Welcome to Edition 6.36 of the Rocket Report! SpaceX wants to launch the next Starship test flight as soon as early May, the company’s president and chief operating officer said this week. The third Starship test flight last week went well enough that the Federal Aviation Administration—yes, the FAA, the target of many SpaceX fans’ frustrations—anticipates a simpler investigation and launch licensing process than SpaceX went through before its previous Starship flights. However, it looks like we’ll have to wait a little longer for Starship to start launching real satellites.

As always, we welcome reader submissions, and if you don’t want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets, as well as a quick look ahead at the next three launches on the calendar.

Starship could threaten small launch providers. Officials from several companies operating or developing small satellite launch vehicles are worried that SpaceX’s giant Starship rocket could have a big impact on their marketability, Space News reports. Starship’s ability to haul more than 100 metric tons of payload mass into low-Earth orbit will be attractive not just for customers with heavy satellites but also for those with smaller spacecraft. Aggregating numerous smallsats on Starship will mean lower prices than dedicated small satellite launch companies can offer and could encourage customers to build larger satellites with cheaper parts, further eroding business opportunities for small launch providers.

Well, yeah … SpaceX’s dedicated rideshare missions are already reshaping the small satellite launch market. The price per kilogram of payload on a Falcon 9 rocket launching a Transporter mission is less than the price per unit on a smaller rocket, like Rocket Lab’s Electron, Firefly’s Alpha, or Europe’s Vega. Companies operating only in the smallsat launch market tout the benefits of their services, often pointing to their ability to deliver payloads into bespoke orbits, rather than dropping off bunches of satellites into more standardized orbits. But the introduction of Orbital Transfer Vehicles for last-mile delivery services has made SpaceX’s Transporter missions, and potentially Starship rideshares, more attractive. “With Starship, OTVs can become the best option for smallsats,” said Marino Fragnito, senior vice president and head of the Vega business unit at Arianespace. If Starship is able to achieve the very low per-kilogram launch prices proposed for it, “then it will be difficult for small launch vehicles,” Fragnito said.

Rocket Lab launches again from Virginia. Rocket Lab’s fourth launch from Wallops Island, Virginia, and the company’s first there in nine months, took off early Thursday with a classified payload for the National Reconnaissance Office, the US government’s spy satellite agency, Space News reports. A two-stage Electron rocket placed the NRO’s payload into low-Earth orbit, and officials declared it a successful mission. The NRO did not disclose any details about the payload, but in a post-launch statement, the agency suggested the mission was conducting technology demonstrations of some kind. “The knowledge gained from this research will advance innovation and enable the development of critical new technology,” said Chris Scolose, director of the NRO.

A steady customer for Rocket Lab … The National Reconnaissance Office has become a regular customer of Rocket Lab. The NRO has historically launched larger spacecraft, such as massive bus-sized spy satellites, but like the Space Force, is beginning to launch larger numbers of small satellites. This mission, designated NROL-123 by the NRO, was the fifth and last mission under a Rapid Acquisition of a Small Rocket (RASR) contract between NRO and Rocket Lab, dating back to 2020. It was also Rocket Lab’s second launch in nine days, following an Electron flight last week from its primary base in New Zealand. Overall, it was the 46th launch of a light-class Electron rocket since it debuted in 2017. Rocket Lab is building a launch pad for its next-generation Neutron rocket at Wallops. (submitted by EllPeaTea)

Night flight for Astrobotic’s Xodiac. The Xodiac rocket, a small terrestrial vertical takeoff and vertical landing technology testbed, made its first night flight, Astrobotic says in a statement. The liquid-fueled Xodiac is designed for vertical hops and can host prototype sensors and other payloads, particularly instruments in development to assist in precision landings on other worlds. This first tethered night flight of Xodiac in Mojave, California, was in preparation for upcoming flight testing with the NASA TechLeap Prize’s Nighttime Precision Landing Challenge. These flights will begin in April, allowing NASA to test the ability of sensors to map a landing field designed to simulate the Moon’s surface in near-total darkness.

Building on the legacy of Masten … Xodiac has completed more than 160 successful flights, dating back to the vehicle’s original owner, Masten Space Systems. Masten filed for bankruptcy in 2022, and the company was acquired by Astrobotic a couple of months later. Astrobotic’s primary business area is in developing and flying robotic Moon landers, so it has a keen interest in mastering automated landing and navigation technologies like those it is testing with NASA on Xodiac. David Masten, founder of Masten Space Systems, is now chief engineer for Astrobotic’s propulsion and test department. “The teams will demonstrate their systems over the LSPG (Lunar Surface Proving Ground) at night to simulate landing on the Moon during the lunar night or in shadowed craters.” (submitted by Ken the Bin)

https://arstechnica.com/?p=2012042

On Wednesday, authorities arrested former Google software engineer Linwei Ding in Newark, California, on charges of stealing AI trade secrets from the company. The US Department of Justice alleges that Ding, a Chinese national, committed the theft while secretly working with two China-based companies.

According to the indictment, Ding, who was hired by Google in 2019 and had access to confidential information about the company’s data centers, began uploading hundreds of files into a personal Google Cloud account two years ago.

The trade secrets Ding allegedly copied contained “detailed information about the architecture and functionality of GPU and TPU chips and systems, the software that allows the chips to communicate and execute tasks, and the software that orchestrates thousands of chips into a supercomputer capable of executing at the cutting edge of machine learning and AI technology,” according to the indictment.

