Australia’s government cybersecurity agency has pointed fingers at a China-backed hacker group, APT40, for pilfering passwords and usernames from two undisclosed Australian networks back in 2022. The Australian Cyber Security Centre, in collaboration with leading cybersecurity agencies from the US, Britain, Canada, New Zealand, Japan, South Korea, and Germany, released a joint report attributing these malicious cyber operations to China’s Ministry of State Security, the primary agency overseeing foreign intelligence. Despite these claims, China’s embassy in Australia refrained from immediate comments on the matter, dismissing the hacking allegations as ‘political manoeuvring’.
The accusations against APT40 come in the wake of previous allegations by US and British officials in March, implicating Beijing in a large-scale cyberespionage campaign that targeted a wide range of individuals and entities, including lawmakers, academics, journalists, and defence contractors. Moreover, New Zealand also reported on APT40’s targeting of its parliamentary services and parliamentary counsel office in 2021, which resulted in unauthorised access to critical information.
In response to these cyber threats, Defence Minister Richard Marles emphasised the commitment of the Australian government to safeguard its organisations and citizens in the cyber sphere. The attribution of cyber attacks marks a significant step for Australia, signalling its proactive stance in addressing cybersecurity challenges. The timing of this report is noteworthy as Australia and China are in the process of repairing strained relations following tensions that peaked in 2020 over the origins of COVID-19, leading to retaliatory tariffs imposed by Beijing on Australian exports, most of which have now been lifted.
The identification of APT40’s cyber activities stresses the persistent threat posed by state-sponsored hacker groups and the critical importance of robust cybersecurity measures to protect sensitive information and national security. The incident serves as a reminder of the importance of joint attribution networks and international cooperation in combating cyber threats.
Russian disinformation campaigns are targeting social media to destabilise France’s political scene during its legislative campaign, according to a study by the French National Centre for Scientific Research (CNRS). The study highlights Kremlin strategies such as normalising far-right ideologies and weakening the ‘Republican front’ that opposes the far-right Rassemblement National (RN).
Researchers noted that Russia’s influence tactics, including astroturfing and meme wars, have been used previously during the 2016 US presidential elections and the 2022 French presidential elections to support RN figurehead Marine Le Pen. The Kremlin’s current efforts aim to exploit ongoing global conflicts, such as the Israeli-Palestinian conflict, to influence French political dynamics.
Despite these findings, the actual impact of these disinformation campaigns remains uncertain. Some experts argue that while such interference may sway voter behaviour or amplify tensions, the overall effect is limited. The CNRS study focused on activity on X (formerly Twitter) and acknowledged that further research is needed to understand the broader implications of these digital disruptions.
The first half of 2024 saw a significant surge in cryptocurrency thefts, with over $1.38 billion stolen by 24 June, compared to $657 million during the same period in 2023, according to blockchain researchers TRM Labs. The increase in stolen crypto, driven by a few large-scale attacks and rising crypto prices, highlights the growing motivation among cybercriminals. Ari Redbord, global head of policy at TRM Labs, noted that while the security of the crypto ecosystem hasn’t fundamentally changed, the higher value of various tokens has made crypto services more attractive targets.
One of the year’s largest thefts involved $308 million worth of bitcoin stolen from Japanese exchange DMM Bitcoin. Large-scale losses remain relatively rare, although cryptocurrency companies face hacks and cyberattacks frequently. The theft increase comes as crypto prices rebound from the lows following the 2022 collapse of FTX, with bitcoin reaching an all-time high of $73,803.25 in March.
The UN’s International Telecommunication Union (ITU) condemned Russia for allegedly interfering with the satellite systems of several European countries, including Ukraine, France, Sweden, the Netherlands, and Luxembourg. These incidents, reported over recent months, have disrupted GPS signals and jeopardised air traffic control.
ITU’s review indicated that the interference originated from earth stations near Moscow, Kaliningrad, and Pavlovka. The organisation called the interference ‘extremely worrisome and unacceptable’ and urged Russia to cease these actions immediately and investigate the incidents. It also proposed a meeting between the affected countries and Russia to resolve the issue.
