The National Security Agency (NSA), in conjunction with the Federal Bureau of Investigation (FBI), United States Cyber Command’s Cyber National Mission Force (CNMF), and international allies, has issued a critical cybersecurity advisory. Titled ‘People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations,’ the advisory reveals the extensive activities of cyber actors affiliated with the People’s Republic of China (PRC).
These actors have breached internet-connected devices worldwide, establishing a massive botnet. To address this threat, the NSA has outlined several key mitigations aimed at helping device vendors, owners, and operators secure their devices and networks. These recommendations include regularly applying patches and updates, turning off unused services and ports, replacing default passwords with strong alternatives, and implementing network segmentation to reduce IoT device risks.
Furthermore, the advisory suggests monitoring network traffic for signs of DDoS attacks, planning device reboots to eliminate non-persistent malware, and upgrading outdated equipment with supported models. Moreover, NSA Cybersecurity Director Dave Luber has emphasised the importance of the advisory, noting that it provides crucial and timely insights into the botnet’s infrastructure, the geographical distribution of the compromised devices, and effective mitigation strategies.
According to the advisory, the botnet encompasses thousands of devices across various sectors, with over 260,000 devices compromised in North America, Europe, Africa, and Southeast Asia as of June 2024. Consequently, this extensive network of affected devices highlights the urgent need for enhanced security measures to protect against such pervasive cyber threats.
Microsoft researchers have uncovered a Russian disinformation operation that falsely accused United States Democratic presidential candidate Kamala Harris of leaving a 13-year-old girl paralysed in a hit-and-run incident in 2011. The operation, led by a Kremlin-linked group called Storm-1516, used actors and fabricated news outlets, including a fake site called ‘KBSF-TV’, to spread the baseless claim. The hoax was widely shared on social media, gaining millions of views.
The disinformation effort is part of a broader Russian campaign to interfere with the upcoming US presidential election. After initial difficulties shifting focus following President Biden’s withdrawal from the 2024 race, Russian actors have targeted Harris and her running mate, Tim Walz, with fabricated conspiracy theories. The false claim against Harris was amplified on social media by pro-Russian figures, including Aussie Cossack, who encouraged MAGA supporters to spread the misinformation.
Microsoft‘s investigation highlights how Storm-1516 produces misleading videos featuring actors impersonating journalists or whistleblowers. The hit-and-run story gained traction online, particularly on X.com, where it was shared by key figures within the pro-Russian ecosystem. The US Justice Department has also recently charged two Russian state media employees with money laundering, linked to efforts to influence the election.
US officials believe Russia’s goal is to deepen political divisions within the country and undermine public support for military aid to Ukraine. Kamala Harris has stated her intention to continue supporting Ukraine’s defence against Russia‘s invasion if elected.
BlackDice and Bin Omran Trading and Telecommunication have launched a strategic partnership to enhance Qatar’s cybersecurity infrastructure significantly. Combining their expertise will deliver state-of-the-art cybersecurity solutions, with BlackDice leveraging its AI-powered security and data intelligence to safeguard critical infrastructure and sensitive information.
Additionally, their collaboration will focus on strengthening the cybersecurity capabilities of major telecom operators in the region, thereby boosting network resilience and protecting extensive personal and financial data. Consequently, this comprehensive approach supports DA2030’s goal of creating a secure and resilient digital environment essential for Qatar’s economic diversification and social development.
By addressing the evolving needs of the digital landscape in Qatar, BlackDice and Bin Omran Trading and Telecommunication contribute to the nation’s ambition of becoming a global leader in technology and connectivity and ensuring robust protection against emerging cyber threats.
The US Federal Bureau of Investigation has disrupted another major Chinese hacking group, dubbed ‘Flax Typhoon,’ which had compromised thousands of devices globally. The FBI and officials from several allied countries accused a Chinese company, the Integrity Technology Group, of running the operation under the guise of an IT firm. FBI Director Christopher Wray revealed that the group was gathering intelligence and conducting surveillance for Chinese security agencies, targeting critical infrastructure as well as corporations, media organisations, and universities.
