At a glance.
- French policy toward Huawei amounts to a "de facto" ban by 2028.
- US will entertain requests for waivers to the requirement that Huawei be excluded from Federal networks by August 13th.
- North Korea's multiplatform attack framework.
- China's cyberoperations against Hong Kong and India.
- Parliament’s Intelligence and Security Committee arouses legislative concerns with its report on Russian cyber operations.
French policy toward Huawei seems less permissive than it had been generally thought to be...
France had earlier this year announced that it intended to permit Huawei equipment into non-critical portions of its telecommunications infrastructure, and that policy was widely seen as a win for Huawei, which appeared to have successfully got the French government over an economic barrel with Huawei's low-cost, good-enough solutions. But not so fast. Reuters reports that this apparently permissive decision in fact amounted to a policy of eliminating Huawei from French infrastructure by 2028, which, while giving Shenzhen a somewhat longer runway than it was allowed by a recent UK decision, amounts to the closing of another major market.
...and US policy might be slightly more flexible.
In the US, August 13th is the deadline by which all Federal agencies and their contractors must have expunged Huawei equipment from their networks and systems. But FCW reports that waivers may be granted at the discretion of the Office of the Director of National Intelligence, but only for good and serious reasons. And any waivers that may be granted won't be permanent: they'll only last for a maximum of two years. Waivers may apparently be submitted up to the August 13th deadline.
North Korean attack framework and the target list associated with it.
Kaspersky researchers have outlined some of North Korea’s evolving cyberattack tools, specifically a multi-platform malware framework the researchers call “MATA.” It includes such components as loaders, orchestrators, and various plug-ins, and it’s capable of hitting Windows, Linux and macOS operating systems. The victims have been for the most part software and IT companies located in Poland, Germany, Turkey, South Korea, Japan and India.
The framework isn’t entirely new, having emerged over the past two years, but it has shown itself to be readily adaptable to changing conditions surrounding its target sets.
Recent targets of Chinese government cyberattacks.
Security firm Malwarebytes presents evidence that a Chinese APT is indeed responsible for deploying MgBot malware against targets in India and Hong Kong. Beijing’s beef with both places is clear. It’s in the process of re-engorging the formerly semi-autonomous city of Hong Kong, and doing so requires the identification, monitoring, and suppression of dissent. And, while much recent news has focused on bilateral tensions between China and the US, China’s relations with India are if anything arguably worse.
Pre-summer break fireworks in the House of Commons over its Russia report.
As Parliament met for the final time before its summer break, ABC News reports that MPs argued over whether Her Majesty's Government had done enough to counter the threat of Russian hacking outlined in the report Parliament’s Intelligence and Security Committee just rendered. The findings themselves do not appear to be controversial. Rather, the furor was over whether the Government has been taking proper steps to protect the UK against the Russian threat.