Cybersecurity to be central to new Australia-EU security pact | Pro-Israel hackers claim cyberattack on Iranian bank | The US says replacing Huawei towers counters China's malign influence

Russian government-linked social engineering targets app-specific passwords

Good morning. It's Thursday, 19th of June.

The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.

Follow us on X, on LinkedIn, and on BlueSky.

• Pro-Israel hackers have claimed a cyberattack on an Iranian bank, which has experienced outages and issues over the last few days. CyberDaily

• Australian Prime Minister Anthony Albanese has announced 18 June that Australia will soon enter into negotiations to establish a Defence and Security Partnership with the European Union. CyberDaily

• The US is claiming that the tower replacement is necessary to counter China’s malign influence. Newsroom Panama

World

Scattered Spider hackers targeting insurance industry following retail hits, Google warns
The Record by Recorded Future
Jonathan Greig
A group of hackers behind a recent string of attacks on retail stores in the U.K. and U.S. has shifted its focus to insurance firms in recent days, according to cybersecurity researchers. Security analysts at Google’s Threat Intelligence Group published a warning this week to insurance companies, writing that it is “now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity. “Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers,” said John Hultquist, chief analyst at the company.

Australia

Cyber security to be key plank of new Australia-EU security pact
CyberDaily
David Hollingworth
Australian Prime Minister Anthony Albanese has announced 18 June that Australia will soon enter into negotiations to establish a Defence and Security Partnership with the European Union. “We see this as an important framework for our current and future cooperation in areas like defence industry, cyber- and counter-terrorism. And we will have our respective ministers progress that over the coming weeks. But we hope to conclude those discussions pretty quickly. "At a time of global uncertainty, it is our collective responsibility to work together to uphold peace, security and economic prosperity."

• Europe and Australia commit to security and defence partnership
  European Commission’s Press Corner
  European Commission President Ursula von der Leyen and European Council President Antonio Costa met Prime Minister Anthony Albanese today and agreed to start negotiations on a Security and Defence Partnership at the G7 Leaders' Summit in Alberta, Canada. The Partnership will provide a framework for current and future cooperation including in areas such as defence industry, cyber and counter-terrorism. Existing SDPs the EU has with other countries include cooperation on cyber, countering hybrid threats, maritime security, non-proliferation and disarmament, space and economic security.

Big super warned that AI is a carbon ‘time bomb’
Financial Times
Amelia McGuire
Companies using artificial intelligence and superannuation funds with big tech investments have been warned that the emissions caused by the enormous amounts of energy required to power AI could be a time bomb for their sustainability strategies. Generative AI use among corporate Australia has soared over the past two years and has become embedded in most industries, driving massive investment in AI-linked sectors including data centres, software and advanced chip-making.

Spender calls for revenue-based tax on Big Tech
InnovationAus
James Riley
Federal teal independent MP Allegra Spender has called for the Albanese government to impose a revenue-based Digital Services Tax on Big Tech multinationals to protect the nation’s tax base. In a submission to the Productivity Commission’s ‘5 Pillars Productivity Inquiries’, Ms Spender said changes to the economy – especially through AI – needed to ensure tax settings are “robust” and capable of collecting revenue from companies with significant businesses in this country. Other parts of the world had introduced digital services taxes to address the erosion in the tax base, given the ease with which multinational tech providers are able to shift profits to low tax jurisdictions.

• Defence initiates testing $30m in anti-drone tech for troops
  InnovationAus
  Justin Hendry
  Defence has begun testing wearable technologies from almost a dozen local and overseas companies to protect Australian troops against kamikaze drone attacks while on patrol. InnovationAus.com can reveal the department has signed the first contracts under its Counter small Uncrewed Aerial System program, known as LAND156, at a cost of nearly $30 million. Among the companies to secure a contract is DroneShield, the rapidly growing Australian counter-drone device-maker which has supplied counter-done equipment to Ukraine.

