Meta reported finding likely AI-generated content used deceptively on Facebook and Instagram, praising Israel’s handling of the Gaza conflict in comments under posts from global news organisations and US lawmakers. This campaign, linked to the Tel Aviv-based political marketing firm STOIC, targeted audiences in the US and Canada by posing as various concerned citizens. STOIC has not commented on the allegations.
Meta’s quarterly security report marks the first disclosure of text-based generative AI technology used in influence operations since its emergence in late 2022. While AI-generated profile photos have been identified in past operations, the use of text-based AI raises concerns about more effective disinformation campaigns. Despite this, Meta’s security team successfully disrupted the Israeli campaign early and maintained confidence in their ability to detect such networks.
The report detailed six covert influence operations disrupted in the first quarter, including an Iran-based network focused on the Israel-Hamas conflict, which did not use generative AI. As Meta and other tech giants continue to address potential AI misuse, upcoming elections in the EU and the US will test their defences against AI-generated disinformation.
This potential measure follow broader US restrictions over export of AI chips and manufacturing tools to China. In the same context the US proposed a “know your customer” rule that would require national cloud companies to inform the government when their services are used by foreign entities to train AI models that could potentially be deployed for cyberattacks. The new area of restriction aims to cover AI models and their core software.
The Biden administration’s proposal involves establishing regulatory controls over the export of proprietary or closed source AI models , which are developed and kept confidential by companies like OpenAI and Google DeepMind. Currently, nothing is stopping US AI giants, which have developed some of the most powerful closed source AI models, from selling them to almost anyone in the world without government oversight.
The Commerce Department is reportedly discussing the use of a computing power threshold, which was outlined in a recent AI executive order, to determine which AI models would be subject to export controls. This move is part of a broader effort to maintain technological superiority and manage the risks associated with AI advancements. The proposed controls would primarily target new models that have not yet been released, as existing technologies have not reached the defined thresholds.
These considerations come in response to the rapid development and potential misuse of AI technologies that could be used to enhance cyber and biological warfare capabilities. Recent discussions highlighted by researchers from Gryphon Scientific and the Rand Corporation emphasize that advanced AI models could assist in the development of biological weapons. Additionally, the Department of Homeland Security’s 2024 threat assessment warns that cyber actors are likely to leverage AI to conduct more sophisticated cyberattacks. The U.S. aims to establish a regulatory framework that can keep pace with technological advancements while addressing the complex challenges of effectively implementing export controls. The Commerce Department has yet to finalize any rules, indicating that the discussions are ongoing and that feedback from industry stakeholders will be essential in shaping the final regulatory approach.
Following a major cyberattack last year that saw China-linked hackers infiltrate the US Department of State’s network, the agency has expanded its cybersecurity efforts beyond its reliance on Microsoft. This reinforcement of the defence strategy comes after the breach compromised around 60,000 State Department emails, including those of high-profile officials like Commerce Secretary Gina Raimondo. Criticism was directed at Microsoft, with the Cyber Safety Review Board questioning the company’s transparency regarding the incident.
Kelly Fletcher, the department’s chief information officer, highlighted concerns about the security of corporate networks, emphasising the importance of all vendors ensuring secure systems. The hacking group, identified by Microsoft as Storm-558, obtained access to a digital key, allowing them to breach government inboxes. Despite tensions, the embassy of China in Washington denied any involvement of Chinese government-linked hackers in the attack.
In response to the breach, the US State Department has diversified its vendor portfolio, incorporating companies like Palo Alto, Zscaler, and Cisco alongside Microsoft. While Microsoft managed to revoke the hackers’ access, Fletcher expressed concerns over the potential broader impact of the breach. The department has since bolstered its security measures, including multifactor authentication and data encryption, significantly increasing cybersecurity fundamentals across its systems.
Despite criticism, Microsoft remains a key player in the State Department’s cybersecurity framework. The agency thoroughly analysed its communications with Microsoft following a separate breach linked to Russian hackers, concluding that sensitive information was not compromised. With ongoing efforts to fortify its cybersecurity posture, the State Department aims to mitigate future threats and maintain the integrity of its digital infrastructure.
Ukraine has issued a warning about Russia’s escalating use of TikTok to challenge President Volodymyr Zelenskiy’s legitimacy and erode national morale amid Russia’s military actions. Russian influencers and bots are reportedly behind viral TikTok videos targeting 20 May, the date when Zelenskiy’s first term would have ended if not for election disruptions due to martial law. Andriy Kovalenko, a senior official focused on countering Russian misinformation, highlighted Russia’s systematic approach to TikTok, exploiting the platform to sway public opinion.
As Russia continues its military campaign against Ukraine, it has expanded its information warfare to platforms like TikTok alongside traditional battlegrounds. The use of TikTok to disseminate misinformation represents a strategic shift in Russia’s multifaceted approach to influencing public perception and leveraging its advantage in cyberspace. TikTok, owned by ByteDance, has responded by enhancing safety measures and removing harmful misinformation in Ukraine amid broader scrutiny over data security and misinformation concerns from the US and the EU.
