Cyber Week in Review: March 31, 2023

Biden signs executive order restricting use of commercial spyware

On Monday, U.S. President Joe Biden issued an executive order that prohibits government departments and agencies from using commercial spyware that poses risks to national security or has been misused by foreign actors to enable human rights abuses. The order establishes several risk indicators for counterintelligence, security and use, directs new reporting and information-sharing requirements in different spyware packages, and provides remedial steps for commercial spyware vendors to reduce identified risks. The long-awaited order reflects concern in the Biden administration about how powerful hacking tools can be used by both authoritarian governments and democracies to stifle opposition voices or target journalists, and was accompanied later in the week by a joint statement from ten other countries and the United States announcing their intention to partner to counter the misuse of commercial spyware . The EO and the joint statement were part of a series of technology initiatives the US government publicized during the second Summit for Democracy. 

China launches new initiative promoting AI use in scientific research 

China’s Ministry of Science and Technology (MOST) and National Natural Science Foundation (NSFC) jointly launched “Artificial Intelligence for Science,” an initiative to promote the integration of artificial intelligence (AI) into key science and technology fields, including drug development and gene research. Under the plan, MOST has pledged to innovate AI models and algorithms and work to construct a “national open innovation platform for the new generation of AI public computing power,” among other methods of promotion for the use of AI in scientific research. The initiative’s launch comes at a time where AI has become a focal point in Chinese policy toward technological development, as the country seeks to become a “global leader” in the sector by 2030. 

Twitter source code leaks 

Parts of Twitter’s source code were leaked online, according to a legal filing by the social media platform. The code was posted on the code-sharing platform GitHub and appeared to have been public for several months. GitHub complied with Twitter’s request to remove the code, but was subpoenaed by a California court on Tuesday to identify the person who shared the code and any others who downloaded it. GitHub will have until April 3 to identify involved users. The account that posted the code used the name “FreeSpeechEnthusiast,” in an apparent reference to Musk calling himself a “free speech absolutist.” Twitter has seen several instances of sensitive data being made visible in recent years, including a misconfigured API publicized in January of this year that hackers used to scrape the email addresses used by over 200 million Twitter accounts.  

Leaked files from Russian military contractor detail cyber capabilities 

A disgruntled employee leaked documents from the Russian military contractor NTC Vulkan earlier this week. The documents, which are dated from 2016 to 2021, detail vulnerability scanning, cyberattack, and information warfare systems the Russian government bought from Vulkan, including some systems which were likely used by the threat actor Sandworm. Vulkan developed at least three systems for Russian operators: Scan, a platform for vulnerability detection and data collection; Amesit, a mapping system to support and gather data for information warfare operations and cyberattacks against critical infrastructure; and Krystal-2B, a training system for practicing attacks on transportation and utility systems. While experts are unsure whether some of the systems are for practice or could actually enable an attack on critical infrastructure, others appear to have been deployed several times, including as part of Russia’s efforts to influence the outcome of the 2016 election.  

Supply chain attack hits enterprise phone provider 3CX 

3CX, a company that makes the popular voice and video conference app 3CXDesktopApp, said that a recent update to its product had been compromised with malware. The company’s products are used by many major firms, including Toyota, the UK’s National Health Service, PwC, and Pepsi, among others, and cybersecurity analysts said that upwards of one thousand organizations could be affected by the hack. The malicious update included information-stealing malware, and parts of the infrastructure to support the attack have been active since February 2022. The cybersecurity firm CrowdStrike said that the attack was likely the work of North Korea’s Lazarus Group, although other firms cautioned that it was too early for them to make an assessment.