SPY NEWS: 2022 — Week 15

Summary of the espionage-related news stories for the Week 15 (10–16 April) of 2022.

1. South Korea to Launch its First Homegrown Spy Satellite

On April 10th it was announced that in 2023 the Korea Aerospace Research Institute (KARI) together with the Agency for Defense Development (ADD) will launch their first reconnaissance satellite using the SpaceX Falcon 9 rocket. This program started in 2017 and the complete constellation will be comprised by 5 spy satellites which are expected to be in orbit by 2025.

2. Two Years after Operation Gideon With Many Open Questions

In 2020 a group of former US military personnel working for the Silvercorp Private Military Contractor (PMC) were arrested in Venezuela in what became known as the Operation Gideon. A covert subversive action targeting dissidents with the objective to remove the President of Venezuela, Nicolás Maduro, from power. Some of the suspects have stated that this was a US-backed operation with sign-off from the CIA which was, however, denied. This week, InfoBae published a story about the deaths of people involved in the case, the closed investigations, and how even 2 years after this event took place there are still many unanswered questions.

3. Estonia Bans Yandex due to Espionage Accusations

Based on intelligence from the Estonian Foreign Intelligence Service (EFIS), the government of Estonia decided to ban the Russian technology firm Yandex from operating in the country. The post highlights that this is related primarily to the taxi services (called Yandex Go and Yandex Pro) that the company offers in Estonia. As it was noted by the Estonian Ministry of Entrepreneurship and Information Technology, “the purpose of the sanctions is to prevent the collection and use of data from Estonian users by Russian intelligence services.”

4. New German Book on the History of Minifon Spy Gadgets

The Crypto Museum published a short post about a new book going in great detail on how Minifon products were used for espionage purposes. The author of the book, Roland Schellin, wrote a similar book in 2001 but this new edition has extensively more details including “a complete rewrite with a lot of new information, stories, brochures, circuit diagrams and detailed new high-quality photographs, all in full-colour.” The title of the book is “Minifon: Der Spion in der Tasche” (Minifon: The Spy in your Pocket).

5. France Expels 6 Russian Diplomats as Spies Based on DGSI

On April 11th the French Ministry of Foreign Affairs expelled 6 Russian intelligence officers operating under diplomatic cover. Gérald Darmanin, the Minister of Interior, said that this was done after a counter-intelligence operation of the General Directorate for Internal Security (DGSI) that “thwarted a network of Russian clandestine agents who worked against our interests.” He continue noting that it was a “remarkable counter-espionage operation” without going into further details.

6. Podcast: Espionage and Spycraft with MI6 Spy Matthew Dunn

A new over an hour long podcast episode of UNSTRUCTURED was published titled “Espionage and Spycraft with MI6 Spy Matthew Dunn” and featuring Matthew Dunn. During his service as intelligence officer at the MI6, Matthew Dunn conducted approximately 70 missions including operating under deep cover to recruit and run agents in foreign countries.

7. North Korean Cyber Espionage Campaigns Targeting South Korea

The cyber security firm Cluster 25 published technical analysis of new cyber espionage campaigns from North Korea targeting individuals in South Korea. The initial delivery was via emails impersonating various entities, from the “the Korea Internet Information Center (KRNIC) to the impersonation of various south-korean Internet Security firms (e.g., AhnLab, Menlo Security, SaniTOX) or Cryptocurrency firms (e.g., Binance)” with the intent to compromise the systems of the targets and install a custom made cyber espionage software implant.

8. Webinar: JN-25 — The Imperial Japanese Navy’s Primary WWII Naval Cipher

On April 8th, The National Museum of Computing (TNMOC) of the UK published an over one hour long recording for the JN-25. A naval cipher introduced in 1939 by the Imperial Japanese Navy which was first broken by British GC&CS cryptanalyst John Tiltman. The presentation was given by Chris Christensen, Professor of Mathematics at the Northern Kentucky University, who has been studying JN-25 for about 10 years.

