Malwarebytes becomes fourth security firm targeted by attackers | Australian academics may give China access to their technologies and inventions | India revising e-commerce foreign investment rules

Jan 19, 2021

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

US cyber-security firm Malwarebytes said it was hacked by the same group which breached IT software company SolarWinds last year. Its intrusion was not related to the SolarWinds supply chain incident since the company doesn't use any of SolarWinds software in its internal network. ZDNet
More than 300 scientists and scholars are believed to have been recruited by talent recruitment schemes controlled by the Chinese Communist Party over the past decade, further raising concern Australian academics are giving Beijing access to their technologies and inventions. The Sydney Morning Herald
India is considering revising its foreign investment rules for e-commerce, three sources and a government spokesman told Reuters, a move that could compel players, including Amazon, to restructure their ties with some major sellers. Reuters

Australia

China talent programs may be accessing Australian technology, linked to grant fraud
The Sydney Morning Herald
@Gallo_Ways
More than 300 scientists and scholars are believed to have been recruited by talent recruitment schemes controlled by the Chinese Communist Party over the past decade, further raising concern Australian academics are giving Beijing access to their technologies and inventions. The submission recommended the Australian government specifically prohibit participation in foreign talent-recruitment programs by government employees and ensure participation in CCP talent-recruitment programs and similar conflicts of interest are being adequately handled and investigated by CSIRO. It also called for more research funding for priority areas such as artificial intelligence, quantum science, materials science and energy storage.

Law unto themselves': the Australian battle to curb Facebook and Twitter's power
The Guardian
@Paul_Karp
The suspension of Donald Trump’s accounts sparked outrage among conservatives but the prevailing mood is for greater regulation.

Australia's tangle of electronic surveillance laws needs unravelling
ZDNet
@stilgherrian
The government agrees: Australia needs a whole new electronic surveillance act to sort out the mess. But a bunch of ad hoc laws are already making their way through parliament.

We can’t combat China’s ‘grey zone’ war while polarised
The Australian
@Ben_G_Scott
Much of what Canberra knows about hostile Chinese government activities comes from classified intelligence. As last year’s Defence Strategic Update made clear, Australia’s security environment is increasingly characterised by “grey zone” competition; state behaviour that is aggressive but often covert, or at least deniable, and falls short of acts of war. It includes foreign interference, cyber intrusions and, in some definitions, economic coercion.

China

Zoom spy claims a warning for multinationals in China
Financial Times
@tmitchpk
Mr Jin was the subject of a remarkable complaint filed last month by the US Department of Justice, which is pursuing him for allegedly surveilling and disrupting certain Zoom users on behalf of Chinese police and state security agents.

WeChat advances e-commerce goals with $250B in transactions
TechCrunch
@ritacyliao
The Chinese messenger facilitated 1.6 trillion yuan (close to US$250 billion) in annual transactions through its “mini programs,” third-party services that run on the super app that allow users to buy clothes, order food, hail taxis and more.

USA

Malwarebytes said it was hacked by the same group who breached SolarWinds
ZDNet
@campuscodi
US cyber-security firm Malwarebytes said it was hacked by the same group which breached IT software company SolarWinds last year. Its intrusion was not related to the SolarWinds supply chain incident since the company doesn't use any of SolarWinds software in its internal network.

Marcin Kleczynski @mkleczynski

Today, I disclosed publicly that @Malwarebytes had been targeted by the same nation state actor that attacked SolarWinds. This attack is much broader than SolarWinds and I expect more companies will come forward soon.

Raindrop: New Malware Discovered in SolarWinds Investigation
Symantec Enterprises Blogs
Symantec has uncovered an additional piece of malware used in the SolarWinds attacks which was used against a select number of victims that were of interest to the attackers.

Parler partially reappears with support from Russian technology firm
Reuters
@josephmenn @kenli729 @eculliford
Parler, a social media website and app popular with the American far right, has partially returned online with the help of a Russian-owned technology company.

Trump’s Worst, Most Bizarre Statements About ‘the Cyber’
Wired
@a_greenberg
While Trump has gained a deserved reputation as the most dishonest president in American history on a multitude of topics, few have inspired as much disinformation from him as “the cyber.”

