Russian government hackers spoof USAID emails | Publicly visible flashcards reveal US nuclear weapons security protocols | Disk-wiping malware disguising itself as ransomware
Russian government hackers spoof USAID emails | Publicly visible flashcards reveal US nuclear weapons security protocols | Disk-wiping malware disguising itself as ransomware
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
Hackers linked to Russia’s main intelligence agency surreptitiously seized an email system used by the State Department’s international aid agency to burrow into the computer networks of human rights groups and other organizations of the sort that have been critical of President Vladimir V. Putin, Microsoft Corporation disclosed on Thursday. Discovery of the breach comes only three weeks before President Biden is scheduled to meet Mr. Putin in Geneva, and at a moment of increased tension between the two nations — in part because of a series of increasingly sophisticated cyberattacks emanating from Russia. The New York Times
For US soldiers tasked with the custody of nuclear weapons in Europe, the stakes are high. Security protocols are lengthy, detailed and need to be known by heart. To simplify this process, some service members have been using publicly visible flashcard learning apps — inadvertently revealing a multitude of sensitive security protocols about US nuclear weapons and the bases at which they are stored. Bellingcat
Researchers say they have uncovered new disk-wiping malware that is disguising itself as ransomware as it unleashes destructive attacks on Israeli targets… In a post published Tuesday, SentinelOne researchers said they had determined with high confidence that, based on the code and the servers Apostle reported to, the malware was being used by a newly discovered group with ties to the Iranian government. WIRED
ASPI ICPC
China's Ongoing Oppression of the Uighurs
Der Spiegel
@schorselysees
Just last week, the Human Rights Committee in German parliament, the Bundestag, spent three hours discussing the situation in Xinjiang and how it should be viewed under international law. The discussion came ahead of a vote on a new supply-chain law, which provides for sanctions against companies whose suppliers use forced labor. The vote was ultimately postponed, but if the law passes, it will impact German companies like VW, which operates a plant in Xinjiang. In 2020, the Australian Strategic Policy Institute (ASPI) published a much-cited study on the camp system in Xinjiang. The researchers examined satellite images from the entire region and were thus able to identify at least 380 facilities. We have set out to track down a few of the coordinates from the study.
Visit our Xinjiang Data Project website and click on 'explore map' to view this particular research and satellite project
‘No concrete proof’ of espionage: Malaysia on verge of Huawei 5G deal
The Sydney Morning Herald
@ChrisBarrett_
Banned by the United States and Australia and shut out by other western nations, Huawei is ramping up its 5G push into south-east Asia with Malaysia shaping as next in line to welcome the Chinese giant. Tom Uren, a senior analyst with the Australian Strategic Policy Institute’s international cyber policy centre, said Australian government officials would be watching Malaysia’s moves with interest. Australia and Malaysia have deep bilateral ties including in defence and this month announced a new partnership on digital co-operation. “I think the concerns about Huawei are broadly shared in many places and the question for governments is ‘how do you manage that risk?’,” he said. “Then there is also the issue of how you manage that politically.”
World
New sophisticated email-based attack from NOBELIUM
Microsoft Threat Intelligence Center
Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation.
Australia
‘Clear failure’: Victoria lags other states on single QR check-in system
The Sydney Morning Herald
@katinacurtis @CroweDM
Federal minister Jane Hume has criticised Victoria’s “hopelessly inadequate” contact tracing system as the state lags other jurisdictions in implementing a single statewide QR code to track visits to coronavirus hotspots.
How Google boss Sundar Pichai learned to live with Australia’s media laws
The Sydney Morning Herald
@zoesam93 @jmcduling
Now, barely five months on, the search giant is singing a different tune. And in his first public comments on the matter, the company’s global chief executive Sundar Pichai has even expressed a degree of support for the government’s contentious media bargaining laws.
Act now on tech to avoid another robodebt: Santow
InnovationAus
@denhamsadler
There is now a “once-in-a-generation” challenge to ensure technology is developed and rolled fairly and equitably to ensure harmful programs like robodebt are avoided in the future, Human Rights Commissioner Ed Santow says.
Cyber attack shuts down Australia’s biggest meat processor
Australian Financial Review
@BradThompson26
A cyber attack has shut down Australia’s biggest meat and food processing company and raised concerns about supply to both domestic and export markets.
China
Army of fake fans boosts China’s messaging on Twitter
Associated Press
China’s ruling Communist Party has opened a new front in its long, ambitious war to shape global public opinion: Western social media. This is the ruling Communist Party’s global propaganda machine in action: Messages set by key state media outlets and the Ministry of Foreign Affairs get picked up by Chinese diplomats around the world, who repackage the content on Twitter, where it is amplified by networks of fake and suspicious accounts working covertly to shape public discourse for the benefit of China’s ruling Communist Party.
Read ASPI ICPC’s reports Trigger warning: The CCP’s coordinated information effort to discredit the BBC and Strange bedfellows on Xinjiang: The CCP, fringe media and US social media platforms
Chinese President Xi Jinping seeks to rally country’s scientists for ‘unprecedented’ contest
South China Morning Post
@CocoF1026
Chinese leader promises to boost investment and free scientists from bureaucracy as Joe Biden seeks heavy increase in US research budget. Xi says country must seek breakthroughs in areas such as artificial intelligence and semiconductors as he warns of major battle between great powers
When Cars Become Computers: The New Data Challenge for EV Companies
Macro Polo
@mazzocco_ilaria
In short, EVs will increasingly become data collection and storage platforms. And this will bring to the forefront a new operational challenge for auto manufacturers as they seek to sell EVs into global markets: complying with data privacy regulation in various countries.
Tech-tonic shift in Sino-Russian cooperation
Observer Research Foundation
@niveditakapoor
Technological cooperation has increasingly gained significance in the Russia-China bilateral relationship, with 2020-21 being marked as the ‘Year of Scientific, Technical and Innovation Cooperation’. This was decided during the summit meeting between Presidents Vladimir Putin and Xi Jinping in 2019, with the Russian leader describing it as one of the ‘most promising areas of cooperation’ for the two countries.
Read ASPI ICPC's report A new Sino-Russian high-tech partnership
Chinese AI firm blacklisted by U.S. gave funds to York, Queen’s universities
The Globe and Mail
@RobertFife @stevenchase
Two Ontario universities, York and Queen’s, have been collaborating with a major Chinese artificial-intelligence company that has been blacklisted by the U.S. government for supplying surveillance equipment used against Muslim Uyghurs.
Chinese state media steps up scrutiny of crypto mining
Protocol
@ZeyiYang
On Friday, Xinhua, China's state-run press agency, published an article on cryptocurrency mining's over-the-top energy consumption. "Electricity should be used where it's needed most to promote economic development," the Xinhua piece says. It also cites unnamed experts' suggestions that market entry restrictions and energy consumption monitoring systems can be established to identify and regulate crypto mines.
ByteDance Investors Say CEO Change Is Reaction to Beijing’s Tech Crackdown
The Information
@JuroOsawa @Yunanzhang_ @beijingscribe
The move by Zhang to play a less prominent role and hand the reins to a trusted confidant, co-founder Liang Rubo, was an unfortunate but necessary measure amid a growing crackdown by Chinese regulators of the country’s most powerful companies and founders, these investors told The Information.
China’s Data Centers, 5G Network Set to Double Emissions by 2035
Bloomberg
Carbon emissions from China’s fast-growing digital infrastructure are set to more than double by 2035, according to Greenpeace, highlighting another challenge to the government’s ambitious goal of reaching net zero by 2060.
USA
US Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps
Bellingcat
@foekepostma
For US soldiers tasked with the custody of nuclear weapons in Europe, the stakes are high. Security protocols are lengthy, detailed and need to be known by heart. To simplify this process, some service members have been using publicly visible flashcard learning apps — inadvertently revealing a multitude of sensitive security protocols about US nuclear weapons and the bases at which they are stored.
Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber
CyberScoop
@timstarks
The budget proposes $9.8 billion in federal civilian cybersecurity funding, a 14% increase from the spending levels allocated for the current fiscal year, according to a summary. That number doesn’t take into account Defense Department funding requests, for which the unclassified total for cyberspace is $10.8 billion. “Cybersecurity is a top priority for this Administration, and recent events, such as the SolarWinds cyber incident, have shown that adversaries continue to target Federal systems,” one budget document reads.
The D.N.C. Didn’t Get Hacked in 2020. Here’s Why.
The New York Times
@nicoleperlroth
A devastating email breach of the D.N.C. roiled Democrats in the final months of 2016. An unassuming security official made it his mission to prevent a recurrence.
Remarks to the UN Group of Governmental Experts on Advancing Responsible State Behavior in Cyberspace in the Context of International Security
United States Mission to the United Nations
Michele Markoff
We have achieved a substantial new body of guidance on the eleven norms to which all UN member states have committed to adhere. States will no longer be left asking questions about what it means to implement each of those norms that have gained so much attention. We have provided detailed explanations about the intent of each norm as well as what it would mean to implement or adhere to it. The international community has been asking for such guidance since the 2015 report. With our current text, we have answered those calls.
Poll: 28% of Republicans believe core Q-Anon beliefs
MSNBC
In a shocking new poll, Public Religion Research found that nearly one in four Republicans believe core QAnon beliefs, such as a “Satan-worshipping pedophile” conspiracy theory.
Amazon devices will soon automatically share your Internet with neighbors
ArsTechnica
@dangoodin001
If you use Alexa, Echo, or any other Amazon device, you have only 10 days to opt out of an experiment that leaves your personal privacy and security hanging in the balance.
Op-Ed: To keep social media from inciting violence, focus on responses to posts more than the posts themselves
Los Angeles Times
@SusanBenesch
When Facebook tried to get its external Oversight Board to decide whether it should ban Donald Trump permanently, the board demurred and tossed the hot potato back to Facebook, ordering the company to make the final call within six months. But one person had unwittingly offered a vital lesson in content moderation that Facebook and other tech companies have so far missed — Trump himself. To put it another way, judging posts exclusively by their content is like studying cigarettes to understand their toxicity. It’s one useful form of data, but to understand what smoking can do to people’s lungs, study the lungs, not just the smoke. If social media company staffers had been analyzing responses to Trump’s tweets and posts in the weeks before the Jan. 6 attack on the Capitol, they would have seen concrete plans for mayhem taking shape, and they could have taken action when Trump was still inciting violence, instead of after it occurred.
North Asia
South Korea Devotes $450 Billion to National Chip Strategy
Synced
On May 13th, South Korea announced an ambitious plan to invest USD 451 billion into the country’s semiconductor industry over the next nine years. Companies involved in chips research and development will receive a 40 percent tax deduction, on top of an additional 6 percent tax remission granted to investments in related facilities. Samsung and SK Hynix, alongside 153 other companies surveyed by the Korea Semiconductor Industry Association, are to benefit from the government initiative. President Moon Jae-in commented that the “government will unite with companies to form a semiconductor powerhouse.”
Hong Kongers are using blockchain archives to fight government censorship
Quartz
@maryhui
With so much content at risk of erasure, not to mention the possibility of backed-up copies being removed from platforms like YouTube due to copyright reasons, it soon became clear that Hong Kong needed a more coordinated and sophisticated approach to archiving its recent past.
Southeast Asia
Indonesia: Suspend, Revise New Internet Regulation
Human Rights Watch
The Indonesian government should suspend and substantially revise a regulation on online content to meet international human rights standards, Human Rights Watch said in a May 17, 2021 letter to Indonesia’s minister of communication and information technology.
New Zealand & The Pacific
The cooling of relations with China: Why two MPs retired last year
Politik
National and Labour quietly agreed last year that two Chinese MPs would retire at the same time because of growing security concerns about their relationship with the Chinese Government. POLITIK has learned from multiple official and political sources that the retirements followed intelligence briefings of both parties. The almost simultaneous announcements were orchestrated by the offices of Jacinda Ardern and Todd Muller working together.
UK
Chinese weapon scientist has been working at the heart of Cambridge University's crucial research into new battlefield material
Daily Mail
Jake Ryan
Matthew Henderson, a former Foreign Office diplomat based in China, said: ‘Over decades, groundbreaking dual-use research in the UK has routinely included Chinese scientists, but does this level of engagement really serve Britain’s interests? Work on new materials and technologies known or likely to have defence and security applications must be conducted securely or it will go on falling prey to systemic competitors.’ Luke McWilliams, a research fellow at Sinopsis, said: ‘Our findings leave a key question, “How do people intimately involved with the Chinese army get to work on highly sensitive projects at top British universities?” Ministers and the security services need to find an answer – and find it before Britain starts losing its scientific crown jewels.’
Net closes in on Chinese 'spies' in UK universities where academics are suspected of passing pioneering British technology to Beijing
Daily Mail
Glen Owen, Jake Ryan
A high-level probe into Chinese ‘spies’ working in British universities could lead to arrests within weeks, The Mail on Sunday has been told. In February, The Mail on Sunday revealed MI6 officers, seconded to the Foreign Office, were leading an investigation into more than a dozen universities for potential breach of export controls. Earlier this year, Manchester University cancelled an agreement with a Chinese military technology company after it was warned it had supplied apps used by Beijing’s security forces in the mass surveillance of Uighurs.
UK intelligence helping US investigate Wuhan lab leak theory
The Telegraph
Con Coughlin @sarahknapton
Britain's intelligence agencies are helping the US investigate whether Covid leaked from a Chinese laboratory, The Telegraph has learned. "What is required to establish the truth behind the coronavirus outbreak is well-sourced intelligence rather than informed analysis, and that is difficult to come by."
Welsh chip maker Newport Wafer Fab fears Chinese takeover by stealth
The Times
@JamieNimmo63
Britain’s biggest microchip factory has accused a Chinese-owned company of trying to seize control in the first big test of new foreign takeover rules.
Europe
Exclusive: Meet The Murky Russian Network Behind An Anti-Pfizer Disinformation Drive In Europe
RadioFreeEurope/RadioLiberty
@kromark Sergei Dobrynin @Mike_Eckel @CarlSchreck
A network of Russian marketing companies known for selling dubious nutritional supplements and pushing malware is behind a disinformation campaign to denigrate Western coronavirus vaccines, according to a new RFE/RL investigation.
Influencers Say They Were Urged to Criticize Pfizer Vaccine
The New York Times
@LizAldermanNYT
The mysterious London public relations agency sent its pitch simultaneously to social media influencers in France and Germany: Claim that Pfizer’s Covid-19 vaccine is deadly and that regulators and the mainstream media are covering it up, the message read, and earn thousands of euros in easy money in exchange. The claim is false. The purported agency, Fazze, has a website and describes itself as an “influencer marketing platform” connecting bloggers and advertisers. But when some of the influencers tried to find out who was running Fazze, the ephemeral trail appeared to lead to Russia.
Danish secret service helped NSA spy on Merkel, EU officials: report
Politico
@PPBermingham
Denmark’s secret services helped the U.S. National Security Agency spy on European officials, including German Chancellor Angela Merkel, under the Barack Obama administration, according to reports by multiple European news outlets.
Bomb threat cited by Belarus was sent after plane was diverted - Swiss email provider
Reuters
@razhael
A bomb threat cited by Belarusian authorities as the reason for forcing a Ryanair jetliner carrying a dissident journalist to land in Minsk was sent after the plane was diverted, privacy-focused email provider Proton Technologies AG said on Thursday.
European police hope Google ads will steer teenagers away from a life of hacking
CyberScoop
@shanvav
In a series of programs launching this year, law enforcement officials are aiming to identify young people deemed at risk of committing crimes, and provide a metaphorical tap on the shoulder, Floor Jansen, a Dutch police officer involved in the creation of the programs, told CyberScoop.
Cyber exercise proves readiness to respond to cyber threats
Permanent Structured Cooperation
The EU successfully exercised their multi-national and multi-disciplinary Cyber Rapid Response Teams as part of the EU's permanent structure for security cooperation and mutual assistance.
Russia
Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency
The New York Times
@SangerNYT @nicoleperlroth
Hackers linked to Russia’s main intelligence agency surreptitiously seized an email system used by the State Department’s international aid agency to burrow into the computer networks of human rights groups and other organizations of the sort that have been critical of President Vladimir V. Putin, Microsoft Corporation disclosed on Thursday. Discovery of the breach comes only three weeks before President Biden is scheduled to meet Mr. Putin in Geneva, and at a moment of increased tension between the two nations — in part because of a series of increasingly sophisticated cyberattacks emanating from Russia.
Huawei calls on an old friend, Russia, as U.S. sanctions bite down
The Washington Post
@evadou Pei Lin Wu @ikhurshudyan
Huawei’s presence in the West has plummeted since a U.S. trade ban, but in Russia, it’s expanding. The company urgently needs to replace U.S. technologies in its supply chain — and it has willing research partners in Russia.
Secret Chats Show How Cybergang Became a Ransomware Powerhouse
The New York Times
@AndrewKramerNYT @mschwirtz @antontroian
As the ransomware industry exploded, a Russian-speaking outfit called DarkSide offered would-be computer crooks not just the tools, but also customer support. We got an inside look.
The Americas
Canada Post hit by data breach after supplier ransomware attack
BleepingComputer
@LawrenceAbrams
Canada Post has informed 44 of its large commercial customers that a ransomware attack on a third-party service provider exposed shipping information for their customers.
Middle East
A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets
WIRED
@dangoodin001
Researchers say they have uncovered new disk-wiping malware that is disguising itself as ransomware as it unleashes destructive attacks on Israeli targets… In a post published Tuesday, SentinelOne researchers said they had determined with high confidence that, based on the code and the servers Apostle reported to, the malware was being used by a newly discovered group with ties to the Iranian government.
Israel's operation against Hamas was the world's first AI war
The Jerusalem Post @AAhronheim
Having relied heavily on machine learning, the Israeli military is calling Operation Guardian of the Walls the first artificial-intelligence war.
