GEOPOLITICAL AND CYBERSECURITY RISK WEEKLY BRIEF 6 APRIL 2021

6 April 2021

EXECUTIVE SUMMARY

In the Americas, the Brazilian heads of the army, navy, and air force jointly announced their resignations in a move that will increase pressure on President Jair Bolsanaro. Venezuela and Russia are strengthening ties with the signing of new agreements.

The FBI and CISA have warned that state-sponsored threat actors are actively exploiting known vulnerabilities in Fortinet FortiOS, which affect the company's SSL VPN products. Several groups have targeted these vulnerabilities, including the Conti ransomware group, APT5, PioneerKitten, and EnergeticBear. In October 2020, the FBI and CISA warned of EnergeticBear using this same vulnerability, along with other VPN flaws to target US government networks.

In Asia, a China endorsed plans that would effectively end any meaningful opposition presence in Hong Kong’s Legislative Council. Meanwhile, two foreign correspondents fled from Beijing to Taiwan amid perceived worsening intimidation and threats.

The Calypso APT, an allegedly Chinese state-sponsored group, was recently connected to several attacks on vulnerable Microsoft Exchange Servers. Organisations targeted by Calypso included local and national governments, as well as software, defence, finance, IT services, legal, and manufacturing organizations in Europe, Asia, the Middle East and the Americas.

In Europe, the Italian government ordered the expulsion of two Russian diplomats amid an escalating espionage case described as an ‘extremely serious incident’. A Finnish paper manufacturer said it would ‘divest’ from the viscose market following revelations that production is linked to forced labour in China’s Xinjiang region.

New FluBot banking Trojan campaigns have been detected in Spain, Germany, and Hungary. FluBot (also known as Cabassous) is currently one of the most prolific Android banking malware campaigns in Europe. Since it was discovered, in January 2021, FluBot has infected over 60,000 mobile devices.

In the Middle East and Central Asia, the latest edition of the PwC CEO survey recorded a growing percentage of CEOs in the Middle East region ‘concerned’ about the rising threat of cyberattacks. China and Iran are forging stronger relations which will raise the sanctions risk for multinationals.

In Sub-Saharan Africa, a new study on Chinese contracts in non-concessional lending to low- and middle-income countries will elevate investment risks. African ministers of finance and economic development called on shareholders of the International Monetary Fund (IMF) to increase special drawing rights (SDRs) to address significant liquidity shortages due to the COVID-19 pandemic.

A fraud group has been laundering money through charity donation sites. Researchers have named the group CartCrasher. As a result of the pandemic, people have been a lot more charitable, with researchers reporting that COVID-19 has increased donations by 20.7%. This has allowed the group to hide behind additional website traffic and an increase in transactions.

ADDITIONAL AREAS COVERED IN THE REPORT: 

Attacks and cybersecurity news
Data breaches, fraud and vulnerabilities
APT activity and malware campaigns
Geopolitical threats and impacts