Friday, June 23, 2023
The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines, broken down by region of the world:
In the Americas
Biden, India’s Modi Sign Key Defense Deals. President Joe Biden and Indian Prime Minister Narendra Modi finalized a series of deals on Thursday to bolster U.S.-Indian ties. Besides agreements to boost collaboration on emerging technologies, such as quantum computing, artificial intelligence and renewable energy, the two leaders also sealed major defense deals. Most notably, Biden and Modi came to a “landmark agreement” to allow General Electric to manufacture fighter jet engines in India, as well as a deal for India to acquire MQ-9B Predator armed drones from General Atomics. Modi said U.S. has “become one of our most important defense partners,” and that cooperation in defense tech research and supply chains “should be taken to greater heights.” Separately, Biden and Modi also welcomed an announcement by U.S. semiconductor manufacturer Micron Technology, which said it will invest up to $825 million in a new assembly and test facility in India. Biden and Modi also jointly called on Pakistan to take “immediate action” to counter “cross-border terrorism” into India. Meanwhile, U.S. lawmakers and activists have urged Biden to raise human rights concerns during talks. Modi added in a rare joint press conference that “there is no space for any discrimination” in his government and that he does not need to do more to improve rights of Indian Muslims and counter religious discrimination. His comments go against reports of abuses by rights groups, the U.N. and the U.S. State Department. The Cipher Brief Bloomberg Politico Nikkei Asia Reuters
Biden Says He Is Still Expecting to Meet China’s Xi, Despite Beijing’s Anger at ‘Dictator’ Comment. President Joe Biden on Thursday defended his recent comment calling Chinese President Xi Jinping a “dictator,” saying that he does not think such remarks will have a major negative impact on U.S.-China relations. Biden said his statements on China are “just not something I’m going to change very much,” and that he still expects to meet with Xi “sometime in the future, near-term.” China's leadership called his words “open political provocation.” Chinese Ambassador Xie Feng said that Washington “should take earnest actions to undo the negative impact” of Biden’s comments, or “bear all the consequences,” while its embassy put out a statement saying it “question[s] the sincerity” of US attempts to improve relations. Chinese media did not cover Biden’s comments on Thursday, and a U.S. State Department spokesperson said that Biden’s comments which are “blunt and forthright about our differences” do not mean Washington wants to stop diplomacy; and Biden administration officials have pointed out that he always purposefully points out the distinctions between democracies and autocracies. Associated Press South China Morning Post Reuters
U.S. Navy Heard What It Believed Was Titan Implosion, U.S. Navy officials said on Thursday that a top-secret acoustic detection system designed to spot enemy submarines picked up what the Navy now suspects was the implosion of the Titan submersible hours after the vessel started its descent. Defense officials say that shortly after the Titan lost communications, the Navy’s system detected an “anomaly” consistent with an implosion in the area where the submersible went missing and debris from the vessel was later found. While the sound could not be definitively linked to the Titan, the Navy reported its findings to the Coast Guard to assist in search and rescue efforts. All five people aboard the Titan are now believed to have died. Associated Press The Wall Street Journal
U.S. House Committee Advances Defense Bill. The U.S. House Armed Services Committee voted on Thursday to advance the National Defense Authorization Act for 2024. The $874 billion bill will establish an inspector general for Ukraine aid, increase cybersecurity cooperation between the Pentagon and Taiwan, advance efforts for the procurement of a naval nuclear cruise missile, and authorize the procurement of nine battle ships. It is the first of three defense bills that Congress is expected to address over the coming days. Despite overwhelming support, several members of Congress have criticized the bill for not keeping pace with current inflation rates and are planning to ask Congress to pass supplemental spending packages to work around the recently passed debt limit deal’s defense spending caps. Defense News Politico
