State Department Launches Bureau of Cyberspace and Digital Policy

Wallet company Trezor confirms phishing attack, Hackers stole $15.6 million from Inverse Finance, Lapsus$ teens charged, Claims of China's cyberattacks in Ukraine questioned, much more

Apr 4

The U.S. Department of State announced that its new bureau devoted to cybersecurity, the Bureau of Cyberspace and Digital Policy (CDP), which nearly 100 people will staff, began operations on Monday, April 4. The CDP bureau will address the national security challenges, economic opportunities, and implications for U.S. values associated with cyberspace, digital technologies, and digital policy.

The Bureau includes three policy units: International Cyberspace Security, International Information and Communications Policy, and Digital Freedom. Ultimately, the bureau will be led by a Senate-confirmed Ambassador-at-Large. Starting today, Jennifer Bachus, a career member of the Senior Foreign Service, is serving as Principal Deputy Assistant Secretary for the CDP bureau. PDAS Bachus will serve as Senior Bureau Official until an Ambassador-at-Large is confirmed. In addition, Michele Markoff is serving as Acting Deputy Assistant Secretary for International Cyberspace Security, Stephen Anderson is serving as Acting Deputy Assistant Secretary for International Information and Communications Policy, and Blake Peterson is serving as Acting Digital Freedom Coordinator.

The new cybersecurity Bureau comes after a restructuring of the Deparment’’s cybersecurity role under Donald Trump. (Aaron Schaffer / Washington Post)

Related: State Department

Bureau of Cyberspace and Digital Policy @StateCDP

Hello world! As of today, we are the @StateDept’s newest bureau, responsible for leading U.S. diplomacy on cyber and digital policy issues. #cyberdiplomacy state.gov/establishment-…

Crypto hardware wallet company Trezor confirmed that some of its users were the target of a phishing attack over the weekend. The phishing attack was an attempt to induce users to download malicious code under the guise of Trezor's Suite desktop app by alleging a fake security breach at the company.

Trezor said that "MailChimp [has] confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected." (Michael McSweeney / The Block)

Trezor @Trezor

MailChimp have confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected. 1/

Ethereum-based lending protocol Inverse Finance (INV) said that it suffered from an exploit, with an attacker netting $15.6 million worth of stolen cryptocurrency.

The attacker targeted Inverse’s Anchor (ANC) money market, artificially manipulating token prices to borrow loans against extremely low collateral. This hack marked the third of a DeFi protocol in one week. On Tuesday, the gaming-focused Ronin network announced a loss of more than $625 million in crypto. Then two days later, lending protocol Ola Finance said it was exploited for $3.6 million. (Sam Kessler / CoinDesk)

Related: U.Today, BeInCrypto, Bitcoinist, The Block, PYMNTS

Two UK teenagers have been charged with multiple cybercrimes as part of an international police investigation into the Lapsus$ gang, which has hacked significant tech firms, including Microsoft.

Both teenagers are charged with three counts of unauthorized access with intent to impair the operation of or hinder access to a computer and two counts of fraud by false representation. One of the teens has also been charged with one count of causing a computer to perform a function to secure unauthorized access to a program. Last week, the City of London Police, which is leading the international investigation into Lapsus$, announced that it had arrested seven people between the ages of 16 and 21 in the UK. (Joe Tidy / BBC News)

Despite the arrest of supposed gang ring leaders, the LAPSUS$ cybercriminal gang has continued to engage in malicious digital acts without them.

LAPSUS$’ newest victim is the global software developer Globant, which claims several blue-chip technology companies as its clients. Last week the gang dumped passwords, along with a link to what it said was 70 gigabytes of Globant’s internal data. Some members of a now-defunct hacker group called the Recursion Team have been behind fake data requests from law enforcement officials and are now affiliated with LAPSUS$. (Lucas Ropek / Gizmodo)

z3я0тяυѕт 🇺🇦✊ @z3r0trust

In a matter of months, LAPSUS$ has managed to conduct a series of remarkably successful cyberattacks on the likes of Microsoft, Samsung, Nvidia, and other big name firms A Hacker Gang's Alleged Members Are in Jail. It's Still Stealing Data.

gizmodo.comA Hacker Gang’s Alleged Members Are in Jail. It’s Still Stealing Data.LAPSUS$ is causing global amounts of trouble despite the arrests of half a dozen alleged members of the gang and a looming court case.

Researchers at Claroty discovered two vulnerabilities in Rockwell Automation's programmable logic controllers (PLCs) and engineering workstation software that an attacker could exploit to inject malicious code on affected systems and stealthily modify automation processes.

The researchers say that the flaws can potentially disrupt industrial operations and cause physical damage to factories like that of Stuxnet and the Rogue7 attacks. The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about the flaws, outlining mitigation steps users of the affected hardware and software can take for a "comprehensive defense-in-depth strategy." (Ravie Lakshmanan / The Hacker News)

Intelligence memos claim to show that China staged a massive cyberattack on Ukraine’s military and nuclear facilities in the build-up to Russia’s invasion.

