Latest news with #CitizenLab
Japan Forward
30-06-2025
- Politics
- Japan Forward
JINF Report: China and Russia's Strategic Merger
As geopolitical tensions escalate in multiple theaters, China and Russia continue to strengthen their partnership in ways that contest the existing international norm. A seminar hosted on June 27 by the Japan Institute for National Fundamentals (JINF) shed light on how the two authoritarian powers are tightening their strategic alignment, both in cyberspace and in conventional military measures. Jun Osawa, a senior fellow at the Nakasone Peace Institute (NPI), spoke on the evolving sophistication of China's cognitive warfare capabilities. "Whereas Beijing's central propaganda machine once fed specific narratives that spread through state media and were later amplified by bloggers and influencers on social media, the method is now becoming more Russian-like," Osawa said. One example is the spread of conspiracy theories surrounding the August 2023 wildfires in Hawaii. A Chinese disinformation operation known as Storm-1376 falsely claimed, using AI-generated images, that the United States government had started the fires using an energy weapon. A May 2023 video of a transformer explosion in Chile was falsely repurposed to depict an explosion preceding the wildfires in Maui. Unlike earlier top-down propaganda efforts, this campaign was decentralized. Osawa likened it to Russia's favorite playbook: exploiting societal fault lines with misinformation and synthetic media to stir social unrest. Storm-1376, reportedly linked to China's Ministry of Public Security, has for years promoted content aimed at discrediting the American democracy and political system. In April 2023, the US Department of Justice filed charges against 34 Chinese officials implicated in related influence campaigns. Beijing's growing cyber infiltration activities are also targeting Japan. Citing a February 2024 report by Citizen Lab at the University of Toronto, Osawa described a China-based network of at least 123 fake news websites posing as local outlets in 30 countries. These sites blend genuine news from other platforms and fabricated articles to distort information ecosystems and advance specific agendas. Homepage of a news site flagged by Citizen Lab as likely operated by Chinese bots and designed to mimic a legitimate local news outlet. In Japan, domains like masquerade as local news outlets, reprinting authentic content while slipping in pro-Beijing fake stories. Since April 2024, websites imitating major Japanese news brands such as Sankei Weekly and Yomiuri Daily have appeared to enhance their credibility. "While the viewership of these sites is still low, like Russia, the purpose is to spread the news on social media as if it's from a neutral and credible source," Osawa said. There are also signs of disinformation being used as a geopolitical lever. On June 1, a prominent Chinese military blogger shared an article that falsely attributed a provocative quote to a Japanese Maritime Self-Defense Force Commander. In the article, Commander Hiroshi Ito is falsely cited as saying, "If necessary, we will cooperate with Ukraine to launch attacks from both sea and land and recapture the four islands." The Four Islands refer to the Northern Territories, a chain located just off the northeast coast of Hokkaido, which have long been in dispute between Japan and Russia. The four disputed islands in the Northern Territories are Etorofu, Kunashiri, Shikotan, and the Habomai. (©Public Domain) The post, which garnered a whopping 168 million views, appeared just one day after former Prime Minister Shinzo Abe's widow, Akie Abe, met with Vladimir Putin. "Given that a photo of Putin and Akie was placed at the bottom of the news site, it was clearly intended to drive a wedge between Japan and Russia," the NPI researcher said. Russian President Vladimir Putin welcomes Akie Abe, the widow of former Prime Minister Shinzo Abe, to the Kremlin with a large bouquet of flowers. Moscow, May 29 (©Sputnik via Reuters) Another tactic used to influence foreign politics is the "hack-and-leak" strategy. In mid-2022, Chinese hackers released partial itineraries of two Taiwanese national security officials, selectively highlighting their off-duty activities such as shopping and dining. They were intended to manipulate public perception and sow distrust among the Taiwanese public toward their government officials. Notably, Osawa explained that these leaks resemble Russia's interference in the 2016 US presidential election. Two Russian hackers at the time breached the Democratic National Committee's servers and exposed information damaging to the Democratic candidate. Turning from cyber to military cooperation, JINF researcher Maki Nakagawa pointed out that since launching joint military exercises in 2012, the scope and intensity of Sino-Russian drills have significantly expanded. In July 2024, for instance, four Chinese naval vessels transited Japan's Soya and Tsugaru Straits en route to the Bering Sea, waters