BOSTON, MASSACHUSETTS — Microsoft said Friday it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.

The hackers from Russia’s SVR foreign intelligence service used data obtained in the intrusion, which Microsoft disclosed in mid-January, to compromise some source-code repositories and internal systems, the software giant said in a blog and a regulatory filing.

A company spokesperson would not characterize what source code was accessed and what capability the hackers gained to further compromise customer and Microsoft systems. Microsoft said Friday that the hackers stole “secrets” from email communications between the company and unspecified customers — cryptographic secrets such as passwords, certificates and authentication keys — and that it was reaching out to them “to assist in taking mitigating measures.”

Cloud-computing company Hewlett Packard Enterprise disclosed on January 24 that it, too, was an SVR hacking victim and that it had been informed of the breach — by whom it would not say — two weeks earlier, coinciding with Microsoft’s discovery it had been hacked.

“The threat actor’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination and focus,” Microsoft said Friday, adding that it could be using obtained data “to accumulate a picture of areas to attack and enhance its ability to do so.”

Cybersecurity experts said Microsoft’s admission that the SVR hack had not been contained exposes the perils of the heavy reliance by government and business on the Redmond, Washington, company’s software monoculture — and the fact that so many of its customers are linked through its global cloud network.

“This has tremendous national security implications,” said Tom Kellermann of the cybersecurity firm Contrast Security. “The Russians can now leverage supply chain attacks against Microsoft’s customers.”

Amit Yoran, the CEO of Tenable, also issued a statement, expressing alarm and dismay. He is among security professionals who find Microsoft overly secretive about its vulnerabilities and how it handles hacks.

“We should all be furious that this keeps happening,” Yoran said. “These breaches aren’t isolated from each other, and Microsoft’s shady security practices and misleading statements purposely obfuscate the whole truth.”

Microsoft said it had not yet determined whether the incident is likely to materially affect its finances. It also said the intrusion’s stubbornness “reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.”

The hackers, known as Cozy Bear, are the same hacking team behind the SolarWinds breach.

When it initially announced the hack, Microsoft said the SVR unit broke into its corporate email system and accessed accounts of some senior executives as well as employees on its cybersecurity and legal teams. It would not say how many accounts were compromised.

At the time, Microsoft said it was able to remove the hackers’ access from the compromised accounts on or about January 13. But by then, they clearly had a foothold.

It said they got in by compromising credentials on a “legacy” test account but never elaborated.

Microsoft’s latest disclosure comes three months after a new U.S. Securities and Exchange Commission rule took effect that compels publicly traded companies to disclose breaches that could negatively affect their business.
…

Although NASA has delayed the launch of a crewed mission to orbit the moon until 2025 at the earliest, four selected astronauts are training in preparation for the first such journey in more than 50 years. VOA’s Kane Farabaugh caught up with the crew of Artemis II during training and has more from San Diego.
…

…

…

LONDON — Europeans scrolling their phones and computers this week will get new choices for default browsers and search engines, where to download iPhone apps and how their personal online data is used.

They’re part of changes required under the Digital Markets Act, a set of European Union regulations that six tech companies classed as “gatekeepers” — Amazon, Apple, Google parent Alphabet, Meta, Microsoft and TikTok owner ByteDance — will have to start following by midnight Wednesday.

The DMA is the latest in a series of regulations that Europe has passed as a global leader in reining in the dominance of large tech companies. Tech giants have responded by changing some of their long-held ways of doing business — such as Apple allowing people to install smartphone apps outside of its App Store.

The new rules have broad but vague goals of making digital markets “fairer” and “more contestable.” They are kicking in as efforts around the world to crack down on the tech industry are picking up pace.

Here’s a look at how the Digital Markets Act will work:

What companies have to follow the rules?

Some 22 services, from operating systems to messenger apps and social media platforms, will be in the DMA’s crosshairs.

They include Google services like Maps, YouTube, the Chrome browser and Android operating system, plus Amazon’s Marketplace and Apple’s Safari Browser and iOS.

Meta’s Facebook, Instagram and WhatsApp are included as well as Microsoft’s Windows and LinkedIn.

The companies face the threat of hefty fines worth up to 20% of their annual global revenue for repeated violations — which could amount to billions of dollars — or even a breakup of their businesses for “systematic infringements.”

What effect will the rules have globally?

The Digital Markets Act is a fresh milestone for the 27-nation European Union in its longstanding role as a worldwide trendsetter in clamping down on the tech industry.

