The US Senate Judiciary subcommittee will convene a hearing on Tuesday to investigate recent Chinese cyberattacks targeting American telecommunications companies. The hearing, led by Senator Richard Blumenthal, will delve into the national security threats posed by these breaches and their impact on the US economy.
Authorities allege that China-linked hackers accessed surveillance data from telecom networks, intercepting sensitive communications tied to government and political figures. This breach has heightened concerns over the security of critical infrastructure, especially as bipartisan lawmakers scrutinise the role of major providers like AT&T and Verizon.
The session will also include discussions on Elon Musk’s business ties with China amid his growing involvement in US government affairs. Witnesses, including cybersecurity and industry experts, are expected to shed light on the scale and potential consequences of these incidents. Beijing, however, has denied any involvement in cyber espionage activities.
Russian security experts have uncovered a new deepfake scam exploiting the image of Donald Trump, targeting English-speaking audiences. FACCT, a Moscow-based cybercrime prevention firm, reported that scammers are using a bot to create deepfake videos of prominent figures like Trump, Elon Musk, and Tucker Carlson. These videos are being shared on platforms such as TikTok and YouTube to promote fraudulent crypto exchanges.
The bot allows users to generate customised videos with text up to 400 characters long, which fraudsters use to advertise fake trading platforms. FACCT identified three primary scams: fake exchanges where victims’ tokens are stolen, malware links that compromise crypto wallets, and bogus tokens that can’t be sold.
This warning follows a rise in crypto-related scams in Russia, including digital ruble frauds. Authorities are urging vigilance as the Russian Central Bank prepares to launch its central bank digital currency nationwide next year.
Japan, the United States, and South Korea concluded a three-day joint military exercise, Freedom Edge, showcasing their commitment to strengthening multi-domain defence cooperation amidst escalating tensions in East Asia. Select training sessions were open to media in the second iteration of Freedom Edge. The drills spanned maritime, aerial, and cyber domains, and operations were conducted in strategic areas, including the East China Sea near South Korea’s Jeju Island.
Designed to counter various threats — from ballistic missiles and cyberattacks to fighter jets and submarines — the drills emphasised seamless coordination among the three nations’ forces. By refining joint response procedures, the exercise bolstered deterrence and preparedness for complex regional challenges.
President Joe Biden and China’s President Xi Jinping held a two-hour meeting on the sidelines of the APEC summit on Saturday. Both leaders reached a significant agreement to prevent AI from controlling nuclear weapons systems and made progress on securing the release of two US citizens wrongfully detained in China. Biden also pressured Xi to reduce North Korea’s support for Russia in the ongoing Ukraine conflict.
The breakthrough in nuclear safety, particularly the commitment to maintain human control over nuclear decisions, was reported as an achievement for Biden’s foreign policy. Xi, in contrast, called for greater dialogue and cooperation with the US and cautioned against efforts to contain China. His remarks also acknowledged rising geopolitical challenges, hinting at the difficulties that may arise under a Trump presidency. The meeting showcased a shift in tone from their previous encounter in 2023, reflecting a more constructive dialogue despite underlying tensions.
Reuters reported that it remains uncertain whether the statement will result in additional talks or concrete actions on the issue. The US has long held the position that AI should assist and enhance military capabilities, but not replace human decision-making in high-stakes areas such as nuclear weapons control. Last year, the Biden-Harris administration announced the Political declaration on responsible military use of AI and autonomy, and more than 20 countries endorsed the declaration. The declaration specifically underlines that “military use of AI capabilities needs to be accountable, including through such use during military operations within a responsible human chain of command and control”.
The National Cyber Security Centre (NCSC) and its international partners have issued an urgent advisory highlighting the growing trend of threat actors exploiting zero-day vulnerabilities, emphasising the importance of proactive security measures.
This joint advisory has been published by NCSC (UK), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), US National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), and CERT NZ.
The UK NCSC, in collaboration with cybersecurity agencies from the United States, Australia, Canada, New Zealand, and others, identified the top 15 most commonly exploited vulnerabilities of 2023. A majority of these vulnerabilities were initially targeted as zero-days—newly discovered flaws without immediate patches, allowing cybercriminals to strike high-priority targets before fixes were available.
The advisory highlights a notable shift compared to 2022, when fewer than half of the top vulnerabilities were exploited as zero-days. The rise in zero-day attacks has continued into 2024, underlining the evolving tactics of cyber adversaries.
