Chinese hackers took trillions in intellectual property | Your phone could reveal if you’ve had an abortion | Ethiopia ‘foils’ cyber-attack on Nile dam & financial institutions
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
A yearslong malicious cyber operation spearheaded by the notorious Chinese state actor, APT 41, has siphoned off an estimated trillions in intellectual property theft from approximately 30 multinational companies within the manufacturing, energy and pharmaceutical sectors. CBS News
When someone gets an abortion, they may decide not to share information with friends and family members. But chances are their smartphone knows. The leak of a Supreme Court draft opinion proposing to overturn Roe v. Wade raises a data privacy flash point: If abortion becomes criminal in some states, might a person’s data trail be treated as evidence? The Washington Post
Ethiopian Authorities on Tuesday said they had stopped international cyber-attack attempts targeting the massive Grand Ethiopian Renaissance Dam (GERD) and the country's major financial institutions. “The failed cyber-attacks include attempts to impede the works of the GERD by targeting 37,000 interlinked computers used by financial institutions,” said Shumete Gizaw, the director-general of Ethiopian Information Network Security Agency (INSA). The East African
ASPI ICPC
The World
Chinese hackers took trillions in intellectual property from about 30 multinational companies
CBS News
Nicole Sganga
A new report by Boston-based cybersecurity firm, Cybereason, has unearthed a malicious campaign — dubbed Operation CuckooBees — exfiltrating hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas, and manufacturing-related proprietary data from multiple intrusions, spanning technology and manufacturing companies in North America, Europe, and Asia.
Chinese hackers cast wide net for trade secrets in US, Europe and Asia, researchers say
CNN
Chinese government-linked hackers have tried to steal sensitive data from some three dozen manufacturing and technology firms in the US, Europe and Asia, security researchers said Wednesday, in findings that shed new light on Beijing's alleged use of hacking to buttress its powerhouse economy.Operation CuckooBees: Cybereason uncovers massive Chinese intellectual property theft operation
Cyberreason
Researchers at Cybereason recently discovered such an attack, which was assessed to be the work of Chinese APT Winnti. Cybereason briefed the US Federal Bureau of Investigation (FBI) and Department of Justice (DOJ) on the investigation into the malicious campaign, which Cybereason researchers dubbed Operation CuckooBees.
Buying authenticity: Inside the world of the paid crypto shills
VICE
Maxwell Strachan
One of the companies Duncan has worked with is Dank Bank, a startup that recently raised $4 million to develop an NFT marketplace dedicated to famous memes and viral moments. Harry Jones, the founder and CEO of Dank Bank, told Motherboard that he’s spent money on crypto promoters like Duncan because “traditional advertising just doesn't work in crypto,” as the community isn’t “interested in buying things because they saw a paid ad.” Instead, he said, potential customers are looking for advice from online influencers they already trust.
Australia
Making Australia fit for AUKUS
The Strategist
Lesley Seebeck
A clear vision of Australia as a technologically enabled and creative state is necessary to realise the intent of AUKUS. The government needs better scaffolding for how research is funded, how the research endeavour works, and how technologies are realised. Again, this is not a solely defence matter. Building a technologically adept nation is more than national security and the STEM fields of science, technology, engineering and mathematics. Australia needs the depth of engineering capabilities found in the US national labs and an open, freewheeling approach that encourages creativity. AUKUS can assist with each of these, helping Australia to be better placed to deliver on its part of the agreement.
Cyber shortages drive higher pay and new demand for education
Financial Review
Nicki Bourlioufas
Cyber crime is escalating worldwide. A corresponding rise in demand for cybersecurity professionals has created a skill shortage, pushing up salaries. The (ISC)² Cybersecurity Workforce Study assesses the size of the talent shortage. It found that last year, there were 4.2 million professionals working worldwide. That was an increase of more than 700,000 compared with the year before.
China
Coronavirus: Shanghai residents evade censors to expose life during lockdown
DW News
William Yang
People in China's business capital are flooding social media with content documenting the widespread backlash towards the city's strict lockdown. Censors have been unable to keep up. A recent montage of audio recordings called "Voices of April" that went viral includes residents' demands for basic necessities, crying babies separated from their parents, and people pleading for hospitals to treat their dying family members. Despite efforts to remove the six-minute montage from the Chinese internet, Chinese netizens and members of the diaspora community have found ways to preserve the montage on Western social media platforms.