The bloc has previously hit Google with whopping fines in antitrust cases, rolled out tough rules to clean up social media and is bringing in world-first artificial intelligence regulations.

Now, places like Japan, Britain, Mexico, South Korea, Australia, Brazil and India are drawing up their own versions of DMA-like rules aimed at preventing tech companies from dominating digital markets.

“We’re seeing copycats around the world already,” said Bill Echikson, senior fellow at the Center for European Policy Analysis, a Washington-based think tank. The DMA “will become the defacto standard” for digital regulation in the democratic world, he said.

Officials will be looking to Brussels for guidance, said Zach Meyers, assistant director at the Center for European Reform, a think tank in London.

“If it works, many Western countries will probably try to follow the DMA to avoid fragmentation and the risk of taking a different approach that fails,” he said.

How will downloading apps change?

In one of the biggest changes, Apple has said it will let European iPhone users download apps outside its App Store, which comes installed on its mobile devices.

The company has long resisted such a move, with a big chunk of its revenue coming from the 30% fee it charges for payments — such as for Disney+ subscriptions — made through iOS apps. Apple has warned that “sideloading” apps will come with added security risks.

Now, Apple is cutting those fees it collects from app developers in Europe that opt to stay within the company’s payment-processing system. But it’s adding a 50-euro cent fee for each iOS app installed through third-party app stores, which critics say will deter the many existing free apps — whose developers currently don’t pay any fee — from jumping ship.

“Why would they possibly opt into a world where they have to pay a 50-cent per-user fee?” said Avery Gardiner, Spotify’s global director of competition policy. “So those alternative app stores will never get traction, because they’ll be missing this huge chunk of apps that would need to be there in order for customers to find the store attractive.”

“That is utterly at odds with the very purpose of the DMA,” Gardiner added.

Brussels will be closely scrutinizing whether tech companies are complying.

EU competition chief Margrethe Vestager said this week that after 10 years on the job, “I have seen quite a number of antitrust cases and quite a lot of creativity built into how to work around the rules that we have.”

How will people get more options online?

Consumers won’t be forced into default choices for key services.

Android users can pick which search engine to use by default, while iPhone users will get to choose which browser will be their go-to. Europeans will see choice screens on their devices. Microsoft, meanwhile, will stop forcing people to use its Edge browser.

The idea is to stop people from being nudged into using Apple’s Safari browser or Google’s Search app. But smaller players still worry that they might end up worse off than before.

Users might just stick with what they recognize because they don’t know anything about the other options, said Christian Kroll, CEO of Berlin-based search engine Ecosia.

Ecosia has been pushing for Apple and Google to include more information about rival services in the choice screens.

“If people don’t know what the alternatives are, it’s rather unlikely that many of them will select an alternative,” Kroll said. “I’m a big fan of the DMA. I am not sure yet if it will have the results that we’re hoping for.”

How will internet searches change?

Some Google search results will show up differently, because the DMA bans companies from giving preference to their own services.

So, for example, searches for hotels will now display an extra “carousel” of booking sites like Expedia. Meanwhile, the Google Flights button on the search result display will be removed and the site will be listed among the blue links on search result pages.

Users also will have options to stop being profiled for targeted advertising based on their online activity.

Google users are getting the choice to stop data from being shared across the company’s services to help better target them with ads.

Meta is allowing users to separate their Facebook and Instagram accounts so their personal information can’t be combined for ad targeting.

The DMA also requires messaging systems to be able to work with each other. Meta, which owns the only two chat apps that fall under the rules, is expected to come up with a proposal on how Facebook Messenger and WhatsApp users can exchange text messages, videos and images.
…

A Seattle startup’s drones are helping first responders by providing them with “eyes and ears” in hazardous environments. Natasha Mozgovaya in Seattle has the story.
…

Washington — Meta-owned Facebook and Instagram were back up on Tuesday after a more than two-hour outage that was caused by a technical issue and impacted hundreds of thousands of users globally.

The disruptions started at around 10:00 a.m. ET (1500 GMT), with many users saying on rival social media platform X they had been booted out of Facebook and Instagram and were unable to log in.

“We are aware of the incident and at this time, we are not aware of any specific malicious cyber activity at this time,” a spokesperson for the White House National Security Council said.

At the peak of the outage, there were more than 550,000 reports of disruptions for Facebook and about 92,000 for Instagram, according to outage tracking website Downdetector.com.

