This month, Cyjax CISO, Ian Thornton-Trump, and Head of Editorial, Tristan de Souza, are joined by Joe Frederick, EMEA Operations and Security Intelligence Manager at A2 Global Risk, our geopolitical intel partners. The guys cover a recent US military report on North Korea’s physical and cyber capability, the Belarusian election, corporate (lack of) responsibility in protecting data (Garmin), and corporate malfeasance in hiding wrongdoing (Uber).
Watch this month’s podcast here.
North Korea – an extensive foreign interference network
In mid-August, the US Army published a report detailing the tactics used by North Korean military operatives, including by the country’s cyber threat actors. The number of malicious cyber-actors in the employ of Pyongyang is believed to be more than 6,000, having grown from 1,000 in 2010. According to the report, the overarching North Korean cyber-division is known as ‘Bureau 121’ and consists of four main sub-divisions: three are dedicated to cyber-warfare; one to electronic warfare. So far, so standard: these groups were all known to the industry beforehand and North Korea is one of the most notorious players on the nation-state cyber stage. As Joe notes in the podcast, however, one paragraph stood out. In this small section of a nearly 300-page report, it is noted that many members of Bureau 121 have travelled to various countries and operated from there as an outpost of the North Korean regime. Pyongyang lets military hackers travel abroad to set up shell companies that then act as a cover for foreign-based server infrastructure, and also as intermediary entities in money laundering operations. According to the report, Belarus, China, India, Malaysia, and Russia have all been infiltrated in this way. Is this list complete? Or is it part of a strategy by the US to sow distrust among countries that the US sees as potential roadblocks in its path to national security?
The global implications of the Belarus election
Belarus went to the polls in early August with the result practically a foregone conclusion. In elections that no one believes were free or fair, the incumbent president, Alexander Lukashenko, won 80% of the vote and his nearest challenger fled the country. There protests in the run-up to the election and those protests continue today. There were also cyberattacks on government sites, according to the government, perhaps as a cover for their crackdown on social media sites in the days preceding the election when “Minsk Facebook” and Messenger, YouTube, Instagram, WhatsApp and Viber had all been blocked in the country, along with “two major grassroot-driven platforms”, Online-Platforma Golos and ZUBR, and AppStore.
In a television interview on 27 August, Russian President Vladimir Putin said that Moscow had assembled a police reserve force that could be sent to Belarus in the event of violent unrest. Putin said that the force was assembled at Lukashenko’s request. As Joe notes in the podcast, this police force and Putin’s comments should be understood in the broader geopolitical context in the sense that it “doesn’t serve Russia’s best interests to invade Belarus.” This is not a case of an anti-Russia, pro-EU country looking to remove itself from Russia’s sphere of influence as it was in Ukraine several years ago. While the EU and other western powers have condemned the election’s outcome, they also recognise Belarus’ extremely close ties to Russia and have purposefully avoided statements and actions which Moscow may deem as antagonistic. Putin is playing the long game and the geopolitical conditions – with populist forces challenging for power in much of the West – favour him at this time. How long will that last?
Corporate responsibility – the Garmin breach
In the last section of the podcast Ian gets angry, Tristan, too, but Joe remains an oasis of calm. We’re talking corporate responsibility, business ransomware insurance, and the likelihood that governments will start putting pressure on organisations to be more careful with their data through either legislation or precedent in the courts. This all stems from a discussion surrounding the breach of GPS technology manufacturer, Garmin, which was hit by ransomware and ended up paying a $10 million fine. As Ian has said before, the amount of nefarious technological skill that $10 million can buy in Russia, say, or the Far East, means that this ‘seed money for cybercriminals’ will only result in more sophisticated threats in the future.
This issue has only worsened in recent years and companies do not appear to be helping themselves. Towards the end of August, the US Department of Justice charged the ex-chief of security at Uber with paying hush money to cover-up a breach that took place in 2016. What’s more, the CEO, who appears to have known about the attempted cover-up, was not charged. What does it say about the corporate and regulatory environment if companies are more inclined to sweep issues like this under the carpet than to address them head-on in the interests of both their employees and customers?
All this and more covered in this month’s podcast. Enjoy!
If you enjoy our podcast, please subscribe to our YouTube channel and follow us on LinkedIn for all the latest blogs covering the intersection of cybersecurity and geopolitics. Essential reading for all businesses.