Cybersecurity

North Korean hackers target South Korean defence firms

South Korean police disclosed that major North Korean hacking groups have been relentlessly conducting cyber assaults on South Korean defence firms for over a year. These attacks have resulted in breaches of internal networks and the theft of crucial technical data. Identified groups include Lazarus, Kimsuky, and Andariel, all linked to North Korea’s intelligence apparatus.

Hackers successfully infiltrated networks using various methods, such as planting malicious codes directly into defence companies’ systems or through their contractors. Police, collaborating with national spy agencies and private sector experts, tracked these attacks. They used indicators such as source IP addresses, signal rerouting architecture, and malware signatures to identify the perpetrators.

One notable case, dating back to November 2022, saw hackers inserting a code into a company’s public network. This code later infected the intranet during a temporary disengagement of the internal security system for a network test. Exploiting security oversights, hackers gained entry through subcontractors’ accounts, who used identical passcodes for personal and official email accounts, extracting confidential technical data.

Although the police did not disclose the affected companies or the specifics of the data breaches, South Korea has become a significant global defence exporter. In recent years, lucrative contracts for items such as mechanised howitzers, tanks, and fighter jets have been valued at billions of dollars. This latest revelation underscores the persistent threat posed by North Korean cyber operations, which extend beyond national borders and target critical industries worldwide.

Meta spokesperson sentenced to six years in Russia

A military court in Moscow has reportedly sentenced Meta Platforms spokesperson Andy Stone to six years in prison in absentia for ‘publicly defending terrorism.’ This ruling comes amid Russia’s crackdown on Meta, which was designated as an extremist organisation in the country, resulting in the banning of Facebook and Instagram in 2022 due to Russia’s conflict with Ukraine.

Meta has yet to comment on the reported sentencing of Stone, who serves as the company’s communications director. Stone himself was unavailable for immediate response following the court’s decision. Stone’s lawyer, Valentina Filippenkova, indicated they intend to appeal the verdict, expressing a request for acquittal.

The Russian interior ministry initiated a criminal investigation against Stone late last year, although the specific charges were not disclosed then. According to state investigators, Stone’s online comments allegedly defended ‘aggressive, hostile, and violent actions’ against Russian soldiers involved in what Russia terms its ‘special military operation’ in Ukraine.

Why does it matter?

Stone’s sentencing underscores Russia’s stringent stance on online content related to its military activities in Ukraine, extending repercussions to individuals associated with Meta Platforms. The circumstances also reflect the broader context of heightened scrutiny and legal actions against perceived dissent and criticism within Russia’s digital landscape.

China establishes new military unit for networked warfare

China has taken a significant step in modernising its military by establishing the Information Support Force (ISF) to bolster its ability to wage networked warfare. President Xi Jinping formally inaugurated the ISF, emphasising its crucial role in ensuring the People’s Liberation Army (PLA) can succeed in modern conflicts. The ISF aims to develop a network information system tailored to the demands of contemporary warfare, enhancing the PLA’s combat capabilities.

The creation of the ISF consolidates China’s cyberspace and aerospace capabilities under a unified command within the Strategic Support Force. President Xi’s leadership underscores the strategic importance of this new force in advancing China’s military strength across all domains. While specific details of the ISF’s operations remain undisclosed, its establishment aligns with Xi’s broader vision for China’s military modernisation, particularly in light of the PLA’s upcoming centennial anniversary in 2027.

China’s emphasis on information warfare reflects a global recognition of the critical role of communication in modern conflict. However, concerns persist regarding China’s aggressive cyber activities, with FBI Director Christopher Wray characterising China as a persistent threat to US infrastructure. Wray highlighted China’s extensive hacking capabilities, fueled by the theft of intellectual property and data, and emphasised the importance of collaborative efforts to counter these threats.

The FBI’s response to Chinese cyber operations involves close coordination with various entities, including the US Cyber Command, foreign law enforcement agencies, and private sector partners. Wray emphasised the role of partnerships in confronting Beijing’s cyber aggression, stressing the need for proactive engagement from potential victims to mitigate the impact of cyber intrusions. By leveraging collaboration and information sharing, efforts to combat Chinese cyber threats aim to protect critical infrastructure and safeguard against future attacks.

FBI chief warns of Chinese hackers threatening US infrastructure

FBI Director Christopher Wray issued a stark warning about Chinese government-linked hackers infiltrating critical US infrastructure, awaiting a strategic moment for devastating action. Speaking at Vanderbilt University, Wray outlined the ongoing Volt Typhoon hacking campaign, which has breached American companies in vital sectors like telecommunications, energy, and water, with 23 pipeline operators among the targets.

At the 2024 Vanderbilt Summit on Modern Conflict and Emerging Threats, Wray emphasised China’s evolving capability to inflict physical damage on crucial infrastructure at its discretion. The campaign’s intent remains elusive, though it aligns with China’s broader strategy to dissuade US intervention in Taiwan, a democratic territory claimed by Beijing.

