Cyber Week in Review: February 26, 2021

Chinese Spyware Traced Back to Stolen National Security Agency Exploit

According to a report released on Monday by Israeli cybersecurity firm Check Point, Chinese threat actor APT 31 used a Windows zero-day exploit stolen from the National Security Agency’s (NSA) Equation Group from 2014 to 2017. The report explains that the NSA’s original exploit, “EpMe,” was replicated by APT 31 in 2014 to form the Chinese variant dubbed “Jian.” Jian and EpMe elevate the privileges of a hacker who has already compromised a local Windows system, granting them complete access to a computer. The exploit was used until Microsoft patched the vulnerability in 2017 after the infamous Shadow Brokers hacker group leaked several NSA tools and exploits on the internet. “We confirmed in 2017 that the exploits disclosed by Shadow Brokers have already been addressed,” a Microsoft spokesperson told WIRED magazine in a statement. “Customers with up-to-date software are already protected against the vulnerabilities mentioned in this research.”

Congress Holds First Public Hearing on SolarWinds

On Tuesday, the Senate Intelligence Committee held its first public hearing on the SolarWinds breach. At the hearing, the chief executives from Microsoft, FireEye, SolarWinds, and CrowdStrike agreed that the full number of entities impacted by the SolarWinds compromise likely remains unknown. The companies supported the calls of a number of senators for a national breach law and requested a better mechanism for reporting breaches. “Notifications need to be confidential or you don’t give organizations the capability to prepare for those liabilities,” said FireEye CEO Kevin Mandia. In addition, Senator Mark Warner (D-VA), who leads the committee, wants Congress to consider creating a new federal agency similar to the National Transportation Safety Board to investigate major cyber intrusions. Some senators criticized Amazon Web Services, whose infrastructure was used by the hackers to support their operation, for declining to testify, with Senator Susan Collins (R-ME) hinting that a subpoena could be issued.

Russian Hackers Target Ukrainian Government Document Circulation System

Ukrainian officials announced on Wednesday that suspected Russian hackers breached a government document management system in an attempt to disseminate malware. According to the officials, the hackers uploaded malware-infected documents that, if opened, granted them full control of the victim’s computer. Although Ukrainian authorities did not identify a specific perpetrator in their statement, they assert that the “methods and means of carrying out this cyberattack allow [us] to connect it with one of the hacker spy groups from the Russian federation.” Similarly, ZDNet attributes the campaign to Gamaredon, a Russian threat actor that has a long track record of targeting Ukraine.

Biden Executive Order Attempts to Address Chip Shortage and Strengthen Supply Chains

President Biden signed an executive order on Wednesday that institutes two separate reviews of major supply chains with the aim to increase long-term domestic production of semiconductors and other “critical materials.” The first is a one-year review covering six broad areas of the economy, while the second is a shorter, 100-day review examining four products: semiconductors, batteries, pharmaceuticals, and rare-earth minerals. The order comes in response to a global chip shortage that has been triggered by increasing demand for electronics as people work from home and pandemic-induced interruptions to global production. Alongside the executive order, bipartisan legislation to increase investment in domestic semiconductor manufacturing and address competition with China was announced by Senate Majority Leader Chuck Schumer (D-NY) on Tuesday. “Right now, semiconductor manufacturing is a dangerous weak spot in our economy and in our national security; that has to change,” Senator Schumer said in a statement.

Facebook Restores News Access in Australia

Facebook will restore access to news content for its Australian users after the company struck a deal with the Australian government this week. An amended version of Australia’s draft legislation to force tech platforms to pay media outlets to feature their content was passed through parliament on Thursday. The version includes provisions to allow additional time for the tech companies to negotiate with media outlets before facing binding government arbitration. Moreover, the revised legislation also grants tech firms greater autonomy in striking independent deals with news companies. Facebook has expressed satisfaction with the compromise, announcing on Friday that it has begun negotiating commercial agreements with three Australian publishers. “It’s always been our intention to support journalism in Australia and around the world,” Facebook’s Vice President of Global News Partnerships Campbell Brown said in a statement. “We’ll continue to invest in news globally and resist efforts by media conglomerates to advance regulatory frameworks that do not take account of the true value exchange between publishers and platforms like Facebook.”