Sign up to the weekly newsletter!
This Cyberstability Update is an overview of all articles included in our Weekly Newsletters for the month. Want to receive these updates on a weekly basis? Sign up here to receive our weekly newsletter on the work of the Global Commission on the Stability of Cyberspace (GCSC), its members and developments in the field of international cyber policy.
The GCSC in the News
The article by Marietje Schaake was published in the Georgetown Journal of International Affairs, 30th October 2018
When J.P. Barlow presented his 1996 “Declaration of the Independence of Cyberspace” in Davos, cyberspace was idealized as a separate universe, detached from the ‘real’ world, with no government controls and no national boundaries. Twenty-two years later, this libertarian dream of the open internet has been buried with J.P. Barlow. The internet has increasingly become an essential element to furthering people´s development and freedom, as well as a foundation for economic growth and international trade. The stakes for nation-states to exercise control over its functioning have thus become higher and the global internet has now become a platform for political, economic, and military power. Additionally, private companies have become powerful, global actors in the online environment.
Industry leaders and politicians the world over are scrambling to lead the development and use of artificial intelligence (AI) for the power and value it accrues. However, AI promises to implicate more than just politics and economics. It poses fundamental questions on how societies and communities will be organised in the future–capable of radically transforming workforce and work-life as we know it. In the last 24 months alone, more than a dozen countries have devised national strategies on AI; many of these tomes run into several hundred pages. This publication examines 12 of these national strategies: the US, UK, EU, Germany, South Korea, Singapore, India, France, China, Canada, UAE and Japan.
Sunday marked the 100th anniversary of the armistice that ended the first World War. The 1918 ceasefire re-introduced a fragile peace that had collapsed when the world failed to defend common rules and international cooperation. International security and stability are as important now as they were a century ago. That’s why French President Emmanuel Macron and leaders from around the world are about to gather in Paris for the first Paris Peace Forum. The forum will attempt to pave a way forward for a world that is shifting and changing faster than most of us can keep up with. That change and shift, and the speed of it is enabled by the Internet.
The article by Commissioner Wolfgang Kleinwächter, Matthias Ketteman & Max Senges was published in CircleID, 9th November 2018
The development of the Internet has arrived at a new Crossroads. The growing Internet Governance complexity is leading also to a higher level of confusion on how the digital future should be shaped. Is the time ripe for a "New Deal" on Internet Governance? And which stakeholder should bear the primary responsibility for the normative framing of the key challenges internet governance is facing? As a flexible and credible provider of diplomatic solutions over decades, Europe can fulfill an important role here. The norm package, proposed by the Global Commission on Stability in Cyberspace, can be an important source of inspiration.
The article by Justin Sherman was published in Slate, 16th November 2018
Did you have trouble accessing Google on Monday? If so, that’s because another country may have hijacked your internet traffic. According to a Google blog post on the incident, users were temporarily unable to reach services for about an hour due to an issue “external” to the company. The Wall Street Journal reports research firm ThousandEyes said that bad network instructions rerouted traffic to Russian network TransTelekom, Nigerian internet provider MainOne, and China Telecom. Any of these countries may have been involved, though Russia and China are the most likely suspects.
The insecurity of the internet—as these recent events show—doesn’t just apply to laptops and smartphones, but to the internet protocols that are far more vulnerable to manipulation than you might imagine (or hope). Undermining trust in these single points of failure (what, I believe, the Global Commission on the Stability of Cyberspace means when they refer to the “public core” of the internet) undermines trust in the internet at a fundamental level in a way that hacks of specific devices don’t.
Data breaches at Facebook and Google—and along with Amazon, those firms' online dominance—crest a growing wave of anxiety around the internet's evolving structure and its impact on humanity. Three keys to the decades-long global expansion of the internet and the World Wide Web are breaking down.
The election interference tactics originally deployed by Russia against the US and Europe are now global. Hackers across the democratic world have exploited weaknesses in campaign email servers, probed electronic voting machines for vulnerabilities, set up troll farms to spread highly partisan narratives, and employed armies of bots to distort the truth online.
As we look to the future — especially the 2020 US presidential election — there will be a far more dangerous interference tool, one that will be available not only to malign governments, but individual actors: Deepfake video.
