In response, Taiwan’s Defense Minister, Wellington Koo, refuted the accusations, stating that China is the primary perpetrator of global cyberattacks. According to Koo, China frequently targets Taiwan and other democracies, and these latest allegations are just another attempt to shift blame. He emphasised that Taiwan’s military remains committed to defending the nation despite Beijing’s accusations.
Taiwan’s Premier Cho Jung-tai echoed these sentiments, labelling China’s claims as fake news aimed at discrediting Taiwan. He stressed the importance of responding strongly to such disinformation, as it is part of Beijing’s ongoing strategy to undermine Taiwan.
Why does it matter?
The tensions between China and Taiwan continue to escalate, with China persistently asserting its claim over the island. Taiwan, however, maintains its independence, with its government repeatedly stating that only its people can determine their future. Relations between the two remain strained, especially with Beijing’s harsh stance toward Taiwan’s president, Lai Ching-te, whom China labels a ‘separatist.’
China’s Ministry of National Security has accused a Taiwan-based hacking group, Anonymous 64, of orchestrating cyberattacks aimed at discrediting China’s political system. According to a blog post from the ministry, the group, allegedly tied to Taiwan’s military cyberwarfare division, has been targeting Chinese websites, outdoor screens, and television stations to broadcast content undermining mainland policies. In response, Taiwan’s defence ministry dismissed the accusations, claiming China is the natural source of cyber harassment, regularly attempting to destabilise the democratic island.
The allegations are the latest chapter in the escalating tensions between China and Taiwan. China, which claims sovereignty over Taiwan, has ramped up military and political pressure on the island in recent years. Taiwan, in turn, accuses Beijing of spreading disinformation and carrying out cyberattacks. Taiwan’s Information, Communications, and Electronic Force Command responded to China’s claims, asserting that the Chinese government’s military forces are instigating regional instability through ongoing harassment efforts.
The hacking group, which surfaced on X (formerly Twitter) in mid-2023, has posted screenshots of their alleged efforts to infiltrate Chinese media. One video shared by Anonymous 64 featured a masked member likening China’s President Xi Jinping to an emperor, along with footage referencing past protests in China, including the Tiananmen Square demonstrations. However, China contends that many websites the group claimed to have hacked were fake or photoshopped, with minimal online traffic.
As part of its crackdown, China has opened investigations into Taiwan’s cyberwarfare tea members. It has called on citizens to report cyberattacks or anti-China propaganda, urging people to avoid spreading unverified information online. Despite the accusations, it remains unclear whether Anonymous 64 has any ties to the international hacking collective Anonymous or if their alleged actions have been as far-reaching as claimed.
The NCSC has collaborated with cybersecurity agencies from the United States, Australia, Canada, and New Zealand to effectively address the global botnet threat. That joint effort underscores the importance of international cooperation in tackling cyber threats that span multiple countries.
By combining their expertise and resources, these agencies have been able to produce a comprehensive advisory that provides detailed information on the botnet’s operation, its impact, and the types of devices it targets. Consequently, this collaboration ensures a robust and unified response to the threat, reflecting the global commitment to enhancing cybersecurity.
Moreover, the advisory issued by these agencies details how the botnet, managed by Integrity Technology Group and used by the cyber actor Flax Typhoon, exploits vulnerabilities in internet-connected devices. It includes technical information on the botnet’s activities, such as malware distribution and Distributed Denial of Service (DDoS) attacks, and offers practical mitigation strategies.
Therefore, it underscores the need for updating and securing devices to prevent them from becoming part of the botnet, providing crucial guidance to individuals and organisations seeking to protect their digital infrastructure. In addition, this international collaboration serves to promote proactive security measures and raise awareness about cybersecurity best practices. The joint advisory encourages users to safeguard their devices and avoid contributing to malicious activities immediately.
The National Security Agency (NSA), in conjunction with the Federal Bureau of Investigation (FBI), United States Cyber Command’s Cyber National Mission Force (CNMF), and international allies, has issued a critical cybersecurity advisory. Titled ‘People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations,’ the advisory reveals the extensive activities of cyber actors affiliated with the People’s Republic of China (PRC).
