Latest news with #InsiktGroup
Miami Herald
11 hours ago
- Business
- Miami Herald
China's spy agencies are investing heavily in AI, researchers say
WASHINGTON -- Chinese spy services have invested heavily in artificial intelligence to create new tools to speed analysis, provide early warning of threats and potentially help shape operational plans during a war, according to a new report. China, like the United States, hopes that artificial intelligence will improve the efficiency and accuracy of its intelligence analysis, allowing it to collect more intelligence and analyze it faster and more cheaply. The study, by Recorded Future's Insikt Group, which studies cybersecurity and other threats from nation-states, terrorists and criminal groups, comes amid rising concern about how Chinese spy agencies will use AI to power covert actions, as Western intelligence services also embrace the technology. The researchers reviewed patent applications by the People's Liberation Army, publicly available contracts and other material to better understand how China's military and intelligence services have invested in artificial intelligence. Recorded Future found that China is probably using a mix of large language models, technology that can analyze huge amounts of data and communicate its results in human language. Meta and OpenAI are thought to be among the American models that China is using, along with Chinese models from DeepSeek, Zhipu AI and others. The CIA and other U.S. spy agencies have stepped up their use of artificial intelligence, both to improve analytic work and to help overseas operatives remain undiscovered. One tool developed by the CIA is designed to help analysts assess the positions of foreign leaders, creating virtual versions of the officials that are powered by artificial intelligence. Former U.S. intelligence officials have said China's large population has long given it a potential advantage over U.S. spy agencies, but artificial intelligence could even the playing field. Generative AI models can scan huge amounts of collected communications intelligence and queue the most interesting information for human analysts to examine. Some U.S. officials said China's investment in artificial intelligence was of little surprise, given its potential to improve analytic assessments. But the Recorded Future report found specific examples of how China could be using large language models and generative AI to not just improve its intelligence analysis, but also help military commanders improve targeting and operational plans. In October, Ordnance Science and Research Academy of China filed a patent application to use various forms of intelligence to train a military model. The application talks about the ways the model could be used, such as by crafting operational plans and helping battlefield intelligence analysts analyze friendly and enemy forces, according to Zoe Haver, the author of the study and a senior threat intelligence analyst at the Insikt Group. 'This was very broad-ranging and intended to be applicable across the intelligence cycle,' Haver said. Over the past two years, China has tightened control over information about what its military and intelligence agencies have obtained. So while Recorded Future was often able to see the military's procurement of generative AI models and servers, it was not always clear how the technology would be used. But some Chinese contractors appeared to have grand ambitions. China's military and intelligence agencies appear to have quickly pivoted from open source and Western AI to DeepSeek, which unveiled a model rivaling OpenAI's model, ChatGPT, the day after Christmas. Global interest in DeepSeek's model exploded in January. By the end of February, military procurement records appeared showing Chinese companies quickly taking up DeepSeek's technology. At the same time, American firms have cracked down on China's use of their models. This month, OpenAI reported that it had disrupted several operations most likely originating in China that had tried to use its artificial intelligence tools in malicious ways. The operations were a combination of influence campaigns and surveillance, according to OpenAI. One of them tried to use ChatGPT to generate comments on social media sites about the dismantling of the U.S. Agency for International Development. To train a model to provide meaningful insight on intelligence, a government needs to give it access to its intelligence data, which can be difficult while still keeping classified material secure. Chinese intelligence products are often infused with the ideology of the ruling Communist Party. Haver said a model trained on such reports would produce intelligence biased in the same way. But whether the Chinese government sees that as a problem is another question. 'Some Chinese public security researchers are talking about ChatGPT being used for intelligence,' Haver said. 'And they are worried about how objectivity, neutrality, neoliberalism and capitalistic values could infiltrate Chinese intelligence work if they use foreign models.' This article originally appeared in The New York Times. Copyright 2025
Yahoo
17-02-2025
- Yahoo
