3rd Quarter 2024 – What you need to know
AstraZeneca China’s President Under Investigation
What Happened:
•November 8 – News in China reported that AstraZeneca China’s President, Lei (Leon) Wang, has been detained in connection with alleged instances of medical insurance fraud.
•November 12 – In a briefing, AstraZeneca CEO Pascal Soriot said that though the company was in touch with Wang, it had “very limited information” about the case. Soriot added that the company has not been approached by the Chinese government about charges against Wang.
Why It Matters:
•Over the past year, a variety of international advisory firms have been subject to raids, investigations, and regulatory scrutiny under Chinese counter-foreign sanctions, corruption, and data legal regimes. The extension of that trend to large multinationals, like AstraZeneca, could reflect an escalation in the Chinese government’s approach to international businesses.
•With China’s macroeconomic picture in the immediate beset with challenges, the central government should be sensitive to negative sentiment and tit-for-tat dynamics with other foreign governments that could place pressure on inbound investment and trade relationships.
CETI Recommends:
•Reviewing any exposure to AstraZeneca subsidiaries or common partners in the Chinese market to identify immediate risks related to the ongoing investigation.
•Monitoring the case for additional details on the nature of the investigation, the status of Wang, and updating internal protocols to address risks of being targeted in a similar fashion.
German Intelligence Warns Russian State-Sponsored Sabotage Attempts on the Rise
What Happened:
• October 15th, 2024: Heads of Germany’s intelligence agencies warned of a “quantitative and qualitative” increase in acts of Russian-sponsored espionage and sabotage in Germany, echoing similar warnings from authorities in the UK and Poland earlier this year.
• There has been a pattern of suspected Russian-backed arson attacks on commercial targets across Germany, the UK, Poland, and Lithuania, all places with a significant concentration of facilities owned by multinational chemical and pharmaceutical producers.
Why It Matters:
• As the war in Ukraine continues, Russia appears to be turning to more unconventional methods of lowering morale in NATO countries in order discourage support for Ukraine. Recent events suggest that Russia is targeting commercial facilities in NATO countries in an attempt to sow terror and confusion through the disruption of supply chains and manufacturing facilities.
• The latest advisory from Germany’s intelligence community aligns with warnings from other European intelligence agencies; Lithuania’s National Crisis Management Center previously warned businesses and organizations supporting Ukraine to “heighten their vigilance, warning them about potential provocations and advising them to strengthen their fire safety measures.”
CETI Recommends:
• Identifying components of supply chains, particularly in Eastern Europe, that would make attractive targets for sabotage, particularly arson.
• Reviewing fire-safety protocols at European production facilities.
Reviewing vetting and security protocols for all employees whose positions give them access and potential opportunities to conduct an attack on your company’s European facilities.
Phishing Attack on OpenAI Linked to China
• A series of phishing attacks targeted OpenAI and social media accounts of OpenAI researchers and staff. The attacks have been linked to China-tied SweetSpecter, which has been previously tied to State-backed hacking campaigns targeting government officials in Asia.
• The phishing campaigns targeted OpenAI employees and specifically directed malicious emails and attachments to the personal email accounts of those targeted employees.
• OpenAI’s review of the attacks found that ChatGPT was being leveraged by the attackers via a cluster of ChatGPT accounts that performed scripting and vulnerability analysis research with the help of the LLM tool.
• Chinese press coverage of the attacks consistently appear to frame a vulnerability to phishing attacks as a weakness of OpenAI and signal that Chinese users should avoid using AI-tools developed by unsecure actors like OpenAI.
Why It Matters:
• Chinese threat actors appear to be experimenting with and improving rapidly in the use of LLM based attacks as a part of broader offensive cyber campaigns. Those campaigns even include targeted attacks against AI researchers.
• As artificial intelligence models continue to improve and proliferate, a wide variety of cyber attackers stand to benefit from automating attack sequences. Efforts to track those advances and to incorporate automation into defenses will be critical inputs into the cyber security balance between attackers and defenders moving forward.
• The OpenAI case is instructive in highlighting how attacks against a multinational target can also be paired with domestic Chinese press coverage to deliver direct effects and to compound into negative public sentiment in the Chinese market.
CETI Recommends:
• Distributing OpenAI’s threat report for consumption by cybersecurity personnel and teams throughout the company.
• Monitor tactics, techniques, and procedures reflected in Chinese hacking groups like SweetSpecter and their adoption of LLM-informed automation.
• Monitor Chinese press coverage of cyber security incidents for great clarity on the role of cyber attacks and social engineering in broader economic aggression campaigns and objectives of the Chinese State.