SPY NEWS: 2022 — Week 10

Summary of the espionage-related news stories for the Week 10 (7–12 March) of 2022.

1. Taiwanese Retired Military Officer Convicted to 4 Years in Prison for Chinese Espionage

The Supreme Court of Taiwan announced that retired Lieutenant Colonel Tu Yung-hsin (杜永心) is convicted to 4 years in prison for espionage. In 1994 he retired. He was recruited in a trip to China, and starting in 2011 he begun recruiting former colleagues with financial difficulties. He was paying them in exchange of military information. One person he tried to recruit was an Army Lieutenant-Colonel surnamed Tsai (蔡) who reported the case which led to a counter-intelligence operation, and eventually his arrest. Tsai stated that among others, the recruited agents had to be recorded giving this vow: “In the future, Taiwan will unify with China. If war breaks out between the two sides, I will not fight, and will cooperate with the Chinese motherland.”

2. US Military Contractor Arrested for Alleged Military Technology Transfer to China and India

California-based 77-year old Joe Sery has been indicted with charges of “knowingly and willfully” exporting “military intelligence, including data and drawings, to China and India without U.S. approval.” His company, Tungsten Heavy Powder & Parts (Tungsten Parts), is a defence contractor with experience in aerospace and parts for the construction of an advanced rapid response weapon. Among his customers are Lockheed Martin, Boeing, Northrop Grumman, Raytheon, and General Dynamics. Together with his brother, Dror Sery, a dual citizen of Israel and South Africa believed to be living in Israel, he “created a non-company email to secretly access the sensitive documents from Tungsten Parts’ system, which Dror Sery was then given full access to. The two then exported the sensitive technical drawings through email when Dror was in India and China, according to the U.S. attorney’s office.” Now they face charges of up to 20 years in prison.

3. British Spies Used Dating App Grindr and Social Media to Track Russian Troops in Ukraine

According to Adriana Elgueta of the Mirror, British intelligence agencies have been tracking Russian troops movements from Russian soldiers using the dating application Grindr and other social networking sites. According to the news, this helped them identify Russia’s plans and the intelligence produced was shared with Ukraine to be better prepared. The news story quotes an unnamed source stating that “these sites were a treasure trove for our spies, and the dating apps in particular — soldiers and those involved in the military effort were particularly unguarded. It meant we were very au fait with the plans and the imminence of the invasion, right down to details such as the movement of blood supplies to the Russian troops.”

4. Ukrainian Number Stations S06s and E17z Went Silent

As reported by Ryan S. of the Numbers Stations Research and Information Centre, after the Russian attack on Ukraine, the two known Ukrainian number stations (S06s and E17z) stopped all their regular transmissions and have been silent since then. Their last broadcasted messages were unusual. No further information is currently known.

5. MIVD and AIVD Look at Expanding SIGINT Authority

A new bill from the Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) wants to update the 2017 legislation to expand the Signals Intelligence (SIGINT) capabilities of the Agencies. Specifically, the bill includes the ability to permit automated data analysis in order to perform bulk inspection on large amount of communications. The ability to conduct large-scale wiretapping to discover unknown targets in the event of a crisis. And lastly, ability to continue covert surveillance without separate permission if the target changes devices. This is a follow up from the MIVD story shared in week 7 (story #49).

6. HawkEye 360 Satellites New Capability Detects GPS Interference

The private intelligence gathering satellites operator HawkEye 360 announced that their satellites can now also detect and geolocate Global Positioning System (GPS) interference. To demonstrate this new Electronic Intelligence (ELINT) capability they published examples from November 2021 in the pro-Russian separatist-controlled regions in Luhansk and Donetsk, as well as February 2022 “along the border between Ukraine and Belarus, shortly before the Russian invasion started.” Note that this week Finland’s Transport and Communications Agency, Traficom, also reported increase in GPS interference cases.

7. Belarusian Cyber-Espionage Campaign Targeting Ukraine

The national Computer Emergency Response Team of Ukraine (CERT-UA) published a technical analysis of a new cyber-espionage campaign targeting Ukrainian citizens by pretending to be notifications from Ukraine’s government. If a victim opened the lure document then their system will get infected with a variant of the “MicroBackdoor” software implant. CERT-UA attributes the operation to an actor dubbed as “UNC1151” which has been previously associated with the Belarusian Ministry of Defense. Cyber-security firm Cluster 25 published a technical analysis of this campaign.

8. FBI Counterintelligence Releases “Made in Beijing” Film

The United States Federal Bureau of Investigation’s (FBI) Counterintelligence Division (CD) and Training Division released a 33-minute long film titled “Made in Beijing: The Plan for Global Market Domination.” The objective of the video is to provide more insights into the Chinese economic espionage activity targeting the United States through real world examples of past espionage cases and input from experts involved in them. Quoting FBI’s description, “the People’s Republic of China stands at the forefront with its sustained and brazen campaign of industrial espionage, posing the single greatest threat to our freedom, national security, and economic vitality.”

9. Turkish MİT Publishes 2021 Intelligence Report

The Turkish National Intelligence Organisation (MİT) published its 2021 Intelligence Report which is mainly about information on the Agency itself rather than its operational activities. It is a 16-pages report written in Turkish and split into 4 sections: 1) General Information, 2) Objectives & Targets, 3) Update on Activities, and 4) Capabilities & Capacity Assessment.

10. Ukrainian SBU Detained Russian Fifth Service FSB Agent

On Monday, March 7th, the Ukrainian Security Service (SBU) announced the detainment of a Russia’s Federal Security Service (FSB) agent and provided further details about the case on SBU’s official Telegram account. His cryptonym was “Гєлєн” (Gehlen) and, according to SBU, his FSB handler was “Щипіцин Олександр В’ячеславович” (Alexander Vyacheslavovich Shchipitsyn). His cover identity was that of an employee at the Kazan Institute of Eurasian and International Studies with the fake name of “Шипулін Олександр Володимирович” (Oleksandr Volodymyrovych Shipulin). SBU stated that a second FSB officer was also assigned as his coordinator in FSB’s headquarters in Moscow, Russia. That FSB officer was “Хрустальов Сергій Миколайович” (Sergei Nikolaevich Khrustalov) and works at the FSB’s Fifth Service of the Department of Operational Information (DOI). This service is responsible for covert foreign intelligence operations, including political action. The agent’s mission was to discover dual-purpose microbiological labs in Ukraine, collect intelligence on the socio-political situation, and conduct Information Operations (IO) to promote Russia’s foreign policy.

11. Falsely Accused for Chinese Espionage Nanotechnology Researcher Speaks Out

Natasha Gilbert of the Nature, published a story featuring nanotechnology researcher Anming Hu who was falsely accused (based on court outcome) by the FBI in 2018 for conducting espionage on behalf of China, as part of the “China Initiative” program. The article discusses his experience and challenges rebuilding his reputation and life after this case.

12. Update on French Man Arrested in CAR for Espionage

According to Arab News, Juan Rémy Quignolot, a French national who was arrested on May 10th, 2021 in Bangui, the capital of the Central African Republic (CAR) is still held in prison for conspiracy and espionage charges. His family issued an open letter to French President Emmanuel Macron to help in his release. Quignolot was arrested for “undermining the internal security of the State and conspiracy” as well as conducting “espionage” in CAR with photos of his arrest showing that he was in possession of large amounts of illegal firearms and military equipment. French government is working via diplomatic means to resolve the situation, including the French Ambassador from the Bangui Embassy who “recently met the Central African Minister of Justice and this subject was discussed.”

