Cyberconflict and warfare

Microsoft warns of rising cyber threats from nations

A recent Microsoft report claims that Russia, China, and Iran are increasingly collaborating with cybercriminals to conduct cyber espionage and hacking operations. This partnership blurs the lines between state-directed activities and the illicit financial pursuits typical of criminal networks. National security experts emphasise that this collaboration allows governments to amplify their cyber capabilities without incurring additional costs while offering criminals new profit avenues and the security of government protection.

The report, which analyses cyber threats from July 2023 to June 2024, highlights the significant increase in cyber incidents, with Microsoft reporting over 600 million attacks daily. Russia has focused its efforts primarily on Ukraine, attempting to infiltrate military and governmental systems while spreading disinformation to weaken international support. Meanwhile, as the US election approaches, both Russia and Iran are expected to intensify their cyber operations aimed at American voters.

Despite allegations, countries like China, Russia, and Iran have denied collaborating with cybercriminals. China’s embassy in Washington dismissed these claims as unfounded, asserting that the country actively opposes cyberattacks. Efforts to combat foreign disinformation are increasing, yet the fluid nature of the internet complicates these initiatives, as demonstrated by the rapid resurgence of websites previously seized by US authorities.

Overall, the evolving landscape of cyber threats underscores the growing interdependence between state actors and cybercriminals, posing significant risks to national security and public trust.

UK’s ‘Invest 2035’ strategy prioritises cybersecurity and technological adoption to secure future growth

The UK government prioritises adopting innovative technologies through its draft industrial strategy, ‘Invest 2035.’ The comprehensive plan aims to accelerate the integration and scaling of new technologies across eight key growth sectors, including cybersecurity solutions and ensuring that all emerging technologies are secure by design.

To support this technological advancement, the strategy focuses on strengthening cyber resilience by enhancing supply chain resilience to mitigate vulnerabilities that could impede long-term growth. Implementing strengthened cyber resilience measures is essential for safeguarding growth-driving sectors against potential digital threats, thereby reinforcing the overall security of the economy.

Additionally, a crucial element of the strategy is the investment in skills and workforce development, as the UK government acknowledges the need to prepare the workforce for future challenges through substantial investments in skills and training. Promoting cybersecurity education is vital, empowering individuals and organisations to protect themselves better and leverage technological advancements.

Furthermore, the draft strategy emphasises public consultation and stakeholder engagement, inviting input from businesses, experts, unions, and other stakeholders to refine the plan before its final publication in spring 2025. The government also highlights the importance of collaboration between itself and the cyber industry, as these partnerships are essential for addressing existing challenges, such as the skills gap and outdated cyber laws. Ultimately, this strategy aims to support the growth of a secure and resilient economy, fostering an environment where organisations can thrive safely in an increasingly digital world.

Russian forces ramp up AI-driven drone deployment

Russia has announced a substantial increase in the use of AI-powered drones in its military operations in Ukraine. Russian Defense Minister Andrei Belousov emphasised the importance of these autonomous drones in battlefield tactics, saying they are already deployed in key regions and proving successful in combat situations. Speaking at a next-generation drone technology center, he called for more intensive training for troops to operate these systems effectively.

Belousov revealed that two units equipped with AI drones are currently stationed in eastern Ukraine and along Russia’s Belgorod and Kursk borders, where they are engaged in active combat. The AI technology enables drones to autonomously lock onto targets and continue missions even if control is lost. Plans are underway to form five additional units to conduct around-the-clock drone operations.

Russia‘s ramped-up use of AI drones comes alongside a broader military strategy to increase drone production by tenfold, with President Putin aiming to produce 1.4 million units by the year’s end. Both Russia and Ukraine have heavily relied on drones throughout the war, with Ukraine also using them to strike targets deep inside Russian territory.

US lawmakers demand answers from telecom giants on cyberattack

A bipartisan group of US lawmakers is demanding answers from major telecom companies such as AT&T, Verizon, and Lumen Technologies after reports that Chinese hackers accessed sensitive US broadband networks. According to The Wall Street Journal, the breach involved systems the federal government uses for court-authorised wiretapping, sparking concerns about national security.

Led by House Energy and Commerce Committee Chair Cathy McMorris Rodgers and Democrat Frank Pallone, the lawmakers have requested a briefing and detailed answers from the companies by next Friday. They want to know what data was compromised and when the telecoms discovered the intrusion, pointing to broader cybersecurity risks embedded in US telecommunications networks.

