At a glance.
- EU issues its first sanctions against cyber threat actors.
- NSA's public outreach extends to advice for mitigating BootHole.
- Cyberspace Solarium Commission calls for Government threat-hunting in contractor networks
- US election security drills, and an initiative to mobilize security volunteers.
European Union sanctions Chinese, Russians, North Koreans, for cyberattacks.
The European Union has issued its first sanctions against hackers, singling out individuals and institutions in Russia, China, and North Korea. The news from Brussels is that six individuals and three groups in total were sanctioned. The individuals under sanction are Chinese nationals Gao Qiang and Zhang Shilong, both for their involvement in Stone Panda’s Operation Cloud Hopper industrial espionage action, Russian nationals Alexey Valeryevich Minin, Aleksei Sergeyvich Morenets, Evgenii Mikhaylovich Serevriakov, and Oleg Mikhaylovich Sotnikov, all GRU operators fingered for intruding into the Wi-Fi network of the Hague-based Organisation for the Prohibition of Chemical Weapons.
The organizations named in dispatches are the Tianjin Huaying Haitai Science and Technology Development Co. Ltd., named for its role in providing “financial, technical or material support” for Operation Cloudhopper, and for facilitating its activities; Chosun Expo, a North Korean outfit that supported the Lazarus Group, and specifically in its conduct of the WannaCry attacks; and, finally, the Main Centre for Special Technologies (GTsST) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, that is, a major GRU unit that’s specifically cited for its role in the destructive NotPetya pseudo-ransomware campaign as well as for such Voodoo Bear or Sandworm's operations as the attacks against the Ukrainian power grid.
Josep Borell, the EU’s foreign policy head, explained to the AP that the effect of the sanctions would be “a travel ban and asset freeze to natural persons and an asset freeze to entities or bodies. It is also prohibited to directly or indirectly make funds available to listed individuals and entities or bodies.”
The three campaigns the EU cites, CloudHopper, WannaCry, and NotPetya, are all familiar and unusually destructive espionage efforts. It’s also interesting to see the attempt against the Organisation for the Prohibition of Chemical Weapons, the OPCW, listed among the offenses charged to the four named GRU operators. These men were apprehended in the Netherlands in April 2018 and shortly thereafter expelled from the country. It’s believed that their hacking attempt was part of an effort to disrupt the OCPW’s investigation of a GRU attempt to assassinate a Russian defector in Salisbury, England, using Novichok nerve agent.
NSA continues its outreach on security issues.
The US National Security Agency offers another example of its program of outreach to the general public on security issues. NSA has issued mitigation advice for the BootHole vulnerability. Fort Meade suggests two useful approaches. Users can update an endpoint’s vulnerable boot components and revoke the trust of existing boot components. This will be suitable for most individual users and small enterprises, in NSA’s opinion. Alternatively, for organizations that require higher levels of security, they can implement Secure Boot trust infrastructure and customize their endpoints to use it.
Cyberspace Solarium calls for Defense Department threat-hunting in contractor networks.
C4ISRNet reports that Representative Mike Gallagher (Republican, Wisconsin 8th District, and co-chair of the Cyberspace Solarium Commission) in testimony before the House Armed Services Committee's Subcommittee on Intelligence and Emerging Threats and Capabilities said that the Department of Defense needed more visibility into its contractors' networks. Those networks represent an attractive attack surface, and “Improving the detection and mitigation of adversary cyber threats to the DIB [defense industrial base] is imperative to ensuring that key military systems and functions are resilient and can be employed during times of crisis and conflict.” The Commission recommended that the Pentagon organize threat hunting in Defense Industrial Base networks.
CISA conducts election security drills, and the University of Chicago organizes volunteers for an Election Cyber Surge.
This week the Cybersecurity and Infrastructure Security Agency (CISA) conducted its annual Tabletop the Vote exercise for twenty-one-hundred people involved in election security. CISA describes the participants as "representatives from the federal government, state and local election officials, private sector election companies, and national political committees."
NBC News reports that the University of Chicago has established a private initiative, "Election Cyber Surge," which it intends to operate as a "matchmaker" between local election officials and cybersecurity experts willing to volunteer their services to help secure the voting in this November's elections.