International Trade, Enforcement & Compliance Recent Developments Update (January 17, 2024)

One of the most consistent messages coming from the U.S. government is that multinational companies need to take control of their supply chains. Forced labor, human trafficking, supply chain transparency, OFAC sanctions, even conflict minerals — all are areas in which the best defense against potential violations is strong compliance and due diligence to ensure that companies properly manage their supply chains, rights down to the last supplier. Today’s mix of enforcement actions and guidance from the U.S. government underscores the importance of doing so.

EXPORT CONTROLS AND HUMAN RIGHTS

The Department of Commerce has stated that it has the authority to put companies on the Entity List (requiring special licensing and restrictions) solely for human rights violations. Does your company conduct full due diligence on its suppliers and sub-suppliers to ensure that they are operating in accordance with U.S. forced labor and human trafficking laws?

FORCED LABOR/UFLPA

The Department of Homeland Security continues to add Chinese and other companies to the Uyghur Forced Labor and Prevention Act (UFLPA) Entity List. Does your organization specifically screen against the UFLPA Entity List, as well as have in place UFLPA compliance and due diligence measures?

FORCED LABOR/UFLPA

The U.S. government has issued a pointed six-agency set of compliance guidelines regarding “the Risks and Considerations for Businesses and Individuals with Exposure to Entities Engaged in Forced Labor and other Human Rights Abuses linked to Xinjiang Uyghur Autonomous Region.” Does your organization maintain a compliance policy, vendor code of conduct, supply chain transparency and due diligence procedures, and other measures designed to ensure your supply chain is free of forced labor, human trafficking, or goods sourced from forced labor in the Xingjian Autonomous Region?

CUSTOMS PENALTY FOR ERRONEOUS USE OF FIRST SALE RULE

Due to the imposition of special Section 301 tariffs on most goods from Customs, many companies have begun to use the first sale rule, which allows the reporting of a lower value where there is a bona fide sale to a middleman. Improper application of the rule, however, can be the basis for substantial penalties, as an apparel company that paid a $1.3 million settlement with the DOJ found out. If your company uses the first sale rule, do you regularly review pricing and relevant circumstances to ensure you are meeting all the requirements for all entries?

EXPORT CONTROLS

Pledging “a new era of trilateral partnership,” the U.S., Japan, and South Korea governments have announced expanded collaboration to fight illegal exports of dual-use products, including high-tech products that might be shipped to China in violation of U.S. export controls. Has your organization performed a recent classification review to confirm it is aware of any restrictions that might adhere to the export of any of its products to sensitive countries, governments, or users?

Ankura Cyber Threat Intelligence Bulletin: August – September 2022

Over the past sixty days, Ankura’s Cyber Threat Investigations & Expert Services (CTIX) Team of analysts has compiled key learnings about the latest global threats and current cyber trends into an in-depth report: The Cyber Threat Intelligence Bulletin. This report provides high-level executives, technical analysts, and everyday readers with the latest intel and insights from our expert analysts.

Download the report for an in-depth look at the key cyber trends to watch and help safeguard your organization from constantly evolving cyber threats with the latest cyber intelligence, ransomware, and threat insights.

 Our latest report explains the following observations in detail:

Law Enforcement Works with Threat Intelligence to Prosecute Human Traffickers

In the age of high-speed internet and social media, criminals have evolved to use information technology to bolster their criminal enterprises and human traffickers are no different. Whether it be through the clearnet or dark web, human traffickers have leveraged the internet to scale their operations, forcing law enforcement to reevaluate how to best combat this problem. In response to the changes in trafficker tactics, techniques, and procedures (TTPs), governments across the world have responded with legislation and policies in an attempt to better thwart the efforts of these criminals. Researchers from Recorded Future’s Insikt Group have published compelling reports as a proof-of-concept (PoC) for a methodology on how law enforcement agencies and investigators can utilize real-time threat intelligence to leverage sources of data in order to aid in tracking, mitigating, and potentially prosecuting human sex traffickers. Download the full report for additional details on law enforcement efforts to prosecute human traffickers and more on the Insikt Group’s findings.

Emerging Threat Organization “MONTI”: Sister Organization or Imposter Threat Group?

Over the past several weeks a new, potentially imposter, threat organization has mimicked the tactics, techniques, procedures (TTPs), and infrastructure of the Conti Ransomware Group. Tracked as MONTI, this doppelganger organization emerged in the threat landscape in July 2022 after compromising a company and encrypting approximately twenty (20) hosting devices and a multi-host VMWare ESXi instance tied to over twenty (20) additional servers. While the July attack pushed the group into the limelight, analysts believe that attacks from the doppelganger organization go back even further into the early summer of 2022. Similarities discovered between Conti Ransomware and the alleged spinoff Monti Ransomware include attack TTPs alongside the reuse of Conti-attributed malicious payloads, deployed tools, and ransom notes. Additionally, the encrypted files exfiltrated by Monti contain nearly identical encryption, which could indicate code re-usage. Read the full report to find out what CTIX analysts expect to see from this group in the future.

Figure 1: Conti Ransom Note

Figure 2: Monti Ransom Note

Iranian State-Sponsored Threat Organization’s Attack Timeline Targeting the Albanian Government

In July 2022, nation-state Iranian threat actors, identified by the FBI as “Homeland Justice”, launched a “destructive cyber-attack” against the Government of NATO-member Albania in which the group acquired initial access to the victim network approximately fourteen (14) months before (May of 2021). During this period, the threat actors continuously accessed and exfiltrated email content. The peak activity was observed between May and June of 2022, where actors conducted lateral movements, network reconnaissance, and credential harvesting.

