Daily Drop (870): | KYBER to ML-KEM | The CN Phantom | Hezbol: Pagers | 2024 Matrix Cup | BlackRock AI $30 Bn | UA HUR | Alibaba Cloud: IN | SIX Stock Exchange | PK's Energy Sector | ZPMC: Modems |
09-18-24
Wednesday, Sept 18 2024 // (IG): BB // ScraperDaddy // Cloud Email Harvester
Meet the World's Most Elusive Arms Dealer: Karl Lee and His Role in Iran’s Missile Program
Bottom Line Up Front (BLUF): Karl Lee, a Chinese arms dealer, is credited with playing a critical role in Iran's missile development by supplying essential materials like aluminum and carbon fiber. Despite extensive U.S. efforts to disrupt his operations, he remains elusive, possibly protected by the Chinese government. Lee's contributions have been instrumental in transforming Iran into a missile superpower, with far-reaching implications for the region.
Analyst Comments: Karl Lee’s ability to operate undeterred for over two decades underscores the complexities of global arms control, particularly when state actors like China may shield individuals involved in illicit activities. His network has empowered Iran's missile capabilities, enabling proxies like Hezbollah and Hamas to engage in more sophisticated warfare. While U.S. sanctions and diplomatic pressure have sought to curb his influence, the international arms trade’s shadowy nature and the geopolitical interests of major powers like China and Russia make halting Lee’s operations exceedingly difficult. Lee's continued activity highlights the broader challenge of enforcing nonproliferation in a world of competing national interests.
FROM THE MEDIA: Lee’s story, as detailed in The Chinese Phantom, reveals the intricate workings of a global arms network that fuels conflicts across the Middle East. Despite multiple U.S. sanctions and attempts to pressure China, Lee’s access to critical materials for missile technology has empowered Iran and its proxies, posing a growing threat to regional and global security. The book provides a detailed investigation into his operations but ultimately leaves readers without a definitive conclusion on his fate—reflecting the ongoing challenges in tracking and apprehending such elusive figures in the international arms trade.
READ THE STORY: The Economist
Pro-Ukraine Hackers Disrupt Russian Digital Signature Agency
Bottom Line Up Front (BLUF): Pro-Ukraine hackers, in collaboration with Ukraine’s military intelligence (HUR), claimed a cyberattack on the Russian agency Osnovanie, disrupting digital signature services across Russia. The attackers compromised Osnovanie's infrastructure and defaced its website, warning that proceeds from the sale of compromised data would support Ukraine's military. The attack led to widespread service disruption, though Osnovanie insists that cryptographic keys were not compromised.
Analyst Comments: The attack on Osnovanie marks a significant digital offensive in the ongoing cyber conflict between Ukraine and Russia. By targeting a critical agency responsible for verifying digital signatures, the operation seeks to undermine trust in Russia’s digital infrastructure. Such actions highlight Ukraine’s growing cyber capabilities, amplified by collaborations with hacker groups like "BO Team." This is also a notable example of how the cyber dimension is being used to impact both military and civilian services in Russia, creating operational disruptions that align with broader strategic objectives in the Russia-Ukraine conflict.
FROM THE MEDIA: Pro-Ukraine hackers, working with Ukraine’s HUR, defaced the website of Osnovanie and temporarily disabled its services. Osnovanie, responsible for managing digital signatures used by Russian businesses, acknowledged the attack but downplayed its severity, stating that key data remains secure. The hackers, however, claim to have extracted terabytes of sensitive data and plan to sell it to support Ukraine’s military efforts. The attack reflects an increasing trend of cyber warfare, where Ukrainian actors target Russian critical infrastructure to create operational challenges while avoiding direct military confrontation.
READ THE STORY: The Record
Israel's Strike on Hezbollah's Communication Systems Signals Escalation in Proxy Conflict
Bottom Line Up Front (BLUF): A sophisticated attack on Hezbollah’s pager network in Lebanon and Syria killed over a dozen people and injured thousands. The operation, likely orchestrated by Israel’s intelligence agency, Mossad, appears to be part of an expanding conflict between Israel and Iran’s proxy forces. The timing of the attack raises concerns about the potential escalation of the broader regional conflict, especially as Hezbollah is a key player in Iran's "Axis of Resistance."
