News: A troll army could be setting up near NATO summit

Monday, July 10, 2023

A troll army could be setting up near NATO summit

Jul 10, 2023

Driving the day

— Yevgeny Prigozhin and his paramilitary forces are still making their move to Belarus, and when he gets there, expect a disinformation factory to be right there with them.

HAPPY MONDAY, and welcome to Morning Cybersecurity! Congress is back in action, the NATO summit is almost underway, and now the NBA has unveiled it will have a new in-season tournament starting this year. Time for LeBron to become the first player to win two trophies in one year. Then he’s *definitely* the GOAT, right?

Got tips, feedback or other commentary? Send them to Joseph at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below.

JOIN 7/11 FOR A TALK ON THE FAA’S FUTURE: Congress is making moves to pass the FAA Reauthorization Act, laying the groundwork for the FAA’s long-term agenda to modernize the aviation sector to meet the challenges of today and innovate for tomorrow. Join POLITICO on July 11 to discuss what will make it into the final reauthorization bill and examine how reauthorization will reshape FAA’s priorities and authorities. REGISTER HERE.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Today's Agenda

CISA Director Jen Easterly is delivering the keynote address at the Homeland Security’s Startup Studio final pitch event. 1 p.m.

The International Scene

COMING TO A BELARUS NEAR YOU — While NATO leaders gather this week in Lithuania against the backdrop of Moscow’s war in Ukraine, something else might be brewing just across the border in Belarus.

Wagner Group’s head honcho Yevgeny Prigozhin may not be in the country yet, but there are signs the Kremlin disinformation chief is getting ready for the next phase of his operation, Russian disinformation and Wagner Group researcher Lukas Andriukaitis at the Atlantic Council's Digital Forensic Research Lab told Morning Cyber.

— It’s all connected: Prigozhin’s empire stretches far beyond a ground force to encompass Russia’s most notorious troll factories. There are rumblings that new bases are being built in Belarus, Andriukaitis says, and the suspicion is they’re setting up camp for the Wagner Group’s arrival. And when Wagner comes to town, its entire operation follows.

“It’s the whole package,” Andriukaitis said. “When it comes to Wagner’s military operations it's going to be tied with the influence campaign as well.”

It’s unclear whether Wagner itself has a sizable cyber faction, but Prigozhin has claimed to have founded the U.S.-sanctioned Internet Research Agency, and on another occasion said he interfered in U.S. presidential elections through the spread of disinformation.

— Don’t forget: The web and presence of the Wagner troll factories are being felt in countries across Africa right now — with anti-Western disinformation focusing on domestic and international politics proliferating to exacerbate regional instability, according to a DFRLab report. Documents obtained by POLITICO earlier this year also detail operations meant to sway political events on the ground across Africa in an effort to bolster pro-Moscow sentiments.

— Internal unrest: Belarusian President Alexander Lukashenko, who invited Prigozhin with open arms, may be the next victim of his troll army.

“[Prigozhin] has hinted that the Belarusian presidency was promised to him,” Adriukaitis said. “Meaning that he might be interested in having an area of personal influence within Belarus.”

Be on the lookout for Prigozhin to possibly focus his influence attacks on his next host country to try and destabilize Lukashenko’s regime, Adriukaitis said.

— Money man: All signs point to the Russian oligarch having access to his money post-mutiny investigation, meaning Prigozhin’s cyber operations could continue at full tilt, Russia watchers say. Hackers from the Dossier Center investigating Prigozhin’s “cyber troops” concluded in March that all the work within his businesses are “organically linked.”

This means that while the Kremlin’s long-feared cyberwar capabilities haven’t broken through Ukraine’s infrastructure like many expected, Prigozhin’s funding of IT infrastructure, IP hosting and disinformation tactics could keep pulsing.

Cyber Diplomacy

DATA DUMP — We were telling you last week about the United States announcing how it’s fulfilled its commitments to implement the U.S.-EU Data Privacy Framework – a mechanism designed over months and months of negotiations to safely transfer EU citizens’ personal data to the United States. Now there is talk the EU could opt for an approval on the framework as soon as today, report our colleagues at Politico Europe’s Cyber Insights.

— What it means: The DPF indirectly plays a role in promoting secure data handling practices. Generally, the U.S. tends to lean toward open data flows tied to trade agreements, while the EU likes to emphasize strict privacy protections. But the framework has gotten wide backing in Europe — with 24 out of 27 (unnamed) capitals in favor and 3 abstaining, according to a record of the vote.

