APT group targeting military in India, Pakistan through malicious Android messaging apps | UK launches new agency to tackle state-sponsored threats to business | Meta considers a new social network
Good morning. It's Tuesday 14th March.
The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
Have feedback? Let us know at icpc@aspi.org.au.
Follow us on Twitter and on LinkedIn.
A group of suspected government-backed hackers is targeting Indian and Pakistani citizens through malicious Android messaging apps in a campaign designed to steal sensitive information. The Record by Recorded Future
The British government has announced a new body to help businesses and organizations to defend themselves against national security threats, including Chinese attempts at intellectual property theft. The Record by Recorded Future
Facebook parent company Meta is considering building a new decentralized social media network, joining a movement of other tech companies hoping to lure users away from an embattled Twitter with alternative internet platforms. The Washington Post
ASPI
ASPI research: China trumps U.S. in key technology research
The China Project
Lizzi Lee
Dr. Jamie Gaida is a senior analyst at the Australian Strategic Policy Institute specializing in statistics, research ethics, data science, computer algorithms, software development, and machine learning. He recently published a piece on The Critical Technology Tracker and how Western democracies are losing the global technological competition.
'Wake-up call': China leads in 37 out of 44 critical technology sectors, says report
The Wire
In the report published on March 2, the Australian Strategic Policy Institute shows that China has “built the foundations to position itself as the world’s leading science and technology superpower, by establishing a sometimes stunning lead in high-impact research across the majority of critical and emerging technology domains”.US researcher entanglements continue post-China Initiative as worries over IP theft linger
Chemistry World
Rebecca Trager
Beyond the US, the UK government announced almost two years ago the creation of a new unit to advise the country’s researchers on security-related topics, including IP protection. These developments are against the backdrop of a new report from the Australian Strategic Policy Institute warning that China has a ‘stunning lead’ over the US and other nations in high-impact research across most critical and emerging technologies.China’s securitization of genetic research
The Diplomat
Patrick Beyrer
Tsinghua University Center for International Security and Strategy outlined China-U.S. biotechnology decoupling as a potential top risk for China’s security environment in 2023. The State Council declared that its recently proposed restructuring of MoST would accelerate “high-level scientific and technological self-reliance.” Accordingly, the Australian Strategic Policy Institute has indicated China is far outpacing U.S. innovation in synthetic biology and biological manufacturing – both outputs of genetic research.
Home Affairs looking at how TikTok could be weaponised in Australia
The Sydney Morning Herald
Anthony Galloway
A high-level security review examining privacy concerns about TikTok and other Chinese social media giants is considering how to prevent political censorship and disinformation on the platforms. Fergus Ryan, a senior analyst at the Australian Strategic Policy Institute’s International Cyber Policy Centre, said it was clear that TikTok had tried to influence political debate in the past.
Leaked law proposal would give Cambodia expanded powers to censor critics
Rest of World
Fiona Kelliher
A draft of a new cybersecurity law, which has not previously been made public but has been obtained by Rest of World, would give the Cambodian government expanded powers to seize computer systems from companies, initiate searches during loosely defined cybersecurity incidents, and prosecute those who don’t comply. “The intention of the regime matters, and Cambodia’s approach to security is very much driven by protection of the regime,” Gatra Priyandita, an analyst at the Australian Strategic Policy Institute’s International Cyber Policy Centre who specializes in Southeast Asia, told Rest of World. “The danger is that [the phrase] ‘public order’ gets equated to regime security. And in many cases, that has happened.”
Australia
‘Tighten cyber security or risk pact’s secrets’, say experts
The Australian
Ben Packham
Australia needs to dramatically raise its cyber security preparedness to ensure it isn’t the “weakest link” in protecting US and British nuclear secrets, top cyber security experts have warned.
AUKUS a deep dive into unknown waters
The Australian
Paul Kelly
Australia has embarked on a strategic, technological and economic challenge without precedent – seeking to become the world’s seventh nuclear-powered submarine country. This is a whole-of-nation task that transcends defence procurement and penetrates to our financial, human capital and leadership capabilities.
China
China now seen as influencing politics more than ever, on a global scale
CBC
Mark Gollom
The uproar over possible Chinese interference in recent Canadian elections is a reminder of what researchers and intelligence agencies have warned regarding Beijing's attempts to politically influence other nations.
China’s tech firms chase overseas AI talent to build ChatGPT rivals amid lack of experts at home
South China Morning Post
Ben Jiang
Chinese tech firms are scrambling to woo Chinese artificial intelligence experts – especially those from OpenAI, the US start-up behind ChatGPT – from abroad to help create their own chatbots, according to industry insiders and recruitment agencies.