Analyst Comments: The strike on Hezbollah’s communication network demonstrates Israel’s determination to degrade Hezbollah's operational capabilities. By targeting outdated but still critical pager systems, Mossad has potentially disrupted Hezbollah’s command and control structure, signaling Israel's ability to infiltrate even rudimentary technologies. This move, alongside high-profile assassinations of leaders in Iran’s proxy network, appears to be part of Israel's broader strategy to weaken Iranian influence in the region. However, this kind of attack may provoke retaliation, escalating tensions further as both sides prepare for more direct confrontation.
FROM THE MEDIA: The pager explosions occurred across Hezbollah-dominated areas in Lebanon and parts of Syria, an unprecedented attack that left Lebanese and Hezbollah officials scrambling to assess the damage. Israel has not claimed responsibility, but the precision and scale of the attack are characteristic of Mossad’s previous operations. The use of outdated communication systems, initially seen as a way to avoid cyber infiltration, was turned against Hezbollah, potentially forcing the group to reassess its security measures. This attack may also embolden Israel to continue targeting Hezbollah’s infrastructure, while Hezbollah will likely seek revenge, adding another layer of volatility to an already fragile region.
READ THE STORY: FP
BlackRock and Microsoft to Launch $30bn AI Infrastructure Fund
Bottom Line Up Front (BLUF): BlackRock and Microsoft are launching a $30bn fund to build AI infrastructure, including data centers and energy projects, as AI technology creates significant power and infrastructure bottlenecks. Backed by Abu Dhabi’s MGX and advised by Nvidia, this fund will tackle the rising global need for energy-intensive AI development, with ambitions to raise up to $70bn in additional debt financing.
Analyst Comments: This partnership represents a strategic response to the increasing infrastructure strain driven by AI advancements, which require more energy than previous technologies. The collaboration underscores the growing intersection between AI, energy, and large-scale private capital. As AI becomes more critical to economic and industrial growth, investment in infrastructure like data centers and energy grids will become even more crucial, positioning this fund as a pivotal player in the next phase of AI-driven expansion.
FROM THE MEDIA: BlackRock and Microsoft’s $30bn Global AI Investment Partnership will address the energy and infrastructure demands of AI technology, which are expected to grow rapidly. The initiative will be supported by Abu Dhabi's MGX and advised by Nvidia. The fund aims to alleviate bottlenecks in power and digital infrastructure by leveraging investments in data centers and renewable energy projects. With AI expected to drive significant increases in electricity consumption, this collaboration is seen as a crucial step in meeting global demands for AI infrastructure.
READ THE STORY: FT
US Delays Decision on Nippon Steel’s $15bn US Steel Takeover
Bottom Line Up Front (BLUF): The US government extended its review of Nippon Steel’s proposed $15bn acquisition of US Steel, citing unresolved national security risks. With both President Joe Biden and Vice President Harris, along with former President Trump, opposing the takeover, the decision has been pushed back 90 days, making it unlikely to be settled before the 2024 election.
Analyst Comments: The delay reflects increasing protectionist sentiment in US politics, especially with the election looming. The opposition from both parties underscores concerns about foreign control over critical industries like steel, which has strategic importance for national security and defense. While Nippon Steel is attempting to address these security concerns, the political climate, particularly in swing states like Pennsylvania, will likely complicate the deal further.
FROM THE MEDIA: The Committee on Foreign Investment in the US (CFIUS) extended the review of Nippon Steel’s proposed acquisition due to unresolved security risks. Both President Biden and Harris have expressed firm opposition, as they aim to protect US jobs and industry, particularly in key swing states. Despite these concerns, Nippon Steel has pledged that US Steel would remain domestically run, but the extension means the fate of the deal now rests with the next US administration.
READ THE STORY: FT
China’s Matrix Cup Hacking Competition Raises Concerns Over Targeting Real Victims
Bottom Line Up Front (BLUF): VMware has released critical patches addressing two major vulnerabilities in its vCenter Server platform, including one that could allow remote code execution (CVE-2024-38812) with a severity score of 9.8/10. These vulnerabilities were discovered during China's Matrix Cup hacking competition, raising concerns about the use of such contests for potential state espionage.
