GEOPOLITICAL AND CYBERSECURITY RISK WEEKLY BRIEF 31 AUGUST 2021

31 August 2021

EXECUTIVE SUMMARY

In the Americas, two commodity trading giants are facing curbs by state-owned oil giant PEMEX due to allegations of corruption. John Binns, a 21-year-old US national living in Turkey, claims to be the main threat actor responsible for the T-Mobile breach. He alleged that the attack was in response to mistreatment by US law enforcement agencies. T-Mobile CEO Mike Sievert apologised for the incident, stating that a brute force attack was used to compromise the network. 

In Asia, Chinese ride-hailing giant Didi suspended plans to launch its services in the UK and continental Europe amid growing regulatory scrutiny in China. The Cyberspace Administration of China (CAC) said it would take action against what it characterised as the dissemination of ‘harmful information’ among online celebrity fan groups. An ongoing global cyber-espionage campaign was recently unearthed and attributed to a group dubbed Earth Baku. The campaign was traced back to July 2020 and is linked to the Chinese state-sponsored group APT41 (also known as WinntiGroup). The Earth Baku campaign has targeted private entities and specific industries in the Indo-Pacific region. 

In Europe, The UK and US jointly announced sanctions on Russia to mark the one-year anniversary of the poisoning of prominent opposition leader Alexei Navalny. Puma, the German multinational sportswear brand, suffered a security breach resulting in the theft of 1GB of data. This included source code for internal management applications potentially linked to the company's Product Management Portal.

In the Middle East and Central Asia, Iranian hacktivist group Tapandegan (“Palpations”) leaked video footage from cameras inside the Evin Prison in Tehran, showing human rights abuses. The Kyrgyz president signed into law a ‘false information’ bill, which is intended to combat misinformation and disinformation on social media and the world wide web. The NSO Group’s infamous Pegasus spyware has recently been deployed in attacks against activists and dissidents via a new iOS 0day exploit, dubbed FORCEDENTRY. iOS devices targeted in this campaign belonged to at least nine Bahraini activists, a French lawyer, and an Indian journalist.

ADDITIONAL AREAS COVERED IN THE REPORT: 

Attacks and cybersecurity news
Data breaches, fraud and vulnerabilities
APT activity and malware campaigns
Geopolitical threats and impacts