TITLE: Iran is condemned by the United Kingdom for its cyber attack on Albania

CONTENT: On September 7, the United Kingdom officially condemned the Iranian state for a cyber attack against Albania's government which destroyed data and interrupted crucial government services such as paying utilities, booking medical appointments, and enrolling schoolchildren. According to the National Cyber Security Centre (NCSC), Iranian state-linked cyber actors are almost definitely accountable for a number of cyber attacks against Albanian government infrastructure beginning on July 15, 2022.

UK Foreign Secretary James Cleverly declared that ‘The UK is supporting our valuable partner and NATO ally. We join Albania and other allies in exposing Iran’s unacceptable actions.’ The UK has already identified and provided advice on several cyberattacks by Iranian actors, starting with 2018.

TOPIC: Cyberconflict and warfare

LINK: https://www.gov.uk/government/news/uk-condemns-iran-for-reckless-cyber-attack-against-albania

DATE: 07.09.2022.

EXCERPT: This Wednesday, the United Kingdom condemned the Iranian state for a cyber attack against Albania's government which destroyed data and interrupted crucial government services such as paying utilities. The UK has already identified and provided advice on several cyberattacks by Iranian actors, starting with 2018.

TITLE: Ransomware gang’s Cobalt Strike servers receive anti-Russia messages in a series of DDoS

CONTENT: There has been a flood of anti-Russian messages to Cobalt Strike servers run by former Conti ransomware gang members in order to disrupt their operations. Although the operators of Conti ransomware turned off their infrastructure this year in May, its members are now a part of other ransomware groups, including Quantum, Hive, and BlackCat. At the time, TeamServers (C2) used by ransomware actors to control the Cobalt Strike (CS) Beacon payloads on compromised hosts are being tracked by someone, allowing for lateral network movement. When they go inside the CS servers, the usernames they use are ‘Stop Putin!’, or they change their computer name to messages like ‘Be a Russian patriot!’, and ‘Stop the war!’ It is unknown who is sending these messages, as it could be anyone from a security researcher to law enforcement or even a cybercriminal with a grudge for siding with Russia, BleepingComputer reports. In the end, the disruption was only temporary, and the ransomware actor returned to the scene with a more robust infrastructure, allowing them to keep the stolen data accessible even in the face of distributed denial-of-service (DDoS) attacks. LINK: https://www.bleepingcomputer.com/news/security/ransomware-gangs-cobalt-strike-servers-ddosed-with-anti-russia-messages/ EXCERPT: There has been a flood of anti-Russian messages to Cobalt Strike servers run by former Conti ransomware gang members in order to disrupt their operations. At the time, TeamServers (C2) used by ransomware actors to control the Cobalt Strike (CS) Beacon payloads on compromised hosts are being tracked by someone, allowing for lateral network movement. TOPIC: Cybercrime, Cyberconflict and warfare DATE: 07.09.2022.

TITLE: Albania blames Iran for the July cyberattack and suspends diplomatic relations

CONTENT: Albanian Prime Minister, Edi Rama, declared on Wednesday that the entire staff of the Islamic Republic of Iran Embassy in Albania had been asked to leave within 24 hours.

This decision follows the termination of diplomatic relations with Iran following the identification of an Albanian government infrastructure cyberattack to Iranian threat actors in July. Rama said that: ‘The in-depth investigation provided us with indisputable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran through the engagement of four groups that enacted the aggression.’

The U.S. government also officially blamed Iran for the July attack on Albania. The U.S. official said that they condemn this attack and that the Islamic Republic of Iran would be held responsible for endangering the security of a NATO ally. Further actions will be taken to held Iran accountable if another attack towards any of their NATO ally happens in the future. EXCERPT: Albanian Prime Minister, Edi Rama, declared on Wednesday that the entire staff of the Islamic Republic of Iran Embassy in Albania had been asked to leave within 24 hours. The U.S. government also officially blamed Iran for the July attack on Albania. The U.S. official said that they condemn this attack and that the Islamic Republic of Iran would be held responsible for endangering the security of a NATO ally. LINK: https://www.bleepingcomputer.com/news/security/albania-blames-iran-for-july-cyberattack-severs-diplomatic-ties/ TOPIC: Cyberconflict and warfare DATE: 07.09.2022.

Hello

TITLE: Japan investigates the potential involvement of a pro-Russian group in cyberattacks

CONTENT: Japan announced on Wednesday that it is looking into the possible role in cyberattacks of a pro-Russian group after numerous government websites were disrupted the day before. The ransomware group in question is ‘Killnet’, which is considered to be responsible for attacks on the government websites, as media quotes.

According to Chief Cabinet Secretary Hirokazu Matsuno, the Japanese government is investigating whether problems accessing more than 20 websites across four government ministries were caused by a denial-of-service (DDoS) attack. Matsuno also explained that the government websites could not be reached on Tuesday evening.

However, services were recovered the same day. He is aware this pro-Russian group is suggesting that they were behind the attack, but the case is still being investigated at the moment.