The Hague Center for Strategic Studies uploaded the podcast to their SoundCloud, 29th November 2018
Podcast host Paul Verhagen, associate data analyst at HCSS, talks with Christopher Painter, a Commissioner of the Global Commission on the Stability of Cyberspace (GCSC), on how to achieve cyber stability in the future and why a cyber weapons treaty is not the solution.
International Cyber Affairs
The article by Laurent Gisel and Lukasz Olejnik was published on the Humanitarian Law & Policy section of the International Committee of the Red Cross blog, 14th November 2018
Cyber attacks, defence and security are increasingly high on the agenda of technology and policy discussions. Indeed, cyber threats evolve rapidly and concerns are mounting over the use of hostile cyber operations and the potential risk for escalation. Cyber operations have damaged objects, disrupted the delivery of essential services to the population and, more generally, cost billions to governments and the private sector. While it is a struggle to keep up with the accelerating technical change, avenues to reduce the risk and effects of hostile cyber operations are proposed in various realms and discussed in many fora. This rapid evolution, its background and its consequences will be the focus of an expert meeting on the potential human cost of cyber operations organized this week by the International Committee of the Red Cross.
The article by Dennis Broeders and Sergei Boeke was published in Survival Journal ($), 20th November 2018
Dennis Broeders is and Associate Professor and Senior Fellow in the Hague Program for Cyber Norms, and Sergei Boeke is a researcher at the Institute of Security and Global Affairs (ISGA) at Leiden University. The article discusses the demilitarization of cyber conflict – The debate about state behaviour in cyberspace may be set in the wrong legal key.
The United States
The article by the Devdiscourse News Desk was published on their website, 1st November 2018
President Donald Trump's national security adviser warned US adversaries on Wednesday that the US is prepared to respond offensively to cyber attacks on the United States. John Bolton said that even before the administration released its cyber strategy last year, Trump had issued a classified executive order effectively reversing the Obama administration's approach to offensive cyber operations.
The article by Sean Lyngaas was published in Cyber Scoop, 19th November 2018
The Department of Justice’s second-in-command has called on other countries to step up their efforts to extradite accused cybercriminals, warning that the U.S. will “expose” attempts by other governments “to manipulate the extradition process.” “We will identify nations that routinely block the fair administration of justice and fail to act in good faith,” Deputy Attorney General Rod Rosenstein told a general assembly of Interpol, an international police organization, on Sunday.
The article by Brandon Knapp was published in The Fifth Domain, 2nd November 2018
A Department of Defense official said Nov. 1 that U.S. Cyber Command needs to have its own infrastructure and not lean as heavily on the National Security Agency for some cyber tools, a transition that may foreshadow an eventual split between the two dual-hatted agencies.
Cyber Command has operated on the NSA’s networks since its conception in 2009, but is in the process of building systems "by which we can do our own operations and not rely as heavily on the NSA infrastructure,” said Capt. Ed Devinney, director of corporate partnerships and technology outreach at Cyber Command.
The report of the NSTAC was published on the Department of Homeland Security website, November 2018
The United States is at an inflection point: simultaneously faced with a progressively worsening cybersecurity threat environment and an ever-increasing dependence on Internet technologies fundamental to public safety, economic prosperity, and overall way of life. Our national security is now inexorably linked to cybersecurity. Therefore, the Nation must build on past efforts and current strategies to seize the opportunity to strategically reorient from a largely reactive, incremental cybersecurity posture to a proactive approach that boldly assures digital trust, safety, and resilience for all Americans. Throughout this report, the NSTAC endeavors to answer several fundamental questions, including what a Cybersecurity Moonshot Initiative is, why it is necessary, and how the Nation can effectively operationalize it.
The article by Tom Wheeler was published by Brookings, 9th November 2018
On November 5, the Supreme Court declined to review the decision of the D.C. Circuit Court that twice upheld the 2015 Open Internet Rule. The industry groups that had long opposed non-discriminatory access to broadband networks had previously stopped such regulation at the D.C. Circuit. When they attempted the same thing with regard to the 2015 decision of the Federal Communications Commission (FCC), a three-judge panel ruled the FCC’s favor. The industry then appealed the panel’s decision to the entire D.C. Circuit and lost again. The industry then appealed that loss to the Supreme Court. The Supreme Court voted 4-3 (with Chief Justice Roberts and Justice Kavanaugh abstaining) to deny a writ of certiorari for the appeal. As a result, the lower court’s decision upholding the 2015 Open Internet Rule stands.
