Spain’s High Court has reignited an investigation into the use of NSO Group’s Pegasus software to spy on Prime Minister Pedro Sanchez and other Spanish politicians. The legal move comes after a previous probe was shelved due to a lack of cooperation from Israeli authorities. Investigators plan to collaborate with France, where similar surveillance targeted politicians and public figures.
The investigation aims to uncover the perpetrators behind the spying activities, which triggered a political crisis in Spain in 2022 and resulted in the resignation of the country’s spy chief. However, no individuals or groups have been formally accused yet. The Spanish government has not disclosed whether foreign or domestic entities are suspected of orchestrating the espionage.
Judge Jose Luis Calama decided to reopen the case following revelations from France regarding the use of Pegasus software to surveil journalists, lawyers, and government officials. French President Emmanuel Macron even changed his mobile phone and number due to security concerns arising from the Pegasus spyware case. Calama emphasised the importance of analysing technical data from both countries’ investigations to identify the culprits behind the cyber attacks.
The judge has ordered expert analysis to compare technical elements gathered by Spanish and French authorities, expecting closer collaboration once this analysis is complete. Calama envisions joint efforts between French and Spanish judicial authorities to determine the origin of the Pegasus spy program’s infiltration in both countries. This renewed investigation signals a concerted effort to address concerns surrounding digital surveillance and protect the privacy of politicians and citizens alike.
South Korean police disclosed that major North Korean hacking groups have been relentlessly conducting cyber assaults on South Korean defence firms for over a year. These attacks have resulted in breaches of internal networks and the theft of crucial technical data. Identified groups include Lazarus, Kimsuky, and Andariel, all linked to North Korea’s intelligence apparatus.
Hackers successfully infiltrated networks using various methods, such as planting malicious codes directly into defence companies’ systems or through their contractors. Police, collaborating with national spy agencies and private sector experts, tracked these attacks. They used indicators such as source IP addresses, signal rerouting architecture, and malware signatures to identify the perpetrators.
One notable case, dating back to November 2022, saw hackers inserting a code into a company’s public network. This code later infected the intranet during a temporary disengagement of the internal security system for a network test. Exploiting security oversights, hackers gained entry through subcontractors’ accounts, who used identical passcodes for personal and official email accounts, extracting confidential technical data.
Although the police did not disclose the affected companies or the specifics of the data breaches, South Korea has become a significant global defence exporter. In recent years, lucrative contracts for items such as mechanised howitzers, tanks, and fighter jets have been valued at billions of dollars. This latest revelation underscores the persistent threat posed by North Korean cyber operations, which extend beyond national borders and target critical industries worldwide.
A military court in Moscow has reportedly sentenced Meta Platforms spokesperson Andy Stone to six years in prison in absentia for ‘publicly defending terrorism.’ This ruling comes amid Russia’s crackdown on Meta, which was designated as an extremist organisation in the country, resulting in the banning of Facebook and Instagram in 2022 due to Russia’s conflict with Ukraine.
Meta has yet to comment on the reported sentencing of Stone, who serves as the company’s communications director. Stone himself was unavailable for immediate response following the court’s decision. Stone’s lawyer, Valentina Filippenkova, indicated they intend to appeal the verdict, expressing a request for acquittal.
The Russian interior ministry initiated a criminal investigation against Stone late last year, although the specific charges were not disclosed then. According to state investigators, Stone’s online comments allegedly defended ‘aggressive, hostile, and violent actions’ against Russian soldiers involved in what Russia terms its ‘special military operation’ in Ukraine.
Why does it matter?
Stone’s sentencing underscores Russia’s stringent stance on online content related to its military activities in Ukraine, extending repercussions to individuals associated with Meta Platforms. The circumstances also reflect the broader context of heightened scrutiny and legal actions against perceived dissent and criticism within Russia’s digital landscape.
China has taken a significant step in modernising its military by establishing the Information Support Force (ISF) to bolster its ability to wage networked warfare. President Xi Jinping formally inaugurated the ISF, emphasising its crucial role in ensuring the People’s Liberation Army (PLA) can succeed in modern conflicts. The ISF aims to develop a network information system tailored to the demands of contemporary warfare, enhancing the PLA’s combat capabilities.
The creation of the ISF consolidates China’s cyberspace and aerospace capabilities under a unified command within the Strategic Support Force. President Xi’s leadership underscores the strategic importance of this new force in advancing China’s military strength across all domains. While specific details of the ISF’s operations remain undisclosed, its establishment aligns with Xi’s broader vision for China’s military modernisation, particularly in light of the PLA’s upcoming centennial anniversary in 2027.
China’s emphasis on information warfare reflects a global recognition of the critical role of communication in modern conflict. However, concerns persist regarding China’s aggressive cyber activities, with FBI Director Christopher Wray characterising China as a persistent threat to US infrastructure. Wray highlighted China’s extensive hacking capabilities, fueled by the theft of intellectual property and data, and emphasised the importance of collaborative efforts to counter these threats.
