Chinese sanctions hit US drone maker supplying Ukraine | Canada predicts hacking from India as diplomatic feud escalates | EU to pursue Temu for alleged sale of illegal products
Chinese sanctions hit US drone maker supplying Ukraine | Canada predicts hacking from India as diplomatic feud escalates | EU to pursue Temu for alleged sale of illegal products
Good morning. It's Friday 1st of November.
The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
Follow us on Twitter and on LinkedIn.
Skydio, the US’s largest drone maker and a supplier to Ukraine’s military, faces a supply chain crisis after Beijing imposed sanctions on the company, including banning Chinese groups from providing it with critical components. Financial Times
“We judge that official bilateral relations between Canada and India will very likely drive Indian state-sponsored cyber threat activity against Canada,” the Canadian Centre for Cyber Security said in its annual threat report published Wednesday. Bloomberg
Brussels is preparing to launch an investigation into Temu, the Chinese online shopping business, amid concerns that the ecommerce platform is failing to crack down on sales of illegal products. Financial Times
ASPI
ASIS boss says her organisation is making 'unprecedented' investments to beat advancing surveillance technology
ABC News
Stephen Dziedzic
The head of Australia's overseas spy agency has warned that improvements in surveillance technology are putting "intense" pressure on her agents abroad, and says her organisation is making "unprecedented" investments into its technical capabilities to stay ahead of the curve. Chris Taylor from the Australian Strategic Policy Institute said while there was a "suitable generality" to the director-general's comments, it was still "novel" to see her lay out its operations in more detail. "This is the first time we've seen ASIS talk about the 'how' of their espionage and operations … it's beyond what they've said before," he said.
Don’t give a free pass to Beijing for its aggressive behaviour
The Strategist
Rajeswari Pillai Rajagopalan and Justin Bassi
The whole point of the post-World War II system of international rules and norms was that large countries, great powers, could not just do whatever they wanted. The post-War order is meant to provide a check on the untrammelled power of the powerful, whether through military invasions or more subtle ways of bending the will of other countries—methods such as interference, coercion and malicious cyber intrusions. The type of influence China exercises is not something we can accept as simply ‘what great powers do’. It launched a cyber attack on the Pacific Islands Forum, spreads online disinformation in the Pacific to undermine democracies and weaken Pacific partnerships, sought security agreements that lack public transparency, and undertaken various other malicious activities—such as hybrid and grey zone operations.
Australia
Tech giants ‘contemptuous’ towards Australia
Australian Computer Society
Denham Sadler
Social media companies are being “contemptuous” to the Australian people and have done “nothing” to help protect their users from scams and crimes, according to former government cyber security tsar Alastair MacGibbon.
Home Affairs digitises 'authority to operate' process for ICT systems
iTnews
Ry Crozier
Home Affairs has digitised the process it uses to ensure relevant security controls are applied and kept up to date to protect information handled by its hundreds of ICT systems. The process is critical to enabling the department to meet its protective security policy framework and Essential Eight obligations.
This is what elections look like in 2024: Is Australia ready?
The Interpreter
Meg Tapia
In this bumper election year, with more than half of the world’s population going to the polls, AI-generated content has sent political disinformation and concern over electoral legitimacy into hyperdrive. If the events in elections worldwide are a preview of what we can expect in Australia, are we ready?
China
China's BYD overtakes Tesla revenue for first time
BBC
João da Silva
The Chinese electric vehicle giant BYD has seen its quarterly revenues soar, beating Tesla's for the first time. It posted more than 200bn yuan ($28.2bn, £21.8bn) in revenues between July and September. This is a 24% jump from the same period last year, and more than Elon Musk's company whose quarterly revenue was $25.2bn.
Chinese automaker Geely steps up challenge to BYD with new hybrid tech
Reuters
China's Geely Automobile Holdings took the wraps off its latest hybrid technology on Wednesday, boasting some better fuel economy and driving range figures than rival technology from local plug-in hybrid champion BYD. The Leishen EM-i technology can consume just 2.62 litres of fuel per 100 kilometres (62.1 miles) and offer a combined range - using both gasoline and battery - of 2,390.5 km, Geely said, citing media test results.
USA
Chinese sanctions hit US drone maker supplying Ukraine
Financial Times
Demetri Sevastopulo, Kathrin Hille and Ryan McMorrow
Skydio, the US’s largest drone maker and a supplier to Ukraine’s military, faces a supply chain crisis after Beijing imposed sanctions on the company, including banning Chinese groups from providing it with critical components.
New York semiconductor site picked for $825 million in funding
Associated Press
Michael Hill
A semiconductor research facility in upstate New York was selected as one of three national technology centers and will receive up to $825 million in funding as part of a broader federal effort to boost the United States’ competitiveness in the industry.
