Meta, the parent company of Facebook, has banned several Russian state media outlets, including RT (Russia Today) and Rossiya Segodnya, from its platforms due to their involvement in covert online influence operations. The censorship decision significantly escalates Meta’s actions against Russian media, as it previously restricted their activities by limiting ad access and post visibility. Meta explained that after reviewing ongoing foreign interference by these outlets, it expanded its enforcement to ban them from all its apps, which include Instagram, WhatsApp, and Threads. The company expects the ban to take full effect in the coming days.
The decision follows recent charges by US authorities against two RT employees accused of money laundering in connection with efforts to influence the 2024 US elections. US Secretary of State Antony Blinken has urged countries to treat RT’s activities as covert intelligence operations rather than legitimate journalism. Despite these developments, RT has criticised the US government’s actions, accusing them of stifling the media outlet’s ability to function as a journalistic organisation.
Meta also shared that Russian state media outlets have attempted to conceal their online activities before, and it anticipates further attempts to evade the newly imposed restrictions. The Russian embassy and the White House have yet to comment on Meta’s decision.
Cyberattacks targeting US utilities surged nearly 70% this year, according to data from Check Point Research. The energy sector is particularly vulnerable, with outdated software systems making utilities easier targets. Despite the spike in incidents, none of the attacks have yet caused severe damage, but experts warn that a coordinated effort could be disastrous, affecting essential services and resulting in major financial losses.
Check Point data showed an average of 1,162 cyberattacks through August, compared to 689 in 2023. These figures highlight the increasing risks as the US power grid rapidly expands to meet higher energy demand, particularly from new sectors such as AI data centres. Experts say the grid’s rapid growth creates more potential entry points for attackers.
Outdated Internet of Things (IoT) and Incident Command Systems (ICS) used by many utilities are not as secure as other industries’ advanced software, putting critical infrastructure at heightened risk. Regulations like NERC’s Critical Infrastructure Protection provide only a basic level of security, which some experts argue is insufficient given the growing threats.
The financial impact of cyber breaches in the energy sector has been significant. In 2022, IBM reported the average cost of a data breach in the sector reached $4.72 million. With the 2024 US election approaching, cybersecurity experts expect an even greater surge in cyberattacks on essential infrastructure.
Around 60 nations, including the United States, endorsed a ‘blueprint for action’ on Tuesday to regulate the responsible use of AI in military settings. The blueprint was unveiled at the second Responsible AI in the Military Domain (REAIM) summit in Seoul. However, China was among the countries that declined to support the legally non-binding document.
The blueprint builds on discussions from last year’s summit in Amsterdam and outlines concrete steps, such as risk assessments and ensuring human involvement in decisions related to AI in military operations, including nuclear weapons. It also emphasises preventing AI from being used in weapons of mass destruction (WMD) by non-state actors, such as terrorist groups.
The summit, co-hosted by the Netherlands, Singapore, Kenya, and the United Kingdom, aims to foster global cooperation without being led by a single entity. Despite this, China and approximately 30 other countries refrained from endorsing the document, highlighting differing views among participants on AI’s military use.
As the international community moves forward, discussions on AI in military contexts are expected to continue at the United Nations General Assembly in October. Experts stress that while the blueprint is a step forward, progress must be made carefully to avoid alienating countries from engaging in future talks.
Russia is ramping up its efforts to control the internet by allocating nearly 60 billion roubles ($660 million) over the next five years to upgrade its web censorship system, known as TSPU. The system, developed by state regulator Roskomnadzor, is designed to filter and block content deemed harmful or illegal by the government. The funding, part of a broader ‘Cybersecurity Infrastructure’ project, will acquire new software and hardware and expand the system’s capabilities.
The initiative is seen as part of Moscow’s broader crackdown on online freedoms, which has intensified since Russia‘s invasion of Ukraine in 2022. The government has been targeting independent media and social media platforms, blocking websites, and cracking down on using Virtual Private Networks (VPNs), which many Russians use to bypass government restrictions. Roskomnadzor has been increasingly influential in blocking access to these tools, with officials planning to enhance the system’s efficiency further.
