Cyber Week in Review: June 30, 2022
Iranian Steel Mills Targeted in Cyberattack; Spyware Found in Italy and Kazakhstan; Italy Bans Google Analytics; Hackers Steal Over $100 Million in Cryptocurrency; New Chinese Disinformation Campaign Found.
June 30, 2022 12:20 pm (EST)
- Post
- Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.
Iranian Steel Facilities Targeted in Destructive Cyberattacks
The latest in a string of hacktivist attacks hit Iranian critical infrastructure earlier this week, when three steel companies were hit by apparent cyberattacks. The hacktivists group responsible, who call themselves Gonjeshke Darande, posted a video on their Twitter account purporting to show physical damage to one of the facilities. Cybersecurity researchers connected the malware used in the attack, known as MeteorExpress, to another attack last year that paralyzed train service around the country. Iran has been the target of several major cyberattacks over the past year, including an attack which crippled the country’s gas subsidy system for several hours in October 2021, and another in which attackers leaked a series of videos from Iran’s Evin prison showing abuse of prisoners. Iran and Israel have been engaged in an escalating cyber conflict over the past year, and the latest attack may represent another phase in Israel’s campaign.
Spyware Targets Users in Italy and Kazakhstan
Google’s Threat Analysis Group (TAG) discovered RCS Labs, an Italian spyware vendor, has been targeting mobile users on iOS and Android in Italy and Kazakhstan. These attacks sent a unique link to the target which if clicked would install a malicious application onto the device. In some cases, the attacker worked with the target’s internet service provider (ISP) to disable the target’s mobile data connectivity. The user would then be sent a text message to download an application to restore connectivity. Alternatively, if ISPs are not involved, the applications are disguised as messaging platforms like WhatsApp. Google notes that the commercial spyware industry is rapidly expanding, threatening the privacy of all internet users. Spyware is increasingly being used to target dissidents, journalists, human rights workers, and opposition party politicians.
Italy’s Privacy Authority Warns Against the Use of Google Analytics
More on:
The Italian data protection authority (DPA) has ruled that a local web publisher, Caffeina Media Srl’s, use of Google Analytics is in violation of the European Union’s (EU) data privacy legislation since it transfers user data to the United States, which lacks adequate data protection laws. Italy has joined a growing list of countries in the EU that have concluded Google Analytics violates the bloc's data export rules and that Google’s data protections are insufficient. To address this issue, Italy’s DPA has given the web publisher ninety days to stop the data flowing to the United States. These strikes against the service are linked to a landmark ruling from the EU’s top court in July 2020 that deemed Privacy Shield, a data transfer agreement between the EU and the United States invalid. A replacement for Privacy Shield was announced by President Biden and European Commission President Ursula von der Leyen in March 2022, and European officials are confident the new agreement will withstand legal challenges. Others have argued the negotiated arrangement is unlikely to be robust enough to surpass mounting legal challenges.
Hackers Exploit Harmony Blockchain and Steal $100M in Cryptocurrency
The blockchain company Harmony announced that hackers had stolen nearly $100 million from the network. Harmony runs a service which allows people to transfer cryptocurrencies between different blockchains. Harmony identified the wallet the attackers transferred the stolen funds to, but the hackers appear to have already filtered at least a quarter of the stolen cryptocurrency through Tornado Cash, a cryptocurrency mixing platform which can obfuscate transactions. There have been several large cryptocurrency thefts this year, including the theft of over $625 million from the Axie Infinity video game in April.
China Posed as Texans on Social Media to Attack Rare Earths Rival
The cybersecurity firm Mandiant uncovered a Chinese influence operation designed to mobilize protests against Lynas Rare Earths Ltd., a rare earth mining company. These social media attacks began after Lynas signed a $120 million contract with the Department of Defense to build a processing facility in Texas which threatened China’s global dominance in the mining and processing of rare earth elements. The campaign was traced back to Dragonbridge, a group that has been posting content across seven different platforms against the rare earth facility in Texas since 2019. Dragonbridge deployed numerous social media accounts posing as Texas natives criticizing the facility for the potential environmental damage it would cause. While this operation gained far less traction than previous influence campaigns from China, it was better at micro-targeting audiences to leverage authentic criticism, according to researchers at Mandiant.
More on: