US agency breached by cybercriminals, gov’t hackers | Russia’s spring offensive in Ukraine could include cyberattacks, Microsoft says | UK expected to ban TikTok from government mobile phones
Good morning. It's Thursday 16th March.
The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
Have feedback? Let us know at icpc@aspi.org.au.
Follow us on Twitter and on LinkedIn.
Cybercriminals and a government-backed hacking group had access to the systems of an unnamed federal civilian executive branch agency from August 2022 to January 2023. In a report released Wednesday by the Cybersecurity and Infrastructure Security Agency, FBI and other agencies, officials said hackers used several vulnerabilities affecting products from Bulgarian software developer Progress Telerik. The Record by Recorded Future
A hacking group with ties to the Russian government appears to be preparing new cyberattacks on Ukraine’s infrastructure and government offices, Microsoft said in a report on Wednesday, suggesting that Russia’s long-anticipated spring offensive could include action in cyberspace, as well as on the ground. The New York Times
Britain is expected to announce a ban on the Chinese owned video-sharing app TikTok on government mobile phones imminently, bringing the UK inline with the US and European Commission and reflecting deteriorating relations with Beijing. The Guardian
ASPI
China, climate change and the energy transition
Australian Strategic Policy Institute
Professor Xu Yi-Chong
This report surveys China’s enormous energy transition to renewables. It begins by sketching the energy challenges China faces and its climate-change-related energy policies, in the context of the global geopolitics of the energy transformation. Next the report focuses on conventional energy sources, followed by electricity, and energy technologies.
Australia
City of Sydney chips in $29m for new climate tech hub
The Australian Financial Review
Paul Smith
The City of Sydney has chipped in $29 million to support the creation of a new city centre hub for technology start-ups working on products related to tackling climate change that will open in July.
IPH enters trading halt after 'cyber incident'
iTnews
ASX-listed IPH, which operates a group of intellectual property services firms, yesterday entered a trading halt to deal with a “cyber incident”. In a brief filing, the company requested the halt “to enable it to manage its continuous disclosure obligations in relation to a cyber incident that IPH has recently become aware of”.
Optus and UniSA appoint cyber security and data science chair
iTnews
Jeremy Nadel
Former United Nations University Institute computer science researcher Dr Mamello Thinyane will become the inaugural Optus chair of cyber security and data science at UniSA. The co-funded role will be run out of the cyber security research and data science collaboration hub, formed by Optus and UniSA in 2020. The partnership between the two organisations aims to bolster research outcomes in data science and cyber security and train future specialists in those fields.
Safe and ethical AI systems ‘to be a force for good’
The Australian
Jamie Walker
In a world-first, Australian business, science and standards organisations have signed up to develop “safe and ethical” artificial intelligence systems amid deepening concern at the technology’s helter-skelter rollout. The aim is to create a government-backed framework to entrench AI as a force for good, delivering fair and equitable outcomes to both individuals and the wider community.
China
Is Xi Jinping a good leader? China’s AI chatbots won’t tell you
The Wall Street Journal
Shen Lu
For companies trying to ride the ChatGPT wave, there is an added layer of headaches if their chatbots are in China: how to weed out any talk of politics. This week, the Chinese search-engine company Baidu Inc. is set to release Ernie Bot, its answer to ChatGPT, driving attention to China’s homegrown chatbots, as well as their capability to ensure politically kosher dialogues. In a country that has built rigid digital borders, censors have learned to adapt to new forms of content and evolving censorship demands. Controlling AI-generated responses from a chatbot presents a new challenge, one that might prove more complex than policing search and social media but could strengthen ideological control and further separate China digitally from the rest of the world, Chinese tech executives, engineers and AI experts say.
USA
CISA: US agency breached by cybercriminals, gov’t hackers
The Record by Recorded Future
Jonathan Greig
Cybercriminals and a government-backed hacking group had access to the systems of an unnamed federal civilian executive branch agency from August 2022 to January 2023. In a report released Wednesday by the Cybersecurity and Infrastructure Security Agency, FBI and other agencies, officials said hackers used several vulnerabilities affecting products from Bulgarian software developer Progress Telerik.
Where the venture community goes from here
The Information
Hemant Taneja
It’s hard to overstate the importance of Silicon Valley Bank to the tech and venture ecosystem. It was foundational in every possible way, making early and well-funded strategic bets on the next generational founders and entrepreneurs that would define the era of innovation most of us have lived in. At the time of its collapse, according to its own website, SVB banked around half of all U.S. venture-backed startups. Given the value those companies have created in terms of job and wealth creation, that is a stupefying statistic. SVB was the go-to resource for nascent businesses when more conservative banks were reluctant to work with them.
SEC proposes new cybersecurity rules for financial firms
The Wall Street Journal
Paul Kiernan
Brokers and asset managers would have to notify their customers of data breaches as part of a raft of cybersecurity and resiliency rules the Securities and Exchange Commission proposed Wednesday. The customer-notification requirement would give firms no more than 30 days to alert individuals whose sensitive information was likely to have been accessed without authorization.
