Cyber Week in Review: March 11, 2022

Internet firms announce exit from Russia 

As major Western technology companies such as Apple, Google and HP cut off business in Russia, Chinese firms have largely opted to remain, capitalizing on the opportunity to grow their market share. Visa and MasterCard announced a suspension of services in Russia, leading major Russian banks to partner with Chinese payment system UnionPay for card operations.  The few Chinese companies that have opted to exit the Russian market have faced public backlash. Two internet backbone service providers, Cogent Communications and Lumen, announced they would stop providing services to companies and individuals in Russia as well. Cogent and Lumen provide internet services for some of the largest internet companies in Russia, including the search engine Yandex and the state-backed telecommunications giant Rostelecom, and are essential for data transfers between Russia and other countries. Companies remaining in Russia face additional risks, as the United States secretary of commerce warned Tuesday that companies exporting in defiance of sanctions on Russia may be cut off from American equipment and software. 

Mandiant releases report detailing APT41 targeting of U.S. state governments 

Chinese cyber threat group APT41 conducted an extended campaign targeting the networks of at least six U.S. state governments, according to a report released by cybersecurity firm Mandiant on Tuesday. For over a year, APT41 exploited internet-facing web applications, leveraging a zero-day vulnerability in the USAHerds application used by many state governments. The report noted that the campaign appears to be an espionage operation, but Mandiant declined to provide a definitive assessment of APT41’s goals. In the past, APT41 has targeted organizations in the healthcare, education, news media, and telecommunications sectors with both espionage and cybercrime operations, leading the United States Department of Justice to issue charges against five members of the group in 2019 and 2020. 

Conti ransomware group faces a hack of its own as internal chat logs are leaked 

Following Conti’s public declaration of support for Russia’s invasion of Ukraine, thousands of the group's internal chats were released by a Twitter account known as ContiLeaks. The leaked messages give insight into the group's operations, revealing previously unreported victims and hundreds of bitcoin addresses that can be used to track the organization’s past attacks. The leaks also reveal internal tension within the group, which employs both Russian and Ukrainian affiliates. While there is some disagreement as to the identity of the leaker, many experts believe it is a Ukrainian security researcher angered by Conti’s choice to back Russia. Following the leaks, Conti was forced to temporarily shut down and wipe its servers, leading many to hope that the group was in decline. Nevertheless, experts claim Conti has already bounced back, successfully conducting attacks on American companies a mere ten days after the initial leak. 

U.S. Department of Homeland Security accused of bulk surveillance campaign 

The Department of Homeland Security monitored millions of financial transfers between individuals in the United States and Mexico, according to a letter released by Senator Ron Wyden (D-OR) on Tuesday. Wyden and the American Civil Liberties Union have criticized the program, calling it unconstitutional and a breach of privacy.  The surveillance program, which began in 2019 and continued through January 2022, collected six million records from money transfers between Arizona, California, New Mexico, Texas, and Mexico. Federal, state, and local law enforcement all had access to the records. This disclosure follows past revelations about financial surveillance in the United States, such as a secret program begun under the Bush administration which gave officials access to an international database of financial transaction records involving thousands of Americans. 

President Biden signs new executive order regulating cryptocurrencies 

President Joe Biden announced a new executive order targeted at cryptocurrencies on Wednesday. The order gives federal agencies six months to study the impact of cryptocurrencies on the economy and the environment. The Justice Department was also asked to explore the creation of a digital dollar and whether doing so would require Congress to pass a law. Many cryptocurrency companies hailed the executive order as a win, but cryptocurrency skeptics said the order was a step in the wrong direction and would stymie attempts to stop the use of cryptocurrencies in crime. Cryptocurrency has become a major focus of U.S. financial regulators and prosecutors, and U.S. authorities have unsealed a number of charges in the past week related to cryptocurrency theft.