At a glance.
- Biden administration issues executive order restricting overseas sharing by data brokers.
- Ransomware attacks in the healthcare industry.
- APT28 uses compromised Ubiquiti EdgeRouters.
Biden administration issues executive order restricting overseas sharing by data brokers.
The Biden administration is issuing an executive order today that will prevent data brokers from selling sensitive data of Americans to China, Russia, and other "countries of concern." The order focuses on "genomic data, biometric data, personal health data, geolocation data, financial data, and certain kinds of personally identifiable information."
The White House stated, "The sale of Americans’ data raises significant privacy, counterintelligence, blackmail risks, and other national security risks—especially for those in the military or national security community. Countries of concern can also access Americans’ sensitive personal data to collect information on activists, academics, journalists, dissidents, political figures, and members of non-governmental organizations and marginalized communities to intimidate opponents of countries of concern, curb dissent, and limit Americans’ freedom of expression and other civil liberties."
Ransomware attacks in the healthcare industry.
The US FBI, CISA, and the Department of Health and Human Services (HHS) have issued a joint advisory warning that the ALPHV/Blackcat ransomware-as-a-service operation continues to target the healthcare industry. The advisory notes, "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023."
Reuters reports that last week's cyberattack against Optum's Change Healthcare prescription processing platform was a ransomware attack by the ALPHV/Blackcat gang. The company's systems are still experiencing disruptions. UnitedHealth Group VP Tyler Mason told BleepingComputer that "90% of the 70,000+ pharmacies using the impacted platform have switched to new electronic claim processes."
APT28 uses compromised Ubiquiti EdgeRouters.
The US FBI, NSA, Cyber Command, and international partners have released a joint advisory warning that Russia's APT28 (also known as "Fancy Bear," a threat actor attributed to the Russian GRU) is using compromised Ubiquiti EdgeRouters to "globally to harvest credentials, collect NTLMv2 digests, proxy network traffic, and host spear-phishing landing pages and custom tools."
The advisory states, "As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world. These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. Targeted countries include Czech Republic, Italy, Lithuania, Jordan, Montenegro, Poland, Slovakia, Turkey, Ukraine, United Arab Emirates, and the US. Additionally, the actors have strategically targeted many individuals in Ukraine."