Geopolitical and Cybersecurity Weekly Brief – 26 July 2021

In the Americas, US automotive giant General Motors (GM) announced it would reduce truck production due to the global semiconductor shortage. The US Department of Homeland Security instructed on 20 July pipeline owners and operators to adopt ‘urgently needed’ cybersecurity protections.

An exposed database has been found that may belong to the US Terrorist Screening Center (TSC). The database contains over 1.9 million records, including data such as name, gender, citizenship, date of birth, watchlist ID, passport ID, no-fly indicator, and the country that issued that alert.

In Asia, US-based photography firm Kodak apologised for posting pictures of China’s north-western Xinjiang region on Instagram with a caption alleging that the area is under ‘acute repression’. Relatedly, Chinese factories supplying US companies Apple and Nike are reportedly no longer hiring labour from Xinjiang.

The UK NCSC and its international partners have disclosed that Chinese state-backed APT groups linked to the Ministry of State Security (MSS) were responsible for the worldwide targeting of Microsoft Exchange servers. The NCSC has formally confirmed that it is “highly likely” that a group known as HAFNIUM was behind the activity.

In Europe, a Turkey-based hacker group attacked the public debt department website of Serbia’s finance ministry posting a photograph containing a reference to the 1995 Srebrenica massacre. Meanwhile, Stockholm-based telecommunications firm Ericsson warned of potential retaliation over Sweden’s decision to ban Huawei from developing 5G networks after reporting a lower market share in China.

In the Middle East and Central Asia, Israel and Morocco signed the first bilateral cooperation agreement in the field of cybersecurity, focusing on operational cooperation, research and development and the sharing of information and knowledge. Amazon Web Services (AWS), the Cloud arm of Amazon, has shut down infrastructure and accounts linked to Israeli surveillance company NSO Group in response to the Pegasus spyware scandal.

The leak of 50,000 phone numbers belonging to potential surveillance targets from NSO Group has been investigated as part of ‘The Pegasus Project’. The leaked phone numbers belong to hundreds of business executives, religious figures, academics, NGO employees, union officials, and government officials from all over the world.

In Sub-Saharan Africa, the downing of a second fighter jet after intense fire by alleged bandits in the north-western Zamfara state escalates the aviation risk in north-western Nigerian states. In Ethiopia, Tigrayan rebel forces crossed into Afar, according to a statement on 19 July, confirming that armed hostilities have expanded.

Microsoft’s Digital Crimes Unit (DCU) has taken down seventeen domains used by Business Email Compromise (BEC) threat actors against Microsoft customers. The attackers are thought to operate from West Africa and are part of a larger network of cybercriminals.

Scroll to Top