9. Serbia’s BIA Denies Swiss FIS’ Report for Assassination Plot

Based on the Balkan Transitional Justice, the Swiss Federal Intelligence Service (FIS) issued a warning to politician and former State Prosecutor Dick Marty about an assassination plot against him from the Serbian special services. D. Marty is the “author of a 2010 report for the Council of Europe linking former Kosovo President Hashim Thaci to war crimes, including the harvesting of organs from detainees, around the time of the 1998–99 war in Kosovo” which is believed to be related. According to the classified threat report, “the assassination of Dick Marty was reportedly assigned to Serbian men who had been on such missions for the Serbian secret services for a long time and were trained by them as ‘absolute professionals’ who would handle the assassination ‘leaving no trace’” and continued that “a Serb reportedly smuggled weapons into Switzerland sometime in December 2020.” Serbia’s Security Intelligence Agency (BIA) issued a formal letter to FIS which “strongly condemns and denies the malicious claims about the involvement of Serbian security services in planning anyone’s murder.”

10. Latvia’s VDD Detains Belarusian Citizen on Espionage Charges

On April 11th the Latvian State Security Service (VDD) announced that on February 15th, and in collaboration with the Defence Intelligence and Security Service (MIDD), detained a Belarusian citizen for gathering “information about the National Armed Forces objects, as well as critical infrastructure objects, including by covert filming and photographing of these objects.” The reports state that the suspect was operating on behalf of Belarus’ KGB but the investigation is still ongoing. VDD/MIDD “made the arrest on February 15, although authorities only announced it publicly on April 11.”

11. Webinar: Curator’s Corner — Disruption with Aki J. Peritz

The International Spy Museum published a new one-hour long recording of a webinar titled “Disruption with Aki J. Peritz” and featuring Aki J. Peritz, former CIA Counterterrorism Analyst and Adjunct Professor at the American University in Washington, DC. The talk is based on his latest book “Disruption: Inside the largest counterterrorism investigation in history” and the virtual event originally took place on April 7th. The talk was hosted by Dr. Alexis Albion, International Spy Museum Curator of Special Projects.

12. New Pakistani Cyber Espionage Operation Targeting Indian Government

On April 11 Cyber Threat Intelligence (CTI) researcher Jazi published technical indicators of a new cyber espionage operation attributed to an actor dubbed as “TRANSPARENT TRIBE” who has been previously associated with the government of Pakistan. The new operation is targeting Indian government personnel with a lure document impersonating a “Mental Health Survey” and delivered via email. If the target opens it, it will covertly install a custom cyber espionage software implant known as “Crimson RAT”.

13. Two Senior EU Officials Targeted by Pegasus Covert Surveillance

The latest developments on the Pegasus case (a cyber espionage solution developed and sold to government agencies by the Israeli NSO Group) revealed that two senior EU officials were also targeted. One of the two is Didier Reynders, Belgian politician serving as the European Commissioner for Justice since 2019. The second case was not disclosed beyond being a “senior EU Commission member.” Note that at least 4 staff member of the United Nations High Commissioner for Refugees (UNHCR) were also targeted. The two officials highlighted that UNHCR learned about the compromise in November 2021 after receiving threat intelligence notifications from Apple that their devices were “targeted by state-sponsored attacks” which led to further investigation and discovery of the Pegasus infections.

14. Poland Hands Over Former Russian Spy Hub to Ukrainians

On Monday, Warsaw Mayor Rafal Trzaskowski announced that a fenced compound previously used by Russian diplomats has been seized and will be provided to the “Ukrainian community, to possibly house refugees taken in by Poland in the wake of Russia’s invasion.” The Mayor said that “it is extremely symbolic that we are closing this long process now, in the age of Russian aggression, we’ve taken back the so-called spy nest and want to hand it over to our Ukrainian guests.” The compound was allegedly used for espionage purposes by Russian intelligence officials and within the Polish government it was nicknamed as “Szpiegowo”.

15. Video: Former CIA GRS Shares Story from First Libyan Civil War

On April 12th, a member of the American Kinetix (AX), a former CIA Global Response Staff (GRS) member, published a 25.5-minute long video sharing a war story from the First Libyan Civil War (2011), indicating how CIA paramilitary operators act behind the scenes in those conflicts.

