There are no coincidences:  The recent arrival of 4 B-52 bombers in Guam – along with the Marines and the official opening in January of a reactivated, expanded U.S. military base on the U.S. territory – might have some causal relationship to a recent cyberattack on the mobile, television, internet, and telephone services of the island territory.  

 

There are no coincidences:  The recent arrival of 4 B-52 bombers in Guam – along with the Marines and the official opening in January of a reactivated, expanded U.S. military base on the U.S. territory – might have some causal relationship to a recent cyberattack on the mobile, television, internet, and telephone services of the island territory.  

When it comes to the current cyberwar, we have tried to capture in the pages of OODA Loop what one OODA Network member characterized in an OODA Network monthly meeting as “a tremendous amount of free fire activity from a variety of uncontrolled, unilateral, private actors.”

Overall, attacks on U.S.-based critical infrastructure are an obvious concern.  But are they too obvious?  Are the more significant, strategic threat vectors found in geographic outliers like Guam, Albania, and Costa Rica?  And, if so, is there a broader, Chinese, Iranian, North Korean, and/or Russian cyberwar strategy at play?   

We now explore the efforts to restore telecom services in Guam in the last few weeks – along with an update on the ongoing impact of cyberattacks in Albania and the Conti Gang cyber attack in Costa Rica we surfaced back in the Spring of 2022 – and the recent U.S. financial assistance sent to both countries.  

Note:  By the time geopolitical tensions hit 60 Minutes, OODA Loop has spent plenty of time on the topic in the run-up to the mainstream encapsulation of trends and events captured in a 60 Minutes segment.  That said: the 60 Minutes segment included above captured the current situational awareness in the South China Sea and Guam in a compelling fashion, which complements the update on cyber activity in Guam discussed here.   

Guam Restoring Services After a Major Cyberattack of Telecom Provider

“Nestled in between the Philippines and Micronesia, Guam and the Northern Mariana Islands are U.S. territories with a population of more than 220,000 people.  Despite their remoteness, several Pacific islands have dealt with recent cyberattacks. The state-owned telecommunication company of Tonga was hit with ransomware last month, while the French island of Guadeloupe was attacked in November and the government of Vanuatu — about two hours by plane from Tonga — was knocked offline following a ransomware attack.

That attack crippled the operations of Vanuatu’s parliament, police, and prime minister’s office while also taking down almost all of the digital tools used by the country’s schools, hospitals, and government services.  

https://twitter.com/DocomoPacificGu/status/1636541123299782657

[Most recently], the largest telecom in the U.S. territories of Guam and the Northern Mariana Islands is slowly recovering from a cyberattack that brought down many of its services.  The outages started on Thursday evening, and by Friday Docomo Pacific CEO Roderick Boss confirmed that the company’s servers were attacked during a cybersecurity incident.

‘Early this morning, a cyber security incident occurred and some of our servers were attacked. Immediate failsafe protocols were initiated by DOCOMO PACIFIC cyber security technicians to shut down affected servers and to isolate the intrusion,’ Boss explained in a statement.

‘DOCOMO PACIFIC’s customer data, mobile network services, and fiber services remain unaffected, protected, and secure at this time. We are working to restore service as soon as possible.’ Scores of customers took to Facebook and Twitter to report that their phone service and internet was down.

The company published an incomplete update on Twitter Saturday evening saying some services were back online. The company did not say what services and what areas were back online and did not respond to requests for comment.  The company suggested people tether devices like laptops and tablets to their phones and use mobile data to access the internet. As of Sunday evening, several customers questioned this advice because phone service was also down.  The company later deleted a Facebook post with updates after it was inundated with angry comments from customers.

In its statement, Docomo Pacific was unable to say when service would be fully restored. The company did not respond to questions about whether it was a ransomware attack.” (1)

The U.S. is Sending Financial Support to Countries Devastated by Cyberattacks – Including Albania

A U.S. Official told WIRED that “in February the US government provided a…$25 million grant to Albania in the wake of a destructive attack on that country’s government last summer that has been attributed to Iranian hackers.  The official said that the Biden administration has been choosing cybersecurity funding recipients “based on the significance of the attacks that occurred.” Iran’s cyberattack on Albania was noteworthy for its targeting of a NATO member. (2)

https://oodaloop.com/briefs/2022/09/13/iranian-hackers-launch-renewed-attack-on-albania/

https://oodaloop.com/cyber/2022/09/22/iranian-hackers-hid-in-albanian-networks-for-over-a-year/

 

