Australia and Vanuatu signed a bilateral security agreement, which includes cybersecurity cooperation. Australia already helped Vanuatu after a ransomware attack in November which impacted emergency services, schools, and hospitals.
This agreement is part of Australia’s renewed push to strengthen its relationships with other countries in the Pacific in the context of China’s increasing presence.
Russia will soon present proposals for universal and binding agreements on international information security, according to Russian Deputy Foreign Minister Oleg Syromolotov. As he explained, this resolution will support the activities of the UN Open-Ended Working Group on ICT security and use. It could serve as a platform for reaching a consensus on international information security.
CISCO identified an increased infection of Truebot malware, with a high possibility of its association with the Evil Corp threat actor. CISCO also found that attackers shifted their malicious delivery methods among various techniques. In October 2022, many infections used Raspberry Robin, a recent malware spread through USB drives, as a delivery vector. One of these attacks had a fully featured custom data exfiltration tool named Teleport, which was used to steal information. So far, two Truebot botnets have been identified. The first is distributed online, focusing on Mexico, Pakistan, and Brazil. In contrast, the second mainly focuses on the USA and is almost exclusively composed of Windows servers.
A hospital in the Parisian suburb of Versailles, France, has been the victim of a cyberattack which led to the cancellation of all operations and transfer of patients to other hospitals. It appears that the attack was led by ransomware actors, but it is yet unclear whether data was stolen.
In October 2022, Amnesty International Canada detected and investigated a sophisticated digital security breach. The organisation announced that, according to forensic experts at the cybersecurity firm Secureworks, the attack was likely orchestrated by ‘a threat group sponsored or tasked by the Chinese state’. The conclusion was based ‘on the nature of the targeted information as well as the observed tools and behaviors, which are consistent with those associated with Chinese cyberespionage threat groups’. China’s embassy in Ottawa denied the allegations.
A ransomware attack affecting phone and computer systems of the André-Mignot teaching hospital in the suburbs of Paris forced the institution to shut down. While a ransom of an unspecified amount has been demanded, a spokesperson for the hospital had stated that they have no intention of paying it. The attack has caused the hospital to cancel operations and transfer six patients from its neonatal and intensive care units to other health facilities. The attack is currently being investigated by the French National Authority for Security and Defense of Information Systems (ANSSI).
CSIRT Italia, the Italian Computer Security Incident Response Team, has identified an increase in Distributed Denial of Service (DDoS) against the information infrastructure of key Italian critical infrastructure. Attacks seem to be launched by a group of Russian hackers but have not breached the integrity and confidentiality of information so far.
Microsoft has warned that Russian cyberattacks are likely to continue to target Ukrainian critical infrastructure, and may also target countries and companies that are providing Ukraine with vital supply chains of aid and weaponry. The company also noted that ‘cyber-enabled influence operations’ that target Europe are likely to be conducted in parallel with cyberthreat activity.
Microsoft also announced that its AI for Good Lab has created a Russian Propaganda Index (RPI) ‘to monitor the consumption of news from Russian state-controlled and sponsored news outlets and amplifiers’. Compared to other Western Europe countries, Germans read and watch significantly more Russian propaganda, the AI for Good Lab found.
The Swiss government has advanced a proposal for legislation that would impose mandatory notification of cyberattacks against critical infrastructures to the National Cybersecurity Center (NCSC). According to the government, ‘successful cyberattacks can have far-reaching consequences for the availability and security of the Swiss economy’; therefore a mandatory reporting scheme would provide a clearer picture of attacks and attackers and better inform cybersecurity measures.
Between 28 November and 2 December 2022, NATO held its Cyber Coalition 2022 cyber defence exercise with the goal of boosting member countries’ cyber resilience.
The exercise involved 1000 cyber defenders from 26 NATO allies, Finland, Sweden, Georgia, Ireland, Japan, Switzerland, and the EU, as well as experts from business and academia.
Cyber Coalition 2022 was used to test and validate concepts, capture requirements, or explore disruptive technologies, in support of military operators and commanders. It included experiments on the use of artificial intelligence to help counter cyber threats, on the standardisation of cyber messages to foster information sharing, and on the exploitation of cyber threat intelligence to inform cyberspace situational awareness.
