GEOPOLITICAL AND CYBERSECURITY RISK WEEKLY BRIEF 6 SEPTEMBER 2021

6 sEPTEMBER 2021

Executive Summary

In the Americas, General Motors announced production cuts across its North American operations in September due to the ongoing global semiconductor shortage. New details revealed how Chinese state-sponsored threat group APT5 hijacked an NSA encryption backdoor to compromise Juniper Networks’ customers. The APT group injected code into the company’s NetScreen firewall. They were subsequently able to decipher all encrypted traffic and access victim networks. Elsewhere, Autodesk revealed that it was targeted by NOBELIUM, the Russian SVR group of threat actors responsible for the SolarWinds supply-chain attack.

In Asia, Beijing has issued instructions limiting the amount of time children below the age of 18 are permitted to access online gaming sites, suggesting the gaming industry is the latest target in moves against technology companies deemed to be highly influential over society in China. New research uncovered three previously undisclosed malware families dubbed PRIVATELOG, STASHLOG, and SPARKLOG that hide data using CLFS log files. In May, these new malware families were reportedly leveraged against an undisclosed high-profile organisation based in Japan.

In Europe, the Irish data protection agency fined social messaging app WhatsApp EUR225 million for breaching EU rules on user privacy. VoIP Unlimited and Voipfone, two UK-based VoIP companies, reported sustained, severe DDoS attacks from a group claiming to be REvil. The attacks lasted several days and disrupted service provision. An exposed password on the Francetest website exposed personal information and COVID-19 test results from 700,000 people.

In the Middle East and Central Asia, Baghdad hosted a summit aimed at easing regional tensions, specifically between the Gulf and Iran, as well as addressing a number of geopolitical issues. The SilentLibrarian group, an Iranian state-sponsored APT, continues to target universities globally. New credential harvesting pages have been discovered posing as university login pages for digital learning environments (DLEs).

ADDITIONAL AREAS COVERED IN THE REPORT: 

Attacks and cybersecurity news
Data breaches, fraud and vulnerabilities
APT activity and malware campaigns
Geopolitical threats and impacts