U.S. threatens ban if TikTok’s Chinese owners don't sell stakes
The Wall Street Journal
John D. McKinnon
The Biden administration is demanding that TikTok’s Chinese owners sell their stakes in the video-sharing app or face a possible U.S. ban of the app, according to people familiar with the matter.
North Asia
South Korea plans mega chip-making base to stay ahead
The Wall Street Journal
Jiyoung Sohn
South Korea announced plans to create the world’s largest semiconductor base in the country over the coming two decades, looking to protect its position as a leader in the industry as the U.S. and other countries move to bolster their own chip production.
Ukraine - Russia
Russia’s spring offensive in Ukraine could include cyberattacks, Microsoft says
The New York Times
Julian E. Barnes, David E. Sanger and Marc Santora
A hacking group with ties to the Russian government appears to be preparing new cyberattacks on Ukraine’s infrastructure and government offices, Microsoft said in a report on Wednesday, suggesting that Russia’s long-anticipated spring offensive could include action in cyberspace, as well as on the ground.
Europe
New threat group hacked EU healthcare agency and embassies, researchers say
The Record by Recorded Future
Jonathan Greig
A new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research. Cisco’s Talos cybersecurity team calls the new group “YoroTrooper” and said it has already successfully compromised accounts connected to a “critical” European Union healthcare agency and the World Intellectual Property Organization. The researchers also found that it attacked several embassies.
UK
UK expected to ban TikTok from government mobile phones
The Guardian
Dan Sabbagh, Dan Milmo and Safi Bugel
Britain is expected to announce a ban on the Chinese owned video-sharing app TikTok on government mobile phones imminently, bringing the UK inline with the US and European Commission and reflecting deteriorating relations with Beijing.
New body will help the UK combat national security threats
Security Service MI5
A new body has been created to help the UK combat national security threats. State-sponsored attempts at stealing sensitive research and information can undermine UK businesses and harm our country’s competitiveness on the world stage. As part of the Integrated Review Refresh, the government announced on March 13th the creation of the National Protective Security Authority to help businesses and organisations defend themselves against national security threats.
1,100 scientists and students barred from UK amid China crackdown
The Guardian
Hannah Devlin
More than 1,000 scientists and postgraduate students were barred from working in the UK last year on national security grounds, amid a major government crackdown on research collaborations with China. The sharp increase follows a hardening of the government’s stance on scientific ties with China, with warnings from MI5 of a growing espionage threat, major research centres being quietly shut down and accusations by a government minister that China’s leading genomics company had regularly sought to hack into the NHS’s genetic database.
Big Tech
Apple supplier Foxconn plans to rely less on China for revenue
The Wall Street Journal
Joyu Wang, Yoko Kubota
Foxconn Technology Group, one of Apple’s biggest suppliers, said it would rely less on China as a source of revenue as it diversifies production sites to strengthen supply-chain resilience.
Meta unlawfully handled personal data of Dutch users, court says
Bloomberg
April Roach
An Amsterdam court ruled Facebook acted unlawfully when handling the personal data of its users in the Netherlands for nearly a decade. Personal data processed by Meta Platforms Inc.’s Facebook Ireland unit were used without permission for advertising purposes and were also given to third parties without properly informing users, according to the Wednesday ruling.
Apple’s iPhone maker has $100 million of ‘indirect exposure’ to SVB fallout
Bloomberg
Debby Wu
Apple Inc.’s main iPhone-making partner has indirect exposure to Silicon Valley Bank’s meltdown of about $100 million, joining the ranks of finance and tech firms shaken by the startup linchpin’s failure.
Artificial Intelligence
OpenAI ups the ante in AI wars with GPT-4
The Sydney Morning Herald
Nick Bonyhady
OpenAI has released the next generation of its artificial intelligence system, allowing it to turn image prompts like a sketch into simple websites, in an escalation of competition between its backer Microsoft and technology giant Google.
Misc
Russian media, crypto scammers seize on SVB Panic
Bloomberg
Margi Murphy
Russian media outlets, far-right websites, short sellers and doomsday preppers were among those who pushed and amplified conspiracy theories online focused on the collapse of Silicon Valley Bank, according to disinformation specialists.
Research
Why does the global spyware industry continue to thrive? Trends, explanations, and responses
Carnegie Endowment for International Peace
Steven Feldstein, Brian Kot
The global spyware and digital forensics industry continues to grow despite public backlash following an array of surveillance scandals, many linked to NSO Group’s Pegasus program. It highlights several factors driving the industry, including elevated demand for intrusion technology from government clients and private customers, as well as inconsistent political will from democratic governments to crack down on these technologies.
Events & Podcasts
Jobs
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the growing range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice.
The Daily Cyber & Tech Digest is brought to you by the team at ASPI’s International Cyber Policy Centre.