Former Brazilian President Bolsonaro Faces Abuse of Power Charges. Former Brazilian President Jair Bolsonaro is in court on charges of abuse of political power and misuse of public media to spread distrust in the country’s electoral process. If found guilty, Bolsonaro could be barred from holding public office for up to eight years. Bolsonaro and his supporters claim that the charges are politically motivated and his lawyer has vowed to appeal the case to the Supreme Court if found guilty. Critics claim that Bolsonaro has long held anti-democratic beliefs and has repeatedly tried to undermine support for free elections by making persistent false claims about the country’s voting system. His remarks fueled pro-Bolsonaro protests after he lost the 2022 presidential election, culminating in the attack on government buildings in January by Bolsonaro supporters calling for a military coup. Al Jazeera CNN
Brazil’s Lula, South Africa’s Ramaphosa Discuss Ukraine War and BRICS. Brazilian President Luiz Inacio Lula da Silva said on Thursday that he had spoken with South Africa’s President Cyril Ramaphosa in Paris about an upcoming BRICS summit and the Russian conflict in Ukraine. Their discussion came after Ramaphosa and other African leaders visited Kyiv and Moscow to share their "perspective on finding peace in Ukraine," though their peace plan failed after being rejected by Russia’s President Putin. Lula also seeks to play a mediating role in the war, and even suggested that Western nations have prolonged and encouraged the conflict by arming Ukraine. The BRICS group of emerging nations, which includes South Africa, Brazil, Russia, India, and China, will hold a summit in August. Lula and Ramaphosa met at the New Global Financing Pact Summit in Paris. Reuters
Western Europe
Germany’s Scholz Warns China Against Using Force on Taiwan. German Chancellor Olaf Scholz told the German parliament that he warned China against using force to achieve territorial changes, specifically regarding Taiwan, in talks earlier this week. According to prepared remarks, Scholz told Chinese representatives at German-Chinese government consultations in Berlin that “we firmly reject all unilateral attempts to change the status quo in the East and South China Seas by force or Coercion. This is especially true for Taiwan.” He added that he was “also concerned about the human rights situation and the state of the rule of law in China,” likely referencing reported human rights abuses in Xinjiang and China’s crackdown on Hong Kong. Scholz’s comments come amid mounting tensions between Beijing and the West, namely the U.S. Reuters
Germany’s Scholz Offers Ukraine Security Assurances, No Swift NATO Membership. German Chancellor Olaf Scholz has pledged long-term security assurance to Ukraine but shied away from backing swift NATO membership for Ukraine. Scholz told German lawmakers that the upcoming NATO summit in Vilnius in July should focus on strengthening the combat power of Ukraine. NATO members are still debating as to what to offer Kyiv at the summit; while Ukraine and Eastern European states want steps for Ukrainian membership in NATO, some Western countries like the U.S. and Germany have warned that this could push the alliance to full war with Russia. Reuters
Denmark to Host Security Meeting on Ukraine. Officials on Thursday said that Denmark will be hosting a meeting in Copenhagen between national security advisors this weekend. The meeting is set to focus on the Ukraine war. The U.S. will be sending national security advisor Jake Sullivan and Under Secretary of State Victoria Nuland to the meeting. India, Brazil, China, and South Africa, which have maintained neutrality conflict, have been invited to the talks. South Africa’s foreign ministry confirmed that the country will send national security advisor Sydney Mufamadi and Foreign Minister Director-General Zane Dangor to the meeting. Associated Press ABC News
Central and Eastern Europe
Ukraine Urges Patience in Counteroffensive, Claims ‘Partial’ Success. Ukrainian officials are urging Western allies to be patient with the counteroffensive, pointing to Ukrainian President Volodymyr Zelensky’s recent comments to not expect rapid results like in a “Hollywood movie.” Ukrainian Deputy Defense Minister Hanna Maliar reiterated on state television on Friday that the “main strike” is still ahead, and that “every day we make progress.” Ukraine’s military also reported on Friday that it had made “partial success” toward “two areas in the southern front.” Maliar added that Russia launched a “large-scale” offensive in eastern Ukraine. Her comments, and other Ukrainian officials’ reassurances, come amid mounting criticism from Western officials that the Ukrainian counter-offensive is not having as much success as originally predicted. One official said that the counter-offensive is “not meeting expectations on any front,” as Russian forces are “competent” in their fortified defense with missile attacks, mines, and air power. Weather conditions have also slowed the progression for Ukrainian forces. However, the officials appeared to align with Ukraine in saying it is still early in the counteroffensive and that it is too soon to make full assessments of its impact. The officials noted that Ukrainian troops have been adapting well to changes in Russia’s tactics, and have become more skilled at targeting and downing Russian aircraft. U.S. Defense Secretary Lloyd Austin said that “there will continue to be battle damage” but Ukraine still holds “a lot of combat capability, combat power,” despite losing armored vehicles at the start of the counter-offensive. Al Jazeera CNN