16. Greek Government Denies Use of Predator Cyber Espionage Suite Against Journalist — Reporters United Provide Evidence Disputing the Government Claim

Last July it was revealed that the mobile device of Greek financial journalist Thanasis Koukakis was compromised by the covert cyber espionage software implant Predator (developed and sold to government agencies by the Israeli Balinese Ltd. — former Cytrox based in North Macedonia). This week, Greek government spokesperson Yannis Economou publicly denied the involvement of the Greek agencies asking for the “authorities to do their job to clear up this affair and for justice to be done.” Koukakis assumes that he was targeted due to his investigative work which included financial investigations for “a Greek bank, expenses claims at the migration ministry, and defense contracts.” Following that, the Reporters United project published a detailed article providing evidence that Predator software implant was used by the Greek National Intelligence Service (NIS) to target his mobile device.

17. DoJ Charges Couple for Illegal Exports to China

The US Department of Justice (DoJ) made a press release for Xiaojian Tao, 63, and his wife Yu Lang, aka Laura Long, 63, for illegal activities in the period of 1997–2020. As per DoJ, “Tao allegedly exported items to China without having obtained a required export license from either the Department of State or the Department of Commerce.” The illegally exported items were described as “defense articles” and “commerce-controlled goods” with no further details provided by the DoJ.

18. Turkish MİT Used FinSpy and Honeytraps to Target Political Opposition Party Members

According to an article published by investigative journalist Abdullah Bozkurt, the National Intelligence Organisation (MİT) of Turkey, under the direct orders of President Recep Tayyip Erdoğan, infiltrated the main opposition party using FinSpy (a cyber espionage suite developed and sold to government agencies by the German FinFisher/Gamma Group until week 13 (see story #42) that the company declared insolvency). The article provides details and media demonstrating the cyber espionage activity including blackmailing and honeytraps to target the political opposition.

19. Podcast: SpyCast — ISIS Leader al-Mawla

This is the second, and last, part of this series (for the first check week 14 story #68). The International Spy Museum’s SpyCast published the 39-minute long episode titled “ISIS Leader al-Mawla: Caliph. Scholar. Canary. Snitch.” presented by Dr. Daniel Milton, Director of Research at the Combating Terrorism Centre (CTC) at the United States Military Academy and an Associate Professor in the Department of Social Sciences. In this second part, the intelligence topics covered are: “The origin of the term “Canary Caliph. The mythology of Islamic State and the reality. Battlefield intelligence and understanding an enemy. The Combating Terrorism Center being on the radar of terrorists.”

20. FSB Detained Ukrainian Planning Sabotage Attack in Moscow

On April 12th, the FSB announced that they detained a Moscow-native who was granted Ukrainian citizenship to fight against Russia in Donbas, after serving with the Ukrainian Armed Forces in the period of 2017–2019. The report says that he was transferred to the Yavoriv Combat Training Centre (in the Starychi village, in Lviv, Ukraine) where he was trained on sabotage following NATO’s doctrine with instructors from the United States, Great Britain and Canada. In January 2022 he moved back to Russia where the FSB put him under surveillance. FSB identified that in the forest near the town of Solnechnogorsk the suspect prepared a cache with weapons and 3 incendiary devices that he was, reportedly, planning to use in subversive actions in Moscow, Russia. FSB detained him based on that evidence and continues with the investigation against him and his organisation.

21. US Sentences Citizen Assisting North Korea to Evade Sanctions

The US Department of Justice issued a public statement for the sentencing of Virgil Griffith, 39, for formulating plans to “provide services to individuals in the DPRK by developing and funding cryptocurrency infrastructure there, including to mine cryptocurrency. Griffith knew that the DPRK could use these services to evade and avoid U.S. sanctions, and to fund its nuclear weapons program and other illicit activities.” The defendant was sentenced to over 5 years (63 months) in prison after “pleading guilty to conspiracy to violate the International Emergency Economic Powers Act (IEEPA).”