Swedish authorities blamed Russia for harmful interference shortly after Sweden joined NATO, while France reported significant disruptions to its Eutelsat satellites. Additionally, Lithuania and Estonia raised alarms about navigation signal interference impacting flights. Earlier in the year, a jet carrying UK Defence Secretary Grant Shapps experienced GPS jamming over Kaliningrad.
Russia denied any wrongdoing and complained about alleged interference by NATO countries, which ITU did not address. Russia’s presidential press secretary, Dmitry Peskov, expressed unawareness of the UN agency attributing interference to Russia and questioned the UN’s authority to discuss the matter.
The Japanese Defence Ministry has unveiled its inaugural policy to promote AI use, aiming to adapt to technological advancements in defence operations. Focusing on seven key areas, including detection and identification of military targets, command and control, and logistic support, the policy aims to streamline the ministry’s work and respond to changes in technology-driven defence operations.
The new policy highlights that AI can enhance combat operation speed, reduce human error, and improve efficiency through automation. AI is also expected to aid in information gathering and analysis, unmanned defence assets, cybersecurity, and work efficiency. However, the policy acknowledges the limitations of AI, particularly in unprecedented situations, and concerns regarding its credibility and potential misuse.
The Defence Ministry plans to secure human resources with cyber expertise to address these issues, starting a specialised recruitment category in fiscal 2025. Defence Minister Minoru Kihara emphasised the importance of adapting to new forms of battle using AI and cyber technologies and stressed the need for cooperation with the private sector and international agencies.
Recognising the risks associated with AI use, Kihara highlighted the importance of accurately identifying and addressing these shortcomings. He stated that Japan’s ability to adapt to new forms of battle with AI and cyber technologies is a significant challenge in building up its defence capabilities. The ministry aims to deepen cooperation with the private sector and relevant foreign agencies by proactively sharing its views and strategies.
A report by Howden has stated that cyber insurance premiums are on a downward trend worldwide despite the rise in ransomware attacks as businesses are upping their capacity to mitigate losses from cybercrime. The surge in insurance premiums first arose during 2021 and 2022 because of COVID-19 pandemic and an increase in cyber incidents but has since declined in the following years. The cyber insurance market witnessed significant price reductions in 2023/24, attributed to advancements such as multifactor authentication that significantly enhanced data protection, decreasing insurance claims.
Sarah Neild, the head of UK cyber retail at Howden, highlighted the fundamental role of multifactor authentication in securing data, comparing it to a basic security measure akin to locking the door when leaving the house. Neild stressed the multifaceted nature of cybersecurity, underscoring the importance of increased investments in IT security, including employee training.
Following Russia’s invasion of Ukraine in February 2022, global ransomware attacks saw a decline as hackers from these regions shifted their focus to military activities. However, recorded ransomware incidents surged by 18% in the first five months of 2024 compared to the previous year—ransomware functions by encrypting data where hackers typically offer victims a decryption key in exchange for cryptocurrency payments. While business interruption remains the primary cost after a cyberattack, businesses can mitigate these expenses by instituting improved backup systems such as cloud backup systems.
Although most of the cyber insurance business is concentrated in the United States, the report anticipates that the fastest-growing market will be Europe in the coming years due to lower current penetration levels. Finally, the report finds that smaller firms exhibit lower rates of cyber insurance adoption, which can partly be attributed to a need for more awareness regarding cyber risks.
A suspected Chinese state-linked hacking group is increasingly targeting Taiwanese entities, particularly those within government, education, technology, and diplomacy sectors, as reported by cybersecurity intelligence firm Recorded Future. In recent times, the relationship between China and Taiwan has faced escalating tensions. The cyber assaults attributed to the group dubbed RedJuliett occurred between November 2023 and April 2024, coinciding with Taiwan’s presidential elections in January and the subsequent change in leadership.
While RedJuliett has previously targeted Taiwanese organisations, the recent wave of attacks marked a significant escalation in scope. The hacking attempts by RedJuliett targeted over 70 Taiwanese entities, including universities, an optoelectronics firm, and a facial recognition company with government contracts. While the success of these infiltration attempts remains unclear, Recorded Future only confirmed the observed efforts to identify network vulnerabilities.
