In the Americas, Colonial Pipeline announced that it has resumed operations on its fuel pipeline network targeted in a major ransomware attack late last week. The company was revealed to have paid a $5 million ransom to the operators of the DarkSide ransomware. These threat actors, apparently fearing a law enforcement backlash, have gone to ground and shut down their data leaks site. A US court filing revealed that the US Department of Defense is removing Chinese smartphone giant Xiaomi from a government blacklist, paving the way for investment.
In Asia, an investigation revealed that seven firms supplying device components, coatings, and assembly devices to US technology firm Apple have ties to alleged forced labour involving Uyghurs and other minorities in China. US electric vehicle (EV) maker Tesla has halted plans to buy land to expand its Shanghai plant and make it a global export hub over the uncertainty caused by US-China tensions.
In Europe, Germany’s BKA federal criminal police noted a significant increase in the number of attacks on IT systems since the emergence of the coronavirus (COVID-19) pandemic. Police in Hungary said official websites with COVID-19-related content were targeted in a cyberattack.
The Irish Health Service Executive (HSE) was alerted to a widespread Conti ransomware attack affecting its systems on 13 May. Malicious activity was also detected on the Department of Health’s systems, however, execution of the ransomware was prevented. Cyjax analysts uncovered a Conti ransom note uploaded from Ireland to a public sandbox.
In the Middle East and Central Asia, Israel’s state-owned KAN News said their news website and app were both hit by a cyberattack. The incident took place amid ongoing conflict between Israel and the Gaza Strip. Meanwhile, the number of cyberattacks in the Middle East has risen to unprecedented levels, according to a 2021 cybersecurity report.
A suspected Pakistan state-sponsored APT group known as TransparentTribe is behind a long-running spear-phishing campaign against military and defence sector organisations. TransparentTribe is expanding its targeting and has recently gone after diplomatic entities, contractors, research institutions, and conference attendees.
In Sub-Saharan Africa, Rwandan intelligence operatives reportedly infiltrated an event hosted in April by an American university, using in-person attendants and participants joining through the Zoom video-conferencing platform. The Sudanese government has frozen a 25-year military agreement with Russia amid improving ties with the West.
The Geopolitical and Cybersecurity Weekly Brief is now part of the subscription package of intelligence services provided by Cyjax and our partners A2 Global Risk. In order to get access to the full report, please contact firstname.lastname@example.org or visit our explanatory service page here.