Electric Panda targets US government contractors.
Politico reports that the US Defense Counterintelligence and Security Agency (DCSA) has warned government contractors that, since February 1st, thirty-eight cleared contractor facilities have been targeted by the Chinese-government-aligned threat actor "Electric Panda." Politico quotes a bulletin distributed by DCSA as saying the agency "detected nearly 600 'inbound and outbound connections' from 'highly likely Electric Panda cyber threat actors' targeting 38 cleared contractor facilities, including those specializing in health care technology." In addition to healthcare, the threat actor has been targeting contractors focused on "cybersecurity, aerospace, naval, health care, power generation, IT systems, telecommunications, risk analysis, and space systems." Politico cites a contractor source as saying these types of warnings from DCSA are common, but it's rare that they single out a specific threat actor.
Apple and Google are developing a COVID-19 contact-tracing system.
Apple and Google announced in a joint statement last week that they're partnering to build a COVID-19 contact-tracing system into the iOS and Android operating systems. The system will use Bluetooth functionality that will notify mobile device users if they’ve been in proximity to someone who’s been infected with the coronavirus. The companies plan to release APIs next month that will "enable interoperability between Android and iOS devices using apps from public health authorities," and then, "in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms. This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities." The system depends upon self-reporting on the part of infected individuals, which means that, for the system to be effective, it would have to attract widespread opt-in as well as inspire a willingness on users’ parts to keep their status up-to-date.
The Verge summarizes the privacy safeguards the system will use, and notes the advantages and drawbacks of using Bluetooth Low Energy (BLE) technology. BLE can estimate distance based on signal strength, but it may not be precise enough to reliably give an idea of how risky an interaction was. The Verge surmises that Apple and Google will be working to hone this technology over the next few weeks.