13. Google TAG Publishes Report on Cyber Activity in Ukraine

Shane Huntley of Google’s Threat Analysis Group (TAG) published a report describing the cyber operations they have observed targeting Ukraine the last couple of weeks. Those included cyber-espionage operations from Russia’s military intelligence (GRU), the Ministry of Defence of Belarus, a Chinese nation-state actor dubbed as “MUSTANG PANDA” and numerous denial-of-service cyber attacks and cyber attack attempts against various Ukrainian government websites and individuals. A later update added that an actor dubbed as “APT31” and associated with China was detected by Google TAG “targeting high profile Gmail users affiliated with the U.S. government.”

14. New Footage, Docs, and Radio Comms From U-2S Spy Planes

On Monday, March 7th, a new 18-minute long video from RAF Fairford was published. The video was filmed on 25 February 2022 and shows three Lockheed U-2S Dragon Lady reconnaissance airplanes taxing, doing pre-flight checks, and taking off. The 3 planes have registration numbers 80–1066 (callsign Black02), 80–1069 (callsign Black01), and 80–1092 (callsign Dragon51) and are registered to the US Air Force, although historically they were operated jointly with the Central Intelligence Agency (CIA). Another video on U-2S was published by “Ringway Manchester” featuring a never published before radio transmission captured when a U-2S (with callsign ROOK07) flew out of RAF Alconbury and declared an emergency due to contaminated oxygen. Lastly, the US National Security Archive published a post titled “CIA U-2 Collection of Signals Intelligence, 1956–1960” shedding more light into the U-2 spy plane for the period of 1956–1960.

15. Alleged Russian FSB Intelligence Analyst-Whistleblower Reports Total Failure in Ukraine

An anonymous individual, claiming to be an active Russian Federal Security Service (FSB) intelligence analyst, published a post stating that the Russian offensive in Ukraine failed in multiple levels and providing various insights. Investigative journalist, and expert in Russia/Ukraine affairs, Christo Grozev, highlighted that this could be a Psychological Operation (PSYOP) from Ukraine rather than an actual FSB leak, but there is no way to verify this at this point. The full text of the leak (in Russian) can be found here (or here), and a machine-translated (via Google Translate) version of it is available here. As a native-speaker, professional race-car driver Igor Sushko translated it in his website, and also published his views on it.

16. Chinese Cyber-Espionage Campaign Targeting EU Governments

Michael Raggi and Myrtus of the Threat Insights team of Proofpoint cyber-security firm published a technical analysis for an ongoing cyber-espionage campaign targeting European diplomatic entities involved in refugee and migrant programs related to Ukraine. The lure/decoy documents included EU and UN announcements, as well as official reports on the conflict in Ukraine. Victims that opened the lure/decoy documents would be infected by a custom-built software implant dubbed as “PlugX.” The operation is attributed to an actor dubbed as “TA416” who has been previously associated with Chinese nation-state intelligence collection activities.

17. British Ministry of Defence’s Regular Public Intelligence Updates on the Ukraine-Russia Conflict

From the beginning of the Ukraine-Russia conflict, Britain’s Ministry of Defence (MoD) has been publishing “intelligence updates” via their official Twitter account. The updates are high-level curated information on developments from the conflict zone, including infographics and maps when this is required. The updates are published by the MoD’s Defense Intelligence.

18. German BSI On High Alert for Russian Cyber Attacks in Germany

According to Der Spiegel, the German Federal Office for Information Security (BSI) received a tip-off from a “trusted partner” that due to the Russia-Ukraine conflict cyber attacks against German “high value targets” could be imminent. Der Spiegel assumes that the tip-off came from a foreign intelligence agency. The report highlights that an advisory was also issued after phishing emails attributed to a Russian or Belarusian state actor were detected targeting representatives of the German economy in March 2022.

19. New Spying Technologies Presented at WDS 2022

On 6–9 March 2022 the World Defense Show (WDS) 2022 took place in Riyadh, Saudi Arabia. Among the newly presented intelligence technologies it was SIGN4L’s ActiveCell and WiFinder which “monitors and analyses cellular networks to assist in the direction, monitoring, and location of suspects across 2G, 3G, and 4G networks.” Also, Egypt’s Arab Organisation for Industrialisation (AOI) presented their Command-Control-Communications-Computers-Cyber-Intelligence (C5I) platform named Radar Integration & Surveillance Combined Command Centre (RISC3), and Belgian Sky-Hero showcased their Sigyn MkI sUAGV and Loki MkII sUAV.

20. IDF Declassifies Video of F-35 Shooting Down Iranian UAVs Covertly Transferring Arms to Hamas Operatives in Gaza

The Israeli Defense Forces (IDF) published a 2-minute long video allegedly showing the successful interception and downing of two Iranian Unmanned Aerial Vehicles (UAVs), reportedly the new Shahed-197. The announcement says that the “intended destinations for the munition transfer were Hamas terrorists in Gaza and Judea and Samaria” which is identified as a new clandestine method Iran uses to arm its proxies. According to IDF, the event took place on March 15th, 2021 and it marks the “world’s first operational interception of a UAV by F-35i “Adir” aircraft.”

21. Podcast: History Happy Hour “The Spy Hotel”

The “Stephen Ambrose Historical Tours” YouTube channel published a new episode of the “History Happy Hour” series titled “The Spy Hotel.” The 1-hour long podcast is dedicated to the St. Ermin’s Hotel London, U.K. which played a key role in the British intelligence efforts during both World Wars and the Cold War. Among others, it was the home of the MI6’s Section D, the home of the predecessor of the Special Operations Executive (SOE), and more.

22. Former SVR Agent Anna Chapman Praises the Support to President Vladimir Putin

Daily Mail published a story based on the latest social media posts of Anna Chapman (born Anna Vasilyevna Kushchenko). A former Russian Foreign Intelligence Service (SVR) undercover agent who operated in the United States and was discovered, detained, and swapped in the 2010 “Illegals Program” spy swap. Currently a model, media influencer, and fashion designer uses her social media not only to promote her new clothing line, but also to praise people for their support to Russia’s President Vladimir Putin and the “wave of patriotism and faith in our country.”

23. New 16-Member Armed Forces Spy Ring Disrupted in Armenia

Last month (see week 7 story #54) more details were disclosed on a 19-member espionage network disrupted by Armenia’s National Security Service (NSS). The group was providing tactical and military intelligence to an unnamed foreign intelligence service during the 2020 Nagorno-Karabakh war. This week NSS announced the disruption of another espionage human network with 16 members. The agents were “individuals serving in different subdivisions of the Armed Forces, former servicemen and employees of state bodies of the Republic of Artsakh.” According to the news report, the unnamed foreign intelligence agency was training, equipping, and paying the spies to collect information of “strategically important facilities located in Armenia and Artsakh, including that of military equipment, military units, armaments, ammunition, servicemen, their number, locations, combat positions, official classified documents.”

24. Technical Analysis of Advanced Chinese Cyber-Espionage Framework “Daxin” Which was Undetected for a Decade

On week 9 (story #7) Symantec cyber-security firm uncovered a previously unknown Chinese cyber-espionage software implant operating for nearly 10 years undetected, targeting select governments and critical infrastructure. Symantec dubbed it as “Daxin.” This week Symantec published a two part analysis of “Daxin” which, according to the researchers, “exhibits technical sophistication previously unseen by such actors.” This first part covers the “driver initialization, networking, key exchange, and backdoor functionality” and the second part its communications and networking features.

25. US ODNI Released Annual Threat Assessment Report and US Intelligence Community National Security Threats Recording

On Tuesday, March 8th, the United States Office of the Director of National Intelligence (ODNI) published the “Annual Threat Assessment of the U.S. Intelligence Community.” It’s a 31-pages long report split into 8 sections: 1) China, 2) Russia, 3) Iran, 4) North Korea, 5) Health Security, 6) Climate Change and Environmental Degradation, 7) Additional Transnational Issues, and 8) Conflicts and Instability. This report followed the United States intelligence community testifying before the House Permanent Select Committee on Intelligence on threats to national security. The 2.5-hour long recording of the event was published online.

