Executive Summary
Political risks can affect different commercial interests. The US Federal Aviation Administration (FAA) cleared the Boeing 737 MAX aircraft to return to service in the US in a move that has been decried by some as being too soon. In Ethiopia, the attorney-general’s office has frozen 34 bank accounts linked to the ruling party in Tigray regional state amid escalating hostilities. Pharmaceutical companies may be increasingly targeted amid growing sentiment that they are ignoring the challenges of developing countries; Doctors Without Borders have called for a temporary waiver on the enforcement of some intellectual property (IP) rights relating to COVID-19 treatments and vaccines for middle- and low-income countries during the pandemic.
Covid-19 continues to be a fertile topic for scammers and cybercriminals, alike. As the hopes of a vaccine become reality, the number of people searching for information on what is available will rise: so, too, will the number of scams purporting to offer such information. It is not just fraudsters, however, who are looking to abuse the pandemic. Threat actors with no discernible profit motive have also been wreaking havoc on hospitals, vaccine research institutions, and, most recently, potential vaccine storage organisations. AmeriCold Logistics, which has over 180 sites worldwide and may be at the forefront of the global vaccine distribution efforts, was hit with what is believed to be ransomware.
Several major phishing campaigns were detected this week: one targeted hundreds of thousands of Facebook users, looking to steal their credentials; another aimed to collect the banking information of Middle Eastern victims; and a third appears to have been a continuation of the recent Twitter account hijacks that affected Elon Musk and others, and is targeting high-follower and verified Twitter accounts. Many of these scams lure potential victims by using current affairs, political unrest, or the promise of financial gain.
Patching remains a serious issue. Research from Microsoft has revealed that hundreds of thousands of devices remain unpatched against critical vulnerabilities that have had patches available for many months. Readers are urged to update systems as often as possible.
Tensions with China continue. A senior Chinese government official indicated Beijing intended to implement fundamental changes to Hong Kong’s legal system. Meanwhile, French foreign minister Jean-Yves Le Drian and Heiko Maas, his German counterpart, called for the US President-elect Joe Biden to help form a united front against countries such as China, Russia, and Iran.
Political unrest continues around the globe. In Mali, several political parties and civil society organisations have denounced the recent nomination of members of the country’s transitional council, CNT, with some saying they will boycott its formation. In Thailand, the prime minister warned that the government will use all legislation at its disposal against protesters who have broken laws during demonstrations calling for his removal and reforms to the monarchy. And around the globe, there have been developments in various bilateral conflicts. Palestinian authorities said they would resume cooperation with Israel after suspending all ties in May. Jordan will open a consulate in Western Sahara, marking a strong signal of support from Jordan over Morocco’s control in the disputed Western Sahara region.
Attacks and cybersecurity news
AmeriCold, a major warehouse operator, suffered a major security incident this week which disrupted operations and brought the company’s systems to a halt. It is suspected that the firm has been the victim of a ransomware attack. AmeriCold Logistics is a temperature-controlled warehousing and transportation company with over 183 warehouses around the world. The company is expected to play an important role in storing and distributing COVID-19 vaccines, once these have been approved by the relevant health authorities, as cold storage facilities will be crucial for preserving the vaccine.
New research from SANS ISC has shown that numerous critical vulnerabilities remain unpatched in hundreds of thousands of systems around the world despite patches having been available for many months. These bugs included serious issues such as the BlueKeep vulnerability in Windows RDP and SMBGhost, an issue in the Server Message Block v3 (SMB) protocol in recent versions of Windows. Both of these vulnerabilities are considered some of the most severe to have been found in Windows for many years. According to the researchers, more than 245,000 Windows systems have not received the BlueKeep patch despite Microsoft having released it over 18 months ago. This constitutes 25 per cent of the 950,000 systems that were first found to be vulnerable to BlueKeep attacks. In terms of SMBGhost, first disclosed in March 2020, there are still 103,000 Windows systems still at risk.
Mitsubishi Electric has announced a second cyberattack to hit it in 2020: information related to its business partners has been leaked. Analysis of 8,653 accounts revealed that names, addresses, and phone numbers had all been exposed. Little is known about the attack at present but the risks from it can be extrapolated from Mitsubishi’s major role in support of Japan’s national security and infrastructure. Consequently, the company holds data connected to the defence sector, railways, and electric power supply, all of which may have been exposed.