In response to these challenges, Ukraine advocates for greater cooperation from social media companies like TikTok by urging them to establish full-scale offices in Kyiv to combat disinformation effectively. Kovalenko, who actively uses TikTok to counter false narratives, emphasised the need to adapt Ukraine’s approach to this influential platform. The call for action by Kovalenko comes as TikTok reports uncovering covert influence operations related to Ukraine conflict and removing millions of problematic videos during the last quarter.
Why does it matter?
Ukraine’s efforts to confront Russia’s information campaign on TikTok reflect broader concerns over the app’s influence and security. While governments like the US and the EU take measures to safeguard against potential threats posed by platforms like TikTok, the ongoing geopolitical dynamics and the use of social media as a battleground highlight the complex challenges digital technologies pose in the modern information landscape.
According to reports, a significant cyberattack targeted the UK Ministry of Defence, exposing the sensitive details of tens of thousands of armed forces personnel. The breach, believed to have occurred multiple times on a third-party payroll system, prompted the MoD to assess the extent of the hack over three days. While the Ministry has not confirmed any data theft, it reassured service members about their safety amid the incident.
The attack follows earlier attributions of cyberattacks to Chinese ‘state-affiliated actors’ in the UK between 2021 and 2022. In March, Deputy Prime Minister Oliver Dowden disclosed sanctions against individuals and a company linked to the Chinese state for alleged malicious cyber activities, including attacks on the Electoral Commission. These actions underscore a growing concern over cyber threats originating from China.
While Chinese President Xi Jinping embarked on a European tour, the cyberattack allegations persisted, with French lawmakers targeted by similar incidents urging an official investigation. Despite mounting accusations, French authorities refrained from directly attributing the attacks to China, contrasting with formal accusations made by the US, UK, and New Zealand. As President Xi continues his diplomatic engagements in Europe, with planned visits to Serbia and Hungary, the cybersecurity landscape remains a pressing issue, with nations navigating the complexities of state-sponsored cyber activities.
South Korean police disclosed that major North Korean hacking groups have been relentlessly conducting cyber assaults on South Korean defence firms for over a year. These attacks have resulted in breaches of internal networks and the theft of crucial technical data. Identified groups include Lazarus, Kimsuky, and Andariel, all linked to North Korea’s intelligence apparatus.
Hackers successfully infiltrated networks using various methods, such as planting malicious codes directly into defence companies’ systems or through their contractors. Police, collaborating with national spy agencies and private sector experts, tracked these attacks. They used indicators such as source IP addresses, signal rerouting architecture, and malware signatures to identify the perpetrators.
One notable case, dating back to November 2022, saw hackers inserting a code into a company’s public network. This code later infected the intranet during a temporary disengagement of the internal security system for a network test. Exploiting security oversights, hackers gained entry through subcontractors’ accounts, who used identical passcodes for personal and official email accounts, extracting confidential technical data.
Although the police did not disclose the affected companies or the specifics of the data breaches, South Korea has become a significant global defence exporter. In recent years, lucrative contracts for items such as mechanised howitzers, tanks, and fighter jets have been valued at billions of dollars. This latest revelation underscores the persistent threat posed by North Korean cyber operations, which extend beyond national borders and target critical industries worldwide.
China has taken a significant step in modernising its military by establishing the Information Support Force (ISF) to bolster its ability to wage networked warfare. President Xi Jinping formally inaugurated the ISF, emphasising its crucial role in ensuring the People’s Liberation Army (PLA) can succeed in modern conflicts. The ISF aims to develop a network information system tailored to the demands of contemporary warfare, enhancing the PLA’s combat capabilities.
The creation of the ISF consolidates China’s cyberspace and aerospace capabilities under a unified command within the Strategic Support Force. President Xi’s leadership underscores the strategic importance of this new force in advancing China’s military strength across all domains. While specific details of the ISF’s operations remain undisclosed, its establishment aligns with Xi’s broader vision for China’s military modernisation, particularly in light of the PLA’s upcoming centennial anniversary in 2027.
China’s emphasis on information warfare reflects a global recognition of the critical role of communication in modern conflict. However, concerns persist regarding China’s aggressive cyber activities, with FBI Director Christopher Wray characterising China as a persistent threat to US infrastructure. Wray highlighted China’s extensive hacking capabilities, fueled by the theft of intellectual property and data, and emphasised the importance of collaborative efforts to counter these threats.
The FBI’s response to Chinese cyber operations involves close coordination with various entities, including the US Cyber Command, foreign law enforcement agencies, and private sector partners. Wray emphasised the role of partnerships in confronting Beijing’s cyber aggression, stressing the need for proactive engagement from potential victims to mitigate the impact of cyber intrusions. By leveraging collaboration and information sharing, efforts to combat Chinese cyber threats aim to protect critical infrastructure and safeguard against future attacks.
FBI Director Christopher Wray issued a stark warning about Chinese government-linked hackers infiltrating critical US infrastructure, awaiting a strategic moment for devastating action. Speaking at Vanderbilt University, Wray outlined the ongoing Volt Typhoon hacking campaign, which has breached American companies in vital sectors like telecommunications, energy, and water, with 23 pipeline operators among the targets.