Shortly after the alleged theft began, Ding was offered the position of chief technology officer at an early-stage technology company in China that touted its use of AI technology. The company offered him a monthly salary of about $14,800, plus an annual bonus and company stock. Ding reportedly traveled to China, participated in investor meetings, and sought to raise capital for the company.

Investigators reviewed surveillance camera footage that showed another employee scanning Ding’s name badge at the entrance of the building where Ding worked at Google, making him look like he was working from his office when he was actually traveling.

Ding also founded and served as the chief executive of a separate China-based startup company that aspired to train “large AI models powered by supercomputing chips,” according to the indictment. Prosecutors say Ding did not disclose either affiliation to Google, which described him as a junior employee. He resigned from Google on December 26 of last year.

The FBI served a search warrant at Ding’s home in January, seizing his electronic devices and later executing an additional warrant for the contents of his personal accounts. Authorities found more than 500 unique files of confidential information that Ding allegedly stole from Google. The indictment says that Ding copied the files into the Apple Notes application on his Google-issued Apple MacBook, then converted the Apple Notes into PDF files and uploaded them to an external account to evade detection.

“We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets,” Google spokesperson José Castañeda told Ars Technica. “After an investigation, we found that this employee stole numerous documents, and we quickly referred the case to law enforcement. We are grateful to the FBI for helping protect our information and will continue cooperating with them closely.”

Attorney General Merrick Garland announced the case against the 38-year-old at an American Bar Association conference in San Francisco. Ding faces four counts of federal trade secret theft, each carrying a potential sentence of up to 10 years in prison.

https://arstechnica.com/?p=2008627

More than 1,000 Ubiquiti routers in homes and small businesses were infected with malware used by Russian-backed agents to coordinate them into a botnet for crime and spy operations, according to the Justice Department.

That malware, which worked as a botnet for the Russian hacking group Fancy Bear, was removed in January 2024 under a secret court order as part of “Operation Dying Ember,” according to the FBI’s director. It affected routers running Ubiquiti’s EdgeOS, but only those that had not changed their default administrative password. Access to the routers allowed the hacking group to “conceal and otherwise enable a variety of crimes,” the DOJ claims, including spearphishing and credential harvesting in the US and abroad.

Unlike previous attacks by Fancy Bear—that the DOJ ties to GRU Military Unit 26165, which is also known as APT 28, Sofacy Group, and Sednit, among other monikers—the Ubiquiti intrusion relied on a known malware, Moobot. Once infected by “Non-GRU cybercriminals,” GRU agents installed “bespoke scripts and files” to connect and repurpose the devices, according to the DOJ.

The DOJ also used the Moobot malware to copy and delete the botnet files and data, according to the DOJ, and then changed the routers’ firewall rules to block remote management access. During the court-sanctioned intrusion, the DOJ “enabled temporary collection of non-content routing information” that would “expose GRU attempts to thwart the operation.” This did not “impact the routers’ normal functionality or collect legitimate user content information,” the DOJ claims.

“For the second time in two months, we’ve disrupted state-sponsored hackers from launching cyber-attacks behind the cover of compromised US routers,” said Deputy Attorney General Lisa Monaco in a press release.

The DOJ states it will notify affected customers to ask them to perform a factory reset, install the latest firmware, and change their default administrative password.

Christopher A. Wray, director of the FBI, expanded on the Fancy Bear operation and international hacking threats generally at the ongoing Munich Security Conference. Russia has recently targeted underwater cables and industrial control systems worldwide, Wray said, according to a New York Times report. And since its invasion of Ukraine, Russia has focused on the US energy sector, Wray said.

The past year has been an active time for attacks on routers and other network infrastructure. TP-Link routers were found infected in May 2023 with malware from a reportedly Chinese-backed group. In September, modified firmware in Cisco routers was discovered as part of a Chinese-backed intrusion into multinational companies, according to US and Japanese authorities. Malware said by the DOJ to be tied to the Chinese government was removed from SOHO routers by the FBI last month in similar fashion to the most recently revealed operation, targeting Cisco and Netgear devices that had mostly reached their end of life and were no longer receiving security patches.

In each case, the routers provided a highly valuable service to the groups; that service was secondary to whatever primary aims later attacks might have. By nesting inside the routers, hackers could send commands from their overseas locations but have the traffic appear to be coming from a far more safe-looking location inside the target country or even inside a company.

Similar inside-the-house access has been sought by international attackers through VPN products, as in the three different Ivanti vulnerabilities discovered recently.

https://arstechnica.com/?p=2003936

Welcome to Edition 6.25 of the Rocket Report! We hope all our readers had a peaceful holiday break. While many of us were enjoying time off work, launch companies like SpaceX kept up the pace until the final days of 2023. Last year saw a record level of global launch activity, with 223 orbital launch attempts and 212 rockets successfully reaching orbit. Nearly half of these missions were by SpaceX.

As always, we welcome reader submissions, and if you don’t want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets, as well as a quick look ahead at the next three launches on the calendar.