Analyst Comments: The vulnerabilities highlight ongoing risks tied to zero-day discoveries emerging from state-affiliated hacking contests like China’s Matrix Cup. While such events promote cybersecurity talent, they may also serve national interests by stockpiling vulnerabilities for strategic exploitation. The fact that Chinese law requires disclosure of such findings to the state further complicates global cybersecurity efforts, as U.S. agencies and businesses become primary targets. VMware’s prompt patch underscores the need for continuous vigilance and rapid response in mitigating these severe threats, particularly as geopolitical tensions in cyberspace escalate.
FROM THE MEDIA: VMware has issued urgent security patches for critical vulnerabilities found in its vCenter Server platform, particularly a remote code execution flaw (CVE-2024-38812) rated 9.8/10 in severity. This vulnerability, along with a privilege escalation bug (CVE-2024-38813), was discovered during the 2024 Matrix Cup hacking competition in China. The contest, sponsored by prominent Chinese cybersecurity firms, raises concerns about potential exploitation for espionage purposes, as Chinese law mandates the disclosure of vulnerabilities to the state. VMware's patches cover vCenter Server versions 7.0, 8.0, and VMware Cloud Foundation, with no workarounds, making immediate patching critical for safeguarding systems. These vulnerabilities are part of a broader trend where Chinese state-backed hackers leverage zero-day exploits, a concern exacerbated by their frequent targeting of U.S. institutions.
READ THE STORY: Wired // SecurityWeek
Alibaba Strikes Cloud Deal with Indonesia's GoTo, Emphasizes Strategic Presence in Southeast Asia
Bottom Line Up Front (BLUF): Alibaba is deepening its involvement in Indonesia through a significant cloud services agreement with GoTo Group, a merger between Gojek and Tokopedia. The deal involves Alibaba Cloud supporting GoTo's digital infrastructure while Alibaba holds onto its GoTo shares for at least five years. This move positions Alibaba alongside other tech giants like Meta and Google, who have used similar strategies in countries like India to grow their market influence.
Analyst Comments: This partnership highlights China's growing ambition to dominate digital infrastructure in Southeast Asia, with Alibaba expanding its reach beyond e-commerce into critical cloud services. The deal strengthens GoTo's platform and aligns with Beijing's broader goals of extending its technological footprint globally, particularly in emerging markets. While GoTo faces profitability challenges, Alibaba's commitment signals long-term strategic interest in the region, mirroring Western tech investments that have spurred digital adoption in other nations.
FROM THE MEDIA: Alibaba's decision to engage with GoTo Group comes at a time when Chinese tech companies, like ByteDance with TikTok, are integrating themselves into Southeast Asia’s digital ecosystems. The non-binding memorandum of understanding between Alibaba and GoTo outlines cloud service support and collaboration on digital skills and AI development in Indonesia. The deal arrives as GoTo predicts its first profitable year, despite struggling to gain market share in Vietnam and Thailand. Meanwhile, Alibaba, facing declining stock prices, seeks overseas growth as a remedy.
READ THE STORY: The Register
Switzerland’s SIX Explores Launching Crypto Exchange for Institutional Investors
Bottom Line Up Front (BLUF): Switzerland’s SIX stock exchange is exploring the launch of a cryptocurrency trading platform targeting institutional investors. Leveraging its regulatory reputation and crypto-friendly laws, the exchange aims to compete with established players like Binance and Coinbase. The platform would offer both spot trading and derivatives, reflecting the growing acceptance of digital assets among global banks and asset managers.
Analyst Comments: Switzerland’s advanced regulatory framework around cryptocurrencies makes it an attractive hub for institutional trading. SIX’s potential entry into this market aligns with the broader trend of traditional finance firms cautiously entering the crypto space. While other exchanges have faced regulatory hurdles, SIX’s established reputation could provide a competitive edge, especially in attracting conservative institutional investors wary of the risks posed by less regulated platforms.
FROM THE MEDIA: SIX Group is evaluating the creation of a crypto trading platform to meet the increasing interest from traditional investors. With Switzerland’s crypto-friendly laws and a secure reputation, SIX aims to tap into the growing market of institutional investors exploring digital assets. While the platform is still in the exploration phase, it may follow the model of its existing digital exchange, which already lists digital bonds.
