Cyber Week in Review: December 9, 2022

Apple accelerates moving production out of China 

U.S. technology company Apple has begun accelerating its plans to move production out of China. Apple’s large production plant in Zhengzhou has been wracked by protests concerning wages and COVID restrictions in recent weeks, mirroring similar protests across the country. Apple will also likely face difficulties buying and using Chinese microchips in its products, following the imposition of new U.S. export controls in October. Apple had already expected to move 15 to 30 percent of its hardware production out of China, but the recent protests and U.S. export restrictions have spurred the company to move those plans up. Apple is reportedly looking to shift production toward factories in India and Vietnam and to reduce dependence on Taiwanese electronics manufacturers like Foxconn, which could be caught up in escalating tensions between Taiwan and China.  

Chinese hackers accused of stealing U.S. COVID relief funds 

The U.S. Secret Service on Monday revealed that a group of Chinese state-sponsored hackers commonly known as or Mustang Panda, or APT 41, stole over $20 million in COVID-19 relief funds from the U.S. government in 2020. The hacking group targeted the Small Business Administration, which was distributing money to U.S. businesses, as well as individual state funds. The Chinese embassy said in a statement to Reuters that China has always "firmly opposed and cracked down on all forms of cyber theft and hacking” and called the accusations “groundless.” APT 41 has a history of operating as an espionage group for the Chinese government while also conducting criminal hacking on the side., Experts have speculated that APT 41 likely did not steal the money under orders from the Chinese government, but rather as part of its criminal operations.  

House of Representatives to vote on National Defense Authorization Act 

On Thursday, the U.S. House of Representatives passed the 2023 National Defense Authorization Act (NDAA), a yearly bill which lays out the budget for the Department of Defense (DoD) for the upcoming fiscal year. The bill authorizes $858 billion in spending for the DoD, and contains a number of major cyber-related provisions. The bill would give Cyber Command over $44 million to conduct hunt forward operations, expand Cyber Command’s mandate to conduct hunt forward operations, and require a biennial report on Cyber Command’s efforts to secure American elections. The bill will also codify the new Bureau of Cyberspace and Digital Policy at the State Department, which was established earlier this year. If, as expected, the House passes the NDAA, the Senate will take up the bill next week. 

Netherlands expected to align with U.S. microchip controls

Officials in the Netherlands are likely to align their trade rules with U.S. export restrictions on microchip manufacturing equipment, according to recent reports. The United States imposed major restrictions on semiconductor firms in October 2022, banning American citizens and American firms from working with or providing equipment or raw materials to Chinese semiconductor firms. The Dutch government’s decision to follow the U.S. move will prevent the Netherlands-based ASML, the only source of the world’s most advanced photolithography machines, vital for the production of the smallest semiconductors from selling equipment capable of creating microchips under fourteen nanometers to companies in China. The restrictions are expected to be finalized in the next month. Japan, another major player in the semiconductor industry, has not indicated if it will align with the U.S. restrictions yet. 

Maryland and other states ban TikTok from government devices 

Maryland Governor Larry Hogan banned the use of TikTok and several Russia-based platforms on state government devices earlier this week. Maryland, South Dakota, Texas, and Nebraska have all banned TikTok from government devices in the last two years. Hogan said that the move was made after consulting with federal agencies about the potential cybersecurity risks of TikTok. Republicans in both the U.S. House and Senate attempted to attach a provision to the recent NDAA which would have banned the app from government devices nationwide, but the effort failed. TikTok has faced intense scrutiny over the purported ties of its parent company, ByteDance, to the Chinese government.