Geopolitical and Cybersecurity Weekly Brief – 12 July 2021

In the Americas, hackers believed to be responsible for a major ransomware attack launched against Florida-based IT firm Kaseya are demanding a ransom payment of USD70m to restore seized data. Haitian police said that a group of 28 foreign mercenaries, including at least 15 Colombians and two Haitian Americans, were responsible for the assassination of President Jovenel Moïse.

US media has reported that the Republican National Committee (RNC) was recently breached by a Russian state-affiliated APT group. Unnamed sources familiar with the breach have attributed the intrusion to the Russian foreign intelligence service (SVR).

Morgan Stanley has disclosed it was the victim of a data breach. The personal information of customers has been compromised following an attack on Morgan Stanley’s third-party IT provider, Guidehouse.

In Asia, a Chinese advanced persistent threat (APT) group titled IndigoZebra in April sent emails with embedded malware to members of the Afghan National Security Council (NSC) in a spear-phishing campaign. Meanwhile, a suspected Chinese state-backed group is launching cyberattacks against telecommunications organisations in Taiwan, Nepal, and the Philippines.

In Europe, Russian President Vladimir Putin approved a revised version of the country’s national security strategy which outlines a set of measures designed as a response to perceived attacks on Russian culture from the US and its allies. The UK government will investigate the takeover of Newport Wafer Fab, the country’s largest silicon wafer manufacturer, by a China-backed firm over national security concerns.

In the Middle East and Central Asia, Kuwaiti authorities arrested a well-known poet and political activist over his activity on Twitter deemed critical of the government, highlighting restrictions on freedom of expression. Moroccan police arrested a suspected hacker linked to a series of cyberattacks against French banks, telecommunications companies and multinational corporations aimed at defacing pages or stealing information.

Operation WildPressure has continued to target industrial-related entities in the Middle East. The adversaries behind the campaign have also developed new iterations of its Milum Trojan. Operation WildPressure is a sophisticated and persistent attack campaign, likely being perpetrated by a state-affiliated APT group. Iran’s state-controlled railway service experienced major disruption on 9 July as a result of a cyberattack. Iran’s state broadcaster, IRIB, described scenes at railway stations as ‘unprecedented chaos’.

In Sub-Saharan Africa, UN agencies and non-governmental organisations have intensified calls for investigations into alleged human rights abuses committed by the Eswatini police and the armed forces in their crackdown on countrywide pro-democracy protests.

Scroll to Top