This attack and eventual data dumps were targeted against the Albania-based Iranian dissident group Mujahideen E-Khalq (MEK), otherwise known as the People’s Mojahedin Organization of Iran. MEK is a “controversial Iranian resistance group” that was exiled to Albania and once listed by the United States as a Foreign Terrorist Organization for activity in the 1970s but was later removed in late 2012. Albania eventually severed diplomatic ties with Iran on September 7, 2022, and is suspected to be the first country to ever have done so due to cyber-related attacks. For a more detailed analysis of this attack and its ramifications, download our full report.

 Figure: Homeland Justice Ransom Note Image

Banning Ransomware Payments Becomes Hot-Button Issue in State Legislature

There is a debate occurring in courtrooms across the United States regarding the ethics and impacts of allowing businesses to make ransomware payments. North Carolina and Florida have broken new ground earlier this year passing laws that prohibit state agencies from paying cyber extortion ransom demands. While these two (2) states have been leading the way in ransomware laws, at least twelve (12) other states have addressed ransomware in some way, adding criminal penalties for those involved and requiring public entities to report ransomware incidents. Download the full report to discover what experts think of government ransomware payment bans and the potential effects they could have on ransomware incidents.

Threat Actor of the Month: Worok

ESET researchers discovered a new cluster of the long-active TA428 identified as “Worok.” TA428 is a Chinese advanced persistence threat (APT) group first identified by Proofpoint researchers in July 2019 during “Operation LagTime IT”, a malicious attack campaign targeted against government IT agencies in East Asia. Download the full report for an in-depth look at Worok’s tactics and objectives, and insights from our analysts about the anticipated future impact of this group.

New List of Trending Indicators of Compromise (IOCs)

IOCs can be utilized by organizations to detect security incidents more quickly as indicators may not have otherwise been flagged as suspicious or malicious. Explore our latest list of technical indicators of compromise within the past sixty (60) days that are associated with monitored threat groups and/or campaigns of interest.

Copyright © 2022 Ankura Consulting Group, LLC. All rights reserved.

Department of State Releases 2017 TIP Report

The Department of State has released its 2017 Trafficking in Persons (“TIP”) Report.  As with prior versions of the annual report, the State Department reviewed efforts made by more than 180 countries to address the minimum Prosecutorial, Protective, and Preventative standards necessary for effective anti-trafficking measures, as these standards are outlined in the United States’ Trafficking Victims Protection Act (“TVPA”).

The release of the report is notable because it can directly impact contractors’ diligence obligations for supply chain review under the Federal Acquisition Regulation (“FAR”) Human Trafficking Rule (located at FAR § 52.222-50).  As we have highlighted in previous articles, for those contractors required to submit compliance plans to the government, such plans should be appropriately shaped to the “nature and scope of activities to be performed for the Government . . .  and the risk that the contract or subcontract will involve services or supplies susceptible to trafficking in persons.”  See FAR § 52.222-50(h)(2)(ii).  Additionally, as set forth in a recent proposed memorandum, which remains the clearest articulation of the government’s views on supply chain diligence obligations to date (covered in a prior post), contractors are expected to take steps to “identify high-risk portions of [their] supply chain[s].”

For these reasons, movement of a particular country up or down in risk classification in the TIP Report may greatly impact a contractor’s supply chain risk profile, especially if the contractor sources a significant amount of goods or materials from that country.  Even where countries are not designated under the Trade Agreements Act for direct importation and sale of goods to the U.S. government, to the extent that contractors rely on these countries for the supply of materials or components to be “substantially transformed” in the U.S. or a designated country, those contractors will bear heightened risk of non-compliance under the FAR requirement should a country fall in placement.

Although this year’s TIP Report was recently revised for increased clarity per the recommendation of a late 2016 GAO Report, it continues to classify countries by the same “Tiers,” that it has in years past.  Tier 1 countries “fully meet the TVPA’s minimum standards for the elimination of trafficking,” and consequentially are considered to be relatively low risk.  Tier 2 countries “do not fully meet TVPA’s minimum standards but are making significant efforts to bring themselves into compliance.”  Tier 2 Watch List countries are still considered to be “making significant efforts to bring themselves into compliance,” but may have only made commitments to take action over the next year, or have yet to stem the absolute number of trafficking cases.  Finally, Tier 3 countries fail to meet TVPA standards and are not considered to be taking significant steps to come into compliance, either through commitments or otherwise.

For 2017, Iceland and China each fell in placement, while Malaysia and Afghanistan moved up in placement.  Per the classification standards mentioned above, Iceland is now on par with Afghanistan in terms of basic classification — both are now Tier 2 designated countries.  Malaysia is now also a Tier 2 designated country, moving up in placement from the Tier 2 Watch List.  The People’s Republic of China, in contrast, fell to a Tier 3 classification this year, greatly increasing its risk profile.  (Hong Kong, however, remains on the Tier 2 Watch List.)

In light of these changes, and recent indications that the Trump Administration remains committed to “devoting more” to anti-trafficking programs, contractors would be advised to make sure that their supply chain compliance and diligence programs are updated to reflect the latest information on country risk profiles available from the government.

For more legal analysis go to the National Law Review.

This post was written by Jennifer L. Plitsch   Ryan Burnette and Alexander B. Hastings  of Covington & Burling LLP.