Malware previously linked to North Korean threat group Lazarus has been deployed in a new campaign targeting South Korean supply chains. The attacks exploit WIZVERA VeraPort, a program used by South Korean companies to integrate and manage software downloads that are needed to visit a particular domain. The combination of compromised websites with WIZVERA VeraPort support, and specific VeraPort configuration options, allow Lazarus to perform this attack. Therefore, owners of compromised websites can mitigate the chances of attack by enabling specific configuration options, such as specifying hashes of binaries in the VeraPort configuration.
Threat actors have targeted GoDaddy employees with a social engineering campaign in which emails and web traffic destined for various cryptocurrency trading platforms were redirected. The attackers aimed to trick the employees into transferring ownership and/or control over targeted domains. This campaign has already resulted in the compromise of cryptocurrency trading platform Liquid (see Data Security section), as well as cryptocurrency mining service NiceHash. Several other cryptocurrency platforms, including Bibox.com, Celsius.network, and Wirex.app have been targeted.
Data security, fraud, and vulnerabilities
Data Security
Cryptocurrency exchange portal Liquid has disclosed a security breach in which a threat actor accessed employee email accounts and moved through the company’s internal network. Liquid claims to have detected the intrusion before any funds were stolen, but that users’ personal information was nonetheless exposed. Liquid is one of the top 20 cryptocurrency exchange portals in the world: it has a significant number of users whose data may have been exposed. the data collected by them could still be an asset and may be sold on the darknet to other threat actors.
US-based electronics retailer, TronicsXchange, has exposed over 2.6 million files, including around 80,000 ID cards and biometric images, in an AWS S3 bucket. The exposed information mostly relates to Californians who visited TronicsXchange stores between 2012 and 2015. It is currently unclear if any threat actors accessed or stole this data while it was exposed.
Christian faith app, Pray.com, has exposed the personal data of up to 10 million users after misconfiguring its cloud infrastructure. Four misconfigured AWS S3 buckets were found belonging to the company. Pray.com had made around 80,000 files private, but it had failed to do this on its Cloudfront CDN, which also had access to the same files. Some of the victims may not even be users of Pray.com.
Fraud
Our team was recently alerted to a new phishing campaign that targets high-follower and verified Twitter accounts. The threat actors use a hijacked verified Twitter account and rename it to “Support Team”. The profile picture is changed to the Twitter logo, and the bio altered to impersonate a Twitter support team enforcing copyright notices. It is possible that this activity may be linked to other account hijacks that have been used to push a Bitcoin scam impersonating Elon Musk: High follower or verified Twitter accounts should ensure that they have strong 2FA on the account, such as an authentication app or hardware token. Remove SMS 2FA once this is configured.
A new phishing campaign is targeting various Saudi companies: Al Rajhi Bank, Al Ahli National Commercial Bank, and Saudi Electricity have been impersonated. The phishing emails use various lures, such as “refund forms” and “account verification”, or claim the account has been disabled. Some of the IPs being used in the campaigns have previously been associated with ransomware operations. One IP targeting Al Rajhi Bank was an IOC in a report about the CTB-locker ransomware; another was previously linked to GandCrab ransomware activity. The goal of these phishing campaigns is currently unclear. It is possible that the threat actors are attempting to steal data from victims, or potentially trying to install malware on the device.
A “massive” phishing and credit card fraud operation that may have affected over 100,000 Facebook users from around the world. The scam tricked victims into providing their login details and then used the compromised accounts to drive traffic to a network of malicious websites. According to the researchers, the comments all led victims to a fake Bitcoin trading platform that required visitors to deposit at least €250 in order to engage. The data exposed in this widespread scam could have been used for myriad malicious operations including account takeover, identity theft, fraud, blackmail, and disinformation. Using one set of credentials, the threat actors behind this scam would have been able to access numerous platforms, apps, and other online accounts for which the victim had reused the login and password details.
Vulnerabilities
A critical vulnerability and two high severity issues have been disclosed in Cisco Security Manager software. The software is used by admins to manage security policies on Cisco security devices and Cisco’s firewall, VPN, Adaptive Security Appliance (ASA), and Firepower devices.
The critical flaw, tracked as CVE-2020-27130, is a path-traversal vulnerability that could allow a remote attacker without credentials to download files from an affected device.