Cybersecurity officials from the UK, Canada, Australia, and New Zealand also joined the US in condemning the hacking group, noting that over 250,000 devices had been compromised as of June. The operation involved hijacking devices through a botnet—a network of infected cameras and storage devices—and was reportedly part of China’s broader cyber-sabotage efforts. Flax Typhoon’s activities mirrored those of another China-backed group, Volt Typhoon, which has been scrutinised for targeting US infrastructure.
The Chinese Embassy in Washington denied the accusations, claiming that the US had made baseless allegations. Despite China’s dismissal, the FBI remains firm, with Wray emphasising that this takedown is only one part of a longer struggle to counter Chinese cyberattacks. The operation faced some retaliation from the hackers, who launched a cyberattack in response but eventually retreated, leaving the FBI in control of the botnet’s infrastructure.
The American Cybersecurity and Infrastructure Security Agency (CISA) has introduced the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan, a key initiative designed to enhance federal cybersecurity across over 100 FCEB agencies. That plan establishes a framework for coordinated support and services, aiming to reduce cyber risks through a unified defence strategy.
The FOCAL Plan prioritises five key areas to advance operational cybersecurity: Asset Management, which focuses on understanding and managing the cyber environment and interconnected assets; Vulnerability Management, aimed at proactively protecting against threats and assessing defensive capabilities; Defensible Architecture, which emphasises building resilient infrastructure; Cyber Supply Chain Risk Management (C-SCRM), to identify and mitigate risks from third parties; and Incident Detection and Response, designed to enhance Security Operations Centers (SOCs) in managing and limiting the impact of security incidents.
The US Cybersecurity and Infrastructure Security Agency (CISA) also notes that while the FOCAL Plan is tailored for federal agencies, it provides valuable insights for public and private sector organisations. It is a practical guide for developing effective cybersecurity strategies and improving coordination across enterprise security capabilities. Rather than offering an exhaustive checklist, the FOCAL Plan prioritises key actions that will drive significant advancements in cybersecurity and alignment goals within the federal sector.
Meta, the parent company of Facebook, has banned several Russian state media outlets, including RT (Russia Today) and Rossiya Segodnya, from its platforms due to their involvement in covert online influence operations. The censorship decision significantly escalates Meta’s actions against Russian media, as it previously restricted their activities by limiting ad access and post visibility. Meta explained that after reviewing ongoing foreign interference by these outlets, it expanded its enforcement to ban them from all its apps, which include Instagram, WhatsApp, and Threads. The company expects the ban to take full effect in the coming days.
The decision follows recent charges by US authorities against two RT employees accused of money laundering in connection with efforts to influence the 2024 US elections. US Secretary of State Antony Blinken has urged countries to treat RT’s activities as covert intelligence operations rather than legitimate journalism. Despite these developments, RT has criticised the US government’s actions, accusing them of stifling the media outlet’s ability to function as a journalistic organisation.
Meta also shared that Russian state media outlets have attempted to conceal their online activities before, and it anticipates further attempts to evade the newly imposed restrictions. The Russian embassy and the White House have yet to comment on Meta’s decision.
Cyberattacks targeting US utilities surged nearly 70% this year, according to data from Check Point Research. The energy sector is particularly vulnerable, with outdated software systems making utilities easier targets. Despite the spike in incidents, none of the attacks have yet caused severe damage, but experts warn that a coordinated effort could be disastrous, affecting essential services and resulting in major financial losses.
Check Point data showed an average of 1,162 cyberattacks through August, compared to 689 in 2023. These figures highlight the increasing risks as the US power grid rapidly expands to meet higher energy demand, particularly from new sectors such as AI data centres. Experts say the grid’s rapid growth creates more potential entry points for attackers.
Outdated Internet of Things (IoT) and Incident Command Systems (ICS) used by many utilities are not as secure as other industries’ advanced software, putting critical infrastructure at heightened risk. Regulations like NERC’s Critical Infrastructure Protection provide only a basic level of security, which some experts argue is insufficient given the growing threats.
The financial impact of cyber breaches in the energy sector has been significant. In 2022, IBM reported the average cost of a data breach in the sector reached $4.72 million. With the 2024 US election approaching, cybersecurity experts expect an even greater surge in cyberattacks on essential infrastructure.
