From February 2021, we are adding the Geopolitical and Cybersecurity Weekly Brief to the subscription package of intelligence services provided by us and our partners A2 Global Risk. In order to get access to the full report, please contact [email protected] or visit our explanatory service page here.
In the Americas, US authorities have warned of a ‘heightened threat’ of domestic violent extremism in the weeks following President Joe Biden’s inauguration. Additionally, EU member states have ceased recognition of Venezuelan opposition leader Juan Guaidó as the country’s interim president, signalling a broader weakening of the influence of the democratic opposition movement.
Relations with China continue to be tense. China’s Foreign Ministry announced that Beijing will no longer recognise passports issued to Hong Kong residents by the British government as valid travel documents or for identification purposes. The Biden administration has meanwhile signalled its plan for foreign policy continuity to Beijing.
In Europe, Chinese technology firm Huawei published plans to construct a manufacturing site in France, a move that will likely strengthen Huawei’s reputation in Europe. However, the move is unlikely to reverse bans in countries such as the UK and Sweden. In Norway, the country’s Data Protection Authority said it would fine US-based dating app Gridnr 100 million Norwegian crowns (USD11.7 million) for illegally disclosing user data to advertising firms. Meanwhile, a Russian vessel has resumed construction of Nord Stream 2 despite sanctions in a move that will prove a test for the new Biden administration as it seeks to revitalise alliances and counter perceived growing Russian assertiveness in Europe.
Europol revealed coordinated disruptive action against the Emotet botnet. Multiple law enforcement agencies (LEA) worked together to take control of the botnet’s infrastructure and stop the email distribution network (EDN). The US DoJ revealed that over 1.6 million computers were infected with Emotet. Emotet-linked damages totalled about $2.5 billion globally. Elsewhere, the notorious Trickbot Trojan is being distributed once again. Many of these threats have astonishing resilience against law enforcement takedown. While Trickbot has evolved from being a banking Trojan into a distribution mechanism, threat actors continue to propagate dangerous financial phishing scans: our team detected malicious emails using a COVID-19 vaccine appointment-themed email from the NHS as a lure, with the intention of stealing personal data including bank details.
The Australian Securities and Investments Commission (ASIC) has disclosed that one of its servers was accessed by an unknown threat actor on 15 January. The incident is related to Accellion software, used by the commission to transfer information. On 10 January, the Reserve Bank of New Zealand (RBNZ) also reported a data breach which occurred through the Accellion FTA file sharing service. It is likely that ASIC, like RBNZ, was attacked just before or at the same time as the patch for this bug was implemented. Another major breach this week saw Serco, provider of multiple services to the UK government, potentially breached by the operators of a new ransomware known as Babuk.
In Saudi Arabia, an intercepted projectile launched towards Riyadh on 23 January was claimed by an Iraq-based group, potentially opening up a new front for missile attacks. In Yemen, protests have occurred to denounce the decision of the administration of former US President Donald Trump to blacklist Yemen’s Iranian-backed Houthi movement as a foreign terrorist organisation.
Authorities in Mozambique have ordered the editor of an English-speaking news site to leave the country, highlighting political risks to media organisations. In an unprecedented move in the DRC, an overwhelming majority of the National Assembly (NA) voted in favour of a no-confidence motion in the prime minister, Sylvestre Ilunga Ilukamba.
A 0day vulnerability in the Windows Installer component, which Microsoft has attempted to patch several times in the past, has now received a micropatch to stop threat actors from gaining the highest privileges on a compromised system. Apple also released a patch for three vulnerabilities that may well have been exploited in the wild already.