Real Time Automation (RTA), Paradox, Schneider Electric, and Sensormatic Electronics have each announced vulnerabilities that range from high-severity to critical. SCADA systems are used to assist in the management of Industrial Control Systems in industries such as telecommunications, water and waste control, energy, oil and gas, and transportation. These vulnerabilities represent a serious threat to all sectors in which SCADA systems are deployed.
Researchers at Tencent have revealed a widespread cryptomining campaign that has successfully infected tens of thousands of servers with the 4SHMiner cryptocurrency mining Trojan. Machines with Apache Shiro version 1.2.5 and before are at risk: 4SHMiner exploits a deserialisation vulnerability in Shiro designated CVE-2016-4437. Users should update to Apache Shiro versions 1.2.5 and higher which contain mitigations against CVE-2016-4437.
APT Activity and Malware Campaigns
APT activity
A large-scale intelligence-gathering operation is targeting Japanese and other international organisations. This campaign, linked to a Chinese threat group known as Cicada (also known as menuPass), has targeted multiple sectors, including automotive, government, manufacturing, professional services, pharmaceutical, engineering, and managed service providers. These attacks extensively use DLL side-loading and were also seen leveraging the ZeroLogon vulnerability, CVE-2020-1472, that was patched in August 2020. If successfully exploited, an attacker could use ZeroLogon to take over an entire corporate network via its Domain Controller. This had made it a prime tool for attackers, having been used by various threat actors including the Ryuk ransomware group.
A new sample from the SideWinder threat group is being distributed in lure documents purporting to contain details about China’s Belt and Road (B&R) initiative. SideWinder is an Indian state-sponsored cyber-espionage group which distributes malware to Windows desktop and Android mobile systems. The group specialises in spear-phishing emails with subjects of interest to its high-value targets, many of which are in Pakistan or China. The use of the B&R initiative in the lure, a Chinese global infrastructure development strategy that is heavily investing in Pakistan, supports the group’s TTPs and usual targeting.
Vietnamese state-sponsored threat group OceanLotus has been detected using a RAR archive, posing as an Adobe Flash installer to deliver malware, allowing it to remain obfuscated. The fake Flash file delivers a DLL which loads and executes Cobalt Strike, which in turn installs the final payload which captures system information and C&C connection. OceanLotus has a strong focus on Southeast Asian countries like the Philippines, Laos, and Cambodia.
Malware
The operators of the Trickbot Trojan are pushing a new malware, dubbed LightBot, that appears to be exclusively deployed against high-value targets. LightBot is being pushed by the rebooted Trickbot infrastructure and is being used to identify potential targets for the Ryuk ransomware. This latest development shows yet further refinement in the ransomware threat landscape: malicious actors developing specific malware to identify and attack the most valuable targets possible. The hundredth version of the Trickbot Trojan was recently disclosed. The new variant has additional features to evade detection
A new mining Trojan, dubbed LoggerMiner, is spreading through cloud hosting services, and uses SSH accounts on the host to launch attacks on additional targets. The malware is also able to infect the docker container on a compromised host. This miner has various striking functionalities that make it a dangerous threat to organisations in all sectors. Miners can be particularly harmful to the physical functioning of a device, as they drain its processing power.
A variant of the Grelos web skimmer has revealed further overlaps in the infrastructure of various Magecart groups. The malware is being hosted on domain infrastructure used by multiple groups and is linked to previous phishing and malware campaigns. This overlapping use of infrastructure makes it difficult for researchers to identify which group is responsible for certain attacks. Magecart groups in general are difficult to identify because of their similar targeting and tactics: this is only further complicated by the use of the same malware and infrastructure. There has been significant growth in cooperation between cybercriminal groups. These threat actors are providing each other with various resources to make their attacks more successful.
A new banking Trojan, dubbed BBtok, is being distributed in fileless attacks to victims in Mexico. BBtok has backdoor functionality allowing the malicious actors behind it to carry out various post-compromise activities. The end target is the login credentials of various banks. These include Santander, BanBajio, ScotiaBank, AFIRME, Banregio, Banco Azteca, Multiva, Inbursa, HSBC, Banorte, CitiBanamex, BBVA, and more.
Darknet
The Darkside ransomware group has announced plans to buy a distributed storage system in Iran to store the leaked data of their victims. To prove how serious they are about this venture the group has deposited GBP320,000 to a Russian hacking forum. The trend of depositing money on forums as a way of showing their buying power has been growing since REvil did the same thing a couple of months ago. As is the norm for now, Cyjax has also observed more databases being posted to hacking forums with one of the more notable leaks this week being a database from ShopBack containing 22 million entries.