The article by Jacqueline Thomsen was published in The Hill, 13th November 2018
A top cyber official at the Defense Department on Tuesday urged companies to refrain from “hacking back” when they are the victim of a cyberattack, saying it could negatively affect the already unclear rules of engagement in cyberspace. B. Edwin Wilson, the deputy assistant secretary of defense for cyber policy, said at a Foundation for Defense of Democracies event that “industry, private citizens should have the ability to defend themselves.” But he cautioned that there is a “unique nature in cyberspace in regards to offensive activity,” such as a company using cyber methods to retaliate against hackers who target their networks.
The article by Aaron Boyd was published in NextGov, 28th November 2018
Soon, federal agencies will have a clear idea of how they are doing on basic cybersecurity and be able to compare their posture to other agencies across the government. The Homeland Security Department’s Continuous Diagnostics and Mitigation program, or CDM, is providing agencies with a sophisticated suite of cybersecurity tools. As those tools are put in place, the associated sensors are sending data to a centralized dashboard, giving Homeland Security and agencies a holistic view of cybersecurity throughout the federal enterprise. Now, Homeland Security is using that data to compile cyber scores using an algorithm called AWARE, which stands for Agency-Wide Adaptive Risk Enumeration.
The article by Max Smeets and Herb Lin was published on the Lawfare blog, 28th November 2018
The new U.S. Cyber Command (USCYBERCOM) vision and the Department of Defense Cyber Strategy embody a fundamental reorientation in strategic thinking. With the publication of these documents, as well as 2017 National Security Strategy and the 2018 National Defense Strategy, there is a general conception among experts that the U.S. has, for the first time, articulated a strategy that truly appreciates the unique “symptoms” of cyberspace. Yet most cyber experts have also argued that the ‘medicine’ prescribed by the Defense Department and USCYBERCOM should be further scrutinized.
The article by David E. Sanger and Steven Lee Myers was published in The New York Times, 29th November 2018
Three years ago, President Barack Obama struck a deal with China that few thought was possible: President Xi Jinping agreed to end his nation’s yearslong practice of breaking into the computer systems of American companies, military contractors and government agencies to obtain designs, technology and corporate secrets, usually on behalf of China’s state-owned firms. The pact was celebrated by the Obama administration as one of the first arms-control agreements for cyberspace — and for 18 months or so, the number of Chinese attacks plummeted. But the victory was fleeting.
U.S. - Russia Relations
The article by Alex Grigsby was published in the Council on Foreign Relations blog, 29th October 2018
It's October and the United Nations General Assembly and subsidiary committees have started their work in earnest. As expected, Russia tabled a draft resolution seeking the General Assembly's endorsement of an "international code of conduct for international information security," and a resumption of the UN Group of Governmental Experts (GGE) process next year. Somewhat less expected, however, is that the United States tabled a competing resolution, setting up a clash between Russia, China, and their largely autocratic friends on one side, and the United States, the European Union, Canada, Japan, and Australia on the other.
The article by Charlie Mitchell was published in Inside Cybersecurity, 30th October 2018
A U.S. cyber operation aimed at disrupting Russian plans to interfere in the midterm elections may involve more of a “message” to bad actors than actual offensive strikes, according to a former senior official, but even that would mark a significant new step in cybersecurity policy.
The article by Zachary Fryer-Biggs (Center for Public Integrity) was published in The Daily Beast, 2nd November 2018
The U.S. intelligence community and the Pentagon have quietly agreed on the outlines of an offensive cyberattack that the United States would unleash if Russia electronically interferes with the 2018 midterm election on Nov. 6, according to current and former senior U.S. officials who are familiar with the plan.
In preparation for its potential use, U.S. military hackers have been given the go-ahead to gain access to Russian cybersystems that they feel is needed to let the plan unfold quickly, the officials said.
The article by Michael Klare was published in Foreign Policy In Focus, 1st November 2018
“Now we have a new Cold War,” commented Russia expert Peter Felgenhauer in Moscow after President Trump recently announced plans to withdraw from the Intermediate-Range Nuclear Forces (INF) Treaty. The Trump administration is “launching a new Cold War,” said historian Walter Russell Mead in the Wall Street Journal, following a series of anti-Chinese measures approved by the president in October. And many others are already chiming in.