FBI Director Christopher Wray issued a warning that Chinese hackers are preparing to attack critical US infrastructure:
“China is positioning its enormous hacking enterprise…The PRC has made it clear that it considers every sector that makes our society run fair game in its… pic.twitter.com/Fwsoj4jWXF
At the 2024 Vanderbilt Summit on Modern Conflict and Emerging Threats, Wray emphasised China’s evolving capability to inflict physical damage on crucial infrastructure at its discretion. The campaign’s intent remains elusive, though it aligns with China’s broader strategy to dissuade US intervention in Taiwan, a democratic territory claimed by Beijing.
China, which has never disavowed the use of force to assert control over Taiwan, denies any government involvement in Volt Typhoon, dismissing it as the work of criminal ransomware groups. The Chinese Embassy in Washington echoed this stance, accusing the US of politicising cybersecurity by attributing attacks to China and portraying itself as the victim.
Wray disclosed that Chinese hackers employ a network of compromised devices globally to obfuscate their activities, a tactic previously identified by private cybersecurity firms like Microsoft and Google. As tensions persist between the US and China over Taiwan and cybersecurity, the spectre of cyberwarfare looms large, underscoring the imperative for robust defences against digital incursions.
On 1 November 2023, the First Committee (Disarmament and International Security) of the UN General Assembly approved a draft resolution on lethal autonomous weapons systems (LAWS), expressing concern about the possible negative consequences and impact of autonomous weapons systems on global security and regional and international stability and stressing the urgent need for the international community to address the challenges and concerns raised by such systems.
The resolution, once endorsed by the General Assembly, would require the UN Secretary-General to seek the views of Member States and observer States on LAWS and on ways to address the challenges and concerns they raise from humanitarian, legal, security, technological, and ethical perspectives, and to submit a report to the General Assembly at its seventy-ninth session. The Assembly would also request the Secretary-General to invite the views of international and regional organizations, the International Committee of the Red Cross, civil society, the scientific community and industry and to include those in the annex to the report.
Within the First Committee, the draft resolution was adopted by a vote of 164 in favour to 5 against (Belarus, India, Mali, Niger, Russian Federation), with 8 abstentions (China, Democratic People’s Republic of Korea, Iran, Israel, Saudi Arabia, Syria, Türkiye, United Arab Emirates). In addition, 11 votes were recorded on the resolution’s provisions.
Egypt noted that algorithms must not be in full control of decisions that involve harming or killing humans. Human responsibility and accountability for the use of lethal force must be preserved.
The Russian Federation expressed concern that the resolution seeks to undermine the work of the GGE on LAWS, which is the sole ideal forum to discuss LAWS. The country also argued that the resolution does not acknowledge that autonomous weapons systems can play an important role in defence and in fighting terrorism, and that international law fully applies to these systems.
Iran noted that the definition and scope of the term ‘lethal autonomous weapons’ are not clearly defined, and that GGE on LAWS should focus on states parties.
Türkiye also raised the issue of a lack of agreement on the definition of autonomous weapons systems and noted that the absence of shared terminology increases ‘question marks’ on the way forward. The country also added that international law and international humanitarian law should be sufficient to alleviate concerns regarding the use of such weapons systems.
The USA stated that it does not support the creation of a parallel process on LAWS or any other efforts that will seek to undermine the centrality of the GGE on LAWS on making progress on this issue. Poland also noted that the GGE is the forum to make progress on identifying challenges and opportunities related to LAWS, and that other international forums are not equally fit, as they often lack technical and diplomatic capacity and do not address the significant balance between humanitarian aspects and military necessity.
Israel called on member states not to undermine the work done in the Convention through the creation of a parallel forum. It also outlined the importance of the full application of international humanitarian law to LAWS.
Australia called for the report to be prepared by the UN Secretary-General to be balanced and inclusive of the views of all UN member states. South Africa expressed concern about the provision of the resolution, noting that the integrity of the process under way in the GGE on LAWS should be respected, and states parties have already made their views known on the issue. Brazil argued that the GGE might benefit from the fresher views of a wider audience.
Russian hackers are reportedly intensifying their cyberattacks on Ukraine’s law enforcement agencies, focusing on uncovering information related to investigations of war crimes allegedly committed by Russian soldiers.
According to an SSSCIP report, the Russian objective appears to be to identify war crime suspects, potentially aiding them in evading prosecution and facilitating their return to Russia. Additionally, the hackers are likely keen to ascertain the identities of elite soldiers and officers captured in Ukraine for possible exchange.
Ukrainian cybersecurity officials have voiced concerns over these espionage campaigns, which have targeted entities such as the prosecutor general’s office, courts, and other bodies investigating war crimes.
In a development that may be related, Karim Khan, the lead prosecutor of the International Criminal Court (ICC), announced that the court intends to investigate cyberattacks as possible acts of war crimes. Russia’s cyber assaults on Ukraine’s essential civilian infrastructure could be some of the initial instances under this new interpretation.
Not long after this announcement, the ICC decided to establish a field office in Kyiv in charge of investigating Russian war crimes. The ICC then reported a breach of its computer systems without divulging further details regarding the severity or attribution of the attack.
