Cyberconflict and warfare Archives | Page 27 of 38

Internet Archive hit by major cyberattack

The Internet Archive, a prominent online repository of web pages, faced significant disruptions on Thursday after a major cyberattack that exposed user data. Brewster Kahle, the organisation’s founder, reported a series of distributed denial-of-service (DDoS) attacks that began earlier in the week, leading to the defacement of its website and the breach of usernames, emails, and passwords for millions of users. Although the data has not been corrupted, the attack has raised concerns about cybersecurity vulnerabilities, especially with the upcoming US presidential election on November 5.

The hackers, a group claiming to be pro-Palestinian called ‘SN_BLACKMETA,’ targeted the Internet Archive, accusing it of being connected to US government support for Israel. They reportedly posted a defacing message on the site, which informed users that 31 million accounts had been breached. The site ‘Have I Been Pwned’ later confirmed the stolen records, adding credibility to the hackers’ claims.

Brewster Kahle, founder of the Internet Archive, announced that the organisation is actively working to restore services and strengthen security measures following a major cyberattack. Established in 1996, the nonprofit is renowned for its Wayback Machine, which archives web pages and serves as a critical resource for researchers and journalists. This incident underscores the increasing risks of cyberattacks, particularly for organisations dedicated to preserving information and fostering an open internet.

Cybercriminals use AI to target elections, says OpenAI

OpenAI reports cybercriminals are increasingly using its AI models to generate fake content aimed at influencing elections. The startup has neutralised over 20 attempts this year, including accounts producing articles on the US elections. Several accounts from Rwanda were banned in July for similar activities related to elections in that country.

The company confirmed that none of these attempts succeeded in generating viral engagement or reaching sustainable audiences. However, the use of AI in election interference remains a growing concern, especially as the US approaches its presidential elections. The US Department of Homeland Security also warns of foreign nations attempting to spread misinformation using AI tools.

As OpenAI strengthens its global position, the rise in election manipulation efforts underscores the critical need for heightened vigilance. The company recently completed a $6.6 billion funding round, further securing its status as one of the most valuable private firms.

ChatGPT continues to see rapid growth, boasting 250 million weekly active users since launching in November 2022, emphasising the platform’s widespread influence.

Ghana to launch new cybersecurity policy

Ghana has launched its revised National Cybersecurity Policy and Strategy (NCPS) to tackle the escalating cybersecurity threats arising from its rapid digital transformation. The comprehensive framework is designed to address current cyber risks and anticipate emerging ones, ensuring that Ghana’s digital infrastructure remains resilient and secure over the next five years.

The initiative was officially unveiled during the opening ceremony of the 2024 National Cybersecurity Awareness Month (NCSAM) in Accra, which, notably, saw significant participation from high-ranking officials, including the leadership of the Ghana Armed Forces and key stakeholders in cybersecurity. Moreover, the policy is anchored on five essential pillars – Legal Measures, Technical Measures, Organisational Measures, Capacity Building, and Cooperation.

Why does it matter?

The NCPS addresses the rapid digitalisation occurring across critical sectors such as finance, healthcare, education, and commerce at a pivotal moment for the nation. While these advancements offer substantial socioeconomic benefits, they also expose the nation to significant cyber risks that could jeopardise economic stability and public safety.

Therefore, by implementing the NCPS, Ghana aims to strengthen its defences against these threats, protect its digital achievements and ensure sustainable technological progress. Furthermore, Minister Ursula Owusu-Ekuful emphasised that the policy serves as a vital roadmap for addressing current and future cyber threats. In addition, that underscores the importance of enhancing public-private collaboration to bolster the country’s overall digital resilience.

Japan’s move toward active cyber defence: a strategic shift in national security

On 10 September, the Liberal Democratic Party (LDP) proposed a groundbreaking system of ‘active cyber defence’ (Nōdō-teki saibā bōgyo) for Japan. This initiative, presented to Prime Minister Fumio Kishida by former Defense Minister Itsunori Onodera, aims to bolster national cybersecurity by allowing the government to collect and analyse metadata from domestic telecom providers. The goal is to detect potential cyber threats early and take pre-emptive actions to prevent attacks.

