At a glance.
- Senate passes chip manufacturing bill.
- US State Department increases bounty for prosecuting Pyongyang-backed threat groups
- Cryptocurrency platforms are under regulatory pressure.
Senate passes chip manufacturing bill.
Yesterday, the US Senate approved the CHIPS and Science Act of 2022, a $280 billion bill focused on supporting the semiconductor industry to boost American chip manufacturing. Like the Wall Street Journal explained, the measure is a means to counter China’s hold on the global chip manufacturing industry. $52.7 billion of the funding will provide direct financial support to semiconductor manufacturing facilities, an additional $24 billion for tax incentives and other regulations, and additional funding to support scientific research in the field. Although the bill received bipartisan approval, not all lawmakers agree. Opponents fear that giving such a big boost to an already profitable industry is a mistake and a major departure from traditional politics. However, President Joe Biden said of the measure, “It will mean more resilient American supply chains, so we’re never as reliant on foreign countries for the critical technologies we need.” Industry leaders also say the bill is a positive move. Jason Oxman, president of the Information Technology Industry Council trade group, stated, “Companies that make semiconductors and companies that use semiconductors represent almost the entire business ecosystem in America.”
US State Department increases bounty for prosecuting Pyongyang-backed threat groups
The US State Department announced yesterday that it is doubling its bounty for information linked to threat groups backed by the North Korean government. A Twitter post explains that the state will offer up to $10 million for information on cybercriminals linked to advanced persistent threat groups Lazarus, Bluenoroff, Andariel, APT38, Guardians of Peace and Kimsuky. (The name “Lazarus”, also known as Hidden Cobra, has become an umbrella term used to refer to the cyber activities of North Korean hackers, while Andariel, Bluenoroff and Guardians of Peace are sub-groups within Lazarus.) Security Week explained that these Pyongyang-linked threat actors were implicated in several high-profile attacks, including the $600 million Ronin cryptocurrency heist, the $100 million Harmony’s Horizon Bridge attack, and the 2017 WannaCry incident. Computer beeps Remarks that a 2019 United Nations report revealed that North Korean state hackers stole approximately $2 billion through cyberattacks on banks and crypto exchanges around the world.
Kevin Bocek, VP Security Strategy & Threat Intelligence at Venafi, wrote to explain that the reward increased with the severity of the threat:
“The fact that the reward for information about North Korean-sponsored groups has doubled to $10 million shows how big a threat they have become in the field of international cybercrime. Our research shows that the proceeds of cybercriminal activities are used by notorious groups like Lazarus and APT38 – both designated by the US State Department – to circumvent international sanctions in North Korea. That money goes straight into weapons programs, and cybercrime has become a vital cog in the continued survival of Kim Jong Un’s dictatorship. Disturbingly, this blueprint is being imitated by other rogue states as well. Therefore, stopping North Korean cybercrime at the source is imperative to the national security of the US and its allies.
“Code-signing machine identities have become the modus operandi for many North Korean cybercrime groups. These digital certificates are the keys to the lock, enabling secure communication between machines of all kinds, from servers to applications to Kubernetes clusters and microservices. North Korean hackers use stolen certificates to access networks, impersonating malicious software as legitimate and allowing them to launch devastating supply chain attacks. Governments and companies need to work together and share information about these attacks to build knowledge about the importance of machine identities for security, otherwise we will continue to see North Korean threat actors thrive.”
Cryptocurrency platforms are under regulatory pressure.
As digital currency values have plummeted in recent months and several crypto companies have collapsed, U.S. regulators have been motivated to step up their oversight of the cryptocurrency market to increase protections for retail investors. The US Securities and Exchange Commission (SEC) is launching an investigation into Coinbase, the US’s largest crypto trading platform, to determine whether the firm allowed Americans to trade digital assets that should have been registered as securities. Two anonymous sources said Bloomberg, the SEC, has been keeping a close eye on Coinbase since it recently went public and expanded the number of tokens available for trading.
As Bloomberg Remarks, Coinbase CEO Brian Armstrong has made headlines in recent years for his unusual business practices. In 2020, he banned employees from lobbying for political interests in the workplace and threatened to fire those who broke ranks. Amid the resulting controversy, Amstrong took Coinbase public and announced that it would be adding over a hundred new tokens to its service, which previously only listed established tokens like bitcoin and ether. And earlier this month, a former Coinbase employee was accused of insider trading and wire fraud after leaking company information to help two men buy tokens shortly before they were listed on the platform. What’s worse, the SEC says nine of the tokens the men traded were actually securities.
Meanwhile, Kraken, another leading crypto exchange, is also facing a federal investigation into alleged violations of US sanctions after allowing users in other countries, including Iran, to trade digital tokens on the platform, the New York Times said act reports. According to anonymous sources close to the matter, the Treasury Department’s Office of Foreign Assets Control (OFAC) is likely to impose a fine, and if it did, Kraken would be the largest U.S. cryptocurrency firm to be fined by OFAC. Marco Santori, Kraken’s chief legal officer, said the company “does not comment on specific discussions with regulators,” adding, “Kraken closely monitors compliance with sanctions laws and even generally reports potential issues to regulators.”