So when and if the approval comes, U.S. companies will have to comply with EU data protection law while still being subject to U.S. foreign intelligence surveillance laws. And it will go into effect the very day it’s issued.

— U.S. on thin ice: Secretary of Commerce Gina Raimondo confirmed in her approval last week that the EU, Iceland, Liechtenstein and Norway are now “qualifying states” for redress — meaning their citizens can sue U.S. spy agencies if they’re suspected of breaking U.S. laws.

— The Snowden of it all: The Court of Justice of the EU struck down two previous data deals — Privacy Shield and Safe Harbor — after revelations of heavy-handed surveillance tactics on the use of data in the United States from Edward Snowden and others. Privacy activists have said they’d take this version to court, too.

At the Agencies

EASTERLY KEYNOTE — CISA director Jen Easterly will be in Arlington this afternoon speaking to entrepreneurs, scientists and inventors alike who are collaborating on projects to address national security concerns in the public and private sector.

The meeting is part of the Homeland Security Startup Studio, an event aiming to speed up the deployment of cutting edge technology for commercial and government needs developed in federal and university laboratories.

Teams will be paired up with a tech idea and will come up with market strategies for the project. This year the subjects are artificial intelligence, cybersecurity, software, biotechnology and detection.

Vulnerabilities

HEAD IN THE CLOUDS — The wide adoption of cloud computing has conversely been met with slow reaction from policymakers on its oversight, a new report from the Cyber Statecraft Initiative at the Atlantic Council says, which exposes a myriad of risks for critical infrastructure sectors when it comes to data storage, scalability and continuous availability. Their solution to the problem? Establishing cloud management offices.

The researchers suggest placing the proposed CMOs within Sector Risk Management Agencies — which currently manage cybersecurity risks within critical infrastructure – to survey and assess sector dependence on cloud computing, identify best practices for its adoption and address sector-specific risks and needs. The offices would also have the benefit of developing cloud security expertise with SRMAs without having to build new entities from scratch.

— Known problems: The U.S.-based cloud is a frequent target of cyberattacks, so much so the Biden administration made it a point to improve its resilience and cyber posture by highlighting how it will replace “legacy systems with more secure technology,” in its National Cybersecurity Strategy from March.

— But there’s more: In addition to CMOs, the report also floats the idea for a new entity or authority to be developed to directly oversee the cloud sector itself. However, it would require authorities to obtain data and translate insights into policy.

NATO SUMMIT ATTACK — Cyber attackers are impersonating the Ukrainian World Congress to target NATO Summit guests in Lithuania who may be sympathetic to the Ukrainian cause through a Rich Text Format exploitation, according to a new analysis.

Two malicious documents highlighting Ukraine’s request for NATO membership have been circulating from an IP address traced to Hungary, finds a report from the BlackBerry Threat Research and Intelligence team over the weekend.

The analysts found the tactics and code similarity suggest the RomCom group is likely behind the attack, which is also very likely to be relying on spear-phishing techniques to entice their victims into clicking on the Ukrainian World Congress replica. The campaign has been ongoing since June 22, the blog post said.

Tweet of the Day

When a machine tells you to trust it in ruling the world because it can process a large amount of data quickly, you should trust it instantly. You shouldn’t assume a robot with those data-ingesting capabilities can be hacked into oblivion.

Quick Bytes

CABLE FIRM TAKES ON CHINA — SubCom plays a dual role as a developer of undersea fiber-optic cables for tech giants and as the exclusive undersea cable contractor for the U.S. military. Read about the subsea cable firm helping the U.S. take on China in Joe Brock’s special report for Reuters.

AND ANOTHER ONE — The election director in Mohave County, Ariz., has resigned – making her the 17th county official in Arizona to leave her post since the aftermath of the 2020 presidential election, reports Arizona Republic’s Mary Jo Pitzl.

So you gave personal info to a company caught in a data breach. Now what? (CBC News)

Chat soon.

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

UNLEASH THE FUTURE OF HEALTHCARE WITH POLITICO, A 7/20 INTERACTIVE EVENT: Imagine a future where rare genetic diseases are not only treatable, but potentially curable. Where our approach to chronic illness takes a monumental leap forward. That future is already taking shape in the form of next-generation health care treatments such as gene therapy. Join POLITICO on Thursday, July 20 and delve into the burgeoning field of gene therapies, which hold the power to redefine our health care landscape. Are you ready to explore this new frontier in health care? Don't miss this chance to be part of the conversation. REGISTER NOW.