The TSPU system was introduced under a 2019 law that requires internet service providers to install government-controlled equipment to monitor and manage web traffic. As of late 2022, over 6,000 TSPU devices had been deployed across Russian networks. The new funding will modernise this infrastructure and improve the system’s ability to detect and block VPN services, making it harder for Russians to access uncensored content.
Why does this matter?
While the Kremlin continues to position these measures as necessary for national security, critics see them as a blatant attack on free speech. Digital rights activists, including those from Roskomsvoboda, warn that while new investments in censorship technology will tighten government control, it is unlikely to eliminate access to independent information. Developers of VPNs and other circumvention tools remain determined, stating that innovation and motivation are essential in the ongoing struggle between censorship and free access.
Russia’s battle with VPNs and independent media is part of a broader campaign against what it calls Western information warfare. Despite the government’s efforts to clamp down, demand for alternative ways to access the internet remains high. Developers are working on more resilient tools, even as the state pours resources into strengthening its censorship apparatus. This tug-of-war between government control and free access to information seems set to continue, with both sides ramping up their efforts.
The cyber threat actor known as Konni, previously linked to the North Korean state-sponsored group Kimsuky, has been increasing its cyberespionage operations against targets in South Korea and Russia, according to a recent report by the South Korean cybersecurity firm Genians.
The report highlights that Konni employs consistent tactics, techniques, and procedures in its attacks on Moscow and Seoul, with cyberespionage as the primary objective. Since at least 2021, Konni has targeted entities such as the Russian Ministry of Foreign Affairs, the Russian Embassy in Indonesia, and various South Korean organisations, including a tax law firm.
One notable incident occurred in January 2022, when Konni targeted Russian embassy diplomats with phishing emails disguised as New Year greetings, aiming to deliver malware. According to Genians, Konni’s malicious activities have been ongoing since 2014. In Russian and South Korean attacks, Konni uses similar methods to connect infected devices to hacker-controlled command servers (C2). Malicious modules are deployed through executable files, and the connection to the C2 server is established via internal commands.
Genians researchers emphasised that while Konni’s attack patterns have remained consistent over the years, the group has been incorporating new, anomalous tactics to enhance the success of their operations. They also noted that understanding the similarities in the group’s attacks across different regions could help security professionals better defend against and attribute these threats.
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has recently updated its Russia General License (GL) 25E, maintaining authorisation for essential and incidental transactions to telecommunications involving the Russian Federation. That license facilitates various internet-based services, including instant messaging, social networking, and e-learning platforms.
It supports the ongoing exchange of communications and allows for the export or reexport of related software, hardware, and technology, provided such transactions comply with the Department of Commerce’s Export Administration Regulations. However, it is important to note that transactions involving significant Russian telecommunications companies designated by OFAC remain unauthorised under this license and must be carefully analysed.
The Department of the Treasury’s Office of Foreign Assets Control has also issued a critical alert regarding Russia’s attempts to evade sanctions by establishing new overseas branches and subsidiaries of Russian financial institutions. That alert warns that these efforts to open new international branches or subsidiaries should be considered potential red flags for sanction evasion.
Financial institutions and foreign regulators are advised to exercise caution when engaging with these entities, as activities such as maintaining accounts, transferring funds, or providing financial services may carry significant risks of facilitating Russia’s attempts to bypass sanctions.
Germany’s domestic intelligence agency has warned about a Russian cyber group tied to the military intelligence agency, GRU. Known as Unit 29155 or UNC2589, the group has been accused of launching cyberattacks against NATO and the EU countries, escalating concerns about Russian interference. In a coordinated effort, Germany’s Bundesverfassungsschutz issued the alert in collaboration with the FBI, US cybersecurity agencies, and other international partners.
The warning follows a wave of suspicion across Europe regarding Russian cyber activities, particularly since the invasion of Ukraine in 2022. Earlier this year, Germany accused Russia of targeting the Social Democratic Party as well as industries like defence, aerospace, and logistics. These attacks have been attributed to UNC2589, also known by other names such as Cadet Blizzard or Ember Bear.
The cyber group is reportedly involved in espionage and sabotage, with tactics that include defacing websites and leaking stolen data. The GRU unit to which it belongs is notorious for its alleged role in the poisoning of former Russian double agent Sergei Skripal and his daughter Yulia in Britain in 2018, further cementing its reputation as a severe threat to international security.