Firefly’s fourth launch puts payload in wrong orbit. The fourth flight of Firefly Aerospace’s Alpha rocket on December 22 placed a small Lockheed Martin technology demonstration satellite into a lower-than-planned orbit after lifting off from Vandenberg Space Force Base, California. US military tracking data indicated the Alpha rocket released its payload into an elliptical orbit ranging between 215 and 523 kilometers in altitude, not the mission’s intended circular target orbit. Firefly later confirmed the Alpha rocket’s second stage, which was supposed to reignite about 50 minutes after liftoff, did not deliver Lockheed Martin’s satellite into the proper orbit. This satellite, nicknamed Tantrum, was designed to test Lockheed Martin’s new wideband Electronically Steerable Antenna technology to demonstrate faster on-orbit sensor calibration to deliver rapid capabilities to US military forces.

Throwing a tantrum? … This was the third time in four flights that Firefly’s commercial Alpha rocket, designed to loft payloads up to a metric ton in mass, has not reached its orbital target. The first test flight in 2021 suffered an engine failure on the first stage before losing control shortly after liftoff. The second Alpha launch in 2022 deployed its satellites into a lower-than-planned orbit, leaving them unable to complete their missions. In September, Firefly launched a small US military satellite on a responsive launch demonstration. Firefly and the US Space Force declared that mission fully successful. Atmospheric drag will likely pull Lockheed Martin’s payload back into Earth’s atmosphere for a destructive reentry in a matter of weeks. The good news is ground teams are in contact with the satellite, so there could be a chance to complete at least some of the mission’s objectives. (submitted by Ken the Bin)

Australian startup nears first launch. The first locally made rocket to be launched into space from Australian soil is scheduled for liftoff from a commercial facility in Queensland early next year, the Australian Broadcasting Corporation reports. A company named Gilmour Space says it hopes to launch its first orbital-class Eris rocket in March, pending final approval from Australian regulatory authorities. This would be the first Australian-built orbital rocket, although a US-made rocket launched Australia’s first satellite from a military base in South Australia in 1967. The UK’s Black Arrow rocket also launched a satellite from the same remote Australian military base in 1971.

Getting to know Eris … The three-stage Eris rocket stands 25 meters (82 feet) tall with the ability to deliver up to 300 kilograms (660 pounds) of payload into low-Earth orbit, according to Gilmour Space. The company says the Eris rocket will be powered by Gilmour’s “new and proprietary hybrid rocket engine.” These kinds of propulsion systems use a solid fuel and a liquid oxidizer. We’ll be watching to see if Gilmour shares more tangible news about the progress toward the first Eris launch in March. In late 2022, the company targeted April 2023 for the first Eris flight, so this program has a history of delays. (submitted by Marzipan and Onychomys)

A commander’s lament on the loss of a historic SpaceX booster. The Falcon 9 rocket that launched NASA astronauts Doug Hurley and Bob Behnken on SpaceX’s first crew mission in 2020 launched and landed for the 19th and final time just before Christmas, then tipped over on its recovery ship during the trip back to Cape Canaveral, Florida, Ars reports. This particular booster, known by the tail number B1058, was special among SpaceX’s fleet of reusable rockets. It was the fleet leader, having tallied 19 missions over the course of more than three-and-a-half years. More importantly, it was the rocket that thundered into space on May 30, 2020, on a flight that made history.

A museum piece? … The lower third of the booster was still on the deck of SpaceX’s recovery ship as it sailed into Port Canaveral on December 26. This portion of the rocket contains the nine Merlin engines and landing legs, some of which appeared mangled after the booster tipped over in high winds and waves. Hurley, who commanded SpaceX’s Crew Dragon spacecraft on the booster’s historic first flight in 2020, said he hopes to see the remaining parts of the rocket in a museum. “Hopefully they can do something because this is a little bit of an inauspicious way to end its flying career, with half of it down at the bottom of the Atlantic Ocean,” said Hurley.

SpaceX opens 2024 campaign with a new kind of Starlink satellite. SpaceX has launched the first six Starlink satellites that will provide cellular transmissions for customers of T-Mobile and other carriers, Ars reports. A Falcon 9 rocket launched from California on January 2 carried 21 Starlink satellites overall, including the first six Starlinks with Direct to Cell capabilities. SpaceX says these satellites, and thousands of others to follow, will “enable mobile network operators around the world to provide seamless global access to texting, calling, and browsing wherever you may be on land, lakes, or coastal waters without changing hardware or firmware.” T-Mobile said that field testing of Starlink satellites with the T-Mobile network will begin soon. “The enhanced Starlink satellites have an advanced modem that acts as a cellphone tower in space, eliminating dead zones with network integration similar to a standard roaming partner,” SpaceX said.

Two of 144 … SpaceX followed this launch with another Falcon 9 flight from Florida on January 3 carrying a Swedish telecommunications satellite. These were the company’s first two missions of 2024, a year when SpaceX officials aim to launch up to 144 rockets, an average of 12 per month, exceeding the 98 rockets it launched in 2023. A big focus of SpaceX’s 2024 launch manifest will be delivering these Starlink Direct to Cell satellites into orbit. (submitted by Ken the Bin)

Chinese booster lands near homes. China added a new pair of satellites to its Beidou positioning and navigation system on December 25, but spent stages from the launch landed within inhabited areas, Space News reports. Meanwhile, a pair of the side boosters from the Long March 3B rocket used for the launch appeared to fall to the ground near inhabited areas in Guangxi region, downrange of the Xichang spaceport in Sichuan province, according to apparent bystander footage on Chinese social media. One video shows a booster falling within a forested area and exploding, while another shows a falling booster and later, wreckage next to a home.