EXCERPT: Japan announced on Wednesday that it is looking into the possible role in cyberattacks of a pro-Russian group named Killnet after numerous government websites were disrupted the day before. According to Chief Cabinet Secretary Hirokazu Matsuno, the Japanese government is investigating whether problems accessing more than 20 websites across four government ministries were caused by a denial-of-service (DDoS) attack.

LINK: https://www.reuters.com/technology/japan-investigating-possible-involvement-pro-russian-group-cyberattack-nhk-2022-09-06/

DATE: 07.09.2022.

TOPIC: Cyberconflict and warfare, Cybercrime

The new Worok cyber-espionage group is targeting governments and high-profile corporations

Worok, a newly discovered cyber-espionage group, has been using a combination of custom and existing malicious tools to hack governments and high-profile companies in Asia since 2020. ESET security researchers were the first to spot it, and they found out that the group also attacked targets from Middle East and Africa.

Worok has so far been linked to attacks on telecommunications, banking, maritime, and energy companies, along with military, government, and public sector organizations. Although there have been no sightings since February 2022, ESET has linked the group to new attacks against a Central Asian energy company and a public sector institution in Southeast Asia.

TOPIC: Cyberconflict and warfare, Cybercrime

LINK: https://www.bleepingcomputer.com/news/security/new-worok-cyber-espionage-group-targets-governments-high-profile-firms/

DATE: 06.09.2022.

EXCERPT: Worok, a newly discovered cyber-espionage group, has been using a combination of custom and existing malicious tools to hack governments and high-profile companies in Asia since 2020. Although there have been no sightings since February 2022, ESET has linked the group to new attacks against a Central Asian energy company and a public sector institution in Southeast Asia.

Swiss strategic priorities

TITLE: The JX Fund and Voronezh Mass Media Defence Center launched the information platform Shpargalka | Exile

CONTENT: The JX Fund - European Fund for Journalism in Exile, in collaboration with the Voronezh Mass Media Defense Center, has launched the information platform Shpargalka | Exile (‘cheat sheet’ in Russian) to assist threatened media professionals in Russia in selecting a country of exile that is appropriate for them and their needs. Since the increase in anti-press legislation in Russia starting from 4 March, even the use of the word "war" can result in a 15-year prison sentence, so this type of platform is useful for media workers.

Shpargalka | Exile has now compiled answers to 21 of the most pressing questions, like ‘How do I get a work permit?’, or ‘What do I need to do to register a media company in exile?’ All questions are being answered by lawyers from 12 countries, which currently include: Armenia, Azerbaijan, Bulgaria, Germany, Georgia, Israel, Kazakhstan, Latvia, Montenegro, Poland, Serbia, and Turkey.

The information is regularly updated, as many countries' entry requirements and legal systems constantly change in light of the tense geopolitical situation. In recent months, the JX Fund has helped 14 media outlets rebuild, as well as five start-ups and the creation of a media hub in Tbilisi, Georgia. Since the increase in anti-press legislation in Russia starting from 4 March, even the use of the word "war" can result in a 15-year prison sentence.

EXCERPT: The JX Fund - European Fund for Journalism in Exile, in collaboration with the Voronezh Mass Media Defense Center, has launched the information platform Shpargalka | Exile (‘cheat sheet’ in Russian) to assist threatened media professionals in Russia in selecting a country of exile that is appropriate for them and their needs. The platform gives answers to 21 of the most pressing questions, which are given by lawyers from 12 countries.

LINK: https://rsf.org/en/cheat-sheet-media-workers-under-threat Sharpgalka | Exile: https://shpargalka-exile.web.app/

TOPIC: Freedom of the press

DATE: 05.09.2022.

TITLE: China accused Washington of breaking into computers and spying on university

CONTENT: China accused Washington on Monday of breaking into computers at Northwestern Polytechnical University that US officials say conducts military research. Both governments complained about worrying online spying against one another.

The National Computer Virus Emergency Response Center reported computer break-ins at Northwestern Polytechnical University in June. It stated that the center, in collaboration with a commercial security provider, Qihoo 360 Technology Co., identified the attacks back to the National Security Agency, but did not specify how.

China accuses the US of spying on universities, energy companies, and internet service providers, among other targets. Washington accuses Beijing of stealing commercial secrets and has charged Chinese military officers with crimes.

According to Foreign Ministry spokeswoman Mao Ning, the US actions "seriously endanger China's national security." She also accused Washington of using spyware to eavesdrop on Chinese phone calls and stealing text messages.

As per the security experts, the ruling Communist Party's military wing, the People's Liberation Army, and the Ministry of State Security also fund outside hackers. Alongside with Russia, China and the United States are widely acknowledged as global leaders in cyberwarfare research.

TOPIC: Cyberconflict and warfare, Cybercrime

EXCERPT: Chinese government accused Washington of cyberspying on Monday. Northwestern Polytechnical University in June has suffered computer break-ins, according to The National Computer Virus Emergency Response Center. China also accuses the US of spying on universities, energy companies, and internet service providers, among other targets. It stated that the center, in collaboration with a commercial security provider, Qihoo 360 Technology Co., identified the attacks back to the National Security Agency, but did not specify how.

DATE: 05.09.2022.