Geopolitical Threats and Impacts
In partnership with A2 Global Risk
Americas
UNITED STATES – FAA CLEARS BOEING 737 MAX TO FLY, MARKING KEY STEP FOR AVIATION SECTOR
On 18 November, the US Federal Aviation Administration (FAA) cleared the Boeing 737 MAX aircraft to return to service in the US. The 737 MAX, which was grounded globally after two fatal crashes in late 2018 and early 2019 killed 346 people, must undergo software and wiring changes, while pilots must also receive simulator training. The FAA’s re-certification of the 737 MAX marks a major development for both Boeing and the aviation sector more broadly. Airlines across the world have had their 737 MAX jets grounded since early 2019, and have since suffered greater financial and operational difficulties due to the coronavirus (COVID-19) pandemic. While the FAA’s measure only allows the plane to fly in the US, similar moves are likely to be taken by regulators in Brazil, Canada, and the EU in the short-term outlook. Re-approval in China and countries whose regulators have looser ties to the FAA is likely to take longer. While the FAA’s decision has been well received by the aviation sector, family members of victims of the fatal crashes in Indonesia and Ethiopia in October 2018 and March 2019, respectively, have expressed disappointment in the aircraft’s re-approval, saying it happened ‘too soon’. In the US, American Airlines is set to become the first carrier to resume flying the 737 MAX, with flights scheduled to begin on 29 December.
MEXICO & US – WASHINGTON DROPS CHARGES AGAINST MEXICO’S FORMER DEFENCE MINISTER
In a joint statement from US and Mexican authorities on 17 November, the US Department of Justice (DOJ) announced it would seek to drop charges of drug trafficking and money laundering against General Salvador Cienfuegos, who served as Mexico’s defence minister between 2012 and 2018. In October, Cienfuegos was detained at Los Angeles International Airport (LAX) on a US Drug Enforcement Administration (DEA) warrant. Cienfuegos’ arrest angered many senior Mexican political and military personnel, particularly as no forewarning was given over the investigation or detention. Following Cienfuegos’ arrest, Mexican President Andrés Manuel López Obrador threatened to review how DEA personnel operate in Mexico, potentially undermining US anti-narcotics capabilities. The acknowledgement from US prosecutors that foreign policy considerations were important in the dropping of charges signals that an agreement was reached at a political level. In exchange for the dropping of charges against Cienfuegos, the DEA will likely see its Mexican operations unaffected. From the perspective of Mexican authorities, the agreement marks a positive development which avoids a highly embarrassing trial of a former senior military leader. Mexico is unlikely to pursue criminal charges against Cienfuegos, which would be highly unpopular among members of its armed forces. More broadly, it avoids damaging anti-narcotic and security cooperation between Mexico City and Washington.
PERU – CENTRIST LAWMAKER SWORN IN AS INTERIM PRESIDENT
On 18 November, centrist Francisco Sagasti of the Morado Party was sworn in as the country’s interim president. He will be in the role until July 2021, when the current presidential term is set to expire. Sagasti is the country’s third president in just over a week, following Martín Vizcarra’s impeachment over corruption allegations, which he denies, and Merino’s resignation following the deaths of two student protesters in the capital Lima. Significantly, a large majority in congress supported making Sagasti interim president, which should give his administration sufficient congressional backing to tackle the multiple challenges facing Peru. These include politically-linked social unrest as well as public health and economic crises derived from the coronavirus (COVID-19) pandemic. Sagasti is set to remain president until July 2021, with elections to select his successor held in April 2021.
APAC
HONG KONG – CHINA INDICATES FURTHER CHANGES PLANNED FOR HONG KONG’S LEGAL SYSTEM
A senior Chinese government official on 17 November indicated Beijing intended to implement fundamental changes to Hong Kong’s legal system. Zhang Xiaoming, a deputy director at the Hong Kong and Macau Affairs Office (HKMAO) which is responsible to Beijing for overseeing the territory’s governance and security, claimed while any ‘reforms’ would not affect judicial independence he noted concerns that the local court system continued reflect foreign values at the expense of Beijing’s trust. Zhang’s remarks should be viewed as representing Beijing’s intentions to alter the relationship between Hong Kong’s judicial system and the wider public and commercial communities. Pro-Beijing groups in Hong Kong have long contested the ‘foreign’ composition of the local judiciary, reflecting the territory’s reliance on English Common Law and the continuing role of overseas judges within the court system. Since the imposition of China’s national security law in June 2020 there has been a growing emphasis on the requirement that public officials, including the judiciary, should be ‘patriots’ and that the concept of the ‘separation of powers’ intended to protect the courts from political influence challenged the dominance of the ruling Communist Party of China and was de facto seditious. The impact of the coronavirus pandemic and the reluctance of foreign companies to reveal their concerns has resulted in a muted corporate response to China’s moves. However, many commercial concerns will be assessing how to mediate the risk any changes to the local legal system may have on their operations, assets and staff.
