In this week’s monitoring brief, US-China relations revolved around technology and security. During the reporting period, FBI Director Chris Wray revealed that the majority of cyberattacks against American companies originated from China, warning that these attacks are becoming increasingly sophisticated. There has been a rising trend with attack or espionage operations vectoring into an organisation’s information security infrastructure via joint-venture partnership or insider threats.
The FBI has warned that an emerging threat targeting Native American tribal entities has caused millions of dollars in damages. Various organisations connected to the Native American tribes are reported to have been victims of ransomware attacks since 2016
Pivoting towards US allies to the north—Canada—where there was a devasting ransomware attack on the healthcare system in Newfoundland and Labrador, rendering online services and access to data unavailable since 30 October. The knock-on effect has led to the cancellation of non-emergency services. Given that the attack impacted four provincial healthcare systems, cybersecurity professionals have described the attack as the ‘worst’ in Canadian history.
In Europe, relations between Poland and Belarus have been ratcheting up along their shared borders. There have been a series of escalations, including aggressive posturing by military units, increased deployments and surveillance activities, that has elevated a very localised conflict risk environment as well as threatened to drag in Belarus ally, Russia. Poland is no stranger to Russian cyber operations from the likes of APT UNC1151, which was responsible for a major attack on the email and social media accounts of Polish politicians and public figures in June.
The UK Labour Party has disclosed a data breach that reportedly affected its members. The party sent a statement to all Labour members informing them of a “significant” incident at a “third party which handles data on our behalf”. According to the statement, “the incident had resulted in a significant quantity of party data being rendered inaccessible on their systems”.
CERT-FR has released an advisory on a cybercriminal group that has been responsible for a range of ransomware campaigns since June 2020. The group, dubbed Lockean, is likely an affiliate of multiple Ransomware-as-a-Service (RaaS) groups. Lockean is responsible for a ‘big game hunting’ campaign targeting organisations mainly based in France.
In the Middle East, US, Canada and Palestinian Territories based human rights NGOs revealed that the Pegasus spyware was installed on the mobile phones of six Palestinian rights activists, including those of US and French nationals. During the surveillance on these activists, which allegedly started in June 2020, the Israeli government declared them as terrorists, suggesting that it had access to information potentially exfiltrated from the zero-click spyware that was developed by Israel-based NSO Group. In Turkey, the government prosecuted 30 people for insulting the president via posts on social media. While there is a law banning the public denigration of the Turkish president, it has mainly been used to silence opposition voices, specifically politicians, journalists and activists, but the law affords no legal protections to foreign private citizens or organisations.
Regime-change has been the dominant geopolitical theme with Ethiopia and Sudan experiencing recent revolutions that will impact the operational risk environment for many organisations in the coming weeks.