While AT&T and Lumen declined to comment, and Verizon has not yet responded, China’s foreign ministry denied involvement, accusing the US of fabricating the allegations. The timeline of the hacking remains unclear, but reports suggest that the hackers may have had access to the networks for months, potentially compromising vast amounts of internet traffic and communication data.

Trump team adopts secure devices amid cyber threats

Donald Trump‘s presidential campaign has strengthened its cybersecurity measures by acquiring secure mobile phones and laptops after facing Iranian cyberattacks and assassination threats. The campaign partnered with Green Hills Software, a California-based company known for its secure operating systems used by various US agencies. The customised phones are designed for basic functions like calls and texts, featuring advanced security protocols such as end-to-end encryption and two-factor authentication.

Green Hills Software CEO Dan O’Dowd, who initiated contact with the campaign, stressed the importance of safeguarding the democratic process. Though the campaign has not made any public statements, insiders revealed that security devices have recently been upgraded. This decision comes after the Iranian hacking group APT42 infiltrated the campaign’s internal communications during a recent cyber espionage operation.

The newly acquired devices create a secure communication network, allowing only those using the same system to connect. The campaign also invested in secure laptops designed to operate in an isolated environment, following the same security principles as the phones. Green Hills Software’s technology is already trusted by US military branches and FBI field offices to maintain secure communications and protect sensitive data.

Meta takes action against Russian-linked accounts in Moldova

Meta Platforms announced it had removed a network of accounts targeting Russian speakers in Moldova ahead of the country’s October 20 election, citing violations of its fake accounts policy. Moldovan authorities have also blocked numerous Telegram channels and chatbots allegedly used to pay voters to cast “no” votes in a referendum on EU membership being held alongside the presidential election. Pro-European President Maia Sandu, seeking a second term, has made the referendum central to her platform.

The deleted Meta accounts targeted President Maia Sandu, pro-EU politicians, and the strong ties between Moldova and Romania while promoting pro-Russia parties. This network featured fake Russian-language news brands masquerading as independent media across various platforms, including Facebook, Instagram, Telegram, OK.ru, and TikTok. Meta’s actions involved removing multiple accounts, pages, and groups to combat coordinated inauthentic behaviour.

Moldova’s National Investigation Inspectorate has blocked 15 Telegram channels and 95 chatbots that were offering payments to voters, citing violations of political financing laws. Authorities linked these activities to supporters of fugitive businessman Ilan Shor, who established the ‘Victory’ electoral bloc while in exile in Moscow. In response, Moldovan police have raided the homes of Shor’s associates, alleging that payments were funnelled through a Russian bank to influence the election. Shor, who was sentenced in absentia for his involvement in a significant 2014 bank fraud case, denies the bribery allegations. Meanwhile, President Maia Sandu accuses Russia of attempting to destabilise her government, while Moscow claims that she is inciting ‘Russophobia.’

Internet Archive hit by major cyberattack

The Internet Archive, a prominent online repository of web pages, faced significant disruptions on Thursday after a major cyberattack that exposed user data. Brewster Kahle, the organisation’s founder, reported a series of distributed denial-of-service (DDoS) attacks that began earlier in the week, leading to the defacement of its website and the breach of usernames, emails, and passwords for millions of users. Although the data has not been corrupted, the attack has raised concerns about cybersecurity vulnerabilities, especially with the upcoming US presidential election on November 5.

The hackers, a group claiming to be pro-Palestinian called ‘SN_BLACKMETA,’ targeted the Internet Archive, accusing it of being connected to US government support for Israel. They reportedly posted a defacing message on the site, which informed users that 31 million accounts had been breached. The site ‘Have I Been Pwned’ later confirmed the stolen records, adding credibility to the hackers’ claims.

Brewster Kahle, founder of the Internet Archive, announced that the organisation is actively working to restore services and strengthen security measures following a major cyberattack. Established in 1996, the nonprofit is renowned for its Wayback Machine, which archives web pages and serves as a critical resource for researchers and journalists. This incident underscores the increasing risks of cyberattacks, particularly for organisations dedicated to preserving information and fostering an open internet.

Cybercriminals use AI to target elections, says OpenAI

OpenAI reports cybercriminals are increasingly using its AI models to generate fake content aimed at influencing elections. The startup has neutralised over 20 attempts this year, including accounts producing articles on the US elections. Several accounts from Rwanda were banned in July for similar activities related to elections in that country.