LINK: https://abcnews.go.com/Technology/wireStory/china-accuses-washington-cyber-spying-university-89343366

Digitalisation will be in the core of technological competition.

This is crucial insight that our ability to learn and adapt is more important than predictions and preparations.

TITLE: In the aftermath of the Roe v. Wade decision, US journalists are wary of online legal threats

CONTENT: The editors of the pro-abortion rights news website Rewire unusually removed reporter biographies from the site in May.

The move was made as a precaution after a draft of a majority Supreme Court opinion in Dobbs v. Jackson Women's Health Organization, which sought to overturn the constitutional right to abortion, was leaked. Rewire reporters were concerned about an increase in online harassment.

Editor-in-chief Galina Espinoza said that: ‘The newsroom has for years kept a repository of harassing messages to track patterns, just in case.’ The current abortion situation in America has some abortion reporters on edge.

In addition to their fears about online harassment, reporters notified Committee to Protect Journalists (CPJ) that they are concerned about real-world violence and how changing laws may expose them and their sources to legal threats in the aftermath of the Supreme Court's decision to overturn Roe v. Wade in June.

EXCERPT: U.S. reporters shared their concerns with Committe to Protect Journalists (CPJ) about online harassment they face. However, it does not ned there. They are now even concerned about real-world violence in the aftermath of the Supreme Court’s decision to overturn Roe v. Wade in June. The current abortion situation in America has some abortion reporters on edge. The Rewire newsroom is keeping a repository of harassing messaged to track patterns.

LINK: https://cpj.org/2022/09/u-s-reporters-wary-of-online-legal-threats-in-the-wake-of-the-overturn-of-roe-v-wade/

DATE: 01.09.2022.

TOPIC: Freedom of the Press, Freedom of expression

TITLE: Ransomware attack hits Windows, Linux servers of Chilean government agency

CONTENT: Chile's national computer security and incident response team (CSIRT) has confirmed that a ransomware attack has affected the country's government agency's operations and online services.

The attack began on Thursday, August 25, and targeted the agency's Microsoft and VMware ESXi servers. The hackers offered Chile’s CSIRT a communication channel through which they could negotiate the payment of a ransom that would prevent the files from being leaked. The malware used in this attack, according to CSIRT, also had functions for stealing credentials from web browsers, listing removable devices for encryption, and evading antivirus detection via execution timeouts.

In their announcement, Chile's CSIRT does not title the ransomware group responsible for the attack, nor does it offer enough information to identify the malware. Because it has been used by multiple threat actors, the extension appended to the encrypted files provides no clue. Very limited information provided by Chile's CSIRT on the malware's behavior points to the 'RedAlert' ransomware (aka "N13V"). Nevertheless, indicators of compromise (IoCs) in the announcement could be associated with Conti.

According to what Chilean threat analyst Germán Fernández told BleepingComputer, the strain appears to be entirely new, and the researchers he spoke with were unable to associate the malware with known families. Based on what BleepingComputer has learned so far about this ransomware, it is a new operation that began in early August.

EXCERPT: BleepingComputer learned about a brand new ransomware operation that started in August, targeting Chile's national computer security and incident response team (CSIRT). The hackers have affected the agency's Microsoft and VMware ESXi servers with their operations. According to CSIRT, the malware used in this operations had functions for stealing credentials from web browsers, listing removable devices for encryption, and evading antivirus detection via execution timeouts.

LINK: https://www.bleepingcomputer.com/news/security/new-ransomware-hits-windows-linux-servers-of-chile-govt-agency/

DATE: 01.09.2022.

TOPIC: Cyberconflict and warfare

COUNTRY: Chile

What is digital humanitarianism?

TITLE: Military tensions between China and Taiwan fuel an active cyberwar

CONTENT: The world was relieved when tensions between China and Taiwan did not escalate into a larger military engagement in August. Nevertheless, both countries are influenced by an active cyberwarfare.

According to researchers at threat intelligence firm Cyberint, cyber activity between China and Taiwan is defined by multi-vector attacks, similar to what experts have observed happening between Russia and Ukraine. Based on a recent report, cyber tensions are high, and the number of national-level cyberattacks targeting China and Taiwan has recently significantly increased. Cyberint Research Team states that the growing number of cyberattacks will encourage more competing hackers organizations, raising the risk of an escalating cyber conflict.

One obvious sign of increased activity, according to the researchers, is the increasing number of comments on Chinese and Taiwanese breaches in cybercriminal leak forums, with the number of comments on Chinese data leaks increasing four times in July compared to June. When it comes to Taiwan, the number of comments under data leaks from its companies also increased during July.

The new tactic may eventually lead to a gradual increase from minor cyberattacks on government websites to more serious crimes involving hacking of critical infrastructure. If the cyber conflict between Taiwan and China resembles what happened in Ukraine, China should prepare its infrastructure to withstand a series of new of distributed denial-of-service (DDoS) attacks.

