GEOPOLITICAL AND CYBERSECURITY RISK WEEKLY BRIEF 20 SEPTEMBER 2021

20 September

EXECUTIVE SUMMARY 

In the Americas, thousands protested against the introduction of the Bitcoin cryptocurrency as legal tender in El Salvador. Critics of move claim it will raise instability and inflation in the country. On 10 September, General Motors’ (GM) CFO Paul Jacobson said that company sales and production will decline due to the global chip shortage.

Threat actors recently impersonated the US Department of Transportation (USDOT) in a campaign that lasted two days. The campaign used a convincing domain, focused on current events, and impersonating a trusted brand to carry out credential harvesting.

In Asia, the Indonesian State Intelligence Agency denied that its servers had been breached, following reports of a suspected hack by China-based advanced persistent threat (APT) group Mustang Panda into Indonesian government networks. Mustang Panda is known for its cyberespionage campaigns targeting the Southeast Asia region, with the reported malware-linked hacks occurring as of around March 2021.

Cyjax analysts have uncovered a large credential harvesting campaign targeting multiple government departments in APAC and EMEA countries. Over 50 hostnames were analysed, many of which were posing as the Ministry of Foreign Affairs, Ministry of Finance, or Ministry of Energy, in various countries, as well as the Main Intelligence Directorate of Ukraine and the Pakistan Navy.

In Europe, the European Commission (EC) said it was considering an import ban on products manufactured from forced labour. While no other country was specifically mentioned, the statement from EC President Ursula von der Leyen underlines a hardening stance towards China over human rights, particularly in relations to allegations of widespread mistreatment of the local Uyghur minority. Meanwhile, a group of bipartisan lawmakers in the US seeks to challenge President Joe Biden’s decision to waive sanctions on the Nord Stream 2 pipeline.

A threat actor has stolen the COVID-related data of 1.4 million French patients. The Paris public hospital system (AP-HP) has issued a public apology, the institution being one of a number of French healthcare facilities that have been targeted by cyberattackers in recent months.

In the Middle East and Central Asia, an Iranian parliamentarian called on the government to consider using cryptocurrency trading to avoid international sanctions. Separately, on 16 September political and militant organisation Hezbollah’s Al-Manar TV reported that 20 Iranian fuel trucks carrying five tonnes of refined petroleum had crossed the border from Syria near the towns of Al-Ain and Al-Qaa.

Researchers have uncovered several APT attacks targeting South Asia and the Middle East, particularly Iran, Afghanistan, and India. Human rights activists, military officers, veterans, extremists, oil and gas staff, and government employees were all among those targeted.

In Sub-Saharan Africa, the Economic Community of West African States (ECOWAS) announced asset freezes and travel bans for members of the CNRD junta in Guinea and their relatives. The regional trade bloc also called for the release of deposed president Alpha Condé and that new elections are held within six months. In the Democratic Republic of the Congo, China’s African affairs department of its foreign ministry ordered Chinese companies who are accused of violating laws in the DRC’s eastern South Kivu province to immediately stop operating and return home to face punishment by the Chinese authorities.


      ADDITIONAL AREAS COVERED IN THE REPORT: 

Attacks and cybersecurity news
Data breaches, fraud and vulnerabilities
APT activity and malware campaigns
Geopolitical threats and impacts