Friday, April 21, 2023 // (IG): BB // Financial Enabler // Coffee for Bob
Bipartisan legislation aims to ‘arm Taiwan to the teeth in the cyber domain’
Analyst Comments: The introduction of the Taiwan Cybersecurity Resiliency Act reflects the growing concern among US lawmakers about cyberattacks emanating from China, especially those targeting Taiwan. The bill is part of a wider push by the US to enhance its security cooperation with Taiwan to counter the perceived threat from China, which has been increasing its military activity around Taiwan. The bill also underscores the significance of cybersecurity in the US's relations with Taiwan, as well as the wider geopolitical context of the US-China-Taiwan relationship. However, the bill may face challenges in the legislative process given that some lawmakers may oppose measures that further inflame tensions with China, while others may feel that the bill does not go far enough in countering the perceived threat from China.
FROM THE MEDIA: A bipartisan group of lawmakers in the US Congress introduced the Taiwan Cybersecurity Resiliency Act, which seeks to enhance cooperation between the US Department of Defense and Taiwan on cybersecurity to counter cyber threats from China. The bill calls for the Department of Defense to expand and strengthen cybersecurity cooperation with Taiwan by conducting cyber training exercises, defending Taiwan's military networks, infrastructure, and systems, and leveraging US cybersecurity technologies to help defend Taiwan. This follows increasing tensions between the US, China, and Taiwan, with China ordering naval and air drills over Taiwan following Taiwanese President Tsai Ing-Wen's visit to the US to meet with lawmakers.
READ THE STORY: The Record
China building cyber weapons to hijack enemy satellites says US leak
Analyst Comments: The leaked US intelligence report highlights China's growing ambitions in the military space technology domain, which includes satellite communications. China's goals, according to the leaked assessment, are far more advanced than Russia, which has deployed brute-force electronic warfare teams with little effect. The US has not disclosed whether it has similar capabilities. China's advanced cyber attacks would seek to knock out the ability of satellites to communicate with each other, relay signals and orders to weapons systems, or send back visual and intercepted electronic data, according to experts. The US military officials have warned that China has made significant progress in developing military space technology, including in satellite communications, and is aggressively pursuing counter-space capabilities.
FROM THE MEDIA: A leaked US intelligence report claims that China is building advanced cyber weapons to seize control of enemy satellites, rendering them ineffective for data signals or surveillance during wartime. The report states that China’s push to develop capabilities to "deny, exploit or hijack" enemy satellites is part of its goal to control information and is a core part of its "war-fighting domain." The document, which has not been previously reported, was issued this year and was allegedly shared by a 21-year-old US Air Guardsman in the most significant American intelligence disclosures in more than a decade. China's cyber capability would allow them "to seize control of a satellite, rendering it ineffective to support communications, weapons, or intelligence, surveillance, and reconnaissance systems," the report said.
READ THE STORY: FT // InfoSecMag
African telecom company targeted by alleged China-backed hacking group
Analyst Comments: This is another example of Chinese government-backed hacking groups targeting telecommunications companies across the world. The Chinese government continues to deny any involvement in cyber espionage. The use of advanced malware such as PlugX highlights the sophistication of these hacking groups and the extent to which they can infiltrate computer networks. The use of keyloggers, message info stealers, password dumpers, and clipboard stealers is of particular concern as these tools provide access to sensitive information.
FROM THE MEDIA: Symantec has reported that an African telecommunications company has become the latest target of an alleged Chinese government-backed hacking group. The cybersecurity software firm’s researchers have been tracking an advanced persistent threat (APT) group known as “Daggerfly”. Symantec said that malicious activity against the company began in November 2022 and “there are indications the activity is likely still ongoing.” The specific case highlighted in the report is of interest to the researchers as they have been able to tie the activity to Chinese hacking groups based on the use of the PlugX malware, a hallmark of Chinese military hacking campaigns.
READ THE STORY: The Record // InfoSecMag
China snubbed Wagner arms request, says US intelligence leak
Analyst Comments: The leaked report revealing Wagner's attempted purchase of weapons from China highlights the group's continued efforts to obtain weapons and equipment for the ongoing conflict in Ukraine. The report also provides details on Wagner's successful attempts to purchase weapons from Belarus and Syria. The group's failed attempt to buy weapons from China raises questions about the relationship between Moscow and Beijing and China's willingness to supply weapons to Russia. It is unclear whether Wagner will continue its attempts to purchase weapons from China or if it will look to other countries for support.
FROM THE MEDIA: Russian paramilitary group Wagner, controlled by Yevgeny Prigozhin, attempted to purchase weapons and equipment from China earlier this year, according to a leaked US intelligence report. However, as of January, China had not sent any weapons to Wagner and had not had any contact with the group regarding weapons deliveries. The report also revealed successful attempts to buy arms from Belarus and Syria. A relationship between Wagner and Turkey was also mentioned. In the past, the US has claimed China is considering supplying Russia with lethal arms to replace crucial stocks of ammunition, artillery, and missiles.
READ THE STORY: FT
Off-the-shelf ransomware is spurring a new era in the Ukraine war
Analyst Comments: The use of commercial ransomware tools by Russian hackers is a concerning trend in the ongoing conflict in Ukraine. As ransomware attacks continue to become more prevalent and sophisticated, they can result in significant damage and financial losses for organizations. Additionally, the evolution of the GRU’s cyber capabilities is a cause for concern, particularly as the military conflict in Ukraine continues. The use of wipers and other cyberattacks in conjunction with kinetic operations highlights the need for increased focus on cybersecurity in conflict zones. It also highlights the importance of international cooperation to address cyber threats and develop effective deterrence strategies.
FROM THE MEDIA: According to a report by the European Cyber Conflict Research Initiative (ECCRI), cyber security experts believe that Russia-aligned hackers will increasingly use commercial ransomware tools in attacks against Ukrainian targets. The report, commissioned by the UK's National Cyber Security Centre (NCSC), is based on discussions held at an invite-only workshop in February 2023, attended by cyber threat intelligence practitioners, academics, and officials from key governments and international institutions. Experts at the workshop also agreed that Russia’s military intelligence service, the GRU, is expected to keep evolving as the war in Ukraine enters its second year. Russia was attributed to the wiper attacks on Ukrainian targets at the start of the war, and experts believe that new, discardable alternatives such as CaddyWiper are expected to become more popular.
READ THE STORY: TechCentral
Europe’s Air-Traffic Agency Under Attack From Pro-Russian Hackers
Analyst Comments: The attack on Eurocontrol highlights the ongoing threat of state-sponsored cyberattacks on critical infrastructure. Eurocontrol's quick response to the attack demonstrates the importance of implementing stringent cyber-protection protocols to safeguard sensitive systems. The attack also serves as a reminder to organizations to have backup communication channels in place to ensure business continuity in the event of a cyberattack.
FROM THE MEDIA: Pro-Russian hackers have attacked the website of the European Organisation for the Safety of Air Navigation (Eurocontrol), prompting the agency to advise airlines not to use its online system to file flight plans due to temporary connectivity issues. Eurocontrol reported that the attack wasn't affecting its air-traffic control activities and that it had ringfenced its operational systems to ensure that air-traffic safety wasn't at risk. The hacking group, Killnet, claimed responsibility for the attack and called for hackers to join a marathon attack on Eurocontrol. While the attack caused interruptions to the website and web availability, there was no impact on European aviation.
READ THE STORY: WSJ
Keep reading with a 7-day free trial
Subscribe to Bob’s Newsletter to keep reading this post and get 7 days of free access to the full post archives.