It's what my family and friends think when I tell them about cyber and my work :D

TITLE: A North Korean government-backed APT actor targets organisations in South Korea and the U.S

CONTENT: A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S.

Google's Threat Analysis Group (TAG) is tracking the cluster under the name ARCHIPELAGO, which it said is a subset of another threat group tracked by Mandiant under the name APT43.

The tech giant said it began monitoring the hacking crew in 2012, adding it has "observed the group target individuals with expertise in North Korea policy issues such as sanctions, human rights, and non-proliferation issues."

EXCERPT: A North Korean government-backed APT actor targeting government and military personnel in South Korea and the U.S

LINK:

TOPIC: Cyberconflict and warfare

TREND: N/A

PROCESS: N/A

DATE: 5 April, 2023

COUNTRY: North Korea, South Korea, the U.S.

TITLE: Britain uses cyber capabilities to counter enemies online

CONTENT: The UK National Cyber Force (NCF) – a partnership between the country’s armed forces and Government Communications Headquarters (GCHQ) – for the first time disclosed details about its approach to “responsible cyber operations to counter state threats, support military operations, and disrupt terrorists and serious criminals”.

The document outlines that central to NCF’s approach is the ‘doctrine of cognitive effect’ – using techniques that have the potential to sow distrust, decrease morale, and weaken adversary ability to plan and conduct their activities effectively with the goal of changing their behaviour. This can include preventing terrorist groups from publishing pieces of extremist media online or making it harder for states to use the internet to spread disinformation. NCF’s operations are covert, and the intent is sometimes that adversaries do not realise that the effects they are experiencing are the result of a cyber operation.

"In an increasingly volatile and interconnected world, to be a truly responsible cyber power, nations must be able to contest and compete with adversaries in cyberspace," GCHQ director Jeremy Fleming said. The statement was published alongside a 28-page paper designed "to illustrate aspects of how the UK is being a responsible cyber power". It did not elaborate on the specifics of those operations.

EXCERPT: British government hackers have launched operations against militants, state-backed disinformation campaigns and attempts to interfere in elections, the GCHQ said.

LINK:

TOPIC: Cyberconflict and warfare

TREND: N/A

PROCESS: N/A

DATE: 4 April, 2023

COUNTRY: UK

TITLE: Russia publishes new foreign policy concept

CONTENT: A new version of Russia’s foreign policy concept, approved by President Vladimir Putin, was published on Friday. This document defines the priority areas, goals and objectives of the country's international activities, and will serve as a road map for the Foreign Ministry and other ministries and agencies.

The 42-page document consists of six sections and a total of 76 paragraphs. The document also focuses on international information security aspects and, in particular, mentions the right to take asymmetric and symmetric measures in case of risks to the country's sovereignty and territorial integrity, including with the use of modern ICTs (para 26).

The previous version of the concept was adopted in November 2016. The work to update it has lasted for the past few years. In January 2022, the edited document was submitted for discussion with the permanent members of the Security Council. However, as a result of the meeting, the president sent it back for revision. Last December, the head of state considered the draft of the updated concept again at a meeting with the Security Council.

EXCERPT: Russia publishes a new foreign policy concept to outline its national interests in the foreign policy domain,strategic goals, key tasks as well as priority guidelines of its foreign policy.

LINK:

TOPIC: Cyberconflict and warfare

TREND: N/A

PROCESS: N/A

DATE: 31 March, 2023

COUNTRY: Russia

TITLE: A new espionage campaign by a hacking group with suspected ties to Russia spotted targeting Ukraine, Europe, India

CONTENT: The group, known as Winter Vivern, is “highly creative” and operates with limited resources, carefully selecting targets for attacks, according to an analysis by cybersecurity company SentinelOne. The hackers’ activities appear to support the interests of the Russian and Belarusian governments, especially in relation to the ongoing war in Ukraine, the report says.

Winter Vivern recently targeted various government agencies and private businesses, including telecom companies supporting Ukraine, SentinelOne said. The list includes Polish government agencies, the foreign ministries of Ukraine and Italy, and individuals in the Indian government.

It is unclear how successful the group's attacks were and what damage they caused. SentinelOne did not respond Thursday morning to The Record's request for comment.

The research report said that organizations directly or indirectly involved in the war should be vigilant against the group’s cyberattacks.

EXCERPT: Russia-aligned ‘Winter Vivern’ APT group spotted targeting Ukraine, Europe, India

LINK:

TOPIC: Cyberconflict and warfare

TREND: N/A

PROCESS: N/A

DATE: 16 March, 2023

COUNTRY: Global

TITLE: Upcoming South Korea’s ‘strategic command’ to oversee cyber units

CONTENT: Speaking at a security forum, Ryoo Moo-bong, deputy defense minister for defense reform, detailed key features of the command that Seoul has been seeking to launch next year to counter evolving North Korean nuclear and missile threats.

South Korea's military plans to task its envisioned "strategic command" with overseeing space and cybersecurity units, and those running F-35 stealth jets and submarines, a defense ministry official said. The command is designed to take charge of the Cyber Operations Command, units for missile, space and electromagnetic spectrum operations as well as those operating F-35 jets and submarines. Ryoo also highlighted the need to improve cyberspace and electromagnetic capabilities, which can be used to neutralize threats from hostile missiles even before their launch.

