Cyber Week in Review: March 4, 2022

New, extremely advanced Chinese cyberespionage tool detected 

A Symantec report published Monday revealed highly sophisticated malware being deployed by China-linked threat actors to conduct espionage campaigns. The malware, dubbed Daxin, acts as a stealthy backdoor into targets’ networks and has been used in attacks directed at select governments and critical infrastructure. Daxin overcomes advanced threat detection capabilities by hijacking legitimate services already running on infected devices in order to hide its communications within normal network traffic. While the most recent Daxin attack occurred in November 2021, there is evidence that the malware was operating as early as 2013. In November 2019, a Chinese threat actor unsuccessfully attempted to deploy Daxin against an information technology company. Daxin, is one of many powerful tools linked to China in the past year, highlighting the nation’s growing cyber capabilities. 

Swedish telecommunication company Ericsson faces new corruption scandal 

Leaked documents from an internal investigation of Swedish telecommunications company Ericsson revealed misconduct in Iraqi business dealings. The report details company bribes, fraud, and embezzlement in Iraq, highlighting how funds paid to militants for transportation contracts may have ended up in the possession of the ​​Islamic State. The report also notes how militants kidnapped Ericsson’s contractors after the company decided to send them into territory controlled by Islamic State fighters. This is not the first time Ericsson has faced allegations of corruption. In 2019, Ericsson paid $1.06 billion to resolve allegations of bribery by the United States Justice Department, only to be accused by prosecutors of breaching the settlement in October 2021. On Wednesday, the Justice Department informed Ericsson that the newest disclosures of misconduct in Iraq constitute a second breach of the 2019 agreement. 

Social media companies crackdown as Russia focuses on disinformation campaigns 

Facing a notable uptick in Russian disinformation campaigns, many  social media platforms are addressing the activity of Russian media outlets on their sites. Facebook, TikTok, and YouTube announced that they are banning Russian state media from their platforms in Europe, while Twitter has opted to issue advisory labels on posts with links to Russian state media sources. In addition, Meta has begun offering encrypted Instagram direct messaging services in Russia and Ukraine. Ukrainian leaders reportedly requested that Apple, Meta and Google restrict their services inside of Russia, raising debate about whether such action would strengthen the regime by eliminating avenues of dissent online. Ukrainian leaders also sent a letter to the International Corporation for Assigned Names and Numbers (ICANN), which controls access to domains, requesting that Russian internet domains, .ru and .su, be disconnected entirely from global domain name servers, effectively isolating the entire Russian population from the internet. ICANN denied the request, and some researchers said the move would likely play into the plans of Putin by isolating ordinary Russians from non-state controlled sources of information. 

Open source intelligence plays key role in the Russia-Ukraine conflict 

Open source intelligence(OSINT) has proven to be an extremely useful tool as researchers work to stay updated on the rapidly-changing conflict in Ukraine. The initial Russian invasion was spotted by academics who noticed a suspicious traffic jam on Google Maps even before Russian President Vladimir Putin made his declaration of war. Social media posts documenting activity in Ukraine have enabled OSINT analysts to scrutinize the operation of Russian forces and debunk misinformation published by Russian state-backed news outlets in real time. Twitter has been a particularly prolific source of OSINT, with accounts such as the Ukraine Weapons Tracker posting hourly updates about the conflict. Still, Twitter has faced challenges differentiating between OSINT and misinformation, admitting Tuesday that it had mistakenly suspended the accounts of some OSINT reporters. 

Senate passes Strengthening American Cybersecurity Act 

The Senate passed a major cybersecurity bill earlier this week, the Strengthening American Cybersecurity Act. The bill passed unanimously, a stark departure from months earlier, when it was stripped from an annual defense authorization bill after infighting over certain reporting provisions. The legislation expands reporting requirements for federal agencies, who are now required to report cyberattacks to the federal Cybersecurity and Infrastructure Security Agency (CISA). The bill also widens the definition of critical infrastructure, and requires firms which fall under that definition to report cyberattacks to CISA as well. Critical infrastructure groups are now also required to report cyberattacks within seventy two hours of detecting them, and ransomware payments within twenty four hours of making them.