Life downrange … Chinese government authorities reportedly issue warnings and evacuation notices for citizens living in regions where spent rocket boosters are likely to fall after launch, but these videos clearly show people are still close by as the rockets fall from the sky. We’ve seen this kind of imagery before, including views of a rocket that crashed into a rural building in 2019. What’s more, the rockets return to Earth with leftover toxic propellants—hydrazine and nitrogen tetroxide—that could be deadly to breathe or touch. Clouds of brownish-orange gas are visible around the rocket wreckage, an indication of the presence of nitrogen tetroxide. China built its three Cold War-era spaceports in interior regions to protect them from possible military attacks, while its newest launch site is at a coastal location on Hainan Island, allowing rockets launched there to drop boosters into the sea. (submitted by Ken the Bin and EllPeaTea)

Launch date set for next H3 test flight. The second flight of Japan’s new flagship H3 rocket is scheduled for February 14 (US time; February 15 in Japan), the Japan Aerospace Exploration Agency announced on December 28. This will come nearly one year after the first H3 test flight failed to reach orbit last March when the rocket’s second stage failed to ignite a few minutes after liftoff. This failure destroyed a pricey Japanese Earth observation satellite and dealt a setback to Japan’s rocket program. The H3 is designed to be cheaper and more capable than the H-IIA and H-IIB rockets it will replace. Eventually, the H3 will launch Japan’s scientific research probes, spy satellites, and commercial payloads.

Fixes since the first flight … Engineers narrowed the likely cause for the first H3 launch failure to an electrical issue, although Japanese officials have not provided an update on the investigation for several months. In August, Japan’s space agency said investigators had narrowed the cause of the H3’s second-stage malfunction to three possible failure scenarios. Nevertheless, officials are apparently satisfied the H3 is ready to fly again. But this time, there won’t be an expensive satellite aboard. A dummy payload will fly inside the H3 rocket’s nose cone, along with two relatively low-cost small satellites hitching a piggyback ride to orbit. (submitted by Ken the Bin and EllPeaTea)

India’s PSLV launches first space mission of 2024. The first orbital launch of the new year, as measured in the globally recognized Coordinated Universal Time, or UTC, was the flight of an Indian Polar Satellite Launch Vehicle (PSLV) on January 1 (December 31 in the United States). This launch deployed an X-ray astronomy satellite named XPoSat, which will measure X-ray emissions from black holes, neutron stars, active galactic nuclei, and pulsars. This is India’s first X-ray astronomy satellite, and its launch is another sign of India’s ascendence among the world’s space powers. India has some of the world’s most reliable launch vehicles, is developing a human-rated capsule to carry astronauts into orbit, and landed its first robotic mission on the Moon last year.

Going lower … After releasing the XPoSat payload, the PSLV’s fourth stage lowered its orbit to begin an extended mission hosting 10 scientific and technology demonstration experiments. These payloads will test new radiation shielding technologies, green propulsion, and fuel cells in orbit, according to the Indian Space Research Organization. On missions with excess payload capacity, India has started offering researchers and commercial companies the opportunity to fly experiments on the PSLV fourth stage, which has its own solar power source to essentially turn itself from a rocket into a satellite platform. (submitted by EllPeaTea and Ken the Bin)

Mixed crews will continue flying to the International Space Station. NASA and the Russian space agency, Roscosmos, will extend an agreement on flying each other’s crew members to the International Space Station through 2025, Interfax reports. This means SpaceX’s Crew Dragon spacecraft and Boeing’s Starliner capsule, once operational, will continue transporting Russian cosmonauts to and from the space station, as several recent SpaceX crew missions have done. In exchange, Russia will continue flying US astronauts on Soyuz missions.

There’s a good reason for this… Despite poor relations on Earth, the US and Russian governments continue to be partners on the ISS. While NASA no longer has to pay for seats on Soyuz spacecraft, the US space agency still wants to fly its astronauts on Soyuz to protect against the potential for a failure or lengthy delay with a SpaceX or Boeing crew mission. Such an event could lead to a situation where the space station has no US astronauts aboard. Likewise, Roscosmos benefits from this arrangement to ensure there’s always a Russian on the space station, even in the event of a problem with Soyuz. (submitted by Ken the Bin)

SpaceX sets new records to close out 2023. SpaceX launched two rockets, three hours apart, to wrap up a record-setting 2023 launch campaign, Ars reports. On December 28, SpaceX launched a Falcon Heavy rocket from NASA’s Kennedy Space Center in Florida with the US military’s super-secret X-37B spaceplane. Less than three hours later, a Falcon 9 rocket took off a few miles to the south with another batch of Starlink Internet satellites. These were SpaceX’s final launches of 2023. SpaceX ended the year with 98 flights, including 91 Falcon 9s, five Falcon Heavy rockets, and two test launches of the giant new Super Heavy-Starship rocket. These flights were spread across four launch pads in Florida, California, and Texas. It was also the shortest turnaround between two SpaceX flights in the company’s history, and set a modern-era record at Cape Canaveral, Florida, with the shortest span between two orbital-class launches there since 1966.