EXCERPT: South Korea's military plans to task its envisioned "strategic command" with overseeing space and cybersecurity units, and those running F-35 stealth jets and submarines, a defense ministry official said

LINK:

TOPIC: Cyberconflict and warfare

TREND: N/A

PROCESS: N/A

DATE: February 9, 2023

COUNTRY: South Korea

TITLE: The US and UK issue joint cyber sanctions against a cybercrime gang Trickbot

CONTENT: In a joint press release, the United States and United Kingdom announce “historic joint cyber sanctions against the seven individuals who are part of Russia-based cybercrime gang Trickbot”. This action represents the very first sanctions of their kind for the U.K., and result from a collaborative partnership between the U.S. Department of the Treasury’s Office of Foreign Assets Control and the U.K.’s Foreign, Commonwealth, and Development Office; National Crime Agency; and His Majesty’s Treasury to disrupt Russian cybercrime and ransomware.

EXCERPT: The US and UK coordinate actions in issuing sanctions against a cybercrime gang Trickbot that are described as the first major move of a “new campaign of concerted action”

LINK:

TOPIC: Cyberconflict and warfare

TREND: N/A

PROCESS: N/A

DATE: February 9, 2023

COUNTRY: Global

TITLE: Ransomware hacking campaign targeting Europe and North America

CONTENT: Italy’s National Cybersecurity Agency (ACN) warned of a large-scale campaign to spread ransomware on thousands of computer servers across Europe and North America. France, Finland and Italy are the most affected countries in Europe at the moment, while the U.S. and Canada also have a high number of targets, the ACN warned, according to Italian news agency ANSA.

France was the first country to detect the attack, according ANSA. The French cybersecurity agency ANSSI on Friday released an alert to warn organizations to patch the vulnerability.

It is estimated that thousands of computer servers have been compromised around the world, and according to analysts the number is likely to increase. Experts are warning organizations to take action to avoid being locked out of their systems.

EXCERPT: Italy’s National Cybersecurity Agency warns of ransomware hacking campaign targeting Europe and North America

LINK:

TOPIC: Cyberconflict and warfare

TREND: N/A

PROCESS: N/A

DATE: February 5, 2023

COUNTRY: Europe, North America

TITLE: Russian telecommunications regulator Roskomnadzor blocks access toCIA, FBI websites for 'spreading false information'

CONTENT: Russian telecommunications regulator Roskomnadzor blocked access to the U.S. State Department’s Rewards for Justice website on Friday, alongside the sites for the Central Intelligence Agency and the Federal Bureau of Investigation.

"Roscomnadzor has restricted access to some resources that are owned by government organizations of hostile countries for dissemination of materials that are aimed at the destabilization of the social and political situation in Russia," the agency told TASS in a statement.

The agency acted based on Federal Law #149 On Information, Information Technologies and Protection of Information, it said.

The websites were found to contain materials that "contain inaccuracies in socially important information and discredit the Russian Federation’s armed forces," Roscomnadzor said.

EXCERPT:

Russian agency says it blocked access to CIA, FBI websites which were found to include materials that "contain inaccuracies in socially important information and discredit the Russian Federation’s armed forces"

LINK:

TOPIC: Cyberconflict and warfare

TREND: N/A

PROCESS: N/A

DATE: January 27, 2023

COUNTRY: Russian Federation

TITLE: The US-EU cooperation in fields of Cyber Resilience

CONTENT: US Secretary of Homeland Security Alejandro N. Mayorkas and European Commissioner for Internal Market Thierry Breton, released the joint statement on the cooperation between the US and the EU in the fields of Cyber Resilience.

In the context of the EU-US Cyber Dialogue, the US Department of Homeland Security (DHS) and the European Commission's Directorate-General for Communications Networks, Content and Technology (DG CNCT) intend to launch dedicated workstreams in the fields of:

• Information Sharing, Situational Awareness, and Cyber Crisis Response;
• Cybersecurity of Critical Infrastructure and Incident Reporting Requirements; and
• Cybersecurity of Hardware and Software.

The workstreams are expected to invite and involve as appropriate other relevant institutions and agencies working on cyber issues, including the European External Action Service, the Directorate-General for Defence, Industry, and Space, and the U.S. Department of State. In addition, a cyber fellowship led by DHS and DG CNCT is expected to be launched with a pilot that will involve an exchange of cyber experts in 2023.

The statement further quotes, “Today, we discussed the initial deliverables, which include:

• Deepening structured information exchanges on threats, threat actors, vulnerabilities, and incidents to support a collective response to defend against global threats to include crisis management and support of diplomatic responses.
• Finalizing a working arrangement between ENISA and CISA to foster cooperation and sharing of best practices.
• Collaborating on the topic of cyber incident reporting requirements for critical infrastructure, including guidelines and templates.
• Collaborating on the cybersecurity of software and hardware.
• Exploring how we can work together to better protect civilian space systems.”

The first deliverables from these workstreams are expected to be reported on at the 9th EU-US Cyber Dialogue, foreseen in the second half of 2023.

EXCERPT:

The US and EU will launch workstreams in the fields of Cyber Resilience to establish deeper cooperation and more structured cybersecurity information exchanges on threats between the US DHS and EU DG CNCT as well as other relevant agencies.

LINK: [https://www.dhs.gov/news/2023/01/26/joint-statement-united-states-secretary-mayorkas-and-european-union-commissioner]

TOPIC: Cyberconflict and warfare, Network security

TREND: N/A

PROCESS: N/A

DATE: January 26, 2023

COUNTRY: US, EU