Misc
Days before a report, Chinese hackers removed malware from infected
The Record
@campuscodi
Last month, security firm FireEye detected a Chinese hacking campaign that exploited a zero-day vulnerability in Pulse Secure VPN appliances to breach defense contractors and government organizations in the US and across Europe... in a follow-up report published today, FireEye said it found something strange — namely that at least one of the groups involved in the attacks began removing its malware from infected networks three days before its researchers exposed the attacks.
Venmo Will Now Let You Hide Your Friend List Because We Found Biden’s Account
BuzzFeed News
@RMac18 @katienotopoulos
Venmo, the mobile payments app owned by PayPal, is changing its privacy settings after a BuzzFeed News story uncovered President Joe Biden’s account earlier this month.
The human factor — why data is not enough to understand the world
Financial Times
@gilliantett
A couple of years ago, staff at a Google “tech incubator” called Jigsaw made an important breakthrough: they realised that while their company has come to epitomise the power of technology, there are some problems that computers alone cannot solve. Or not, at least, without humans. Jigsaw, wrestling with the problem of online misinformation, quietly turned to anthropologists.
Research
Australians deserve tech that protects their rights
Australian Human Rights Commission
A new report by the Australian Human Rights Commission calls for far-reaching changes to ensure governments, companies and others safeguard human rights in the design, development and use of new technologies like artificial intelligence (AI). The Human Rights and Technology final report, released today, makes 38 recommendations to ensure human rights are upheld in Australia’s laws, policies, funding and education on AI.
Does China Pose a Threat to Global Rare Earth Supply Chains?
ChinaPower
Beijing has established China as the dominant global supplier of rare earths, a collection of 17 minerals that are indispensable to the manufacturing of smartphones, electric vehicles, military weapon systems, and countless other advanced technologies.
Foreign Intelligence Entities' Recruitment Plans Target Cleared Academia
Defense Counterintelligence and Security Agency
Foreign Intelligence entities (FIE), specifically China and Russia, use academic talent recruitment plans and academic excellence initiatives to collect U.S. scientific research and technologies in a strategic effort to enhance their militaries and economies.
More than Half the Battle
Center for a New American Security
Chris Dougherty
China and Russia have developed distinct but similar theories of victory in this new type of warfare focused on prevailing in the techno-cognitive confrontation. While their military strategies and concepts are complex and diverse, they share four critical attributes.
ACHK releases new report on foreign influence activities in Canada
Alliance Canada HK
Alliance Canada Hong Kong published a new report titled, “In Plain Sight: Beijing’s Unrestricted Network of Foreign Influence in Canada.” This report examines the Chinese Communist Party’s (CCP) foreign influence and interference operations happening in Canada and provides recommendations on how to address these operations.
Events
An Australian strategy for the quantum revolution
ASPI
ASPI is delighted to invite you to the hybrid event ‘An Australian Strategy for the quantum revolution’ to be held in person in Canberra and streamed online via Livestorm on Thursday 3 June at 5.30pm. A new report by ASPI’s International Cyber Policy Centre – ‘An Australian strategy for the quantum revolution’ – argues Australia needs a clear quantum strategy with strong political leadership and an organised effort of policy focus and public investment. It also recognises that quantum is just one among a number of critical technologies and that a step change is needed in Australia’s policy settings related to critical and emerging technologies generally. Without this coordinated effort, Australia will be left behind. Join report authors Professor Gavin Brennen, Simon Devitt, Tara Roberson and Peter Rohde, and ASPI’s Danielle Cave for a one-hour panel discussion on the report’s findings, Australia’s competitive advantage in quantum and how we can better leverage the quantum revolution including across the research sector and the national security, defence and intelligence community.
Securign Cyberspace: How we can protect against digital threats to a free and open Indo-Pacific
Macdonald-Laurier Institute
Canada still lacks a well-considered and clearly articulated framework for addressing immediate security needs and planning for longer-term requirements. A cybersecurity gap insidiously and routinely undermines Canadian safety, security, and prosperity. Canada needs a coherent vision and comprehensive policy for cybersecurity that actively and aggressively deters aggression and defends our interests. To shed light on these issues, MLI will host an event with experts from like-minded countries to discuss the cybersecurity challenges facing the Indo-Pacific. Panel will include, Bart Hogeveen, Head of Cyber Capacity Building - International Cyber Policy Centre, Australian Strategic Policy Institute (ASPI).
Jobs
ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. Please note that interviews have commenced for this position and will continue until the end of June. This role will focus on policy relevant cybersecurity analysis, informed public commentary and either original data-heavy research and/or technical analysis. Analysts usually have around 7-15 years work experience. Senior analysts usually have a minimum of 15 years relevant work experience and tend to be involved in staff and project management, fundraising and stakeholder engagement.