Geopolitics and Cybersecurity Weekly Brief – 16 August 2021

In the Americas, Spain recalled its ambassador to Nicaragua after the Nicaraguan government issued a highly critical statement accusing Madrid of interfering in the country’s internal affairs. The US Department of State also imposed new visa restrictions on 50 relatives of Nicaraguan government officials in response to a recent crackdown on opposition parties and media organisations critical of President Daniel Ortega.

In Asia, a Chinese court sentenced Canadian business executive Michael Spavor to 11 years imprisonment on charges of spying and illegally providing state secrets to foreign entities. Another court upheld an earlier death sentence on Canadian national, Robert Schellenberg, found guilty of illicit drug trafficking offences.

An espionage campaign is targeting a range of sectors in China, including military, education, aerospace, scientific research, and healthcare. The campaign has been attributed to a new group dubbed APT-C-48 (also called the “CNC organisation”), which reportedly emerged in 2019.

In Europe, the Minsk mayor banned Western goods from retail stores amid growing speculation that more efforts will be taken to limit the inflow of goods from countries perceived as being hostile to Belarus. A diplomatic dispute between China and Lithuania is escalating, related to the opening of a de facto Taiwanese embassy in Vilnius.

A 300GB cache of data allegedly consisting of 1.6 million emails from the Lithuanian Foreign Ministry, in which correspondence dates back nearly a decade, has gone up for sale online. The emails reportedly contain entire conversation threads and include attached documents. Many of them have been marked as “Sensitive” and “Highly Sensitive”.

In the Middle East and Central Asia, a China-linked hacking group has reportedly been engaged in a broad spectrum cyberespionage campaign against Israeli government institutions and organisations in the academic, defence, information technology, telecommunications and maritime shipping industries. Iran’s Islamic Revolutionary Guard Corp is reportedly investigating cyber vulnerabilities against global shipping and energy infrastructure.

A Chinese cyber-espionage group, tracked as UNC215, has been targeting Israeli government organisations, as well as companies in the technology, telecommunications, defence, finance, entertainment, and healthcare sectors. The attackers are exploiting a vulnerability in Microsoft SharePoint to deploy malware against Middle Eastern and Central Asian targets.

In Sub-Saharan Africa, British oil and gas major BP reportedly agreed to settle a dispute with The Gambia over delayed drilling.

A new AdLoad malware variant is targeting macOS devices in multiple campaigns. The malware can avoid Apple’s YARA signature-based XProtect built-in antivirus to infect the devices. These new attacks have been going on since at least November 2020, with an increase in activity observed at the start of July and August 2021.