Recent steps by leaders in Washington, Moscow, and Beijing may seem to lend credence to such a “new Cold War” narrative, but in this case history is no guide. Almost two decades into the twenty-first century, what we face is not some mildly updated replica of last century’s Cold War, but a new and potentially even more dangerous global predicament.
The article by Alex Grigsby was published on the Council on Foreign Relations website, 15th November 2018
The United Nations is set to double its workload as it relates to the international security dimensions of cyberspace over the next few years. Last week, the General Assembly’s first committee adopted two separate (and some would say competing) resolutions on the actions of states in cyberspace. One resolution, sponsored by Russia, creates an open-ended working group of the General Assembly to study the existing norms contained in the previous UN GGE reports, identify new norms, and study the possibility of "establishing regular institutional dialogue ... under the auspices of the United Nations." The other resolution, sponsored by the United States, creates a new Group of Governmental Experts (GGE) to study how international law applies to state action in cyberspace and identify ways to promote compliance with existing cyber norms.
The article by Sheera Frenkel et al was published in The New York Times, 14th November 2018
Inside Facebook’s Menlo Park, Calif., headquarters, top executives gathered in the glass-walled conference room of its founder, Mark Zuckerberg. It was September 2017, more than a year after Facebook engineers discovered suspicious Russia-linked activity on its site, an early warning of the Kremlin campaign to disrupt the 2016 American election. Congressional and federal investigators were closing in on evidence that would implicate the company. But it wasn’t the looming disaster at Facebook that angered Ms. Sandberg. It was the social network’s security chief, Alex Stamos, who had informed company board members the day before that Facebook had yet to contain the Russian infestation.
The article by Renee DiResta was published on Ribbonfarm, 28th November 2018
There is a war happening. We are immersed in an evolving, ongoing conflict: an Information World War in which state actors, terrorists, and ideological extremists leverage the social infrastructure underpinning everyday life to sow discord and erode shared reality. The conflict is still being processed as a series of individual skirmishes – a collection of disparate, localized, truth-in-narrative problems – but these battles are connected.
The article by Martin Banks was published in DefenseNews, 21st November 2018
The European Union has unveiled a new batch of projects under its fledgling Permanent Structured Cooperation (PESCO) defense pact. There will be 17 new projects in addition to the initial 17 agreed almost a year ago. The new activities cover areas such as training, capability development and operational readiness on land, at sea and in the air, as well as cyber-defense. The Cyber Threats and Incident Response Information Sharing Platform, one of the 17 new projects formally announced on Monday, will develop more active cyber-defense measures, potentially moving from traditional firewalls to more active measures. The EU also recently adopted an updated version of the EU cyber defense policy framework.
The article by Carl Miller was published in Wired, 14th November 2018
A barbed-wire fence stretched off far to either side. A Union flag twisted in a gust of wind, and soldiers strode in and out of a squat guard’s hut in the middle of the road. Through the hut, and under a row of floodlights, I walked towards a long line of drab, low-rise brick buildings. It was the summer of 2017, and on this military base nestled among the hills of Berkshire, I was visiting a part of the British Army unlike any other. They call it the 77th Brigade. They are the troops fighting Britain’s information wars.
The article by MrKoot was published on his blog, 15th November 2018
On 12 November 2018, the Dutch minister of defense released (in Dutch) the MoD’s Defense Cyber Strategy 2018. The initial strategy was released in 2012 and revised in 2015. The new strategy document (.pdf, in Dutch; mirror) is available only in Dutch. MrKoot provides an English translation of the document, describing the relevant provisions in more depth.
The news article was published on the GCHQ website, 29th November 2018
GCHQ, and the National Cyber Security Centre, have a proud history of discovering and disclosing security weaknesses in all manner of technologies. This work plays an important role in helping to secure the technology which underpins the economy and the everyday lives of millions of people in the UK and abroad. However, they do not disclose every vulnerability they find. In some cases, they judge that the UK's national security interests are better served by 'retaining' knowledge of a vulnerability. The natural question is, 'how do you decide which vulnerabilities to disclose?' This blog introduces the Equities Process, the means by which the UK intelligence community decides how to handle the vulnerabilities it discovers.
The UK action is consistent with the GCSC norm for countries to have Vulnerability Equities Processes (see above) & we encourage more countries to have procedurally transparent processes that favor disclosure. See the explanatory note of the Norm Package Singapore.
The Chapter, by Thomas Renard and Andre Barrinha, was first published in the European Security and Defense College Handbook on Cyber Security. It was uploaded to the Egmont Royal Institute for International Relations website, 28th November 2018
The European institutions became involved in cyber-related issues in the 1990s. However, cyberspace only came to be conceived as a security space a decade later. As late as 2003, cyber issues were not even mentioned in the European Security Strategy (ESS). That was to be progressively rectified with a number of non-binding communications from the European Commission, focusing mostly on the security of the EU’s cyberspace. The full Chapter can be accessed here.
The article by Ellie Zolfagharifard was published in The Telegraph, 1st November 2018
In its mission to rewrite the rules of the internet, China has gone on a global charm offensive.
The usually secretive nation has been seducing world leaders and emerging markets with “techno-dystopian” tools that promise to suppress dissent - and its ambitious campaign against democracy is working.
The article by Martin Giles was published on the MIT Technology Review website, 20th November 2018
The number of websites being censored in Saudi Arabia doubled a couple of weeks after Washington Post journalist Jamal Khashoggi was killed in the country’s consulate in Istanbul, according to an initiative that tracks internet censorship. While the increased censorship is not surprising, the results show how skillful automated tracking has become at sniffing out repression. Roya Ensafi, who leads the Censored Planet project, says it detected the sharp increase in censorship activity when it ran an automated scan on October 16. That was the day after Saudi and Turkish officials had conducted a joint inspection of the consulate, which Khashoggi entered a couple of weeks earlier to get a marriage license.
The article by Casey Newton was published in The Verge, 1st November 2018
Digital authoritarianism is on the rise, according to a new report from a group that monitors internet freedoms. Freedom House, a pro-democracy think tank, said today that governments are seeking more control over users’ data while also using laws nominally intended to address “fake news” to suppress dissent. It marked the eighth consecutive year that Freedom House found a decline in online freedoms around the world. Tech Crunch also have a take on the report, looking in particular at the decline of the U.S. in the rankings.
The article by Insikt Group was published on the Recorded Future blog, 28th November 2018
In the midst of the ongoing Yemeni civil war, local and international players are waging a secondary war through internet control and other cyber means. Recorded Future’s Insikt Group assesses that dynamics of the Yemeni civil war are manifesting themselves online through a struggle over Yemeni access, use, and control of the internet. Recorded Future identified both censorship controls and traffic attempting to subvert those controls within Yemen, as well as spyware activity. This report intends to establish a baseline of internet activity, use, and access in Yemen.
The article by Sean Gallagher was published in ArsTechnica, 21st November 2018
Digital privacy has come a long way since June 2013. In the five years since documents provided by Edward Snowden became the basis for a series of revelations that tore away a veil of secrecy around broad surveillance programs run by the National Security Agency, there have been shifts in both technology and policy that have changed the center of gravity for personal electronic privacy in the United States and around the world. Sadly, not all of the changes have been positive. And Snowden's true legacy is a lot more complicated than his admirers (or his critics) will admit.
The article by David E. Sanger was published in the New York Times, 26th October 2018
Microsoft said on Friday that it would sell the military and intelligence agencies whatever advanced technologies they needed “to build a strong defense,” just months after Google told the Pentagon it would refuse to provide artificial intelligence products that could build more accurate drones or compete with China for next-generation weapons.
The article by Tony Romm and James McAuley was published in the Washington Post, 12th November 2018
Facebook will open its doors for French regulators to study its approach to combating hate speech online, marking the latest attempt by governments around the world to figure out new ways to thwart toxic, derogatory content from spreading on social media. Under a six-month arrangement announced on Monday, French investigators will monitor Facebook’s policies and tools for stopping posts and photos that attack people on the basis of race, ethnicity, religion, sexuality or gender. From there, aides to French President Emmanuel Macron hope to determine “the necessary regulatory and legislative developments” to fight online hate speech, a government official said.
