Chinese government-backed hackers exploit Microsoft Exchange zero-days | Internal documents show Moscow influence on RT German staff | Google to stop browser tracking technologies

Mar 3, 2021

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

A Chinese government-backed hacking group has been using previously unknown software exploits in “limited and targeted” data-stealing attacks on organizations that use a popular email software program. CyberScoop
Internal documents from the media platform that DER SPIEGEL has seen show the extent to which German staff are required to follow instructions from Moscow, and how political those instructions are. RT DE is part of a Russian media network that also includes the video news agency Ruptly and the production company Redfish. The platform publishes articles, photos and videos on its own website, on YouTube and via other social networks. Der Spiegel
Google plans to stop selling ads based on individuals’ browsing across multiple websites, a change that could hasten upheaval in the digital advertising industry. The Wall Street Journal

ASPI ICPC

An unusual new media code
The Hindu
@FergusHanson
This week, the Australian Parliament passed a world-first law targeting Google and Facebook. The lead up to the bill pitted the government against two of the world’s largest corporations and the discussion reached the world’s top leaders... The law matters because it is likely to be copied by countries around the world, but there are some limitations to what has been agreed in Australia and opportunities for others to try alternative solutions.

World

Microsoft warns of state-sponsored Chinese hackers exploiting multiple zero-days
CyberScoop
@snlyngaas
A Chinese government-backed hacking group has been using previously unknown software exploits in “limited and targeted” data-stealing attacks on organizations that use a popular email software program.

HAFNIUM targeting Exchange Servers with 0-day exploits
Microsoft Threat Intelligence Center
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.
Urgent patches out for exploited Exchange Server zero-days
iTnews
Microsoft is strongly urging customers with Exchange Server installations to apply patches that address critical vulnerabilities currently exploited by Chinese nation state hackers to steal information and install malware.

Australia

Listing of neo-Nazi group won’t stop the far-right threat to Australia
The Strategist
@dr_westendorf
First, legally designating terrorist groups enables law enforcement to dismantle support activities and networks that sustain groups. The Australian government says that interrupting terror organisations’ planning and finances is vital to preventing terrorist acts. Second, it provides a much-needed legal framework for regulating far-right groups’ activity online. We know that social media platforms and chatrooms, from Facebook to 4Chan, have provided the mediums for extremist individuals and groups to connect, organise and mobilise over the past decade.

Australia's new 'hacking' powers considered too wide-ranging and coercive by OAIC
ZDNet
@ashabeeeee
The Office of the Australian Information Commissioner (OAIC) has labelled the powers given to two law enforcement bodies within three new computer warrants as "wide-ranging and coercive in nature".

Budget rules erode Australian government’s capacity to embrace technology
The Strategist
@lesleyseebeck
Digital technology is intrinsic to government operations and service delivery and the government’s interactions with citizens. The government has to learn to be a smart and savvy manager of technology in a world of accelerating technological competition while overcoming its own fragility and emaciation. Until the government’s incentives and processes are aligned with that intent, it will remain a technology laggard, and economic wellbeing, public needs and national security will suffer.

China

Bitcoin has a Xinjiang problem
Quartz
@Jane_Li911
Investors weighing the popular cryptocurrency Bitcoin need to consider the ethics surrounding it as well—since a significant portion of it is “mined” in China’s Xinjiang, where Beijing is accused of conducting mass human rights abuses.

To G or not to G? How to Sell Software to the Chinese Government
ChinaTalk
@jordanschnyc
The Chinese government continues to promote the modernization of their governance systems and capabilities by investing in the use of digital technology to transform their governance concepts, processes, methods and tools. According to an article published on the Jiazi Guangnian WeChat channel, the latest buzzword surrounding the government market is the pro-B2G sentiment of ‘to G’, meaning to enter the government market.

China’s ‘Sharp Eyes’ Program Aims to Surveil 100% of Public Space
OneZero
@davegershgorn
Sharp Eyes is one of a number of overlapping and intersecting technological surveillance projects built by the Chinese government over the last two decades. Projects like the Golden Shield Project, Safe Cities, SkyNet, Smart Cities, and now Sharp Eyes mean that there are more than 200 million public and private security cameras installed across China.

Read ASPI ICPC’s ‘Engineering global consent: The Chinese Communist Party's data-driven power expansion’ report here.

‘Truth and Reconciliation’: Excerpts from the Xinjiang Clubhouse
SupChina
@dtbyler
For 16 hours, people in a Clubhouse room called “Is there a concentration camp in Xinjiang?” spoke freely, centering the discussion on those most harmed by state violence. Even while it was happening, the conversation felt historic — and worth preserving.

USA

As China Rises, the US Builds Toward a Bigger Role in AI
WIRED
@willknight
After decades of staying out of industrial policy, a Pentagon-appointed commission recommends more spending on research and support for US chip makers.

Election Integrity Partnership @2020Partnership

At long last, the @2020Partnership is excited to release “The Long Fuse: Misinformation and the 2020 Election,” the culmination of months of work among approximately 120 people working across 4 organizations: @stanfordio @uwcip @Grapika_NYC and @DFRLab eipartnership.net/report

Inside ‘TALON,’ the Nationwide Network of AI-Enabled Surveillance Cameras
VICE
@josephfcox
Hundreds of pages of emails obtained by Motherboard show how little-known company Flock has expanded from surveilling individual neighborhoods into a network of smart cameras that spans the United States.

