Thursday 9th May 2024

Good morning everyone, thank you for clicking on today's edition of Cyber Daily on what continues to be an interesting week for the UK. Today, we've got a lineup of stories that underscore the complexities and challenges in the world of cybersecurity.

From a major cybercrime bust in Vietnam to technical troubles at UK airports, and geopolitical cyber tensions involving Germany and Russia, there is an awful lot going on, further evidence that we all need to remain vigilant.

Germany Reprimands Russian Cyber Group Over SPD Hacking Incident

Germany has condemned a cyberattack allegedly conducted by APT28, a Russian state-controlled hacking group, targeting Chancellor Olaf Scholz’s Social Democrats (SPD) and other key government institutions. Foreign Minister Annalena Baerbock took decisive action by recalling German Ambassador Alexander Lambsdorff for consultations in Berlin. The recall underscores the severity with which the German government views this attack, emphasising that it poses a significant threat to Germany’s democratic institutions.

Baerbock held Russian military cyber operators responsible for exploiting Microsoft Outlook to infiltrate SPD email accounts. The attacks have been ongoing since March 2022, soon after Russia invaded Ukraine. Germany's interior ministry highlighted that defence and aerospace companies were primary targets, alongside entities related to the Ukraine conflict.

This incident adds fuel to already tense EU-Russia relations. Josep Borrell, EU’s foreign policy chief, decried Russia’s “irresponsible behaviour” for targeting European institutions. The Czech Republic’s Foreign Ministry also summoned Russia’s ambassador over similar attacks on its infrastructure.

With multiple EU members pointing fingers at Russia, Moscow remains defiant, accusing Western nations of escalating tensions through their condemnation and cyber activities.

Vietnam Cyber Police Arrest 20 Over Facebook Account Hijacking Scam

Vietnamese police have apprehended 20 individuals involved in a sophisticated scheme to hijack over 25,000 high-value Facebook accounts, amassing nearly $4 million in profits. Their leader, 31-year-old Dang Dinh Son, allegedly purchased malware for $1,200 to infiltrate Facebook user accounts and targeted two prominent fan pages for photo-editing sites, "Art Bay AI" and "Evoto Studio."

Using the malware, the group tricked Facebook users into downloading an infected application that gave them control over their devices. The stolen data was then sent to a server managed by Son and shared via five Telegram groups. This enabled the group to hijack and sell high-value Facebook accounts, while the lower-value accounts were utilised for advertising clothing and other items on e-commerce platforms.

The arrests followed coordinated raids in Hanoi, Ho Chi Minh City, and Nam Dinh province, as Vietnamese cybersecurity police cracked down on the operation. State media reports reveal that Vietnam has the seventh-highest number of Facebook users globally, with 75.3 million, making it a prime target for cybercriminals.

UK's E-Gates Border Control System Malfunctions, Leaving Travelers Stranded

A software malfunction, not a cyberattack, was the cause of the recent UK e-gates border control system failure, according to the Home Office. The glitch, which impacted several British airports including London Stansted and Heathrow, resulted in travelers being processed manually by border officials, causing queues that lasted for hours. The system outage began at 19:50 BST and lasted for about four hours, during which Border Force staff scrambled to manually process thousands of travelers.

The issue has since been resolved, and both Stansted and Heathrow Airports have resumed normal e-gate operations. Despite the extensive delays and chaotic scenes at many airports, the Home Office assured the public that border security remained intact and that there were no signs of malicious cyber activity. The failure was not limited to automated gates, with some travelers reporting disruptions to manual checks as well.

E-gates are designed to use facial recognition technology to verify travelers’ identities against biometric passports, usually speeding up border control processes. However, this incident is not the first time the system has malfunctioned. Similar failures occurred last week and in May 2023, as well as in September 2021. The UK isn't alone in facing these issues, as new e-gates at Lisbon Airport in Portugal also experienced technical difficulties, causing significant delays.

These recurring outages highlight the challenges of maintaining a seamless border control system, especially given the pressure to efficiently process the vast number of international travelers passing through UK airports.