“Earlier today, a technical issue caused people to have difficulty accessing some of our services. We resolved the issue … for everyone who was impacted,” Meta spokesperson Andy Stone said in a post on X.

Meta Platforms, shares of which were down 1.2% in afternoon trading, has about 3.19 billion daily active users across its family of apps, which also include WhatsApp and Threads.

Its status dashboard had earlier showed the application programming interface for WhatsApp Business was also facing issues.

Though the outage for WhatsApp and Threads was much smaller, according to Downdetector, which tracks outages by collating status reports from several sources including users.

Several employees of Meta said on anonymous messaging app Blind that they were unable to log in to their internal work systems, which left them wondering if they were laid off, according to posts seen by Reuters.

The outage was among the top trending topics on X, formerly Twitter, with the platform’s owner Elon Musk taking a shot at Meta with a post that said: “If you’re reading this post, it’s because our servers are working.”

X itself has faced several disruptions to its service after Musk’s $44 billion purchase of the social media platform in October 2022, with an outage in December causing issues for more than 77,000 users in countries from the U.S. to France.
…

The World Bank says digital entrepreneurship is paving the way for economic empowerment across Nigeria and reducing poverty through internet access. In a January report, the Bank says internet access reduced extreme poverty by 7% in the West African country. But it noted a digital gender gap where women are less likely than men to have internet access. Gibson Emeka reports from Abuja in this report narrated by Mary Alice Salinas.
…

The latest innovation in artificial intelligence is photo-realistic video created from just a few words. Deana Mitchell has the story.
…

London — The European Union leveled its first antitrust penalty against Apple on Monday, fining the U.S. tech giant nearly $2 billion for breaking the bloc’s competition laws by unfairly favoring its own music streaming service over rivals.

Apple banned app developers from “fully informing iOS users about alternative and cheaper music subscription services outside of the app,” said the European Commission, the 27-nation bloc’s executive arm and top antitrust enforcer.

“This is illegal, and it has impacted millions of European consumers,” Margrethe Vestager, the EU’s competition commissioner, said at a news conference.

Apple behaved this way for almost a decade, which meant many users paid “significantly higher prices for music streaming subscriptions,” the commission said.

The 1.8 billion-euro fine follows a long-running investigation triggered by a complaint from Swedish streaming service Spotify five years ago.

The EU has led global efforts to crack down on Big Tech companies, including a series of multbillion-dollar fines for Google and charging Meta with distorting the online classified ad market. The commission also has opened a separate antitrust investigation into Apple’s mobile payments service.

Apple hit back at both the commission and Spotify, saying it would appeal the penalty.

“The decision was reached despite the Commission’s failure to uncover any credible evidence of consumer harm, and ignores the realities of a market that is thriving, competitive, and growing fast,” the company said in a statement.

It said Spotify stood to benefit from the decision, asserting that the Swedish streaming service that holds a 56% share of Europe’s music streaming market and doesn’t pay Apple for using its App Store met 65 times with the commission over eight years.

“Ironically, in the name of competition, today’s decision just cements the dominant position of a successful European company that is the digital music market’s runaway leader,” Apple said.

The commission’s investigation initially centered on two concerns. One was the iPhone maker’s practice of forcing app developers that are selling digital content to use its in-house payment system, which charges a 30% commission on all subscriptions.

But the EU later dropped that to focus on how Apple prevents app makers from telling their users about cheaper ways to pay for subscriptions that don’t involve going through an app.

The investigation found that Apple banned streaming services from telling users about how much subscription offers cost outside of their apps, including links in their apps to pay for alternative subscriptions or even emailing users to tell them about different pricing options.

The fine comes the same week that new EU rules are set to kick in that are aimed at preventing tech companies from dominating digital markets.

The Digital Markets Act, due to take effect Thursday, imposes a set of do’s and don’ts on “gatekeeper” companies including Apple, Meta, Google parent Alphabet, and TikTok parent ByteDance — under threat of hefty fines.

The DMA’s provisions are designed to prevent tech giants from the sort of behavior that’s at the heart of the Apple investigation. Apple has already revealed how it will comply, including allowing iPhone users in Europe to use app stores other than its own and enabling developers to offer alternative payment systems.

The commission also has opened a separate antitrust investigation into Apple’s mobile payments service, and the company has promised to open up its tap-and-go mobile payment system to rivals in order to resolve it.
…

washington — Speaking Mandarin and promoting love for China, countless videos of foreign-looking women made with artificial intelligence started popping up on Chinese social media platforms around the Lunar New Year earlier this month.