NSW Police to embark on $126m IT overhaul
iTnews
Ry Crozier
NSW Police is set for a major technology upgrade program of work covering its cyber security, networks and payroll systems. The state government revealed the program of works would be funded with $125.8 million in the imminent NSW budget. The state government revealed the program of works would be funded with $125.8 million in the imminent NSW budget. Some $50 million will be put into a “critical network program” that will see the force “upgrade outdated network devices, improve enterprise capabilities, and build a modern network.”

China

Viasat identified as victim in Chinese Salt Typhoon cyberespionage, Bloomberg News reports
Reuters
Viasat Inc, opens new tab has been identified as a victim of the Chinese-linked Salt Typhoon cyberespionage operation during last year's presidential campaign, Bloomberg News reported on Tuesday. The breach at the satellite communications firm was discovered earlier this year and Viasat has been working with the government in the aftermath, the report said, citing people familiar with the matter. Viasat and its independent third-party cybersecurity partner investigated unauthorized access through a compromised device but found no evidence of customer impact, the company said in a statement.

China pushes digital yuan to drive multi-polar currency system
InnovationAus
Winnie Zhou and Samuel Shen
The head of China’s central bank pledged to expand the international use of the digital yuan and called for the development of a multi-polar global currency system, where several currencies dominate the world economy. China will establish an international operation centre for e-CNY in Shanghai, People’s Bank of China governor Pan Gongsheng said on Wednesday at the Lujiazui Forum, a high-profile gathering of local and foreign financial industry executives and regulators. The remarks come in the wake of renewed appetite for a global yuan, as international trade tensions sparked by US tariff policies prompt investors to seek alternatives to dollar-based investments.

USA

The US is choosing to replace the Chinese Huawei telecommunications towers in Panama, and the Panama government is complying
Newsroom Panama
The US is claiming that the tower replacement is necessary to counter China’s malign influence. The U.S. Embassy in Panama announced this Wednesday, June 11, that, in conjunction with the Ministry of Public Security, it will replace telecommunications equipment from the Chinese company Huawei—installed in 13 locations across the country—with U.S. technology considered more secure. This $8 million project, funded by the United States, will add seven new communications towers in four provinces, significantly expanding coverage, he added.

• China condemns US ‘malign influence’ over Panama’s plan to replace Huawei towers
  South China Morning Post

  Igor Patrick
  Following a US announcement of a project in Panama to replace communications towers installed by Chinese telecoms giant Huawei Technologies, Beijing has condemned what it calls Washington’s “malign influence” in Latin America. Chinese Foreign Ministry spokesman Guo Jiakun said on Monday that the region was “not the backyard of anyone” and accused the US of “politicising economic, trade and scientific and technological issues”.

• Huawei and ZTE take AI to Belt and Road, shrugging off US sanctions
  Nikkei Asia
  Itsuro Fujino

  Top Chinese telecom equipment suppliers Huawei Technologies and ZTE are stepping up marketing of their AI services in Belt and Road countries as the U.S. tightens sanctions targeting Chinese technology companies. Huawei Deputy Chairman Eric Xu, now serving as rotating chairman, delivered a pitch Wednesday in a keynote address at the MWC Shanghai industry exposition. "We're ready and willing to work together, helping carriers explore opportunities unique to them and carve out the right pathways to long-term, sustainable growth," Xu said.

DOJ seizes record $225 million in crypto tied to global ‘pig butchering’ scams
Consumer News and Business Channel
MacKenzie Sigalos
The Justice Department announced Wednesday the largest-ever U.S. seizure of cryptocurrency linked to so-called “pig butchering” scams that have cost victims billions globally. Federal prosecutors filed a civil forfeiture action targeting more than $225 million in cryptocurrency traced to a sprawling web of fraudulent investment platforms. Victims were tricked into believing they were investing in legitimate crypto ventures, only to be scammed by criminal networks often operating overseas.

US critical networks are prime targets for cyberattacks. They’re preparing for Iran to strike
Politico
Maggie Miller
The organizations representing critical networks that keep the lights on, the water running and transportation systems humming across the U.S. are bracing for a possible surge of Iranian cyberattacks. Virtually every critical infrastructure sector is on high alert amid a deepening conflict between Iran and Israel, though no major new cyber threat activity has been publicly reported so far.

