How China turned a prize-winning iPhone hack against the Uyghurs | ACIC believes there's no legitimate reason to use an encrypted comms | US spy agencies review software suppliers' ties to Russia foll
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
An attack that targeted Apple devices was used to spy on China’s Muslim minority—and US officials claim it was developed at the country’s top hacking competition. MIT Technology Review
The Australian Criminal Intelligence Commission has said an encrypted communication platform is not something a law-abiding member of the community would use. ZDNet
U.S. intelligence agencies have begun a review of supply chain risks emanating from Russia in light of the far-reaching hacking campaign that exploited software made by SolarWinds and other vendors, a top Justice Department official said Thursday. CyberScoop
Australia
ACIC believes there's no legitimate reason to use an encrypted communication platform
ZDNet
@ashabeeeee
The Australian Criminal Intelligence Commission has said an encrypted communication platform is not something a law-abiding member of the community would use.
Proof will be in the pudding on AI: Husic
InnovationAus
@888riley
Labor has given a lukewarm welcome to Scott Morrison’s modest commitment to a National Artificial Intelligence Centre but says government must get past announcements and onto delivery.
China
How China turned a prize-winning iPhone hack against the Uyghurs
MIT Technology Review
@HowellONeill
An attack that targeted Apple devices was used to spy on China’s Muslim minority—and US officials claim it was developed at the country’s top hacking competition.. Today, the Tianfu Cup is heading into its third year, and it’s sponsored by some of China’s biggest tech companies: Alibaba, Baidu, and Qihoo 360 are among the organizers. But American officials and security experts are increasingly concerned about the links between those involved in the competition and the Chinese military.. One other Tianfu organizer, the state-owned Chinese Electronics Technology Group, has a surveillance subsidiary called Hikvision, which provides “Uyghur analytics” and facial recognition tools to the Chinese government. It was added to a US trade blacklist in 2019.
Chinese military unit accused of cyber-espionage bought multiple western antivirus products
The Record by Recorded Future
A Chinese military unit that was accused last month by Japanese authorities of carrying out a years-long cyber-espionage campaign was seen buying batches of different western-made antivirus products. According to multiple procurement documents found by Recorded Future’s Insikt Group, Unit 61419 of the Chinese People’s Liberation Army (PLA) bought small batches of different antivirus products in early 2019. The purchases, carried out through local intermediaries, were for antivirus products from companies such as Kaspersky, Bitdefender, Trend Micro, ESET, Dr.Web, Sophos, Symantec, McAfee, and Avira.
Rare new Windows rootkit spotted in Chinese APT attacks
@campuscodi
In a report published today, security firm Kaspersky said it discovered a rare new Windows rootkit that has remained undetected since at least 20018 and has been deployed in some highly targeted attacks. Rootkit was linked to suspected Chinese APT activity Kaspersky said the rootkit, which it named Moriya, was developed by a mysterious threat actor that bears all the signs of being a Chinese cyber-espionage group (also known as an APT).
Intrusion Truth details work of suspected Chinese hackers who are under indictment in US
CyberScoop
@snlyngaas
Intrusion Truth, a mysterious group known for exposing suspected Chinese cyber-espionage operations, on Thursday published a new investigation that traced front companies allegedly used by two Chinese men whom a U.S. grand jury indicted last year.
An APT with no name
Intrusion Truth
When the 7th July indictment was released naming two Chinese hackers affiliated with the Guangdong State Security Department, it grabbed our interest. Hackers… in China…working with the MSS. Sounds right up our street. But who are Li Xiaoyu (李啸宇) and Dong Jiazhi (董家志)? How do they conduct their activity? The indictment also mentions an unnamed MSS Officer 1. Who could this be? Let’s start with the named hackers…
US-China tech war: Beijing's secret chipmaking champions
Nikkei Asia
Cheng Ting-Fang and Lauly Li, Nikkei staff writers
How Washington's sanctions boosted China's semiconductor sector.
China's Tencent in talks with U.S. to keep gaming investments -sources
Reuters
@gregroumeliotis @deer_echo_
Tencent Holdings Ltd is negotiating agreements with a U.S. national security panel that would allow it to keep its ownership stakes in U.S. video game developers Riot Games and Epic Games, according to people familiar with the matter.
