Cyber Week in Review: February 24, 2023

Russian plans to debut new internet surveillance system later this year 

Moscow plans to roll out a new internet surveillance system, dubbed Vepr, the Russian word for boar, later this year, according to the state media outlet TASS. Roskomnadzor, the Russian telecommunications regulator, has been working on the system since early 2022. According to engineers involved in the project, the system is designed to “identify and flag threats in the information sphere” before they gain wide traction. The system will not be used to take down content, but will instead act as a kind of early-warning system for mass social movements. Russia has ramped up its automated online censorship programs since the invasion of Ukraine in February 2022, and earlier this month launched the Oculus surveillance system, designed to scan images and text on the internet for dissent and “LGBT propaganda.” 

Chinese cybersecurity company alleges cyberattacks originating from Europe, North America 

According to the Global Times, Beijing-based cybersecurity company Qi An Pangu Lab has identified six members of a hacker group called Against The West (ATW) accused of carrying out large-scale scanning detection and supply chain attacks on Chinese networks since 2021. Pangu Lab attributed ATW to individuals from Switzerland, France, Poland, and Canada, among other countries. The group has stolen and leaked information from institutions such as the People’s Bank of China and China’s Ministry of Public Security, along with targets in Russia, Belarus, Iran, and North Korea. Pangu Lab and other Chinese cybersecurity companies have published several reports on advanced persistent threat (APT) groups in the last two years, including one on the Equation Group, an APT linked to the NSA, although researchers have questioned the timing and content of some reports. 

European Commission bans TikTok on government devices 

The European Commission banned TikTok from work-issued phones and personal phones with work applications downloaded on Thursday. Employees have until March 15 to delete the application. TikTok has been under increasing scrutiny in both the European Union and United States as a potential security risk. No EU member state government has banned TikTok from government devices, although the Netherlands has “paused” the use of TikTok until a privacy review can be conducted. The U.S. federal government and several state governments have banned TikTok from government devices, while some members of Congress have pushed for a national ban on the application, citing a risk to national security. TikTok has taken steps to respond to the concerns of officials; it has formulated a $1.5 billion plan, dubbed Project Texas, it says would insulate its operations in the United States from Chinese government influence and similarly says it will build three data centers in the EU to store customers’ data and ensure compliance with EU privacy standards. 

EU agencies warn of Chinese APT attacks 

The European Union Agency for Cybersecurity (ENISA) and the EU Computer Emergency Response Team (CERT-EU) warned this week that several Chinese state-sponsored hacking groups are targeting businesses and government organizations in the EU. The joint advisory said [PDF] the threat actors were observed “conducting malicious cyber activities against business and governments in the Union.” The groups identified in the advisory include: Emissary Panda, APT 30, Zirconium, Mirage, Gallium, and Mustang Panda. The agencies said that the groups frequently used the invasion of Ukraine and its effect on EU businesses as a hook in phishing attempts. The joint statement called for European organizations to focus on increasing access controls, hardening software products and highly-privileged accounts, and using highly secure passwords and multi-factor authentication on all accounts. The advisory comes a week after the FBI warned U.S. secretaries of state about the growing threat of Chinese hacking operations against state government networks. 

Go Daddy reports multi-year data breach 

Go Daddy, a leading web hosting firm, revealed a multi-year breach last week that redirected many customers’ website URLs to malicious domains. The attackers stole source code and employee and customer login credentials, and used Go Daddy’s service to conduct watering hole attacks by placing malware on customers’ websites. Details of the incident, which began in 2020 and was first discovered in December 2022, were made public last week in a filing with the U.S. Security and Exchange Commission (SEC). Some researchers criticized the company over the breach, saying the length of the breach and the time it took GoDaddy to report it, demonstrated lax security standards. GoDaddy believes the breach was the work of a single group, but has not identified the threat actor responsible.