Where’s the X-37B?… The military’s reusable X-37B spaceplane that launched on the Falcon Heavy rocket apparently headed into an unusually high orbit, much higher than the spaceplane program’s previous six flights. But the military kept the exact orbit a secret, and amateur skywatchers will be closely watching for signs of the spaceplane passing overhead in hopes of estimating its apogee, perigee, and inclination. What the spaceplane is doing is also largely a mystery. The X-37B resembles a miniature version of NASA’s retired space shuttle orbiter, with wings, deployable landing gear, and black thermal protection tiles to shield its belly from the scorching heat of reentry.

Elon Musk says SpaceX needs to built a lot of Starships. Even with reusability, SpaceX will need to build Starships as often as Boeing builds 737 jetliners in order to realize Elon Musk’s ambition for a Mars settlement, Ars reports. “To achieve Mars colonization in roughly three decades, we need ship production to be 100/year, but ideally rising to 300/year,” Musk wrote on his social media platform X. SpaceX still aims to make the Starship and its Super Heavy booster rapidly reusable. The crux is that the ship, the part that would travel into orbit, and eventually to the Moon or Mars, won’t be reused as often as the booster. These ships will come in a number of different configurations, including crew and cargo transports, refueling ships, fuel depots, and satellite deployers.

Laws of physics… The first stage of the giant launch vehicle, named Super Heavy, is designed to return to SpaceX’s launch sites about six minutes after liftoff, similar to the way SpaceX recovers its Falcon boosters today. Theoretically, Musk wrote, the booster could be ready for another flight in an hour. With the Starship itself, the laws of physics and the realities of geography come into play. As an object flies in low-Earth orbit, the Earth rotates underneath it. This means that a satellite, or Starship, will find itself offset some 22.5 degrees in longitude from its launch site after a single 90-minute orbit around the planet. It could take several hours, or up to a day, for a Starship in low-Earth orbit to line up with one of the recovery sites. “The ship needs to complete at least one orbit, but often several to have the ground track line back up with the launch site, so reuse may only be daily,” Musk wrote. “This means that ship production needs to be roughly an order of magnitude higher than booster production.”

Next three launches

January 5: Kuaizhou 1A | Unknown Payload | Jiuquan Satellite Launch Center, China | 11:20 UTC

January 7: Falcon 9 | Starlink 6-35 | Cape Canaveral Space Force Station, Florida | 21:00 UTC

January 8: Falcon 9 | Starlink 7-10 | Vandenberg Space Force Base, California | 05:00 UTC

https://arstechnica.com/?p=1993810

Australia’s cooperation with the United States and Britain to develop an Australian fleet of submarines powered by U.S. nuclear technology is a likely target of state-sponsored cyberespionage, the nation’s digital spy agency said on Wednesday.

The Australian Signals Directorate reported a 23% increase in cybercrimes in the country and a 14% increase in the average cost of each crime in its latest annual online threat assessment for the fiscal year that ended on June 30.

The report highlights China’s role in backing a group of hackers, known as Volt Typhoon, that targeted U.S. critical infrastructure including military facilities on Guam. It warns that the same techniques could be used against Australian infrastructure as part of information-gathering or disruptive activities.

Potential targets include the AUKUS agreement — an acronym for Australia, the United Kingdom and the United States — under which the U.S. will share its nuclear submarine technology secrets.

“The AUKUS partnership, with its focus on nuclear submarines and other advanced military capabilities, is likely a target for state actors looking to steal intellectual property for their own military programs,” the report said.

“Cyber operations are increasingly the preferred vector for state actors to conduct espionage and foreign interference,” it added.

Defense Minister Richard Marles said state online actors’ increased interest in Australian infrastructure, including the submarine program, demonstrated the need for greater investment in the nation’s cyberdefense capabilities.

Marles said the government would double the Australian Signals Directorate’s online capacity, investing 10 billion Australian dollars ($6.5 billion) over a decade.

Security analysts say China is the biggest state actor in cybercrime in Australia, followed by Russia and then Iran.

Mike Burgess, director-general of the Australian Security Intelligence Organisation, the nation’s main domestic spy agency, said last month that Beijing was “engaged in the most sustained, sophisticated and scaled theft of intellectual property and expertise in human history.”

The new report on Australia’s growing online threats comes as Australia improves relations with China. Prime Minister Anthony Albanese this month became the first Australian leader in seven years to visit China.

Marles described Australia’s relationship with China as “complex.”

“We’ve never pretended that this relationship is easy. We value, clearly, a productive relationship with China. They’re our largest trading partner, so it’s right to be investing in that relationship,” Marles told Australian Broadcasting Corp.

“But China has been a source of security anxiety for our country and we prepare for that as well,” Marles added.

Related: Mandiant Intelligence Chief Warns of Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure

Related: Microsoft Says Chinese .Gov Hackers Targeting US Critical Infrastructure

https://www.securityweek.com/state-sponsored-online-spies-likely-to-target-australian-submarine-program-spy-agency-says/

Lawmakers apparently balked after learning that Apple canceled the critically acclaimed weekly streaming talk show, The Problem with Jon Stewart, last month—reportedly over issues with the show’s planned programming related to both China and artificial intelligence.

In a letter to Apple CEO Tim Cook, the Republican and Democratic leaders of the House of Representatives’ Select Committee on Competition with the Chinese Communist Party urged Apple to explain its decision to end production of The Problem with Jon Stewart and “accelerate its efforts to reduce its dependence on” China. These steps, lawmakers wrote, are critical to help address “broader concerns about indirect Chinese Communist Party (CCP) influence over the creative expression of American artists and companies on CCP-related topics.”

