Full Report
Plus: Google’s U-turn on creepy “fingerprint” tracking, the LockBit ransomware gang’s teased comeback, and a potential US ban on the most popular routers in America.
Analysis Summary
# Main Topic
The threat intelligence landscape summary highlights three distinct areas of focus: Google's policy change regarding digital fingerprinting tracking, the rumored comeback of the LockBit ransomware gang with a new version, and potential US regulatory action against TP-Link routers due to national security concerns.
## Key Points
- Google is reversing its previous stance against digital fingerprinting, allowing advertisers to use this method starting February 2025, contrary to its 2019 assertion that fingerprinting subverts user choice because it cannot be cleared like cookies.
- The LockBit ransomware gang is teasing a comeback, planning to launch a new "4.0" version of their tools in February.
- US government departments (Defense, Commerce, Justice) are investigating TP-Link router security, potentially leading to a ban due to its significant market share and detection in Chinese hacking campaigns.
## Threat Actors
- **LockBit Ransomware Gang:** Teasing a return with a new version (v4.0) and advertising sign-ups for potential affiliates on their reincarnated dark web sites.
- **Chinese Threat Actors (Associated with TP-Link use):** Implicated in using compromised TP-Link routers as part of their compromised device networks for hacking campaigns (as reported by Microsoft).
## TTPs
- **Digital Fingerprinting:** A tracking method that bypasses user control mechanisms like cookies, which Google will soon permit for advertisers.
- **Ransomware Development/Recruitment:** LockBit's plan involves launching a new iteration of their malware and recruiting new affiliates via their dark web presence.
- **Botnet/Compromised Infrastructure:** Compromised TP-Link routers are being utilized as part of a network of compromised devices in Chinese cyber espionage or hacking efforts.
## Affected Systems
- **Digital Tracking/Advertising Ecosystem (Web Browsers, Ad Tech):** Directly impacted by Google's decision regarding fingerprinting implementation in early 2025.
- **LockBit Partners/Clients:** Potential affiliates who might join the resurrected LockBit operation.
- **US Consumers and Enterprises:** Users of TP-Link routers, as Microsoft noted these devices form "most" of a specific network of compromised devices used in Chinese hacking campaigns.
## Mitigations
- **For Digital Fingerprinting:** Users are advised awareness regarding the ineffectiveness of clearing local storage to prevent this form of tracking going forward, as the method cannot be cleared like cookies (per Google's previous statement).
- **For LockBit:** Organizations should monitor for indicators related to the anticipated LockBit 4.0 launch in February 2025 and review defensive posture against known ransomware TTPs.
- **For Router Security:** Organizations relying on TP-Link networking equipment should anticipate potential US regulatory action and review security configurations, especially given prior detection of these devices in threat actor networks.
## Conclusion
The immediate threat intelligence concerns center on the shifting dynamics of online privacy (Google's fingerprinting), the resurgence of a major ransomware threat (LockBit), and significant national security risks associated with widely deployed network hardware (TP-Link). Organizations must prepare for potential privacy erosion, watch for the LockBit 4.0 deployment, and assess the risk profile of their current router infrastructure pending US regulatory decisions.