The Guyana Government has confirmed that there was an attempted spear-phishing campaign at one of its agencies but has assured that its cybersecurity systems quickly intercepted and nullified its effects.
Spear-phishing is a specific and targeted cyber-attack on one or a select number of victims, while regular phishing attempts are to scam masses.
The National Data Management Authority (NDMA), in a statement on Tuesday, explained that its cybersecurity division has indicated that no successful cyberespionage malware was found on the Government of Guyana’s network.
This disclosure follows a recent claim made by a cybersecurity firm that, in February 2023, an unnamed Government of Guyana agency was the victim of a successful spear-phishing campaign that sought to compromise sensitive Government data.
Since the release of the article on October 5, 2023, NDMA has deployed its cybersecurity analysts and specialists to assess these claims and investigations reveal that the cybersecurity firm exaggerated the threat in their “exposé.”
Based on information currently available, the NDMA said a spear-phishing attempt was made against a Government Ministry, however, the security systems employed intercepted this attempt and nullified its effects.
Nonetheless, even as investigations continue, the NDMA has contacted the cybersecurity firm that made the claims to gather additional information, verify the data shared, and ascertain the firm’s source. To date, the NDMA is still awaiting the cybersecurity firm’s response.
The NDMA said even as ongoing inquiries continue into the alleged incident, it remains resolute in its mandate to promote safe cybersecurity practices within Government Ministries and agencies.
Emails
An Essential Security against Evolving Threats (ESET) research article by Fernando Tavella revealed that its researchers discovered a cyberespionage attack against a Government entity in Guyana by hackers that could be Chinese.
ESET is a Slovak software company that specialises in cybersecurity.
It was noted that the hackers sent the target organisation spear-phishing emails referencing Guyanese public affairs, specifically emails with the subject lines “President Mohamed Irfaan Ali’s Official Visit to Nassau, The Bahamas” and “Guyanese fugitive in Vietnam”.
The report further outlined that the emails contained zip files which, when downloaded and extracted, allowed the hackers to move across the victim’s internal network.
“Based on the email subjects, the operators must have been following the political goings-on in Guyana – the time we registered new detections at the targeted governmental entity coincided with the Guyanese President’s attendance of the Caricom conference in Nassau. The spear-phishing emails contained a link that, when clicked, downloaded a ZIP file from https://fta.moit.gov[.]vn/file/people.zip. Since a domain ending with gov.vn indicates a Vietnamese governmental website, we believe that the operators were able to compromise another governmental entity and use it to host their malware samples,” the ESET report outlined.
It concluded that, “We believe with medium confidence that it was conducted by a China-aligned APT group. The attackers used a combination of previously unknown tools, such as DinodasRAT, and more traditional backdoors such as Korplug. Based on the spear-phishing emails used to gain initial access to the victim’s network, the operators are keeping track of the geopolitical activities of their victims to increase the likelihood of their operation’s success.”
Chinese
Meanwhile, in an invited comment, the Chinese Embassy in Guyana said it has rejected “any irresponsible hyping-up of so-called ‘Chinese hacker infiltration’” and has made it clear that China opposes and fights all forms of hacking in accordance with the law.
The Chinese Embassy further noted that cybersecurity is a common challenge for countries including China and Guyana.
“China, as always, will collaborate with Guyana to safeguard cybersecurity through bilateral dialogue, law enforcement cooperation and other means,” it emphasised.
Motivations & ethics
Moreover, the NDMA has since questioned the cybersecurity company’s “motivations and ethics”.
“Cybersecurity professionals have access to sensitive information including personal data and proprietary information. Disclosing sensitive information without stakeholder consultation can be detrimental. So how is the cybersecurity firm benefitting from publishing and making claims based on “medium confidence” and linking this spear-phishing campaign to other local events without evidence-based proof?” the NDMA positioned.
The NDMA also outlined that cybersecurity threats are not uncommon and is experienced by many countries.
“Forbes (Advisor), in a June 2023 online article, estimated that over five hundred million phishing attacks were reported in 2022 worldwide. This number shows just how common this type of threat is in today’s digital world. The singling-out of this particular incident also raises questions, as it is not conventional practice to disclose consumer-specific information without the customer’s explicit permission. We will continue to reach out to the cybersecurity firm for in-depth consultations.”
Malware attacks
For the first quarter of this year, the NDMA has detected and mitigated some 442 malware attacks at Government agencies.
According to the NDMA, in keeping with international best practice, it operates both a 24/7 security operations centre which provides 24-hour technical support on cybersecurity issues to Government agencies; and the Guyana National Computer Incident Response Team (CIRT) which serves as a valuable resource for threat response and incident handling.
“NDMA’s efforts are also complemented by ongoing cybersecurity awareness training initiatives and programmes. Staying with the theme “don’t bite the bait: how to ensure you’re not phished,” NDMA’s Get Safe Online Guyana and Guyana National CIRT offer valuable resources to empower citizens with cybersecurity skills and knowledge. Get Safe Online Guyana allows visitors to access information on safe internet practices, including guidance on protecting personal data, recognising and mitigating cyber threats, and practising online safety,” the statement from the agency outlined.
Meanwhile, in the month of October, Government of Guyana joins the rest of the world in commemorating cybersecurity awareness. Against this backdrop, the NDMA will facilitate several training sessions across the country, aimed at providing invaluable information on safe cybersecurity practices as well as how to identify and respond to cybersecurity threats.