READ THE STORY: FT
VMware vCenter Flaw Allows Remote Code Execution, Urgent Patch Issued
Bottom Line Up Front (BLUF): VMware has issued patches to fix a critical vulnerability (CVE-2024-38812) in vCenter Server, which could lead to remote code execution. The flaw, rated 9.8 on the CVSS scale, affects the DCE/RPC protocol and could be exploited by attackers with network access. VMware has strongly urged users to update their systems to prevent potential exploits.
Analyst Comments: This vulnerability represents a severe risk to organizations using VMware vCenter Server, especially given its potential for remote exploitation. Although no malicious activity has been reported so far, the urgency of the patch highlights the need for swift action. The discovery during a cybersecurity competition underscores the importance of proactive vulnerability research and threat mitigation efforts. The privilege escalation flaw (CVE-2024-38813) further reinforces the need for users to apply these security updates without delay.
FROM THE MEDIA: The critical flaw was discovered by cybersecurity researchers during a competition in June 2024. In addition to CVE-2024-38812, VMware also addressed a privilege escalation issue (CVE-2024-38813), which could allow attackers to escalate privileges to root on affected systems. Patches have been released for VMware Cloud Foundation and vCenter Server versions 7.0 and 8.0, and users are strongly advised to apply the updates immediately. Meanwhile, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of the broader risks posed by such vulnerabilities.
READ THE STORY: THN
As China’s Nuclear Arsenal Expands, the US Must Reevaluate its Deterrence Strategy
Bottom Line Up Front (BLUF): China’s rapid expansion of its nuclear arsenal and strategic capabilities presents a new challenge for the United States. This transformation necessitates a reevaluation of US strategies and assumptions, particularly in a potential Taiwan crisis where China's nuclear options could escalate the conflict. As Beijing develops its nuclear triad, it may increasingly use its enhanced nuclear power to deter or compel opponents, raising the stakes for US and allied military planning.
Analyst Comments: The shift in China’s nuclear strategy signifies a departure from its previous minimal deterrence stance. This shift creates uncertainties about how China might behave in a high-stakes conflict, particularly involving Taiwan. A failure to account for China’s growing nuclear force in US strategic planning could lead to catastrophic miscalculations. The US must also address internal structural issues, such as siloed decision-making, which undermine effective responses to the evolving Chinese threat. Enhanced communication channels and contingency planning are crucial to preventing escalations, especially considering the global ripple effects a conflict over Taiwan could generate.
FROM THE MEDIA: China’s rapid development of its nuclear arsenal, space, and cyber capabilities represents a significant shift in the global strategic balance. The US and its allies must now account for a nuclear-armed China capable of more assertive actions, especially regarding Taiwan. A failed invasion of Taiwan could provoke China into considering nuclear options, making it imperative for the US to reassess its strategies, integrate cross-domain expertise, and enhance communication with Beijing to prevent miscalculations.
READ THE STORY: AC
Chinese Solar Panel Boom in Pakistan Sparks Growth, Strains Debt-Ridden Power Grid
Bottom Line Up Front (BLUF): Pakistan’s energy sector is seeing a rapid shift as businesses install Chinese-imported solar panels to offset the soaring costs of grid electricity. This trend, fueled by rising power tariffs and cheap solar imports, is exacerbating the country’s existing power grid debt while leaving low-income consumers vulnerable to increased prices.
Analyst Comments: Pakistan’s energy crisis reveals a complex dilemma: while the adoption of solar panels helps businesses reduce costs and align with global environmental goals, it is accelerating the financial strain on the national power grid. The shift to solar is driven by the need for cost savings, but as wealthier households and businesses opt out of the grid, low-income consumers are left to shoulder rising energy costs, which could further destabilize the country’s already fragile economy.
FROM THE MEDIA: Businesses across Pakistan are increasingly turning to cheap Chinese solar panels to mitigate the rising costs of grid electricity. Solar imports surged by $1.4 billion in the first half of 2024, driven by a mix of economic necessity and corporate sustainability pressures. However, this trend risks exacerbating Pakistan’s energy woes as grid power becomes unaffordable for those who cannot afford solar alternatives, deepening the nation’s $9 billion energy debt.
