In the Americas, on 6 January US Secretary of State Antony Blinken announced a travel ban on eight unnamed Cuban officials involved in a crackdown on anti-government protests in July 2021. In a statement, Blinken said that those who ‘jail peaceful protesters and sentence them to unjust prison terms must be held accountable’. Responding to the announcement, Cuban foreign minister Bruno Rodríguez criticised the US’s actions as ‘unilateral coercive measures’. In Haiti, Prime Minister Ariel Henry was targeted in an unsuccessful assassination attempt at a ceremony in the northern city of Gonaïves on 1 January.
Security specialists have identified a new and sophisticated, financially motivated threat actor, dubbed ElephantBeetle. The group was tracked during a complex campaign in which the operators infiltrated targets from the finance and commerce sectors in Latin America. Elsewhere, the Federal Trade Commission (FTC) stated that US organisations will be fined if they have not patched the Log4j vulnerability (CVE-2021-44228), Log4shell. In a statement, the FTC outlined the widespread risks associated with leaving vulnerabilities unpatched.
In Asia, novel China-based advanced persistent threat (APT) group titled Aquatic Panda has exploited critical flaws in the Apache Log4j logging library to conduct cyberespionage against an unspecified ‘large academic institution’, according to a recent report by US-headquartered cybersecurity firm CrowdStrike. The organisation targeted in the attack rapidly moved to counter the infiltration attempt and the precise motivation behind the attack remains unclear.
It has been reported that VMWare Horizon servers used by the UK’s NHS have been targeted by a threat actor using the Log4Shell vulnerability in Log4j (CVE-2021-44228) to deploy webshells. According to the NHS security team, these webshells could then be used for data exfiltration, and the deployment of ransomware or malware.
In the Middle East and Central Asia, the Israeli Defence Force (IDF) ex-cyber chief Brigadier General Yaron Rosen (ret.) on 3 January accused pro-Iranian cyber threat actors of hacking The Jerusalem Post’s website and that of the Twitter account of the Maariv daily. The Post’s website was replaced by an image of an explosion taking place at Israel’s Dimona nuclear facility accompanied by a message that read: ‘We are close to you and where you do not think about it.’ A similar message was posted on Maariv’s account but was soon deleted after the centrist newspaper retook control.
In Sub-Saharan Africa, the Economic Community of West African State (ECOWAS) has called for an extraordinary meeting in Accra, Ghana on 9 January to discuss Malian authorities proposals for a five-year transition to civilian rule. ECOWAS’ mediator for Mali, ex-president of Nigeria Goodluck Jonathan, will travel to Bamako on 5 January to consult Malian officials ahead of the meeting in Accra. On 4 January, security forces deployed tear gas against pro-democracy protesters in the capital Khartoum and in Port Sudan. The demonstrations are the latest in mass unrest against military rule after the coup d’état in October.
The Geopolitical and Cybersecurity Weekly Brief is now part of the subscription package of intelligence services provided by Cyjax and our partners A2 Global Risk. In order to get access to the full report, please contact firstname.lastname@example.org or visit our explanatory service page here.