MI5 and FBI heads warn of ‘immense’ China threat | North Korea is targeting hospitals with ransomware | Apple to launch ‘lockdown mode’ to protect against Pegasus-style hacks
Good morning. It's Thursday 7th July.
The Daily Cyber Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
Have feedback? Let us know at icpc@aspi.org.au.
Follow us on Twitter and on LinkedIn.
The heads of UK and US security services have made an unprecedented joint appearance to warn of the threat from China. FBI director Christopher Wray said China was the "biggest long-term threat to our economic and national security" and had interfered in politics, including recent elections. BBC News
The U.S. government said Wednesday that North Korea is behind a recent strain of ransomware cyberattacks on hospitals and other health care facilities. In its joint warning, the FBI, Treasury Department and Cybersecurity and Infrastructure Security Agency said North Korean government hackers have been using a strain of ransomware called Maui to infect American hospitals since May 2021. NBC News
Apple is launching a “lockdown mode” for its devices to protect people – including journalists and human rights activists – targeted by hacking attacks like those launched by government clients of NSO Group using its Pegasus spyware. The Guardian
ASPI ICPC
The Chinese Communist Party’s overseas influence operations seek to alter the Xinjiang narrative
The Strategist
Lin Li and James Leibold
Our new report, Cultivating friendly forces: The Chinese Communist Party’s influence operations in the Xinjiang diaspora, exposes how the CCP is actively monitoring Uyghurs living abroad, creating databases of actionable intelligence and mobilising community organisations in the diaspora to counter international criticism of its policies in Xinjiang while promoting its own interests abroad.
Train politicians to spot pro-Beijing front groups: report
Financial Review
Andrew Tillett
According to ASPI’s research, the Chinese Communist Party is monitoring and mobilising community groups and individual members of the Xinjiang diaspora, including Uighurs, in Australia, Canada, Central Asia, Turkey and other countries to hit back at global criticism of its “repressive policies”. Researchers claim the party is also systematically harvesting information on the diaspora, creating databases to strengthen its overseas surveillance and interference work.Federally funded Canadian group used by China to spread propaganda on Uyghurs: report
National Post
Tom Blackwell
Two Canadian community organizations — one of which has received thousands of dollars in federal funding — are prime examples of how the Chinese government has tried to covertly shape opinions worldwide about human rights abuses in Xinjiang province, says a new report by Australian academics.China's influence is a pox: report
The Australian
James Leibold, an expert on Chinese ethnic politics at La Trobe University and one of the report’s authors, says it can be difficult for politicians to navigate the tangle of United Front-associated groups. “None of these groups is registered under the foreign transparency scheme,” Professor Leibold said. “We need to work out why … What are the loopholes? How do we tighten them?” Improving the operation of the foreign inference laws that were passed by the Turnbull government with bipartisan support is one of the recommendations by Mr Leibold and his co-author Lin Li.
How China uses search engines to spread propaganda
Brookings
Jessica Brandt and Valerie Wirtschafter
Using exact text matching between search engine results and state media headlines, we found that at least 19 sources without official Chinese-state media affiliation reposted state-backed content verbatim. If these observations were included in our analysis, they would increase the prevalence of Chinese-state media in top search results by nearly 10%. On YouTube, accounting for known Beijing-backed influencers identified by the Australian Strategic Policy Institute would increase the reach of Chinese state media in top search results by at least 27% (Figure 4).
The World
China: MI5 and FBI heads warn of ‘immense’ threat
BBC News
Gordon Corera
The heads of UK and US security services have made an unprecedented joint appearance to warn of the threat from China. FBI director Christopher Wray said China was the "biggest long-term threat to our economic and national security" and had interfered in politics, including recent elections.
Australia
Can the Chinese government access Australians’ TikTok data? Probably
Crikey
Cam Wilson
Internal meeting recordings obtained by BuzzFeed News revealed that Chinese employees of the short-video platform’s parent company, ByteDance, were still able to access data from the US despite promises that they wouldn’t. It’s reasonable to assume that Australians’ data is also within their grasp.
China
China takes wider aim at foreign tech with national standards plan
Nikkei Asia
Shunsuke Tabeta
Proposed Chinese national technology standards signal a broader push to restrict foreign manufacturers, presenting them with a potential choice between divulging vital design details or abandoning a vast market.