Here’s Who Will Be Running the Pentagon When Biden Takes Office
Defense One
@KatieBoWill
Dozens named in the most comprehensive roster published to date of who will be running DOD when the president-elect is sworn in.

Lindsay P. Gorman @LindsayPGorman

Spot on here from @ABlinken on US-China on focus on threats vs. policy implementation itself. This was particularly true on China tech issues from 5G to TikTok and WeChat. Here’s a way to right the ship: lawfareblog.com/way-forward-us…

Josh Rogin @joshrogin

@SenRonJohnson Blinken says, unprompted, that Trump largely "got it right" on China by focusing more attention on the threats and challenges there. Adds, “I have issues with the way he carried it out, in many ways."

Facebook Said It Would Stop Pushing Users to Join Partisan Political Groups. It Didn’t.
The Markup
@leonyin
According to Citizen Browser data, the platform especially peppered Trump voters with political group recommendations.

North Asia

Taiwan's most valuable AI chip startup eyes global expansion
Nikkei Asia
@ChengTingFang
Kneron aims to grow eightfold in 2021 as US blacklist hits Chinese rivals.

Southeast Asia

ASEAN needs to enhance cross-border cooperation on cybercrime
The Strategist
@EugenioBenincas
ASEAN member states are prime targets for cybercrime given their position among the fastest-growing digital economies in the world. As described in a 2020 Interpol report, the impact of cybercrime will only increase as cybercriminals become more sophisticated, taking advantage of the inefficiencies in regional law enforcement structures.

Read ASPI's report on cybercrime in Southeast Asia here

International: China and Indonesia sign MoU in field of cybersecurity
DataGuidance
The National Internet Information Office of the People's Republic of China and the National Cyber and Cryptographic Bureau of the Republic of Indonesia signed a Memorandum of Understanding on the development of cybersecurity capacity building and technical cooperation.

China, Indonesia sign MoU on internet security amid Washington pressure on Beijing's 5G technology
Global Times
China and Indonesia have signed a memorandum of understanding (MoU) on developing capacity building of internet security and tech cooperation, marking the first-of-its-kind internet security agreement China has signed with a foreign country.

South & Central Asia

Sundar Pichai @sundarpichai

One of the greatest test series wins ever. Congrats India and well played Australia, what a series #INDvsAUS

Exclusive: India plans foreign investment rule changes that could hit Amazon
Reuters
@adityakalra @krishnadas56
India is considering revising its foreign investment rules for e-commerce, three sources and a government spokesman told Reuters, a move that could compel players, including Amazon, to restructure their ties with some major sellers.

India asks WhatsApp to withdraw new privacy policy over ‘grave concerns’
TechCrunch
@refsrc
India has asked WhatsApp to withdraw the planned change to its privacy policy, posing a new headache to the Facebook-owned service that identifies the South Asian nation as its biggest market by users.

Americas

Sensitive equipment being purchased by Global Affairs Canada without consultation with security experts: report
Ottawa Citizen
@davidpugliese
Global Affairs Canada spent $250,000 to have a consulting firm look at the procurement system that led to the arrangement with Nuctech.

Should Australia be buying border-security technology from China’s Nuctech?
The Strategist @KelseyMunro

Misc

This App Claims It Can Detect 'Trustworthiness.' It Can't
VICE
@ToddFeathers
Experts say an algorithm can't determine whether you can be trusted by analyzing your face or voice. But that's not stopping this company from trying.

Jürg Lauber @SwissAmbUN_GVA

Zero Draft of the #UNCyberOEWG report is available online! front.un-arm.org/wp-content/upl…

Read ASPI's report on UN cyber norms here

Which practices help us maintain a secure cyberspace in the Asia Pacific? APNIC @BartHoogeveen

Research

Networked: Techno-Democratic Statecraft for Australia and the Quad
Center for a New American Security
@MartijnRasser
This report lays out a blueprint for Quad technology policy. After setting the scene of the current technological and geopolitical landscape and the context in which the group would operate, the report presents a policymaking framework called techno-democratic statecraft.

Daily Cyber Digest