Geopolitical and Cybersecurity Weekly Brief – 18 October 2021

In the Americas, on 13 October President Joe Biden announced a plan to clear extensive supply-chain bottlenecks over the next 90 days. As part of the plan, the Port of Los Angeles, in California, will increase its operations to 24 hours per day, seven days a week. In addition, Biden said the government had reached an agreement with major retailers and logistics operators Walmart, FedEx, and UPS, to increase their operations according to the same schedule.

US authorities have issued a joint security advisory highlighting malicious cyber activity targeting the IT and OT networks, systems, and devices belonging to the US Water and Wastewater Systems (WWS) sector. While threats to critical infrastructure are increasing, the WWS sector has seen a greater share of the targeting than others.

In Asia, US-based technology group Microsoft said on 14 October it will shut down professional social network LinkedIn in China, citing a ‘significantly more challenging operating environment and greater compliance requirements’. The company will replace the platform with an application limited to job applications with networking features removed, according to the company’s senior vice-president of engineering, Mohak Shroff.

A new Chinese APT campaign exploiting a 0day vulnerability in a Windows kernel driver has been recently disclosed. Successful exploitation led to the deployment of a new remote access Trojan (RAT), dubbed MysterySnail. It was found on Windows Servers between late August and early September 2021; it also supports targeting Windows client versions.

In Europe, the European Commission said it would propose to the UK for a package of measures meant to ease the transit of goods to Northern Ireland. The measures are designed to ease customs controls, including clearance for meat, dairy, and other food products. In Kosovo, the government imposed anti-dumping measures for some products imported from Serbia, further exacerbating tensions with Belgrade. The new measures were imposed a week after Serbia and Kosovo reached an agreement to ease tensions in northern Kosovo over a licence plate dispute.

A large dataset of card payment details belonging to UK-based individuals has been shared on a darknet forum. This dataset includes full card number, security code and expiry date. It also includes cardholder name, physical address and email address.

In the Middle East and Central Asia, the State Border Service (SBS) of Azerbaijan called on its Iranian counterparts to stop spreading disinformation about Azerbaijani border security, according to state media outlet APA on 11 October. These specific allegations relate to Iranian claims of Israeli forces using Azerbaijani territory to conduct surveillance operations against Iran’s armed forces during military exercises along their shared border in September and October. Meanwhile, the Syria Allies Operations Room – an Iran-backed coalition of militant groups loyal to Syrian President Bachar al-Assad – has threatened to retaliate against Israel in response to an Israeli missile strike on Syrian communications infrastructure in the city of Palmyra in the eastern part of Homs governorate.

Cyjax has analysed a long-running AgentTesla infostealer campaign targeting Dubai and the United Arab Emirates. The campaign began in at least January 2021 and the samples we gathered continued, almost daily, until May 2021. We have also seen new samples compiled in October 2021. Unlike most AgentTesla campaigns, the targeting focused heavily on the UAE, with only a handful of samples using the same C2 servers venturing outside the region into India and Italy.

In Sub-Saharan Africa, the International Court of Justice (ICJ) on 12 October delivered its long-awaited ruling over an estimated 100,000 sq km maritime zone that has been disputed by Nairobi and Mogadishu since 2014. The ICJ deemed that there was no effective and agreed boundary in place, and ruled largely in favour of Somalia. Unexpectedly, Kenya rejected the ruling, four days after it removed its recognition for ICJ’s competence to rule on the matter.

This week saw the release of numerous Patch Tuesday updates for products used by organisations in all sectors around the world. Microsoft, Siemens, Apple, Adobe, and SAP, to name a few, all put out fixes to address issues in their products. Many of these are rated critical severity and should be dealt with as soon as possible, in line with your company’s security policies.

Scroll to Top