Cyber Week in Review: June 3, 2022
Supreme Court blocks Texas social media law
The United States Supreme Court temporarily blocked a Texas law which bars social media companies from blocking or moderating content on a political basis. The law only applies to social media services which have more than fifty million monthly users, such as Twitter, Facebook, and Instagram. Social media firms have decried the Texas law as an infringement of their First Amendment right to editorial discretion, and argued that it would limit their ability to moderate racist and extremist content. Conservatives have said the law is necessary to protect users’ free speech rights on social media platforms. The case will return to the lower courts for further litigation.
Chinese threat actors exploit new zero-day exploit
Lucky Cat, a threat actor with links to Chinese intelligence, was discovered using a new zero-day to target the international Tibetan community The vulnerability, dubbed Follina, is notable for its scale, the vulnerability is present in all versions of Microsoft Office published after 2003. Lucky Cat used the exploit to distribute password stealing malware onto target computers. Microsoft has not released a patch for the vulnerability, but has provided a workaround which closes the exploit.
United States confirms it has conducted offensive cyber operations against Russia
General Paul Nakasone, the director of the National Security Agency and Commander of U.S. Cyber Command, said in an interview on Wednesday that the United States has conducted offensive cyber operations against Russian targets during Russia’s invasion of Ukraine. General Nakasone also said that the United States has defended Ukrainian networks and conducted information operations, although he declined to specify what those operations may have entailed or where they took place. In previous comments, Nakasone has emphasized the role of “hunt forward” operations in which the United States collaborates with allies to directly access networks and remove potential malware or close exploits, including one operation in Lithuania earlier this year.
Russia’s prosecution of REvil affiliates stalls
Russia announced it would not charge the eight affiliates of the REvil ransomware gang it arrested earlier this year. Russian authorities said that they were ending the prosecution because U.S. authorities had not shared enough information to make a trial possible. REvil was one of the most prominent ransomware gangs, perpetrating a supply chain attack against U.S. firm Kaseya and crippling the systems of JBS, the world’s largest meat supplier, for several weeks. Russian collaboration on cybercrime has ebbed and flowed over the years, but analysts have said that the Russian invasion of Ukraine closed many of the traditional lines of communication between law enforcement agencies in both countries.
ByteDance pursues return to India amid increased scrutiny of Chinese technologies
According to The Economic Times, TikTok parent company ByteDance is seeking to reenter the Indian market through a partnership with Mumbai-based real estate company Hiranandani Group. The partnership is speculated to involve Hiranandani Group’s data storage business, Yotta Infrastructure Solutions, or its newly launched digital consumer services platform Tez Platforms. New Delhi originally banned TikTok and 58 other Chinese apps following a skirmish with Chinese troops in 2020 at a disputed Himalayan border site that killed 20 Indian soldiers. Recently, Indian officials have signaled renewed suspicion of Chinese technology companies, opening investigations into ZTE and Vivo and seizing financial assets of Xiaomi due to suspected financial misconduct.