Russian Shelling Kills Three in Southern Ukraine. Ukrainian officials report that Russian shelling in southern Ukraine killed three people on Friday. An artillery attack in Zaporizhzhia reportedly killed one person, while shelling on Kherson city, which was liberated from Russian occupation in November, killed two more. CNN
Russian Military Helicopter Crashes in Belarus. The Belarusian defense ministry reported that a Mi-24 military helicopter crashed in southwestern Belarus. The ministry said the helicopter’s crew was injured without providing further details. The activist group Belaruski Hayun, which documents the movement of Russian forces in Belarus, said the helicopter belongs to the Russian military. The group reported that it went down near the M- highway between the settlements of Ivatsevichi and Baranovichi, which hosts an air base of Belarus' Air Force, and posted photos and video footage of the alleged crash. One photo of the alleged crashed helicopter had a "Russia's Air Force" inscription. Kyiv Independent
Zelensky Warns of Zaporizhzhia Nuclear Power Plant Attack. Ukrainian President Volodymyr Zelensky on Thursday warned that Russia may be considering a “terrorist act” at the Zaporizhzhia nuclear power plant. He claimed that Ukrainian intelligence has found that Russia has prepared a “radiation leakage” attack, which he said would be another terrorist act similar to the destruction of the Kakhovka dam. Kremlin spokesman Dmitry Peskov rejected Zelensky’s accusation, calling it “another lie.” Zelensky’s warning came after Ukrainian intelligence said Russia had mined the Zaporizhzhia nuclear power plant, which is occupied by Russian forces. However, the IAEA has said it did not find evidence of mining during IAEA Secretary General Rafael Grossi’s visit to the plant last week. Kyiv Independent Newsweek
Ukraine Racing to Repair Power Grid in Preparation for Winter. Ukrainian Energy Minister German Galushchenko said on Thursday that in order to prepare for the upcoming winter, Kyiv is undertaking the largest campaign of repairs in modern history to restore and upgrade its power system. Missile and drone attacks by Russia have caused extensive damage to Ukraine’s power grid, resulting in blackouts and water outages for millions of Ukrainians during this past winter. According to Ukrenergo, the state owned power distributor, about 43% of the energy infrastructure has been damaged in air strikes and 70% of its substations have been attacked at least twice. In a bid to raise funds for the power grid repairs and upgrades, Ukraine has almost doubled electricity tariffs since June 1 in order to prepare for the winter, when energy consumption is highest. Reuters
Hungary’s Orban Urges Balkans Accession Into EU. Hungarian Prime Minister Viktor Orban on Thursday called for the quick accession of Bosnia and other Balkan countries into the EU. He argued that the bloc should not insist Balkan states meet conditions for membership and should instead make pre-accession EU funds available to bolster development and security in the region. Balkan countries — including Albania, Bosnia, Kosovo, Montenegro, North Macedonia and Serbia — are at different stages of the EU accession process, but it will likely take years for all of them to meet benchmarks on democracy, rule of law and economic reform to be admitted. Orban has long lobbied for fast accession of Balkan countries into the EU, arguing that it will reduce instability and increase economic growth in the region, as well as help Serbia stem illegal migration into the EU. Orban has even called for funds earmarked for Ukraine to be redirected to the Balkans. Reuters
Azerbaijan Rejects Guarantees for Ethnic Armenians in Nagorno-Karabakh. Azerbaijan’s foreign minister, Jeyhun Bayramov, has rejected a demand by the Armenian government for Azerbaijan to provide a special security guarantee for the over 12,000 ethnic Armenians living in the disputed Nagorno-Karabakh region. Bayramov said the Armenians in the region are sufficiently protected and that the demand to give them security guarantees amounts to interference in Azerbaijan’s affairs. Though there has been progress in peace talks over the region, tensions remain high between Azerbaijan and Armenia, namely over Baku’s checkpoint in the Lachin Corridor — the only road that connects Nagorno-Karabakh to Armenia — which Armenia said was established in order to “ethnically cleanse” the enclave through a blockade. The Azerbaijani government has denied these allegations. Reuters