China’s tech giants are having FOMO on NFTs
TechCrunch
Rita Liao
In mid-April, a group of industry associations in China issued a warning against the potential financial risks of non-fungible tokens, digital assets that represent real-world objects or intangible goods like a song. NFTs must not be traded with cryptocurrencies, said the country’s banking, internet finance and securities associations, and they must not be used to create securitized products.
China’s central bank pledges ‘normalized’ supervision for tech platforms
Bloomberg
China’s central bank said it will implement “normalized” supervision on the financial activities of online platform companies, reiterating comments from top leaders last week. The People’s Bank of China held a meeting on April 29 to discuss implementing financial support for the economy and policies to boost the healthy development of technology platform companies, it said in a statement on Wednesday.
USA
US moves towards imposing sanctions on Chinese tech group Hikvision
Financial Times
Demetri Sevastopulo
The Biden administration is laying the groundwork to place human rights-related sanctions on Hikvision, according to four people familiar with the internal discussions. While a final decision has not been taken, the White House wants to target the company in what would amount to the first time the US has imposed such sanctions on a big Chinese technology group.
DHS watchdog says Trump's agency appears to have altered report on Russian interference in 2020 election in part because of politics
CNN
Priscilla Alvarez and Zachary Cohen
Former President Donald Trump's Department of Homeland Security delayed and altered an intelligence report related to Russian interference in the 2020 election, making changes that "appear to be based in part on political considerations," according to a newly released watchdog report.
Nakasone says Cyber Command did nine 'hunt forward' ops last year, including in Ukraine
CyberScoop
Suzanne Smalley
National Security Agency Director and U.S. Cyber Command Gen. Paul Nakasone said Tuesday that Cyber Command conducted nine “hunt forward” operations in different countries last year, a data point he shared to illustrate why the command’s use of persistent engagement is critical to its success.
Partisan fight breaks out over new disinformation board
The New York Times
Steven Lee Myers and Zolan Kanno-Youngs
The board, an advisory group with the Department of Homeland Security, has become embroiled in the debate over the government’s role in policing online content. The creation of a board, announced last week, has turned into a partisan fight over disinformation itself — and what role, if any, the government should have in policing false, at times toxic, and even violent content online.
Biden orders quantum computing push as China challenge grows
Bloomberg
Katrina Manson
President Joe Biden will sign directives on Wednesday aimed at preparing the U.S for a new era of quantum computing, as Chinese agencies and companies pour billions of dollars into the next-generation technology. The Biden administration wants America’s most vulnerable IT systems to adopt new cryptographic standards that can resist the potential threat of code-cracking posed by quantum computing, a nascent technology that does not yet exist at viable scale.
Brands should force Twitter to uphold content policies under Musk, advocacy groups say
CNN
Brian Fung
Some of the nation's biggest brands including Coca-Cola, Disney and Kraft are facing calls to boycott Twitter if the company's soon-to-be owner, billionaire Elon Musk, rolls back content moderation policies limiting hate speech and election misinformation. In a letter sent to brands Tuesday ahead of the 2022 NewFronts digital advertising conference, more than two dozen civil society groups said marketers should secure commitments from Twitter to retain its most critical policies, including on civic integrity and hateful conduct, and threaten to withdraw funding if Twitter does not comply.
North Asia
Taiwan cracks down on China poaching tech talent
Al Jazeera
Erin Hale
Taiwan is beefing up efforts to protect what may be the island’s most important resources: semiconductor executives and engineers that Taipei says are being poached by China. Earlier this year, Taiwan’s cabinet proposed strengthening the country’s National Security Act to apply harsher sentences for crimes including “extraterritorial misappropriation of trade secrets” and economic espionage. Under the proposed amendments, the offences could soon carry prison sentences of up to 10 and 12 years, respectively, and fines of between $1m and $3.5m.
