staff were able to eavesdrop on all mobile numbers on the Dutch KPN telephone network; the development will likely spur protectionist policies in strategic sectors. The Australia’s cancellation of so-called ‘belt and road’ infrastructure deals between China and the state of Victoria is likely to prompt a response by Beijing.

Tokyo police referred a Chinese man to prosecutors over his alleged involvement in cyber-espionage campaigns against nearly 200 companies and research institutes in Japan, including the Japan Aerospace Exploration Agency (JAXA). The Chinese national was reportedly working with the Tick advanced persistent threat (APT) group – thought to be a unit of the Chinese People’s Liberation Army (PLA).

A new 0day exploit for a new critical remote code execution (RCE) vulnerability in Pulse Connect Secure, tracked as CVE-2021-22893, has been leveraged by multiple APT groups in the wild. In total, 12 malware families are currently being distributed by at least two threat actors, tracked as UNC2630 and UNC2717, the former has tentative ties to APT5 – a Chinese state-affiliated threat group.

In Europe, Russia expelled 20 Czech diplomats amid worsening bilateral ties. Meanwhile, the US said it would not renew a special license allowing otherwise prohibited commercial transactions with nine state-owned companies in Belarus.

In the Middle East and Central Asia, a UK-based cybersecurity company discovered two malicious documents that are being used to deliver newer versions of malicious code of the Downdelph malware targeting organisations in Kazakhstan. The US shared details of specific sanctions that it is prepared to lift during the second round of indirect talks with Iran on how to revive the 2015 nuclear deal.

In Sub-Saharan Africa, French energy group Total terminated several contracts with the Mozambique government amid the ongoing Cabo Delgado insurgency. South Africa confirmed a second avian flu had been identified as Lesotho banned poultry imports from Guateng province.

ADDITIONAL AREAS COVERED IN THE REPORT: 

Attacks and cybersecurity news
Data breaches, fraud and vulnerabilities
APT activity and malware campaigns
Geopolitical threats and impacts