Friday 14th February 2025

Good morning, it's finally Friday. Today’s newsletter looks into Japan’s bold new cyber defence strategy, a major Apple supplier under ransomware attack, and Trump’s latest cybersecurity shake-ups. Whether it’s proactive hacking, data ransom deadlines, or political appointments with no cyber credentials, one thing is clear—cyber threats aren’t slowing down, and neither are the responses.

Enjoy the read!

Japan Gets Aggressive on Cybersecurity

Japan is turning up the heat on cyber threats with a bold new approach: the Active Cyber Defence Bill. After years of lagging behind US and European cybersecurity standards, Japan has decided to take a more offensive stance, approving legislation that allows it to identify and neutralise cyberattacks before they cause major damage.

The bill, greenlit by the Cabinet on Feb. 7, comes in response to a stark wake-up call from former US intelligence chief Dennis Blair, whose 2022 critique of Japan’s cyber-readiness sent lawmakers into what’s now dubbed “Blair Shock.”The country has been scrambling to catch up ever since, especially as state-backed hackers like China’s MirrorFacecontinue targeting its national security.

Under the bill, Japan will establish a cybersecurity council, require critical infrastructure providers to report attacks, and grant new powers to law enforcement, including hiring cyber harm prevention officers who can take preemptive action against cyber threats—even shutting down enemy servers in real-time.

Not everyone is thrilled—critics warn of potential government overreach. But as cyberattacks grow more sophisticated, Japan seems ready to play offence.

Ransomware Hits Major Apple Supplier

Taiwanese circuit board giant Unimicron—a key supplier for Apple and Intel—has fallen victim to the Sarcoma ransomware group, which claims to have stolen 377GB of sensitive data and is threatening to leak it unless a ransom is paid by Feb. 20.

Unimicron, a crucial player in the semiconductor and electronics supply chain, confirmed that its Shenzhen subsidiarywas hit by a ransomware attack on Jan. 30, but hasn’t disclosed whether sensitive data was compromised. The company has enlisted cyber forensic experts to contain the damage and strengthen its security infrastructure.

Sarcoma, a relatively new ransomware gang active since October 2024, is quickly making a name for itself. This latest attack raises fresh concerns over cyber threats targeting critical tech suppliers, especially as global semiconductor demand remains high.

With the ransom deadline looming, all eyes are on Unimicron—will it pay up or risk a massive data leak?

Trump Taps Political Insider for Top Cyber Role

Former RNC executive Sean Cairncross is reportedly set to become the next US National Cyber Director, despite having no formal cybersecurity experience. If confirmed, Cairncross would take the reins at the Office of the National Cyber Director (ONCD), a key agency responsible for shaping national cybersecurity strategy.

While Cairncross has a strong political and leadership background, critics note that his résumé lacks cybersecurity expertise—a sharp contrast to his predecessor, former CIA official Harry Coker Jr.. His nomination is just one of several Trump administration shake-ups in the cyber area.

• Trump’s AI reversal: One of his first acts was rescinding a Biden-era executive order on AI safety and ethics.
• CISA turmoil: The administration has placed 17 CISA staffers on leave and dissolved advisory groups overseeing election security.
• Cyber policy shifts: Trump also appointed Alexei Bulazel, a former Apple security researcher, as the NSC’s senior director for cyber.

With these rapid changes, Trump’s cybersecurity strategy is still taking shape—and the industry is watching closely.