Hillicon Valley — Here come the state-sponsored hackers

View in your browser OVERNIGHT POLICY: Hillicon Valley Here come the state-sponsored hackers © iStock illustration Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup. Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage. Researchers at key companies including Microsoft on Wednesday warned that state-sponsored hackers in countries including China and Iran were exploiting the recently uncovered vulnerability in an Apache logging package, which has left organizations around the world vulnerable to attack.  Meanwhile, more than a dozen Democratic lawmakers called on the Treasury Department to sanction embattled Israeli company NSO Group and other surveillance organizations, and Google is mandating employees to get vaccinated against COVID-19 by early next year or potentially be shown the door.  Let’s jump into the news. Nation states go after Apache vulnerability © Getty Images State-sponsored hackers from countries including Iran and China are actively exploiting a major vulnerability in Apache logging package log4j to target organizations around the world, security researchers found this week. The log4j vulnerability, first discovered late last week, has set off alarm bells for cybersecurity professionals worldwide, given that it is fundamental to systems used by many organizations and difficult to fully patch.  This seems concerning: Microsoft on Tuesday updated its blog post on the log4j vulnerability, warning that the Microsoft Threat Intelligence Center (MSTIC) had seen evidence of nation-state hacking groups in China, Iran, North Korea and Turkey exploiting it.  The Iranian group exploiting log4j, which Microsoft labeled "Phosphorus," has previously been linked to targeting medical researchers and staffers on former President Trump’s reelection campaign. It has been launching ransomware attacks using the vulnerability. Meanwhile, a Chinese group labeled "Hafnium," which previously exploited flaws in Microsoft’s Exchange Server to potentially target thousands of groups, was seen to be using the log4j vulnerability to attack virtualization infrastructure.  “This activity ranges from experimentation during development, integration of the vulnerability to in-the-wild payload deployment, and exploitation against targets to achieve the actor’s objectives,” the blog post reads.  Government weighs in: Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), told reporters Tuesday night that while the agency was seeing exploitation, it was not officially attributing this to any particular country. Read more here.  NSO Group faces calls for sanctions © Associated Press/Daniella Cheslow U.S. lawmakers are calling on the Treasury Department to sanction an Israeli spyware firm and three other foreign surveillance groups, contending that they assisted authoritarian regimes with carrying out human rights abuses. Heavy hitters: A coalition of 13 Democratic lawmakers penned a letter to Treasury Secretary Janet Yellen and Secretary of State Antony Blinken on Tuesday asking that they slap sanctions on top officials at the Israeli spyware company NSO Group, United Aram Emirates cybersecurity firm DarkMatter and European online bulk surveillance groups Nexa Technologies and Trovicor. Democratic Sen. Ron Wyden (Ore.) and Rep. Adam Schiff (Calif.) are among the signatories of the letter, which was first reported by Reuters. Consequences: The Democrats are specifically asking that the Treasury Department hit officials of the four companies with Global Magnitsky sanctions, which are meant to penalize entities that allegedly allowed human rights abuses to take place. The penalty would freeze the officials’ bank accounts and bar them from traveling to the U.S. They wrote that financial sanctions are needed “To meaningfully punish them and send a clear signal to the surveillance technology industry,” noting that the surveillance companies “depend on the U.S. financial system and U.S.-based investors, particularly when they eventually wish to raise billions by listing on the stock market.” Read more here. GOOGLE SAYS: GET VAXXED Google has told employees they must get vaccinated against COVID-19 by Jan. 18 or face a series of escalating consequences that will include pay deductions and the eventual loss of their jobs, according to an internal memo to staff obtained by CNBC.  A memo said the company would contact employees who hadn't declared their vaccination status and uploaded proof of vaccination — or applied for an exemption on medical or religious grounds — by Dec. 3.  Unvaccinated employees who don't comply by Jan. 18 would be put on paid administrative leave for 30 days, following which the company would put them on unpaid personal leave for up to six months. Employees who still refused to be vaccinated would then be terminated. Read more here.  ZOOM JOINS COUNTER-TERROR GROUP Video conferencing platform Zoom has joined an independent counterterrorism group that shares information among major tech companies to combat violence and extremism. The Global Internet Forum to Counter Terrorism (GIFCT) announced Wednesday that Zoom had joined the group. The forum was founded by Facebook, Microsoft, Twitter and YouTube in 2017 and now has 18 members. Other members include WhatsApp, Pinterest, Dropbox, Discord and Amazon. Non-members like Reddit and Snap Inc. are also able to access the organization's database.  Read more here.  AWS suffers another outage © SOPA Images via Getty Images Amazon Web Services (AWS) was down briefly in some Western states Wednesday, just a week after a major outage on the East Coast. A group of messages posted on AWS’s service page shortly after 11 a.m. ET said the issue had been "resolved and the service is operating normally." The company later revealed that the issue was caused by network congestion and after a fix it does not "expect a recurrence." Several services were affected by the AWS issues, including the Amazon-owned gaming platform Twitch. “We are aware of several issues affecting Twitch services,” the company tweeted. “Our team is aware and hard at work fixing them — we'll continue to update you, here.” Read more here. PARIS TAXIS CUT TESLA TIES Paris’s top taxi company has banned Tesla Model 3 cars from its fleet after a fatal accident over the weekend.  On Saturday, an off-duty G7 taxi driver was en route to a restaurant with his family when a collision killed one person and injured 20 others, Reuters reported. It was not apparent if the car's autopilot mode was activated at the time of the crash, but local French media said that the vehicle hit a cyclist and three pedestrians before crashing into a van. Several of the injuries from the incident were serious, according to Reuters.  G7 Deputy Chief Executive Yann Ricordel reportedly said while Tesla conducted an initial inquiry that indicated the vehicle did not malfunction, it apparently accelerated when the driver tried to brake.  Read more here. BITS AND PIECES An op-ed to chew on: To compete with China in 5G, America must solve its spectrum problem Lighter click: Money can’t buy you class Notable links from around the web: Silicon Valley’s voice in Washington to dissolve (Politico / Emily Birnbaum) Revealed: LAPD used ‘strategic communications’ firm to track ‘defund the police’ online (The Guardian / Sam Levin and Johana Bhuiyan) Theranos Promised A Blood Testing Revolution — Here’s What’s Really Possible (The Verge / Nicole Wetsman) One last thing: Trump group inks cloud deal © Getty Images Former President Trump’s media company has inked a deal with the video platform Rumble, which will provide video and streaming for Trump's new social media network. The Trump Media & Technology Group (TMTG) announced in a statement on Tuesday that it has entered into a “wide-ranging technology and cloud services agreement” with Rumble Inc. TMTG said Rumble will “deliver video and streaming for TRUTH Social,” the company’s new social media network unveiled in October. Trump’s company also said the two firms are “in exclusive negotiations for Rumble to provide infrastructure and video delivery services for TMTG’s Subscription Video On-Demand product, TMTG+.” TMTG called Rumble a “high-growth neutral video distribution platform.” The group’s website says it “create[s] technologies that are immune to cancel culture,” and is a platform “for people with something to say and something to share, who believe in authentic expression, and want to control the value of their own creations.” The platform has become popular among Republicans. The Wall Street Journal revealed in May that conservative venture capitalists Peter Thiel and J.D. Vance, who is also running for Senate in Ohio, were investing in the company. Read more here. That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Thursday. Sign Up for Hillicon Valley Forward Hillicon Valley Privacy Policy  |   Manage Subscriptions  |   Unsubscribe Email to a friend  |   Sign Up for Other Newsletters The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 © 1998 - 2021 Nexstar Media Inc. | All Rights Reserved.

Link