Securing the truth: international experts address the impact of Russian disinformation on religious freedoms and national security
Associated Press
The conference “Russian Disinformation: Tactics, Influence, and Threats to National Security” gathered prominent experts across media, politics, security, and human rights, as well as representatives from diverse religious communities, to confront the mounting challenge of Russian disinformation. Held in Washington, D.C., the event created a critical platform to assess the mechanisms of Russian influence operations, examine their impact on national and international stability, and strategize ways to combat these pervasive threats.
Biden administration nears completion of second cybersecurity executive order with plethora of agenda items
CyberScoop
Tim Starks
The White House is close to finalising a second executive order on cybersecurity that covers a wide range of subjects for federal agencies to address, including artificial intelligence, secure software, cloud security, identity credentialing and post-quantum cryptography, according to sources familiar with work on the document.
Cyber experts partner to reduce poll watcher cybersecurity risk in battleground States
Associated Press
Drip7, an innovative cybersecurity risk reduction and microlearning platform, announces a strategic partnership with the Institute for Cyber Civics, a 501(c)(3) organisation dedicated to bringing cybersecurity expertise to everyday civic life, starting with election specific cybersecurity awareness for the 2024 US Elections. This strategic partnership offers essential, anonymous cyber training to poll watchers and election observers, a portion of the front line workers tasked with ensuring the integrity and fairness of U.S. elections.
Threat awareness, cloud security, quantum computing among chief agency cyber policy priorities ahead
CyberScoop
Tim Starks
Top federal security and IT officials recently met to discuss 2025 cyber policy priorities, setting an emphasis on sustaining zero trust, building up awareness of threats against agency systems, securing the cloud and getting ready for post-quantum cryptography, the interim Federal Chief Information Security Officer said Wednesday.
Exploiting Meta’s weaknesses, deceptive political ads thrived on Facebook and Instagram in run-up to election
PROPUBLICA
Craig Silverman and Priyanjana Bengani
Despite Meta's stated commitment to crack down on harmful content, it failed to catch tens of thousands of ads that used false claims and deepfakes of political figures to collect users’ sensitive personal data or bait them into monthly charges.
Americas
Canada predicts hacking from India as diplomatic feud escalates
Bloomberg
“We judge that official bilateral relations between Canada and India will very likely drive Indian state-sponsored cyber threat activity against Canada,” the Canadian Centre for Cyber Security said in its annual threat report published Wednesday, adding that such hackers are probably already conducting cyber-espionage.
North Asia
North Korean hackers seen collaborating with Play ransomware group, researchers say
The Record by Recorded Future
Jonathan Greig
Hackers affiliated with North Korea’s Reconnaissance General Bureau were involved in a Play ransomware attack identified by incident responders in September. Palo Alto Networks’ Unit42 published a report on Wednesday highlighting an investigation into a recent ransomware attack where North Korean actors appeared to be collaborating with the financially-minded Play ransomware gang.
Southeast Asia
AI’s $1.3 trillion future increasingly hinges on Taiwan
Japan Times
Jane Lanhee Lee and Vlad Savov
When Jung Yoonseok was looking for an assembly partner for his artificial intelligence chip startup, he had his pick of almost any location in Asia, including his native South Korea. Instead, the Rebellions strategy chief opted for Taiwan because of what he sees as an unparalleled combination of talent, cost and speed.
Ukraine-Russia
Suspected pro-Ukraine cyberattack knocks out parking enforcement in Russian city
The Record by Recorded Future
Daryna Antoniuk
Residents of the northwestern Russian city of Tver were able to park for free for nearly two days due to what local authorities referred to as a “technical failure” in the digital parking payment system. However, a hacker group known as the Ukrainian Cyber Alliance is offering another possible reason for the disruption: a cyberattack on the city’s administrative network. In a statement on Tuesday, the group’s spokesperson said the hackers had taken down the network and claimed to have wiped out “dozens of virtual machines, backup storage, websites, email, and hundreds of workstations.”
Europe
EU to pursue Temu for alleged sale of illegal products
Financial Times
Alice Hancock and Paola Tamma
Brussels is preparing to launch an investigation into Temu, the Chinese online shopping business, amid concerns that the ecommerce platform is failing to crack down on sales of illegal products.
File not found: drive for open data stalls in western Balkans
Balkan Insight
Borislav Visnjic and Ivana Jeremic
Governments in the Western Balkans committed years ago to make official data open and transparent – but a BIRN survey suggests they sometimes supply only incomplete or out-of-date information.
Europe imposes higher tariffs on electric vehicles made in China
The New York Times
Melissa Eddy and Jenny Gross
Consumers in Europe will face higher prices for electric vehicles made in China after additional tariffs on the cars came into effect on Wednesday as part of an effort by European Union leaders to create what they call a level playing field for domestic auto companies.
