Hackers from North Korea, identified as Anadriel or APT45, have conducted a global cyber espionage campaign to steal classified military secrets, supporting Pyongyang’s banned nuclear weapons programme. The joint advisory came from the United States, Britain, and South Korea. The hackers are believed to be part of North Korea’s Reconnaissance General Bureau, which has been under US sanctions since 2015.
These cyber units have targeted a wide range of defence and engineering firms, including those manufacturing tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems. Notable breaches occurred at NASA and US Air Force bases, with significant data extraction. In one 2022 incident, hackers infiltrated NASA’s computer system for three months, extracting over 17 gigabytes of data.
Hackers also employed ransomware to fund their operations, targeting US hospitals and healthcare companies. The US Justice Department has charged one suspect, Rim Jong Hyok, with conspiracy and money laundering. In a 2021 incident, a Kansas hospital paid a ransom in bitcoin, which was traced to a Chinese bank. Authorities are offering a $10 million reward for information leading to Rim’s arrest.
Officials from the FBI and Justice Department have seized some online accounts, recovering $600,000 in virtual currency to be returned to ransomware victims. The operation reveals the extent of DPRK state-sponsored actors’ efforts to advance their military and nuclear programmes. Last year, North Korean hackers breached systems at a Russian rocket design bureau, employing similar phishing techniques and computer exploits.
Malta called for urgent international action against the misuse of cyberspace and its significant impact on societies, governments, critical infrastructure, and global peace and security. Malta’s pivotal role as the President of the Organisation for Security and Cooperation in Europe (OSCE) is highlighted, with a strong focus on enhancing cybersecurity during its term.
Minister for Foreign and European Affairs and Trade Ian Borg has called for increased cyber resilience among OSCE member countries, emphasising the need for cooperation between governments and stakeholders to tackle cyber threats effectively.
The advancements in AI present both opportunities and challenges for cybersecurity. While AI can enhance security measures, it also introduces new vulnerabilities like sophisticated cyber-attacks, deepfakes, and disseminating fake news. Minister Borg stressed the importance of effectively harnessing AI technology to combat cyber threats while preventing misuse.
Minister Borg also criticised the Russian Federation for its malicious cyber activities, particularly in the context of its invasion of Ukraine, highlighting the risks posed to critical infrastructure and essential services. He called for Russia to cease its aggression, underscoring the broader implications for global security and stability. He concluded by emphasising the necessity for enhanced cybersecurity measures and international cooperation to address the evolving nature of cyber threats in today’s interconnected world.
Sam Altman, co-founder and CEO of OpenAI, raises a critical question: ‘Who will control the future of AI?’. He frames it as a choice between a democratic vision, led by the US and its allies to disseminate AI benefits widely, and an authoritarian one, led by nations like Russia and China, aiming to consolidate power through AI. Altman underscores the urgency of this decision, given the rapid advancements in AI technology and the high stakes involved.
Altman warns that while the United States currently leads in AI development, this advantage is precarious due to substantial investments by authoritarian governments. He highlights the risks if these regimes take the lead, such as restricted AI benefits, enhanced surveillance, and advanced cyber weapons. To prevent this, Altman proposes a four-pronged strategy – robust security measures to protect intellectual property, significant investments in physical and human infrastructure, a coherent commercial diplomacy policy, and establishing international norms and safety protocols.
He emphasises proactive collaboration between the US government and the private sector to implement these measures swiftly. Altman believes that proactive efforts today in security, infrastructure, talent development, and global governance can secure a competitive advantage and broad societal benefits. Ultimately, Altman advocates for a democratic vision for AI, underpinned by strategic, timely, and globally inclusive actions to maximise the technology’s benefits while minimising risks.
The movement of illicit semiconductor chips to Russia has seen a notable decrease, according to the US Department of Commerce, driven by intensified efforts from Western nations to curb the flow of technology that could support Moscow’s military capabilities. However, China and Hong Kong continue to serve as significant transhipment hubs, enabling the ongoing, albeit reduced, supply of these critical components.
Western governments have ramped up measures to control the export of semiconductor chips and other sensitive technologies to Russia. These actions are part of broader sanctions aimed at restricting Russia’s access to advanced technology that could be used in military applications. Enhanced scrutiny and stricter enforcement of export controls have been pivotal in reducing the volume of chips reaching Russia.
According to the Semiconductor Industry Association (SIA), the volume of semiconductor chips illicitly reaching Russia has fallen by approximately 20% over the past six months. Despite the slowdown, China and Hong Kong remain key transhipment hubs for semiconductor chips destined for Russia. Playing a crucial role in the supply chain, they often serve as intermediary points where chips are re-exported to avoid detection.
China and Hong Kong are employing sophisticated methods to circumvent sanctions and export controls, including re-routing shipments, re-labelling products, using shell companies, misdeclaring goods, and complex supply chains.
Why does this matter?
Industry experts highlight that while the reduction in chip flows is a positive development, the continued role of China and Hong Kong as transhipment hubs poses ongoing challenges. The complex nature of global supply chains and the high demand for semiconductors make it challenging to eliminate illicit flows entirely.
Spanish police have arrested three pro-Russian hackers suspected of carrying out cyberattacks against Spain and other NATO countries. These attacks, allegedly for terrorist purposes, targeted public institutions and critical infrastructures in nations supporting Ukraine in the ongoing conflict with Russia. The suspects, whose identities have not been disclosed, were detained in Manacor, Huelva, and Seville.