26. Podcast: Crypto AG: Part 3: The Truth Is Revealed

Following the last two episodes from week 7 and 8 (part 1 and part 2), on Tuesday, March 8th, Cyber Reason cyber-security firm published the 3rd and last part of their Crypto AG espionage story. This 32-minute episode is titled “The Truth Is Revealed” and shows how after nearly 70 years it was revealed that Crypto AG was operated by the United States CIA and the German BND.

27. Osman Kavala Accuses Turkish Government for Abuse of Espionage Charges

According to Ahval, Turkish businessman Osman Kavala who was arrested in 2017 for “allegedly helping to organize the 2013 Gezi Park protests against the government of Recep Tayyip Erdoğan” and was acquitted of the charges in February of 2020, claims that the Turkish government uses the espionage charges to keep people, including himself, in prison without having committed actual espionage. This surfaced this week that the Gezi trial demanded a life sentence for Kavala with charges of “attempting to overthrow the government of the Republic of Turkey” that is linked to the espionage and coup-plotting legislation of Turkey.

28. At Least 6 US Government Networks Infiltrated by China’s MSS

On Tuesday, March 8th, cyber-security and intelligence firm Mandiant published a threat report summarising intrusion attempts using a specific vulnerability by a specific adversary against US government computer networks in the period of May 2021-February 2022. Mandiant responded to at least 6 US government network infiltrations, all of them executed by an actor dubbed as “APT41” who has been previously associated with with China’s Ministry of State Security (MSS) and more precisely, the Chengdu State Security Bureau of MSS. According to Mandiant at least 2 of the 6 compromised government networks were through the US Animal Health Emergency Reporting (USAHERDS) system that the MSS cyber operators compromised and used it as a supply-chain infiltration vector to target the government networks. Wired highlights that “given that 18 states run USAHERDS on web servers, any of those servers could have been commandeered by the hackers.”

29. Germany’s Biggest Right-wing Party (AfD) Under BfV Covert Surveillance as Suspicious Entity

This week the German court decided on a domestic covert surveillance case against a political party. The party is the biggest right-wing populist party, “Alternative for Germany” (AfD), and was accusing Germany’s domestic intelligence agency (BfV) for conducting illegal covert surveillance such as the use of “intelligence-gathering tools, such as informants, in order to keep tabs on the party.” The court ruled in favour of BfV, rejecting the party’s lawsuit, and classifying both AfD and its youth organisation (JA), as “suspicious entities.” This makes the domestic covert surveillance justifiable as “suspicious entities” can be, as written by Reuters, “a threat to democracy.”

30. Two Ukrainian HUR MOU Agents Detained in Luhansk

According to TASS, on March 8th, the (not recognised by most countries), Ministry of Defence of the Luhansk People’s Republic detained two Ukrainian Ministry of Defence’s Main Directorate of Intelligence (HUR MOU) agents operating within Russia’s Rostov region. According to the report, the two men “were trafficking weapons and munitions that had been seized in the city. The men served in a Right Sector nationalist organization (outlawed in Russia) unit deployed in Stanitsa Luganskaya. In February 2022, the group was tasked to stage a terror attack on an oil facility in the city of Rovenki.”

31. Podcast: Spycraft 101 — Life in FBI Counterintelligence

On Monday, March 7th, the Spycraft 101 YouTube channel published a new podcast episode featuring retired FBI Supervisory Special Agent James Gaylord, from the FBI’s Counterintelligence Division (CD), talking about his experiences conducting counter-intelligence operations.

32. Journalist Filed Lawsuit Against Greek NIS for Illegal Surveillance

In November 2021, it was revealed through leaked classified cables of the Greek National Intelligence Service (NIS) that journalist Stavros Malichoudis was under covert surveillance for reporting the story of a 12-year old Syrian refugee staying in Kos island, Greece. This week it was announced that a lawsuit was filed by the news agency of Malichoudis, called “Solomon” against NIS. The case was registered by the Prosecutor of the Supreme Court as accusation of civil servants and functions of NIS who, allegedly, operate behind the justice system, as well as the violation of fundamental rights and human freedoms. The report includes several more recent developments indicating that there might be politicisation and/or corruption within NIS.

33. Yemeni Armed Forces Shoot Down Spy Drone from Saudi Arabia

For the third week in a row, Yemen’s Armed Forces shoot down a US-made surveillance drone operated by Saudi Arabia. In this case, Yemeni spokesperson Brigadier General Yahya Saree announced on March 8th the downing of a second (see week 9 story #3) Boeing Insitu ScanEagle Unmanned Aerial Vehicle (UAV) flying over the airspace of Harad city, part of the Hajjah governorate of Yemen, near the border with Saudi Arabia.

34. US DoJ Charges Elena Branson as Unregistered Russian Agent

On Wednesday, March 9th, the United States Department of Justice (DoJ) announced that Russian-American Elena Branson, 61, has been operating as an unregistered Russian government agent at least since 2011. Based on the DoJ announcement, she has been conducting influence operations in direct communication with Russian government officials, including that she is “alleged to have corresponded with Putin himself and met with a high-ranking Russia minister before founding a Russian propaganda center here in New York City, the Russian Center New York.” Other activities included “influence and lobbying scheme with funding and direction from the Russian government” and similar actions in support of Russian foreign policy.

35. Iran’s IRGC Successfully Launched “Noor 2” Spy Satellite

Iran’s Islamic Revolutionary Guard Corps (IRGC) Aerospace Forces, reportedly, successfully put their second military reconnaissance satellite into orbit. The satellite was launched using the 3-stage Qased rocket. The new satellite, called “Noor 2” will be in a Low Earth Orbit (LEO) at around 500 km from the earth, meaning it can complete about 16 orbits per day.

36. Video: Switzerland, the Heart of WWII European Espionage

The “World War Two” YouTube channel published a 16-minute long video on the important role that Switzerland played in espionage history during the Second World War. The video is titled “Switzerland — The Heart of European Spying — WW2” and is part of the “Spies & Ties” series of that channel.

37. The Peruvian Navy Fokker 50 SIGINT Spy Plane

The Aviacionline published a short article for a Fokker 50 airplane (reg. number AE-567) belonging to the Navy of Peru and being modified by Israel Aerospace Industries (IAI) for Signals Intelligence (SIGINT) missions. It is, reportedly, 90% complete and the modification work is taking place in Argentina. The same source also published a 5.5-minute long video showing that new Peruvian Navy spy plane undergoing the modifications.

38. French DGSI Tracking Civilians Joining the Conflict in Ukraine

During an Europe 1 radio broadcast it was reported that France’s General Directorate for Internal Security (DGSI) identified over 50 French people, including members of the far right and left, planning to travel to Ukraine to fight against Russia. In collaboration with the General Directorate for External Security (DGSE) and the Directorate of Military Intelligence (DRM) they are tracking those individuals as well as the groups they created on Facebook to coordinate those activities. DGSI noted that “intelligence units could not prevent French citizens from going to Ukraine according to the law, but they could be prosecuted when they return to France if they committed illegal acts in Ukraine.”

39. UAE Legislation Allows Surveillance Without Judicial Permission

The Emirates Leaks published a lengthy article in Arabic detailing how the intelligence community of the United Arab Emirates (UAE), in collaboration with the heads of state, have created a system where they can use almost all intelligence and security apparatus without any control from the the country’s justice system. For instance, reportedly, based on the 2003 “Federal Law No. 2 of the State Security Apparatus in the Emirates, the officials and members of the State Security Apparatus can pursue or monitor any person without judicial permission, and the administration of the apparatus has the power to interfere in public and governmental institutions.” The article then goes into more detail on the legislation and how it has been abused over the years.

