Technology

Did you know you can play Doom on a diffusion model now? It’s true, Google just announced it! Just don’t read the paper too closely.

Alexey Soldatov, known as the “father of the Russian Internet,” was sentenced in July to two years in prison by a Moscow court for alleged “misuse” of IP addresses.

In 1990, Soldatov led the Relcom computer network that made the first Soviet connection to the global internet. He also served as Russia’s Deputy Minister of Communications from 2008 to 2010.

Soldatov was convicted on charges related to an alleged deal to transfer IP addresses to a foreign organization. He and his lawyers have denied the accusations. His family, many supporters, and Netzpolitik suggest that the accusations are politically motivated. Soldatov’s former business partner, Yevgeny Antipov, was also sentenced to eighteen months in prison.

Enticing though they are, such arguments conceal a logical flaw. As a classic 19th-century theory known as a Jevons paradox explains, even if autonomous vehicles eventually work perfectly — an enormous “if” — they are likely to increase total emissions and crash deaths, simply because people will use them so much.

Archived version

Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks.

This threat actor used Visual Studio Code’s embedded reverse shell feature to gain a foothold in target networks. This is a relatively new technique that a security researcher discovered in 2023. According to our telemetry, this is the first time a threat actor used it in the wild.

We assess that this campaign is a direct continuation of a previously reported campaign that we attributed with moderate-high confidence to Stately Taurus. We come to this conclusion based on consideration of the TTPs, timeline and victimology targeting government entities in Southeast Asia.

We will also discuss a connection between the Stately Taurus activity and a second cluster of activity occurring simultaneously in the same targeted environment that leveraged the ShadowPad backdoor.

Palo Alto Networks customers receive better protection against threats discussed in this article through the following products and services, which we detail further in the Conclusion section:

• Advanced WildFire
• Advanced URL Filtering
• Advanced DNS Security
• Cortex XDR
• Cortex XSIAM
• Prisma Cloud Compute

Earlier this year, the Australia's eSafety commissioner took X to court over its refusal to remove videos of a religiously motivated Sydney church stabbing for its global users.

The case was ultimately dropped, but commissioner Julie Inman Grant says she received an "avalanche of online abuse" after Mr Musk called her the "censorship commissar" in a post to his 196 million followers.

[...]

A Columbia University report into technology-facilitated gender-based violence - which used Ms Inman Grant as a case study - found that she had been mentioned in almost 74,000 posts on X ahead of the court proceedings, despite being a relatively unknown figure online beforehand.

According to the analysis, the majority of the messages were either negative, hateful or threatening in some way. Dehumanising slurs and gendered language were also frequently noted, with users calling Ms Inman Grant names such as "left-wing Barbie", or "captain tampon".

[...]

Ms Inman Grant said that Mr Musk's decision to use "disinformation" to suggest that she was "trying to globally censor the internet" had amounted to a "dog whistle from a very powerful tech billionaire who owns his own megaphone".

She said that the torrent of online vitriol which followed had prompted Australian police to warn her against travelling to the US, and that the names of her children and other family members had been released across the internet.

[...]

The case turned into a test of Australia's ability to enforce its online rules against social media giants operating in multiple jurisdictions – one which failed after a Federal Court judge found that banning the posts from appearing on X globally would not be “reasonable” as it would likely be "ignored or disparaged by other countries".

In June, Ms Inman Grant's office said it would not pursue the case further, and that it would focus on other pending litigation against the platform.

X's Global Government Affairs team described the outcome as a win for "freedom of speech".

It could also identify your voice and recognize you and your ad preferences, and those of your passengers.

Why...

Archived version

Two days after U.S. authorities accused two employees of Russian state media network RT of coordinating an online network aimed at influencing the 2024 presidential election, more than 400 posts by Tenet Media, the online content company at the heart of the case, were still accessible on TikTok, unlabeled and untouched.

So too were Tenet Media's nearly 2,500 Instagram videos and more than 4,000 posts on social network X, along with its posts on Facebook and video platform Rumble.

Of all the major platforms where Tenet distributed its videos, so far only Alphabet's YouTube has taken action penalizing the company, pulling down the main Tenet Media channel along with four others operated by owner Lauren Chen on Thursday.

[...]

The platforms' apparent inaction on the campaign is a striking departure from the aggressive efforts they have touted in recent years to expose secretive foreign propaganda campaigns, reflecting both the novelty of the tactics allegedly used and the fraught politics of policing content posted by real people inside the United States.