The arrests are linked to the hacktivist group NoName057(16), active since the Russian invasion of Ukraine. The Civil Guard reported that the group’s manifesto acknowledges their intent to retaliate against Western actions perceived as anti-Russian. Police released footage showing a Soviet-era flag in one suspect’s home.
In Ukraine, several startups are advancing AI systems to enhance drone operations, aiming to gain a technological edge in the ongoing conflict. These AI-enabled drones are designed to tackle increasing signal jamming by Russian forces and operate in larger groups, revolutionising modern warfare. The development includes visual systems for target identification, terrain mapping for navigation, and complex programs enabling drones to work in interconnected swarms.
One notable company, Swarmer, is creating software that links drones into a network, allowing for instant decision implementation across the group, with human intervention limited to green-lighting automated strikes. CEO Serhiy Kupriienko explained that AI can manage hundreds of drones, whereas human pilots struggle with more than five. The system, called Styx, directs reconnaissance and strike drones, both aerial and ground-based, with each drone planning its own moves and predicting the behaviour of others in the swarm.
The need for AI drones is increasing as Electronic Warfare (EW) systems disrupt signals between pilots and drones. AI-operated drones could significantly improve hit rates, countering the current drop in strike success due to jamming. The goal is to develop affordable AI targeting systems that can be deployed en masse along the extensive front line, potentially using low-cost computers like the Raspberry Pi. Such advancements could significantly enhance Ukraine’s military capabilities in the ongoing conflict, as seen with their use of Clearview AI’s facial recognition services.
Indonesia is starting to recover data encrypted in a significant ransomware attack last month, which impacted over 160 government agencies. The cybercriminals, identified as Brain Cipher, initially demanded $8 million in ransom but later apologised and released the decryption key for free, according to cybersecurity firm StealthMole.
The attack disrupted several government services, including immigration and primary airport operations. Officials acknowledged that much of the data had yet to be backed up. Chief Security Minister Hadi Tjahjanto stated that data for 30 public services across 12 ministries had been recovered using a ‘decryption strategy,’ though details were not provided.
The Communications Ministry is gradually restoring services and assets affected by the attack. It remains to be seen if the government used Brain Cipher’s decryption key directly. Neither Hadi nor Communications Minister Budi Arie Setiadi commented on the matter.
Ransomware attacks involve encrypting data and demanding a ransom to unlock it. In this case, the attackers used malicious software known as Lockbit 3.0.
NATO has announced the establishment of the NATO Integrated Cyber Defence Centre (NICC) at its headquarters in Belgium, aimed at bolstering the alliance’s cyber defence capabilities. The following move, unveiled during the 2024 NATO Summit in Washington, DC, comes as NATO marks its 75th anniversary. The NICC will serve to alert military commanders about potential cyber threats and vulnerabilities, enhancing the protection of NATO’s networks and operational use of cyberspace.
The decision to create the NICC is driven by the increasing frequency and sophistication of cyberattacks targeting NATO and its member nations, especially following the Russian invasion of Ukraine in 2022. Notable Russian cyber threat actors like APT 29 and APT 28, along with various hacktivist groups, have been responsible for major cyberattacks, including the 2020 SolarWinds hack and recent attacks on tech companies and the EU diplomatic entities.
NATO spokesperson Farah Dakhlallah announced the creation of the NICC on social media, highlighting its role in leveraging advanced technologies to boost situational awareness in cyberspace and enhance collective resilience and defence. The new centre will integrate civilian and military personnel from NATO countries and involve experts from the cybersecurity industry. Additionally, it will incorporate privately owned civilian critical infrastructure to support NATO’s military activities.
The NICC will be based at NATO’s Supreme Headquarters Allied Powers Europe (SHAPE) in Belgium, home to NATO’s Allied Command Operations. Further details about the NICC and its operations are expected to be disclosed in the coming months.
Australia has instructed all government entities to review their technology assets for risks of foreign control or influence. The directive aims to address increasing cyber threats from hostile states and financially motivated attacks. The Australian Signals Directorate (ASD) recently warned of state-sponsored Chinese hacking targeting Australian networks.
The Department of Home Affairs has issued three legally-binding instructions requiring over 1,300 government entities to identify Foreign Ownership, Control or Influence (FOCI) risks in their technology, including hardware, software, and information systems. The organisations in question must report their findings by June 2025.
Additionally, government entities are mandated to audit all internet-facing systems and services, developing specific security risk management plans. They must also engage with the ASD for threat intelligence sharing by the end of the month, ensuring better visibility and enhanced cybersecurity.
The new cybersecurity measures are part of the Protective Security Policy Framework, following Australia’s ban on TikTok from government devices in April 2023 due to security risks. The head of the Australian Security Intelligence Organisation (ASIO) has highlighted the growing espionage and cyber sabotage threats, emphasising the interconnected vulnerabilities in critical infrastructure.
Several Macau government websites were hacked, prompting a criminal investigation, Chinese state media reported on Wednesday. The hacked sites included those of the office of the secretary for security, the public security police, the fire services department, and the security forces services bureau, causing service disruptions.
Security officials in Macau’s Special Administrative Region believe the cyberattack originated from overseas. However, no further details have been disclosed at this time.
In response, authorities collaborated with telecommunications operators to restore the affected services as quickly as possible. The investigation into the source of the intrusion is ongoing.