China-backed hackers continue cyberattacks on telecom companies
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Salt Typhoon's hacking spree has continued this year as the China-backed threat group recently compromised five more telecom providers across the globe, including two U.S.-based companies. According to research from Recorded Future's Insikt Group published Thursday, Salt Typhoon (which Recorded Future calls "RedMike") conducted a campaign between December 2024 and January 2025 that targeted unpatched Cisco edge devices. Insikt Group researchers observed the threat group attempting to compromise more than 1,000 such devices across the globe in the two-month span. Specifically, Salt Typhoon for initial access to its targets exploited CVE-2023-20198, a privilege escalation vulnerability in the web user interface of Cisco IOS XE software, and weaponized CVE-2023-20273, a related privilege escalation flaw, to gain root access. Both vulnerabilities were disclosed in October 2023 as zero-day flaws that, at the time, were under widespread exploitation and had compromised thousands of devices. Insikt Group researchers discovered infiltrated Cisco devices at five organizations, including a U.S. telecom and internet service provider and a U.S.-based affiliate of a British telecom provider. Researchers also observed Salt Typhoon targeting Cisco devices at universities across the globe, including UCLA, Loyola Marymount University, Utah Tech University and California State University. "RedMike possibly targeted these universities to access research in areas related to telecommunications, engineering, and technology, particularly at institutions like UCLA and TU Delft," the report said. Insikt Group found that more than half of the targeted Cisco devices were located in the U.S., South America and India, and also identified more than 12,000 Cisco devices that had web user interfaces exposed to the internet. The researchers warned that state-sponsored Chinese threat groups have "shifted heavily" toward exploiting vulnerable, public-facing network devices over the last five years. Jon Condra, senior director of strategic intelligence at Recorded Future, told Cybersecurity Dive that the five telecommunications providers described in the report are the only cases where researchers were able to confirm successful exploitation of the Cisco flaws. However, Recorded Future could not rule out that additional devices and organizations had been compromised, he noted. Additionally, Condra said Insikt Group researchers were not surprised that some organizations still hadn't mitigated the Cisco zero-day vulnerabilities more than a year after they were first disclosed. 'Patch management and deployment, especially in large enterprises with tens of thousands of workstations and supporting network devices, is a challenging problem,' he said via email. 'Effective and safe patch deployment involves testing and validation, planning downtime (which can be very expensive and disruptive for employees and customers alike), and adjusting workflows or automations that the patch may unexpectedly break.' Cisco, meanwhile, issued a statement to Cybersecurity Dive that included a link to the company's 2023 security advisory for the two zero-day vulnerabilities. 'We are aware of new reports that claim Salt Typhoon threat actors are exploiting two known vulnerabilities in Cisco devices relating to IOS XE. To date, we have not been able to validate these claims but continue to review available data,' the spokesperson said. 'In 2023, we issued a security advisory disclosing these vulnerabilities along with guidance for customers to urgently apply the available software fix. We strongly advise customers to patch known vulnerabilities that have been disclosed and follow industry best practices for securing management protocols." Recorded Future recommended that organizations prioritize patching vulnerabilities in such devices and monitor for configuration changes. Additionally, researchers urged users to avoid exposing administration interfaces and nonessential services for public-facing devices on the internet. This latest campaign follows Salt Typhoon's high-profile breaches of several major U.S. telecom companies last year, including AT&T, Verizon, T-Mobile and Lumen Technologies. Threat actors obtained the private communications of targeted political figures and government officials and accessed data related to law enforcement requests. The attacks caused alarm within both the U.S. government and the technology sector as the telecom providers scrambled to investigate the breaches and ensure that Salt Typhoon actors were completely removed from their networks. "Despite significant media coverage and US sanctions, Insikt Group expects RedMike to continue targeting telecommunications providers in the US and globally due to the amount and high value of communications data that traverses these networks," the report said. "This is highlighted by RedMike's previous targeting of US lawful intercept operations and the communications of significant US political figures via these intrusions." Editor's Note: This story has been updated with comments from Recorded Future and Cisco. Sign in to access your portfolio