China, which has never disavowed the use of force to assert control over Taiwan, denies any government involvement in Volt Typhoon, dismissing it as the work of criminal ransomware groups. The Chinese Embassy in Washington echoed this stance, accusing the US of politicising cybersecurity by attributing attacks to China and portraying itself as the victim.

Wray disclosed that Chinese hackers employ a network of compromised devices globally to obfuscate their activities, a tactic previously identified by private cybersecurity firms like Microsoft and Google. As tensions persist between the US and China over Taiwan and cybersecurity, the spectre of cyberwarfare looms large, underscoring the imperative for robust defences against digital incursions.

NSA’s AISC releases guidance on securing AI systems

The National Security Agency’s Artificial Intelligence Security Center (NSA AISC) has introduced new guidelines to bolster cybersecurity in the era of AI integration into daily operations. The initiative, developed with key agencies like CISA, FBI, and others, focuses on safeguarding AI systems against potential threats.

The recently released Cybersecurity Information Sheet, ‘Deploying AI Systems Securely,’ outlines essential best practices for organisations deploying externally developed AI systems. The guidelines emphasise three primary objectives: confidentiality, integrity, and availability. Confidentiality ensures sensitive information remains protected; integrity maintains accuracy and reliability, and availability guarantees authorised access as needed.

The guidance stresses the importance of mitigating known vulnerabilities in AI systems to preemptively address security risks. Agencies advocate for implementing methodologies and controls to detect and respond to malicious activities targeting AI systems, their data, and associated services.

The recommendations include ongoing compromise assessments, IT deployment environment hardening, and thorough validation of AI systems before deployment. Strict access controls and robust monitoring tools, such as user behaviour analytics, are advised to identify and mitigate insider threats and other malicious activities.

Organisations deploying AI systems are urged to review and implement the prescribed practices to enhance the security posture of their AI deployments. This proactive approach ensures that AI systems remain resilient against evolving cybersecurity threats in the rapidly advancing AI landscape.

EU cybersecurity label vote postponed

National cybersecurity experts have postponed a vote on a proposed EU cybersecurity label until May, according to sources familiar with the matter. The EU aims to implement a cybersecurity certification scheme (EUCS) to ensure the security of cloud services, aiding governments and businesses in selecting trustworthy vendors. This delay allows tech giants like Amazon, Google, and Microsoft to continue bidding for sensitive EU cloud computing contracts.

Disagreements have arisen over whether strict requirements should be imposed on major tech companies to qualify for the highest level of the EU cybersecurity label. These disagreements have stalled progress despite recent discussions among experts in Brussels. Holding the rotating EU presidency, Belgium has made adjustments to the draft, reflecting ongoing deliberations.

The most recent version of the draft has eliminated sovereignty requirements that previously mandated US tech giants to collaborate with EU-based companies to handle customer data in the bloc. While major tech firms have welcomed this change, it has drawn criticism from EU-based cloud vendors and businesses like Deutsche Telekom, Orange, and Airbus. They argue that removing these requirements poses a risk of unauthorised data access by non-EU governments under their respective laws.

Following the experts’ postponed vote, the next phase involves the EU countries providing input, with the European Commission making the final decision. The outcome of these discussions will significantly impact the landscape of cybersecurity regulations and the involvement of major tech players in the EU’s cloud computing sector.

Cybercriminals exploit Facebook ads for fake AI tools and malware

Cybersecurity researchers from Bitdefender have uncovered a disturbing trend where cybercriminals exploit Facebook’s advertising platform to promote counterfeit versions of popular generative AI tools, including OpenAI’s Sora, DALL-E, ChatGPT 5, and Midjourney. These fraudulent Facebook ads are designed to trick unsuspecting users into downloading malware-infected software, leading to the theft of sensitive personal information.

The hackers hijack legitimate Facebook pages of well-known AI tools like Midjourney to impersonate these services, making false claims about exclusive access to new features. The malicious ads direct users to join related Facebook communities, where they are prompted to download supposed ‘desktop versions’ of the AI tools. However, these downloads contain Windows executables packed with harmful viruses like Rilide, Nova, Vidar, and IceRAT, which can steal stored credentials, cryptocurrency wallet data, and credit card details for illicit use.

The cybercrime scheme goes beyond fake ads and hijacked pages; it involves setting up multiple websites to avoid suspicion and using platforms like GoFile to distribute malware through fake Midjourney landing pages. Bitdefender’s analysis highlighted that hackers particularly targeted European Facebook users, with a prominent fake Midjourney page amassing 1.2 million followers before being shut down on 8 March 2024. The reach of these scams extended across countries like Sweden, Romania, Belgium, Germany, and others, with ads primarily targeting European males aged 25-55.

Bitdefender’s report also exposed the cybercriminals’ comprehensive distribution network for malware, known as Malware-as-a-Service (MaaS), enabling anyone to conduct sophisticated attacks. These include data theft, online account compromise, ransom demands after encrypting data, and fraudulent activities.