Researchers tie ransomware families to North Korean cyber-army
The Record
Jonathan Greig
The North Korean army is continuing to try its hand at ransomware, according to a new report from cybersecurity firm Trellix. Christiaan Beek, lead scientist with the company’s threat research division, released a report on Tuesday tying four ransomware families — BEAF, PXJ, ZZZZ and CHiCHi — to the prolific Unit 180 of North Korea’s cyber-army. Trellix said the unit is behind several ransomware attacks on organizations across Asia since 2020, when researchers first discovered the VHD ransomware and tied it to actors connected to the North Korean military.
NZ & Pacific Islands
Cyber crime on the rise, says PNG ICT Minister Masiu
Tech Pacific
Information and Communications Technology (ICT) Minister Timothy Masiu says cyber safety, security and crime are rising with the increase in internet accessibility in the country. “The Digital Transformation Policy 2020 and the Digital Government Act now provide a direction and pathway towards strengthening collaboration and coordination among all stakeholders in pursuing the digital government and digital economy agenda,” he said.
South & Central Asia
India orders VPN companies to collect and hand over user data
CNET
Rae Hodge
In India, virtual private network companies will be required to collect extensive customer data -- and maintain it for five years or more -- under a new national directive from the country's Computer Emergency Response Team, known as CERT-in.
UK
U.K. plans to set security, privacy requirements for app stores
Bloomberg
Leonard Kehnscherper
The U.K. government has published proposals under which app stores could be asked to commit to a code of practice setting security and privacy requirements. The proposed code would require stores to have a “vulnerability reporting process for each app so flaws can be found and fixed quicker,” the Department for Digital, Culture, Media and Sport said in an emailed statement Wednesday.
Elon Musk asked to testify on Twitter by UK Parliament
AP
A British parliamentary committee scrutinizing draft online safety legislation has invited Elon Musk to discuss his plans to buy Twitter and the changes he’s proposing for the social media platform.
Boris Johnson joins lobbying for UK chip designer Arm to list in London
The Guardian
Mark Sweney
Boris Johnson has joined the lobbying effort to convince the British-based chip designer Arm to float in London, as the government fears the damage of losing out to New York in the battle to attract high-profile tech companies looking to list.
Europe
EU accuses Apple of breaking competition law over contactless payments
BBC
Beth Timmins
The European Commission has accused Apple of abusing its market position for contactless smartphone payments. In a preliminary finding, it said the US company may have broken competition law by preventing rivals from accessing its "tap and go" technology. Apple denies the charge and has promised to engage with the Commission.
German regulator imposes tougher rules on Facebook owner Meta
Reuters
Germany's cartel office said that Meta Platforms Inc (FB.O), the owner of Facebook, has "paramount significance for competition across markets", a classification which gives the regulator more leeway to curb digital companies' market power. Under legislation introduced by German lawmakers in early 2021, the cartel office can ban what it deems to be anti-competitive activities.
Spain govt says it has nothing to hide in spyware scandals
AP
Spain’s government said Tuesday it had nothing to hide amid mounting unease over national security controversies involving Pegasus spyware, including the hacking of the prime minister’s cellphone and spying on Catalan separatists by unknown agents. Cabinet spokeswoman Isabel Rodríguez promised that the Socialist-led coalition government will engage in “the utmost collaboration with the legal authorities, including declassifying relevant documents if it proves necessary.”
Africa
Ethiopia ‘foils’ cyber-attack on Nile dam, financial institutions
The East African
Tesfa-Alem Tekle
Ethiopian Authorities on Tuesday said they had stopped international cyber-attack attempts targeting the massive Grand Ethiopian Renaissance Dam (GERD) and the country's major financial institutions. “The failed cyber-attacks include attempts to impede the works of the GERD by targeting 37,000 interlinked computers used by financial institutions,” said Shumete Gizaw, the director-general of Ethiopian Information Network Security Agency (INSA).
Senegal plans law on social media
Africanews
Senegal is considering enacting a law to regulate social media. The revelation was made by President Macky Sall on Tuesday during a meeting with union leaders, local news site Dakaractu.com reported on Wednesday. President Sall termed social media abuse as a 'cancer of the modern world'.