The US government indicted two Russian nationals and seized over 30 internet domains on Wednesday, disrupting an operation aimed at influencing the American election. However, an extensive FBI dossier revealed a broader Russian campaign targeting political and social stability in Europe. The 277-page affidavit detailed plans to manipulate politicians, businesspeople, journalists, and influencers in Germany, France, Italy, and the UK, with the Kremlin intending to sow division, discredit the US, and undermine support for Ukraine.
Documents showed the Social Design Agency, under the directive of Sergey Kiriyenko, Deputy Chief of Staff to President Vladimir Putin, orchestrated these efforts. The agency used real posts on social media to bypass bot filters and created ‘doppelgänger domains’ that mimicked reputable media outlets like Reuters and Le Monde to spread fake news. Funded by cryptocurrencies such as bitcoin, these sophisticated methods aimed to provoke rational and emotional anti-West sentiments, questioning the necessity of supporting Ukraine and criticising Americans.
Germany was identified as particularly vulnerable due to its economic ties with Russia. Russian memos stressed discrediting the USA, Great Britain, and NATO, while convincing Germans to oppose sanctions.
Another operation, ‘International Conflict Incitement,’ focused on escalating tensions in France and Germany, using fake articles and targeted social media posts to create conflicts and destabilise these societies.
Why does it matter?
The findings underscore how pervasive strategic manipulation of public opinion through sophisticated cyber operations is. Through FBI evidence, the depth and breadth of these influence operations to escalate internal tensions and to promote the interests of the Russian Federation are made clear, highlighting ongoing geopolitical tensions and the sophisticated nature of modern information warfare.
Latvian cybersecurity officials report that politically motivated hackers linked to Russia and Belarus are launching a new wave of cyberattacks against the Latvian government and critical infrastructure websites. The attacks aim to disrupt access rather than steal sensitive data, according to Baiba Kaskina, head of the Latvian Computer Emergency Response Team (CERT). Varis Teivans, deputy manager of Latvian CERT, highlighted this trend two years ago in an interview with Recorded Future News.
In August, the frequency of attacks surged again, likely in response to Latvia’s new aid package to Ukraine, which includes drones and air defense systems. Vineta Sprugaine, a representative of the Latvian State Radio and Television Center, noted that such attacks often coincide with political decisions or holidays.
Most of these incidents involve distributed denial-of-service (DDoS) attacks, which temporarily slow down targeted websites. Kaskina described the attacks as “very large” in volume and “well customized” to their targets.
Russia-linked hacktivist groups, including NoName057(16) and Anonymous Guys, have claimed responsibility for the recent cyberattacks on Latvian websites, asserting they are retaliating against Latvia for supporting Ukraine. NoName057(16) declared on Telegram, “We continue to punish Russophobic Latvia for aiding the criminal Kyiv regime.”
Baiba Kaskina acknowledged that while Latvia is ‘well prepared’ for these attacks, the constantly evolving tactics of the hackers make them challenging to combat. She described the attacks on Latvia and other Baltic states as part of a ‘hybrid war’ aimed at creating societal panic and eroding trust in government institutions.
According to Lumen Technologies, a Chinese hacking group has exploited a software flaw, compromising several internet companies in the US and abroad. Researchers at Lumen revealed that the hackers targeted a previously unknown vulnerability in Versa Director, a software platform used by Santa Clara-based Versa Networks. The attack began early in June and affected four US firms and one in India.
Versa Networks acknowledged the flaw and urged customers to update their software. Lumen’s researchers believe the hacking campaign was conducted by the Chinese government-backed group, ‘Volt Typhoon.’
Allegedly, the attackers aimed to surveil the customers of the compromised internet companies. Cybersecurity experts warn that such access could enable broad, undetected surveillance.
The US Cybersecurity and Infrastructure Security Agency added the Versa vulnerability to its list of known exploited weaknesses. Concerns over China’s cyber activities have grown, with US officials noting an increase in the intensity of these efforts. In April, the FBI warned that China was developing the capability to disrupt critical infrastructure.
