Cyber Week in Review: January 29, 2021

Security Researchers Targeted by North Korean Hackers

Google announced on Monday that North Korean threat actor Lazarus Group has been carrying out spear phishing attacks against members of the security research community. According to Google’s Threat Analysis Group (TAG), the hackers posed as security researchers through fake accounts on LinkedIn, Twitter, Discord, and various other platforms and attempted to build their credibility through social media activity, fake blog posts, and a YouTube video claiming to find exploits in a recently patched Windows Defender vulnerability. TAG claims that after making initial contact “the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together and then provide the researcher with a Visual Studio Project” containing malware. The hackers were also able to compromise some researchers’ Windows systems through a malicious twitter link. Google’s announcement contains a list of suspected social media accounts and websites along with recommendations for concerned researchers.

Ant Group Announces Sale of U.S. Biometric Security Company

Amid continuing tensions between the United States and China, Ant Group, the digital payments affiliate of Chinese tech firm Alibaba Group, has announced plans to sell Missouri-based biometric screening company EyeVerify. The planned sale follows the Trump administration’s concerns regarding Chinese companies’ access to Americans’ data—scrutiny that is expected to continue under the Biden administration. The Financial Times reports that Ant acquired EyeVerify in 2016 for $100 million, making it the company’s first purchase of a U.S. company. Facing pressure from domestic rival Tencent, Ant Group attempted to purchase Texas-based money-transfer company MoneyGram International in 2018 for $1.2 million. The deal, however, was blocked by U.S. regulators. Following news of the sale, plans to restructure Ant Group as a financial holding company under China’s central bank were also announced, casting uncertainty over Ant’s non-fintech ventures into artificial intelligence, blockchain development, and digital lifestyle services. 

India Permanently Bans TikTok

Seven months after a deadly border clash with China left twenty Indian soldiers dead, the Indian government has moved to make the months-long ban on TikTok and other prominent Chinese apps permanent. The ban, which was instituted originally in June 2020, cites national security and public order concerns and involves a total of fifty-nine apps, including popular names such as WeChat and UC Browser. According to Times of India, the Indian Ministry of Electronics and Information Technology queried into the data collection processes and domestic operations of the various companies before electing to make the ban permanent. The move follows a September 2020 order that banned 118 Chinese apps, including the popular mobile game PUBG. Chinese officials have expressed their opposition to the ban, with a spokesperson from the Chinese embassy in India stating that the move is “in violation of WTO nondiscriminatory principles.” Following the ban, TikTok announced on Wednesday that it will be making cuts to its workforce in India, which currently employs over two thousand people.

Cybercriminal Networks Targeted by International Police

Europol announced on Wednesday that an international coalition of law enforcement agencies and judicial authorities brought down the notorious botnet EMOTET. EMOTET has reportedly “infected more than 1.6 million victim computers and has caused hundreds of millions of dollars in damage to victims worldwide” since its inception as a banking trojan in 2014, according to the U.S. Department of Justice. Ukrainian police, who participated in the takedown effort, also arrested two operators of the botnet. According to Ukrainian authorities, further action has been taken to identify and detain other hackers.

In a separate operation, U.S. and Belgian authorities disrupted the sophisticated NetWalker ransomware in a coordinated effort that resulted in the disablement of two dark web channels used to communicate with victims, the arrest of a Canadian hacker, and the seizure of roughly $500,000 in cryptocurrency from ransomware payments. According to Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division, international police coalitions are striking back against ransomware networks “by not only bringing criminal charges against responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims.”

Norwegian Officials Fine Grindr for Alleged GDPR Violations

Popular LGBTQ+ dating app Grindr is facing fines of roughly $12 million for allegedly sharing user information with third party companies. The Norwegian Data Protection Authority (DPA) notified Grindr earlier this week of their intent to fine, accusing the California-based company of breaching Europe’s General Data Protection Regulation (GDPR) by sharing users’ GPS location and profile information without their consent. The DPA notes that Grindr is considered a safe and private space for many LGBTQ+ users and that the undisclosed sharing of their data merits particular protection. According to the notice, the high magnitude fine represents ten percent of Grindr’s worldwide annual revenue stream and could result in the highest DPA fine to date. The decision, however, is not final and is contingent on an evaluation of the company’s response to the findings. Grindr claims that the allegations “date back to 2018 and do not reflect Grindr’s current Privacy Policy or practices.” The company has until February 15, 2021 to comment on the DPA’s findings.