These actors have breached internet-connected devices worldwide, establishing a massive botnet. To address this threat, the NSA has outlined several key mitigations aimed at helping device vendors, owners, and operators secure their devices and networks. These recommendations include regularly applying patches and updates, turning off unused services and ports, replacing default passwords with strong alternatives, and implementing network segmentation to reduce IoT device risks.
Furthermore, the advisory suggests monitoring network traffic for signs of DDoS attacks, planning device reboots to eliminate non-persistent malware, and upgrading outdated equipment with supported models. Moreover, NSA Cybersecurity Director Dave Luber has emphasised the importance of the advisory, noting that it provides crucial and timely insights into the botnet’s infrastructure, the geographical distribution of the compromised devices, and effective mitigation strategies.
According to the advisory, the botnet encompasses thousands of devices across various sectors, with over 260,000 devices compromised in North America, Europe, Africa, and Southeast Asia as of June 2024. Consequently, this extensive network of affected devices highlights the urgent need for enhanced security measures to protect against such pervasive cyber threats.
Microsoft researchers have uncovered a Russian disinformation operation that falsely accused United States Democratic presidential candidate Kamala Harris of leaving a 13-year-old girl paralysed in a hit-and-run incident in 2011. The operation, led by a Kremlin-linked group called Storm-1516, used actors and fabricated news outlets, including a fake site called ‘KBSF-TV’, to spread the baseless claim. The hoax was widely shared on social media, gaining millions of views.
The disinformation effort is part of a broader Russian campaign to interfere with the upcoming US presidential election. After initial difficulties shifting focus following President Biden’s withdrawal from the 2024 race, Russian actors have targeted Harris and her running mate, Tim Walz, with fabricated conspiracy theories. The false claim against Harris was amplified on social media by pro-Russian figures, including Aussie Cossack, who encouraged MAGA supporters to spread the misinformation.
Microsoft‘s investigation highlights how Storm-1516 produces misleading videos featuring actors impersonating journalists or whistleblowers. The hit-and-run story gained traction online, particularly on X.com, where it was shared by key figures within the pro-Russian ecosystem. The US Justice Department has also recently charged two Russian state media employees with money laundering, linked to efforts to influence the election.
US officials believe Russia’s goal is to deepen political divisions within the country and undermine public support for military aid to Ukraine. Kamala Harris has stated her intention to continue supporting Ukraine’s defence against Russia‘s invasion if elected.
BlackDice and Bin Omran Trading and Telecommunication have launched a strategic partnership to enhance Qatar’s cybersecurity infrastructure significantly. Combining their expertise will deliver state-of-the-art cybersecurity solutions, with BlackDice leveraging its AI-powered security and data intelligence to safeguard critical infrastructure and sensitive information.
Additionally, their collaboration will focus on strengthening the cybersecurity capabilities of major telecom operators in the region, thereby boosting network resilience and protecting extensive personal and financial data. Consequently, this comprehensive approach supports DA2030’s goal of creating a secure and resilient digital environment essential for Qatar’s economic diversification and social development.
By addressing the evolving needs of the digital landscape in Qatar, BlackDice and Bin Omran Trading and Telecommunication contribute to the nation’s ambition of becoming a global leader in technology and connectivity and ensuring robust protection against emerging cyber threats.
The US Federal Bureau of Investigation has disrupted another major Chinese hacking group, dubbed ‘Flax Typhoon,’ which had compromised thousands of devices globally. The FBI and officials from several allied countries accused a Chinese company, the Integrity Technology Group, of running the operation under the guise of an IT firm. FBI Director Christopher Wray revealed that the group was gathering intelligence and conducting surveillance for Chinese security agencies, targeting critical infrastructure as well as corporations, media organisations, and universities.
Cybersecurity officials from the UK, Canada, Australia, and New Zealand also joined the US in condemning the hacking group, noting that over 250,000 devices had been compromised as of June. The operation involved hijacking devices through a botnet—a network of infected cameras and storage devices—and was reportedly part of China’s broader cyber-sabotage efforts. Flax Typhoon’s activities mirrored those of another China-backed group, Volt Typhoon, which has been scrutinised for targeting US infrastructure.
