Geopolitical and Cybersecurity Weekly Brief – 25 October 2021

In the Americas, the US Congressional-Executive Commission on China (CECC) on 19 October, lawmakers urged President Joe Biden to ease asylum requirements and take other actions to assist those fleeing Hong Kong and other parts of China where alleged human rights abuses have occurred. Legislators on the committee vowed to maintain pressure on Beijing over human rights. Meanwhile, documents released by the US Congress on 21 October showed that suppliers to Chinese telecommunications giant Huawei Technologies and China’s top chipmaker, Semiconductor Manufacturing International Corp (SMIC), obtained export licences worth billions of US dollars from November 2021 through April 2022.

A threat actor claims to have breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population. The attack took place in September and targeted RENAPER (Registro Nacional de las Personas), which is used by the Argentinian Interior Ministry for issuing national ID cards to citizens.

In Asia, LightBasin (or UNC1945), an advanced persistent threat (APT) group with suspected ties to China, is thought to be responsible for cyberattacks on 13 telecommunications firms worldwide since 2019, according to researchers from US-based cybersecurity company CrowdStrike on 19 October. The researchers allege that the APT group used custom tools and expertise in telecommunications protocols to breach organisations’ defences. A new threat group, dubbed APT-Q-28, has been attributed to Operation EICAR. The group targets Chinese financial and securities services, software developers, and game developers. Operation EICAR appears to be a financially motivated campaign that has been active since the end of 2019.

Answering questions during a CNN town hall programme on 21 October, US President Joe Biden said that the United States would come to Taiwan’s defence and was committed to defending the island. The White House afterwards clarified that there was no change in Washington’s policy.

In Europe, telecommunications regulator Roskomnadzor is expected to present a list of ‘IT giants’, which will be required to open a representative office in Russia as part of a new law, according to media reports on 22 October. The legislation will be implemented from 1 January 2022 and will require technology companies with ‘large Russian online audiences’ to add mandatory feedback forms on websites, comply with domestic ‘prohibitions, requirements and restrictions’ as well as respond to notices by Roskomnadzor. The US and five European countries have reached an agreement to end European digital services taxes in 2023. Austria, France, Italy, Spain and the UK have agreed to withdraw digital taxes, which mainly apply to major US firms, in 2023 while Washington pledged to drop retaliatory trade tariffs on certain European products, such as aircraft.

Threat actors are selling a stolen database containing 50 million records about Moscow drivers. The data is being sold on an unknown underground forum for only $800. Russian media outlets which purchased the data claim that it is valid and pertains to records collected between 2006 and 2019. The source for this information is allegedly an insider from the Moscow traffic police department

In the Middle East and Central Asia, a Turkey-based hacker identified as ‘RootAyyildiz’ claimed credit for the defacement of the officiof former US president Donald Trump. The hacker defaced the site on 8 October with the following message in Turkish: ‘Do not be like those who forgot Allah, so Allah made them forget themselves.’ On 19 October, the European Court of Human Rights called on the Turkish government to repeal a law that punishes people for insulting President Recep Tayyip Erdoğan.

A new RAT campaign targeting political, diplomatic, and humanitarian entities in Afghanistan and India has been disclosed. The threat actor uses commodity crimeware to achieve remote control of infected devices.

In Sub-Saharan Africa, on 16 October, Reuters news agency reported that Swiss commodity trading group Glencore – the world’s largest – along with a consortium of 16 commercial lenders had begun talks with the government to restructure part of its more than USD1 billion oil-for-cash loans. The report confirms progress made in debt-restructuring talks between Chad and its commercial creditors, 10 months after Chad formally requested the negotiations. The US Department of Justice on 20 October announced it had charged eight Nigerian nationals with wire fraud, money laundering, and identity theft. Seven of the suspects are believed to be members of the Neo Black Movement of Africa (also known as Black Axe) – an organised crime group based in Nigeria’s Benin City which is composed of regional chapters or ‘zones’.

New research has identified two new clusters of activity linked to the Lyceum APT group focused on two entities in Tunisia in the telecommunications and aviation sectors. The group has updated its toolset to include two new versions of its DanBot malware.

Scroll to Top