More than 600 websites belonging to the defense ministry in Kyiv and other institutions suffered thousands of hacking attempts, according to the memos headed “Chinese Attacks on Ukrainian Government, Medical & Education Networks.” Cybersecurity experts were quick to dispute the reports saying that the so-called cyberattacks by China were likely nothing more than routine vulnerability scanning. (Maxim Tucker / The Times)

Shannon Vavra @shanvav

The report China has waged a "huge" cyberattack on Ukraine might be a bit of an exaggeration. It seems to be just run of the mill scanning I'm told. @bread08 tells me: “We’ve seen consistent Chinese targeting of Ukrainian & other European gov entities"—but not disruption.

Larisa Brown @larisamlbrown

EXCL: China staged a huge cyberattack on Ukraine’s military and nuclear facilities in the build-up to Russia’s invasion, according to intelligence memos obtained by The Times https://t.co/2JMkcl2iac

Maggie Miller @magmill95

In a statement, Ukrainian Security Service spokesman Artem Dekhtiarenko said the SSU "did not provide the media with any official information that cyberattacks from China were allegedly carried out," and that it "does not currently have such data and no investigation is underway"

Larisa Brown @larisamlbrown

German wind turbine manufacturer Nordex SE experienced a cyber security incident that forced it to shut down IT systems across multiple locations and business units as a precautionary measure.

The company said that the incident had been noticed early and that the shutdown of IT systems might affect customers, employees, and other stakeholders. (Reuters)

Related: Renewables Now

Henrik Moltke @moltke

Nordex, another major wind turbine manufacturer hit by ‘cyber incident’ (normally meaning ransomware). Note that the release comes two days after the attack - and no mention of OT systems. I’m also noting that a lot of green energy companies were targeted lately. Coincidence? 🇷🇺

Researchers from Lab52 say that a previously unknown Android malware uses the same shared-hosting infrastructure used by the Russian APT group known as Turla. However, attribution to the hacking group is not possible.

They identified a malicious APK named “Process Manager” that acts as Android spyware, uploading information to the threat actors. Process Manager attempts to hide on an Android device using a gear-shaped icon, pretending to be a system component, and then asks for eighteen different permissions. The app also downloads additional payloads to the device. (Bill Toulas / Bleeping Computer)

GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords.

The bug (discovered internally and tracked as CVE-2022-1162) affects both GitLab Community Edition (CE) and Enterprise Edition (EE). GitLab urged users to immediately upgrade all GitLab installations to the latest versions (14.9.2, 14.8.5, or 14.7.7) to block potential attacks. (Sergiu Gatlan / Bleeping Computer)

A group of academics from the University of Oxford and Armasuisse S+T has disclosed details of a new attack technique they call Brokenwire against the popular Combined Charging System (CCS) that could potentially disrupt the ability to charge electric vehicles at scale.

The attack interferes with the control communications that transpire between the vehicle and charger to wirelessly abort the charging sessions from as far as 47m (151ft). Details of the attack have been kept under wraps to prevent active exploitation in the wild while concerned stakeholders work towards arriving at appropriate countermeasures. (Ravie Lakshmanan / The Hacker News)

Related: Brokenwire

Axie Infinity, the play-to-earn crypto game in which players collect digital pets known as "Axies," hosted a previously scheduled party hours after it learned it was the victim of a hack of $625 million.

That day, March 29, was also the day that Jeff "The Jiho" Zirlin, Axie Infinity's 31-year-old co-founder, was tapped to give the keynote address at the inaugural NFT LA that took over Los Angeles' LA Live convention center. "We realized the Ronin network has been exploited for 173,000 [Ethereum] and around 25 million dollars in USDC," Zirlin announced to a stunned crowd during his keynote, under a screen with the words "State of the NFT Union: Where we are today and what's next." (Jon Sarlin / CNN Business)

Benjy Sarlin @BenjySarlin

Starting to wonder if we should run the economy on giant crypto businesses where poor Filipinos play a Pokémon-style game to earn a meager living that can then be hacked for $625m losses overnight

cnn.comAfter a $625 million hack, the party must go onEarlier in the day, Axie Infinity, the play-to-earn crypto game in which players collect digital pets, had announced that the Ronin Network was the victim of a hack of $625 million — a monumental amount, even in the era of mega crypto heists.

Cybersecurity journalist Kim Zetter examined the work of Intrusion Truth, a Chinese individual or group devoted to exposing the real names of Chinese-state-backed, financially motivated hackers. She also spoke with a dozen security experts about the pros and cons of exposing nation-state hackers and the effect, if any, it has had on curbing China’s theft of trade secrets.

Intrusion Truth told Zetter that the group is composed of and consults “a global network of anonymous contributors” from various backgrounds whose identities are sometimes unknown even to each other. Although experts say there is value in naming and shaming the Chinese threat actors, Intrusion Truth’s work is of little importance in defending organizational networks, and the value of outing threat actors was more effective years ago. (Kim Zetter / Zero Day)

J. A. Guerrero-Saade @juanandres_gs

A @KimZetter two-parter on Intrusion Truth and outing Chinese APT operators! Interesting to see open speculation and RUMINT around the industry codified alongside IntrusionTruth's own spokespeople.

zetter.substack.comUnmasking China’s State HackersIntrusion Truth debuted in 2017, unmasking hackers working for the Chinese government. Five years later they’re still at it, while managing to keep their own identity a secret.

Password authentication startup Tru.id raised $9 million in a venture funding seed round.

Sorenson Ventures joined its seed funding round alongside Episode 1, MMC Ventures, and NHN Ventures. (FinSMEs)

Related: Business Wire, Tech.eu

Photo by Lucas Sankey on Unsplash