within the US Exclusive Economic Zone. China's navy presence in US territorial waters dates back to 2015, when its vessels entered for the first time following a joint exercise with Russia. US and Canadian fighter jets intercept Chinese H-6 bombers near Alaska on July 24, 2024. (©NORAD) Joint air patrols are also broadening their scope. In that same month, China's H-6K bomber flew alongside a Russian bomber into Alaska's Air Defense Identification Zone. Before the flight, Nakagawa noted that the Chinese aircraft stopped at Anadyr airport in Russia's Far East, reflecting growing logistical interoperability. "Moscow is effectively providing Chinese forces with access to the northern Pacific, allowing it to pressure America's coastal defenses," she said. In turn, Chinese forces are joining Russian troops in joint drills in the Arctic and the Sea of Okhotsk, regions of strategic importance to Moscow. The Sea of Okhotsk includes the contested Northern Territories. The deepening military cooperation between China and Russia places a heavy responsibility on East Asian democracies. Nakagawa, a former Commander of the Basic Intelligence Unit in the Ground Self-Defense Force, warned that Japan must prepare for a "two-front scenario," with Chinese military forces advancing from both the Sea of Japan and the East China Sea. China's expanding naval and aerial reach, she said, will inevitably complicate America's ability to respond quickly to crises within the First Island Chain. A Chinese Coast Guard vessel with a helicopter taking off near the Senkakus, afternoon of May 3. (©Japan Coast Guard) Compounding these complexities is "China's enhanced nuclear deterrent, backed by its advancing triad capabilities and ballistic missile early warning system," the JINF researcher added. The implication for Taiwan is also significant. While Beijing is unlikely to seek direct Russian military intervention, Nakagawa said it would expect intelligence sharing, anti-access and area denial A2/AD support, nuclear deterrence, and weapons transfers in the event of a potential Cross-Strait conflict. By observing the real-world use of drones and advanced weaponry in the war in Ukraine, China is seeking to draw lessons from its authoritarian ally across a broad spectrum of domains, extending beyond cyber operations. Author: Kenji Yoshida
Forbes
19-06-2025
- Forbes
Google's Gmail Warning—Do Not Use Any Of These Passwords
New Gmail password warning dpa/picture alliance via Getty Images Google has confirmed details of a complex attack with a simple warning attached. Yet again, bad actors have exploited Google's legitimate account infrastructure to trick users into compromising their own security. And while in this instance the targets were highly targeted, the basic vulnerability affects all users. Google's Threat Intelligence Group and Citizen Lab warn that Russian state-affiliated hackers used seemingly legitimate U.S. State Department email addresses to help target high-value individuals with emails and calendar invites. With a target hooked, a malicious PDF attachment was then sent which triggered a password request to open. Victims were directed to 'to create an Application Specific Password (ASP) or 'app password'. ASPs are randomly generated 16-character passcodes that allow third-party applications to access your Google Account, intended for applications and devices that do not support features like 2-step verification (2SV)." As Citizen Lab says, 'while many state-backed attackers still focus on phishing a target's passwords and MFA codes, others are constantly experimenting with novel ways to access accounts." This attack "is yet another effort to gain account access through a novel method: convincing the target user to create and share a screenshot of an App-Specific Password (ASP).' ASP Warning Google The target was then told to share the Gmail ASP to open the document. This enabled the attackers to gain access to the victim's Gmail account using that ASP. As Google says, 'users have complete control over their ASPs and may create or revoke them on demand.' But if you don't know you've been attacked, you have no reason to do so. Two separate warnings here. If you consider yourself a high-value target for any flavor of sophisticated or even state-affiliated hacker, if you're in a high-profile or high-risk job or location, then you should enable Google's Advanced Protection Program. This will better lock down your account, but it is for a small minority of users. For all others, the second warning is not to use these ASPs. Google warns 'app passwords aren't recommended and are unnecessary in most cases. To help keep your account secure, use 'Sign in with Google' to connect apps to your Google Account." Even if you're not at risk from a sophisticated attack, the use of ASPs has now been flagged and it wil be very easy for attackers to socially engineer simpler, wider campaigns that trick users into sharing ASPs using a wide variety of lures. As such do not set these up and certainly never share them.