China embraces ChatGPT for love letters, Amazon listings
Rest of World
Viola Zhou
ChatGPT is not officially available in China. OpenAI has blocked Chinese users from registering for accounts and government regulators have clamped down on domestic proxies. But this hasn’t stopped tech-savvy users from accessing the service through VPNs — virtual private networks that disguise one’s location on the internet — or buying overseas phone numbers to sign up for accounts.
USA
A former TikTok employee tells Congress the app is lying about Chinese spying
The Washington Post
Drew Harwell
A former risk manager at TikTok has met with congressional investigators to share his concerns that the company’s plan for protecting United States user data is deeply flawed, pointing to evidence that could inflame lawmakers’ suspicion of the app at a moment when many are considering a nationwide ban.
US races to close loophole in ban on China tech firm Inspur
Bloomberg
Jenny Leonard and Ian King
The US is working to close a loophole in restrictions imposed on Inspur Group that leaves American companies such as Intel Corp. free to keep supplying the Chinese server maker’s affiliates.
Biden’s budget seeks increase in cybersecurity spending
CyberScoop
Christian Vasquez
President Biden’s budget proposal for fiscal year 2024 calls for wide-ranging investments to boost the cybersecurity resilience of the U.S. government and to implement his recently released cyber strategy, which calls for a whole-of-government approach to boosting U.S. digital defenses.
US strengthens tech ties with India but doesn’t seek decoupling from China, Raimondo says
TechCrunch
Manish Singh
The U.S. government is not seeking to “decouple” from China, nor is it seeking “technological decoupling,” but Washington “would like to see India achieve its aspirations to play a larger role in the electronics supply chain,” U.S. Commerce Secretary Gina Raimondo said on Friday.
SEC charges Blackbaud for failing to disclose ‘full impact’ of ransomware attack
TechCrunch
Carly Page
Software house Blackbaud has agreed to pay $3 million to settle charges related to a May 2020 ransomware attack that exposed customers’ bank account data, the U.S Security and Exchange Commission said on Thursday.
Americas
Meta to end news access for Canadians if Online News Act becomes law
Reuters
Kanjyik Ghosh, Lavanya Ahire, Ismail Shakil and Nia Williams
Meta said on Saturday that it would end availability of news content for Canadians on its platforms if the country's Online News Act passes in its current form.
North Asia
North Korean hackers used polished LinkedIn profiles to target security researchers
CyberScoop
Aj Vicens
Hackers believed to be working on behalf of North Korea have in recent years posed as recruiters and targeted workers in a variety of industries with offers of extravagant jobs at big-name firms with massive salaries. In the past, that campaign has mostly been carried out over email, but now researchers are seeing North Korean hackers shift their phishing attempts to LinkedIn and WhatsApp.
Japan says no decision yet on chip export restrictions
Bloomberg
Isabel Reynolds and Shoko Oda
Japan has not yet made a decision regarding restrictions on exports of chip-making equipment, its trade minister said, underscoring US allies’ attempts to seek a middle ground between Washington and Beijing.
Japan's quantum computer to open online for research this month
Nikkei Asia
Akira Oikawa
Japan's first domestically built quantum computer will become accessible online at the end of the month, the Riken research institute said Thursday, allowing companies and universities to tap its ultrafast computing powers for a wide range of research projects.
Japan, long a prime target for spying, seeks to improve handling of sensitive info
The Japan Times
Gabriel Dominguez
With Tokyo looking to promote economic security by working more closely with allies and like-minded countries, deeper cooperation on critical and emerging technologies faces a daunting hurdle: Japan's shortcomings in handling sensitive data.
Japan-Australia security cooperation: Domestic barriers to deeper ties
Stimson
Tomohiko Satake
There are some regulatory barriers for closer defense and security cooperation between two countries. The most well-known is Paragraph 2 of Article 21 of the Constitution, which prohibits the government’s access to private internet communications and servers. If it strictly applies the rule, Japan may not be able to engage with “active cyber defense” (meaning cyber-attacks), nor share cybersecurity information with the U.S. or Australia.
Taiwan Mandarin learning center cyberattacked by China: Minister
Focus Taiwan
Matt Yu, Wu Shen-hung and Ko Lin
Minister of the Overseas Community Affairs Council Hsu Chia-ching (徐佳青) on Thursday confirmed that one of its mandarin-language learning centers in France was subject to a cyberattack by a Chinese "overseas police station" last year, citing information from the French authorities.