The advisory urges organisations to stay vigilant in their vulnerability management practices, prioritising the timely application of security updates and ensuring that all assets are identified and protected. It also calls on technology vendors and developers to adopt secure-by-design principles to minimise product vulnerabilities from the outset.
The Irish media regulator, Coimisiún na Meán, has mandated that online platforms TikTok, X, and Meta must take decisive steps to prevent the spread of terrorist content on their services, giving them three months to report on their progress.
This action follows notifications from EU authorities under the Terrorist Content Online Regulation. If the platforms fail to comply, the regulator can impose fines of up to four percent of their global revenue.
This decision aligns with Ireland’s broader enforcement of digital laws, including the Digital Services Act (DSA) and a new online safety code. The DSA has already prompted investigations, such as the European Commission’s probe into X last December, and Ireland’s new safety code will impose binding content moderation rules for video-sharing platforms with European headquarters in Ireland. These initiatives aim to curb the spread of harmful and illegal content on major social media platforms.
Hackers with alleged links to China have stolen sensitive data from US telecommunications firms, targeting information intended for law enforcement agencies. US officials announced the breach on Wednesday, revealing that multiple telecom networks had been compromised. The hackers reportedly accessed call records and communications of individuals in government and political roles, according to a joint statement from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
Among the data stolen was information connected to court-ordered surveillance requests made by US law enforcement. The agencies provided limited details about the breach and have yet to disclose the number of companies affected. CISA and the FBI declined to comment further, with additional insights expected as investigations continue.
The incident aligns with earlier reports in the Wall Street Journal, which suggested that Chinese hackers may have infiltrated systems intended for law enforcement to monitor communications. Such claims have led to growing concerns about the security of US telecom infrastructure, particularly given reports of targeted attacks on the phones of high-profile political figures.
The Department of Homeland Security’s Cyber Safety Review Board will investigate the breach, part of an effort to evaluate significant digital security threats. China’s embassy in Washington declined to comment on the latest hacking allegations, which it has previously dismissed as unfounded.
Germany is strengthening its cyber defences as elections approach, with Interior Minister Nancy Faeser highlighting the need for robust protections against cyber-attacks and disinformation. Faeser warned of potential threats from Russia and other foreign actors, stressing that democracy must also be safeguarded in the digital realm.
The annual report from the Federal Office for Information Security pointed to Germany’s vulnerability to hybrid threats, which include hacking, manipulation, and disinformation. Faeser confirmed plans to bolster cybersecurity, aiming to counteract any attempts at digital interference that could destabilise the election process.
Germany’s snap elections are set for early next year, following the collapse of Chancellor Olaf Scholz’s coalition government amid economic concerns and rising populism. While recent elections saw no major cybersecurity incidents, authorities continue to monitor for risks.
With the political landscape in flux, security agencies remain vigilant. Enhanced measures are in place to detect and address cyber threats as the nation prepares for a potentially turbulent electoral period.
South Korea has reported a rise in cyberattacks by pro-Russia hacking groups following North Korea’s recent deployment of troops to Russia in support of its war against Ukraine. Seoul’s presidential office held an emergency meeting after detecting denial-of-service attacks on government and private websites, leading to temporary outages but no significant damage. Officials have pledged to strengthen cybersecurity defences in response to the attacks.
The South Korean government noted that pro-Russian hacktivist attacks have grown more frequent since North Korea sent troops to Russia. Reports indicate that over 10,000 North Korean soldiers are now stationed in Russia, with some reportedly engaged in combat near Ukraine.
The new military partnership between Pyongyang and Moscow has drawn condemnation from South Korea, the US, and Western allies, with Ukrainian President Volodymyr Zelensky warning that these developments mark a new era of global instability.
A Chinese state-sponsored hacking group, Volt Typhoon, reportedly breached Singapore Telecommunications (SingTel) in June as part of a broader cyber campaign targeting telecom companies and critical infrastructure globally.
SingTel confirmed that malware was detected during the breach but assured there was no data exfiltrated or service disruption. The company took immediate action, reporting the incident to authorities, though it could not confirm if the breach was the same event mentioned in media reports.
Chinese officials have denied involvement in the attack, with a spokesperson asserting that China opposes all forms of cyberattacks. Volt Typhoon, previously linked to cyberattacks on critical US infrastructure, is believed to have used this incident as a test for potential future attacks on US telecom firms. The breach highlights the growing concerns over Chinese cyber activities targeting global critical infrastructure.