Onodera, who chairs the LDP’s Security Research Commission, emphasised the critical importance of this system for Japan’s national security. The proposal acknowledges the need to limit data collection to comply with Japan’s constitutional protection of ‘secrecy of communications’ under Article 21.

The push for heightened cyber defences gained momentum in April 2022, when former US Director of National Intelligence Dennis C. Blair warned Tokyo that Japan’s cybersecurity measures lagged behind its allies, especially the US. Blair’s recommendations called for Japan to establish stronger cyber leadership, create institutions akin to the US National Security Agency (NSA) and Cyber Command, and enhance collaboration with the US Joint Cyber Defense Collaborative (JCDC).

The current LDP’s proposal is a key part of Japan’s broader national security overhaul, as reflected in the revised National Security Strategy (NSS), National Defense Strategy (NDS), and Defense Buildup Program (DBP), approved by the Japanese government in December 2022. The NSS acknowledges the growing cyber threats, particularly from China and Russia, and emphasises the need for active cyber defence, the procurement of counterattack capabilities, and investment in advanced technologies like AI and unmanned weapons systems.

In the cyber domain, the shift toward ‘active cyber defence’ marks a significant change. Japan plans to create a new organisation to oversee cybersecurity policies and coordinate efforts. The Ministry of Defense will increase its cyber personnel from 1,000 to 4,000 ‘cyber warriors’ and provide training to 16,000 JSDF members over the next five years.

To implement these changes, revisions to existing laws, such as the Telecommunications Law and Unauthorized Computer Access Prohibition Law, are expected. This will enable Japan to carry out administrative interception, bringing it in line with practices in other Western nations. With these measures, Japan aims to strengthen its cybersecurity posture and safeguard critical infrastructure from growing cyber threats.

Russian state media disrupted by cyberattack

VGTRK, Russia’s state media giant, has been hit by a large-scale cyberattack. The company, which operates key national TV and radio stations, confirmed its online services were disrupted, though broadcasting remains unaffected. Kremlin spokesman Dmitry Peskov described the attack as unprecedented, adding that specialists were investigating the source.

A Ukrainian government source claimed responsibility, stating that the attack coincided with President Vladimir Putin’s birthday. However, these assertions have not been independently verified. VGTRK’s website and online news channel were unavailable following the attack.

The disruption affected internal services, with reports of widespread damage. Some sources suggested hackers wiped critical data, including backups. VGTRK has yet to issue an official comment on the full extent of the breach or recovery efforts.

Maria Zakharova, Russia’s Foreign Ministry spokesperson, did not directly blame any group but linked the incident to a broader ‘hybrid war’ against media in Russia. Moscow plans to address the cyberattack at international forums like UNESCO.

Major US telecoms reportedly hit by Chinese cyberattack on wiretap systems

Chinese hackers reportedly accessed US broadband networks, compromising systems used for government-authorised wiretapping. The Wall Street Journal revealed that major telecom providers, including Verizon, AT&T, and Lumen Technologies, were affected by the breach.

Hackers are believed to have maintained access for months, enabling them to intercept internet traffic and sensitive communications data. US investigators, who labelled the hacking group ‘Salt Typhoon’, indicated that the breach was intelligence-focused.

China’s foreign ministry responded to the accusations, denying knowledge of the incident and condemning the US for what they called ‘a false narrative’. Beijing had previously denied involvement in similar cyber-espionage claims.

Lumen Technologies declined to comment, while Verizon and AT&T did not respond immediately. The breach follows the exposure of another Chinese hacking group earlier this year, as part of a broader campaign by US law enforcement.

US and Poland sign cybersecurity MOU to enhance global digital security and cooperation

The US Department of Homeland Security (DHS) and the Polish Ministry of Digital Affairs (MDA) have signed a Memorandum of Understanding (MOU) to bolster their collaboration in cybersecurity and emerging technology. This MOU strengthens the longstanding partnership between the United States and Poland, providing a structured framework for coordinated efforts in addressing global security challenges, including cyber threats and responsible technology development.

By focusing on key areas such as cyber policy, Secure by Design practices, information sharing, incident response, human capital development, and the safe deployment of AI and the Internet of Things (IoT), both nations demonstrate a shared commitment to transatlantic security. The timing of this MOU, which coincides with the Fourth Counter Ransomware Initiative Summit, reflects a united stance against the growing ransomware threat, as nearly 70 countries gathered to reinforce global resilience against cybercrime.

