Cyber Week in Review: January 20, 2023

Chinese government agencies set market size goal for data security industry

Sixteen Chinese government agencies—including the Ministry of Industry and Information Technology and the Cyberspace Administration of China—jointly issued a comprehensive document outlining the goals of the country’s data security industry. The guidelines propose that by 2025, China’s data security industry is to exceed 150 billion yuan (roughly $22.3 billion) with a compound annual growth rate of at least 30 percent. China’s desire to increase the market size of the industry is seen as an effort to “better activate the value of data elements and inject fresh impetus into economic growth.” According to a report released in August 2022 by the International Data Corporation (IDC), the growth rate of China’s network security market leads the world, with a five-year compound annual growth rate of nearly double that of the rest of the world.

SEC sues law firm in attempt to reveal clients affected by cyberattack

The U.S. Securities and Exchanges Commission (SEC) filed a lawsuit against the law firm Covington & Burling to compel the firm to turn over a list of three hundred clients who were hit by a cyberattack launched by the Chinese threat actor Hafnium in November 2020. The SEC claims that it needs the list of clients to investigate potential securities violations, while Covington & Burling has countered that the hack was relatively contained in what information the hackers stole, that only seven of the companies had material non-public information stolen, and that its communications with clients were protected by attorney-client privilege. Hafnium emerged as a major threat actor in March 2021, when it used a series of vulnerabilities in Microsoft Exchange servers to steal data from tens of thousands of organizations.

Ukraine says it sees coordination between Russian cyberattacks and kinetic strikes

Ukrainian authorities released a report detailing what appears to be coordination between Russian cyberattacks and kinetic strikes in Ukraine. The coordination occurs largely in attacks on government offices and networks, media companies, and communication centers, according to the report. Microsoft came to a similar conclusion in an earlier report [PDF] in April 2022, writing that Russian strikes and cyberattacks often shared the same targets, although it was unclear if this was intentional. The Ukrainian study also found that Russian operators were choosing different targets for cyberattacks than they were at the beginning of the war, increasingly attacking civilian infrastructure, rather than military or government installations.

Bangladesh bought Israeli spyware despite human rights concerns

An Israeli spyware firm, Passitora, sold surveillance equipment and its SpearHead spyware system to the Bangladeshi government despite the fact that Bangladesh is not on the list of countries approved by the foreign ministry that Israeli spyware firms are allowed to sell to. Human rights advocates have previously criticized Bangladesh for domestic repression, with a major focus on extrajudicial killings and forced disappearances carried out by security forces. The system Passitora sold to Bangladesh can be used to gather contact data, messages, calls, and application data from any phone within a half kilometer of the system, which is often transported in a van to expand its footprint.

United States takes down Bitzlato high-risk cryptocurrency exchange

The U.S. Justice Department announced that it had arrested Anatoly Legkodymov, the founder of high-risk cryptocurrency exchange Bitzlato, for his role in circumventing U.S. sanctions and money laundering. Justice Department officials said that Bitzlato had processed more than $700 million in illegal funds and had been used by ransomware gangs and dark net drug markets to launder money in the past. Legkodymov faces almost five years in prison if convicted, although prosecutors may still choose to add more charges to the case. The Financial Crimes Enforcement Network (FinCEN) also said it was imposing sanctions on the exchange for its role in sanctions evasion. The arrest is the first one made by the National Cryptocurrency Enforcement Team, which was first established in October 2021 and had its first director appointed in February 2022.