EXCERPT: Even though military tensions between China and Taiwan have not escalated, there is an ongoing cyber war between them. The engagement in these attacks is similar to the ones in Ukraine and Russia, and there are clear signs that there is an increasing number of comments on Chinese and Taiwanese breaches in cybercriminal leak forums. The new tactic may include a gradual increase from minor cyberattacks on government websites to more serious crimes involving the hacking of critical infrastructure.

DATE: 01.09.2022.

LINK: https://cybernews.com/news/china-taiwan-military-tension-fuels-an-active-cyberwar/

TOPIC: Cyberconflict and warfare

COUNTRY: China, Taiwan

TITLE: Military tensions between China and Taiwan fuel an active cyberwar

CONTENT: The world was relieved when tensions between China and Taiwan did not escalate into a larger military engagement in August. Nevertheless, both countries are influenced by an active cyberwarfare.

According to researchers at threat intelligence firm Cyberint, cyber activity between China and Taiwan is defined by multi-vector attacks, similar to what experts have observed happening between Russia and Ukraine. Based on a recent report, cyber tensions are high, and the number of national-level cyberattacks targeting China and Taiwan has recently significantly increased. Cyberint Research Team states that the growing number of cyberattacks will encourage more competing hackers organizations, raising the risk of an escalating cyber conflict.

One obvious sign of increased activity, according to the researchers, is the increasing number of comments on Chinese and Taiwanese breaches in cybercriminal leak forums, with the number of comments on Chinese data leaks increasing four times in July compared to June. When it comes to Taiwan, the number of comments under data leaks from its companies also increased during July.

The new tactic may eventually lead to a gradual increase from minor cyberattacks on government websites to more serious crimes involving hacking of critical infrastructure. If the cyber conflict between Taiwan and China resembles what happened in Ukraine, China should prepare its infrastructure to withstand a series of new of distributed denial-of-service (DDoS) attacks.

EXCERPT: Even though military tensions between China and Taiwan have not escalated, there is an ongoing cyber war between them. The engagement in these attacks is similar to the ones in Ukraine and Russia, and there are clear signs that there is an increasing number of comments on Chinese and Taiwanese breaches in cybercriminal leak forums. The new tactic may include a gradual increase from minor cyberattacks on government websites to more serious crimes involving the hacking of critical infrastructure.

DATE: 01.09.2022.

LINK: https://cybernews.com/news/china-taiwan-military-tension-fuels-an-active-cyberwar/

TOPIC: Cyberconflict and warfare

COUNTRY: China, Taiwan

TITLE: TAP Air Portugal hit by ransomware: Ragnar Locker claims responsibility

CONTENT: The Ragnar Locker ransomware gang has claimed responsibility for an attack on Portugal's flag carrier, TAP Air Portugal, which was revealed by the airline after its systems were compromised on Thursday night.

The company stated that the attack was stopped and that no evidence suggested that the attackers gained access to the customer data stored on the affected servers. The airline also issued an alert on Monday, stating that its website and app are unavailable due to the Thursday ransomware attack.

TAP has yet to confirm whether this was a ransomware attack. However, the Ragnar Locker ransomware gang posted a new entry on their data leak website today, claiming responsibility for last week's cyberattack on TAP's network.

The ransomware group believes to have "reasons" to assume that hundreds of Gigabytes of data were compromised in the incident and has threatened to provide "irrefutable evidence" to negate TAP's claim that its customers' data was not accessed. Ragnar Locker also shared a screenshot of a spreadsheet that appears to contain customer data stolen from TAP's servers, such as names, dates of birth, emails, and addresses.

DATE: 31.08.2022.

EXCERPT: The Ragnar Locker ransomware gang claims responsibility for the ransomware attack on Portugal’s flag carrier, TAP Air Portugal. The company itself says that the attack was prevented, and customers’ information has been untouched. On the other hand, the ransomware gang states that they can easily provide evidence that the data has been compromised.

LINK: https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline/

TOPIC: Cyberconflict and warfare, Cybercrime

Another important element that the document realises: link between cybersecurity and AI. This is missing in OEWG discussions. There will need to be links of OEWG with AI-related processes like LAWS as well - or, at least, diplomats will need to be aware of all those other related processes.

A well presented crucial difference between the two paradigms. Yet, this gap is vanishing. In a way, Russians (to the extent they were behind disinformation campaigns) managed to change the US position to accept the same paradigm.

Could this close-to-common understanding that both networks and information are part of the dialogue change the course of future negotiations, and perhaps even allow for more space for comprimise as everyone discusses the same issues?

||Pavlina|| ||AndrijanaG|| ||JovanK||

Important point: what used to be a privilege of big states in terms of offensive cyber capabilities (esp. weapons) is not any more - there are powerful criminal groups, dark researchers, international vulnerability brokers, and even legit businesses like NSO that offer tools and 'as a service' sophisticated attacks and tools. Though, most sophisticated and stealth attacks require more than that: lots of skills and (conventional) intelligence - resources that not many states have.

Useful examples of ransomware effects ||AndrijanaG||

Interesting breakdown of main attacks against US, including types and attributed sources ||AndrijanaG|| ||teodoramATnetwork.diplomacy.edu|| ||Pavlina||

This is very true: most cyber attacks are sophisticated, multi-months, covert, serving for disruption or espionage, not for causing physical damage. This is changing somewhat with the power of ransomware, which caused tangible (though not physical) damage in cases like Colonial pipeline, Costa Rica state of emergency, etc.

