Cyber Week in Review: September 30, 2022
Facebook takes down Russian and Chinese social media influence operations
Meta released a report on Tuesday reporting their removal of Russian and Chinese social media influence operations targeting users worldwide. Meta reported that the discovered Chinese operation was primarily targeting users in the United States and the Czech Republic, and aimed to influence U.S. users' attitude on domestic politics and Czech users’ attitudes on Czech foreign policy. Benn Nimmo, Meta’s global intelligence lead, called this operation a “new direction for Chinese influence operations.” Chinese influence operations previously focused on criticizing American foreign policy on a broader scale and rarely imitated American users. Meta also disrupted what it called the “largest and most complex Russian-origin operation” it has observed since the beginning of the war in Ukraine, which consisted of over sixty websites impersonating legitimate news organizations, such as The Guardian and Der Spiegel, to promote pro-Russian content in Europe. Meta has taken down other major social media influence campaigns in the last month, including the first publicly known pro-Western social media influence operation, which was documented in a report from Graphika and the Stanford Internet Observatory.
UN elects next head of major telecommunications standards body
United Nations Member States elected the next Secretary-General of the International Telecommunication Union (ITU), which is responsible for setting standards for most information and communications technology, on Thursday in Bucharest, Romania. The campaign was widely seen as a contest between an authoritarian and democratic vision of the internet. There were two main candidates, Doreen Bogdan-Martin, a former U.S. Department of Commerce expert on telecommunications who joined the ITU in the 1990s, and Rashid Ismailov, former deputy minister for Russia’s telecommunications ministry. Bogdan-Martin focused her platform on increasing the ITU’s efficiency, while Ismailov advocated state digital sovereignty and countering American dominance over the internet. The Member States elected Bogdan-Martin by a vote of 139 for and 25 against. She will replace the previous ITU Secretary-General, Chinese telecoms engineer Zhao Houlin.
Russian APTs likely using some hacktivist groups as cover for cyber operations
Diplomacy and International Institutions
Russian threat actors have likely worked with, or in some instances directed, hacktivist groups following the start of the Russian invasion of Ukraine, according to a new report from Mandiant. Three groups, XakNet, Infoccentr, and CyberArmyofRussia_Reborn, are coordinating their operations with Russian threat actor APT 28, which is sponsored by Russia’s Main Intelligence Directorate (GRU). In at least two cases, the hacktivist groups leaked data from sources which had been hit by APT 28’s wipers less than twenty four hours before. Hacktivists are frequently used as cover for state-sponsored cyber operations, and Russian security organizations are no exception. Hacktivists have served as cover in several high-profile Russian hacks and influence operations, including the Guccifer 2.0 persona, which was used to distribute stolen documents and hurt the candidacy of Hillary Clinton during the 2016 elections.
Proton VPN pulls out of India after new regulations implemented
Swiss virtual private network (VPN) service ProtonVPN is pulling their servers out of India this week after India’s Computer Emergency Response Team (CERT), an Indian government body appointed to address cybersecurity threats, began enforcing new data collection regulations on September 25. The new CERT regulations require VPN operators to collect and maintain customer information including names, email addresses, and IP addresses for at least five years. Other VPN providers such as ExpressVPN and SufsharkVPN pulled physical servers out of the country following the initial announcement of these regulations in April. ProtonVPN released a statement on Twitter saying that the provider is removing its VPN servers in India to “protect the privacy of our community due to India’s new surveillance law.” India’s implementation of data collection laws follows the country’s recent actions to regulate social media content on platforms like Facebook, WhatsApp, and Twitter.
Unfounded “China coup” rumor spreads over Twitter, showing how disinformation can be spread online
Over the weekend, Twitter feeds were inundated with unsubstantiated rumors of a coup wherein Chinese President Xi Jinping was placed under house arrest and replaced by General Li Qiaoming as the leader of the People’s Liberation Army (PLA). The rumors were amplified by Twitter’s “deeply flawed trending list” along with false information surrounding flight cancellations in China. By Sunday, the “#ChinaCoup” hashtag had garnered over thirty two thousand interactions and tweets and had been covered by several media outlets in India and the United States. Speaking to CyberScoop, Dakota Cary, a China-focused consultant at the cybersecurity firm Krebs Stamos, said that “[the speed at which the rumors were embraced by the public] says a lot more about where DC is at in terms of consumption on China and knowing who has expert opinions and who doesn’t.” On Wednesday, Xi made a televised appearance to an exhibition in Beijing, effectively squashing rumors of the suspected regime change in China.
Diplomacy and International Institutions