[Weekend Briefing] All-out war in cyber

By Dain Oh, The Readable
Feb. 9, 2024 6:35PM GMT+9

“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.


Hello! This is Dain Oh reporting from South Korea. The Citizen Lab, a Toronto-based research group that investigates digital threats, released a report on Wednesday disclosing an influence operation out of China targeting at least 30 countries. Kuksung Nam, who has independently monitored Chinese information operations since last year, collaborated with the digital watchdog group to craft an in-depth story prior to its publication.

Sylvie Truong tracked another operation by China targeting the Vietnamese government. In the weekly briefing’s conclusion, there is a joint advisory from the Five Eyes about China’s extensive cyberattacks on the infrastructure of the United States, dubbed Volt Typhoon.

This week, we also published an analysis article on the recent cyber exercise between South Korea and the U.S. Enjoy reading our stories, and we wish you a fantastic weekend!

1. Chinese marketing firm created fake news sites targeting 30 countries, researchers reveal

Designed by Sangseon Kim, The Readable

A digital watchdog group uncovered a vast network of at least 123 fake news sites on Wednesday, originating in China and spread across 30 countries, designed to promote pro-Beijing propaganda while undermining criticisms of the Chinese government. This revelation showed that the Chinese influence operation extended well beyond the South Korean border, where similar fake websites were identified last year.

In their latest report, Citizen Lab researchers disclosed an extensive influence operation named PAPERWALL, orchestrated by China, targeting nations across Asia, Europe, and Latin America. The operation first set its sights on Japan, where it established nine fake news sites in July 2020. Subsequently, it expanded into South Korea, France, the United Kingdom, Ireland, and Italy between 2020 and 2021, thereby including these countries among its targets. By the end of last year, the operation had extended its reach to a total of 30 countries.

Among the 123 fake news sites identified, South Korea was the most targeted, with 17 websites, followed by China’s two other neighboring countries, Japan and Russia. Alberto Fittarelli, a senior researcher and the disinformation research lead at Citizen Lab, provided insight into the targeting of these three countries in an email statement. He mentioned, “We can’t be certain of the reason,” but highlighted that at least two South Korean companies seemed to have the ability to publish content on the PAPERWALL network of websites. This suggests that the motivations behind the focus on these countries could be primarily commercial. READ MORE

2. Vietnam lists Chinese hacker groups Mustang Panda, APT31 as espionage threats

Designed by Sangseon Kim, The Readable

Despite their shared communist ideology and recent efforts to enhance their bilateral relationship, Vietnam has identified Chinese hacker groups Mustang Panda and the advanced persistent threat (APT) actors APT31 as significant espionage threats for 2024.

The Vietnamese government, drawing on an analysis by Bkav, a top cybersecurity firm in Vietnam, has released a report highlighting key cybersecurity challenges and predictions for 2024. Bkav observed a significant rise in espionage-related cyberattacks targeting Vietnam in 2023, noting a 55% increase from the year before. These attacks impacted more than 280,000 computers and were attributed to several Chinese threat groups, notably Mustang Panda and APT31. The report points out that these attackers utilized malware tools like PlugX, CobaltStrike, and njRAT to exfiltrate data.

Mustang Panda, an infamous Chinese cyber threat group, has been active in targeting foreign entities and has been well-known to the cybersecurity community since at least 2012. This group has conducted cyberattacks against the governments of Myanmar, the Philippines, Indonesia, Australia, Taiwan, Japan, the United States, the United Kingdom, Estonia, Finland, Greece, Latvia, and Turkey, according to multiple cybersecurity researchers. Mustang Panda specializes in espionage, utilizing spear-phishing campaigns that leverage current events like COVID-19, the Russia-Ukraine conflict, international summits, and various other subjects to compromise their targets. READ MORE

3. [Perspective] The true meaning of ROK-US cyber exercise

Designed by Areum Hwang, The Readable

The South Korean Ministry of National Defense released a seemingly ordinary public statement on January 26. It announced that its Cyber Operations Command had conducted its first cyber exercise in collaboration with its United States counterpart to strengthen their collective defenses against cyber threats. Perhaps due to the statement’s brevity and its dry tone, local news outlets that published the press release barely noted the significance of this event for the nation.

