Date: 17th May 2024
Cyberdiplomacy is a direct result of the evolving geopolitical landscape. As the global political environment undergoes significant changes, we carefully monitor the resulting cyber affairs. Exclusively at the Cyberdiplomat!
China-linked group uses malware to try to spy on commercial shipping, new report says
Mustang Panda, a cyber espionage group with links to China, has targeted cargo shipping companies in Norway, Greece, and the Netherlands with malware. This has raised concerns about the growing cybersecurity threat from China. The group has a history of conducting espionage activities across Asia and Europe. The attacks on shipping companies mark the first evidence of a China-linked cyber espionage group focusing on commercial shipping. Chinese officials have strongly denied the accusations, emphasizing that China opposes all forms of cyber attacks. British and U.S. officials have also highlighted the increasing threat from Chinese cyber espionage and hacking at a cybersecurity conference in the United Kingdom.
LockBit ransomware group claims cyber attacks on two Kerala-based companies
The Russian ransomware LockBit has targeted four Indian companies, including Double Horse and V-Star in Kerala, Hetero in Hyderabad, and Vikrant Group in Vadodara. LockBit has posted sensitive data on its dark web portal and demands ransom after infiltrating computer systems. V-Star officials confirmed a recent cyber attack on their attendance system but stated that their operations remain unaffected as they use a cloud-based system. Double Horse has not responded to the incident yet. The hackers have set May 15 as the deadline for paying the ransom, but the amount demanded is unknown. Falconfeeds.io, a private cybersecurity firm, reported the data breach. LockBit ransomware, responsible for 20% of last year's attacks, recently resurfaced with intensified cyber-attacks. The US announced a $10 million bounty on the developer of LockBit. Last year, LockBit targeted 22 companies in India, making it one of the most notorious ransomware operations.
Russian FSB-linked hacking group Turla “likely” behind new backdoors on a European government network, as per Slovak cybersecurity firm ESET
Researchers at ESET have discovered two new backdoors, LunarWeb and LunarMail, likely used by a Russian state-affiliated hacking group to infiltrate the foreign affairs ministry of an unnamed European country. ESET attributed these cyber intrusions to Turla, a group believed to be part of the Russian Federal Security Service (FSB) and active since at least 2004. LunarWeb uses HTTP(S) for its command and control communications on servers, while LunarMail, deployed on workstations, uses email messages for its command and control communications. Turla mainly targets high-profile entities such as governments and diplomatic organizations in Europe, Central Asia, and the Middle East. The group has a history of breaching major organizations, including the US Department of Defense in 2008 and the Swiss defense company RUAG in 2014. Recent Russian cyber operations in Europe have led to diplomatic tensions. Germany temporarily recalled its ambassador from Russia last week, and the United Kingdom and Czechia summoned their respective Russian ambassadors to address concerns over alleged cyber activities and other suspected espionage operations.
China’s cyberattacks on Taiwan surge ahead of presidential inauguration
China's cyberattacks against Taiwan have surged to 2.5 million a day before the presidential inauguration, up from 1 million after the January 13 elections. The attacks are mainly targeting government entities. The National Security Bureau confirmed the increase and stated that disinformation and cyberattacks were frequent. The Ministry of Foreign Affairs is investigating alleged leaks of confidential documents to a hacker's website. President-elect Lai Ching-te expressed support for local cybersecurity development at the CyberSec conference. There are concerns that the Chinese Communist Party may attempt to disrupt Lai Ching-te's inauguration on May 20 through hacking and sabotage. China has increased pressure on the Democratic Progressive Party and sought information about Lai's inauguration speech through academics in Hong Kong and Macau.
