The recent Chinese spy operation has intensified concerns about foreign digital interference in the electoral process. This follows Iranian hackers’ unsuccessful attempts to breach and leak emails from the Trump campaign, alongside disinformation campaigns tied to Russia spreading across social media platforms.
In preparation for the official launch of its AI platform, Apple Intelligence, next week, Apple unveiled new tools for security researchers this week to assess its cloud framework known as Private Cloud Compute. The tech giant has made significant efforts to develop a secure and private AI cloud environment. The latest release features comprehensive technical documentation outlining its security attributes, as well as a research environment already integrated in the macOS Sequoia 15.1 beta version. These testing capabilities allow researchers and anyone interested to download and analyze the current version of the PCC software that Apple operates in its cloud. The company informed WIRED that the only changes to the software are optimizations for running in the virtual machine used for research purposes. Additionally, Apple has published the PCC source code and announced that vulnerabilities discovered by researchers could qualify for a bug bounty of up to $1 million as part of its bug bounty program.
Throughout the summer, major news organizations such as Politico, The New York Times, and The Washington Post disclosed that they had been approached by a source offering hacked Trump campaign emails, which the US Justice Department claims was an individual acting on behalf of the Iranian government. All three outlets chose not to publish or report on the stolen materials. However, it appears that Iranian hackers ultimately found alternative channels for releasing the emails. The American Muckrakers, a political action committee led by a Democratic operative, published the documents after issuing a public request on social media, stating, “Send it to us and we’ll get it out.”
American Muckrakers subsequently disclosed internal communications from the Trump campaign regarding North Carolina Republican gubernatorial candidate Mark Robinson, Florida Republican representative Anna Paulina Luna, and documents hinting at a financial arrangement between Donald Trump and Robert F. Kennedy Jr., a third-party candidate who later endorsed Trump after withdrawing from the race. Independent journalist Ken Klippenstein also obtained and published some of the hacked information, including a research profile prepared by the Trump campaign while evaluating US Senator JD Vance as a potential running mate. Klippenstein later reported being visited by the FBI, which warned him that the documents were part of a foreign influence campaign. He defended his decision to publish, asserting that the media should not act as the “gatekeeper of what the public should know.”
As Russia has engaged in both military and cyber warfare against Ukraine, it has also executed extensive hacking operations against Georgia, a neighboring country with a historically tense relationship. Bloomberg recently revealed that Russia systematically infiltrated Georgia’s infrastructure and government over several years, particularly leading up to the Georgian elections. For example, from 2017 to 2020, the GRU, Russia’s military intelligence agency, penetrated Georgia’s Central Election Commission, various media organizations, and IT systems of the national railway company, mirroring Russia’s earlier cyber intrusions in Ukraine. Additionally, the NSA attributed attacks on Georgian television stations in 2020 to the GRU’s Sandworm unit. Meanwhile, hackers known as Turla, affiliated with the Kremlin’s KGB successor, the FSB, accessed the Georgian Foreign Ministry’s systems and siphoned off gigabytes of official emails over several months. According to Bloomberg, Russia’s hacking activities aimed at espionage also seemed to lay the groundwork for potential disruptions to Georgian infrastructure, including electric and oil companies, should tensions escalate.
For years, cybersecurity experts have debated what truly constitutes a cyberattack. Is it an intrusion meant to destroy data, cause disruption, or sabotage infrastructure? Yes, that qualifies as a cyberattack. But if the breach is merely to steal data? Perhaps not. The line grows even blurrier with hack-and-leak operations or espionage missions that involve disruption afterward. This week, the Jerusalem Post presented a particularly confusing example of categorizing something as a cyberattack—a headline regarding purported “Hezbollah cyberattacks” that were simply social media posts. These posts showcased images of Israeli hospitals purportedly suggesting they housed weapons and cash, calling for attacks on them. These messages seemingly responded to claims from the Israeli Defense Forces regarding hospitals in Gaza that had been bombarded, as well as similar allegations concerning a recent incident in Beirut, Lebanon.
In response, cybersecurity researcher Lukasz Olejnik criticized the labeling, stating alongside a screenshot of the Jerusalem Post headline on social media, “These are NOT CYBERATTACKS. Posting images to social media is not hacking. Such a bad take.”.
