Breach Roundup: Canada Bans WeChat and Kaspersky AppsAlso: Iranian State Hackers Stalk Middle Eastern Governments
Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, Canada banned WeChat and Kaspersky apps, REvil members faced trial in a Russian military court, the British Library experienced an IT outage, Iranian state-backed hackers targeted Middle East governments and European officials extended the ban on Meta's behavioral advertising practices.
Canada Bans WeChat and Kaspersky Apps
The Canadian government banned Tencent and Kaspersky applications on government mobile devices, citing unacceptable risks to privacy and security.
Effective last Monday, Ottawa blocked civil servants from future downloads of the apps and initiated a removal process for already-installed apps. Kaspersky is based in Russia, and Tencent, maker of super app WeChat, is based in China. The Chinese government has a 1% stake in Tencent, an amount known as a "golden share" since it gives Beijing additional access to the internal workings of businesses.
President of the Treasury Board of Canada Anita Anand highlighted the risks of the apps, emphasizing the considerable access these apps have to device contents.
Russian cybersecurity vendor Kaspersky criticized the move, alleging political motives. China's Foreign Ministry spokesperson, Wang Wenbin, also condemned the ban, saying the Canadian government failed to provide hard evidence and characterizing the ban as an abuse of state power in the name of national security.
The decision follows Canada's earlier ban on TikTok in February, citing similar security concerns.
Kaspersky came under a governmental device ban in the United States in 2019 and in 2022 joined the Federal Communications Commission's blacklist of companies that present a national security risk. The Trump administration attempted to ban WeChat from American consumers through executive order. The Biden administration reversed the ban in June 2021 while ordering the Department of Commerce into an ongoing evaluation of software that could pose a national security threat.
Suspected REvil Members Back in Military Court
The suspects are reported as Artem Zaets, Alexey Malozemov, Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, Dmitry Korotaev, Daniil Puzyrevsky and Ruslan Khansvyarov. They will continue to be detained at barracks. Russia arrested the alleged members of the ransomware group following a tip from the United States.
REvil orchestrated high-profile attacks on JBS and Colonial Pipeline in May 2021, causing global disruptions in poultry and pork processing plants and triggering a short-lived gasoline shortage in the United States. In July of the same year, the group exploited a vulnerability in remote monitoring and management software developed by Kaseya. An attack on the company's Virtual Systems Administration ended up infecting about 60 managed service provider customers and up to 1,500 clients.
British Library IT Services Down
The British Library in London is investigating an IT outage that affected its website and various services following a cyber incident on Saturday. The disruption extends to phone lines and on-site library services in London and Yorkshire.
The ongoing outage affects online systems, services and the website. Collection items requested on or before October 26 remain accessible on-site. The library's reading rooms remain operational.
Iranian State-Backed Hackers Target Middle East Government
An Iranian nation-state threat group tracked as Scarred Manticore by Check Point is actively engaged in an espionage campaign targeting high-profile organizations across the Middle East. Focused on government, military and telecom sectors, the group has been infiltrating entities in Saudi Arabia, the United Arab Emirates, Jordan, Kuwait, Oman, Iraq and Israel.
Researchers believe Scarred Manticore is linked to Iran's Ministry of Intelligence and Security and has been operational since at least 2019. Distinctive in its tactics, Scarred Manticore customizes implants for each compromised server, camouflaging malicious activities within legitimate network traffic and prolonging detection evasion. The group is relying on an advanced passive malware framework installed on Windows servers that Check Point dubs "Liontail." While that tool appears unique to Scarred Manticore, shared tools align the group with activities previously associated with the Iranian hacker group OilRig.
Despite the connections, researchers stop short of definitively linking Scarred Manticore to OilRig. The group's tools were also implicated in a destructive attack on Albanian government infrastructure, allegedly sponsored by MOIS (see: Albania Cuts Diplomatic Ties With Iran After Cyberattack).
European Officials Extend Ban on Meta
European authorities ordered Ireland's Data Protection Commission to impose a ban on Meta's behavorial advertising without consent. The European Data Protection Board on Tuesday gave the Irish DPC, which oversees Facebook's European operations, two weeks to impose a ban that will be effective in all countries in the European Economic Area - members of the European Union, plus Iceland, Liechtenstein and Norway.
The directive comes after data protection officials in Norway imposed a temporary ban on compulsory behavioral advertising on Facebook and Instagram (see: Norway Court Upholds Temporary Ban of Behavioral Ads on Meta).
Critics of behavioral advertising say it violates individual privacy unless explicitly authorized by users who have the ability to continue to use online services even if they reject web browsing tracking. Internet giants including Facebook and Google offer cost-free access to powerful digital technology in exchange for collecting data about user online behavior. They use the data to show users ads that businesses hope will reach likely customers. Unlike contextual advertising, which matches ads to the content of web pages, behavioral advertising targets specific user profiles with ads, regardless of the context in which they appear.