Nokia and Viettel Group have embarked on a transformative partnership to deploy 5G infrastructure across Vietnam, marking a significant milestone in the country’s digital evolution. The landmark agreement will span 22 provinces, facilitating Viettel’s ambitious strategy to enhance its 5G capabilities and drive digital transformation nationwide.
In addition to rolling out new 5G technology, Nokia will modernise Viettel’s existing 4G infrastructure, ensuring a seamless transition and optimised performance. The deployment will begin this year and will involve installing advanced equipment across 2,500 sites, including AirScale baseband solutions and Massive MIMO radios, all powered by Nokia’s innovative and energy-efficient ReefShark System-on-Chip technology.
That collaboration aligns with the Vietnamese government’s vision of establishing 5G as a critical national infrastructure, anticipated to play a vital role in boosting the digital economy, which is projected to contribute between 20% and 30% of the nation’s GDP by 2030. Together, Nokia and Viettel Group are poised to create new opportunities for economic growth and increased productivity, fostering a robust digital service ecosystem that will benefit consumers and businesses alike.
A senior executive at CrowdStrike apologised to a US House of Representatives subcommittee for a software update that caused a global IT outage in July. Adam Meyers, the company’s senior vice president for counter-adversary operations, explained that a faulty content configuration update to the Falcon Sensor security software led to widespread system crashes. Meyers assured lawmakers that CrowdStrike has reviewed its systems and is improving its update procedures to prevent future issues.
The 19 July incident, though not caused by a cyberattack or AI, led to widespread disruptions across various industries, including airlines, healthcare, media, and banks. Millions of Microsoft Windows devices were impacted, with the outage causing flight cancellations and service interruptions globally. Delta Air Lines, which cancelled 7,000 flights, is pursuing legal action against CrowdStrike, although the company denies responsibility for the airline’s losses.
In the wake of the incident, CrowdStrike lowered its revenue and profit forecasts, acknowledging that the financial impact of the faulty update could affect the company for up to a year.
In a report released on 19 September, Google-owned Mandiant detailed the activities of a group it identified as UNC1860. The report highlighted the group’s advanced tools and hidden backdoors, which continue to be leveraged by other Iranian hacking operations.
The report notes that an Iranian cyber unit within the Ministry of Intelligence and Security (MOIS) has emerged as a key facilitator for the nation’s hackers, offering persistent access to critical systems in the Middle East, particularly in telecommunications and government sectors.
Mandiant adds that these groups allegedly provided initial access for cyberattacks, including operations in late 2023 against Israel using BABYWIPER malware and in 2022 against Albania with ROADSWEEP. While Mandiant couldn’t verify UNC1860’s direct involvement, they identified software designed to support such handoff operations.
UNC1860’s toolkit includes a variety of utilities that enable initial access and lateral movement within networks. These tools are engineered to bypass security software and provide covert access, which could be used for espionage or network attacks.
Mandiant describes UNC1860 as a highly capable threat actor that likely supports a range of goals, from spying to direct network assaults. The firm also reported UNC1860’s collaboration with other MOIS-associated groups like APT34, known for breaching government systems in countries like Jordan, Israel, and Saudi Arabia. A recent APT34 operation was uncovered targeting Iraqi officials.
America’s Three Mile Island energy plant, infamous for the worst nuclear accident in US history, is preparing to reopen after Microsoft signed a 20-year deal to purchase power from the facility. The plant is scheduled to restart in 2028 following upgrades and will supply clean energy to support Microsoft’s growing data centres, especially those focused on AI. The agreement is pending regulatory approval.
Constellation Energy, the plant owner, confirmed that the reactor set to restart is separate from the unit involved in the 1979 accident, which, while not fatal, created significant public fear surrounding nuclear power. This deal represents a revival of interest in atomic energy, driven by increasing concerns about climate change and rising energy needs. The CEO of Constellation described this move as a “rebirth” of nuclear power, highlighting its potential as a dependable source of carbon-free energy.
The plant’s reopening is projected to create 3,400 jobs and add over 800 megawatts of carbon-free electricity to the grid, driving significant economic activity. Although the revival has faced some protests, it underscores a growing trend among tech companies, with Amazon also exploring nuclear energy to meet its expanding energy demands.
The NCSC has collaborated with cybersecurity agencies from the United States, Australia, Canada, and New Zealand to effectively address the global botnet threat. That joint effort underscores the importance of international cooperation in tackling cyber threats that span multiple countries.
By combining their expertise and resources, these agencies have been able to produce a comprehensive advisory that provides detailed information on the botnet’s operation, its impact, and the types of devices it targets. Consequently, this collaboration ensures a robust and unified response to the threat, reflecting the global commitment to enhancing cybersecurity.
Moreover, the advisory issued by these agencies details how the botnet, managed by Integrity Technology Group and used by the cyber actor Flax Typhoon, exploits vulnerabilities in internet-connected devices. It includes technical information on the botnet’s activities, such as malware distribution and Distributed Denial of Service (DDoS) attacks, and offers practical mitigation strategies.
Therefore, it underscores the need for updating and securing devices to prevent them from becoming part of the botnet, providing crucial guidance to individuals and organisations seeking to protect their digital infrastructure. In addition, this international collaboration serves to promote proactive security measures and raise awareness about cybersecurity best practices. The joint advisory encourages users to safeguard their devices and avoid contributing to malicious activities immediately.
The United States is pushing Vietnam to avoid using Chinese firm HMN Technologies in its plan to build 10 new undersea cables by 2030, amid concerns over national security and sabotage. Vietnam’s current cables, essential for global internet connectivity, have suffered repeated failures, prompting the government to prioritise new projects.
