Top stories.
- NSA's cyber directorate is reportedly getting new leadership.
- Cambodia extradites alleged scam kingpin to China.
- Chinese threat actor targets telecoms in South Asia.
NSA's cyber directorate is reportedly getting new leadership.
The Record reports that David Imbordino, who currently serves as the US National Security Agency's (NSA's) deputy chief, will be named acting head of NSA's cyber directorate at the end of the month. Additionally, Holly Baroody, who has previously served as executive director at Cyber Command, will return from her current post in the UK to serve as the directorate's acting deputy. The directorate's leadership will be in an acting capacity until a permanent NSA director is confirmed.
An NSA spokesperson told the Record that the agency "cannot confirm or deny any potential personnel changes."
Cambodia extradites alleged scam kingpin to China.
Cambodia has extradited to China a billionaire businessman who allegedly headed a major fraud syndicate that ran forced-labor scam compounds in Cambodia, the BBC reports. 38-year-old Chen Zhi is a Chinese national who became a Cambodian citizen in 2014, although his Cambodian citizenship has since been revoked. The US Justice Department indicted Chen last year and seized $15 billion worth of his bitcoin. Chen's company, Prince Group, was also sanctioned by the US and the UK.
The New York Times says the extradition is a sign that Cambodia is beginning to bend to international pressure, particularly from China, to address the country's cyberscam industry. The US alleged that Chen had ties to Chinese state officials, and these allegations may have spurred China to exert pressure on Cambodia. The Times notes that a broader crackdown on the Cambodian cyberscam industry is unlikely, as the industry has become a pillar of the country's economy.
Chinese threat actor targets telecoms in South Asia.
Cisco Talos warns that a China-linked threat actor tracked as "UAT-7290" is targeting telecommunication infrastructure in South Asia. The threat actor conducts espionage and serves as an initial access broker, establishing Operational Relay Box (ORBs) nodes within compromised networks that can be accessed by other Chinese threat actors. The group gains access using publicly available exploit code or brute-forcing SSH servers on public-facing edge devices. The threat actor deploys three strains of Linux-based malware: a dropper called "RushDrop," a peripheral strain called "DriveSwitch," and the main implant, dubbed "SilentRaid."