40. NSA Cybersecurity Directorate’s Ghidra Reverse Engineering Tool

The Cyber Security Directorate (CSD) of the United States National Security Agency (NSA) published a 9.5-minute long video featuring Dr. Josiah Dykstra speaking with NSA Senior Researcher and member of the Ghidra development team, Brian Knighton. Ghidra is an open-source reverse engineering tool developed by NSA’s Research Directorate (RD) and declassified in 2019. Since its declassification the tool became very popular among cyber-security professionals performing tasks such as malware analysis, vulnerability research, and others that require software reverse engineering capabilities.

41. Robert Kerbeck’s Life as a “Corporate Spy”

Robert Kerbeck is an American actor but according to the New York Post in his book titled “Ruse: Lying the American Dream from Hollywood to Wall Street” he explains how he also worked as “corporate spy.” Specifically, he was using rusing/elicitation techniques in order to collect “employment information for headhunters looking to poach workers in the finance, healthcare and tech fields.” This is the main subject of his newly released book.

42. Catherine Shakdam’s Allegedly Being a Mossad Agent in Iran

French journalist and political analyst Catherine Perez-Shakdam, with reportedly deep dies with Iranian officials, is allegedly an Israeli Mossad agent as disclosed by media recently. Iranian state-media refute the infiltration allegations and according to Open-Source Intelligence (OSINT) analysts she “was regularly featured on PressTV & other Iranian state media” promoting the cover story of anti-Israeli British Muslim. She has been recorded interviewing high-ranking Iranian officials and in her recent interview stated that she “was able to infiltrate into Iran’s power corridors because Iranian regime has always yearned for “validation” from foreign, white people.” Based on the Times of Israel “she lured 100 Iranian officials into her trap by offering to have sex. Catherine added that Iranian religious figures are the most important source of information, with the majority holding key government positions in Iran.”

43. Italian Spy Plane On Its First Mission in Eastern Europe

On March 8th (see the last section for details) aviation experts detected Italian Air Force’s Gulfstream C-37B (reg. number MM62293) on an Intelligence, Surveillance, Reconnaissance (ISR) flight from Rome–Fiumicino International Airport, Italy to over Romania-Moldova border in order to monitor the situation in Ukraine. The Avionist published a short article providing further details on this airborne intelligence gathering platform of the 14° Stormo (Wing) which is based at the Pratica di Mare Air Base.

44. Podcast: Spycraft 101 — From Forest Fires to CIA Resuppliers

Apart from the FBI podcast (see #31), the Spycraft 101 YouTube channel published a second podcast this week featuring United States Central Intelligence Agency’s (CIA) pilot Lee Gossett. Among others, Lee Gossett was a pilot for the airline CIA was clandestinely operating in Southeast Asia during the Vietnam War, called Air America. The Air America airline was used for CIA covert operations in Vietnam, Laos, and other countries.

45. Seized Russian Weapon Systems — TECHINT Opportunities

As reported by Dr. Joseph Fitsanakis of the Intel News, the Russian military equipment and weapons systems captured in Ukraine provide Western countries with a unique opportunity for Technical Intelligence (TECHINT) exploitation. According to Newsweek magazine “the war in Ukraine gives Washington a rare opportunity to get its hands on the latest Russian military equipment. There is a longstanding intelligence cooperation agreement between the US and Ukraine, so sharing captured military and intelligence equipment is “normal practice”, especially on the Ukrainian side.”

46. Activist in Morocco Targeted with Pegasus Covert Surveillance

According to Amnesty International, there are forensic evidence that “two phones belonging to Sahrawi human rights defender Aminatou Haidar were recently targeted and infected in November 2021.” The surveillance target (A. Haidar) became aware when he received a security notification from Apple that his mobile phone has been targeted by a nation-state actor. Eventually, with the help of the Security Lab of Amnesty International, he was able to discover that that his targeting started in Sep. 2018 and the most recent infections were in October and November 2021. According to the report, the “Pegasus” (developed and sold by the Israeli NSO Group) covert surveillance solution was used, and it is reportedly, executed by Morocco’s authorities. Later during the week, the Saharan Organ Against Moroccan Occupation (ISACOM) also condemned the “expansionist Moroccan regime’s use of Israeli Pegasus spyware to spy on its president, Saharan human rights activist Amineta Haidar.”

47. CERT-UA Uncovers Large-Scale Cyber-Espionage Operation

On March 9th, the national Computer Emergency Response Team of Ukraine (CERT-UA) disclosed technical details of a large-scale campaign targeting government and military entities in Ukraine. The campaign starts with emails impersonating the Ministry of Economy of Ukraine giving away €15,000 to citizens to support them. According to CERT-UA the content is machine-translated to Ukrainian and if the attached “лист підтримки.xlsx” (support letter.xlsx) is opened, it will install a software implant called “FormBook.” CERT-UA could not attribute this to a specific actor but they are tracking it under the codename “UAC-0041” and have published all technical indicators.

48. North Korea Plans for Spy Satellites to Target US and Its Allies

Following week 9 (story #8) tests of reconnaissance satellite sensors and communications systems by North Korea, this week the Supreme Leader of North Korea, Kim Jong-un announced that in the coming years they plan on launching a number of reconnaissance satellites to provide “real-time information on military actions by the United States and its allies.”

49. Cyber-Security Researchers Discover New Cyber Attack Tool Allegedly Targeting Russia

On March 8th, Trend Micro Senior Threat Researcher Jaromir Horejsi published a technical analysis of a new cyber-attack software implant dubbed as “RURansom.” Despite its name (implying ransomware), according to Trend Micro it is “a wiper and not a ransomware variant because of its irreversible destruction of encrypted files.” Public reports state that this new data wiping cyber-attack implant has been targeting Russian entities, but Trend Micro states that they “have not yet observed active targets for this malware family. One possible reason for this is that the wiper has only targeted a few entries in Russia so far.” No attribution or motivation could be provided at this stage.

50. Taiwan’s Intelligence Reveals China’s Spy Plane Recovery Operation Disguised as Military Exercise

According to Reuters, on Thursday March 10, Taiwan’s intelligence agency, the National Security Bureau (NSB), stated that the actual reason for the Chinese military drills in the South China Sea near Vietnam is to cover a spy aircraft recovery operation. Quoting the report, “Taiwan’s National Security Bureau said a Chinese aircraft had crashed and China has declared the area off limits while its forces searched for it, and also to conduct drills.” As Taiwan’s NSB announced later, the recovery is for a PLA Navy Y-8 intelligence gathering Maritime Patrol Aircraft (MPA) that crashed in the South China Sea, near Hainan, on March 1st.

51. Ukrainian SBI Arrested Conscripts With Valid Russian Passports Trying to Escape from Ukraine

According to Ukraine’s State Bureau of Investigation (SBI) via an official announcement on their Telegram, during a counter-intelligence operation together with the Border Guard Service they discovered around 20 Ukrainian men who had covertly obtained valid Russian passports from Russian consulates in order to escape Ukraine and avoid the martial law that requires them to fulfil their conscript military service. No further details were provided on the Russian government officials providing the passports or espionage-related activities by those individuals.

52. Austrian Intelligence On Russian Assassination Plots in EU

Bulgarian media have been quoting statements made in the Austrian Kronen Zeitung newspaper. According to that, a special section in the Austrian government’s annual threat report will be dedicated on espionage activities in Austria, including that “Russian intelligence services have a wide spy network in the European Union. Only the Moscow embassy in Vienna has a three-digit number of people involved in gathering classified information, recruiting Austrians and other activities.” The newspaper, quoting sensitive sources, states that Russian intelligence agencies have compiled a list of Ukrainian persons living in the European Union that have to be assassinated.