While lawmakers acknowledged that Apple has “the right to determine what content is appropriate for their streaming service,” they argued that “the coercive tactics of a foreign power should not be directly or indirectly influencing these determinations.”

According to lawmakers, “previous incidents involving production companies other than Apple” have shown that “fear” of the CCP’s retaliation—as well as the “lure” of China’s market and financing opportunities—”have significantly chilled the creation of American content that could be perceived as critical of the CCP.”

On top of requesting that Apple provide a briefing on its decision to cancel Stewart’s show by December 15, they also want Apple to explain matters regarding its dependency on China. Lawmakers wrote that Cook’s “recent trip to Beijing” makes it appear as if “maintaining a positive relationship with the CCP may be a priority given ongoing supply chain and financial dependencies.”

“We support the ability of artists, writers, studios, and streaming services alike to create content without fear of potential CCP retaliation and punishment,” lawmakers wrote. “We similarly encourage American technology companies to diversify their supply chains, reduce their potential susceptibility to CCP pressure, and decrease their overall dependence on” China.

According to Reuters, the letter was released on Wednesday before a dinner where “top US business leaders” will be dining with Chinese President Xi Jinping in San Francisco, as Xi “seeks to court American companies and counter his country’s recent struggles to entice foreign investment.” That dinner follows a summit between President Joe Biden and Xi, where the leaders reportedly hoped to ease tensions and restore military communications between the two countries.

“I think it’s paramount that you and I understand each other clearly, leader to leader, with no misconceptions or miscommunication,” Biden told Xi as their talks kicked off, CNN reported.

“Planet Earth is big enough for the two countries to succeed,” Xi told Biden.

One of Biden’s goals with the summit is to ensure that competition between the US and China does not boil over into conflict. That is the primary focus of the House’s Select Committee on Competition with the Chinese Communist Party, and in the lawmakers’ letter to Cook, they said that “potential decisions to not renew shows, or not produce a film or show in the first place, due to anticipated CCP objections to particular content deny US viewers and global audiences access to important information” about China that “reflects a broader variety of perspectives” and “speaks to an important geopolitical challenge of our time.”

As China seemingly seeks to deepen financial ties with US companies, the committee’s letter pointed out that Apple’s reliance on China as a market and manufacturing hub may be a prime example of what could be an increasingly common situation that “may raise concerns over the impacts of the CCP’s coercive tactics.” Lawmakers noted that if a major star like Jon Stewart can be censored, there can be little hope for “an aspiring comedian who wants to use satire to make broader points about human rights and authoritarianism.”

Last month, a person familiar with the matter told The New York Times that Stewart told his staff that the cancellation came after “potential show topics related to China and artificial intelligence were causing concern among Apple executives.” Sources told The Hollywood Reporter that Stewart felt “hamstrung” by Apple’s requests to be “aligned” regarding topics on the show.

Lawmakers confirmed that they would also reach out to Stewart to hear his side of the story.

To ensure that no Americans will be censored due to the tech giant’s ties to China, lawmakers now expect Apple to “publicly commit that content that could be perceived as critical of the CCP or [China] is welcome on Apple TV+ and other Apple services.”

Apple did not immediately respond to Ars’ request to comment.

https://arstechnica.com/?p=1984300

On Tuesday, chip designer Nvidia announced in an SEC filing that new US export restrictions on its high-end AI GPU chips to China are now in effect sooner than expected, according to a report from Reuters. The curbs were initially scheduled to take effect 30 days after their announcement on October 17 and are designed to prevent China, Iran, and Russia from acquiring advanced AI chips.

The banned chips are advanced graphics processing units (GPUs) that are commonly used for training and running deep learning AI applications similar to ChatGPT and AI image generators, among other uses. GPUs are well-suited for neural networks because their massively parallel architecture performs the necessary matrix multiplications involved in running neural networks faster than conventional processors.

The Biden administration initially announced an advanced AI chip export ban in September 2022, and in reaction, Nvidia designed and released new chips, the A800 and H800, to comply with those export rules for the Chinese market. In November 2022, Nvidia told The Verge that the A800 “meets the US Government’s clear test for reduced export control and cannot be programmed to exceed it.” However, the new curbs enacted Monday specifically halt the exports of these modified Nvidia AI chips. The Nvidia A100, H100, and L40S chips are also included in the export restrictions.

Nvidia mentioned in its Tuesday filing that it does not anticipate a near-term financial impact from the move. “Given the strength of demand for the Company’s products worldwide, the Company does not anticipate that the accelerated timing of the licensing requirements will have a near-term meaningful impact on its financial results,” it wrote.

Advanced Micro Devices (AMD), another company affected by these curbs, did not comment to Reuters on the matter. Intel, which started selling its Gaudi 2 chips in China in July, said it is “reviewing the regulations and assessing the potential impact.”

To help mitigate the effects of last year’s chip bans, the US Commerce Department has extended special authorizations for major foreign chip makers, such as SK Hynix, Samsung, and TSMC, to receive crucial US chipmaking tools for their plants in China. TSMC is now seeking permanent US authorization for its China operations through the “validated end-user” process, while South Korean giants Samsung and SK Hynix can indefinitely supply US chip equipment to their China plants without separate US approvals.

https://arstechnica.com/?p=1978300

Canada on Monday warned of a “Spamouflage” disinformation campaign linked to China that used waves of online posts and deepfake videos manipulated to try to disparage and discredit Canadian lawmakers.