Useful overview of digital trade bilateral and multilateral processes where US is involved ||MariliaM||

||MariliaM|| What say you about this?

A sobering thought: internet is not a mechanism of US foreign policy any more; rather, 'adversaries' are using it against US values more and more. Open internet is a utopia, it says.

Analysis of the US cyber foreign policy, co-signed by the future US Cyber Ambassador just weeks ago. It signals what we can expect from the US digital foreign policy in the next years.

In a nutshell, they recognise that their strategy of an open internet that would change autocratic societies has failed, that in reality internet is backfiring against US priorities through insecurity, disinformation, etc etc. They seem to give up on the single open internet, and opt for an open internet among like-minded. Importantly, they suggest a change of narrative from 'human rights' to 'free flow of data' to be able to bring on board also those countries that might not be fully democratic or for human rights only (esp. big states like Brazil, India, South Africa). In this regards, they opt for dialogue (read: concessions) with EU on privacy/GDPR and big tech…

Further comments below.

Cyber foreign policy is becoming recognised as an increasingly important field. It is not only for diplomats and decision makers, but increasingly for businesses and their officials as well - like CISOs which need to understand geopolitical momentum and consequences this has on the security of their systems...

What should this be about?

Adding more liability to businesses to clean their portions. This may bring in limitations by ISPs and cloud providers on the use of encryption, or allow them to do DPI to scan the packages. It may be tricky with regards to freedoms in some aspects.

Also a very important proposal: greater transparency about weapons (exploits, vulnerabilities) and how these are collected and managed (that's VEP above) + about operations (who and how can deploy those and other tools, in what circumstances, under whose authorization, against what targets, etc)

This was already raised at the OEWG through the Geneva Dialogue contribution.

It is good there is recognition that vulnerabilities are among key challenges. Current US VEP is a good and positive example, but not sufficiently transparent. It is not expected that US 'adversaries' will do the same, but they expect at least partners.

Yet, an open question will be how to make sure other parties are not exploiting vulnerabilities (and thus having advantages)? It would have to be done as combination of a) more secure products by partners (security by design practices)<br> b) stricter supply chain control to avoid vulnerabilities in imported products c) strengthening vulnerability disclosure processes and policies, as well as resources/capabilities (eg. finding ways to lure Chinese researchers to report vuln. to western institutions in spite of Chinese law)

Possible further norms. Though the more norms they have, the bigger limitations the US will have on their possible offensive operations referred to above and below. ||AndrijanaG|| ||Pavlina||

This is very strange and confusing. What should such a center do? Would it be a law enforcement body (but then there is interpol...)? Or forensics support? Or awareness and capacity building? ||AndrijanaG|| ||bojanakATnetwork.diplomacy.edu||

US would need to find a way to agree on privacy, data, big tech issues with EU

Washington to link its digital competition (economic and trade policies) with national security. Another signal that digital trade and data flow will be more strongly linked to national security.

||JovanK|| ||MariliaM||

when it comes to adversaries, a combination of economic pressure and 'disruptive' (read also: offensive?) cyber operations - while respecting the OEWG/GGE norms endorsed by partners

Question is if partners (esp. beyond EU - eg. India, Brazil) would accept that offensive approach of the US against their adversaries - even if respecting the norms and int. law?

In other words, if internet has to fragment, let's make sure we get the biggest part of it ruled by a common set of rules that support democratic values.

This is an important recognition: cybercrime used to be discussed separately from national security and int. peace and security. This won't be possible any more, because tools, tactics and procedures are similar (eg. ransomware, exploits), and resources of perpetrators are similar (eg. organised criminal groups) or adversaries are linked or work together (eg. APT groups with states).

In that sense, keeping global dialogue about cybercrime fully separated from peace and stability won't be possible any more; there will need to be links.

||AndrijanaG|| ||Pavlina|| ||bojanakATnetwork.diplomacy.edu|| ||teodoramATnetwork.diplomacy.edu||

Another rather blunt recognition: indictments and sanctions don't work when it comes to deterrence. Yet, some believe they are powerful as part of a set of measures. (There is certain broader question about the effectiveness of sanctions, though)

An interesting and well articulated point: US should make sure that friends and partners (in broader sense - esp. swing states) adhere to norms. They can't expect that Russia and China will adhere, so for them they might need a different approach (combining multiple options as discussed elsewhere in the document)

Another merging area: information warfare and cyber conflict. For long, the US has been pushing back strongly not to bring discussions about content into cybersecurity discussions. It was the main difference between the US and Russia/China in understanding the scope. As content becomes weapon in full sense, this won't be possible any more. Likely, US will bring the two together in discussions with like-minded partners, but not (yet) in global negotiations where their 'adversaries' are present.

||AndrijanaG|| ||Pavlina|| ||asokemATdiplomacy.edu||

As we would put it: "Whatever is connected can be hacked". The paper proposes further cooperation on reducing (and disclosing) vulnerabilities, and has some good points on zero-day exploits and various groups of adversaries.

||AndrijanaG|| ||Pavlina||

Re-focusing from (promoting) values of an open society to (promoting) data flow and economic aspects

||MariliaM|| ||GingerP||

Fragmentation can not be prevented.

