In the Americas, the world’s largest meat supplier, Brazil-headquartered JBS, announced that it had paid hackers approximately USD11m, reportedly in Bitcoin, to end a major ransomware attack affecting its computer networks in North America and Australia. San Francisco-based cloud computing services provider Fastly said that a global internet outage affecting major corporate and government entities was caused by a software bug.
CISA, the FBI, and the UK NCSC issued a joint security advisory regarding cyber threat actors from North Korea targeting several pharmaceuticals, vaccine, and virology organisations affiliated with Operation Warp Speed (OWS). These threat actors also target individual staff members at OWS entities via LinkedIn, social media, and email using corporate or personal accounts.
In Asia, Chinese authorities identified 291 smartphone applications, including those in Microsoft Office suite, for allegedly misleading or infringing on user privacy following new Ministry of Industry and Information Technology regulations implemented in May. Washington passed the U.S. Innovation and Competition Act, a bipartisan technology and manufacturing bill to ensure that the country remains competitive against China as a global technological hub.
The Security Service of Ukraine (SBU) claims to have obstructed a mass cyberattack by Russian special services. Public authorities, local governments, and critical infrastructure were targeted. The campaign involved spoofed emails from the Kyiv Patrol Police Department containing a RAT. The malicious software gained remote control of the machine; the C&C servers were located in Russia.
In Europe, Spain’s labour and social economy ministry (MITES) said it was targeted in a cyberattack, highlighting the threat to government ministries. France’s Competition Authority said that US-based technology firm Google would be fined EUR220 million for abusing its ‘dominant’ position in online advertising.
A new attack campaign utilising a chain of 0day exploits in Google Chrome and Microsoft Windows was disclosed. The 0days were reportedly used in April in a wave of highly targeted attacks against multiple companies. These have been linked to a new APT group dubbed PuzzleMaker. The group’s TTPs demonstrate an advanced, well-resourced and, potentially, state-sponsored threat that uses multiple methods to evade attribution, detection, and anti-forensic techniques.
In the Middle East, an Israel-based cyber security company has reportedly sold software able to hack into Apple iPhones to the Saudi government. Negotiations to revive the Joint Comprehensive Plan of Action (JCPOA, nuclear deal) resumed in Vienna ahead of Iran’s 18 June presidential elections.
In Sub-Saharan Africa, French President Emmanuel Macron announced ongoing plans for a ‘profound transformation’ of his country’s bilateral military presence in the Sahel region, particularly with regard to its Operation Barkhane. The French government also froze EUR10 million in budget support to the CAR ‘until further notice’ and suspended a military training mission there.
The Geopolitical and Cybersecurity Weekly Brief is now part of the subscription package of intelligence services provided by Cyjax and our partners A2 Global Risk. In order to get access to the full report, please contact firstname.lastname@example.org or visit our explanatory service page here.