At a glance.
- The European Union considers sanctioning Russia and China over cyberattacks.
- Chinese IP theft includes recruitment of company insiders.
- Naming and shaming as a deterrent.
- Iran maintains its regional focus in cyberspace.
- As Huawei cries "trade war," the US FCC begins inventorying Huawei gear in rural networks.
- US House will delay vote on domestic surveillance legislation reauthorization.
- Cyber Solarium prepares its report.
The European Union may sanction Russian and Chinese threat actors.
European diplomats, speaking to the South China Morning Post on condition of anonymity, say that that the EU has begun the process of considering whether to apply its hitherto unused cyber sanctions regime to threat actors the diplomats also declined to name. This represents the early phase of a process that may take about two months, and given the matter's sensitivity the diplomats were unwilling to go into greater detail. Two of the diplomats the paper talked to, however, were willing to concede that the threat actors were Russian and Chinese.
IP theft via traditional human intelligence.
That tradition, of course, is the recruiting of agents, insiders willing through positive inducement or threatening compromise (or both) to work against their organization. At RSAC 2020 Assistant Attorney General for National Security John Demers and Director of the National Counterintelligence and Security Center William Evanina described the ways in which such recruitment, much of it conducted under Beijing's Thousand Talents program, operates against the private sector. This particular espionage craft has long been associated with traditional spying on rival nations, but it seems increasingly clear that such operations are now part of Chinese intelligence policy with respect to industrial espionage, the theft of trade secrets in the service of attaining economic advantage.
Naming and shaming the Ministry of State Security.
CrowdStrike founder Dmitri Alperovitch said yesterday at RSAC 2020 that it appeared China's Ministry of State Security has had to "reset and retool." Comment Panda, Stone Panda, and Gothic Panda, all associated with the MSS, have gone quiet. Whether this amounts to more than a restructuring or reorganization remains to be seen, but it seems US Cyber Command's opinion that shining a light on state actors works, at least with Beijing. Alperovitch said that the Chinese seem unusual in this respect. The Russians, the Iranians, and the North Koreans, to consider the three other familiar adversaries, tend to shrug off American indictments and move on.
Espionage Kittens stay busy against regional targets.
CyberScoop and SC Magazine report that Dell Secureworks has concluded that Iranian cyber operations have maintained their customary steady tempo since Quds Force commander Major General Soleimani died in a US drone strike. There may have been some retaliatory surge, but for the most part the activity looks like business as usual. Researchers attribute the on-going regional cyberespionage to the Iranian threat group COBALT ULSTER (also known as MuddyWater, Seedworm, TEMP.Zagros, and Static Kitten). The governments most affected have been those of Turkey, Jordan, and Iraq, with organizations in Georgia and Azerbaijan also appearing on the target list. The typical attack method has been spearphishing.
Trade war or not, the FCC is making a list of Huawei kit.
Huawei's chief security officer Andy Purdy (an alumnus of the US Department of Homeland Security) is at RSAC 2020 this week, and the Washington Post reports that he's characterizing US warnings about the risk Huawei poses as being nothing more than a gambit in an ongoing trade war with China. Huawei, he says, is independent of the Chinese government and represents no threat to anyone. His fellow panelists, in this case from the US Department of Defense, dismissed his avowals as so much shilling.
Trade war or not, the US Federal Communications Commission (FCC) is now in the process of inventorying the Chinese-manufactured gear that's in US rural networks, CNET says. This is a necessary preliminary step in knowing which carriers will have to get rid of the equipment before they're eligible to receive money from the Federal Government's Universal Service Fund.
US House Intelligence Committee cancels planned vote on surveillance reauthorization.
Sensing that various privacy-friendly amendments recently introduced by Representative Zoe Lofgren (Democrat, California 19th) would make passage by the House unlikely, the Hill says the Intelligence Committee has postponed a vote on the measure.
The Cyber Solarium seems pleased with the Executive Branch's participation.
As it prepares to release its report on March 11th, the US Government's Cyber Solarium, the high-level policy panel convened to develop recommendations for a national strategy in cyberspace, expressed its satisfaction with the process. Fifth Domain reports that the panelists say the representatives from the Executive Branch were particularly committed and helpful, and served as a reality principle throughout their deliberations.