Recorded Future revealed that RedJuliett exploited a vulnerability in the SoftEther enterprise virtual private network (VPN) software to breach the servers of these organisations. The open-source VPN facilitates remote connections to an organisation’s networks. The modus operandi of RedJuliett aligns with tactics commonly associated with Chinese state-sponsored groups, as per Recorded Future’s analysis. The geolocations of IP addresses suggest that RedJuliett likely operates from Fuzhou, a city in China’s Fujian province facing Taiwan’s coast.
The report speculated that Chinese intelligence services in Fuzhou are likely engaged in intelligence gathering against Taiwanese targets to support Beijing’s policymaking on cross-strait relations through RedJuliett’s activities. While Taiwan’s Ministry of Foreign Affairs refrained from immediate comments, a spokesperson from the Chinese Foreign Ministry dismissed the allegations, citing a lack of credibility in Recorded Future’s claims.
Why does it matter?
China’s increased military exercises around Taiwan and diplomatic pressures have exacerbated tensions, particularly following the election of Taiwan’s President Lai Ching-te, labeled a ‘separatist’ by China. Amidst escalating cyberespionage activities globally, Recorded Future anticipates continued targeting of Taiwanese government agencies, universities, and critical technology firms by Chinese state-sponsored groups. The firm recommends organisations prioritise patching vulnerabilities promptly to enhance their cybersecurity.
President of Indonesia Joko Widodo has ordered an audit of government data centres following a significant ransomware cyberattack that exposed the country’s vulnerability to such incidents.
The attack, which disrupted multiple government services, including immigration and airport operations, affected over 230 public agencies. Despite an $8 million ransom demand, the government of Indonesia has refused to pay to retrieve the encrypted data.
In response, state auditor Muhammad Yusuf Ateh announced that the audit would examine both the governance and financial aspects of the data centres. The head of Indonesia’s cybersecurity agency, Hinsa Siburian, revealed that 98% of the compromised data had not been backed up, highlighting a major governance issue.
Communications Minister Budi Arie Setiadi acknowledged that while backup capacity was available, budget constraints had prevented its use, which will now be made mandatory.
The cyberattack has led to widespread criticism of Minister Setiadi, with digital advocacy group SAFEnet calling for his resignation due to repeated cyberattacks.
Setiadi countered with a petition to stay on as minister and informed parliament that a ‘non-state actor’ seeking money was likely behind the attack. The government aims to fully restore services by August, using backup data centres and improved cybersecurity measures.
Why does it matter?
The IATSE’s tentative agreement represents a significant step forward in securing fair wages and job protections for Hollywood’s behind-the-scenes workers, ensuring that the rapid technological advancements do not come at the expense of human employment.
German software company TeamViewer announced on Friday that it was the target of a cyberattack earlier this week. The company accused the hacker group APT29 from Russia, known as ‘Cozy Bear’ or Midnight Blizzard, of being behind the breach. Western intelligence agencies allege that APT29 operates on behalf of Russia’s foreign spy agency.
The attack occurred on Wednesday, with the hackers gaining access to TeamViewer’s corporate IT environment. However, the company confirmed that neither its product environment nor customer data were compromised. The news follow a similar incident in March, where Alphabet’s Mandiant cyber unit caught the same group attempting to trick key German political figures with a phishing email.
The cyberattack has had immediate financial repercussions for TeamViewer. As of 1152 GMT, shares in the company had dropped by 10%, marking their worst trading day since November 2023. The incident underscores the persistent threat of cyberespionage faced by companies worldwide.
Russian hackers breached Microsoft systems earlier this year, stealing emails from Microsoft staff and its customers, according to the tech giant. The disclosure highlights the extensive scope of the breach, adding to the regulatory scrutiny Microsoft faces over the security of its software and systems. The hackers, identified as the Midnight Blizzard threat actor, targeted cybersecurity researchers investigating Russian hacking activities.
Microsoft has been notifying affected customers, although the company has not disclosed the number of customers or emails impacted. Initially revealed in January as affecting a small percentage of corporate email accounts, the breach continued to pose threats for months, raising concerns among the security industry and prompting a Congressional hearing. In response, Microsoft President Brad Smith stated the company is working on overhauling its security practices.