U.S. Commits $25 Million to Costa Rica for Conti Ransomware Recovery

https://oodaloop.com/ooda-original/2022/05/10/costa-rica-in-a-state-of-emergency-is-conti-gang-cyber-attack-a-sphere-of-influence-shot-across-the-bow/

On the day when a new president, Rodrigo Chaves, took the helm in Costa Rica, a state of emergency was declared in the country based on the impact of a cyber-attack by the Russia-affiliated Conti Ransomware Gang. The week of Monday, April 18th, 2022, Costa Rican governmental systems were hit by a ransomware attack:

“The disruption of multiple systems was first reported a week ago by the country’s Finance Ministry. An attack on the ministry impacted several processes, including tax collection, the payment of public employees, and the importation and exportation of goods through Costa Rica’s customs agency.

Further attacks were waged against Costa Rica’s Labor Ministry, the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), the National Meteorological Institute (IMN), the Radiográfica Costarricense (RACSA), and a human resources portal belonging to the country’s Social Security agency, Caja Costarricense de Seguro Social.”  (4)

Wired reported that” the [Conti] group demanded a $20 million ransom and uploaded hundreds of gigabytes of data stolen in the attacks to its dark-web site. And the group was explicit about its destructive intentions. “We are determined to overthrow the government by means of a cyberattack,” it wrote in a post addressed to Costa Rica and “US terrorists (Biden and his administration).” At the time of the attacks, the US State Department offered rewards totaling $15 million for information about Conti that leads to an arrest.

‘…at the time [of the ransomware attacks], we immediately deployed a team of US experts to assist in Costa Rica’s recovery and have been working closely with the country since then—and have recognized that this further stability, this further assistance is needed,’ the US official told reporters.  Meanwhile, Chaves and other members of the Costa Rican government have suggested that the attacks on their networks, which were perpetrated by notorious Russia-based cybercriminal gangs, may have been in response to Costa Rica’s outspoken support of Ukraine.” (2)

The recent U.S. financial assistance sent to Costa Rica by the U.S. as reported by The Record:

The U.S. government is sending $25 million to the government of Costa Rica to help the country recover from a devastating ransomware attack last year that crippled several key agencies.

On Wednesday, a senior White House official said that using funding from the State Department, the U.S. government would be committing $25 million to Costa Rica’s cybersecurity efforts after a direct request from Chaves. The funding will be used to secure the country’s networks and defend its critical infrastructure.

‘Last spring, Costa Rica experienced some of the worst ransomware attacks than any country had experienced, which really impacted the country’s critical services. It disrupted their finance, telecommunications, and social security institutions and resulted in President Chavez declaring a state of emergency,’ the official told reporters Wednesday. ‘At the time, we immediately deployed a team of U.S. experts to assist in Costa Rica’s recovery and have been working closely with the country since then, and have recognized that further assistance is needed.’

The funding will go toward creating a centralized security operations center within the Ministry of Science, Innovation, Technology and Communications that will work to prevent, detect and respond to cyberattacks.

The center will also coordinate cybersecurity efforts across all of Costa Rica’s departments and agencies. Portions of the funding will support strategic and technical planning, cybersecurity training and capacity building as well as hardware, software, licenses and tools.

Biden administration officials plan to meet with Chavez in the coming weeks to discuss the grant and broader measures to secure digital infrastructure.

When asked why Costa Rica was being prioritized over the many other governments hit with ransomware in recent months, the official mentioned repeatedly that the move was part of the larger effort to support Ukraine in its war with Russia. The Conti ransomware group drew headlines for openly supporting Russia after it invaded Ukraine – a decision that caused dissension within the group and eventually contributed to its downfall.

‘President Chavez and the government believe that their strong support for Ukraine and the strong statements may have been a factor in the significant ransomware attacks,’ the official said. ‘We recognize that supporting our allies’ and partners’ security is important in the context of the work we’re doing to support our European allies and partners against Russian cyberattacks’. (3)

What Next? 

• Follow the Money:  Where is the State Department sending the next $25 Million block of cash to aid in a regional response to a major cyberattack?  We are on the lookout for this activity.  Stay tuned. 
• The State Department’s 2023 Summit for Democracy: Costa Rica co-hosted this event last week and CISA released the Joint Statement on the Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational Repression in support of the event. 
• “In recent years, as digital threats have escalated, the US has been focused on launching initiatives to bring the global community together against ransomware and other cybercrime. ‘In the current context, we recognize that supporting our allies’ and partners’ security is important,’ …senior official said…citing collaboration with European allies, Russian cyberattacks, and ‘broader competition with China’ as the general geopolitical backdrop for the move.” (2)