The case mirrors previous incidents, such as Google’s lawsuit against scammers in 2023 for using fake ads to spread malware. In that case, scammers posed as official Google channels to entice users into downloading purported AI products, highlighting a broader trend of exploiting trusted platforms for illicit gains.

US-China tensions rise as Biden adds more entities to blacklist

President Biden’s administration has escalated tensions with China by adding more Chinese entities to an export blacklist than any previous US government. This latest move by the Commerce Department brings the total number of entities targeted under Biden to 319, surpassing the count during Trump’s tenure. The decision underscores the increasing use of economic tools to achieve foreign policy objectives, particularly as Biden seeks to limit China’s access to advanced technology, citing national security concerns.

The heightened scrutiny on China comes amidst growing apprehensions in Washington over President Xi Jinping’s assertiveness towards Taiwan, fueling fears of Beijing leveraging American technology to bolster its military capabilities. Both Democrats and Republicans have rallied behind the tough stance on China, reflecting bipartisan consensus on the issue, especially with the upcoming elections looming. Biden has maintained Trump’s tariffs while expanding restrictions on Beijing’s access to cutting-edge innovations, notably in critical sectors like AI.

The entity list serves as a primary mechanism for sanctioning entities on national security grounds and has increasingly become a focal point in US-China relations. Beijing has denounced Washington’s actions as economic coercion and unilateral bullying, vowing to defend the rights and interests of Chinese companies. In a retaliatory move, China imposed sanctions on two US companies, signalling a tit-for-tat escalation in tensions. However, such measures are largely symbolic, with minimal impact on the targeted firms.

Despite the Biden administration’s firm stance, there have been occasional concessions, such as withdrawing a Chinese government laboratory from the entity list to address the fentanyl crisis. Nonetheless, the recent additions to the list signal a continuation of the US strategy to maintain its technological edge, particularly in dual-use technologies. As Washington tightens controls on exports to Chinese firms involved in military modernisation efforts, the stage is set for further friction in the already strained US-China relationship.

Italy’s CDP to invest €1 billion in AI and cybersecurity

Italy’s Cassa Depositi e Prestiti (CDP) has announced a substantial investment of €1 billion over the next five years in AI and cybersecurity through its venture capital arm. The investment aligns with the Italian government’s broader agenda, as the chair of the G7, to prioritise the impact of AI on employment and inequality, unveiled in March with the establishment of an investment fund supported by CDP to foster AI projects.

From 2024 to 2028, the fund aims to inject €8 billion into fostering innovation and competitiveness within Italy’s technology sector. Namely, CDP Venture Capital intends to allocate approximately €580 million towards startups while earmarking €300 million for companies poised for international expansion. Additionally, €120 million will facilitate technological transfer, particularly for university research initiatives.

Agostino Scornajenchi, Chief Executive of CDP Venture Capital, expressed confidence in Italy’s innovation prowess, citing its rich scientific and technical heritage. He emphasised the need for Italy to reclaim a leading role in the global economy by leveraging its strengths in innovation and competitiveness, positioning itself as a key player in the international arena.

Microsoft reveals Chinese groups use AI content to undermine US elections

Microsoft Corp. has identified Chinese groups using social media and AI-generated images to incite controversy and gain insights into American perspectives on divisive issues during the election year. According to a report by Microsoft, these groups have spread conspiratorial content, such as blaming the US government for the 2023 wildfires on the Hawaiian island of Maui. The disinformation campaign involved posts in 31 languages, alleging that the US government intentionally caused the blaze, accompanied by AI-generated images of burning coastal roads.

The investigation into the Maui wildfires is ongoing, with a focus on whether power lines owned by Hawaiian Electric Industries Inc. may have sparked the flames. Microsoft noted that these fabricated images demonstrate how Chinese government-affiliated groups are adopting new tactics to advance geopolitical priorities through disinformation and cyberattacks. However,  it remains to be seen whether AI has significantly amplified the effectiveness of these efforts.

Microsoft’s report suggests that the accounts responsible for spreading this disinformation are likely operated by the Chinese government or entities aligned with state interests. Despite these findings, the Chinese Embassy did not respond to requests for comment, which is consistent with the government’s denial of involvement in such activities. Researchers have noted the use of AI to create convincing images and manipulated videos, although Microsoft’s assessment suggests that the impact of such content in influencing audiences remains limited.

Why does it matter?

Since last fall, Microsoft has observed a gradual increase in social media accounts linked to China disseminating inflammatory narratives. These influence campaigns have targeted Taiwan’s election and exacerbated rifts in the Asia-Pacific region. On Taiwan’s election day, a Chinese-associated propaganda group reportedly used an AI-generated audio recording to imply an endorsement from Terry Gou, owner of Foxconn Technology Group and former presidential candidate, for another candidate.

Microsoft’s efforts coincide with US government warnings about Chinese hacking groups targeting critical infrastructure, including communications and transportation systems. Microsoft has also been subject to criticism in a recent US government report regarding its response to suspected Chinese cyberespionage campaigns.