Various agencies will spearhead the implementation of the MOU as part of the agreement. In the United States, DHS entities like the Cybersecurity and Infrastructure Security Agency (CISA), the Office of Strategy, Policy, and Plans, and the Science and Technology Directorate will drive projects that enhance cybersecurity and support critical infrastructure. On the Polish side, the National Research Institute (NASK) will be instrumental in coordinating these efforts, positioning Poland for its upcoming EU Council presidency in 2025, where it aims to strengthen US-EU relations and prioritise European information security.

Why does it matter?

Together, these agencies will focus on collaborative initiatives that ensure safe technology practices, build critical skills, and enable a proactive response to digital threats, securing a stronger digital future for both nations.

Rising fears of foreign interference in US election

Concerns are rising ahead of the US presidential election, with the latest intelligence suggesting interference from foreign nations like Russia, Iran, and China. The annual threat assessment released by the Department of Homeland Security highlights the use of AI by these countries to spread misinformation and create fake websites.

Russian actors have focused on amplifying divisive narratives, particularly around immigration. Iran has adopted a more aggressive approach, posing as activists online to encourage protests related to the conflict in Gaza. China is also seen as a potential player in efforts to undermine confidence in US democratic institutions.

The upcoming election, expected to be highly contested between Kamala Harris and Donald Trump, presents further opportunities for foreign interference. Tensions within the US could be exacerbated by these external efforts, along with potential threats from domestic extremists.

Domestic violent extremism also remains a serious concern. The report warns of the risk posed by lone actors or small cells driven by grievances related to race, religion, or anti-government views. These groups may attempt violent actions to instill fear or disrupt the electoral process.

Britain targets Evil Corp in new cybercrime sanctions

Britain has imposed sanctions on 16 members of the Russian cyber-crime group Evil Corp, accusing the group of conducting cyber-attacks on NATO allies under orders from Russian intelligence. The National Crime Agency (NCA) said the move is part of a coordinated effort with the US and Australia to combat significant cyber threats. Evil Corp’s leader, Maksim Yakubets, has been linked to Russia’s intelligence agencies, and a $5 million bounty was placed on him by the US in 2019.

The Russian cyber-crime group Evil Corp has been linked to numerous illegal activities, including ransomware attacks through its affiliate, LockBit. Major organisations like Boeing and Britain’s Royal Mail have been among their targets. Evil Corp’s deep connections with Russian intelligence agencies, such as the Federal Security Service (FSB), Foreign Intelligence Service (SVR), and military intelligence (GRU), underscore the increasing worries about cybercrime with state sponsorship. These links point to the potential use of cyber-criminals for espionage and cyber-attacks against global entities.

Alongside asset freezes and travel bans on the designated individuals, British officials disclosed that Maksim Yakubets’ father-in-law, a former FSB official, contributed to protecting Evil Corp. Additionally, the US Department of Justice has indicted Yakubets’ associate, Aleksandr Ryzhenkov, for conducting ransomware attacks throughout Texas and beyond. This coordinated global action highlights an ongoing commitment to combating cybercrime and safeguarding international security.

UK GCHQ defends the importance of law for cyber operations

Senior officials from GCHQ, the UK’s cyber and signals intelligence agency, published a rare article defending the role of legal frameworks in guiding cyber operations. The article responds to recent criticism by an anonymous European intelligence official in Binding Hook, who argued that the West’s cyber capabilities are being constrained by overly stringent legal oversight. According to the article, these restrictions may be giving cyber actors from countries like China and Russia a strategic advantage, as they face fewer operational constraints. The article also points to recent public statements by former leaders of Germany’s foreign intelligence service, who have voiced concerns that excessive legal oversight is weakening national security efforts.

Although the GCHQ article does not reference specific cyber operations, it addresses a significant challenge faced by agencies focused on foreign intelligence. Under current laws, such agencies may be prohibited from collecting intelligence from systems owned by their own citizens, even if those systems are being exploited by foreign attackers.

GCHQ’s stance emphasises the need for a balanced approach, arguing that cyber operations can and should be conducted in a ‘responsible and democratic’ manner. The following article reflects the agency’s growing engagement with public and academic discussions on the evolving role of law in modern cybersecurity.