It also exposes a fresh challenge faced by the platforms as Russia increasingly turns to unwitting American social media stars to covertly influence voters ahead of U.S. elections this year, a sort of digital update to Cold War-era practices of laundering messages through journalists or front media outlets, according to disinformation researchers

"What we're ultimately grappling with is a problem that exists in the real world. It's manifesting on social media in the sense that the entity has a presence there, but it isn't a social media problem per se," said Olga Belogolova, a disinformation professor at Johns Hopkins School of Advanced International Studies and former head of influence operations policy at Meta.

[...]

Archived link

TIDRONE, a threat actor linked to Chinese-speaking groups, targets military-related industry chains in Taiwan

• TIDRONE, an unidentified threat actor linked to Chinese-speaking groups, has demonstrated significant interest in military-related industry chains, especially in the manufacturers of drones’ sector in Taiwan

• The threat cluster uses enterprise resource planning (ERP) software or remote desktops to deploy advanced malware toolsets such as the CXCLNT and CLNTEND.

• CXCLNT has basic upload and download file capabilities, along with features for clearing traces, collecting victim information such as file listings and computer names, and downloading additional portable executable (PE) files for execution

• CLNTEND is a newly discovered remote access tool (RAT) that was used this April and supports a wider range of network protocols for communication

• During the post-exploitation phase, telemetry logs revealed user account control (UAC) bypass techniques, credential dumping, and hacktool usage to disable antivirus products.

Here is the indictment and press release by the U.S. Department of Justice.

The indictment of two employees of RT - formerly 'Russia Today', a Kremlin-controlled propaganda outlet based in Moscow - includes allegations that they implemented a nearly $10 million plan to fund a U.S.-based company as one of their “covert projects.”

Employees of the Russia-backed media network RT funded and directed a scheme that sent millions of dollars to prominent right-wing commentators through a media company that appears to match the description of Tenet Media, a leading platform for pro-Trump voices [...]

The indictment on Wednesday of two RT employees, Konstantin Kalashnikov and Elena Afanasyeva, includes allegations that the duo implemented a nearly $10 million plan to fund an unnamed Tennessee-based company as one of their “covert projects” to influence American politics by posting videos to TikTok, Instagram, X and YouTube.

[...]

[Involved apoear to be] six commentators: Lauren Southern, Tim Pool, Tayler Hansen, Matt Christiansen, Dave Rubin and Benny Johnson. The indictment refers to six commentators, who are not named.

[...]

Details included in the indictment match those of two of Tenet’s personalities: Rubin and Pool. As of Wednesday, Rubin’s “The Rubin Report” YouTube channel had 2.44 million subscribers. The indictment refers to “Commentator-1” as having over 2.4 million YouTube subscribers. A person with over 1.3 million YouTube subscribers is referred to as “Commentator-2.” Pool now has 1.37 million subscribers. The indictment also refers to three other commentators, including one with female pronouns, but lacked any information that could directly identify their channels.

[...]

A story posted on a mysterious website has been widely circulated on social media after it made a baseless claim that Kamala Harris - the Democratic presidential nominee - was involved in an alleged hit-and-run incident.

It claims, without providing evidence, that a 13-year-old girl was left paralysed by the crash, which it says took place in San Francisco in 2011.

The story, which was published on 2 September by a website purporting to be a media organisation called KBSF-San Francisco News, has been widely shared online. Some online posts by right-leaning users citing the story have been viewed millions of times.

BBC Verify has found numerous false details indicating it is fake and the website has now been taken down.

[...]

Fake news stories targeting the US

The story and the website it originally appeared on share striking similarities with a network of fake news websites that masquerade as US local news outlets, which BBC Verify has previously extensively reported on.

John Mark Dougan, a former Florida police officer who relocated to Moscow is one of the key figures behind the network.

Approached by BBC Verify to comment on the hit-and-run story, Mr Dougan denied any involvement, saying: “Do I ever admit to anything? Of course it’s not one of mine.”

The websites mix dozens of genuine news stories taken from real news outlets with what is essentially the real meat of the operation - totally fabricated stories that often include misinformation about Ukraine or target US audiences.

The websites are often set up shortly before the fake stories appear on them, and then go offline after they serve their purpose.

Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023.

Sighting this group’s TTPs in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them. This can help the threat intelligence community better understand the motives of this threat actor.