Asia and Oceania
U.S. Coast Guard Ship Transited Taiwan Strait After Blinken’s Beijing Trip. The U.S. Navy’s 7th Fleet said that a U.S. Coast Guard ship made a “routine” transit through the Taiwan Strait on Thursday morning — shortly after U.S. Secretary of State Antony Blinken ended his trip to Beijing. The 7th Fleet said the transit demonstrated U.S. commitment to a free and open Indo-Pacific. Taiwan’s defense ministry said the Stratton sailed north and that the situation in the strait during the transit was “normal.” China’s defense ministry described the transit as “public hype,” while China’s coast guard said that Chinese ships trailed the ship “all the way.” Beijing will “resolutely” defend its sovereignty, security and maritime interests, it said. The announcement about the Stratton came a day after Taiwan reported a Chinese carrier strike group led by the Shandong sailed through the Taiwan Strait. Reuters
New Zealand PM Pushes Back on Biden Calling China’s Xi a ‘Dictator.’ New Zealand Prime Minister Chris Hipkins said on Thursday that he did not agree with President Joe Biden’s recent comments that Chinese President Xi Jinping is a “dictator.” Speaking to reporters, Hipkins added that “the form of government that China has is a matter for the Chinese people,” and that it would be up to them “if they wanted to change their system of government.” Hipkins’ comments come days ahead of a planned visit to China, in which he will lead a trade delegation that includes top New Zealand companies. Observers say that Hipkins’s remarks aim to set the stage for successful business and investment talks during his China visit, as well as distance himself from Beijing and Washington’s heightened tensions. China is New Zealand’s top trading partner. Reuters
South Korea Approves Permanent Deployment of THAAD U.S. Missile Defense System. South Korea’s defense ministry said the Terminal High Altitude Area Defense (THAAD) U.S. missile defense system has passed an environmental evaluation, paving the way for its permanent deployment in the country. The THAAD system was installed in South Korea’s southeastern air base of Seongju in 2017. It has not been operating at full capacity due to concerns by locals about the impact of the system’s electromagnetic radiation on their health. The ministry’s assessment concluded that the THAAD produces an “insignificant” amount of electromagnetic radiation below 0.2% of the safety standards. Local South Korean groups against the installation of the THAAD are challenging the assessment, saying it was hastily done and adding that they will continue to protest the THAAD. China said it will also protest the THAAD, saying that it can peer into Chinese airspace from its location. The U.S. and South Korea maintain that the THAAD is for self-defense, primarily to counter North Korean threats. Nikkei Asia Reuters Wall Street Journal
Indonesia Moves ASEAN Military Exercise Site Away From South China Sea. Indonesia said Thursday that it has moved the location of where it will host ASEAN’s first joint military exercises away from disputed waters in the South China Sea. The drills, which will be held in September, were meant to take place in the southernmost waters of the South China Sea, which China also claims. The drills will now take place in the South Natuna Sea in Indonesian waters, around Batam island at the mouth of the Malacca Strait. An Indonesian military spokesperson said the drills are “focused not on combat,” so the relocation further south is appropriate. Reuters
Fiji Reverses Plans to Change Taiwan Representative Office’s Name. Fiji has decided against moving forward with a plan to change the name of Taiwan’s representative office on the Pacific island nation. The office had been called the Trade Mission of the Republic of China to the Republic of Fiji and enjoyed full diplomatic privileges despite the lack of formal ties between Fiji and Taiwan. However, a more Beijing-friendly Fiji government downgraded the office title to Taipei Trade Office in Fiji, and stripped its diplomatic privileges in 2018. In March 2023, the Fiji coalition government said it would allow the restoration of the office’s former name and diplomatic privileges. But now, Taiwan’s foreign ministry said Fiji has paused this plan due to protests and alleged threats of “retaliatory actions” from China. The move is a diplomatic blow for Taipei, which is struggling to keep formal diplomatic allies and international recognition where it can. South China Morning Post
