Cyberconflict and warfare

Russian state media disrupted by cyberattack

VGTRK, Russia’s state media giant, has been hit by a large-scale cyberattack. The company, which operates key national TV and radio stations, confirmed its online services were disrupted, though broadcasting remains unaffected. Kremlin spokesman Dmitry Peskov described the attack as unprecedented, adding that specialists were investigating the source.

A Ukrainian government source claimed responsibility, stating that the attack coincided with President Vladimir Putin’s birthday. However, these assertions have not been independently verified. VGTRK’s website and online news channel were unavailable following the attack.

The disruption affected internal services, with reports of widespread damage. Some sources suggested hackers wiped critical data, including backups. VGTRK has yet to issue an official comment on the full extent of the breach or recovery efforts.

Maria Zakharova, Russia’s Foreign Ministry spokesperson, did not directly blame any group but linked the incident to a broader ‘hybrid war’ against media in Russia. Moscow plans to address the cyberattack at international forums like UNESCO.

Major US telecoms reportedly hit by Chinese cyberattack on wiretap systems

Chinese hackers reportedly accessed US broadband networks, compromising systems used for government-authorised wiretapping. The Wall Street Journal revealed that major telecom providers, including Verizon, AT&T, and Lumen Technologies, were affected by the breach.

Hackers are believed to have maintained access for months, enabling them to intercept internet traffic and sensitive communications data. US investigators, who labelled the hacking group ‘Salt Typhoon’, indicated that the breach was intelligence-focused.

China’s foreign ministry responded to the accusations, denying knowledge of the incident and condemning the US for what they called ‘a false narrative’. Beijing had previously denied involvement in similar cyber-espionage claims.

Lumen Technologies declined to comment, while Verizon and AT&T did not respond immediately. The breach follows the exposure of another Chinese hacking group earlier this year, as part of a broader campaign by US law enforcement.

US and Poland sign cybersecurity MOU to enhance global digital security and cooperation

The US Department of Homeland Security (DHS) and the Polish Ministry of Digital Affairs (MDA) have signed a Memorandum of Understanding (MOU) to bolster their collaboration in cybersecurity and emerging technology. This MOU strengthens the longstanding partnership between the United States and Poland, providing a structured framework for coordinated efforts in addressing global security challenges, including cyber threats and responsible technology development.

By focusing on key areas such as cyber policy, Secure by Design practices, information sharing, incident response, human capital development, and the safe deployment of AI and the Internet of Things (IoT), both nations demonstrate a shared commitment to transatlantic security. The timing of this MOU, which coincides with the Fourth Counter Ransomware Initiative Summit, reflects a united stance against the growing ransomware threat, as nearly 70 countries gathered to reinforce global resilience against cybercrime.

Various agencies will spearhead the implementation of the MOU as part of the agreement. In the United States, DHS entities like the Cybersecurity and Infrastructure Security Agency (CISA), the Office of Strategy, Policy, and Plans, and the Science and Technology Directorate will drive projects that enhance cybersecurity and support critical infrastructure. On the Polish side, the National Research Institute (NASK) will be instrumental in coordinating these efforts, positioning Poland for its upcoming EU Council presidency in 2025, where it aims to strengthen US-EU relations and prioritise European information security.

Why does it matter?

Together, these agencies will focus on collaborative initiatives that ensure safe technology practices, build critical skills, and enable a proactive response to digital threats, securing a stronger digital future for both nations.

Rising fears of foreign interference in US election

Concerns are rising ahead of the US presidential election, with the latest intelligence suggesting interference from foreign nations like Russia, Iran, and China. The annual threat assessment released by the Department of Homeland Security highlights the use of AI by these countries to spread misinformation and create fake websites.

Russian actors have focused on amplifying divisive narratives, particularly around immigration. Iran has adopted a more aggressive approach, posing as activists online to encourage protests related to the conflict in Gaza. China is also seen as a potential player in efforts to undermine confidence in US democratic institutions.

The upcoming election, expected to be highly contested between Kamala Harris and Donald Trump, presents further opportunities for foreign interference. Tensions within the US could be exacerbated by these external efforts, along with potential threats from domestic extremists.

Domestic violent extremism also remains a serious concern. The report warns of the risk posed by lone actors or small cells driven by grievances related to race, religion, or anti-government views. These groups may attempt violent actions to instill fear or disrupt the electoral process.