The Global Affairs department said in a statement it had “detected a ‘Spamouflage’ campaign connected to the People’s Republic of China.”

The bot network, according to the government ministry, left thousands of messages on the social media accounts of dozens of members of parliament, including Prime Minister Justin Trudeau and opposition leader Pierre Poilievre, accusing them of criminal and ethical violations.

It started in early August and scaled up in September, it said, with the aim of “discrediting and denigrating the targeted MPs” and “silencing criticism of the CCP,” or Chinese Communist Party.

China’s foreign ministry on Tuesday rejected the allegations, saying Ottawa “confuses black with white and misleads public opinion.”

Canada’s allegations come after tech giant Meta said in an August security report it had purged thousands of Facebook and Instagram accounts that were part of the widespread online Chinese spam operation.

Active across more than 50 platforms and forums including Facebook, Instagram, TikTok, YouTube and X, formerly known as Twitter, a Meta executive said it was believed to be “the largest” and “most prolific covert influence operation” in the world.

The network typically posted praise for China and criticisms of the United States, Western foreign policies, and critics of the Chinese government including journalists and researchers, the Meta report said.

Other targets have included Taiwan, Australia, Britain, Japan and global Chinese-speaking audiences.

On Tuesday, China’s foreign ministry angrily rejected the latest
allegations.

“For some time now, the Canadian side has repeatedly claimed that China has spread disinformation targeting Canadian politicians, but they have never offered any proof,” said spokesperson Mao Ning.

“Canada is the one creating and spreading disinformation,” she added.

“China urges Canada to respect facts and truth, stop spreading lies about China, and stop poisoning the atmosphere of bilateral relations and damaging our ties with its words and deeds.”

Relations between Ottawa and Beijing hit a low this year following accusations of Chinese meddling in Canadian elections and the attempted intimidation of MPs that led to the expulsion of a Chinese diplomat in May.

https://www.securityweek.com/canada-lawmakers-targeted-by-china-linked-spamouflage-disinformation/

Zhang Hongliang, a former restaurant manager in central China, took various gigs in and outside China to support his family after losing his job during the COVID-19 pandemic.

In March, a job offer to teach Chinese cooking at a restaurant led him into a cyber scam compound in Myanmar, where he was instead ordered to lure Chinese into giving up their savings for fake investment schemes via social media platforms.

Zhang is one of tens of thousands of people, mostly but not all Chinese, who have become ensnared in cyber scam networks run by powerful Chinese criminal syndicates in Southeast Asia. Regional and Chinese authorities have netted thousands of people in a crackdown, but experts say they are failing to root out the local elites and criminal networks that are bound to keep running the schemes.

When scam operations are shut down in one place they often just resurface elsewhere. The problem is an embarrassment for Beijing and is discouraging ordinary Chinese from traveling to Southeast Asia out of fear they might be duped or kidnapped and caught up in a cyber scam operation.

In recent years, media reports have uncovered instances of young people being lured to places in Cambodia or Myanmar for high-paying jobs, only to be forced to work as scammers. Rescue organizations say people are regularly beaten or face physical punishments such as being forced to run laps if they don’t perform well.

In August, China, Thailand, Laos and Myanmar agreed to set up a joint police operations center to tackle cyber scams in the region. On Oct. 10, China’s Ministry of Public Security announced that its “Summer Operation” had successfully brought back 2,317 scam suspects from northern Myanmar to China.

China calls such people suspects, though experts say most of them are victims who were forced to work for the criminals. They question how they will be treated once back in China.

The schemes based in countries like Myanmar, Laos and Cambodia are run by Chinese bosses hand-in-hand with local elites. Many are based in places where China has financed big construction projects through leader Xi Jinping’s signature Belt and Road Initiative.

Myanmar’s border regions long have been a magnet for criminals — historically including drug producers and traffickers — because of lax law enforcement. Such places are generally under the control of ethnic minority armed groups, either opposed to or allied with Myanmar’s central government. Some also cooperate with organized crime gangs.

“From the vantage point of the Chinese government, it’s a source of extreme embarrassment that you have so many of these Chinese criminals operating all across Southeast Asia,” said Jason Tower, an expert on transnational crime with the United States Institute of Peace.

The syndicates also are known for “pig butchering” cons, where scammers entice individuals, often halfway across the world, to invest their money in bogus schemes after duping them into digital romances.

The scammers divide their targets into two categories: Chinese and non-Chinese. They use scripts, images of models and influencers and translation software to trick the people they contact by phone or online into parting with their money. Victims can be anywhere in the world.

The criminals have “ridden on the shoulders of the Belt and Road Initiative,” said Tower, who outlined links between the criminals and Chinese state enterprises, think tanks and government officials in a 2020 report written for the United States Institute of Peace.

Zhang was working in Thailand and on a visa run to Laos when he met the man who lured him to the scam compound in Myanmar. Giving what he said was his last name, Gao, he claimed to be a broker and travel agent for Chinese living in Thailand. Zhang and his wife wanted extra money to pay for in vitro fertilization to have another child. Gao suggested he go work in Myawaddy, in eastern Myanmar’s Kayin state, teaching a local chef how to cook Chinese dishes in Gao’s new restaurant. The pay would be double what Zhang made in China.

