From February 2021, we are adding the Geopolitical and Cybersecurity Weekly Brief to the subscription package of intelligence services provided by us and our partners A2 Global Risk. In order to get access to the full report, please contact firstname.lastname@example.org or visit our explanatory service page here.
In the Americas, President Joe Biden gave his first foreign-policy speech, confirming his intended return to multilateralism and a partial break from his predecessor’s transactional policy moves. Authorities in Canada designated the Proud Boys as a terrorist entity. Taiwan opened a representative office in Guyana, in a move opposed by China.
Investigators reportedly uncovered that the National Finance Center, a federal payroll agency inside the US Department of Agriculture (USDA), was hit by Chinese groups abusing newly disclosed vulnerabilities in SolarWinds products. These are different bugs to those exploited by the Russian-backed group responsible for the well-documented SolarWinds Orion supply chain attack of 2020. The US has suffered numerous waves of relatively sophisticated phishing this week. The FBI, US government COVID relief funds, and others were all used as lures to steal credit card details, personal information, and pandemic support finance from unwitting Americans.
In Asia, the US government formally designated the Myanmar military’s recent actions as a coup d’état, legally mandating an end to US assistance to the country’s government. In China, police have cracked down on fake doses of the COVID-19 vaccine as part of a campaign to fight jab-linked crimes.
JPCERT has detailed a campaign by threat group A41APT (also known as Stealth) which is targeting a wide range of industries, including manufacturing, in Japan. The group initially penetrates target systems using SSL-VPN vulnerabilities or stolen credentials; it then moves laterally through the system, scanning for open RDP or SMB ports, and connecting to them as an admin.
In Europe, the French government called on Germany to abandon the Nord Stream 2 pipeline project, adding a political dimension to the project and challenging Germany’s claims that it is merely commercial venture. Multiple Finnish financial institutions have reported being targeted by criminals amid a growing number of hacking attempts in the past year.
French cybersecurity company Stormshield disclosed a cyberattack in which a threat actor gained access to one of its customer support portals. The attackers stole information on some clients, as well as parts of the source code for the Stormshield Network Security (SNS) firewall. This is a data breach with serious implications. Stormshield Network Security firewall is used by French government networks, some of which could have been compromised as part of this incident.
In the Middle East, US President Joe Biden announced that the country will end ‘all American support [to Saudi Arabia] for offensive operations in the war in Yemen’. In Saudi Arabia, 24 multinationals announced plans to establish regional headquarters in the capital Riyadh, marking a success for the large-scale modernisation drive under ‘Vision 30’. Israel and Kosovo also formally established diplomatic ties, with Kosovo controversially pledging to open an embassy in Jerusalem.
In Burundi, government and representatives of the European Union (EU) began talks in the commercial hub Bujumbura over the possible lifting of EU sanctions; however, a number of outstanding issues remain for normalisation. Ethiopian authorities say they foiled planned attacks on UAE embassies in the region.
Cisco has addressed multiple pre-authentication remote code execution (RCE) vulnerabilities in its small business VPN routers that could allow attackers to execute arbitrary code as root users. These bugs have been patched in the release of firmware version 1.0.01.02 and later.