UK
Inside a firewall vendor's 5-year war with the Chinese hackers hijacking its devices
WIRED
Andy Greenberg
For years, it's been an inconvenient truth within the cybersecurity industry that the network security devices sold to protect customers from spies and cybercriminals are, themselves, often the machines those intruders hack to gain access to their targets. For more than five years, the UK cybersecurity firm Sophos engaged in a cat-and-mouse game with one loosely connected team of adversaries who targeted its firewalls. The company went so far as to track down and monitor the specific devices on which the hackers were testing their intrusion techniques, surveil the hackers at work, and ultimately trace that focused, years-long exploitation effort to a single network of vulnerability researchers in Chengdu, China.
Big Tech
Temu considers joining European anti-counterfeit group
Reuters
Helen Reid
Chinese online retailer Temu is considering joining a group of ecommerce platforms and brands that collaborate to prevent the sale of fake products online in Europe, according to a meeting agenda seen by Reuters. The "Memorandum of Understanding on the sale of counterfeit goods on the internet" is a voluntary agreement facilitated by the European Commission, and signatories include online retailers Amazon, Alibaba, and eBay, and brands like Adidas, Nike, Hermes and Moncler.
Apple told TikTok it’s unfit for young teens, new lawsuit details allege
The Washington Post
Cristiano Lima-Strong
Apple privately warned TikTok that the platform featured more mature content than was suitable for children under 17 and urged the company to raise the age range it recommends for users, according to newly unearthed communications in a state lawsuit against the social network.
Elon Musk's America PAC has created an election denial cesspool on X
WIRED
Vittoria Elliott
For months, billionaire and X owner Elon Musk has used his platform to share election conspiracy theories that could undermine faith in the outcome of the 2024 election. Last week, the political action committee (PAC) Musk backs took it a step further, launching a group on X called the Election Integrity Community. The group has nearly 50,000 members and says that it is meant to be a place where users can “share potential incidents of voter fraud or irregularities you see while voting in the 2024 election.”
Toxic X users sabotage Community Notes that could derail disinfo, report says
ArsTechnica
Ashley Belanger
What's the point of recruiting hundreds of thousands of X users to fact-check misleading posts before they go viral if those users' accurate Community Notes are never displayed? That's the question the Center for Countering Digital Hate is asking after digging through a million notes in a public X dataset to find out how many misleading claims spreading widely on X about the US election weren't quickly fact-checked. In a report, the CCDH flagged 283 misleading X posts fueling election disinformation spread this year that never displayed a Community Note. Of these, 74 percent were found to have accurate notes proposed but ultimately never displayed—apparently due to toxic X users gaming Community Notes to hide information they politically disagree with.
Microsoft: Chinese hackers use Quad7 botnet to steal credentials
Bleeping Computer
Lawrence Abrams
Microsoft warns that Chinese threat actors use the Quad7 botnet, compromised of hacked SOHO routers, to steal credentials in password-spray attacks. Quad7, also known as CovertNetwork-1658 or xlogin, is a botnet first discovered by security researcher Gi7w0rm that consists of compromised SOHO routers. Later reports by Sekoia and Team Cymru reported that the threat actors are targeting routers and networking devices from TP-Link, ASUS, Ruckus wireless devices, Axentra NAS devices, and Zyxel VPN appliances.
Artificial Intelligence
Chinese AI unicorn MiniMax scores big in US with Talkie chatbot entertainment app
South China Morning Post
Ben Jiang
Chinese artificial intelligence unicorn MiniMax has become the mainland’s latest social-media star overseas, on the back of its popular Talkie chatbot entertainment app. Data from market research firm Sensor Tower showed that Talkie – part of the fast-growing “companion AI” market segment – was the fourth most-downloaded AI app in the United States in the first half of 2024, ahead of Google-backed rival Character.ai which ranked 10th.
Misc
Shopping scam sprawled across thousands of websites, bilked ‘tens of millions of dollars’
The Record by Recorded Future
Joe Warminsky
Crooks potentially defrauded hundreds of thousands of consumers by hacking legitimate shopping websites and redirecting people to fake online shops that sold hard-to-find items but never shipped them, according to cybersecurity researchers. The long-running scheme involved malicious code that “creates fake product listings and adds metadata that puts these fake listings near the top of search engine rankings for the items, making them an appealing offer for an unsuspecting consumer,” Satori Threat Intelligence said Thursday.
Judges are using algorithms to justify doing what they already want
The Verge
Lauren Feiner
When Northwestern University graduate student Sino Esthappan began researching how algorithms decide who stays in jail, he expected “a story about humans versus technology.” On one side would be human judges, who Esthappan interviewed extensively. On the other would be risk assessment algorithms, which are used in hundreds of US counties to assess the danger of granting bail to accused criminals. What he found was more complicated — and suggests these tools could obscure bigger problems with the bail system itself.
The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.