Geopolitical and Cybersecurity Weekly Brief – 27 September 2021

In the Americas, Canadian Prime Minister Justin Trudeau’s Liberal Party will remain in government after winning most seats during the 20 September general election. Meanwhile, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Czech Republic-based cryptocurrency exchange SUEX OTC for allegedly facilitating illicit ransomware payments. This marked the first time the US sanctioned a cryptocurrency exchange over ransomware payments.

The BlackMatter ransomware group hit US farmers cooperative, NEW Cooperative, demanding a $5.9 million ransom to not leak stolen information and provide a decryption key. NEW Cooperative is a feed and grain provider with over sixty locations throughout Iowa, and any threat to its infrastructure is likely, therefore, to be considered a “threat to the country’s national and economic security,” according to the National Law Review.

In Asia, Chinese state-backed threat actors allegedly breached and exfiltrated data from an Indian government agency responsible for a national identification database and one of the country’s largest media conglomerates. Both the government agency – the Unique Identification Authority of India (UIDAI) – and the media firm – Bennett Coleman & Co. (also known as The Times Group), which publishes the Times of India – dispute the allegations. UIDAI holds the private biometric data of more than one billion Indian citizens.

In Europe, Hungarian opposition parties blamed a cyberattack after pre-election voting to determine a joint candidate for each electoral unit during next year’s election was halted on 18 September. Organisers had initially blamed the issue on an unexpectedly high voter turnout but later confirmed the fault was due to a system overload and targeted cyber-attack.

Lithuania’s defence ministry has advised consumers to avoid acquiring new Chinese mobile phones and to dispose of existing ones after a government report discovered the devices had built-in censorship capabilities. The National Cyber Security Centre said the Xiaomi Mi 10T 5G phone software had been turned off for the ‘European Union region’ but could be turned on remotely at any time.

In the Middle East and Central Asia, Turkish President Recep Tayyip Erdoğan announced on 21 September, that his government will be clamping down on the cryptocurrency market without citing any details. The president was speaking in Mersin, which was hosting the launch of the Digital Turkish Lira Collaboration Platform by the Central Bank of the Republic of Turkey (CBRT). During a question-and-answer session, Erdogan declared that his government had no plans to adopt cryptocurrency.

In Sub-Saharan Africa, President Joe Biden signed an Executive Order (EO) outlining a sanctions regime against Ethiopia and Eritrea. Specifically, the Biden administration wants Ethiopia to accept African Union-led mediation, designate a negotiation team, accept negotiations without preconditions, and schedule initial talks. On 22 September, Johannesburg-headquartered African Bank revealed that an unspecified number of its customers’ personal data and debt information was available on the dark net – a largely unregulated part of the internet. This comes after one of its debt recovery service providers, Debt-IN, had been targeted in a ransomware attack in April.

A new cyber-espionage group, dubbed FamousSparrow, has been revealed by security researchers. The group is thought to have been active from around 2019 targeting specific sectors across most continents. FamousSparrow leverages the Microsoft Exchange vulnerabilities known as ProxyLogon to infect target networks.

In recent weeks, Cyjax researchers have identified an increase in discussions between threat actors over the use of LinkedIn for insider recruitment. In the UK fraud community on Telegram as a whole, we have seen an increase in demand for insiders across numerous sectors.

Scroll to Top