CRINK vs. The West
5–21–2024 (Tuesday)
Hello and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for growth stage companies, investors, and management teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Tuesday, May 21, 2024, and we’ve had quite a week of news following our discussion last week of nation-state actors. Let’s dive right in.
CRINK vs. The West
Maybe the government folks got my message last week, maybe they’re just trying to make an impact ahead of elections, or maybe it’s all coincidence, but we’ve seen a significant amount of activity from government sources in taking action against the nation-state threat actors that are posing a serious risk to the private sector businesses that we’re buying, building, and defending.
For those not familiar with the CRINK acronym, that stands for China, Russia, Iran, and North Korea - each of which have had a bit of a blow felt to them in the past week.
China is getting attention from the FBI and DoJ, where two Chinese nationals were arrested in the US for laundering money in relationship to “pig butchering” scams.
Pig butchering scams, of course, involve fraudsters approaching targets using messaging apps, dating services, and social media platforms to build trust and persuade them to invest in different schemes. They are also notoriously run via people in SE Asia who have been trafficked and are being forced to work against their will, so this should reduce the impact on US and Western victims, and hopefully provide some relief for those being held against their will to run these scams.
Russia has seen another major player in their ecosystem fall - remember that the alleged leader of the LockBit ransomware gang was charged by the Department of Justice earlier this month. This past week saw the FBI and partners seize BreachForums, and arrest their administrator, and mixed messages are rippling through the community around who might be an informant, in jail, or an actual law enforcement agent.
Meanwhile, in Iran, a helicopter crashed over the weekend while carrying President Ebrahim Raisi and seven other people. This will, of course, cause a significant disruption to some of the cyber and related activities that Iran has been carrying out.
Finally, we learned more about the extent to which North Korea has infiltrated Western technology companies, as the Department of Justice arrests an Arizona woman charged with helping run a “laptop farm” at her house. The FBI paired these arrests with a bulletin outlining the tactics used by North Korean threat actors to gain these jobs, and offered some solid advice on how to avoid becoming such a victim.
This one person helped North Korean hackers get “hired as remote software and application developers with multiple Fortune 500 companies, including an aerospace and defense company, a major television network, a Silicon Valley technology company, and a high-profile company.” The revenue they generated was repatriated to North Korea to help continue their weapons development program.
Meanwhile, efforts from our Five Eyes Friends, mainly Canada and the United Kingdom are ramping up.
Canada’s Canadian Centre for Cyber Security weighed in with what they’re calling “Guidance for civil society” to mitigate cyber threats, while the UK’s National Cyber Security Centre is working on a major overhaul of ransomware payments, “requiring all victims to report incidents to the government, and then obliging those victims to seek a license before making any extortion payments.”
This may mark a turning point in this conflict - particularly in those parts of this new Cold War that consistently trickle into our domains here.
I would expect things to get more active before they settle down, both in response to these activities, leading up to the election here in the US, and with ongoing geopolitical tensions for each of the CRINK members.
Meanwhile, my advice to you remains the same as last week: manage and defend those things within your purview, and encourage your government counterparts to do the same on their side.
Fundraising
From a fundraising perspective, quite a drop this week - less than 10% of what we raised last week, with a bunch of smaller announcements coming together to just barely break $3B in newly committed capital.
They can’t all be blockbuster weeks, and sometimes there’s a dip, but I don’t think it’s a trend. We’ve already seen multiple announcements this week that are larger than last week, so get ready for more eleven digit fundraising amounts.
You can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and we’ll see you next week for another edition of the Intentional Brief.
Links
https://thehackernews.com/2024/05/chinese-nationals-arrested-for.html
https://databreaches.net/2024/05/15/breachforums-seized-by-fbi-and-law-enforcement-partners/
https://www.ic3.gov/Media/Y2024/PSA240516
https://therecord.media/uk-proposal-mandatory-reporting-ransomware-attacks