GEOPOLITICAL AND CYBERSECURITY RISK WEEKLY BRIEF 4 MAY 2021

4 MAY 2021

EXECUTIVE SUMMARY

In the Americas, Washington DC’s police department acknowledged unauthorised activity on its computer server and said that it had contacted the FBI to investigate the matter, amid widespread reports of the department being targeted by a Russian-speaking hacker group. It is now believed that the Babuk ransomware was responsible. Japanese automaker Nissan announced that it will halt operations at its vehicle plant in the central Mexican state of Aguascalientes for one week in May due to a shortage of semiconductors.

The FBI, DHS, and CISA have issued a joint security advisory assessing the tactics, techniques, and procedures (TTPs) of the Russian Foreign Intelligence Service (SVR). The SVR’s current tactics include password spraying, leveraging 0day vulnerabilities, deploying its WellMess malware, and supply-chain attacks.

In Asia, Tokyo police have found that threat actors thought to be linked to China’s People’s Liberation Army (PLA) in all of the recently discovered 2016-2017 cyberattacks exploited a vulnerability in the Skysea IT management tool. Hong Kong’s local legislature passed a law giving the immigration department the ability to prevent individuals from entering or leaving the territory without any other legal oversight or right of appeal. Taiwan’s Labour Ministry has instructed all Taiwanese and foreign staffing firms on the island to remove all listings for jobs in China, particularly those in crucial sectors such as integrated circuits and semiconductors.

A new cyber-espionage campaign linked to the Naikon APT group has been uncovered, spanning two years, and targeting military organisations across Southeast Asia. During this campaign, the Naikon threat group used a custom backdoor, dubbed Nebulae. These attacks are premeditated and are thought to be orchestrated by the Chinese Ministry of State Security (MSS) and the Chinese People’s Liberation Army (PLA).

In Europe, Ukraine’s SBU security service said it arrested a local resident suspected of planning to carry out a cyberattack ordered by Russia on state institutions. Meanwhile, Moscow said that several areas of the Black Sea located near the Crimean coast will be restricted to foreign warships, provoking criticism from both NATO and Ukraine.

There have been new detections of a Russia-linked disinformation campaign, dubbed GhostWriter, that has been operating since at least 2017. Between October 2020 and January 2021 researchers observed five new campaigns conducted in Polish and English. Government, military and media agencies in Poland, Ukraine, and other Baltic countries are the targets.

In the Middle East and Central Asia, Israel’s National Cyber Directorate (NCD) issued a warning about coordinated cyberattacks by Iran and anti-Israel hackers in the run up to and on al-Quds day (7 May). The Saudi navy destroyed a remotely-piloted, explosives-laden boat near the port of Yanbu amid ongoing geopolitical tensions with Iran.

In Sub-Saharan Africa, Chad’s Transitional Military Council (TMC), which seized control of the government in a coup following the death of Idriss Déby Itno, rejected calls by the FACT rebel movement to observe a ceasefire and hold talks. Somalian President Mohamed Abdullahi Mohamed said he would terminate attempts to extend his time in office and organise new presidential elections amid political pressure and volatility.

ADDITIONAL AREAS COVERED IN THE REPORT: 

Attacks and cybersecurity news
Data breaches, fraud and vulnerabilities
APT activity and malware campaigns
Geopolitical threats and impacts