53. Cyber-Espionage Campaign Targeting Volunteers Helping Ukraine

Ukrainian government has been openly asking (see week 9, story #5) people from around the world to conduct cyber attacks against Russia (which could result in criminal prosecution depending on the host country). Cisco’s Cyber Threat Intelligence (CTI) team, called Talos Intelligence, published a report about a new cyber-espionage campaign targeting those volunteers. The campaign mimics a real cyber-attack tool shared among those groups and has instructions such as how to conduct attacks against “Russian propaganda websites” but it is hiding a cyber-espionage software implant known as the “Phoenix information stealer.” This is a commercially available software implant, quoting Bleeping Computer, “sold in the cybercrime underground as MaaS (malware as a service) for $15/month or $80 for a lifetime subscription.” Because of that it cannot be confidently attributed if this is a cyber-crime campaign or a nation-state activity.

54. Lebanese ISF Disrupts Israeli Mossad Spy Network

The Internal Security Forces Directorate (ISF) of Lebanon announced the disruption of an Israeli espionage network, explicitly attributing it to Mossad. In two raids in the city of Ghaziyeh, 3 people were arrested on charges of espionage for Mossad. It was two brothers, Ahmed Sh. and Hassan Sh. along with the wife of the latter. After their interrogation, ISF identified, reportedly, two more Mossad agents in the cities of Qana and Bint Jbeil whose initials are H. A. and Sh. A. According to ISF, they were using encrypted messaging applications to communicate with their Israeli handlers, and through that, they were receiving instructions for dead drops placed in remote locations. This is how Mossad was paying them and providing them with any equipment required to collect the requested intelligence. The Lebanese Prime Minister, Najib Mikati, praised ISF for “protecting security stability and preventing any breach of security, by stopping networks dealing with the Israeli enemy and preventing any security breach in the Lebanese arena.”

55. Russian Military M-427 Cipher Machine Captured in Ukraine

The Crypto Museum published a new page based on the limited information publicly released about a Russian cipher machine known as M-427 which was, reportedly, captured in Ukraine and photos of it were posted online. The device appears to be an offline/online encryption system for text-based messages, using a key storage device manufactured by the U.S. firm Data Key.

56. New British Documentary Series “Secrets of the Spies”

Starting this week, BritBox Original launched a three-part “original factual commission” documentary series titled “Secrets of the Spies.” Small snippet videos featuring important figures of the espionage world have been published about this new series.

57. Final Months of Service for the Head of Germany’s BND

As per Intelligence Online, Bruno Kahl, the President of Germany’s Federal Intelligence Service (BND) is entering the final months of his service. He has been the Head of the Agency since 2016 and due to the German focus in security and defence because of the Ukraine-Russia conflict, quoting Intelligence Online, “in the view of the planned budgets and its internal developments, the BND could quickly establish itself as a European leader.”

58. BAE Systems Enhancements to MAPLE Intelligence Analysis Tool

According to Janes, BAE Systems’ FAST Labs plans to improve further their Multi-Int Analytics for Pattern Learning & Exploitation (MAPLE) tool with Artificial Intelligence/Machine Learning. MAPLE is an intelligence analysis tool and the new enhancements include features such as automated identification, detection, tracking, and reporting of objects of interest, and other autonomous capabilities. Janes highlights that “the company integrated MAPLE with the US Navy’s (USN’s) SeaVision maritime situational awareness tool, using it to analyse low-level detection of maritime activities like fishing.”

59. Podcast: True Spies — Lord of the Highway

On March 10th, SpyScape’s “True Spies” series released a new 38-minute long episode titled “Lord of the Highway” and featuring Naval intelligence officer Matt Cricchio. Quoting the podcast’s description: “An Army convoy rumbles in on the dangerous highway from Kandahar, bringing vital supplies to American troops. This is facilitated by Matiullah Khan, a local warlord with connections in the Afghan government. When two US soldiers are assassinated by an Afghan ally, Naval intelligence officer Matt Cricchio suspects that Khan might be behind the attack.”

60. Ukrainian SBU Arrests 4 Russian Agents Across Different Regions

On Thursday, March 10th, Ukraine’s Security Service (SBU) published a summary of the recent counter-espionage activities. The first case was a pro-Russia Donetsk resident who was supporting Russia’s Information Operations (IO) by filming videos and propagating IO content provided by his handler. The second one, in the Kharkiv region, was a civil servant involved in waste of public funds for road construction and the Russian Federal Security Service (FSB) helped him hide this in return of his recruitment as an FSB agent. During the Russian attacks, his handler instructed him to “collect data on the coordinates of checkpoints on key highways in Ukraine, the number of personnel and available weapons.” The third case was in the Donetsk region where a 23-year old man was recruited by a former Donetsk militant who flew to Russia in 2016. Through messaging applications the 23-year old man was sending “photos with the location, parking and movement of equipment of the Armed Forces and labels on maps with the exact location” that Russian forces used in their military operations planning. Finally, in the Dnipropetrovsk region, a person was recruited via a Telegram channel and was promised $75 for each completed task. At his handler’s request, he “photographed checkpoints in the region and plotted them on Google Maps.”

61. Sir Edward Bridges and the Development of UK Communications Security

The former GCHQ departmental historian, Tony Comer, published a new blog post trying to give a historical answer to the question of “why did Sir Edward Bridges, first as Cabinet Secretary and then as Permanent Undersecretary (PUS) at the Treasury, take such an interest in Communications Security (Comsec), from 1941 until his retirement in 1956?”

62. Analysis of Russian Military Communications Equipment

Sam Cranny-Evans and Thomas Withington of the Royal United Services Institute (RUSI) for Defence and Security Studies published an article titled “Russian Comms in Ukraine: A World of Hertz” and analysing what observations can be made based on the communications systems seen being used by Russian forces in the conflict with Ukraine. The analysis also highlights the vulnerabilities as well as exploitable vulnerabilities related to Communications Intelligence (COMINT) collection.

63. NRO Publishes Series of Videos for its 60th Anniversary

The United States National Reconnaissance Office (NRO) that designs, builds, and maintains the spy satellites (and other high-altitude spy systems) of the US government released 5 videos. The first is the “the NRO in the 1960s and 1970s” focusing in the NRO’s origin during the Cold War era. The next one is the “60 Innovators | 60 Innovations” which is a graphical presentation of 60 key innovators and innovations integral to the history of the NRO’s first 60 years of existence (1961–2021). Following that is the “the NRO in the 1980s and 1990s” discussing the post-Cold War NRO technological developments. Next is the “the NRO from the 2000s to today” focusing in the post-9/11 NRO history. Lastly, the “60 Years of the NRO” is a 19-minute long video “featuring interviews with former NRO Directors and key players in the development of the NRO, and showcasing rarely seen historic footage and photos.”

64. Greek NIS GIS Program Court Case Closes Without Any Charges

According to Greek media, an over decade old corruption case in the Greek National Intelligence Service (NIS) closed without charges this week after 4 years of hearings. The project started in 2005 when NIS, co-funded by European Union programs, started the development of a Geographic Information System (GIS) for border surveillance and security budgeted at €1.5 million. Later on, in 2009 Israeli intelligence officials recommended against it due to the use of Russian software, and later in 2009 the GIS program halted. Later on, Inspector General of Public Administration, Leandro Rakintzis, opened the case after increased political and NIS internal conflicts for procedural irregularities in the administration as well as the executives of NIS and the ruling political party, including mishandling of the government and European funds for the GIS program. Eventually, 20 NIS executives were sent to court and after 4 years of hearings and trials the case was closed with irrevocable acquittal for all involved parties.