The avatars in the videos are created with online images that are stolen, reproduced and repurposed so that even the women in real life recognize themselves in the videos.

Olga Loiek is one of those women. She’s a 20-year-old Ukrainian who studies cognitive science at the University of Pennsylvania. A couple of months ago, Loiek started a YouTube channel where she talks about mental health and shares her philosophies about life.

However, shortly after that, she started receiving messages from followers telling her that they had seen her on Chinese social media. There, she’s not Olga Loiek but a Russian woman who speaks Mandarin, loves China and wants to marry a Chinese man. Her name is Natasha, or Anna, or Grace, depending on the social media platform you find her on in China.

“I started translating the videos with Google Translate, and I realized that most of these accounts are talking about things like China, Russia, how good the relationship between China and Russia is,” she told VOA. “This feels very violating.”

In some videos, the avatars talk about how much they value Russia and China’s close ties. In other videos, they praise Chinese history and culture or talk about how much Russian women want to marry Chinese.

“If you marry Russian women, we will wash clothes, cook, and wash dishes for you every day,” an avatar said. “We will also give you foreign babies, as many as you want.”

Several dozen videos of Loiek’s avatar speaking Mandarin have been found on video sites Douyin and Bilibili. Most of these accounts would ask viewers to visit their online stores to buy what they say are authentic Russian goods.

Douyin, China’s version of TikTok, has labeled some of these videos as potentially AI-generated. But comments show that many believed they were looking at a real woman. One netizen wrote, “Russian beauty, Chinese people welcome you.”

Loiek said she would never say things like that, obviously, given that she’s from Ukraine, which has been at war with Russia since 2022.

She said, “This is probably used to make people, maybe people in China, feel that foreigners feel that their country is superior.”

On Bilibili, China’s biggest video site, some AI videos using Loiek’s face are marked with the logo of HeyGen, indicating that the video was generated on the company’s website.

In one tutorial on Bilibili, the demonstrator even shows how to make a short video on HeyGen with a clip of Loiek talking.

HeyGen is an AI company headquartered in Los Angeles that was launched in China in 2020. It specializes in realistic digital avatars, voice generation and video translating.

The technology developed by HeyGen was used in AI videos of Donald Trump and Taylor Swift speaking perfect Mandarin that went viral on Chinese social media in October 2023. According to Forbes, the company is now valued at $75 million.

HeyGen’s moderation policy states that users cannot generate avatars that “represent real individuals, including celebrities or public figures, without explicit consent.” The company’s official tutorial video on avatar making shows that users must submit a video of people giving consent to the use of their likeness. It’s unclear how some in China could circumvent the requirement to make videos of Loiek.

Loiek said that since she and her YouTube subscribers have sent complaints to Chinese social media companies, about a dozen of the accounts imitating her have been taken down.

VOA reached out to HeyGen and Douyin’s parent company, ByteDance, for comments but has not received a response.

The Chinese government rolled out provisions to regulate deepfakes and other “deep synthesis services” in early 2023. The law prohibits generating deepfakes without the consent of the people whose image or other information is used.

Loiek posted her story on YouTube, and it has been shared on Chinese social media. Netizens across platforms sympathized with her and called for tougher regulations on AI.

Chinese tech giants such as Baidu and Tencent are investing heavily in AI technology. One of the most hyped-up services powered by AI is digital humans.

Tencent and Xiaoice, a Chinese AI studio spun off from Microsoft, offer digital human services that can clone people and turn them into AI avatars for as little as $145.

AI avatars have also been found in online disinformation campaigns that spread pro-China and anti-U.S. narratives. In February 2023, research firm Graphika found a social media campaign promoting Beijing’s interests using realistic-looking computer-generated people in videos.

In September 2023, the U.S. State Department warned in a report, “Access to global data combined with the latest developments in artificial intelligence technology would enable the PRC [People’s Republic of China] to surgically target foreign audiences and thereby perhaps influence economic and security decisions in its favor.

As for Loiek, she does not plan to quit YouTube or stop posting.

“We need some sort of regulatory frameworks, so we can understand and we can prevent these things from happening,” she said.

Adrianna Zhang contributed to this report.
…

A lunar landing more than 50 years in the making is a partial success. Plus, the U.S. says Russia may launch a nuclear weapon into orbit. The Kremlin calls it spin. VOA’s Arash Arabasadi brings us The Week in Space.
…