CTV News
16-06-2025
- Politics
- CTV News
Border bill raises questions about expanded data sharing with U.S.: Citizen Lab
OTTAWA — An organization that monitors the effect of information flows on human rights says the new federal border security bill appears to 'roll out a welcome mat' for expanded data-sharing agreements with the United States and other foreign authorities. Researchers with The Citizen Lab at the University of Toronto say they want the federal government to reveal more about the information-sharing implications of the bill due to a possible risk to human rights. A preliminary Citizen Lab analysis of the bill also raises questions about how any new information-sharing plans would comply with Canada's policy on tabling treaties in Parliament. The analysis released today notes the legislation refers to the potential for agreements or arrangements with a foreign state. The bill also mentions the possibility that people in Canada may be compelled to disclose information by the laws of a foreign state. The government says the legislation is intended to keep borders secure, fight transnational organized crime, stop the flow of deadly fentanyl and crack down on money laundering. This report by The Canadian Press was first published June 16, 2025 Jim Bronskill, The Canadian Press
Phone Arena
16-06-2025
- Phone Arena
This iPhone hack needed zero clicks – and it spied on journalists
Recently, Apple patched a critical iPhone zero-day vulnerability. Reportedly, this vulnerability was quietly exploited, targeting journalists. Citizen Lab discovered the vulnerability. Basically, it allowed for Paragon's Graphite spyware to infiltrate iPhones via iMessage. The issue has been addressed in iOS 18.3.1. Back in April 2025, Apple notified a select group of iOS users (including two prominent journalists) that their devices had been targeted by spyware. Citizen Lab, which is a cybersecurity research group, confirmed the suspicions using forensic analysis. The investigation reportedly showed that a European journalist and an Italian journalist were targeted by surveillance firm Paragon. The spyware was reportedly installed via a zero-click attack in iMessage. A "zero-click" attack basically requires no action to be taken by the victim. The malicious user sends a specific malicious message and it compromises the device. Luckily, Apple has patched this vulnerability with iOS 18 .3.1. iOS is known for its security and privacy, but even iOS can fall victim to malicious users. | Image Credit – Apple Meanwhile, as Citizen Lab continued its analysis, it found that the exploited vulnerability was related to how iOS processed photos and videos sent via iCloud links. Another journalist has also been notified by Apple in January of this year about being targeted with Paragon's spyware. This could mean a broader pattern of attacks against journalists. So far, it seems only these specific people were targeted, and the vulnerability has been fixed by Apple already, so you generally have nothing to worry about. However, this incident clearly underlines the continuing fight between malicious users and is generally known for its privacy and security-centric approach, but even Apple can fall prey to the creativity and maliciousness of hackers. It's basically a cat-and-mouse game between device makers and hackers, and it's been like this since tech existed, pretty much. Although we as users can't do much in the grand scheme of things, it's important to update your device in a timely manner. When a security vulnerability has been discovered, usually companies release patches and updates to iron it out, so don't postpone or delay these when you see them waiting to be installed on your device.
Forbes
13-06-2025
- Forbes
New iPhone Spyware Warning — Act Now To Prevent Attacks
A new warning has been issued to Apple iPhone users by researchers after they found forensic evidence that Paragon Graphite spyware has taken over targets' devices. Cybersecurity researchers at Citizen Lab — which is known to discover and report vulnerabilities such as spyware — found spyware made by Israeli firm Paragon targeting iPhones. It comes after the Italian government admitted using spyware to target civil society. Apple initially issued an alert on the new spyware targeting a number of iOS users including journalists on April 29. Among the group were two journalists that consented for the technical analysis of their cases, Citizen Lab's Bill Marczak and John Scott-Railton wrote in their analysis. After investigating the devices of a prominent European journalist (who requests anonymity), and Italian journalist Ciro Pellegrino, Citizen Lab found forensic evidence confirming 'with high confidence that both a were targeted with Paragon's Graphite mercenary spyware.' Citizen Lab found evidence linking both cases to the same Paragon operator. The attacker deployed Paragon's Graphite spyware using 'a sophisticated iMessage zero-click attack,' Citizen Lab said, adding: 'We believe that this infection would not have been visible to the target.' The iPhone flaw, tracked as CVE-2025-43200, was patched in iOS 18.3.1. Spyware is so dangerous because it provides adversaries complete access to your iPhone, including your microphone, camera, email and messages — even those sent via encrypted apps such as WhatsApp or Signal. Worse, spyware is often deployed via so called 'zero-click attacks' that require no user interaction, taking advantage of vulnerabilities in the iOS operating system. This means the malware ca be delivered via an image sent via iMessage or WhatsApp — and you don't need to open it to become a victim. The fact that Graphite was delivered through a zero-click exploit reflects a growing pattern where 'sophisticated spyware uses zero-day vulnerabilities to silently compromise devices,' says Adam Boynton, senior security strategy manager EMEIA at cybersecurity outfit Jamf. What makes Graphite especially dangerous is its ability to operate covertly in memory, often leaving minimal artefacts on disk, says Boynton. It is capable of creating system-level impersonations — for example, registering hidden iMessage accounts or spoofing security features — to conceal its presence from both the user and standard detection tools. 'These tactics make traditional mobile security models insufficient on their own,' says Boynton. The new spyware warning is certainly scary, but at the same time, Apple's security architecture remains 'among the strongest in the industry,' says Boynton. He points to the iPhone maker's Lockdown Mode, which reduces the functionality of your iPhone but helps protect it from spyware. Spyware is extremely targeted, as can be seen from Citizen Lab's analysis, which focused on journalist's iPhones. Other groups vulnerable to the malware include dissidents, political figures and business users operating in certain sectors. In order to help prevent being targeted, Boynton emphasises the importance of keeping iPhones up to date. He also suggests enabling Lockdown Mode on Apple devices if you are in a sensitive or high-risk role. Another way of disrupting spyware is to turn your iPhone off and on again. But it's not a permanent solution and if you do suspect the malware is on your device, contact an organization such as Amnesty or Access Now for help. As researchers reveal more details about the dangers of the Graphite spyware, it is important that you update your iPhone now to the latest software, currently iOS 18.5. Even if you are not a target, upgrading will protect you from a number of flaws that could compromise your iPhone's security.