Gender and Women in Cyber
Your phone could reveal if you’ve had an abortion
The Washington Post
Geoffrey A. Fowler and Tatum Hunter
There is precedent for it, and privacy advocates say data collection could become a major liability for people seeking abortions in secret. Phones can record communications, search histories, body health data and other information. Just Tuesday, there was new evidence that commercial data brokers sell location information gathered from the phones of people who visit abortion clinics.
Data broker SafeGraph stops selling location data of people who visit Planned Parenthood
VICE
Joseph Cox
SafeGraph, a location data broker, has stopped offering data related to Planned Parenthood and other similar family planning centers after Motherboard found it was possible to buy information on how many people were visiting the facilities, where they came from, and where they went afterwards, something that experts saw as highly concerning in the wake of the Supreme Court’s potential plan to repeal Roe v. Wade.
Meet the Reddit ‘Aunties’ covertly helping people get abortions
The Washington Post
Pranshu Verma
A modern-day adaptation of underground abortion networks that helped people access care when the procedure was illegal, the Auntie Network stands alongside formal organizations like the Brigid Alliance and the National Network of Abortion Funds that coordinate travel and remove financial barriers to getting abortions. But as the prospect of terminating a pregnancy in America faces staunch restrictions in large swaths of the country, the Reddit group offers a glimpse into a post-Roe era when getting an abortion will require an influx of community-based aid to organize and assist.
Big Tech
TikTok is letting payday lenders prey on financially vulnerable users
Media Matters For America
Olivia Little
TikTok is once again prioritizing profits over the safety of its users, this time allowing predatory payday lending companies to advertise on the platform — despite the fact that the companies seemingly violate TikTok’s own advertising policies. TikTok is enabling the payday lending companies to explicitly target users who are struggling financially, setting them up for potential financial harm.
People can now get contact info cut from Google search results
BBC
Personal contact information such as your phone number, email or home address, can now be removed from Google search results. Previously, individuals could remove links to contact information when it had been published maliciously - so-called "doxxing". Now people can request removal if it poses other risks, for example of "harmful direct contact". Google warns that the information will still exist online.
Former Facebook, WhatsApp employees lead new push to fix social media
The Wall Street Journal
Deepa Seetharaman
Elon Musk isn’t the only entrepreneur with big ideas about how to fix social media. A growing number of startups are emerging to challenge the status quo. Many of them are rooted in their founders’ experiences within the industry’s leading giant, Facebook’s parent company, now known as Meta Platforms Inc.
Events
Digital launch of our tech regulator report
Tech Policy Design Centre
The digital launch of the ANU Tech Policy Design Centre's inaugural report Tending the Tech Ecosystem: who should be the regulator(s)?
Tech regulation beyond big tech
Protocol
Tech regulation is fast coming over the horizon. Companies everywhere are bracing for new privacy legislation and antitrust action, but much of the focus thus far has been on how the biggest tech firms will fare. What about the rest of the sector? How should the thousands of small, medium and enterprise-level tech companies prepare for this new regulatory landscape? Will changing policies bring about a more even playing field, or will growth be stunted for smaller businesses with fewer resources? How should the U.S. avoid one-size-fits-all regulation in such a diverse ecosystem while still checking unfair competition and data abuses?
Report launch: China’s discourse power operations in the Global South
Atlantic Council
As China’s military and economic power has grown, so too has its investment in propaganda and influence operations. Beijing refers to this as “discourse power”: a strategy to increase China’s standing on the world stage by promoting pro-China narratives while criticizing geopolitical rivals. The end goal is to shape a world that is more amenable to China’s expressions, and expansion, of power. Sub-Saharan Africa, Latin America, and the Middle East are at the forefront of China’s discourse power push.
China’s discourse power operations in the Global South
Kenton Thibaut
Jobs
The Sydney Dialogue - Senior Events Coordinator
ASPI ICPC
The Australian Strategic Policy Institute (ASPI) is currently recruiting for an experienced events professional to coordinate the planning and logistics of the second iteration of ASPI’s Sydney Dialogue - the world’s premier summit on emerging, critical and cyber technologies.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice.