According to Clare O’Neil, Australian Home Affairs Minister, the country will adopt a more muscular approach to cyber defence in response to a wave of ransomware attacks against Australian firms. Measures will include ‘hacking the hackers’ as part of the country’s offensive cyber capability (OCC), and the general use of strategic ambiguity to strike at cybercriminals while crafting responses to attacks on government and business, especially those demanding a ransom. The government is reportedly considering outlawing the payment of ransoms to disrupt the cybercriminals’ business model.
Cybersecurity
CISA and FBI issue joint advisory on Iranian government-sponsored APT actors compromising federal network
In the USA, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI) have issued a cybersecurity advisory regarding an incident at a Federal Civilian Executive Branch (FCEB). Having assessed that the FCEB network was compromised by Iranian government-sponsored advanced persistent threat (APT) actors, the two entities provided details on the actors’ tactics, techniques, and procedures. One of the findings was that the cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server. As such, organisations with affected VMware systems that did not immediately apply available patches or workarounds were advised toto assume compromise and initiate threat-hunting activities.
Support for Partnership for Global Infrastructure and Investment Projects reiterated at G20 Summit in Bali
During the 2022 G20 Summit hosted in Bali, Indonesia, the US President Biden, Indonesian President Widodo, and European Commission President Von der Leyen co-hosted a meeting of a group of G20 leaders to ‘demonstrate their shared commitment to deepen engagement under the Partnership for Global Infrastructure and Investment (PGII) to accelerate investment in quality infrastructure in low and middle income countries around the world and strengthen the global economy’. PGII – formally launched at the G7 in June 2022 – aims to support inclusive and sustainable development and benefit the partner countries’ economic security and global supply chains, among other goals.
During the meeting, President Biden announced a series of new projects, including a Trilateral Support for Digital Infrastructure in the Pacific (United States, Australia, and Japan). The project aims at supporting digital projects that will improve access to digital services and strengthen their security in the Pacific region.
DTrack activity detected in countries in Europe and Latin America
Kaspersky, a cybersecurity company, has detected DTrack activity in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the USA. The Lazarus group uses DTrack as a backdoor against a wide range of targets, allowing attackers to upload, download, launch, or delete files on the victim host. Education, chemical manufacturing, government research centres and policy institutes, IT service providers, power providers, and telecommunications are among the targeted industries.
New Somnia ransomware attacks target corporations in Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) reported the spread of a new ransomware strain called ‘Somnia’, attributing the attacks to the Russian threat actor known as ‘From Russia with Love’ (FRwL), also known as ‘Z-Team’. The ransomware attacks targeted Ukrainian corporations’ employees, using their Telegram accounts to try and gain access to a corporate network.
As explained by CERT-UA, the group used fake sites that mimic the ‘Advanced IP Scanner’ software, which, if downloaded, infects the victim’s computer with the Vidar data-stealing malware that can capture Telegram session data, as well as take over the victim’s account.
Then, the threat actors used victims’ Telegram accounts to gain access to the corporate network. Once access to the target’s network was obtained, the hackers executed reconnaissance operations using tools like Netscan and deployed Cobalt Strike Beacons before exfiltrating data.
According to CERT-UA, the group had previously revealed that they created Somnia ransomware on Telegram and posted evidence of the attacks they made against Ukrainian targets.
EU proposed actions to boost its cyber capabilities
The European Union has recently proposed a set of measures to help its armies move faster in times of conflict. The proposal aims to holistically strengthen the European infrastructure, focusing on cyberattacks and the protection of critical infrastructure, as well. The Action Plan on Military Mobility will help European armed forces to better respond to crises erupting at the EU’s external borders and beyond.
Cybercrime Ad Hoc Committee Consolidated Negotiating Document
In preparation for the fourth session, the Committee Chair, with the support of the Secretariat, has prepared a ‘Consolidated negotiating document on the general provisions and the provisions on criminalization and on procedural measures and law enforcement of a comprehensive international convention on countering the use of information and communications technologies for criminal purposes.’ Essentially, the document is a compilation of the states’ proposals during the second session regarding the general provisions, criminalisation, procedural measures, and law enforcement of the draft convention. Regarding the general provisions, the document emphasizes the protection of sovereignty, while most states agreed that the ‘use of terms’ shall be addressed after defining the substantive articles.
Criminalisation provisions cover offences such as illegal access, misuse of devices, and computer-related forgery, among others, while also including offences related to online child sexual abuse. Additionally, the document expands the criminalisation of offences, including but not limited to the incitement of armed activities, terrorism-related offences, and illegal distribution of medicines.
Provisions on procedural measures and law enforcement establish the jurisdiction over the offences that occurred in the territory of a state party, committed by or against a national of the state party, or committed against the state party. The article on jurisdiction ‘does not exclude the exercise of any criminal jurisdiction established by a State Party in accordance with its domestic law.’ Attention was also given to the search and seizure of electronic data, in which states are obliged to adopt measures that empower the competent authorities to search or seize computer data and digital information ‘where there is reasonable belief that a criminal offence was committed or is being committed… in the territory or under the jurisdiction of that State Party.’
Lastly, the consolidated document established that the implementation of the powers and procedures should be in line with international human rights law provisions, while highlighting the need to ensure witness protection.
Sixth Summit of the Conference on Interaction and Confidence Building Measures in Asia
DiploFoundation
DiploFoundation (Diplo) is a non-profit organisation established in 2002 by the governments of Malta and Switzerland. It has offices in Malta, Switzerland, Serbia, and the USA. With the mission to increase the power of small and developing states to influence their own futures and development, Diplo’s main activities are dedicated to developing capacity, organising meetings and events, delivering courses, conducting research, publishing analyses, and experimenting with technological tools.
Over the years, Diplo has successfully trained over 7,500 alumni from 208 countries and territories, including individuals working in governments, the private and civil sectors, media, and academia.
The Geneva Internet Platform (GIP) is an initiative supported by the Swiss Federal Department of Foreign Affairs (FDFA), the Swiss Federal Office of Communications (OFCOM), and the Republic and Canton of Geneva. It is operated by Diplo.
Digital activities
The GIP engages actors, fosters meaningful dialogues on digital governance, and monitors digital policy processes in Geneva and beyond. The GIP also provides a neutral and inclusive space for digital policy debates, recognised as a platform where different views can be voiced and the risks and vulnerabilities of technology addressed.
Concretely, GIP activities are centred on two pillars: 1) the physical platform in Geneva that hosts events and delivers training and 2) the GIP Digital Watch Observatory, which monitors and tracks the latest updates, overviews, instruments, resources, events, and actors across 7 baskets of over 50 internet governance and digital policy topics, trends, and processes.
Apart from the GIP, Diplo also operates a Diplo Academy that delivers a wide range of courses primarily dedicated to diplomats and government officials; long-running courses cover subjects in internet governance, AI, cybersecurity, e-diplomacy, science diplomacy, and tech diplomacy.
Diplo hosts an AI lab that develops in-house AI solutions that can be used in research, courses, training, and other projects. Its notable projects include an AI reporting system, AI assistants, and other internal tools.
Diplo is also advancing on conferencing technologies through the ConfTech project, providing resources guiding event planners through the how-to of hosting hybrid meetings.
Digital policy issues
Artificial intelligence
Diplo’s research on and analysis of AI stretches from the most pertinent policy and governance issues to reflections on AI development in general. For instance, Diplo pooled together resources on national AI strategies and international negotiation processes on AI governance; in the Stronger Digital Voices from Africa report, Diplo also included a specific section analysing how African countries approach frontier technologies like AI. Across the seven baskets of digital issues covered by the Digital Watch Observatory, Diplo experts also highlighted the policy implications AI brings to a given issue, allowing domain experts from different fields to comprehend the impact of AI technologies.
Under the banner of HumAInism, Diplo experts also offer their timely reflections on AI development in the form of blog posts, policy briefs, and reports, exploring the nexus of governance, diplomacy, technology, philosophy, linguistics, and arts.
Specifically, in exploring the interplay of AI and diplomacy, Diplo provided detailed analyses of how AI technologies might affect the field of foreign policy and diplomacy; commissioned by the Finnish Ministry for Foreign Affairs, Diplo wrote a report titled Mapping AI’s challenges and opportunities for the conduct of diplomacy.
Dedicated to upskilling diplomats, students, and other professionals, Diplo Academy launched the AI Campus in 2024, containing a series of modules introducing the technical foundations, applications, governance and regulation mechanisms, and philosophical aspects of AI.
Cybersecurity
The Geneva Dialogue on Responsible Behaviour in Cyberspace (GD) was launched in 2018 by the Swiss Federal Department of Foreign Affairs (FDFA) in cooperation with the GIP, with the support of other stakeholders. The GD maps the roles and responsibilities of non-state actors in contributing to a more secure cyberspace in the context of international peace and security. It is an ongoing process that identifies and brings together existing efforts, good practices, and possible gaps, making recommendations to overcome such gaps. It also serves as a platform in Geneva and beyond for different stakeholders to engage and discuss topics on responsible behaviour in cyberspace.
In 2023, a major achievement of the GD was the publication of the Geneva Manual on Responsible Behaviour in Cyberspace. Launched during a dedicated event hosted in Geneva in December 2023, the Manual offers possible guidance for the international community in advancing the implementation of existing norms and establishing good practices. The inaugural edition of the Manual focuses on two norms related to supply chain security and responsible reporting of ICT vulnerabilities. The Geneva Dialogue and Geneva Manual were included in the written and verbal statements to the UN Open-Ended Working Group (OEWG) on the security of and in the use of information and communications technologies in December 2023. From January 2024, the GD focuses on the existing norms and confidence-building measures (CBMs) related to critical infrastructure protection.
Capacity development
As per Diplo’s stated mission to support small and developing states in participating in digital policy negotiations and discussions, Diplo develops and hosts a wide range of training, courses, and events in both Geneva and across the world. The Geneva office is Diplo’s main outreach post where Diplo engages with diplomatic communities in the International Geneva. Diplo hosts monthly briefings for Geneva-based diplomats who cover science, technology and innovation issues; its in-house experts dissect the most recent digital policy negotiation processes and provide space for diplomats to ask questions and form opinions. Diplo also partakes in multiple events in and around Geneva, supporting other diplomatic or international organisation actors with its network of experts in the fields of cybersecurity, AI, digital infrastructure, data governance, digital economy, etc.
From 2023 to 2024, Diplo, with the support of the United States Mission to International Organizations to Geneva, ran the Policy Meets Tech series to help bridge gaps between technology and policy in digital governance. Dedicated to missions of small and developing countries, the series included events in which experts ‘opened the black box’ of technical subjects like the internet, AI, quantum computing, virtual reality, satellites, and cryptography.
In the lead-up to the UN Summit of the Future and the adoption of the Global Digital Compact, Diplo delivered two rounds of training on digital governance issues for New York-based diplomats and hosted a two-day expert-guided diplomatic dialogue in Geneva to facilitate honest and transparent exchanges of information and opinions among diplomats, providing both background information of the GDC and clarifying technical details.
Apart from more Geneva-based and globally-focused events, Diplo also delivers more country-tailored training on demand; taking requests from governments all over the world, Diplo curates a series of activities and lectures for diplomats or governmental officials according to their needs. For instance, with the support of various partners, Diplo has long been building digital governance capacities in the Caribbean and African regions.
Lastly, Diplo Academy is Diplo’s online learning platform, offering a wide range of courses covering different facets of diplomacy and the most topical digital policy domains. The faculty consists of high-ranking practising and retired diplomats, as well as renowned academics in the fields of digital policy, diplomacy, and international relations. Since 1994, Diplo Academy has run more than 500 courses and trained more than 7500 alumni from 208 countries working in governments, civil society, the private sector, media, and academia.
Digital tools
AI assistants
Believing in walking the talk, Diplo experiments with digital technologies and builds its own AI tools for research and educational purposes. Its AI lab has developed DiploAI, a domain-specific AI system that was fine-tuned for diplomatic and policy-relevant texts; it enables Diplo researchers to build customisable AI assistants for courses, diplomatic training, and research. For example, using the retrieval-augmented generation (RAG) technique, a Diplo researcher is able to customise an AI assistant based on a third-party large language model (LLM) by providing the latter with a curated dataset trained on global digital governance documents and various countries’ official statements. Diplo’s guiding principles in building such assistants are grounded in the pursuit of AI solutions that are open-source, inherently bottom-up, and traceable by showing the basis on which AI assistants generate answers.
Diplo also implements the same principles when incorporating smart searching features into its main website (diplomacy.edu); on the site, a publicly available AI assistant takes users’ queries and guides them to the right Diplo resources.
Conferencing technologies
In experimenting with AI tools to meet the diplomatic needs of reporting from events and meetings, Diplo takes conferencing technologies to another level. During a UN Security Council special session, Diplo deployed its human-AI hybrid system, generating just-in-time reports of country statements and key questions. The hybrid system leverages AI’s real-time transcription and summarisation capability along with human quality control. The system has been tested during larger international conferences and events, such as the 78th UN General Assembly, the Internet Governance Forum (IGF) 2023, the UN Trade and Development (UNCTAD) eWeek 2023, and the World Economic Forum 2024.
Digital footprint
Started as a mapping exercise to understand the significance of major Geneva actors’ digital presence in the world, the Geneva Digital Footprint application shows the visibility of more than 200 Geneva-based actors on Google’s search engine. The application evaluates how visible Geneva-based actors’ website domains are in 50 cities worldwide as users enter 500 plus keywords pertinent to the digital policy discussions, such as trade, healthcare, emerging technologies, humanitarian aid, etc. The application is updated frequently, its rich repertoire of data serving as a basis for the 9th Geneva Engage Awards and other analyses on Geneva’s overall importance in the field of digital.
Colour of flags
Diplo’s AI lab developed a simple game of guessing the pattern of the country flag colour compositions and generating new flags for countries based on such patterns. The game is developed to show the logic behind AI algorithms, which are broadly based on ‘probabilistic calculations’ and ‘pattern recognition’, in the simplest way possible to reduce barriers for non-technical background diplomats and policymakers who must negotiate about the governance of AI technologies. The Colour of Flags is physically playable as a card-based board game and digitally available as well.
Other tools
For more of Diplo’s publicly available tools, please check the AI and Technology page under HumAInism.
Social media channels
Facebook @DiploFoundation
Instagram @diplofoundation
LinkedIn @diplofoundation
X @DiplomacyEdu
YouTube @DiploFoundation
Contact @ geneva@diplomacy.edu
Ukraine crisis: A timeline of developments
The Computer Emergency Response Team of Ukraine (CERT-UA) reported the spread of a new ransomware strain called ‘Somnia’, attributing the attacks to the Russian threat actor known as ‘From Russia with Love’ (FRwL), also known as ‘Z-Team’. The ransomware attacks targeted Ukrainian corporations’ employees, using their Telegram accounts to try and gain access to a corporate network.
As explained by CERT-UA, the group used fake sites that mimic the ‘Advanced IP Scanner’ software, which, if downloaded, infects the victim’s computer with the Vidar data-stealing malware that can capture Telegram session data, as well as take over the victim’s account.
Then, the threat actors used victims’ Telegram accounts to gain access to the corporate network. Once access to the target’s network was obtained, the hackers executed reconnaissance operations using tools like Netscan and deployed Cobalt Strike Beacons before exfiltrating data.
According to CERT-UA, the group had previously revealed that they created Somnia ransomware on Telegram and posted evidence of the attacks they made against Ukrainian targets.