The joint cyber exercise, conducted by South Korea’s cyber command in collaboration with the U.S. Cyber Command, took place in Seoul from January 15 to January 26. During this period, the South Korean cyber command opened its training facilities to its U.S. counterparts to engage in a comprehensive cyber drill. This drill focused on mastering the sharing of threat information and responding to threats. A high-level official, with direct knowledge of the exercise and who wished to remain anonymous for security reasons, described the training as encompassing "severe scenarios." These scenarios were rigorously executed by cyber agents from both South Korea and the U.S.

The latest event highlighted two significant “firsts.” For the first time, the Republic of Korea engaged in a bilateral cyber exercise with another country, underscoring the escalating importance of cyber threats as global national security issues that necessitate international cooperation. Although South Korea has previously taken part in multinational cyber training exercises, such as the “Cyber Flag” led by the U.S. in July 2023 and NATO’s “Cyber Coalition” in December 2023, the practice of conducting a bilateral cyber exercise specifically aimed at a mutual adversary was unprecedented on the Korean Peninsula until last month. READ MORE

4. Expert proposes immediate attention for addressing AI bias in security measures

Yoo Ji-yeon, a professor from the Department of Intelligent Engineering Informatics for Human at Sangmyung University, presenting at the seventh National Strategy Forum on February 6. Photo by Hongeun Im, The Readable

At the seventh National Strategy Forum, hosted by the Korean Association of Cybersecurity Studies (KACS) on Tuesday, Yoo Ji-yeon, a professor at Sangmyung University’s Intelligent Engineering Informatics for Human Department, emphasized that addressing bias in artificial intelligence (AI) models is as crucial as dealing with privacy leaks and technology protection in current AI security measures.

Professor Yoo Ji-yeon underscored the importance of scrutinizing bias within AI. She pointed out that while AI models may not be the direct targets of cyberattacks, the tendency of AI to develop biases poses a threat to society. “AI’s deep integration with society affects not only social behaviors but also its own training processes,” she remarked. Highlighting the pervasive influence of bots, as reported by the 2023 Bad Bot Report from Imperva, which stated that 47.4% of internet traffic in 2022 was bot-generated, she raised concerns about children’s ability to discern the authenticity of online content. This led to her proposal for the creation of an evaluation system dedicated to examining AI bias. READ MORE

5. Defending public safety: Mitigating swatting attacks linked to data breaches and deepfakes

Designed by Areum Hwang, The Readable

Over a dozen public leaders in the United States have been targeted in recent swatting attacks, and a ransomware gang threatened to swat cancer patients using compromised data if ransom demands were not met.

Swatting is a harassment tactic in which a false report of a serious crime is lodged against an individual or organization in order that an armed SWAT team be deployed to the victim’s location, thereby placing the victim in danger of being shot or killed. Deceptive information, often about a hostage crisis or a mass shooting, misleads law enforcement. Although swatting is not a new phenomenon, malicious actors threatening to leverage data from breaches and the use of artificial intelligence (AI) deepfakes for creating threats raises concerns that they will become more common. Swatting has led to the deaths of innocent people, and the surge in swatting attacks calls for swift and strong countermeasures. READ MORE

6. [Report] Security outlook 2024: AI, Election, the Paris Olympics

The Readable reviewed more than 30 reports of cybersecurity predictions, published by vendors and public institutions, and pared them down to five topics: Artificial intelligence, election security, the Paris Olympics, persistent threats, and cyber insurance. Our reporters summarized each topic in approximately 300 words, based on the analysis provided by the original reports. The sources that were referenced can be found at the end of each topic, marked with a hashtag. There is also a full list of reports at the end of the articles. READ MORE

7. [Canadian Centre for Cyber Security] Joint advisory on PRC state-sponsored actors compromising and maintaining persistent access to U.S. critical infrastructure and joint guidance on identifying and mitigating living off the land

hello@thereadable.co

The cover image of this article was designed by Areum Hwang. This article was copyedited by Arthur Gregory Willers.


Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.