Washington is lobbying Hanoi to select more experienced and trusted suppliers for the cables, citing concerns about espionage and security threats linked to HMN Technologies, which the US views as associated with Chinese tech giant Huawei. The US has also raised concerns about possible sabotage of Vietnam’s current subsea cables.
Vietnamese authorities have remained open to working with Chinese firms, but United States officials have stressed that choosing HMN Tech could discourage American companies from investing in Vietnam. Meanwhile, Vietnam’s top telecoms company, Viettel, is already planning a cable with Singapore, bypassing disputed waters in the South China Sea.
The US and China are vying for influence in Vietnam as the Southeast Asian nation looks to expand its undersea cable infrastructure. Both countries are heavily invested in Vietnam, with subsea cables becoming a critical element in the broader US-China technology rivalry.
The US Federal Bureau of Investigation has disrupted another major Chinese hacking group, dubbed ‘Flax Typhoon,’ which had compromised thousands of devices globally. The FBI and officials from several allied countries accused a Chinese company, the Integrity Technology Group, of running the operation under the guise of an IT firm. FBI Director Christopher Wray revealed that the group was gathering intelligence and conducting surveillance for Chinese security agencies, targeting critical infrastructure as well as corporations, media organisations, and universities.
Cybersecurity officials from the UK, Canada, Australia, and New Zealand also joined the US in condemning the hacking group, noting that over 250,000 devices had been compromised as of June. The operation involved hijacking devices through a botnet—a network of infected cameras and storage devices—and was reportedly part of China’s broader cyber-sabotage efforts. Flax Typhoon’s activities mirrored those of another China-backed group, Volt Typhoon, which has been scrutinised for targeting US infrastructure.
The Chinese Embassy in Washington denied the accusations, claiming that the US had made baseless allegations. Despite China’s dismissal, the FBI remains firm, with Wray emphasising that this takedown is only one part of a longer struggle to counter Chinese cyberattacks. The operation faced some retaliation from the hackers, who launched a cyberattack in response but eventually retreated, leaving the FBI in control of the botnet’s infrastructure.
The American Cybersecurity and Infrastructure Security Agency (CISA) has introduced the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan, a key initiative designed to enhance federal cybersecurity across over 100 FCEB agencies. That plan establishes a framework for coordinated support and services, aiming to reduce cyber risks through a unified defence strategy.
The FOCAL Plan prioritises five key areas to advance operational cybersecurity: Asset Management, which focuses on understanding and managing the cyber environment and interconnected assets; Vulnerability Management, aimed at proactively protecting against threats and assessing defensive capabilities; Defensible Architecture, which emphasises building resilient infrastructure; Cyber Supply Chain Risk Management (C-SCRM), to identify and mitigate risks from third parties; and Incident Detection and Response, designed to enhance Security Operations Centers (SOCs) in managing and limiting the impact of security incidents.
The US Cybersecurity and Infrastructure Security Agency (CISA) also notes that while the FOCAL Plan is tailored for federal agencies, it provides valuable insights for public and private sector organisations. It is a practical guide for developing effective cybersecurity strategies and improving coordination across enterprise security capabilities. Rather than offering an exhaustive checklist, the FOCAL Plan prioritises key actions that will drive significant advancements in cybersecurity and alignment goals within the federal sector.
Russia’s Telecommunication Technologies Consortium (TT Consortium), which includes Rostech, Rostelecom, and Element, has raised serious concerns about the country’s new import substitution requirements for telecom equipment. The consortium has formally communicated to the Ministry of Industry and Trade and the Ministry of Digital Transformation that the proposed targets for domestic components are unachievable.
According to the TT Consortium, the domestic market in Russia needs more suitable alternatives to many foreign components, making the mandated thresholds for domestic content impractical. Furthermore, the consortium has warned of potential severe repercussions if the stringent regulations are adopted in their current form. They fear the resolution could lead to the suspension of decisions recognising telecom equipment as domestic starting 1 December 2024. Consequently, this could result in no domestic telecom equipment being available, disrupting supply chains and impacting key sectors, including government operations and critical information infrastructure.
Additionally, the Telecommunication Technologies Consortium has criticised the draft government decree’s ambitious targets, which require telecom equipment to include 10% domestic components by 2026, 30% by 2028, and 60% by 2030. Manufacturers within the consortium argue that redesigning equipment to meet these requirements is daunting, given the current state of domestic component availability. They assert that such redesigns could lead to significant operational disruptions and hinder their ability to supply essential equipment to government clients and critical infrastructure entities.
The Cybersecurity and Infrastructure Security Agency (CISA) have urged federal agencies to either remove or upgrade an outdated Ivanti appliance that has been exploited in recent attacks.
Ivanti updated its advisory, warning that a ‘limited number of customers’ had been breached due to the vulnerability CVE-2024-8190, which was disclosed earlier in the week. The flaw affects Ivanti’s Cloud Service Appliance (CSA), a tool used for secure internet communication and managing devices connected to central consoles. Exploitation of this bug, which the CISA confirmed, allows hackers to gain access to the affected device.
CISA has mandated that all federal civilian agencies remove the appliance or upgrade to version 5.0 by October 4. Ivanti advised customers to check for any new or modified administrative users, which could indicate exploitation of the bug, and to monitor security alerts with specific tools.
This advisory came just one day after another Ivanti vulnerability raised concerns. The company, which faced significant scrutiny after a series of high-profile nation-state attacks exploited its products earlier this year, has committed to a security overhaul.