South & Central Asia
APT group targeting military in India, Pakistan through malicious Android messaging apps
The Record by Recorded Future
Jonathan Greig
A group of suspected government-backed hackers is targeting Indian and Pakistani citizens through malicious Android messaging apps in a campaign designed to steal sensitive information.
India proposes to replace its two-decades-old IT law
TechCrunch
Manish Singh and Jagmeet Singh
India is proposing to replace its over two-decades-old IT law as the world’s second-largest internet market pushes for new guidelines to seek broader accountability from tech firms, revaluate who all gets protection from safe harbor, better oversee new technologies and serve “every” connected user in the South Asian market.
Ukraine - Russia
Russians told to rush to nuclear bomb shelters after hackers take over state media
The Telegraph
Joe Barnes
Russians were warned to rush to their nearest nuclear bomb shelters and take anti-radiation pills on Thursday after hackers took over state media. Television and radio broadcasts in Moscow and the Sverdlovsk region were briefly interrupted with a message warning of an atomic missile strike on Russian soil. Viewers and listeners were told to take potassium iodide, put on gas masks and seek shelter immediately. The Russian emergencies ministry blamed the false alarm on a massive cyber attack against state broadcasters.
Ukraine one year on: When tech companies go to war
European Council on Foreign Relations
Irene Sánchez Cózar and José Ignacio Torreblanca
The war in Ukraine has reinforced the strategic role of global tech giants in defence and security policy. NATO and the EU should learn from this as they try to deter future aggressors
Europe
Hospital in Brussels latest victim in spate of European healthcare cyberattacks
The Record by Recorded Future
Alexander Martin
A university hospital in Brussels has become the latest institution targeted in a spate of cyberattacks against European hospitals. Ambulances were diverted from the Centre Hospitalier Universitaire Saint-Pierre this weekend following the attack in the early hours of Friday morning.
Estonian official says parliamentary elections were targeted by cyberattacks
The Record by Recorded Future
Alexander Martin
Estonia's parliamentary elections this month were unsuccessfully targeted by cyberattacks, one of the country's leading cybersecurity officials told The Record.
Deutsche Bahn bets on Huawei for railway digitalisation despite security concerns
Reuters
Sarah Marsh
German rail operator Deutsche Bahn, which is digitising its operations, last December awarded a 64 million euro contract to supply most of the components for its new IP network to a company using technology from China's Huawei.
Netherlands puts servicing of chipmaking tools in China under review
Financial Times
Andy Bounds
The Netherlands is considering whether to allow maintenance of Dutch-made machines that are exported to China to make advanced semiconductors, despite a ban announced this week on sending new models.
How the Dutch turned on Chinese tech
POLITICO
Pieter Haeck
In the past months, the Dutch have overhauled their ties with China in a number of areas involving sensitive technology. The biggest shift came Wednesday, when, in a bombshell announcement, the government said it would impose new export controls on China on advanced microchips technology sold by Dutch tech champion ASML. The Dutch decision implements a political deal struck in January with the U.S. and Japan to choke off the supply of cutting-edge chips to China.
Cellnex and Huawei deploy LR E-band backhaul in Poland
Comms Update
Chinese equipment supplier Huawei says it has deployed the first commercial Long-Reach E-band microwave backhaul network in Europe in conjunction with mobile tower network owner Cellnex. Cellnex Poland now plans to extend its 5G-ready transport network coverage to the whole country.
UK
UK launches new agency to tackle state-sponsored threats to business
The Record by Recorded Future
Alexander Martin
The British government has announced a new body to help businesses and organizations to defend themselves against national security threats, including Chinese attempts at intellectual property theft.
TikTok to be banned on official devices over security fears
The Times
Caroline Wheeler
A ban on the Chinese-owned social media app TikTok from all government electronic devices is to be recommended after a security review raised concerns about the safety of sensitive data. An initial review was done by the government security group, a cabinet committee. However, more recently it is understood that experts at GCHQ’s National Cyber Security Centre assessed the app and identified risks to sensitive information.
Secure messaging apps line up to warn UK’s Online Safety Bill risks web security
TechCrunch
Natasha Lomas
Secure messaging apps are lining up to oppose measures in the U.K. government’s Online Safety Bill they argue will do the opposite of promoting online safety by undermining the robust encryption web users rely upon to safeguard their communications.
Africa
Amnesty calls on Ethiopia to end social media blackout
Channels TV
Donatus Anichukwueze
Amnesty International on Thursday called on Ethiopian authorities to restore access to social media networks including Facebook, TikTok and Youtube as a blockade on some platforms entered its second month.