The key of the suggested new framing: it is not about western values of openness and human rights (that might not be acceptable by everyone) - it is about free and trusted data flow. This boils down to economy, and might be more broadly understood and endorsed.

With Fick's background of enterpreneurship, and some signals in this document, as well as with composition of third departments of the bureau which deal with 'other' issues (norms, int.orgs, human rights), should we expect that his priority agenda will be digital trade? Thus, that we will see high importance of WTO and other digital trade negotiations (at least with 'like-minded' and swing states) in the future State Department agenda? ||MariliaM|| ||JovanK|| ||GingerP||

A clear and provocative thought, coming from the US. ||JovanK|| ||MariliaM|| ||sorina|| ||GingerP||

A blunt recognition that the former US approach to an open internet has failed. Also, a call for a new digital foreign policy.

||JovanK|| ||sorina||

Same old vocabulary: Stuxnet, which destroyed a facility, was 'cyber campaign' ('to cause physical damage'), not 'an attack'. Yet, Iranian strike against Saudi Aramco (just a line below) is 'attack'.

[Maybe it's only to me, but this is the same pattern of 'campaign' (and not 'attack' or 'aggression') against Iraq or Yugoslavia, yet 'aggression' (and not 'special operation') about Russia's strike against Ukraine.]

Nathaniel Fick is a likely future US cyber ambassador (ie ambassador at large, to lead the Cyber Bureau of the State Department). The report was prepared in July, when he was already the candidate. Thus, we can probably read this as his programme - or at least that he is not against it.

The title already signals what the paper confirms: US should/will accept that single internet is no more a reality.

TITLE: Saudi woman sentenced to 45 years in prison for social media posts

CONTENT: A Saudi Arabian court convicted Nourah bint Saeed al-Qahtani to 45 years of prison time for posts on social media, according to a rights group. According to a Washington-based DAWN organization, she was convicted by the Saudi Specialized Criminal Court on charges of ‘using the internet to tear the (Saudi) social fabric’ and for ‘violating public order by using social media.’

DAWN stated that almost nothing is known about Qahtani or even what her social media posts stated and that the investigation into her case was ongoing. Salma al-Shehab, a mother of two and doctoral candidate at the University of Leeds in the United Kingdom, was sentenced to 35 years in prison for following and retweeting dissidents and activists on Twitter just a few weeks before Qahtani's conviction.

According to Abdullah al-Aoudh, Director of Research for the Gulf Region at DAWN, Saudi authorities used "abusive" laws in both the Shebab and Qahtani cases to target and sanction Saudi citizens for opposing the government on Twitter.

According to what Saudi officials told Reuters last month, the kingdom has no political prisoners, and the thought of it is ridiculous. On the other hand, a request for comment was not responded to by the Saudi government's media office.

LINK: https://www.reuters.com/world/middle-east/saudi-woman-gets-45-year-prison-term-social-media-posts-rights-group-2022-08-30/

DATE: 30.08.2022.

EXCERPT: Saudi Arabian woman, Nourah bint Saeed al-Qahtani, has been sentenced to 45 years in prison for her posts on social media platforms. A few weeks before that, another woman, Salma al-Shehab was sentenced to 35 years in prison for following and retweeting dissidents and activists on Twitter. A Washington-based DAWN organization is still investigating into al-Quahtani’s case, as it is not clearly known what her posts contained. Presumably, she criticized the government. Saudi authorities are using abusive laws to punish citizens who dare to oppose the rulers.

TOPIC: Freedom of expression

COUNTRY: Saudi Arabia

TITLE: UK Spies are funding a new course for female coders

CONTENT: With a new bootcamp course, the UK's main intelligence agency for dealing with cyber-threats hopes to attract more female coders to its workforce. GCHQ is sponsoring one of Code First Girls' 14-week 'nanodegree' courses, which are designed to appeal to women considering a career switch.

According to Jo Cavan, the security agency's director of strategy, policy, and engagement, teams such as counter-terrorism have performed better since becoming more diversified. Cavan claims that one key area where GCHQ needs more diversity is in countering threats from the east. She also added: ‘We have been working hard to increase that number so we have more diverse teams and better get across the threats we need to today.’

According to the certification organization ISC2, women still make up only 25% of cybersecurity roles global level. When it comes to its 2021 industry report, fewer women (38%) than men (50%) came from an IT background, while women have higher rates of entry through self-learning than men (20% vs. 14%). These figures suggest that there may be a sizable group of female job seekers looking to change careers to one that involves cyber.

LINK: https://www.infosecurity-magazine.com/news/uk-spies-fund-new-course-for/

DATE: 30.08.2022.

TOPIC: Gender rights online

EXCERPT: The UK’s main intelligence agency for dealing with cyber-threats is aiming to attract more female workers, in order to increase diversity. Studies have shown that teams such as counter-terrorism have performed better since becoming more diversified. In this article, you can also see the percentage of women in cybersecurity roles and the level of their entry through self-learning compared to men. The information is provided by the certification organization, ISC2.