Meet the man China is desperate to silence
The Telegraph
It was right after Adrian Zenz published his report on the abuse of Uyghur Muslims in the Chinese province of Xinjiang that the wave of hacking attacks began. Email after email began landing in his inbox from accounts with Uyghur-sounding names offering "evidence" and imploring him to click on a link.. He has a sophisticated security protocol to protect his work, which he declines to share with The Telegraph other than to say all his communications are either encrypted, conducted through VPNs or over other secure networks. He made sure to archive all the official records he quoted in his reports, which is lucky as the government has since taken them down. “I archive so much that the websites treat me as a spammer and have started blocking me,” he laughs. His work has also made him the target of a considerable disinformation campaign. Chinese state-owned newspapers and government-friendly publications regularly publish hit-pieces. Google Mr Zenz's name and one of the first results is an op-ed on The Global Times calling him a “swindler” and a fraud.
USA
US spy agencies review software suppliers' ties to Russia following SolarWinds hack
CyberScoop
@snlyngaas
U.S. intelligence agencies have begun a review of supply chain risks emanating from Russia in light of the far-reaching hacking campaign that exploited software made by SolarWinds and other vendors, a top Justice Department official said Thursday.
Russian agent accused of interfering in US elections is back meddling online, Facebook says
CyberScoop
@shanvav
A man the U.S. intelligence community has assessed is an active Russian agent who interfered in U.S. elections is back stirring the pot on Facebook, the company announced Thursday.
Facebook’s ‘Supreme Court’ Tells Zuckerberg He’s the Decider
The New York Times
@kevinroose
The company tried to punt its Trump dilemma to a panel of experts. On Wednesday, the experts punted back.
Op-Ed: Facebook Oversight Board's ruling on Trump misses the big picture
LA Times
@MarietjeSchaake
With all the obviously harmful posts on record, we must wonder why the decision about Trump’s account took this much time. Seeding disinformation, sewing violence, inciting hatred and spreading lies, he violated Facebook’s terms of service repeatedly for years, facing no consequences.Facebook board’s Trump decision isn’t just about Trump The Washington Post
The Ringmaster Is Gone The Atlantic
Facebook Is Worried Starbucks May Delete Its Page Over Hateful Comments
BuzzFeed News
@RMac18 @janelytv
Facebook is scrambling to prevent Starbucks from leaving its platform after the world’s largest coffee company said it was dismayed by hateful comments left on its posts about racial and social justice issues.
DOD expands vulnerability disclosure program, giving hackers more approved targets
CyberScoop
@shanvav
The Pentagon is letting outside hackers go after more Department of Defense targets than ever before, in an effort to find DOD’s vulnerabilities before foreign hackers do, DOD announced Wednesday.
South and Central Asia
Has Modi failed India?; and expanding our digital relationships with south-east Asia
ABC Radio National
@le2huong
Australia can and should supercharge its digital engagement with south-east Asia. Rather than seeing it as 'one-way aid', we should recognise the benefits this investment could bring. Guest: Huong Le Thu, senior analyst in the Australian Strategic Policy Institute’s Defence and Strategy Program.
UK
Spy bosses warn of cyber-attacks on smart cities
@gordoncorera
Smart cities will be a target for hackers, and councils need to be prepared, the National Cyber Security Centre (NCSC) has warned.
Chinese stranglehold on rare earths forces UK into secret talks with allies
The Telegraph
@emmagatten
Fears China will “turn off the taps” on Britain’s green revolution has forced ministers to enter secret talks with seven commonwealth countries to mine their rare earths. Officials from the Department of International Trade and the Foreign Office have had meetings with representatives from Australia, Canada, Malawi and Tanzania in a bid to persuade them to supply rare earths, as well as critical metals such as lithium to the UK. Rare earths are found in abundance across the world, but are difficult to process and China controls around 90 per cent of the market.
Europe
Facebook removes Ukraine political ‘influence-for-hire’ network
Reuters
Facebook Inc (FB.O) has taken down a network of hundreds of fake accounts and pages targeting people in Ukraine and linked to individuals previously sanctioned by the United States for efforts to interfere in U.S. elections, the company said on Thursday.
Middle East
Clubhouse App Creates Space for Open Talk in Middle East
The New York Times
@VivianHYee @farnazfassihi
The social networking app is booming in authoritarian countries, where users are speaking freely about otherwise taboo topics.
Misc
Events
Research
Jobs
ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. Candidates must have the ability to synthesis complex cyber and technology developments and explain these developments to media and key stakeholders in plain language. The ability to engage with and brief seniors across parliaments, governments, civil society and the business community.
International Cyber Policy Centre – Strategic engagement, program & research coordinator
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has an outstanding early career role for a talented and proactive individual to support senior centre staff on strategic engagement, program and research coordination.