READ THE STORY: FT
Meta Bans Russian State Media, Kremlin Responds with Criticism
Bottom Line Up Front (BLUF): Meta has banned Russian state-controlled media, including RT, from its platforms globally, citing concerns over their involvement in deceptive influence operations linked to Moscow's propaganda efforts. The Kremlin condemned the move as "unacceptable" and warned it could worsen relations between Russia and Meta. The action follows U.S. accusations that RT is tied to Russian intelligence and cyber operations aimed at spreading disinformation worldwide.
Analyst Comments: Meta's decision to block Russian state media reflects its continuing effort to curb disinformation, especially from actors linked to the Kremlin. With RT and related outlets banned, Moscow loses a significant channel for disseminating its narratives to global audiences. This escalation could provoke further retaliation from Russia, which has already banned Meta's platforms domestically, forcing users to access them through VPNs. As both sides take a harder stance, this highlights the growing geopolitical divide surrounding control over digital information flows.
FROM THE MEDIA: Meta's enforcement against Russian state-owned media came after increased scrutiny of RT’s role in covert influence operations, allegedly aided by Russian intelligence. The U.S. State Department recently exposed RT’s links to a cyber unit that orchestrates pro-Russian narratives in the U.S. and beyond. Following these developments, Meta expanded its restrictions on outlets like Rossiya Segodnya and RT, citing their efforts to evade prior bans. The Kremlin criticized the action, accusing Meta of bias and complicating the potential normalization of relations with the company, which is already considered an extremist organization in Russia since 2022.
READ THE STORY: The Record
Congressional Report Raises Alarm Over Chinese Cargo Cranes as Potential Espionage Tools
Bottom Line Up Front (BLUF): A U.S. congressional investigation has revealed that cargo cranes manufactured by China’s Shanghai Zhenhua Heavy Industries (ZPMC) may allow China to gather intelligence or disrupt port operations. These cranes, which account for nearly 80% of U.S. port cranes, contain modems that create a potential backdoor for spying and sabotage. The findings have raised concerns about national security, especially as fears of a Taiwan invasion grow.
Analyst Comments: The U.S.'s heavy reliance on Chinese-manufactured cranes has left critical infrastructure vulnerable to potential espionage and disruption. Given the cranes' dominance in U.S. ports, lawmakers are right to explore solutions to mitigate risks without resorting to drastic measures like replacing all the equipment. The ability of China to disrupt military logistics or create economic turmoil by targeting ports during a crisis with Taiwan underscores the need for tighter cybersecurity and diversified supply chains. The situation also highlights broader concerns about Chinese technological penetration in key sectors of U.S. infrastructure.
FROM THE MEDIA: A report from the House Select Committee on the Chinese Communist Party, alongside the House Homeland Security Committee, found that cellular modems installed on ZPMC cranes at U.S. ports present potential vulnerabilities. These modems, not needed for crane operation, could allow unauthorized remote access and data collection. Lawmakers are particularly concerned about the implications for U.S. military logistics in a potential conflict with China, especially over Taiwan. Congressional recommendations include new cybersecurity guidance and efforts to develop a domestic crane manufacturing industry to reduce reliance on foreign-made equipment.
READ THE STORY: Axios
Intellexa executives face sanctions for their role in distributing invasive spyware to foreign governments
Bottom Line Up Front (BLUF): The U.S. Treasury has imposed sanctions on five executives and one entity linked to the Intellexa Consortium for their involvement in the development and distribution of the Predator spyware. These sanctions target individuals responsible for supplying spyware to foreign governments, which has been used for covert surveillance and repression. The move underscores the U.S. government's continued efforts to counter the proliferation of commercial spyware that threatens privacy and national security.
Analyst Comments: The Predator spyware sanctions reflect the escalating global scrutiny over commercial surveillance tools, as companies like Intellexa supply highly invasive spyware to regimes with poor human rights records. The sanctions also highlight the complex web of international companies Intellexa uses to evade accountability. Despite these measures, the resurgence of Predator’s infrastructure shows the resilience of spyware networks, which continue to evolve to avoid detection and maintain their operations in sensitive regions.
FROM THE MEDIA: The U.S. Treasury announced fresh sanctions against key executives of the Intellexa Consortium, including Felix Bitzios and Andrea Nicola Constantino Hermes Gambazzi, for their roles in managing the supply of Predator spyware. Intellexa's spyware has been linked to activities in countries like Angola and Saudi Arabia, where it has been used for surveillance. The latest sanctions follow similar actions taken against Intellexa’s founder and come as the spyware’s infrastructure continues to adapt to evade detection. This move aligns with growing international efforts to curb the misuse of spyware in state-sponsored surveillance operations.