The Chinese Embassy in Washington denied the accusations, claiming that the US had made baseless allegations. Despite China’s dismissal, the FBI remains firm, with Wray emphasising that this takedown is only one part of a longer struggle to counter Chinese cyberattacks. The operation faced some retaliation from the hackers, who launched a cyberattack in response but eventually retreated, leaving the FBI in control of the botnet’s infrastructure.
The American Cybersecurity and Infrastructure Security Agency (CISA) has introduced the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan, a key initiative designed to enhance federal cybersecurity across over 100 FCEB agencies. That plan establishes a framework for coordinated support and services, aiming to reduce cyber risks through a unified defence strategy.
The FOCAL Plan prioritises five key areas to advance operational cybersecurity: Asset Management, which focuses on understanding and managing the cyber environment and interconnected assets; Vulnerability Management, aimed at proactively protecting against threats and assessing defensive capabilities; Defensible Architecture, which emphasises building resilient infrastructure; Cyber Supply Chain Risk Management (C-SCRM), to identify and mitigate risks from third parties; and Incident Detection and Response, designed to enhance Security Operations Centers (SOCs) in managing and limiting the impact of security incidents.
The US Cybersecurity and Infrastructure Security Agency (CISA) also notes that while the FOCAL Plan is tailored for federal agencies, it provides valuable insights for public and private sector organisations. It is a practical guide for developing effective cybersecurity strategies and improving coordination across enterprise security capabilities. Rather than offering an exhaustive checklist, the FOCAL Plan prioritises key actions that will drive significant advancements in cybersecurity and alignment goals within the federal sector.
Meta, the parent company of Facebook, has banned several Russian state media outlets, including RT (Russia Today) and Rossiya Segodnya, from its platforms due to their involvement in covert online influence operations. The censorship decision significantly escalates Meta’s actions against Russian media, as it previously restricted their activities by limiting ad access and post visibility. Meta explained that after reviewing ongoing foreign interference by these outlets, it expanded its enforcement to ban them from all its apps, which include Instagram, WhatsApp, and Threads. The company expects the ban to take full effect in the coming days.
The decision follows recent charges by US authorities against two RT employees accused of money laundering in connection with efforts to influence the 2024 US elections. US Secretary of State Antony Blinken has urged countries to treat RT’s activities as covert intelligence operations rather than legitimate journalism. Despite these developments, RT has criticised the US government’s actions, accusing them of stifling the media outlet’s ability to function as a journalistic organisation.
Meta also shared that Russian state media outlets have attempted to conceal their online activities before, and it anticipates further attempts to evade the newly imposed restrictions. The Russian embassy and the White House have yet to comment on Meta’s decision.
Cyberattacks targeting US utilities surged nearly 70% this year, according to data from Check Point Research. The energy sector is particularly vulnerable, with outdated software systems making utilities easier targets. Despite the spike in incidents, none of the attacks have yet caused severe damage, but experts warn that a coordinated effort could be disastrous, affecting essential services and resulting in major financial losses.
Check Point data showed an average of 1,162 cyberattacks through August, compared to 689 in 2023. These figures highlight the increasing risks as the US power grid rapidly expands to meet higher energy demand, particularly from new sectors such as AI data centres. Experts say the grid’s rapid growth creates more potential entry points for attackers.
Outdated Internet of Things (IoT) and Incident Command Systems (ICS) used by many utilities are not as secure as other industries’ advanced software, putting critical infrastructure at heightened risk. Regulations like NERC’s Critical Infrastructure Protection provide only a basic level of security, which some experts argue is insufficient given the growing threats.
The financial impact of cyber breaches in the energy sector has been significant. In 2022, IBM reported the average cost of a data breach in the sector reached $4.72 million. With the 2024 US election approaching, cybersecurity experts expect an even greater surge in cyberattacks on essential infrastructure.