Middle East and Northern Africa
UAE President Meets With Iranian Foreign Minister. United Arab Emirates President Sheikh Mohammed bin Zayed Al Nahyan met with Iranian Foreign Minister Hossein Amirabdollahian in Dubai on Thursday. The two discussed bolstering cooperation between the UAE and Iran in various areas, according to Iranian state media. The meetings follow recent rapprochement moves between Saudi Arabia and Iran. Associated Press ABC News
Syria Bombing Kills Three. Syrian government forces launched an artillery attack on the village of Kafr Nouran near Aleppo on Wednesday, killing three people, including a child, and injuring 11 others, according to the Syrian Civil Defense. The White Helmets emergency volunteer group added that the attack coincided with an overflight of a Russian reconnaissance aircraft over the area. The group also said Syrian government forces shelled the towns and villages of Ziyara, Kaframa, and Kafrtall in northwestern Syria. These attacks came 10 days after Russian warplanes carried out approximately 10 attacks near the provincial capital Idlib and the village of Sheikh Barack in northern Syria, and following rceent peace talks in Astana. Al Jazeera
Saudi Arabia, Yemen Exchange Bodies of Fallen Troops. Saudi Arabia and their opponents in Yemen, the Houthi rebels, conducted an exchange of bodies of soldiers killed in the conflict between the warring sides on Wednesday. Saudi Arabia returned 58 bodies of Houthi rebels, while the Houthis returned the bodies of six Saudi soldiers. This is the third exchange of its kind since the Yemen civil war began in 2014. This exchange came amid largely stalled peace talks, as well as after the UN brokered a prisoner exchange between the two sides earlier this year, and days after the arrival of 273 pilgrims from Sanaa to Jeddah on Saturday for the Hajj, including the deputy head of the Houthi Military Committee, Yahya al-Razami. Associated Press Reuters The Cipher Brief
Israel Demolishes Home of Suspected Palestinian Attacker. Israeli forces on Thursday destroyed the home of Kamal Jouri, a Palestinian under suspicion for the murder of an Israeli staff sergeant. Jouri and a second suspect were arrested in February for the Israeli officer’s death, as they are suspected members of the Palestinian militant group Den of Lions. The Israeli military reported that its troops came under attack when destroying Jouri’s apartment in the West Bank city of Nablus, but it did not report any injuries. The Israeli government claims that destroying the homes of Palestinian attackers serves as a deterrent while critics state that the tactics amount to collective punishment. Associated Press
Sub Saharan Africa
Mali Rebels Warn UN Peacekeeper Withdrawal Will Threaten Peace Deal. A coalition of armed groups in Mali warned that the departure of the UN peacekeeping mission in Mali, known as MINUSMA, will deal a “fatal blow” to a peace accord between the groups and Mali’s military junta. Mali’s military government asked MINUSMA on Friday to leave “without delay,” citing long-standing distrust with the mission and anger at its failure to end Islamist violence in the country. While it is unclear if or when MINUSMA will leave, the coalition, known as the Permanent Strategic Framework for Peace, Security and Development (CSP-PSD), said if the mission leaves “without a credible alternative” it will threaten both Malian and regional security, and the wider peace between the groups and Mali’s military. MINUSMA’s mandate runs out on June 30. Experts say a withdrawal of the 13,000-troop peacekeeping force will take at least a year. Al Jazeera Reuters
U.S. Adjourns Sudan Peace Talks For Lack of Progress. U.S. Assistant Secretary of State for African Affairs Molly Phee announced on Thursday that the U.S. has adjourned peace talks on the Sudan war due to a lack of progress and repeated violations of armistices by side in the conflict. The U.S. and Saudi Arabia have sought to mediate the conflict, brokering truces between Sudan’s army and its paramilitary Rapid Support Forces, but there have been consistent breaches of ceasefires and continued fighting. Phee told a House Foreign Affairs Subcommittee hearing that such mediation efforts have been paused “because the format is not succeeding in the way that we want.” Phee urged other nations to act to help end the Sudan war. Reuters
Cyber and Tech