The infection came to our attention in June 2024, when our telemetry gave recurring alerts for a new China Chopper web shell variant (used by many Chinese-speaking actors), which was found on a public web server. The server was hosting an open-source content management system (CMS) called Umbraco, written in C#. The observed web shell component was compiled as a .NET module of Umbraco CMS.

In our subsequent investigation, we looked for more suspicious detections on this public server and identified multiple malware sets. These include post-exploitation tools, which, we assess with medium confidence, are related to and leveraged in this intrusion.

Furthermore, we identified new DLL search-order hijacking implants that are loaded from a legitimate vulnerable executable as it lacks the full path specification to the DLL it needs. This attack chain was attempting to load the Crowdoor loader, which is half-named after the SparrowDoor backdoor, detailed by ESET. During the attack, the security agent blocked the first Crowdoor loader, prompting the attackers to switch to a new, previously unreported variant, with almost the same impact.

Archived version

When he first emerged on social media, the user known as Harlan claimed to be a New Yorker and an Army veteran who supported Donald Trump for president. Harlan said he was 29, and his profile picture showed a smiling, handsome young man.

A few months later, Harlan underwent a transformation. Now, he claimed to be 31 and from Florida.

New research into Chinese disinformation networks targeting American voters shows Harlan’s claims were as fictitious as his profile picture, which analysts think was created using artificial intelligence.

As voters prepare to cast their ballots this fall, China has been making its own plans, cultivating networks of fake social media users designed to mimic Americans. Whoever or wherever he really is, Harlan is a small part of a larger effort by U.S. adversaries to use social media to influence and upend America’s political debate.

[...]

The head of US Space Command said Wednesday he would like to see more transparency from the Chinese government on space debris, especially as one of China's newer rockets has shown a propensity for breaking apart and littering low-Earth orbit with hundreds of pieces of space junk.

Gen. Stephen Whiting, commander of US Space Command, said he has observed some improvement in the dialogue between US and Chinese military officials this year. But the disintegration of the upper stage from a Long March 6A rocket earlier this month showed China could do more to prevent the creation of space debris and communicate openly about it when it happens.

The Chinese government acknowledged the breakup of the Long March 6A rocket's upper stage in a statement by its Ministry of Foreign Affairs on August 14, more than a week after the rocket's launch August 6 with the first batch of 18 Internet satellites for a megaconstellation of thousands of spacecraft analogous to SpaceX's Starlink network.

Space Command reported it detected more than 300 objects associated with the breakup of the upper stage in orbit, and LeoLabs, a commercial space situational awareness company, said its radars detected at least 700 objects attributed to the Chinese rocket.

"I hope the next time there's a rocket like that, that leaves a lot of debris, that it's not our sensors that are the first to detect that, but we're getting communications to help us understand that, just like we communicate with others," Whiting said at an event hosted by the Mitchell Institute marking the fifth anniversary of the reestablishment of Space Command.

[...]

Last November, [U.S.] President Joe Biden and Chinese President Xi Jinping agreed to resume military-to-military communications between each nation's armed forces, which were suspended in 2022. US and Chinese military leaders have met face to face several times this year, and Jake Sullivan, Biden's national security adviser, met with Xi and Chinese military leaders this week in Beijing. The meetings have focused on terrestrial concerns and operational matters, such as reducing the risk of miscalculations, or an accidental escalation or conflict between Chinese airplanes and ships and those from the United States and its allies.

[...]

China has a track record of leaving behind a lot of space junk. LeoLabs says there are nearly 1,000 abandoned rocket bodies in low-Earth orbit, with an average mass of 1.5 metric tons.

"That number continues to grow, posing a significant risk to the space environment," LeoLabs said in a statement. "While Russia and the US have improved their 'rocket body abandonment behavior' over the last 20 years, the relative contribution by other countries has grown by a factor of five and China by 50x.

"The rate that China is leaving abandoned rocket bodies in orbit reverses the improved behavior of US and Russia and results in a continual accumulation of objects that will be especially prolific in creating fragments if involved in a collision," LeoLabs engineers wrote in a paper last year.

LeoLabs researchers found the total mass of all rocket hardware in low-Earth orbit (LEO) is currently nearly 1,500 metric tons. "Sadly, the rate of rocket body mass abandonment in LEO has actually increased in the last 20 years relative to the first (approximately) 45 years of the space age."