THAILAND – GOVERNMENT THREATENS TO USE ‘ALL LAWS’ AGAINST PROTESTERS
Thailand’s Prime Minister Prayuth Chan-ocha warned on 19 November that the government will use all legislation at its disposal against protesters who have broken laws during demonstrations calling for his removal and reforms to the monarchy. Prayuth’s warning may mark a pivotal moment in the government’s response to the anti-government protests and growing demands for reforms to the monarchy that have escalated since July. The decision to issue the threat of serious criminal charges, which are expected to include lèse-majesté offences that carry long prison sentences, is unlikely to deter further protests while increasing tension and the potential for violent confrontations between the security forces and activists. Such an outcome will have major implications for Thailand and foreign companies operating in the country or dependent on its supply chains or currently moribund tourism sector. Any action by government forces leading to a significant loss of life or mass arrests will result in widespread condemnation and probable sanctions by many Western nations, threatening Thailand’s diplomatic and economic ties with some of its key markets and alliances. This, in turn, could result in a nationalistic response against foreign companies and individuals that, under some circumstances, could threaten their commercial operations and even the security and safety of overseas personnel.
NEW CALEDONIA & CHINA – UNREST IN FRENCH TERRITORY OVER NICKEL PLANT SALE INTENSIFIES
Demonstrations are taking place across the French territory of New Caledonia on 18 November against the planned sale of the Vale nickel plant at Goro to a new consortium, Prony Resources. Traditional leaders and the pro-independence Kanak and Socialist National Liberation Front spurn the planned sale and want Vale to instead negotiate with Sofinor. The ramping up of the rallies, which have been occurring for weeks, underscores simmering tensions between New Caledonians in support of the territory’s independence from France and those that support remaining a part of France. Such tensions have not been resolved despite a recent vote on the matter. The French government supports Vale’s negotiations with Prony Resources and recognises it as the only valid bid, while those that are pro-independence support the rejected Sofinor bid. The nickel industry is of utmost importance to New Caledonia’s economy and is a major employer that is deeply intertwined with the territory’s strategic interests. A majority of the territory’s nickel exports go to China, and pro-independence advocates are viewed as more favourably disposed towards the country. Frictions between various stakeholders over the sale are likely to result in further unrest.
Europe and Russia
EU, US, & CHINA – FRENCH, GERMAN FOREIGN MINISTERS CALL ON BIDEN TO STRENGTHEN TRANSATLANTIC UNITY
In a rare opinion post published in The Washington Post on 16 November, French foreign minister Jean-Yves Le Drian and Heiko Maas, his German counterpart called for the US President-elect Joe Biden to help present a united front against countries such as China, Russia, and Iran. However, stronger transatlantic unity should ‘not exclude dialogue and cooperation’. The comments were partly echoed by Biden on Monday who said that the US would rely on allies to deal with China on unequal trade practices. US and EU business interests have consistently complained of restricted access to the Chinese market. Under President Donald Trump, US-EU relations have been uncharacteristically tense, as the ‘America First’ doctrine clashed with Europe’s focus on multilateralism. With a Biden presidency, EU leaders hope that traditionally close relations will improve and the US will assume strong international leadership and promote the liberal democratic model abroad. Before presenting a joint front vis-a-vis China and other competing nations, however, the US and EU will need to resolve an ongoing trade dispute. This is likely to occur as Biden has repeatedly expressed his opposition to tariffs as a means of advancing foreign policy objectives, instead relying on dialogue and high-level negotiations. With regards to the EU’s approach towards China, there will likely be more alignment with the US and probably less divergence within the bloc, if Biden successfully forges a strong consensus among allies.