The company confirmed that none of these attempts succeeded in generating viral engagement or reaching sustainable audiences. However, the use of AI in election interference remains a growing concern, especially as the US approaches its presidential elections. The US Department of Homeland Security also warns of foreign nations attempting to spread misinformation using AI tools.

As OpenAI strengthens its global position, the rise in election manipulation efforts underscores the critical need for heightened vigilance. The company recently completed a $6.6 billion funding round, further securing its status as one of the most valuable private firms.

ChatGPT continues to see rapid growth, boasting 250 million weekly active users since launching in November 2022, emphasising the platform’s widespread influence.

Ghana to launch new cybersecurity policy

Ghana has launched its revised National Cybersecurity Policy and Strategy (NCPS) to tackle the escalating cybersecurity threats arising from its rapid digital transformation. The comprehensive framework is designed to address current cyber risks and anticipate emerging ones, ensuring that Ghana’s digital infrastructure remains resilient and secure over the next five years.

The initiative was officially unveiled during the opening ceremony of the 2024 National Cybersecurity Awareness Month (NCSAM) in Accra, which, notably, saw significant participation from high-ranking officials, including the leadership of the Ghana Armed Forces and key stakeholders in cybersecurity. Moreover, the policy is anchored on five essential pillars – Legal Measures, Technical Measures, Organisational Measures, Capacity Building, and Cooperation.

Why does it matter?

The NCPS addresses the rapid digitalisation occurring across critical sectors such as finance, healthcare, education, and commerce at a pivotal moment for the nation. While these advancements offer substantial socioeconomic benefits, they also expose the nation to significant cyber risks that could jeopardise economic stability and public safety.

Therefore, by implementing the NCPS, Ghana aims to strengthen its defences against these threats, protect its digital achievements and ensure sustainable technological progress. Furthermore, Minister Ursula Owusu-Ekuful emphasised that the policy serves as a vital roadmap for addressing current and future cyber threats. In addition, that underscores the importance of enhancing public-private collaboration to bolster the country’s overall digital resilience.

Japan’s move toward active cyber defence: a strategic shift in national security

On 10 September, the Liberal Democratic Party (LDP) proposed a groundbreaking system of ‘active cyber defence’ (Nōdō-teki saibā bōgyo) for Japan. This initiative, presented to Prime Minister Fumio Kishida by former Defense Minister Itsunori Onodera, aims to bolster national cybersecurity by allowing the government to collect and analyse metadata from domestic telecom providers. The goal is to detect potential cyber threats early and take pre-emptive actions to prevent attacks.

Onodera, who chairs the LDP’s Security Research Commission, emphasised the critical importance of this system for Japan’s national security. The proposal acknowledges the need to limit data collection to comply with Japan’s constitutional protection of ‘secrecy of communications’ under Article 21.

The push for heightened cyber defences gained momentum in April 2022, when former US Director of National Intelligence Dennis C. Blair warned Tokyo that Japan’s cybersecurity measures lagged behind its allies, especially the US. Blair’s recommendations called for Japan to establish stronger cyber leadership, create institutions akin to the US National Security Agency (NSA) and Cyber Command, and enhance collaboration with the US Joint Cyber Defense Collaborative (JCDC).

The current LDP’s proposal is a key part of Japan’s broader national security overhaul, as reflected in the revised National Security Strategy (NSS), National Defense Strategy (NDS), and Defense Buildup Program (DBP), approved by the Japanese government in December 2022. The NSS acknowledges the growing cyber threats, particularly from China and Russia, and emphasises the need for active cyber defence, the procurement of counterattack capabilities, and investment in advanced technologies like AI and unmanned weapons systems.

In the cyber domain, the shift toward ‘active cyber defence’ marks a significant change. Japan plans to create a new organisation to oversee cybersecurity policies and coordinate efforts. The Ministry of Defense will increase its cyber personnel from 1,000 to 4,000 ‘cyber warriors’ and provide training to 16,000 JSDF members over the next five years.

To implement these changes, revisions to existing laws, such as the Telecommunications Law and Unauthorized Computer Access Prohibition Law, are expected. This will enable Japan to carry out administrative interception, bringing it in line with practices in other Western nations. With these measures, Japan aims to strengthen its cybersecurity posture and safeguard critical infrastructure from growing cyber threats.