Zhang was wary. Since a 2021 coup, military-controlled Myanmar has been embroiled in civil conflict. But Gao reassured him that he wouldn’t be doing anything illegal and said the restaurant would have plenty of customers since many cyber scam businesses were operating in the area.

That might have raised a red flag but it was only once he got to Myanmar that Zhang realized his predicament. He asked to go back home, saying there was a family emergency. His family helped him scrape together some 40,000 yuan ($5,472) to pay off the debt Gao claimed he owed him, and he slipped away one night, swimming across the Moei River into Thailand, where he turned himself in to Thai police, who contacted the Chinese Embassy.

Zhang showed the AP copies of his deportation notice from the Thai Immigration police and a temporary ID card. He returned to China in late June and was questioned by Chinese police but not detained. He has been sharing his story on Douyin, the Chinese version of TikTok, to alert others to the risks and says people often contact him about relatives trapped in cyber scam compounds.

“We all went out with this wonderful sense of hope, but then reality slammed us in the face,” he said.

In total, China has detained some 4,000 suspects and returned them back to China.

The Ministry of Public Security has claimed “breakthrough results” through operations in coordination with Myanmar authorities. On Monday, they announced they had repatriated another 2,349 people. The ministry did not respond to a faxed request for comment.

One 31-year old former chef who was smuggled into Myanmar’s Wa State earlier this year said he saw his company hand over four people to Chinese police with little fanfare in September. Other companies did the same, said the man, who was smuggled into Myanmar and later rescued by a non-profit organization. He declined to be named out of fear of government retribution, and The Associated Press could not independently verify his account.

Overall, the enforcement actions don’t seem very comprehensive, experts say. The groups now based in Myanmar originally were located in Cambodia. When Cambodia cracked down on online gambling rings and illegal casinos in 2019, many of the groups just moved to less well policed places in Myanmar. Some were taken over by rival gangs.

China’s efforts to repair its image have so far not made much headway, said Thitinan Pongsudhirak, a professor of political science at Thailand’s Chulalongkorn University.

“You can crack down on these symptoms and the manifestations … that you can see in the borderland areas,” he said, “but they’ll come back unless you really have a sustained effort.”

Related: UN Warns Hundreds of Thousands in Southeast Asia Roped Into Online Scams

Related: Spain Arrests Hackers in Crackdown on Major Criminal Organization

Related: Crackdown on African Cybercrime Leads to Arrests, Infrastructure Takedown

https://www.securityweek.com/china-crackdown-on-cyber-scams-in-southeast-asia-nets-thousands-but-leaves-networks-intact/

Malware hunters in Google’s Threat Analysis Group (TAG) say government-backed hacking groups from different countries are feasting on a well-documented security flaw in the popular WinRAR file archiving utility more than three months after patches were released.

The WinRAR code execution vulnerability, tracked as CVE-2023-38831, was fixed in July after zero-day exploitation was detected but now, three months later, Google says APT groups linked to Russia and China are still using the exploit with success.

“Cybercrime groups began exploiting the vulnerability in early 2023, when the bug was still unknown to defenders. A patch is now available, but many users still seem to be vulnerable,” Google’s Kate Morgan said in a note documenting the APT discoveries. “After a vulnerability has been patched, malicious actors will continue to rely on n-days and use slow patching rates to their advantage.”

Morgan said the flaw, which allows attackers to execute arbitrary code when a user attempts to view a benign file (such as an ordinary PNG file) within a ZIP archive, has been known since at least April 2023 and immediately attracted the interest of threat actors.

“Hours after the blog post [about zero-day exploitation] was released, proof of concepts and exploit generators were uploaded to public GitHub repositories. Shortly after that, TAG began to observe testing activity from both financially motivated and APT actors experimenting with CVE-2023-38831,” Morgan added.

In one case, Google TAG detected the Russia-linked Sandworm delivering decoy PDF documents and malicious ZIP files exploiting the WinRAR bug.  Sandworm, aligned with Russian Armed Forces’ Main Directorate of the General Staff (GRU) Unit, used the exploit to deliver a commodity infostealer that is able to collect and exfiltrate browser credentials and session information from infected machines. 

Morgan documented another incident where APT28, another hacking team linked to Russian GRU, used a free hosting provider to serve CVE-2023-38831 to target users in Ukraine. 

Google said it also caught government-backed groups linked to China launching WinRAR exploits in targeted attacks against users in Papua New Guinea.

“The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite a patch being available. Even the most sophisticated attackers will only do what is necessary to accomplish their goals,” Morgan warned.

Software security defects in the WinRAR tool are constantly being targeted by cybercriminals and APT groups.  SecurityWeek has reported on multiple WinRAR exploitation incidents recently, including usage by financially motivated hackers against traders and .gov-backed advanced threat actors.

Related: Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day

Related: WinRAR Vulnerability Exploited to Deliver New Malware

Related: Recently Patched WinRAR Flaw Exploited in APT Attacks

Related: Hackers Exploit WinRAR Vulnerability to Deliver Malware

https://www.securityweek.com/three-months-after-patch-gov-backed-actors-exploiting-winrar-flaw/