REGIONAL – HUNGARY AND POLAND BLOCK BUDGET, RECOVERY FUND OVER RULE OF LAW PROVISIONS
Hungary and Poland have blocked the adoption of the 2021-2027 budget and the economic recovery fund over a provision linking the distribution of funds to respecting the rule of law. Tensions persist between the two countries and Brussels over recent government policies, which critics say weaken the rule of law and freedom of press. The claims have triggered a number of EU probes. Warsaw and Budapest dismiss the allegations, which they view as an interference in domestic affairs. By vetoing the adoption of both the budget and recovery package, this delays the distribution of much-needed funds to regions affected by the coronavirus (COVID-19) pandemic. All EU member states must sign off on the EUR1.8 trillion budget and EUR750 billion recovery fund. After EU leaders approve the recovery package, national parliaments are required to ratify it. If the two countries maintain their veto, EU institutions will face a difficult set of options, one of which involves adopting a significantly diminished provisional budget for next year. Poland is one of the main beneficiaries from the EU funds, expected to receive over EUR170 bn in 2021-2027. Domestically, maintaining the veto over a prolonged period risks a public backlash against the two governments as it will weaken economic growth. Due to this consideration, the veto is unlikely to remain in place, meaning the budget will eventually receive the necessary political and parliamentary approval.
MENA and Central Asia
ISRAEL & PALESTINIAN TERRITORIES – RESUMPTION OF COOPERATION WITH ISRAEL, SIGNALLING ECONOMIC STABILISATION
On 17 November, Hussein al-Sheikh, a Palestinian Authority (PA) ministry who oversees relations with Israel, confirmed that cooperation will resume between the two. The PA suspended all ties in May, including a halt to cooperation on security issues, to protest Israeli plans to unilaterally annex parts of the occupied West Bank, notably with support from the US Trump administration. The resumption of cooperation will be a significant boost to the Palestinian economy due to the likely return of transfers from Israel totalling around USD100 million per month, which accounts for over 60 per cent of the PA’s budget. After President Mahmoud Abbas refused to accept the money in May – collected by the Israeli government on behalf of the Palestinians in a tax known as maqasa – the loss of funds, compounded by COVID-19, caused an economic nosedive resulting in salary cuts for thousands of public sector workers and a spike in unemployment levels. Further confidence will likely have been instilled in the PA following the victory of US Presidential candidate Joe Biden, who has pledged to return to negotiations over the two-state solution. Despite this, the PA’s decision to cooperate with Israel has been met with backlash from Palestinian factions, notably Hamas.
EGYPT – PARLIAMENTARY ELECTION RESULTS SIGNAL FURTHER POWER CONSOLIDATION FOR PRESIDENT
The results from the second round of House of Representative polls, held on 8 November, saw a victory for the Mostaqbal Watan Party, which is pro-President Abdel Sisi. The party won all 284 seats allocated for party lists – notably pre-selected by a pro-Sisi government – in the 596-seat chamber under a winner-takes-all system. President Sisi can now directly appoint a further 28 lawmakers; the remaining individual seats will be voted on in run-offs that will likely be held in the coming weeks. The results further bolster the Mostaqbal Watan Party’s position. Sunday’s results are widely considered to have been rigged, with many individual candidates and opposition parties having filed complaints to the commission citing electoral fraud. In a strong indication of voter apathy, likely fuelled by the perception of fraudulent elections engineered to further consolidate Sisi’s power, turnout for the 8 November polls was only 29 per cent. This figure will come as a likely blow to Sisi loyalists who will have hoped for high participation to improve their credibility. The shift of increasing numbers of opposition and individual candidates to the sidelines could work to provoke a better coordinated anti-Sisi movement in the medium-long term.
WESTERN SAHARA – JORDAN TO OPEN CONSULATE, SIGNALLING STRONG SUPPORT FOR MOROCCO
On 19 November, the Moroccan government announced that Jordan will open a consulate in Western Sahara, which will be situated in the region’s largest city, Laayoune. The decision was reached following a conversation between King Mohammed VI of Morocco and King Abdullah II of Jordan. The move is a strong signal of support from Jordan over Morocco’s control in the disputed Western Sahara region. Tensions there have ramped up in recent weeks following the deployment of Moroccan troops into the village of Guerguerat after affiliates of the Polisario Front (PF) blocked a key route for goods drivers across the border in Mauritania. The PF is a Sahrawi rebel national liberation movement aiming to end Moroccan presence. The announcement is likely to provoke anger among Sahrawi people. In a further significant escalation of tensions, the leader of the PF, Brahim Ghali, said that the group will no longer commit to a 29-year old ceasefire and confirmed that attacks are now being launched against Moroccan forces as war recommences. The collapse of the UN-brokered ceasefire raises the potential for open-conflict to spread across the region in the short-medium term outlook.