US militia group draws members from military and police, website leak shows
The Guardian
@jason_a_w
A Guardian investigation of a website leak from the American Patriots Three Percent shows the anti-government militia group have recruited a network across the United States that includes current and former military members, police and border patrol agents.

The most engaging political news on Facebook? Far-right misinformation.
Protocol
@issielapowsky
A new study shows that before and after the election, far-right misinformation pages drew more engagement than all other partisan news.

Rasmus Kleis Nielsen @rasmus_kleis

In US on Facebook, "politically extreme sources tend to generate more interactions" & "far-right, misinformation sources far outperform non-misinformation sources" @LauraEdelson2 et al find in interesting work (worth noting I think Fox is coded as misinfo)

Far right news sources on Facebook more engagingFacebook has become a major way people find news and information in an increasingly politically polarized nation. We analyzed how users interacted with different types of posts promoted as news in…medium.com

Southeast Asia

Thai watchdog backs off crypto rules plan
Asia Times
Thailand’s Securities and Exchange Commission (SEC) is backing off its draft plan to require a 1-million-baht (US$33,000) minimum annual income and other requirements for crypto investors, noting the draft was just meant to test public sentiment from stakeholders.

Grab partners with Indonesian government to open COVID drive-through vaccination centre
ZDNet
@campbell_kwan
Grab has partnered with the Indonesian government and medical app Good Doctor to open a drive-through vaccination centre in Bali as part of efforts to inoculate citizens with COVID-19 vaccines.

Leong Wai Kit @LeongWaiKitCNA

Trusted sources have told me that security forces are now randomly conducting checks on vehicle passengers, asking to see their @Facebook posts I’m told those with political posts are arrested Will find out more #WhatsHappeningInMyanmar

Europe

Germany Fears Influence of Russian Propaganda Channel
Der Spiegel
@Roman_Hoefner @akm0803
Internal documents from the media platform that DER SPIEGEL has seen show the extent to which German staff are required to follow instructions from Moscow, and how political those instructions are. RT DE is part of a Russian media network that also includes the video news agency Ruptly and the production company Redfish. The platform publishes articles, photos and videos on its own website, on YouTube and via other social networks.

Kaja Kallas @kajakallas

In a joint letter to @vonderleyen led by #AngelaMerkel, we present together with @MarinSanna & @Statsmin proposals for EU leadership & faster digital transition.

Ryuk ransomware develops worm-like capabilities, France warns
CyberScoop
@shanvav
A new sample of Ryuk ransomware appears to have worm-like capabilities, according to an analysis from the French National Agency for the Security of Information Systems (ANSSI), France’s national cybersecurity agency.

ASML extends sales deal with Chinese chipmaker SMIC to end of 2021
Reuters
@StephenNellis
ASML Holding NV has extended a deal to sell chip manufacturing equipment to Semiconductor Manufacturing International Corp, China’s largest chipmaker, until the end of this year.

Middle East

When U.S. blamed Saudi crown prince for role in Khashoggi killing, fake Twitter accounts went to war
The Washington Post
@craigtimberg @SarahDadouch
Saudi-based Twitter accounts using fake profile pictures, repetitive wording and spammy tactics sought to undermine the conclusion by U.S. intelligence officials, made public Friday, that Crown Prince Mohammed bin Salman “approved” the operation that led to the killing of Washington Post contributing columnist Jamal Khashoggi in 2018.

Misc

Google to Stop Selling Ads Based on Your Specific Web Browsing
The Wall Street Journal
@samschech @keachhagey
Google plans to stop selling ads based on individuals’ browsing across multiple websites, a change that could hasten upheaval in the digital advertising industry.

Erik Brynjolfsson @erikbryn

The 2021 AI Index Report has just been released! We analyze global trends in technical performance, economics, R&D, diversity, education, ethics, and more. Check it out: hai.stanford.edu/research/ai-in… @indexingai @StanfordHAI @DigEconLab #AI #MachineLearning #AIIndex2021

February 2021 Coordinated Inauthentic Behavior Report
Facebook Newsroom
In February, Facebook removed five networks from Thailand, Iran, Morocco and Russia. Two Iranian networks primarily targeted people outside of Iran, and three others — from Thailand, Morocco and Russia — focused on domestic audiences in their respective countries.

The next big wave of disinformation will be heard, not seen
Medium
@RobertaSBraga
Audio chat may be all the rage, but if we are not careful, it could become a primary vector for the spread of disinformation.

Research

Russia's Permanent War against Georgia
Foreign Policy Research Institute
Russia astutely uses a mixture of its national powers in different situations. The case of Georgia illustrates how Russia approaches its ways and means to uphold national ends.

Context before code: Protecting human rights in a state of emergency
Ranking Digital Rights
@ElCalavero @hackylawyER
While the digital platforms we rank were all prepared to seize the moment and profit from the circumstances created by the pandemic, all the companies were caught off guard by the impact of COVID-19 on their own users.

Coercive Labor and Forced Displacement in Xinjiang’s Cross-Regional Labor Transfer Program
The Jamestown Foundation
@adrianzenz
In this special Jamestown Foundation report, Dr. Zenz provides new evidence from Chinese sources, notably previously untranslated documents such as the “Nankai Report”, that Xinjiang’s labor transfers to other regions or provinces in China meet the forced labor definition of the International Labor Organization (ILO).

Read ASPI ICPC's 'Uyghurs for sale' report here.

Jobs

Digital Security Specialist - EngageMedia
Engage Media
EngageMedia is hiring a Digital Security Specialist who will oversee and support our initiatives on digital security and safety in South and Southeast Asia.

Daily Cyber Digest