The report by FireEye was uploaded to their website, November 2018
Facing Forward: Cyber Security in 2019 and Beyond. This annual Security Predictions report offers unique insights into what we can expect from attackers, victim organizations, security vendors and nation-states in the coming year. These insights come directly from FireEye senior leaders and experts on a variety of teams who are on the frontlines of cyber security, including FireEye Threat Intelligence, Mandiant Consulting, and FireEye Labs.
The article by Zaid Shoorbajee was published in Cyber Scoop, 29th November 2018
In an effort protect the internet and its denizens from coordinated, automated cyberattacks, an industry group released an “International Anti-Botnet Guide” on Thursday. The guide offers best practices to collectively secure the digital ecosystem from botnets, the large networks of computer systems that malicious cyber actors use to automate and scale destructive online activity spreading malware like distributed denial of service (DDoS) attacks. The guide was put together by the Council to Secure the Digital Economy (CSDE), a group of trade associations that represent the technology industry, including USTelecom, Information Technology Industry Council (ITI) and Consumer Technology Association (CTA).
The article by Dan Goodin was published in Ars Technica, 29th November 2018
More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday. The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports.
The article by Ryan Gallagher was published by The Intercept, 29th November 2018
The secrecy surrounding the work was unheard of at Google. It was not unusual for planned new products to be closely guarded ahead of launch. But this time was different. The objective, code-named Dragonfly, was to build a search engine for China that would censor broad categories of information about human rights, democracy, and peaceful protest. Google’s leadership considered Dragonfly so sensitive that they would often communicate only verbally about it and would not take written notes during high-level meetings to reduce the paper trail, two sources said.
The article by William A. Carter was published by the Center for Strategic and International Studies, 29th October 2018
The 2016 election was a wake-up call for the United States that our largely digitized election systems are vulnerable. The Russian government targeted US campaigns, candidates, and election systems in a series of coordinated cyber attacks and influence operations intended to undermine confidence in American democracy.
In the last two years, federal, state and local election officials have made significant efforts to secure our election infrastructure and defend our democracy. We are better prepared in 2018 to deal with the threat of foreign election interference, but there is much more to be done to ensure the integrity and resilience of our elections against cyber threats for 2020 and beyond.
The article by Rob Marvin was published in PC Mag, 29th October 2018
Understanding modern election security means coming to grips with a daunting reality: especially in the United States, the infrastructure is too fragmented, outdated, and vulnerable to be completely secured. There are also far too many different types of attacks across the threat landscape to ever stop them all.
The article by Issie Lapowsky was published in Wired, 26th October 2018
On Friday, Facebook shut down another network of 82 accounts, pages, and groups that have been posing as US and UK citizens since 2016. The network, which Facebook says originated in Iran, has spread memes, articles, and other posts about political topics including race relations, the upcoming midterm election in the US, and the recent confirmation hearings for Supreme Court Justice Brett Kavanaugh. What distinguishes this latest group, which Facebooks says it discovered a week ago, from the Iranian propaganda network that tech giants shut down this past summer are the striking similarities between its campaign and the one the Russians mounted before the 2016 election.
The article by Dana Priest was published in the Washington Post, 28th October 2018
In the spring of 2015, Ukrainian President Petro Poroshenko was desperate for Mark Zuckerberg’s help. His government had been urging Facebook to stop the Kremlin’s spreading of misinformation on the social network to foment distrust in his new administration and to promote support of Russia’s invasion and occupation of parts of Ukraine. In the three years since then, officials here say the company has failed to address most of their concerns about Russian online interference that predated similar interference in the 2016 U.S. presidential election.
The article by James Cook was published in The Telegraph, 22nd November 2018
Google will verify the identities of people placing political adverts through its services around the time of the European Parliament elections in May 2019. The search engine will verify the identity and nationality of people paying to promote candidates who hope to become members of the European Parliament next year, according to a blog post published on Thursday.
The article by Lily Hay Newman was published in Wired, 20th November 2018
A major question hanging over the United States midterm election season: Where was Russia? But while GRU hackers didn't directly interfere, they appear to be as active as ever. New research from two threat intelligence firms indicates that two prominent Russia-linked groups have been developing some clever phishing innovations, and are working purposefully to expand their reach.