Britain targets Evil Corp in new cybercrime sanctions

Britain has imposed sanctions on 16 members of the Russian cyber-crime group Evil Corp, accusing the group of conducting cyber-attacks on NATO allies under orders from Russian intelligence. The National Crime Agency (NCA) said the move is part of a coordinated effort with the US and Australia to combat significant cyber threats. Evil Corp’s leader, Maksim Yakubets, has been linked to Russia’s intelligence agencies, and a $5 million bounty was placed on him by the US in 2019.

The Russian cyber-crime group Evil Corp has been linked to numerous illegal activities, including ransomware attacks through its affiliate, LockBit. Major organisations like Boeing and Britain’s Royal Mail have been among their targets. Evil Corp’s deep connections with Russian intelligence agencies, such as the Federal Security Service (FSB), Foreign Intelligence Service (SVR), and military intelligence (GRU), underscore the increasing worries about cybercrime with state sponsorship. These links point to the potential use of cyber-criminals for espionage and cyber-attacks against global entities.

Alongside asset freezes and travel bans on the designated individuals, British officials disclosed that Maksim Yakubets’ father-in-law, a former FSB official, contributed to protecting Evil Corp. Additionally, the US Department of Justice has indicted Yakubets’ associate, Aleksandr Ryzhenkov, for conducting ransomware attacks throughout Texas and beyond. This coordinated global action highlights an ongoing commitment to combating cybercrime and safeguarding international security.

UK GCHQ defends the importance of law for cyber operations

Senior officials from GCHQ, the UK’s cyber and signals intelligence agency, published a rare article defending the role of legal frameworks in guiding cyber operations. The article responds to recent criticism by an anonymous European intelligence official in Binding Hook, who argued that the West’s cyber capabilities are being constrained by overly stringent legal oversight. According to the article, these restrictions may be giving cyber actors from countries like China and Russia a strategic advantage, as they face fewer operational constraints. The article also points to recent public statements by former leaders of Germany’s foreign intelligence service, who have voiced concerns that excessive legal oversight is weakening national security efforts.

Although the GCHQ article does not reference specific cyber operations, it addresses a significant challenge faced by agencies focused on foreign intelligence. Under current laws, such agencies may be prohibited from collecting intelligence from systems owned by their own citizens, even if those systems are being exploited by foreign attackers.

GCHQ’s stance emphasises the need for a balanced approach, arguing that cyber operations can and should be conducted in a ‘responsible and democratic’ manner. The following article reflects the agency’s growing engagement with public and academic discussions on the evolving role of law in modern cybersecurity.

Three Iranian nationals indicted for hacking Trump campaign

Three Iranian nationals have been indicted in the US for their alleged involvement in a hacking campaign targeting former President Donald Trump’s 2020 campaign. The US Justice Department unsealed charges against Seyyed Ali Aghamiri, Yasar Balaghi, and Masoud Jalili, who are believed to be affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC). The three individuals, based in Iran, face charges including material support for terrorism, computer fraud, wire fraud, and identity theft.

Though no evidence suggests the stolen data was used, Iran’s intent to influence the US election was highlighted. The State Department has issued a $10 million reward for information leading to the capture of Aghamiri, Balaghi, and Jalili. According to the indictment, the hackers impersonated government officials and used spear-phishing tactics to infiltrate systems and steal sensitive information. Their motives, beyond general geopolitical disruption, reportedly included avenging the death of Iranian military commander Qasem Soleimani, who was killed in a US strike in January 2020.

The US and UK governments issued indictments alongside sanctions and alerts, highlighting ongoing cybersecurity threats posed by the IRGC. Both countries’ cybersecurity agencies jointly released a 14-page advisory detailing recent cyber activities linked to the IRGC, cautioning against tactics described in the indictment and additional tools used to target presidential campaigns, senior government officials, think tank leaders, journalists, activists, and lobbyists. In addition, John Hultquist from Google’s Threat Intelligence Group stated that Iran controls ‘multiple contractors’ responsible for some of the most aggressive cyber operations in the Middle East, Europe, and the US.

