A weekend of whiplash: TikTok and a new US administration

Jan 21, 2025

What happened: The TikTok ban went into effect this weekend. While some speculated there would still be access to the app for those who had downloaded it, TikTok barred use by anyone in America with a special message to Trump. Sixteen hours later, TikTok was available once again, reportedly because of assurances from Trump that none will face the penalties (at least for now). This reprieve will likely only last for 90 days, according to the latest comments from Trump.
Take note: Some argue TikTok does not pose a threat to national security because there is no direct evidence it is sharing US information with the Chinese government. However, an Austrian privacy non-profit filed a complaint recently accusing multiple Chinese companies, including TikTok, of unlawfully transferring EU user data to China. No matter what, for TikTok to stay in the US (and likely other Western countries), the company will need to make serious changes to how it operates.

China-linked attacks

What happened: In December 2024, the Department of the Treasury reported a breach to the ranking members of the Committee on Banking, Housing, and Urban Affairs. At the time, the scope of the breach and those affected was unclear, except for how it started: attackers exploiting a vulnerability in software used by Treasury, BeyondTrust (a cybersecurity company, unfortunately). More recently, Bloomberg reported that the attackers stole over 3,000 files, including law enforcement sensitive data and material on investigations run by the Committee on Foreign Investment in the US, and gained access to computers used by Secretary Janet Yellen, Deputy Secretary Adewale Adeyemo, and Acting Under Secretary Bradley T Smith.
The response: On January 17 2025, the US Department of State announced the US Department of the Treasury Office of Foreign Assets Control imposed sanctions on Yin Kecheng, stating that this individual is associated with the attack on Treasury and is linked to the PRC Ministry of State Security.
Take note: Treasury reported the incident because of requirements set out in the Federal Information Security Modernization Act (FISMA). One of the things FISMA requires is that federal agencies to report major security incidents and breaches as they occur and annually. Laws like these are in the public interest because they ensure that we in the public sphere know when attacks happen to our government.

What happened: Taiwan’s National Security Bureau released new data on espionage activity and cyberattacks perpetrated by China in 2024. Taiwan has seen an increase of 33% from 2023 to 2024 in Chinese espionage cases prosecuted in Taiwan. Taiwan has also seen an increase of more than 20% in cyberattacks by the PRC against Taiwanese government agencies.
Take note: China also often uses cyberattacks as part of its strategy to undermine activity in regions it wants under its control, like when it targeted Hong Kong protestors in 2019.

What happened: Microsoft's Threat Intelligence team announced a Russian threat actor, Star Blizzard, has adjusted its attack tactics, which it uses against government officials, individuals associated with defense policy, and international researchers. It pretends to be a US government official and emails its target asking them to join a WhatsApp group by scanning a QR Code. When the target responds by saying the QR code doesn't work, they send a second link to scan another QR code, which gives the attacker access to every message the target has sent on WhatsApp.
Take note: If the name Star Blizzard seems odd, there's a reason: different security companies name the attacker groups they identify if they have high confidence in its accuracy. Check out how Microsoft names its threat actors here.

Biden’s new executive order on cybersecurity won’t have teeth for long 📃

What happened: In one of many last-minute presidential acts, the Biden administration released a new executive order on cybersecurity. The executive order provides the US federal government with much-needed leadership on cybersecurity best practices and implementation, with a lot of oversight and support from the Cybersecurity and Infrastructure Security Agency (CISA).
Take note: CISA sits under the DHS. The incoming administration, including Trump’s pick to lead the DHS, wants to downsize CISA into a ‘smaller, more nimble’ organization focused on securing the nation’s critical infrastructure. While many of their comments seem more focused on limiting CISA’s role in stopping mis/disinformation, for an organization that is only just over 3,000 people, seeing it get much smaller will undoubtedly have ramifications on its ability to support the EO requirements.

I want to hear your perspective. Have thoughts on this? Write me a comment below!