The Week in Security: Pro-China cyber operation Dragonbridge targets U.S. elections

This week: Pro-China operation Dragonbridge targets the U.S. political system. Also: Two flaws in Cisco AnyConnect are being actively exploited.

This Week’s Top Story

Pro-China actors are targeting the U.S. political system

With the U.S. midterm elections rapidly approaching, actors are carrying out hacking operations to take advantage of increasing tensions. CyberScoop reports that there is a pro-China influence operation hard at work in its targeting of the American public. The latest evidence of this comes from researchers at Mandiant, who believe this operation is an attempt to create further divisions both domestically in the U.S. and abroad.

Mandiant has dubbed this operation “Dragonbridge,” and believes the group has been active since June 2019. The operation has cited social justice and racial strife narratives to criticize the U.S., and has attempted to push other narratives that delegitimize the U.S. political system.

For example, one campaign that was carried out in September was a propaganda video in English, shared across social media platforms, which questioned whether or not voting really matters. The video called America’s political system “ineffective and incapacitated,” and it used images of the January 6, 2021 riot at the U.S. Capitol.

Other narratives pushed by Dragonbridge aim to cause division from an international perspective. These include a campaign that labels a Chinese hacking group known as APT41 as an American-led operation, as well as blaming the U.S. on this month’s Nord Stream gas pipeline explosions, which Russian President Vladmir Putin previously asserted. Mandiant also discovered an operation in which at least 72 bogus news sites spread across four continents pushed out Chinese propaganda that highlighted criticism of the U.S. Speaker of the House Nancy Pelosi’s recent visit to Taiwan.

While Mandiant and other cybersecurity experts agree that the Dragonbridge operation has not been effective, it is concerning that pro-China cyber operations are increasing their efforts to target the American public’s trust in its political system, as well as further international divisions.

News roundup

Here are the stories we’re paying attention to this week…

Microsoft fixes Windows vulnerable driver blocklist sync issue (Bleeping Computer)

Microsoft says it addressed an issue preventing the Windows kernel vulnerable driver blocklist from being synced to systems running older Windows versions.

Australia increases fines for massive data breaches (Schneier on Security)

After suffering two large data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. (That’s $50 million AUD, or $32 million USD.)

Two flaws in Cisco AnyConnect Secure Mobility client for Windows actively exploited (Security Affairs)

Cisco is warning of exploitation attempts targeting two security flaws, tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), in the Cisco AnyConnect Secure Mobility Client for Windows. Both vulnerabilities are dated 2020 and are now patched.

Battle with bots prompts mass purge of Amazon, Apple employee accounts on LinkedIn (Krebs on Security)

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.

Open source is just the tip of the iceberg in software supply chain security (Dark Reading)

Curtis Yanko lays out the various risks associated with software supply chains, beyond just open source software risks.

Typosquat campaign targeting Android, Windows users now counts 600+ domains (InfoSecurity Magazine)

Security researchers have uncovered several pivots that suggest a much larger set of domains associated with a massive typosquat campaign discovered by Cyble and Bleeping Computer over the weekend.

Image: Tim Evanson from Cleveland Heights, Ohio, USA, CC BY-SA 2.0, via Wikimedia Commons