US bolsters digital security with the ROUTERS Act to counter foreign cyber threats

The United States is making a pivotal move to bolster its digital security by introducing the ROUTERS Act, a bill specifically designed to address vulnerabilities in consumer internet routers and wireless infrastructure. Since these devices are crucial in connecting users to the internet, they have increasingly become prime targets for cyberattacks, particularly by foreign adversaries such as China.

Consequently, the legislation, which has already passed the House of Representatives, focuses on hardware developed or manufactured by companies based in countries of concern, including China, Iran, Russia, North Korea, and Venezuela. Notably, Chinese-made routers, such as those from TP-Link, are widely used in American households and even government agencies, presenting significant security risks.

To counter these threats, the ROUTERS Act mandates that the Department of Commerce conduct a study to assess the national security dangers posed by these devices. This crucial step could pave the way for future legislative actions to mitigate the vulnerabilities that threaten the US’s digital infrastructure.

Furthermore, the United States has already experienced the damaging effects of cyberattacks, particularly from Chinese-backed hacker groups exploiting router vulnerabilities to infiltrate networks and conduct espionage. Various reports and investigations have consistently highlighted the dangers posed by outdated and insecure routers, particularly those from manufacturers like TP-Link, which remain used by consumers and critical government agencies, including the Department of Defense.

As a result, the ROUTERS Act seeks to address these threats by requiring a comprehensive study of the national security risks posed by such devices, particularly those originating from adversarial nations. As the Senate prepares to review the bill, there is bipartisan support to strengthen it further by designating the National Telecommunications and Information Administration (NTIA) as the lead agency overseeing the study.

Given its expertise in managing digital infrastructure and cybersecurity threats, the NTIA is well-positioned to ensure a thorough evaluation of the risks. Ultimately, this would enable the United States to coordinate better efforts across federal agencies to secure its digital infrastructure and safeguard against foreign cyber threats.

US intelligence official claims that Russia uses AI to influence US election

Russia has been the most active foreign power using AI to influence the upcoming United States presidential election, according to a US intelligence official. Moscow’s efforts have focused on supporting Donald Trump and undermining Kamala Harris and the Democratic Party. Russian influence actors are employing AI-generated content, such as text, images, and videos, to spread pro-Trump narratives and disinformation targeting Harris.

In July, the US Justice Department revealed the disruption of a Russia-backed operation that used AI-enhanced social media accounts to spread pro-Kremlin messages in the US Additionally, Russian actors staged a false hit-and-run video involving Harris, according to Microsoft research. The intelligence official described Russia as a more sophisticated player in comparison to other foreign actors.

China has also been leveraging AI to shape global perceptions, though it is not focused on influencing the US election outcome. Instead, Beijing is using AI to promote divisive political issues in the US, while Iran has employed AI to generate inauthentic news articles and social media posts, targeting polarising topics such as Israel and the Gaza conflict.

Both Russia and Iran have denied interfering in the US election, with China also distancing itself from attempts to influence the voting process. However, US intelligence continues to monitor the use of AI in foreign influence operations as the November 5 election approaches.

Iran-related hackers planted backdoors across Middle East critical infrastructure, according to Mandiant

In a report released on 19 September, Google-owned Mandiant detailed the activities of a group it identified as UNC1860. The report highlighted the group’s advanced tools and hidden backdoors, which continue to be leveraged by other Iranian hacking operations.

The report notes that an Iranian cyber unit within the Ministry of Intelligence and Security (MOIS) has emerged as a key facilitator for the nation’s hackers, offering persistent access to critical systems in the Middle East, particularly in telecommunications and government sectors.

Mandiant adds that these groups allegedly provided initial access for cyberattacks, including operations in late 2023 against Israel using BABYWIPER malware and in 2022 against Albania with ROADSWEEP. While Mandiant couldn’t verify UNC1860’s direct involvement, they identified software designed to support such handoff operations.

UNC1860’s toolkit includes a variety of utilities that enable initial access and lateral movement within networks. These tools are engineered to bypass security software and provide covert access, which could be used for espionage or network attacks.

Mandiant describes UNC1860 as a highly capable threat actor that likely supports a range of goals, from spying to direct network assaults. The firm also reported UNC1860’s collaboration with other MOIS-associated groups like APT34, known for breaching government systems in countries like Jordan, Israel, and Saudi Arabia. A recent APT34 operation was uncovered targeting Iraqi officials.