Nigeria Halts Cybersecurity Tax After Public Outrage
The Nigerian government has decided to pause its plan to fund national cybersecurity improvements through a 0.5% levy on domestic electronic transactions. This comes after facing public criticism for increasing taxes during an economic crisis. The Central Bank of Nigeria had directed financial institutions to start collecting the levy within two weeks, but the implementation was suspended following public outcry. The levy was proposed in 2015 to raise 3 trillion naira annually, but concerns exist that it may drive citizens to use cash or checks for transactions. Ajayi of KPMG emphasizes the importance of responsible spending and gradual tax reform implementation for fiscal sustainability
GCHQ to protect politicians and election candidates from cyber attacks
The National Cyber Security Centre (NCSC) provides a Personal Internet Protection service to high-profile individuals at risk from hostile states. In 2023, a hacking group linked to Russia’s FSB security service targeted MPs with spear phishing attacks. In March 2024, a Chinese state hacking group targeted the email accounts of over 40 UK parliamentarians who spoke out against China or were members of the Inter-Parliamentary Alliance on China (IPAC). The NCSC plans to offer high-risk individuals an opt-in cyber protection service based on its Protective DNS service. Jonathon Ellison, NCSC director, highlighted the vulnerability of individuals in essential roles in our democracy to cyber actors seeking to disrupt or undermine society. The NCSC has issued guidance to civil society groups, including journalists, activists, academics, lawyers, and dissidents, who may be targeted by malicious hackers. The guidance follows a meeting of agencies from 10 countries in Birmingham at the NCSC’s CyberUK conference. A hacking group known as Callisto, ColdRiver, Tag-53, TA446, and BlueCharlie, which targeted high-profile individuals, including UK politicians, as part of a Russian FSB operation in 2023. In February 2023, Scottish National Party MP Stewart McDonald disclosed that the Russian hacking group had hacked his emails. Other MPs have also been targeted.
Brick Court Chambers investigating ‘potential cyber incident’
Brick Court Chambers in London is dealing with a cyber incident involving the Medusa hacking software. They are fully operational and taking measures to safeguard their systems. The source of the incident has not been disclosed. The Medusa ransomware encrypts files and demands cryptocurrency payments to unlock them. Last year, it was responsible for 99 breaches in several countries. The Law Society and Bar Council of England and Wales have issued updated joint cybersecurity guidance following a ransomware attack in 2021 that impacted 4 New Square. Sam Townend KC, chair of the Bar Council, emphasized the importance of safeguarding client information and highlighted the value of the cybersecurity questionnaire in mitigating cyberattack risks.
Kansas City, Mo., Still Hampered After Cyber Attack
Following a cyberattack on Kansas City's website, contractors are unable to obtain building permits, and zoning matters remain unresolved. Online water bill payments are unavailable, prompting a 30-day grace period for mail-in payments. Essential city services continue without interruption. The city's computer system was shut down almost two weeks ago due to a cyberattack, and the website went back online last Wednesday with limited functionality. City officials did not estimate when things would return to normal and declined to comment on whether the attack was a ransomware incident. Mayor Quinton Lucas assured that more city functions will come online when it's safe to do so and asked for the public's patience and cooperation. Law enforcement agencies are investigating the cause of the disruption.
53,000 affected in Nissan North America cyber attack
In November last year, Nissan's systems were targeted by a threat actor who shut down some systems and held them for ransom. Sensitive information of current and former employees was accessed. Nissan revealed that staff data was compromised but not misused. The accessed data included personal identifiers but not financial information. Nissan engaged cyber security experts to bolster its security protocols and is providing affected individuals with access to Experian's IdentityWorks services as a precautionary measure. The Nissan North America attack follows an earlier attack on Nissan Oceania's IT systems, impacting approximately 100,000 individuals, including customers of Nissan's various brands, dealers, and some current and former employees.
France: Troops deployed, TikTok banned as deadly unrest rocks New Caledonia
France has sent soldiers to New Caledonia, banned TikTok, and declared a state of emergency after violent protests over new voting regulations. The French security forces have placed five suspected ringleaders under house arrest. More than 200 "rioters" have been arrested, and hundreds have been wounded in the clashes. New Caledonia, located between Australia and Fiji, has been predominantly under French control since the nineteenth century. The state of emergency allows authorities to implement travel restrictions, impose house arrests, and conduct searches. There are also restrictions on gatherings, carrying weapons, and alcohol sales, in addition to a night curfew.
New Cyber Crime Unit Under PECA Law Raises Free Speech Concerns in Pakistan
The Pakistani government has established the National Cyber Crimes Investigation Agency (NCCIA) under the Prevention of Electronic Crimes Act (PECA) 2016. An editorial in the Dawn newspaper expressed concerns about the NCCIA’s objectives, highlighting that the NCCIA’s mandate under PECA has been used to suppress dissent and restrict freedom of the press and speech. The PECA law has faced criticism for being used to target political opponents and restrict freedom of expression online. Amnesty International and Human Rights Watch have condemned the 2022 amendments to PECA for restricting freedom of expression. The establishment of the NCCIA under PECA raises significant concerns about free speech and press freedom in Pakistan.
UAE CYBER SECURITY COUNCIL URGES IPHONE USERS TO UPDATE SOFTWARE
In a post on social media platform X, the UAE Cyber Security Council said: "Apple has released a security update to address several critical security vulnerabilities for its various products, that could potentially allow attackers to gain unauthorized access to devices, steal data, or execute malicious code.
Comments