Around 60 nations, including the United States, endorsed a ‘blueprint for action’ on Tuesday to regulate the responsible use of AI in military settings. The blueprint was unveiled at the second Responsible AI in the Military Domain (REAIM) summit in Seoul. However, China was among the countries that declined to support the legally non-binding document.
The blueprint builds on discussions from last year’s summit in Amsterdam and outlines concrete steps, such as risk assessments and ensuring human involvement in decisions related to AI in military operations, including nuclear weapons. It also emphasises preventing AI from being used in weapons of mass destruction (WMD) by non-state actors, such as terrorist groups.
The summit, co-hosted by the Netherlands, Singapore, Kenya, and the United Kingdom, aims to foster global cooperation without being led by a single entity. Despite this, China and approximately 30 other countries refrained from endorsing the document, highlighting differing views among participants on AI’s military use.
As the international community moves forward, discussions on AI in military contexts are expected to continue at the United Nations General Assembly in October. Experts stress that while the blueprint is a step forward, progress must be made carefully to avoid alienating countries from engaging in future talks.
Russia is ramping up its efforts to control the internet by allocating nearly 60 billion roubles ($660 million) over the next five years to upgrade its web censorship system, known as TSPU. The system, developed by state regulator Roskomnadzor, is designed to filter and block content deemed harmful or illegal by the government. The funding, part of a broader ‘Cybersecurity Infrastructure’ project, will acquire new software and hardware and expand the system’s capabilities.
The initiative is seen as part of Moscow’s broader crackdown on online freedoms, which has intensified since Russia‘s invasion of Ukraine in 2022. The government has been targeting independent media and social media platforms, blocking websites, and cracking down on using Virtual Private Networks (VPNs), which many Russians use to bypass government restrictions. Roskomnadzor has been increasingly influential in blocking access to these tools, with officials planning to enhance the system’s efficiency further.
The TSPU system was introduced under a 2019 law that requires internet service providers to install government-controlled equipment to monitor and manage web traffic. As of late 2022, over 6,000 TSPU devices had been deployed across Russian networks. The new funding will modernise this infrastructure and improve the system’s ability to detect and block VPN services, making it harder for Russians to access uncensored content.
Why does this matter?
While the Kremlin continues to position these measures as necessary for national security, critics see them as a blatant attack on free speech. Digital rights activists, including those from Roskomsvoboda, warn that while new investments in censorship technology will tighten government control, it is unlikely to eliminate access to independent information. Developers of VPNs and other circumvention tools remain determined, stating that innovation and motivation are essential in the ongoing struggle between censorship and free access.
Russia’s battle with VPNs and independent media is part of a broader campaign against what it calls Western information warfare. Despite the government’s efforts to clamp down, demand for alternative ways to access the internet remains high. Developers are working on more resilient tools, even as the state pours resources into strengthening its censorship apparatus. This tug-of-war between government control and free access to information seems set to continue, with both sides ramping up their efforts.
The cyber threat actor known as Konni, previously linked to the North Korean state-sponsored group Kimsuky, has been increasing its cyberespionage operations against targets in South Korea and Russia, according to a recent report by the South Korean cybersecurity firm Genians.
The report highlights that Konni employs consistent tactics, techniques, and procedures in its attacks on Moscow and Seoul, with cyberespionage as the primary objective. Since at least 2021, Konni has targeted entities such as the Russian Ministry of Foreign Affairs, the Russian Embassy in Indonesia, and various South Korean organisations, including a tax law firm.
One notable incident occurred in January 2022, when Konni targeted Russian embassy diplomats with phishing emails disguised as New Year greetings, aiming to deliver malware. According to Genians, Konni’s malicious activities have been ongoing since 2014. In Russian and South Korean attacks, Konni uses similar methods to connect infected devices to hacker-controlled command servers (C2). Malicious modules are deployed through executable files, and the connection to the C2 server is established via internal commands.
Genians researchers emphasised that while Konni’s attack patterns have remained consistent over the years, the group has been incorporating new, anomalous tactics to enhance the success of their operations. They also noted that understanding the similarities in the group’s attacks across different regions could help security professionals better defend against and attribute these threats.