65. India Supreme Court Hearing on the 1994 ISRO Espionage Case

On Friday, March 11th, it was announced that on March 25th the Supreme Court will hear the Central Bureau of Investigation’s (CBI) “plea against the Kerala High Court order granting anticipatory bail to four persons, including a former Director-General of Police (DGP), in a case relating to the alleged framing of scientist Nambi Narayanan in the 1994 ISRO espionage matter.” This 1994 espionage case involved an espionage network in the Indian Space Research Organisation (ISRO) that provided confidential documents to a foreign intelligence agency and in which “scientist Nambi Narayanan was allegedly framed by the Kerala police due to which the technology to develop the cryogenic engine was “hit” and the country’s space programme went back by at least one or two decades.”

66. CERT-UA Uncovers New Cyber-Espionage Operation Impersonating State Bodies

On March 11, the national Computer Emergency Response Team of Ukraine (CERT-UA) and the Cyber Police shared technical indicators of a new cyber-espionage campaign targeting Ukrainian citizens by emails impersonating Ukrainian state bodies and instructing the recipients on steps to improve their information security measures. If the recipients install the “critical update” file which was named “BitdefenderWindowsUpdatePackage.exe” then their system would be compromised by a commercially available software implant called “Cobalt Strike” as well as a custom-developed one. No attribution statement was made, but CERT-UA is tracking this cyber actor under the codename “UAC-0056”.

67. International Spy Museum: 9/11 The Intelligence Angle

The Washington DC-based International Spy Museum published the recording of a virtual workshop titled “9/11 The Intelligence Angle: Teacher Professional Development.” The 49-minute long recording originally took place to help young people learn about the 9/11 terrorist attack from the intelligence perspective. The event was organised by the Museum’s Youth Education Team and was hosted by the Director of Youth Education, Lucy Stirn, together with the Historian and Curator, Dr. Andrew Hammond. The actual virtual event took place on September 2nd, 2021.

68. Estonia’s KAPO Issues Warning of Increased Recruitment of Agents by Russian and Belarusian Intelligence Agencies

On Friday, March 11th, the Estonian Internal Security Service (KAPO) made an announcement in English, Estonian, and Russian warning the public that there is an increased attempt of recruiting agents among the people attempting to cross the borders. KAPO warns people crossing the border to immediately report any Russian or Belarusian recruitment attempts saying that “it’s better you come to us first with this info, before we come to you.”

69. Iranian Cyber-Espionage Operation Targeting Turkey and Asian Countries

The Symantec Security Centre issued a protection bulletin warning about an ongoing cyber-espionage campaign targeting “entities in Turkey and other Asian countries.” The campaign is using emails to lure the victims into installing a custom software implant dubbed as “SloughRAT.” Cisco’s Cyber Threat Intelligence (CTI) entity, called Talos Intelligence, published an intelligence report detailing the operation and stating that they attribute the activity with high confidence to a cyber actor dubbed as “MuddyWater” and that the “U.S. Cyber Command recently connected MuddyWater to Iran’s Ministry of Intelligence and Security (MOIS).”

70. Ukrainian SBU Captures Restricted Russian “Orion” Navigation Device and Exploited it for Military Intelligence Purposes

Ukraine’s Security Service (SBU) shared the capture of an “Orion” Russian military handheld GPS/GLONASS navigation device along with photos of it. The restricted military device belonged to members of the airborne 108th Guards Kuban Cossack Air Assault Regiment and, according to SBU, the captured “Orion” device had stored routes and waypoints that enabled them to uncover the tactical plans of future military operations which “will allow to act ahead and even more effectively destroy the enemy.”

71. Authetic8 Publishes New OSINT Episode and Tutorial

The private Open-Source Intelligence (OSINT) low-attribution tooling firm Authentic8 published a new 17-minute long episode of their OSINT series, with this one titled “OSINT in a tense world.” Two days later, they also published a short video-tutorial on tradecraft tips for reducing detection when doing automated OSINT collection with the Authentic8 platform.

72. NSA’s NCM Artefact “Senior Scout” SIGINT Compartment

On March 10th, the United States National Security Agency’s (NSA) National Cryptologic Museum (NCM) published a 3.5-minute video presenting the “Senior Scout” intelligence gathering compartment used by the US Air Force for Signals Intelligence (SIGINT) gathering missions. It was first used during the operations “Desert Storm” and “Desert Shield” by the US Marine Corps who nicknamed it “Senior Warrior.” Later on, it was used in the Global War On Terror (GWOT) and the War on Drugs.

73. EU Calls on Belgium to Strengthen Anti-Espionage Efforts

Belgium is the centre of many European Union organisations and recently the European Parliament made an explicit call to Belgian authorities to “step up actions against domestic espionage as part of the bloc’s fight against foreign interference in EU democratic processes.” The case was explicitly for “foreign infiltration among the staff of the EU institutions, including high-level politicians and officials who take on positions in foreign national or private companies that are state-controlled by countries active in espionage in exchange for their knowledge regarding the EU and its Member States.” and Belgium’s State Security Service (VSSE) stated that they had “already identified many cases of attempted interference by foreign services of very different origins, not only from the usual suspects.”

74. Ukrainian SBU Detains 5 Russian Agents in Donetsk & Poltava

With an official announcement Ukrainian Security Service (SBU) stated that on March 11th they detained 2 residents of Donetsk who were “passing information to the enemy about equipment and redeployment of Armed Forces” and also that SBU detained and opened an investigation on 3 residents of the Poltava region for participating in “propaganda campaign of the Russian media, urging the Ukrainian military to side with the enemy.”

75. Lecture: Industrial Espionage and Communist Poland

On March 11th, the Ukrainian Scientific Meetings YouTube channel published a 36-minute long lecture with Polish researcher Miroslaw Sikora, PhD. from the Institute of National Remembrance — Regional Branch in Katowice (Silesia) of the government of Poland on the subject of “industrial espionage and communist Poland.”

76. Former NSA Contractor Reveals Cultural Issues in the IC

On Thursday, March 10, the 30-year US Department of Defence veteran Dan Gilmore published a blog post titled “Why I Left the Intelligence Community” discussing his experiences from 1992 and until 2021 when he retired from the National Security Agency (NSA). He highlights cultural issues in the US Intelligence Community (IC) with “trolls” and hate speech, among others.

77. Leadership of Russian FSB’s Fifth Service Under Arrest

According to Meduza and journalists with expertise in Russia’s Federal Security Service (FSB), two of the most senior officials of the Fifth Service of the Agency are currently on house arrest with no official statement for that. The Fifth Service (Operational Information and International Relations Service) is responsible for liaison services with foreign intelligence agencies, as well as the Department of Operational Information (DOI) which is the foreign intelligence operations branch of the FSB. The two arrested senior FSB officials are the Head of DOI, General Sergey Beseda (also responsible for the Ukraine intelligence operations) and his deputy Bolukh (no full name provided) who was reportedly in charge of the disinformation operations in Ukraine. According to investigative journalist, and expert in Russia/Ukraine affairs, Christo Grozev, both were “brought for questioning by FSB’s military counter-intel department, and are still at the FSB HQ. They’ve not been answering their phones (I tried)”

78. Cyber-Espionage Campaign Targeting the Government of Pakistan

A cyber-security researcher published technical indicators of an active cyber-espionage campaign targeting government bodies of Pakistan by impersonating email login pages of various public sector organisations. The campaign aims on collecting the email credentials of the Pakistani officials but no attribution statement was made.

79. CNN Onboard a NATO E-3 AWACS Spy Plane Over Ukraine

Following last week’s (see story #49) BBC video onboard a NATO Boeing E-3TF Sentry spy plane operating the Airborne Warning And Control System (AWACS) near Ukraine, this week, CNN published a report from the E-3 spy plane with registration number LX-N90452 flying near Ukraine and Belarus to monitor the situation. Aviation enthusiast Amelia Smith identified the flight as the NATO02. As shared by Hans Kristensen of the Nuclear Information Project, the observed radar range in the content shown on CNN is closer to 500 km while its official/unclassified radar range is only 375 km. Note that the callsigns of those AWACS flights over Ukraine are NATOxx (where xx is the number of the flight). For more details on their flights, check out the last section on the weekly updates.

