Cyber Week in Review: September 9, 2022

Albania cuts diplomatic ties with Iran after cyberattack 

Edi Rama, the Albanian prime minister, announced that the Albanian government is severing ties with Iran over cyberattacks in the wake of a conference by the People’s Mojahedin Organization of Iran (MEK), a group that opposes the current Iranian regime. The U.S. National Security Council (NSC) attributed the cyberattacks to Iran in a statement and pledged assistance to help Albania recover. The U.S. Department of the Treasury also imposed sanctions on several Iranian individuals and organizations in the aftermath of the attack, including Iran's minister of intelligence, Esmail Khatib. Albanian officials said they had evidence that Iran hired four organizations to conduct the attack, which utilized ransomware and a previously unknown backdoor to disrupt Albanian networks. While some have suggested that severing diplomatic ties was a notably strong diplomatic response to a cyberattack, others have noted that other factors, including Iranian support for terrorist groups before and after the conference, probably played a larger role in the decision. 

China says NSA hacked major military research university 

China has accused the U.S. National Security Agency (NSA) of hacking the email system of a prominent university to steal data and personal information. The university—Northwestern Polytechnical University in Shaanxi Province—is known for its aviation and aerospace programs and frequently engages in military research. According to a report from China’s National Computer Virus Emergency Response Center, the NSA’s Office of Tailored Access Operations (TAO) “successively used 41 kinds of NSA's special network attack weapons and equipment” in the alleged cyberespionage incident. China’s Ministry of Foreign Affairs spokesperson Mao Ning condemned the attack. Some cybersecurity researchers criticized the report, questioning why the NSA would still use tools exposed years ago in Edward Snowden’s leaks. 

Ireland fines Meta $400 million over use of children’s data 

Irish regulators fined Instagram’s parent company Meta over $400 million earlier this week over the photo sharing app’s use of children’s data in advertising. The fine is one of the largest ever assessed by Ireland’s data privacy watchdog under the European Union’s General Data Privacy Regulation (GDPR). The fine stems from Instagram’s policy allowing users from age thirteen to seventeen to operate business accounts. These accounts had greater access to analytics features but also made users’ contact information public. Instagram said it had changed its policy before the ruling and plans to appeal the decision. Irish regulators have levied several major penalties against technology companies in the past year, including an $800 million fine against Amazon that was the largest ever assigned under the GDPR. 

Law enforcement surveillance tool exposed  

A joint report from the Associated Press and Electronic Frontier Foundation highlighted a major surveillance tool, known as Fog Reveal, used by dozens of local law enforcement agencies across the country to collect bulk data without a warrant. The tool makes use of advertising data, including location, timestamp, and a unique advertising ID tied to individual devices to construct a searchable database that could allow law enforcement to either track an individual device or see which devices passed through a certain area. Fog Data Science, which built the tool, advertised Fog Reveal’s ability to identify individuals based on their “timelines, travel, and patterns of life.” Mass surveillance has been a prominent topic in American political discourse for the past decade, although this tool marks one of the first instances of local law enforcement making use of similar tools. 

 Conti repurposing infrastructure to attack Ukraine 

Some affiliates of the ransomware group Conti have repurposed their organizations to attack networks in Ukraine, according to a report from Google’s Threat Analysis Group (TAG). Google said that the groups have launched at least five campaigns against a wide array of organizations, from Ukrainian hotel chains to European humanitarian groups, since April 2022. The campaigns appear to mostly be run by initial access brokers, individuals or groups who sell access to compromised systems to ransomware groups. These groups usually are indiscriminate about which networks they gain access to and are focused on profit. Conti declared its support for Moscow in the immediate aftermath of the Russian invasion of Ukraine, which led an unknown individual to leak a cache of  messages and records, exposing many of the group’s tools and internal operations.