U.S. Cyber Advisor Notes Russia Surging Cyberattacks During Ukraine Counteroffensive. Anne Neuberger, the White House deputy national security advisor for cyber, told a Financial Times event in Washington Thursday that Russia has intensified its cyberattacks on Ukraine in response to Kyiv’s current counteroffensive. Neuberger observed that “Ukraine is currently experiencing a significant surge in cyberattacks in parallel to the kinetic aspects.” Neuberger did not provide details on the Russian cyber operations, but noted that Ukraine’s preparedness has demonstrated that the country “is a really great use case for cybersecurity.” She cited, in particular, Ukraine’s efforts to “double down” on protective measures, including disconnecting from the Russian energy grid and moving critical data to cloud repositories. TheRecord
Apple Issues Patch for Device Vulnerabilities Linked to Russian Spyware Allegations. Apple on Wednesday issued an urgent security update to patch vulnerabilities on all its operating systems that could have allowed takeovers of devices by threat actors. The vulnerabilities link back to an early June allegation by a Russian intelligence agency that Apple created the flaws to allow U.S. signals intelligence to compromise iPhones in use in Russia. Kaspersky security researchers who confirmed the original vulnerabilities said that they have “proactively collaborated with the Apple Security Research team by sharing information about the attack and reporting the exploits.” Kaspersky discovered malware on Apple devices that deployed after attackers gained root privileges. Traces of the malware disappeared after a reboot or after 30 days had passed if the implant was not extended. CyberScoop TheRecord
U.S. Largest Public Pension Fund, Major Accounting Firms Suffer MOVEit Breaches. Data from California’s public employees pension fund (CalPERS) system has been accessed by hackers targeting the MOVEit file transfer tool. CalPERS transfers data to a third party vendor to distribute payments to retirees. The information accessed could include names, dates of birth, and social security numbers. CalPERS has incorporated new procedures on the member benefit website since the hack and has created a contact point for victims, who have received mail notifications of the breach. The organization has advised victims to be alert to attempts at identity theft or fraud. CalPERS also confirmed that none of its systems were affected so that monthly pension payments will continue to be deposited. CalPERS manages more than $477 billion in assets for more than 1.5 million clients. The breach affects the data of retirees from the state, public agencies, school districts and the Judges’ Retirement System and Legislators’ Retirement System. Meanwhile, two of the world’s largest accounting firms – PriceWaterhouseCoopers and EY – also confirmed they were victims of MOVEit tool breaches after being added to the Clop ransomware leak site. TheRecord Financial Times
Australian Air Force Leader To Be Named Nation’s First Cybersecurity Chief. Australia has named a senior Air Force officer to become the country’s first cybersecurity czar. Air Vice-Marshal Darren Goldie will become the government’s first coordinator of cybersecurity, with the support of a National Office for Cyber Security within the Department of Home Affairs. The coordinator and national office will have the responsibility of coordinating responses from across the government to cyber hacks and threats. The formal announcement of the appointment is expected to be made Friday by Prime Minister Anthony Albanese and Home Affairs Minister Clare O’Neil. Goldie’s appointment comes in the middle of the country’s response to a cyberattack on the Australian law firm HWL Ebsworth, whose clients include the country’s four largest banks and government agencies. The Russia-linked threat group known known as BlackCat or AlphV claims to have published 1.45 terabytes of data stolen from the law firm on the dark web. Cabinet minister Murray Watt informed the Senate that the government is working with the law firm to determine the cyberattack’s scope and its impact on Commonwealth data. A former head of the Australian Defence Force’s information warfare division said the cyberattack showed the need for the new coordinator to reach across government and industry and exercise “authority to direct outcomes amongst government and industry.” Sydney Morning Herald
Canada Warns Chinese Intelligence Recruiting Assets Through Online Ploys. Online recruitment efforts by Chinese intelligence are attracting unwitting but “high-value” Canadian citizens, according to the Canadian Security Intelligence Service (CSIS). CSIS warned in a Twitter post Tuesday that LinkedIn and other online platforms were being used by Chinese intelligence to “identify people who are actively looking for jobs in strategic sectors or who have high-value credentials.” The Canadian agency revealed that targeted Canadians are first approached on social media platforms by Chinese “proxies” masquerading as HR officials or job recruiters. Subsequent conversations then migrate to messaging platforms such as WeChat or WhatsApp, where targeted Canadians are asked to prepare reports on possibly sensitive topics as paid “consultants.” The CSIS warning occurs as Canada deals with multiple instances alleging Chinese intelligence activities within the country. The Chinese Foreign Affairs Ministry did not respond to a South China Morning Post request for comment. South China Morning Post
