At a glance.

  • Senate passes chip manufacturing bill.
  • US State Department ups the bounty for tracking down Pyongyang-backed threat groups.
  • Cryptocurrency platforms face regulatory pressure.

Senate passes chip manufacturing bill.

Yesterday the US Senate approved the CHIPS and Science Act of 2022, a $280 billion bill focused on supporting the semiconductor industry in order to boost American chip manufacturing. As the Wall Street Journal explains, the measure is a means to counteract China’s grip on the global chip manufacturing industry. $52.7 billion of the funding will provide direct financial support for semiconductor manufacturing facilities, with another $24 billion for tax incentives and other provisions, and additional funds will boost scientific research in the field. Though the bill gained bipartisan approval, not all lawmakers are in agreement. Opponents worry giving such a large boost to an already profitable industry is a mistake and a major shift from traditional policy. However, President Joe Biden said of the measure, “It will mean more resilient American supply chains, so we are never so reliant on foreign countries for the critical technologies that we need.” Industry leaders also feel the bill is a positive move. Jason Oxman, president of the trade group Information Technology Industry Council, stated, “Companies that make semiconductors and companies that use semiconductors represent almost the entirety of the corporate ecosystem in America.”

US State Department ups the bounty for tracking down Pyongyang-backed threat groups.

The US State Department yesterday announced it is doubling its bounty reward for intel connected to North Korean government-backed threat groups. A Twitter post explains that State will offer up to $10 million for information ​​on cybercriminals linked to the advanced persistent threat groups Lazarus, Bluenoroff, Andariel, APT38, Guardians of Peace, and Kimsuky. (The name “Lazarus,” a.k.a. Hidden Cobra, has become an umbrella term used to refer to the cyber activities of North Korean hackers, while Andariel, Bluenoroff, and Guardians of Peace are subgroups within Lazarus.) Security Week explains that these Pyongyang-linked threat actors have been implicated in several high-profile attacks including the Ronin $600 million cryptocurrency heist, the $100 million attack on Harmony’s Horizon Bridge, and 2017’s ​​WannaCry incident. Bleeping Computer notes that a 2019 United Nations report revealed that North Korean state hackers had stolen approximately $2 billion from cyberattacks on banks and crypto exchanges across the globe.

Kevin Bocek, Vice President Security Strategy & Threat Intelligence at Venafi, wrote to explain that the reward has risen with the severity of the threat:

“The fact that the reward for information on North Korean-sponsored groups has doubled to $10 million shows how much of a threat they’ve become in the international cybercrime sphere. Our research shows that the proceeds of cybercriminal activities from infamous groups such as Lazarus and APT38 – which are both named by the U.S. State Department – are being used to circumvent international sanctions in North Korea. This money is being funneled directly into weapons programs and cybercrime has become an essential cog in the ongoing survival of Kim Jong Un’s dictatorship. Worryingly, this blueprint is also being mimicked by other rogue states. So, cutting North Korean cybercrime off at the source is essential to the national security of the U.S. and its allies.

“Code signing machine identities have become the modus operandi for many North Korean cybercrime groups. These digital certificates are the keys to the castle, allowing secure communication between machines of all kinds, from servers to applications, Kubernetes clusters and microservices. North Korean hackers are using stolen certificates to access networks, passing malicious software off as legitimate and enabling them to launch devastating supply chain attacks. Governments and businesses must act together and share intelligence on these attacks to build knowledge on the importance of machine identities in security, otherwise, we’ll continue to see North Korean threat actors thrive.”

Cryptocurrency platforms face regulatory pressure.

As digital currency values have dropped in recent months, leading several crypto companies to collapse, US regulators have been motivated to increase their oversight of the cryptocurrency market in order to increase protections for retail investors. The US Securities and Exchange Commission (SEC) is launching an investigation of Coinbase, the US’s largest crypto trading platform, to determine whether the firm allowed Americans to trade digital assets that should have been registered as securities. Two anonymous sources told Bloomberg the SEC has been watching Coinbase closely ever since it recently went public and expanded the number of tokens it offers for trading. 

As Bloomberg notes, Coinbase CEO Brian Amstrong has made headlines in recent years for his unusual business practices. In 2020 he banned employees from conducting political advocacy in the workplace, threatening those who stepped out of line with termination. It was amidst the resulting controversy that Amstrong took Coinbase public and announced he would be adding over one hundred new tokens to its service, which previously only listed well-established tokens like Bitcoin and Ether. And earlier this month a former Coinbase employee was accused of insider trading and charged with wire fraud after leaking company intel to help two men purchase tokens just before they were listed on the platform. What’s worse, the SEC says nine of the tokens the men traded were actually securities. 

Meanwhile, Kraken, another leading crypto exchange, is also facing a federal probe for suspected US sanctions violations after allowing users in other countries, including Iran, to trade digital tokens on the platform, the New York Times reports. According to anonymous sources close to the matter, the Treasury Department’s Office of Foreign Assets Control (OFAC) will likely impose a fine, and if so, Kraken would be the largest US cryptocurrency firm to be penalized by OFAC. Kraken’s chief legal officer Marco Santori said the company “does not comment on specific discussions with regulators,” adding, “Kraken closely monitors compliance with sanctions laws and, as a general matter, reports to regulators even potential issues.”