TITLE: Chinese hackers use ScanBox malware to target the Australian government

CONTENT: Threat actors based in China have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake news media outlet impersonating an Australian news outlet. The sender pretended to be an employee of the hoax media outlet "Australian Morning News," with a link leading to the malicious website. The site included plagiarized content from legitimate news websites.

Victims started arriving at the fraudulent site after receiving phishing emails with appealing lures, and the ScanBox reconnaissance framework delivered a malware payload. From April to June of this year, the campaign targeted individuals at local and federal Australian Government agencies, Australian news media organizations, and global heavy industry manufacturers which provide maintenance to wind turbines in the South Chinese Sea.

Proofpoint and PwC (PricewaterhouseCoopers) security researchers who observed the campaign concluded that the goal was cyberespionage. They attribute the activity with moderate confidence to a Chinese-based threat group known as APT40 (a.k.a. TA423, Leviathan, Red Ladon).

LINK: https://www.bleepingcomputer.com/news/security/chinese-hackers-target-australian-govt-with-scanbox-malware/

EXCERPT: China-based actors have been targeting Australian government agencies and wind turbine fleets by directing individuals to a fake media outlet, pretending to be an Australian media outlet. The site they were led on, contained plagiarized information from legitimate news websites. From April to June 2022, the campaign targeted individuals at local and federal Australian Government agencies, Australian news media organizations, and global heavy industry manufacturers working to maintain wind turbines in the South Chinese Sea.

TOPIC: Cyberconflict and warfare, Cybercrime

Not very multistakeholdre enthusiastic.

TITLE: Acronis’ Mid-year Cyberthreat Report warns that global ransomware damage will exceed $30bn by 2023

CONTENT: Switzerland-based cybersecurity company Acronis reported in its Mid-Year Cyberthreat Report, published on August 24, that almost half of breaches during the first six months of 2022 involved stolen credentials. The primary goal of cybercriminals using these credentials is to launch ransomware attacks, which remain the number one threat to large and medium-sized businesses, including government organizations, the report says.

Acronis found that out of 600 malicious email campaigns in the first half of 2022, 58% were phishing attempts, and 28% featured malware. Unpatched or software vulnerabilities are now also being targeted by cybercriminals in order to extract data, with a recent increase in Linux operating systems and managed service providers (MSPs) and their network of SMB customers.

The Swiss firm is highlighting: ‘Ransomware is worsening, even more so than we predicted.’ They also mentioned Conti and Lapsus gangs as the prime targets for international security services. It is expected that global ransomware damage will exceed up to $30bn by next year.

EXCERPT: Swiss-based cybersecurity company Acronis reports in their Mid-Year Cyberthreat that the first six months of this year involved stolen credentials. With hacking methods in development, like targeting unpatched or software vulnerabilities, and malicious email campaigns, ransomware is worsening. It is excepted that global ransomware will exceed up to $30bn by 2023.

LINK: https://www.infosecurity-magazine.com/news/ransomware-exceed-30bn-dollars-2023/

TOPIC: Cybercrime, Cyberconflict and warfare

DATE: 29.08.2022.

TITLE: Montenegro suspects the cyberattacks are coming from Russia

CONTENT: Cyberattacks are persistent in Montenegro and targets are the main infrastructure objects, such as electricity and water supply systems, transportation services, and online portals citizens use. At the time of writing, Bleeping Computer states that the official website of the government of Montenegro is unreachable.

The country's Defense Minister has blamed Russian actors for the attacks, telling local media on Saturday that there is enough evidence to suspect the attack was "directed by several Russian services."

The country's currently battling polarization which has been impacted by the current government's decision to support sanctions against Russia. This has sparked outrage from certain demographic groups and, in some cases like now, even external attacks.

Montenegro is currently receiving assistance from NATO allies to block the attacks. Most notable efforts come from France. The country has deployed an ANSSI (French Agency for Information Systems Security) team to assist in the defense of critical systems and the restoration of compromised networks.

DATE: 29.08.2022.

TOPIC: Cyberconflict and warfare

LINK: https://www.bleepingcomputer.com/news/security/montenegro-says-russian-cyberattacks-threaten-key-state-functions/

EXCERPT: Montenegro suffers a series of cyberattacks directed toward their vital infrastructure. The country’s Defense Minister is attributing these attacks to Russia, as Montenegro decided to support sanctions against them. Currently, Montenegro receives help from NATO allies, but mainly from France.

The UN SG suggests the following issues to be covered in the Global Digital Compact:

• access and connectivity
• digital public good
• preventing Internet fragmentation
• data protection and privacy
• safeguarding human rights in digital spaces
• accountability for disinformation and misleading content
• artificial intelligence

||Jovan||||sorina||

In the Pact for the Future which should be adopted during the UN Summit for the Future to be held in September 2023, one of seven pillars is outer space.