READ THE STORY: THN
Microsoft reports Russian actors focusing on disinformation about Vice President Harris, marking a shift in foreign election interference
Bottom Line Up Front (BLUF): Microsoft has identified a pivot in Russian disinformation efforts targeting the 2024 Democratic presidential ticket of Vice President Kamala Harris and Governor Tim Walz. Kremlin-linked groups Storm-1516 and Storm-1679 are spreading fake videos aimed at discrediting Harris. These activities, alongside cyber influence from Iran and China, demonstrate coordinated foreign interference leading up to the election.
Analyst Comments: The Russian shift to targeting the Harris-Walz campaign highlights a sophisticated evolution in disinformation tactics. By deploying fabricated videos and exploiting social media platforms like X, foreign actors are aiming to create divisive narratives and undermine U.S. democratic processes. The continued involvement of China and Iran in similar operations points to the global complexity of election interference, with each country tailoring its approach to exploit political vulnerabilities in the U.S. electoral landscape.
FROM THE MEDIA: Microsoft’s Threat Analysis Center (MTAC) observed two Russian groups—Storm-1516 and Storm-1679—using disinformation campaigns against the Harris-Walz campaign, including fake videos alleging violent incidents and false claims about Harris’ past. These videos have gained significant traction on social media platforms, and the Kremlin-linked actors are expected to escalate their efforts as the election approaches. In addition to Russia, Iran and China are also active in spreading disinformation, with Iran focusing on Republican candidates and China attempting to manipulate public opinion across the political spectrum.
READ THE STORY: Microsoft
Switch from KYBER to ML-KEM bolsters Chrome’s defenses against future quantum threats
Bottom Line Up Front (BLUF): Google Chrome is transitioning from KYBER to ML-KEM in its latest security upgrade to protect against potential quantum computing threats. This shift, set to take effect in Chrome version 131 in November 2024, aligns with Google's efforts to ensure stronger encryption methods in the post-quantum era. The move is in line with recommendations from the U.S. National Institute of Standards and Technology (NIST) as new quantum-resistant algorithms are standardized.
Analyst Comments: The adoption of ML-KEM reflects Google’s proactive approach to safeguarding data against the looming risk of cryptographically relevant quantum computers (CRQCs). By making this transition before quantum computing becomes fully operational, Chrome is preparing for a future where classical encryption methods may be vulnerable. The shift from KYBER to ML-KEM, along with NIST’s endorsement of new post-quantum algorithms, signals an industry-wide effort to stay ahead of quantum threats. Other tech giants, including Microsoft, are also preparing for this transition, further emphasizing its importance.
FROM THE MEDIA: Google’s decision to switch from KYBER to ML-KEM in Chrome is part of broader efforts to adopt post-quantum cryptographic defenses. The changes come as NIST finalizes new encryption standards to protect against future quantum attacks. Google highlighted the incompatibility between KYBER and ML-KEM, prompting the move to the latter. Alongside Google, Microsoft has updated its SymCrypt library to support ML-KEM, signaling the tech industry’s readiness for a post-quantum future.
READ THE STORY: THN
Kremlin-linked groups intensify disinformation efforts with fake viral content aimed at undermining the 2024 U.S. presidential race
Bottom Line Up Front (BLUF): Russian influence groups have shifted their disinformation focus to Vice President Kamala Harris's 2024 presidential campaign, according to a new Microsoft report. Using fake videos shared widely on social media platforms like X and Telegram, Kremlin-aligned actors aim to discredit Harris and disrupt her campaign. These efforts mark a continuation of Russia’s strategy to interfere in U.S. elections, leveraging fabricated narratives and AI-driven content to spread false claims.
Analyst Comments: This pivot in Russian disinformation highlights a sophisticated and strategic use of social media to disrupt U.S. electoral processes. The dissemination of fake videos about Harris underscores the importance of addressing foreign influence campaigns, especially as they scale up in the weeks before the election. Russia’s integration of AI tools and disinformation campaigns, coupled with coordination across platforms, presents a growing threat to democratic institutions, emphasizing the need for robust countermeasures from tech companies and governments alike.