80. Analysis of the Recent Eutelsat 9E Satellite Cyber Attack

On February 24th, while Russian military mobilised against Ukraine, Russia’s intelligence apparatus conducted a wide range of cyber-espionage and cyber attack operations (many of them shared in our weekly updates). This week, Reverse Mode published a blog post detailing how “tens of thousands of KA-SAT SATCOM terminals suddenly stopped working in several european countries.” This operation has not been officially attributed to Russian intelligence agencies. Later on, private cyber-security firm Sekoia published a 6-pages long intelligence report providing further insights in the mysterious blackout of the Eutelsat 9E communications satellite. According to a Reuters report “analysts for the U.S. National Security Agency, French government cybersecurity organization ANSSI, and Ukrainian intelligence are assessing whether the remote sabotage of a satellite internet provider’s service was the work of Russian-state backed hackers preparing the battlefield by attempting to sever communications” but no technical evidence or official statement was provided to support this attribution statement.

81. Sweden Deports 2 Iranian Agents Linked with Terrorist Plot

On Saturday, March 12th, news reports revealed that Sweden deported two Iranian nationals without trial. The two entered Sweden in 2015 as refugees without any documents, pretending to be from Afghanistan. They used fake names, the female was registered as Salma Khormai (real name Fereshteh Sanai-Fari) and the male as Javad Malekshahi (real name Mehdi Ramezani). In April 2021 the Swedish Security Service (SÄPO) arrested them without publicly stating the reason, apart that they were “alleged Iranian agents.” According to an unnamed SÄPO source the two “travelled to Europe as a terrorism sleeper cell, saying they were believed to be agents for the Islamic Republic who sought to execute a terrorist act against Iranian dissidents, apparently American citizens, but didn’t disclose the targets’ names.”

82. Leaked Documents Show Relationship of British PM with Evgeny Lebedev, Son of a Russian KGB officer

Adam Bienkov of the Byline Times published a story featuring leaked letters indicating the relationship of UK’s Prime Minister Boris Johnson with Russian-British oligarch Evgeny Lebedev, who is also a Member of House of Lords of the United Kingdom. The article also explains that most of Lebedev’s wealth came from his father Alexander Lebedev, a well known Russian oligarch and former KGB and later Foreign Intelligence Service (SVR) officer. At the KGB he was assigned to the First Chief Directorate, responsible for foreign intelligence operations. Among others, he is “part owner of the Russian newspaper Novaya Gazeta and owner of two UK newspapers with his son Evgeny Lebedev: the Evening Standard and The Independent.”

83. Ukrainian HUR MOU Warns of Russian “False Flag” in Chernobyl

Ukrainian intelligence officials are sharing via an official announcement of the Chief Directorate of Intelligence of the Ministry of Defence (HUR MOU) that Russian special services are collecting corpses of dead Ukrainian soldiers to be used as “killed saboteurs” in a planned “false flag” operation at the Chernobyl nuclear power station. This could allow Russian government to progress further their foreign policy agenda in Ukraine.

84. Podcast: Shadows of the Cold War

Spycraft 101 released a 3rd podcast this week (see #31 and #44). This 43-minute long episode is titled “Shadows of the Cold War: A Murder Investigation” and features Fred Burton, Chief Security Officer at Stratfor Geopolitical Intelligence, New York Times bestselling author, and former US Diplomatic Security Service (DSS) Special Agent.

85. Ukrainian SOF Captures Russian Eleron-3 Spy Drone

With an official post the Command of the Special Operations Forces of the Armed Forces of Ukraine revealed that a Ukrainian SOF element captured a Russian ZAO ENIX Eleron-3 Intelligence, Surveillance, Reconnaissance (ISR) modular Unmanned Aerial Vehicle (UAV). This UAV is used by Russian specialised units for “eyes in the sky” tactical ISR, providing autonomous flight options, EO/IR sensor, and modular payload system.

86. Polish Government Translator Accused of Spying for Russia

According to Polish media “during the meeting of the first lady Agata Kornhauser-Duda with refugees from Ukraine in the centre in Brańszczyk near Wyszków, the translator was Mateusz Piskorski, accused of working for Russian intelligence.” Currently the trial of Piskorski is pending, it will take place in Warsaw, Poland. The post continues that the case started in April 20th, 2018 with the first indictment against Piskorski accusing him of collaborating with Russia’s Federal Security Service (FSB) and Foreign Intelligence Service (SVR) from 2009 and until the day of his arrest. The Prosecutor’s Office also assesses that he participated in “activities of the intelligence services of the People’s Republic of China.”

87. Saudi Arabia Executes 81 People in a Single Day, Including for Espionage Charges

On Saturday, March 12th, the Saudi court ordered the execution of 81 defendants mainly from Saudi Arabia and Yemen convicted for “terrorism, espionage, and murder” and other crimes. On the espionage charges, the Ministry of Interior stated that they were “spying for terrorist organizations such as Houthis, al-Qaeda and DAESH in Yemen.”

88. Iran Dismantles Largest Mossad Network in the Northwest

The Ministry of Intelligence of Iran (MOIS) announced the dismantling of the “largest spy network” of the Israeli Mossad in the West Azerbaijan province of Iran. The Head of the Security Department in West Azerbaijan province stated that the Mossad agents were “trying to carry out sabotage acts inside Iran by employing thugs” and their motivation was financial profit.

89. OSINT-Discovered ELINT/SIGINT Flights

This is a brief summary of ELINT/SIGINT/ISR flights identified by aviation enthusiasts during this week:

• 07MAR2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7223) flight from RAF Waddington to Poland. Source1 Source2
• 07MAR2022: US Air Force RC-135W Rivet Joint (62–4130, callsign JAKE11) flight from RAF Mildenhall, UK to Romania-Moldova and Romania-Ukraine border. Source
• 07MAR2022: US Army Challenger 650 ARTEMIS (N488CR, callsign: BRIO68) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
• 07MAR2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
• 07MAR2022: Swedish Air Force AEW&C Saab S100D Argus (100003, callsign SVF603) flight from Malmen Airbase to Kaliningrad. Source
• 07MAR2022: US Air Force RQ-4A Global Hawk (10–2045, callsign FORTE12) flight from Naval Air Station Sigonella to the Black Sea near the Ukraine-Russia border. Source
• 07MAR2022: US Air Force Boeing RC-135W River Joint (62–4139. callsign PYTHN51) flight from Al Udeid Air Base, Qatar over the Persian Gulf and back. Source
• 07MAR2022: German Navy Lockheed P-3C Orion (60+04, callsign GNY4505) from the Nordholz Naval Airbase, Germany to flight near Kaliningrad. Source
• 07MAR2022: US Navy P8 Poseidon (169567, callsign N/A) flight over the coast of Pensacola, Florida, U.S. Source
• 08MAR2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
• 08MAR2022: US Navy EP-3E ARIES II(161410, callsign ZO72) flight from Crete, Greece to Romania. Source1 Source2
• 08MAR2022: NATO AEW&C Boeing E-3A Sentry (LX-N90459, callsign NATO01) flight over Poland and Kaliningrad. Source
• 08MAR2022: NATO AGS RQ-4D Phoenix (MM-AV-SA0018, callsign UAVGH000) flight from Naval Air Station Sigonella, Italy to the Black Sea and back. Source
• 08MAR2022: US Army Challenger 650 ARTEMIS (N488CR, callsign: BRIO68) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
• 08MAR2022: US Air Force Northrop Grumman E-8C J-STARS (95–0121, callsign REDEYE6) flight from Ramstein Air Base, Germany to Poland near the Ukraine border. Source
• 08MAR2022: Italian Air Force Gulfstream C-37B (MM62293, callsign PERSEO71) flight from Rome–Fiumicino International Airport, Italy to racetrack pattern over Romania-Moldova border. Source
• 08MAR2022: US Navy P8 Poseidon (AE6874, callsign N/A) over Eastern Mediterranean. Source
• 08MAR2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7222) flight from RAF Waddington to Poland. Source
• 08MAR2022: US Army Beech RC-12X Guardrail (88–00325, callsign YANK01) and (91–00516, callsign YANK02) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source
• 08MAR2022: US Air Force RC-135W Rivet Joint (62–4130, callsign JAKE12) flight from RAF Mildenhall, UK to Poland-Ukraine border. Source
• 09MAR2022: US Air Force Boeing RC-135U Combat Sent (64–14849, callsign HOMER39) flight from Souda Bay, Crete, Greece to the coast of Syria and Lebanon. Source
• 09MAR2022: US Air Force RC-135W Rivet Joint (62–4130, callsign JAKE11) flight from RAF Mildenhall, UK to Poland, Lithuania, Latvia and Estonia border, around Kaliningrad. Source
• 09MAR2022: US Air Force RQ-4A Global Hawk (10–2045, callsign FORTE10) flight from Naval Air Station Sigonella to the Black Sea near the Ukraine-Russia border. Source
• 09MAR2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
• 09MAR2022: Thales (UK) Diamond Surveillance DA62 MPP (OE-FMF, callsign OEFMF) flight from Siegerland Airport, Germany to ISR pattern near Marburg and Göttingen, landing at the FMB airfield Magdeburg, Germany. Source
• 10MAR2022: Swedish Air Force AEW&C Saab S100D Argus (100003, callsign C603) flight from Malmen Airbase to Kaliningrad. Source
• 10MAR2022: US Air Force Lockheed U-2S Dragon Lady (80–1092, callsign N/A) flight from RAF Akrotiri, Cyprus heading West before disappearing. Source
• 10MAR2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7224) flight from RAF Waddington to Poland. Source
• 10MAR2022: US Air Force Northrop Grumman E-8C J-STARS (95–0121, callsign REDEYE6) flight from Ramstein Air Base, Germany to Poland near the Ukraine border. Source
• 10MAR2022: French Air Force Transall C-160 Gabriel (F216, callsign HOOPA21) flight over Romania. Source
• 10MAR2022: US Air Force RQ-4A Global Hawk (10–2045, callsign FORTE10) flight from Naval Air Station Sigonella to the Black Sea near the Ukraine-Russia border. Source
• 10MAR2022: German Navy Lockheed P-3C Orion (60+04, callsign GNY4500) from the Nordholz Naval Airbase, Germany to flight near Kaliningrad. Source
• 10MAR2022: US Army Challenger 650 ARTEMIS (N488CR, callsign: BRIO68) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
• 10MAR2022: US Army Beech RC-12X Guardrail (88–00325, callsign YANK01) and (91–00516, callsign YANK02) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source1 Source2
• 10MAR2022: US Navy P8 Poseidon (AE67FE, callsign N/A) flight over the coast of Morocco. Source
• 10MAR2022: US Navy P8 Poseidon (AE67FE, callsign N/A) off the coast of Las Palmas, Canary Islands. Source
• 10MAR2022: US Air Force RC-135W Rivet Joint (62–4130, callsign JAKE12) flight from RAF Mildenhall, UK to Poland-Ukraine border. Source
• 10MAR2022: US Air Force RC-135W Rivet Joint (62–4130, callsign JAKE11) flight from RAF Mildenhall, UK to Poland near the Ukraine and Belarus borders. Source
• 10MAR2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
• 10MAR2022: Skyborne Aviation Diamond Surveillance DA42 MPP Guardian (G-SADB, callsign SFY40) flight from Gloucestershire Airport to ISR flight near Cheltenham, Bristol, Tenbury Wells, and back. Source
• 11MAR2022: Summary of at least 10 ISR flights from US, Sweden, UK, and Italy near Ukraine. Source
• 11MAR2022: US Air Force Boeing RC-135W Rivet Joint (62–4138, callsign N/A) flight at the Philippine Sea, near Taiwan. Source
• 11MAR2022: US Navy P-8A Poseidon (AE6874, callsign N/A) flight southwest of Cyprus. Source
• 11MAR2022: US Army Challenger 650 ARTEMIS (N488CR, callsign: BRIO68) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
• 11MAR2022: US Air Force Northrop Grumman E-8C J-STARS (95–0121, callsign REDEYE6) flight from Ramstein Air Base, Germany to Poland near the Ukraine border. Source
• 11MAR2022: US Army Beech RC-12X Guardrail (88–00325, callsign YANK01) and (91–00516, callsign YANK02) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source
• 11MAR2022: RAF Boeing RC-135W River Joint (ZZ664, callsign RRR7243) flight from RAF Waddington to Poland. Source
• 11MAR2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
• 11MAR2022: Turkish Air Force AEW&C Boeing E-7T (13–003, callsign TURAF42) flight over Ionian Sea. Source
• 11MAR2022: US Air Force Lockheed EP-3E Orion (16–1410, callsign N/A) flight South of Romania. Source
• 11MAR2022: US Navy Northrop Grumman MQ-4C Triton (168458, callsign SCORE90) flight from Naval Air Station Patuxent River, MD and tracking inside the R-4006. Source
• 11MAR2022: US Air Force Lockheed EP-3E ARIES II (160764, callsign AW12) flight from Crete, Greece to Moldova-Ukraine border.
• 11MAR2022: Italian Air Force Gulfstream C-37B (MM62303, callsign PERSEO71) flight from Rome–Fiumicino International Airport, Italy to racetrack pattern over Romania-Moldova border. Source
• 11MAR2022: Japan Air Self-Defense Force Northrop Grumman RQ-4 Global Hawk (23–6003, callsign LEEROYJK) flight from Palmdale Regional Airport, CA, US to the Misawa Airport, Japan. Source
• 11MAR2022: US Air Force RQ-4A Global Hawk (10–2045, callsign FORTE10) flight from Naval Air Station Sigonella to the Black Sea near the Ukraine-Russia border. Source
• 12MAR2022: Summary of at least 11 ISR flights from US, Sweden, UK, and France near Ukraine. Source
• 12MAR2022: US Army Challenger 650 ARTEMIS (N488CR, callsign: BRIO68) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
• 12MAR2022: US Army Beech RC-12X Guardrail (88–00325, callsign YANK01) and (91–00516, callsign YANK02) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source1 Source2
• 12MAR2022: US Air Force RC-135V Rivet Joint (64–14844, callsign JAKE11) flight from RAF Mildenhall, UK to Romania-Moldova and Romania-Ukraine border. Source1 Source2
• 12MAR2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source1 Source2
• 12MAR2022: NATO AEW&C Boeing E-3A Sentry (LX-N90454, callsign NATO01) flight over Poland and Kaliningrad. Source
• 12MAR2022: US Air Force RQ-4A Global Hawk (10–2045, callsign FORTE10) flight from Naval Air Station Sigonella to the Black Sea and Romania-Moldova near the Ukraine border. Source
• 12MAR2022: US Navy P8 Poseidon (AE5C67, callsign N/A) flight at the Yellow Sea, near South Korea. Source
• 12MAR2022: Acrobat Ltd. Diamond DA-42 MPP Guardian (G-DOSC, callsign GDOSC) flight from Solent Airport, UK to ISR flight over Stubbington, Mere, Gillingham, Sturminster Newton, and back for landing. Source