Sub-Saharan Africa
ETHIOPIA – FREEZING OF BANK ACCOUNTS LINKED TO TIGRAY OFFICIALS SIGNALS MOUNTING POLITICAL RISKS
The attorney-general’s office has frozen 34 bank accounts belonging to the Endowment Fund for the Rehabilitation of Tigray (EFFORT), which is managed by the Tigray People’s Liberation Front (TPLF) – the ruling party in Tigray regional state. The freezing order comes amid escalating hostilities in the region since 4 November, prompted by a breakdown in relations between the TPLF leadership and the federal government. The companies affected were targeted due to their alleged role in ‘financing, acts of terrorism, [and for having] connections with the TPLF’. The move is likely intended to choke the TPLF’s access to finance. It also carries significant political risks to companies with interests in Tigray, including in the regional state capital Mek’ele, where an industrial zone is located. EFFORT has an extensive and diversified business portfolio, spanning agro-processing, mining, textiles, construction, manufacturing, and logistics. The freezing order will likely remain in effect until the security situation in Tigray has normalised. However, this is unlikely to occur anytime soon given the lack of dialogue between the TPLF and the administration led by Prime Minister Abiy Ahmed.
MALI – GROWING ANTI-GOVERNMENT SENTIMENT FOLLOWING NOMINATION OF TRANSITIONAL COUNCIL
Several political parties and civil society organisations, including the broad-based coalition Mouvement du 5 juin-Rassemblement des Forces Patriotiques (M5-RFP), are denouncing the recent nomination of members of the country’s transitional council, CNT, with some saying they will boycott its formation. This comes after a decree was issued on 9 November, outlining the members of the CNT. The M5-RFP, along with parties such as Yelema and Espérance Nouvelle ‘Jigiyakura’, have denounced a lack of consultations and representation, alleging military officials occupy too many seats – 22 out of 121 – of the new transitional legislature. Several parties have also called for protests, although no specific plans have been outlined yet. Furthermore, critics accuse the Comité national pour le salut du peuple (CNSP) – the junta that took office after former president Ibrahim Boubacar Keïta was ousted in August – of violating the transitional charter which outlines the country’s position. Detractors also complain that the interim vice-president, Assimi Goïta, is the person approving the CNT bids, while Interim President Bah N’Daw’s role has been reduced to ‘rubber-stamping’ them. The growing criticism and refusal to participate in the CNT among an important political cohort is likely to undermine the legitimacy of the transitional government and fuel anti-government protests in the one-month outlook. However, efforts to increase dialogue between the involved parties are likely to reduce this risk.
REGIONAL – GOVERNMENTS ASK WTO TO WAIVE SOME IP RIGHTS FOR COVID-19 TREATMENTS
French humanitarian aid organisation Doctors Without Borders (MSF) on 19 November called on governments to support a formal request to the World Trade Organization (WTO) for a temporary waiver on the enforcement of some intellectual property (IP) rights relating to COVID-19 treatments and vaccines for middle- and low-income countries during the pandemic. This comes after India and South Africa, supported by Kenya and eSwatini, in October issued a formal request to the WTO to allow countries to choose to neither grant nor enforce patents and other IP related to COVID-19 drugs, vaccines, diagnostics and other technologies until herd immunity has been achieved. MSF has also called on governments to demand greater transparency from pharmaceutical companies in their development of COVID-19 vaccines. The moves are intended to make medical treatments more affordable to the world’s poor. The call comes amid growing frustration and feeling among developing countries that wealthy nations will get preferential access to new COVID-19 vaccines and medicines which are being developed by large pharmaceutical companies. There are also suggestions that pharmaceutical companies are choosing to ignore their challenges. This suggests that campaigning targeting pharmaceutical companies is likely to increase over the coming months, particularly as new COVID-19 vaccines are expected to be rolled out by the end of this year or early next year. In turn, failure to agree to some waivers, among other issues including a growing anti-vaccine movement across the world, is likely to pose a growing reputational risk to pharmaceutical companies over the coming year.