China police database was left open online for over a year, enabling leak
The Wall Street Journal
Karen Hao and Rachel Liang
What is likely one of history’s largest heists of personal data—and the largest known cybersecurity breach in China—occurred because of a common vulnerability that left the data open for the taking on the internet, say cybersecurity experts who discovered the security flaw earlier this year.
USA
NIST announces first four quantum-resistant cryptographic algorithms
NIST
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has chosen the first group of encryption tools that are designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day — such as online banking and email software.
North Asia
North Korea is targeting hospitals with ransomware, U.S. agencies warn
NBC News
The U.S. government said Wednesday that North Korea is behind a recent strain of ransomware cyberattacks on hospitals and other health care facilities. In its joint warning, the FBI, Treasury Department and Cybersecurity and Infrastructure Security Agency said North Korean government hackers have been using a strain of ransomware called Maui to infect American hospitals since May 2021.
FBI warns of North Korean ‘Maui’ ransomware threat on health care and public sectors
American Hospital Association
The FBI today issued a “white” joint cybersecurity advisory warning of ransomware threats against the U.S. health care and public sectors. The bureau said the threat stems from the North Korean state-sponsored “Maui” ransomware platform, which has been in use by cyber actors since at least May 2021.
K Line rolls out AI-based cybersecurity platform
Port Technology
Jack Donnelly
Kawasaki Kisen Kaisha, Ltd. (K Line) has introduced a new AI-based cyber security platform. The Japanese container carrier has installed Cybereason, which is provided by Cybereason Japan Corp. and adopted the firm’s monitoring and analysis service ‘Cybereason MDR (Managed Detection & Response)’ to enhance the cyber security of ship-shore communication in the ships managed by the group.
South & Central Asia
India internet sector in fog after controversial VPN rules delayed
Nikkei Asia
Zafar Aafaq
India's internet industry is under a cloud of uncertainty after the government extended the compliance deadline on contentious new cybersecurity rules that have already driven some companies to stop doing business in the country.
UK
Fake British passports available on dark web ‘within minutes’
Metro
Josh Layton
Fake passports are trading hands on the dark web with ‘frightening’ speed, according to cyber security experts. The counterfeit documents are listed complete with pricing and shipping information by ‘vendors’ who are operating in eBay-style forums. One seller of fake passports, provided in the form of digital scans, claimed they were ‘100% genuine’, with 499 available.
Europe
Italy pushes back against China’s technology transfer
Mercator Institute for China Studies
Rebecca Arcesati and Francesca Ghiretti
The government of Mario Draghi is reportedly establishing a new unit within the cabinet of the prime minister to screen Foreign Direct Investments (FDI) in strategic sectors.
US wants Dutch supplier to stop selling chipmaking gear to China
Bloomberg
Jillian Deutsch, Eric Martin, Ian King and Debby Wu
The US is pushing the Netherlands to ban ASML Holding NV from selling to China mainstream technology essential in making a large chunk of the world’s chips, expanding its campaign to curb the country’s rise, according to people familiar with the matter.
The Middle East
Israel’s cyber advantage over Iran mixed with other abilities - interview with ex-cyber chief
The Jerusalem Post
Yonah Jeremy Bob
Israel has significant cyber advantages over Iran, especially when integrated with its other capabilities, former IDF Unit 8200 Cyber Operations chief col. (res.) Amir Becker told The Jerusalem Post in his first interview since retiring in 2021.
Big Tech
Apple to launch ‘lockdown mode’ to protect against Pegasus-style hacks
The Guardian
Dan Milmo and Stephanie Kirchgaessner
Apple is launching a “lockdown mode” for its devices to protect people – including journalists and human rights activists – targeted by hacking attacks like those launched by government clients of NSO Group using its Pegasus spyware.
Apple expands industry-leading commitment to protect users from highly targeted mercenary spyware
Apple
Apple is previewing a groundbreaking security capability that offers specialized additional protection to users who may be at risk of highly targeted cyberattacks from private companies developing state-sponsored mercenary spyware.
Jobs
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice.
The Daily Cyber Digest is brought to you by the team at ASPI’s International Cyber Policy Centre.