Cybersecurity takes a big hit in new Trump executive order
Ars Technica
Cybersecurity practitioners are voicing concerns over a recent executive order issued by the White House that guts requirements for: securing software the government uses, punishing people who compromise sensitive networks, preparing new encryption schemes that will withstand attacks from quantum computers, and other existing controls. The executive order, issued on June 6, reverses several key cybersecurity orders put in place by President Joe Biden, some as recently as a few days before his term ended in January.

Elon Musk's X sues New York over content moderation law
Reuters
Jonathan Stempel
Elon Musk's X Corp sued New York's attorney general on Tuesday, challenging the constitutionality of a state law requiring social media companies to disclose sensitive information about how they monitor hate speech, extremism, disinformation and other content. The complaint filed in Manhattan federal court said New York's law compels disclosure of "highly sensitive and controversial speech" that is protected by the First Amendment and disfavored by the state.

• Accounts peddling child abuse content flood some X hashtags as safety partner cuts ties
  NBC News

  Ben Goggin
  When Elon Musk took over Twitter in 2022, he said that addressing the problem of child sexual abuse material on the platform was his “top priority.” Three years later, the problem appears to be escalating, as anonymous, seemingly automated X accounts flood hashtags with hundreds of posts per hour advertising the sale of the illegal material. At the same time, Thorn, a California-based nonprofit that works with tech companies to provide technology that can detect and address child sexual abuse content, told NBC News that it had terminated its contract with X. Thorn said that X stopped paying recent invoices for its work, though it declined to provide details about its deal with the company citing legal sensitivities.

• Exclusive: Musk's xAI on track to raise $5 billion in fresh debt, following modest demand
  Reuters
  Matt Tracy, Echo Wang and Davide Barbuscia
  Elon Musk's xAI is on track to close on a $5 billion debt raise led by Morgan Stanley, despite tepid investor demand, according to two people familiar with the matter. The $5 billion debt sale, which includes a floating-rate term loan, a fixed-rate loan and secured bonds, will be allocated to investors on Wednesday, the two people said, asking not to be identified because the deal is private. xAI did not immediately respond to a request for comment while Morgan Stanley declined. The xAI offering, which was reported on June 2 as Musk and U.S. President Donald Trump traded barbs over social media, did not receive overwhelming interest from high-yield and leveraged loan investors, said five people briefed on the deal.

• Elon Musk’s X sues New York over hate speech and disinformation law
  The Guardian
  Elon Musk’s X Corp filed a lawsuit on Tuesday against the state of New York, arguing a recently passed law compelling large social media companies to divulge how they address hate speech is unconstitutional. The complaint alleges that bill S895B, known as the Stop Hiding Hate Act, violates free speech rights under the first amendment. The act, which the governor, Kathy Hochul, signed into law last December, requires companies to publish their terms of service and submit reports detailing the steps they take to moderate extremism, foreign influence, disinformation, hate speech and other forms of harmful content.

Americas

Latin American countries to launch own AI model in September
Reuters
Fabian Cambero
A dozen Latin American countries are collaborating to launch Latam-GPT in September, the first large artificial intelligence language model trained to understand the region's diverse cultures and linguistic nuances, Chilean officials said on Tuesday. This open-source project, steered by Chile's state-run National Center for Artificial Intelligence alongside over 30 regional institutions, seeks to significantly increase the uptake and accessibility of AI across Latin America. Chilean Science Minister Aisen Etcheverry said the project "could be a democratizing element for AI," envisioning its application in schools and hospitals with a model that reflects the local culture and language.

EU

EU says AliExpress failed to stop illegal sales in DSA probe
Bloomberg
Gian Volpicelli
The European Union escalated a probe against Alibaba Group Holding Ltd.’s e-commerce service AliExpress, accusing it of failing to tackle the spread of illegal products on its platform. The EU’s executive arm on Wednesday unveiled a detailed list of grievances against China-owned AliExpress, which had been under investigation since March 2024 under the bloc’s content moderation rulebook the Digital Services Act. AliExpress doesn’t adequately moderate the goods sold on its website and fails to “appropriately enforce” its penalty policy against sellers who repeatedly post illegal content, the European Commission said in a statement. The commission’s preliminary findings put the platform at risk of a fine.

