U.S. Cyberattack Diminished Iran’s Ability to Target Oil Tankers: Senior U.S. officials said that the June cyberattack against Iran knocked out a critical database used by Iran’s paramilitary forces, diminishing their ability to target oil tankers and shipping traffic or conduct covert attacks. While Iran initially said the attack was ineffective, and some cybersecurity experts were incredulous that Iran failed to back the database up, the anonymous sources quoted in the stories say the country is still working to recover information lost in the attack and bring some systems back online, including military communications networks. The cyberattack demonstrated the more aggressive “persistent engagement” strategy that U.S. Cyber Command has taken under General Paul Nakasone, thanks to new congressional authorities and an executive order granting the Defense Department greater authority to plan and execute cyberattacks.
U.S.-China Tech Decoupling Continues: U.S.-China tech decoupling continued this week due to national security concerns and rising labor costs in China. The Wall Street Journal reported that U.S. officials are considering rejecting the application for an already partially-laid fiber optic cable linking the United States and Hong Kong. The Department of Justice has security concerns about the direct link to an increasingly less autonomous Hong Kong the cable would provide. There are also suspicions that Dr. Peng, one of the cable’s funders along with Google and Facebook, may have connections to the Chinese government.
Ongoing U.S.-China trade tensions, as well as rising labor costs in China, have made tech companies continue to rethink their supply chains, with reports this week saying Google is planning on shifting some of its manufacturing from China to Vietnam to create a cheaper supply chain for its Pixel smartphone. It looks like companies will be diversifying supply chains, not totally abandoning China, however. According to a new survey of U.S.-China Business Council members, eighty-seven percent of respondents said they neither have moved nor plan to shift operations out of China.
U.S. Government Prepares for 2020 Election Ransomware Attacks: The U.S. government is set to release a cybersecurity program next month to protect voter registration databases ahead of the upcoming 2020 election. Intelligence officials are concerned that foreign hackers will target voter registration systems as Russian hackers did in the 2016 election to gather intelligence, manipulate, disrupt, or destroy data, or hold the systems hostage for ransom, fears heightened by an increase in ransomware attacks targeting county and state government systems. The voter registration databases are particularly vulnerable as they are one of the few pieces of election equipment regularly connected to the internet, are actively edited year-round, and local government are typically ill-equipped to adequately defends themselves. The Department of Homeland Security will lead the federal government’s outreach efforts to provide educational material, remote computer penetration testing, vulnerability scans, as well as a list of recommendations on how to prevent and recover from ransomware to state and local governments.
Malicious Code Used by Chinese APTs Resurfaces: Malicious code historically used by state-backed Chinese hackers has resurfaced, according to new research from Cisco and Talos. First discovered nine years ago, the hacking tool, called China Chopper, is a web shell which allows attackers to remotely access servers running web applications. While the tool has been exposed many times, researchers found that China Chopper has spread and the number of threat actors using it has also expanded over the past two years. The three most active campaigns that the researchers found deploying the malware—one targeting an “Asian government organization,” one used in tandem with ransomware against a Lebanese organization, and the third likely used as part of a website defacement—have different tools, techniques, and goals, and thus suggest different threat actors.