At a glance.
- US counterintelligence chief adds Cuba, North Korea, and Saudi Arabia to the list of countries interested in influencing US elections.
- US sanctions affecting Huawei.
- Transparent Tribe deploys an evolved version of Crimson RAT.
- Twitter case affords a look at GDPR enforcement.
Other players in the election influence contest.
William Evanina, Director of the National Counterintelligence and Security Center at the Office of the Director of National Intelligence, has added a few governments to the list of those who appear interested in influencing US elections, CyberScoop reports. He said at midweek that Cuba, North Korea, and Saudi Arabia “want to be able to provide their optics for discord in the United States.”
Huawei increasingly feeling the effect of US sanctions.
Huawei's smartphone sales may have eclipsed those of Apple and Samsung early this summer, but, the AP reports, that's been largely domestic growth. The company has acknowledged that its international marketshare continues to erode. One apparent downside of being the low-cost provider of consumer goods is that consumers find it relatively easy to discard the device and move on, once the device becomes, for example difficult to update or replace, and new restrictions the US Commerce Department imposed this week will exacerbate that trend. Consumers are accustomed to smartphones having a useful life of a couple of years, and they're unlikely to struggle to stay loyal to the brand. A Forbes headline puts it this way: "Huawei said the U.S. couldn’t ‘crush’ it. Trump is starving it instead."
Mythic Leopard (a.ka. Transparent Tribe) expands Crimson RAT's capabilities.
Kaspersky has released a report on the continuing activities of Transparent Tribe (also known as ProjectM and Mythic Leopard), a cyberespionage group actively deploying the Crimson remote access Trojan (RAT) against its targets. Crimson RAT has been upgraded for the current campaign, with server-side management of infected machines and a USBWorm that steals files from removable drives.
Attribution of Transparent Tribe, which has been active since at least 2013, remains murky, but Palo Alto Networks and others have seen signs of an association with Pakistan. Its target list, heavily although far from exclusively focused on Indian diplomatic and military assets, in itself would seem to argue for a Pakistani connection, but, again, attribution is tough. This latest round of activity is largely concerned with cyberespionage against Afghanistan and India.
A look at the collaborative aspects of EU GDPR enforcement.
SecurityWeek reports that Ireland's Data Privacy Commission has delayed its decision on penalties to be levied against Twitter until objections other European national privacy authorities raised to the draft decision could be addressed and resolved. The European system for enforcing privacy rights guaranteed by GDPR is a mixed one, designed both to provide a "one-stop shop" for regulatory action in which companies are assigned to a single national privacy authority (and most US companies wind up under Ireland), but it also requires circulation of draft decisions with other national commissions. Those can block the draft decision. The Wall Street Journal says the Irish Commissioners have referred the matter to the European Data Protection Board, which will decide the matter by vote within a month. The case is not only the first case of a US company facing a large fine, but is also the first case in which a national authority has been required to refer an action up to the European level.