Middle East
Iran-linked hackers used fake Atlantic Council-affiliated persona to target human rights researchers
CyberScoop
Aj Vicens
According to Secureworks, the hacking group is suspected of operating on behalf of the Intelligence Organization of the Islamic Revolutionary Guard Corps. The cybersecurity firm Proofpoint reported in December that the group had quietly added “outlier” targets to its portfolio over the last two years, including U.S. politicians, medical researchers and even a realtor involved in the sale of multiple homes near the headquarters of U.S. Central Command in Tampa, Fla.
NZ & Pacific Islands
Micronesia’s president writes bombshell letter on China’s ‘political warfare’
The Diplomat
Cleo Paskal
David Panuelo, the president of the Federated States of Micronesia has written a letter to FSM leaders providing extraordinary details on Beijing’s political warfare and grey zone activity in the country – and outlining a potential agreement to switch FSM’s diplomatic recognition from China to Taiwan.
Gender & Women in Tech
Big Tech
Meta considers a new social network, as decentralized model gains steam
The Washington Post
Naomi Nix
Facebook parent company Meta is considering building a new decentralized social media network, joining a movement of other tech companies hoping to lure users away from an embattled Twitter with alternative internet platforms.
Artificial Intelligence
Making deepfakes gets cheaper and easier thanks to A.I.
The New York Times
Stuart A. Thompson
Making realistic fake videos, often called deepfakes, once required elaborate software to put one person’s face onto another’s. But now, many of the tools to create them are available to everyday consumers — even on smartphone apps, and often for little to no money.
People used Facebook's leaked AI to create a 'based' chatbot that says the N-word
VICE
Joseph Cox
After members of 4chan leaked Facebook’s large language model, known as LLaMa, online, one researcher has now taken that leak and created a Discord bot where users can interact with LLaMa in much the same way as they would with other artificial intelligence-powered bots such as ChatGPT.
Companies are struggling to keep corporate secrets out of ChatGPT
Axios
Sam Sabin
Employers are struggling to figure out how to fold ChatGPT into their workflows without risking the security of their corporate secrets, customer information and intellectual property.
Misc
Silicon Valley Bank’s collapse causes start-up chaos
The New York Times
Erin Griffith
The implosion rattled a start-up industry already on edge. Hurt by rising interest rates and an economic slowdown over the past year, start-up funding — which had been supercharged by low interest rates for years — has shriveled, resulting in mass layoffs at many young companies, cost-cutting and slashed valuations. Investments in U.S. start-ups dropped 31 percent last year to $238 billion, according to PitchBook.
HSBC swoops in to rescue UK arm of Silicon Valley Bank
BBC
Michael Race
HSBC has swooped to buy the UK arm of collapsed US Silicon Valley Bank, bringing relief to UK tech firms who warned they could go bust without help.Silicon Valley Bank failure could wipe out 'a whole generation of startups'
NPR
Bobby Allyn
It is a nail-biting limbo state that many tech startups deeply entrenched in Silicon Valley Bank are now facing in the wake of the bank's implosion, the largest American bank failure since the 2008 financial crisis. For tech startups, which for decades have relied heavily on the bank based in Santa Clara, Calif., it has set off a crisis that could lead to mass layoffs, or hundreds of startups collapsing, according to industry insiders.Major cryptocurrencies stabilise after U.S. intervenes on SVB
Reuters
Tom Wilson and Shubham Kalia
Major cryptocurrencies stabilised on Monday after U.S. authorities announced plans to limit the fallout from the collapse of Silicon Valley Bank and the issuer of the USD Coin stablecoin said it remained redeemable with the dollar.
Which stores are scanning your face? No one knows.
The New York Times
Kashmir Hill
Ms. Garcia found the deployment of facial recognition technology to punish corporate enemies alarming. So did local lawmakers. The City Council convened a hearing last month to discuss how Madison Square Garden and other local businesses were using the technology.
The world’s powers are engaged in a fierce technological race. This is the balance of forces
El País
Andrea Rizzi
Huge investments, sanctions, protectionism, espionage, new regulatory frameworks, international alliances, threats: the world’s major powers are battling in an increasingly fierce technological race that encompasses key sectors such as artificial intelligence, quantum computing, biotechnologies, clean energy, aerospace and telecommunications, and which is becoming the main area of strategic competition of our time.
How a Montenegrin gang used open-source intelligence to kill
OCCRP
Stevan Dojčinović
Hitmen working for a criminal group active in Montenegro and Serbia used open-source intelligence techniques, poring over apartment listing sites, satellite images, and tourist photos posted online, to track down and kill the leader of a rival clan as he hid out in Greece.
Research
Jobs
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice.
The Daily Cyber & Tech Digest is brought to you by the team at ASPI’s International Cyber Policy Centre.