Chinese Cyber Spies Focus on South & Central American Foreign Ministries. A Chinese cyber-espionage group employed new “backdoor” malware to penetrate foreign affairs ministry systems in Central and South America, Symantec researchers reported Wednesday. From late 2022 to early 2023, hackers identified as APT15 (also known as Nickel) targeted diplomatic headquarters in unidentified countries in the Americas as well as other government and commercial networks. The Chinese threat actor deployed a recently developed backdoor bug called Graphican, which Symantec researchers said uses Microsoft Graph API and OneDrive services to connect with an encrypted infrastructure address, “allowing hackers to remotely control compromised systems.” Graphican is then capable of creating and downloading files, and of executing malicious code without alerting the target system. According to BleepingComputer, the Chinese group has gone by a variety of names over the years — APT15, Nickel, Flea, Ke3Chang, and Vixen Panda – and has targeted public and private organizations since at least 2004. Among the malware implants and backdoors it has used are “RoyalCLI and RoyalDNS, Okrum, Ketrum, and Android spyware named SilkBean and Moonshine.” TheRecord BleepingComputer Bloomberg
WSJ Reports Presence of Huawei, ZTE Workers at China Spy Site in Cuba. Workers with the Chinese telecommunications companies Huawei and ZTE have been monitored by the U.S. entering the Chinese espionage facility in Cuba, according to unidentified sources. Both companies specialize in equipment that could be used to support eavesdropping operations, including network technology to transmit data to China. Statements from Huawei and ZTE described the report of the companies’ activity at the Cuba site as “groundless accusations” and “baseless,” respectively. U.S. officials have maintained that Beijing could use Chinese telecommunications companies in espionage operations. Consequently, the U.S. has attempted for years to persuade allies to shut Huawei out of their advanced telecommunications networks. Rep. Mike Gallagher, chairman of the bipartisan Select Committee on the Chinese Communist Party, noted in a letter to Director of National Intelligence Avril Haines and Commerce Department Secretary Gina Raimondo that in light of Beijing’s policy of using Chinese commercial entities to build up its military, it “is likely” that enhancement of China’s intelligence capabilities in Cuba is aided by Chinese telecommunications companies. Gallagher expressed the opinion that the firms’ existing business operations in Cuba could provide cover for Chinese intelligence officials to travel to and from the island. Wall Street Journal
Researchers Find Key AI Chatbots Fall Short of Draft EU Regulations over Copyright. Current iterations of generative AI tools like ChatGPT are likely to fall short of draft EU AI regulations according to Stanford University researchers. A key flaw concerns AI models trained on content including copyrighted material, which researchers said showed that “most providers are doing especially poorly on this.” Under the proposed EU AI Act, copyrighted content used to populate generative AI tools such as ChatGPT, Bard and Midjourney would have to be flagged so that authors could be compensated for their work. The study led by Rishi Bommasani, an AI researcher at the Stanford Center for Research on Foundation Models, ranked 10 AI models against the EU criteria for, among other things, data sources, disclosure of the technology’s energy consumption and computing requirements, and foreseeable risks associated with it. Six of the ten models scored less than 50 percent, and all ten were deficient in key areas. Researchers found that closed systems like OpenAI’s ChatGPT and Google’s PaLM 2 suffered from transparency issues around copyright, while open-source rivals were more transparent but harder to control. Financial Times Axios
U.S. and South Korea Agree to Step Up Cybersecurity Cooperation. The U.S. and South Korea have agreed to increase cyber security cooperation after a high-level cyber meeting in Washington this week. The meeting was the first under a new consultation channel between the White House and South Korea’s presidential office. There were no further details on the cyber cooperation arrangement. Reuters
Read deeply-experienced, expert-driven national security news, analysis and opinion inThe Cipher Brief