The FBI’s response to Chinese cyber operations involves close coordination with various entities, including the US Cyber Command, foreign law enforcement agencies, and private sector partners. Wray emphasised the role of partnerships in confronting Beijing’s cyber aggression, stressing the need for proactive engagement from potential victims to mitigate the impact of cyber intrusions. By leveraging collaboration and information sharing, efforts to combat Chinese cyber threats aim to protect critical infrastructure and safeguard against future attacks.
FBI Director Christopher Wray issued a stark warning about Chinese government-linked hackers infiltrating critical US infrastructure, awaiting a strategic moment for devastating action. Speaking at Vanderbilt University, Wray outlined the ongoing Volt Typhoon hacking campaign, which has breached American companies in vital sectors like telecommunications, energy, and water, with 23 pipeline operators among the targets.
FBI Director Christopher Wray issued a warning that Chinese hackers are preparing to attack critical US infrastructure:
“China is positioning its enormous hacking enterprise…The PRC has made it clear that it considers every sector that makes our society run fair game in its… pic.twitter.com/Fwsoj4jWXF
At the 2024 Vanderbilt Summit on Modern Conflict and Emerging Threats, Wray emphasised China’s evolving capability to inflict physical damage on crucial infrastructure at its discretion. The campaign’s intent remains elusive, though it aligns with China’s broader strategy to dissuade US intervention in Taiwan, a democratic territory claimed by Beijing.
China, which has never disavowed the use of force to assert control over Taiwan, denies any government involvement in Volt Typhoon, dismissing it as the work of criminal ransomware groups. The Chinese Embassy in Washington echoed this stance, accusing the US of politicising cybersecurity by attributing attacks to China and portraying itself as the victim.
Wray disclosed that Chinese hackers employ a network of compromised devices globally to obfuscate their activities, a tactic previously identified by private cybersecurity firms like Microsoft and Google. As tensions persist between the US and China over Taiwan and cybersecurity, the spectre of cyberwarfare looms large, underscoring the imperative for robust defences against digital incursions.
The National Security Agency’s Artificial Intelligence Security Center (NSA AISC) has introduced new guidelines to bolster cybersecurity in the era of AI integration into daily operations. The initiative, developed with key agencies like CISA, FBI, and others, focuses on safeguarding AI systems against potential threats.
The recently released Cybersecurity Information Sheet, ‘Deploying AI Systems Securely,’ outlines essential best practices for organisations deploying externally developed AI systems. The guidelines emphasise three primary objectives: confidentiality, integrity, and availability. Confidentiality ensures sensitive information remains protected; integrity maintains accuracy and reliability, and availability guarantees authorised access as needed.
The guidance stresses the importance of mitigating known vulnerabilities in AI systems to preemptively address security risks. Agencies advocate for implementing methodologies and controls to detect and respond to malicious activities targeting AI systems, their data, and associated services.
The recommendations include ongoing compromise assessments, IT deployment environment hardening, and thorough validation of AI systems before deployment. Strict access controls and robust monitoring tools, such as user behaviour analytics, are advised to identify and mitigate insider threats and other malicious activities.
Organisations deploying AI systems are urged to review and implement the prescribed practices to enhance the security posture of their AI deployments. This proactive approach ensures that AI systems remain resilient against evolving cybersecurity threats in the rapidly advancing AI landscape.
National cybersecurity experts have postponed a vote on a proposed EU cybersecurity label until May, according to sources familiar with the matter. The EU aims to implement a cybersecurity certification scheme (EUCS) to ensure the security of cloud services, aiding governments and businesses in selecting trustworthy vendors. This delay allows tech giants like Amazon, Google, and Microsoft to continue bidding for sensitive EU cloud computing contracts.
Disagreements have arisen over whether strict requirements should be imposed on major tech companies to qualify for the highest level of the EU cybersecurity label. These disagreements have stalled progress despite recent discussions among experts in Brussels. Holding the rotating EU presidency, Belgium has made adjustments to the draft, reflecting ongoing deliberations.
The most recent version of the draft has eliminated sovereignty requirements that previously mandated US tech giants to collaborate with EU-based companies to handle customer data in the bloc. While major tech firms have welcomed this change, it has drawn criticism from EU-based cloud vendors and businesses like Deutsche Telekom, Orange, and Airbus. They argue that removing these requirements poses a risk of unauthorised data access by non-EU governments under their respective laws.
Following the experts’ postponed vote, the next phase involves the EU countries providing input, with the European Commission making the final decision. The outcome of these discussions will significantly impact the landscape of cybersecurity regulations and the involvement of major tech players in the EU’s cloud computing sector.