Southeast Asia

Pro-Cambodian hacktivists launch attacks on Thai government sites amid border dispute
The Record by Recorded Future
James Reddick
Cambodian hacktivist group has ramped up cyberattacks against Thai entities following a flare-up in a long-running dispute between the two countries over contested border areas. The AnonsecKh group, which goes by Bl4ckCyb3r on Telegram, claimed at least 73 attacks on Thai organizations in the two weeks following a May 28 incident in which a Cambodian soldier was killed in a skirmish with Thai forces, the cybersecurity company Radware said. The countries have for decades disagreed over ownership of pockets of land along their 500-mile border, with the 11th-century Preah Vihear Temple the flashpoint of the conflict. The United Nations International Court of Justice has ruled multiple times that the complex belongs to Cambodia.

Ukraine - Russia

Russian government-linked social engineering targets app-specific passwords
University of Toronto
John Scott-Railton, Rebekah Brown and Bill Marczak
In recent years, users’ familiarity with common phishing tactics, increasingly advanced detection and blocking by platforms, and the rise in use of Multi-Factor Authentication, have all contributed to changes in the ways that attackers phish accounts. The introduction of more secure forms of MFA, such as hardware security keys, has also closed off certain avenues of social engineering. These pressures, among others, are driving attackers towards more complex social-engineering tactics, and more technically sophisticated attack frameworks, including targeting MFA.

Middle East

Pro-Israel hackers claim cyber attack on Iranian bank
CyberDaily
Daniel Croft
According to Iranian news publication Iran International, Bank Sepah was experiencing widespread disruptions, with a number of branches closed, and customers unable to access their accounts. Cards issued by Kosar and Ansar, which are both linked to the Iranian military, were not functioning. Now, Pro-Israeli hacking group Predatory Sparrow, also known as Gonjeshke Darande, claimed responsibility for the outages, citing a cyberattack. “We, Gonjeshke Darande, conducted cyberattacks which destroyed the data of the Islamic Revolutionary Guard Corps’ Bank Sepah,” the group wrote on X.

• Iran’s financial sector takes another hit as largest crypto exchange is targeted
  CyberScoop
  Matt Kapko
  Cyberattacks targeting Iran’s financial sector widened Wednesday, as a pro-Israel hacktivist group stole more than $90 million from Nobitex, the country’s largest cryptocurrency exchange. The attack marks the second attack on Iran’s financial systems in as many days. Predatory Sparrow, the group that self identifies as Gonjeshe Darande in Persian, claimed responsibility for the attack on Nobitex in a social media post early Wednesday. Less than 24 hours prior, the hacktivist group said it attacked the Iran state-owned Bank Sepah, resulting in service disruptions.

Big Tech

Big Tech pushes for 10-year ban on US states regulating AI
Financial Times
Alex Rogers and Stephen Morris
Big Tech companies are backing a lobbying campaign to pass a 10-year ban on US states regulating artificial intelligence models, in a controversial move that has split the AI industry and Donald Trump’s Republican party. Lobbyists acting on behalf of Amazon, Google, Microsoft and Meta are urging the Senate to enact a decade-long moratorium on individual states introducing their own efforts to legislate AI, according to people familiar with the moves.

AWS’ custom chip strategy is showing results, and cutting into Nvidia’s AI dominance
Consumer News and Business Channel
Kristina Partsinevelos
Amazon Web Services is set to announce an update to its Graviton4 chip that includes 600 gigabits per second of network bandwidth, what the company calls the highest offering in the public cloud. Ali Saidi, a distinguished engineer at AWS, likened the speed to a machine reading 100 music CDs a second. Graviton4, a central processing unit, or CPU, is one of many chip products that come from Amazon’s Annapurna Labs in Austin, Texas.

The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security Programs team at ASPI and supported by partners.