Russia arrests REvil ransomware affiliates
Moscow claimed it dismantled the notorious ransomware gang REvil earlier this week, as the Russian Federal Security Service (FSB) arrested more than a dozen people affiliated with the group and searched over twenty five addresses. The FSB stated it acted on the request of American law enforcement and the men arrested face up to seven years in prison if convicted. Biden administration officials also confirmed that the perpetrator of the Colonial Pipeline ransomware attack was arrested in the raids, although they declined to provide the hacker’s identity. The arrests may be part of an attempt at gaining leverage at the negotiation table in the ongoing crisis around Russian troop movements and a potential military incursion into Ukraine.
Ukrainian infrastructure targeted in wiper and defacement attacks
Ukrainian government agencies and websites were targeted by wiper and defacement attacks earlier this week. Ukraine attributed the attacks to Belarussian threat actor UNC1151, which is also responsible for the ongoing Ghostwriter disinformation campaign in Europe. There has been speculation, however, that Russian threat actor Sandworm may have been involved in the wiper attacks. Belarus is a close ally of Russia, which has stationed hundreds of thousands of troops around Ukraine over the past month. Ukraine has often served as a testing ground for Russian cyberweapons. Russian threat actors are believed to be behind the NotPetya attacks and, in 2015 and 2016, attacks that could have devastated the Ukrainian power grid.
Austrian regulator rules that Google Analytics violated data privacy regulations
Influence Campaigns and Disinformation
The Austrian Data Protection Authority ruled that Google Analytics, a major advertising toolkit for websites, violated the European General Data Privacy Regulation because it transferred user’s personal data to the United States. The authority specifically said that moving data to the United States posed a risk of intelligence agencies accessing the data, which the authority considered an unacceptable risk to privacy. The ruling means that Google Analytics must either set up local data centers or companies in Europe must avoid using Google Analytics. Google Analytics controls a majority of the internet analytics market. Data transfers between the United States and Europe have been in flux since 2020, when the European Court of Justice invalidated Privacy Shield, a data sharing agreement between the European Union and United States.
Europol seizes servers of VPN service used by ransomware operators
The European Union Agency for Law Enforcement Cooperation (Europol) announced that it shut down the servers of VPNLab[.]net, a virtual private network (VPN) service frequently used by ransomware groups to obfuscate their location and data. Europol also seized fifteen servers from VPNLab, the contents of which may help identify ransomware affiliates who used the site. Europol and Dutch police also collaborated in taking down another VPN favored by cybercriminals in June of last year. Ransomware has become a growing problem in Europe, with the number of significant ransomware incidents doubling between 2020 and 2021.
U.S. agents allegedly ordered WhatsApp to spy on Chinese phones
On January 17, Forbes reported that in November 2021, the U.S. Drug Enforcement Agency (DEA) demanded messaging app WhatsApp surveil seven users based in China and Macau. WhatsApp was told to monitor IP addresses and phone numbers, but not content, which is protected by end-to end encryption. Although it was later revealed that the individuals under suspicion were engaged in narcotics trafficking, the lack of explainable probable cause raises eyebrows about the government’s reach in surveillance. In recent years, the United States has increasingly wielded the 1986 Pen Register Act to extract IP information from tech firms without probable cause, with the Justice Department arguing that it can order a trace if “the information likely to be obtained is relevant to an ongoing criminal investigation being conducted by that agency.”
Influence Campaigns and Disinformation