The UN SG aims to achieve a high-level political agreement on the peaceful, secure and sustainable use of outer space with commitment 'to negotiate an international instrument on the prevention of an arms race in outer space; common principles for the governance of outer space activities; and measures to accelerate agreement on the removal of space debris, and to coordinate space traffic.'

You can more information in the UN SG remarks to the UN GA Consultation on 'Our Common Agenda'.

UN SG established terminology that will be used. It will be the UN Pact for the Future with 7 elements

1. A New Agenda for Peace
2. A Global Digital Compact
3. A Declaration on Future Generations
4. Outer Space (international instrument on the prevention on an arms race in outer space
5. The Emergency Platform
6. More Effective Multilateral Arrangements
7. 'Seventh thread' will include topics in making: integrity in public information, a commitment to ensuring meaningful youth engagement at the UN, commitment to metric that go beyond GDP and take vulnerabilities into account.

Other issues of the Pact for Future will include: human rights including safeguarding human rights in digital spaces, gender equality, inclusion of marginalised groups,

UN SG also mentioned the following other initiatives as part of 'Our Common Agenda':

• the Scientific Advisory Mechanisms
• Transformation towards a UN 2.0 including: a new culture and new capabilities in data, digital innovation, behavioural science, and strategic foresight.

||Jovan||

For the Peace Week, you can consider this linkage to the UN Pact for Future and in particular development of the UN toolbox to prevent the outbreak and escalation of hostilities on land, at sea, in space and in cyberspace.

What are 4 countries?

TITLE: Montenegro’s digital infrastructure hit by a unprecedented cyberattack

CONTENT: Montenegro's government digital infrastructure has been hit by a ‘unprecedented’ cyber attack, and swift measures have been taken to minimize the impact, officials said on Friday. ‘A persistent and ongoing cyber-attack is in process in Montenegro,’ The U.S. Embassy in Podgorica posted a warning on its website.

‘Certain services were switched off temporarily for security reasons but the security of accounts belonging to citizens and companies and their data have not been jeopardised,’ said Public Administration Minister Maras Dukaj on Twitter.

According to Reuters, in 2016, cyber criminals also targeted Montenegro's state digital infrastructure on election day, and again several months later in 2017, as this small Balkan state prepared to join NATO.

The Western military alliance is aware of reports of cyber attacks in Montenegro and is prepared to assist its authorities if needed, according to an unidentified NATO official quoted by Voice of America.

EXCERPT: Montenegro’s government digital infrastructure has been hit with an unprecedented cyber attack. The hacker’s origin is still not officially known, but it woke concerns among NATO members. This is not the first time the cyber attack of this range happened in Montenegro, but it is considered to be a persistent and ongoing according to the U.S. Embassy in Podgorica.

DATE: 26.08.2022.

LINK: https://www.reuters.com/world/europe/montenegros-state-infrastructure-hit-by-cyber-attack-officials-2022-08-26/

TOPIC: Cyberconflict and warfare, Cybercrime

reasons for sanctions

TITLE: CPJ joins letters urging the U.S. government to hold the NSO Group accountable for spyware that surveilled journalists

CONTENT: In August, the Committee to Protect Journalists joined human rights and press freedom organizations in separate actions demanding the US government to hold NSO Group accountable for providing Pegasus spyware to governments that have secretly surveilled journalists around the world. The Israeli-owned NSO Group claims that it only licenses its Pegasus spyware to government agencies investigating crime and terrorism and that it should be immune from prosecution in US courts because it acted as an agent of foreign governments under the doctrine of sovereign immunity.

Nevertheless, according to the CPJ’s letter it is clear their actions are malicious: ‘The evidence of the use of Pegasus spyware against human rights defenders, journalists, opposition parties, and state officials by repressive regimes continues to mount, contrary to NSO Group’s claim that their spyware is used as a tool for investigating criminal activity and terrorism.’

EXCERPT: Committee to Protect journalists (CPJ) joins the letters of human rights and press freedom organizations in their separate actions urging the U.S. government to hold the Israeli-owned NSO Group accountable for providing Pegasus spyware to governments that have secretly surveilled journalists.

LINK: https://cpj.org/2022/08/cpj-joins-letters-urging-u-s-government-to-hold-nso-group-accountable-on-spyware/

DATE: 25.08.2022.

TOPIC: Freedom of expression, Freedom of the press, Cybercrime

What would be the cost of this autarchy? Can Swiss small economy support economic autharchy? How far this autarchy should extend (only Switzlerand, EU, USA, like-minded countries, developing countries)?

A good summary of the main disarmament agreements.

Are there red phones today? Do USA and Russia communicate in time of crisis?

Good summary of raison d' etre of NATO.

It was not possible to reverse impact of nuclear technology.

Ambassador Theodor H. Winkler asks, "Has The West been Sleeping?" in his article for Stratos Digital journal. His answer is positive. The West is falling behind China and Russia in many military and strategic areas.

One reason was the West's acceptance of the "end of history" view after the Cold War. The Ukraine war serves as a wake up call.

Ambassador Winkler shared his thoughts on both the changes in thinking about war, security, politics, and practical steps to be taken to avoid strategic sleepwalking in Western societies.

Interesting phenomenon