Cyber Week in Review: April 7, 2023

UK government publishes offensive cyber operation guidance 

The UK National Cyber Force published a report earlier this week detailing its approach to offensive cyber operations and threats in cyberspace. The NCF says that it conducts three types of offensive operations: countering threats from terrorists, criminals, and states who aim to cause harm; preventing groups from undermining the confidentiality, integrity, or availability of data or the systems which store it; and contributing to operations carried out by other UK military and intelligence operations. The document introduces a “doctrine of cognitive effect,” cyber operations that limit or affect the availability of information to an adversary thus undermining their confidence in their ability to plan and conduct activities.  In recent years, the United States and United Kingdom have both become increasingly transparent about the doctrine which underpins their offensive cyber operations. 

Chinese regulator launches cybersecurity review of U.S. chipmaker 

China’s main internet regulator, the Cyberspace Administration of China (CAC), will conduct a cybersecurity review of products sold by U.S. semiconductor manufacturer Micron in China. An announcement released by the CAC stated that the review of the U.S. memory chip manufacturer will be conducted to “ensure security of the key information infrastructure supply chain, prevent network security risks caused by hidden product problems, and maintain national security.” Chinese Foreign Ministry spokesperson Mao Ning stated in a press conference that the review is a “normal regulation measure for safeguarding national security,” adding that both Chinese and foreign companies operating in China must abide by national laws and regulations. Beijing’s decision to scrutinize Micron has been described by some industry analysts as a message to the United States, which in October 2022 passed sweeping export controls on China’s advanced computing and semiconductor manufacturing industries. 

Genesis Market seized by law enforcement 

Genesis Market, a major cybercrime marketplace that sold stolen credentials, was shut down on Tuesday by U.S. law enforcement agencies, in collaboration with several other countries. Since its creation in 2018, Genesis Market has been implicated in millions of financially-motivated cyber incidents globally, and the site allowed users to search for different types of stolen personal information, such as credit card numbers, or the business the data was stolen from. Police arrested at least 120 people in 17 different countries following the shutdown of the market, although it is unclear whether those arrested played a role in running the market or were customers. As of Thursday, the accounts associated with some administrators of Genesis were still posting on other cybercrime forums and some portions of the forum’s infrastructure were still active, leading some security researchers to question the efficacy of the takedown.   

U.S. used front company to buy NSO Group geolocation spyware 

According to a report by the New York Times, an agency of the United States government is an active client of the Israeli spyware firm, NSO Group. The agency is using Landmark, a surveillance tool sold by NSO that allows an operator to geolocate phones through SS7, a network protocol used to connect mobile phone networks. The Times’ investigation revealed that the purchase of Landmark software in November 2021 occurred via a front company just five days after the Biden administration publicly blacklisted NSO for activities contrary to the United States’ national security or foreign policy interests. It is unclear which agency purchased Landmark, but two sources said that the U.S. government has used the system against thousands of targets in Mexico. There is no indication at this time that Landmark has been used against phones in the United States. 

China plans $500 million undersea fiber-optic internet cable network  

Chinese state-owned telecom firms are developing a $500m undersea fiber-optic internet cable network that would link Asia, the Middle East and Europe, rivaling a similar U.S.-backed project. According to Reuters reporting, three of China’s main carriers are mapping out the subsea cable network, which would link Hong Kong to China's island province of Hainan before traveling to Singapore, Pakistan, Saudi Arabia, Egypt and France. China’s HMN Technologies will receive subsidies from the Chinese government to build the cable. The United States has previously blocked Chinese undersea cable projects connecting the United States and China due to concerns about the security of internet data. Undersea cables carry over 95 percent of international internet traffic and experts have said that China’s access to undersea cables could present an espionage threat.