FROM THE MEDIA: Russian disinformation campaigns have pivoted to focus on Vice President Kamala Harris's campaign, with fake videos alleging involvement in a hit-and-run accident and violent incidents involving her supporters. The videos, spread through fake media outlets and widely shared on platforms like X and Telegram, garnered millions of views. Microsoft’s Threat Analysis Center (MTAC) identified the key Russian groups behind these efforts—Storm-1679 and Storm-1516—marking a shift from earlier interference tactics. Russian actors have previously targeted Democratic candidates and continue to use disinformation to disrupt political campaigns. Other foreign influence actors from Iran and China have also been active, creating fake content to undermine U.S. election integrity.
READ THE STORY: The Record
Meta to Use Public U.K. Facebook and Instagram Posts for AI Model Training
Bottom Line Up Front (BLUF): Meta has announced plans to use public posts from U.K. Facebook and Instagram users to train its AI models. The initiative will target users over 18, offering them the ability to opt-out via an in-app notification. Meta emphasizes that private messages and data from minors will not be included. This move follows discussions with the U.K. Information Commissioner’s Office (ICO), with Meta citing "Legitimate Interests" as the legal basis for the data usage.
Analyst Comments: The use of public data for AI training brings privacy concerns, particularly with the opt-out system, which puts responsibility on users to decline. Despite discussions with the ICO, the approach has faced criticism for lacking transparency and consent, with calls for a more robust opt-in mechanism. The pause in similar initiatives across the EU and Brazil reflects the broader tension between AI advancement and user privacy.
FROM THE MEDIA: Users over 18 will receive notifications about their public posts being used for AI training, with the option to opt-out. The ICO has stressed the need for transparency and safeguards, while privacy advocates argue that the opt-out system could undermine user control. Similar efforts were halted in the EU after regulatory concerns were raised.
READ THE STORY: THN
Items of interest
Russian Disinformation Campaign Shifts Focus to Harris-Walz Campaign
Bottom Line Up Front (BLUF): Russian disinformation efforts have shifted from targeting the Biden campaign to Vice President Kamala Harris and her running mate, Minnesota Governor Tim Walz, in the 2024 U.S. presidential race. Russian groups Storm-1516 and Storm-1679 have released fake videos on platforms like X, aiming to discredit Harris with false narratives. These activities reflect Moscow's ongoing attempts to influence U.S. elections, with additional interference efforts reported from China and Iran.
Analyst Comments: This escalation of Russian disinformation targeting Harris underscores the Kremlin’s determination to disrupt U.S. electoral processes. The release of falsified content—such as fabricated accusations and staged events—shows how influence operations are adapting to new political dynamics, seeking to exploit perceived vulnerabilities. The use of fake media and social platforms like X enables rapid dissemination, posing a persistent threat to democratic discourse as the 2024 election nears.
FROM THE MEDIA: Microsoft's latest report reveals that Russian threat groups are intensifying disinformation operations aimed at the Harris-Walz campaign. Fake videos include fabricated accusations against Harris, such as involvement in a hit-and-run accident and false claims of violence at Trump rallies. Russian groups like Storm-1516 and Storm-1679, previously focused on other global events like the 2024 Olympics, have now fully pivoted to U.S. election interference. Both China and Iran have also been linked to influence operations targeting U.S. political candidates, further complicating election security efforts.
READ THE STORY: The Diplomat // Cyberscoop // Axios
Putin comments on Trump-Harris race after U.S. accuses Russia of election interference (Video)
FROM THE MEDIA: A grinning Vladimir Putin said Thursday he preferred Kamala Harris over Donald Trump in the upcoming U.S. presidential election. Putin's comments came hours after the Biden administration accused Russia of a widespread, sophisticated election interference campaign. CBS News senior foreign correspondent Holly Williams has more.
Putin's First Statement On Trump Assassination Bid; Russia Warns U.S., 'Playing With Fire' (Video)
FROM THE MEDIA: In a dramatic twist, the Kremlin has issued a strong response to a second attempted assassination of former President Donald Trump. The Kremlin ties the incident to an intensifying U.S. election campaign and insists it has no involvement, warning against further meddling. For the full story and shocking details, watch now.
The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.