22. Greek NIS & Coast Guard Dismantle Smuggling Network in Rhodes Island

As it was stated on Greek media, the National Intelligence Service (NIS) in collaboration with the Coast Guard of Rhodes island dismantled a network of 7 people organising smuggling of illegal immigrants from Turkey to Greece. The case started when a hotel’s staff identified 4 illegal immigrants who were transferred there by a Lebanese national and reported it. After conducting covert surveillance on the Lebanese suspect, it was identified that 3 more people were involved in the smuggling network. A 32-year old Egyptian male and two 35-year old Syrian males who were all subsequently arrested. One of the two arrested Syrians was the coordinator with his counterpart being a smuggler located in Turkey, who was leading the operations. The investigation also led to the arrest of 3 more suspects. A 37-year old Syrian national based in Athens who was counterfeiting travel documents, a 21-year old Palestinian male and a 39-year old Syrian national who was acting as the coordinator between Athens and Rhodes.

23. SIGINT Historian: Locking a Stable Door

The former Departmental Historian of GCHQ, Tony Comer, published a short blog post titled “Locking a Stable Door” and covering a story from Guy Liddell’s diaries about publication of SIGINT secrets in a 1941 book. The book mentioned was the first edition of “The Diary of a Staff Officer”.

24. Polish SKW Detains Russian Spy Facing Espionage Charges

The Polish Military Counterintelligence Service (SKW) announced that they identified a Russian citizen who has been living and working in Poland for the last 18 years, was a Russian spy. The statement says that under the instructions of his Russian special services handlers, the suspect “collected information concerning the military readiness of the Polish Armed Forces and of the NATO troops.” On April 6 he was detained by the Military Gendarmerie and under court’s decision, he was placed on temporary (for 3 months) arrest until the counter-espionage investigation is completed.

25. Ukrainian CERT Provides Details on Critical Infrastructure Cyber Attacks by Russia’s GRU GTsST

On April 12th, the national CERT of Ukraine published a short post with technical indicators on critical infrastructure cyber attacks from the period of February-April 2022. The cyber operations were attributed to the Russian military intelligence (GRU) Unit 74455, also known as GTsST (Main Centre for Special Technologies) which is dedicated to Computer Network Attack (CNA) operations (e.g. destructive cyber effects such as wiping systems, denial of service, etc.) According to CERT-UA, the target was an energy company in Ukraine which was hit twice. Specifically, GRU attacked the high-voltage electrical substations, user computers and Automated-process Control Systems (ACS), server equipment and network equipment of that company. In all cases, the GRU operators deployed tailored software implants to wipe the devices making them inoperable. CERT-UA also publicly thanked Microsoft and ESET cyber security firms for their support in those incidents.

26. Slovak MP Accuses Former Prime Minister of Espionage for Sharing S-300 Video Before Official Confirmation

Slovak MP Jan Bencik filed a criminal complaint and said that it “qualifies for espionage” against former Prime Minister of Slovakia Robert Fico. The reason was a video that Robert Fico shared showing a train platform loaded with the S-300 air defence system. Fico called Slovakian government’s decision to provide this advanced air defence system “pure madness” and said that “we would not only get rid of a multi-million dollar defense system that is better than the American Patriot. But we would be increasingly drawn into the war in Ukraine in the name of American interests, to which we have nothing to do.” According to Bencik this was released prior to any official statement from the Slovakian government qualifying his action as an espionage offence.

27. Latvian Court Upholds Oleg Burak’s Espionage Sentence

On April 13th the Riga District Court in Latvia had the appeal hearing for the case of Oleg Burak, a former Ministry of Interior employee who was identified to be a Russian spy in 2018 by the Latvian State Security Service (VDD), and sentenced to 15 years in prison “over charges of espionage, illegal trafficking of firearms, dissemination of pornography and illegal trafficking of special equipment.” After the appeal hearing, the court decided to uphold his 15 year sentence without any changes. O. Burak pleaded not guilty in the hearing.

28. Podcast: SpyScape — King of Scotland Yard

The SpyScape published a new 47-minute long podcast episode on the True Spies series titled “King of Scotland Yard: It’s 2003. Baghdad has fallen and Scotland Yard needs to fly in with little time, three guns and a broken phone.” The episode is featuring Carlton King, a senior protection officer with the Metropolitan Police (also known as the Scotland Yard — from its headquarters) Special Branch who served in the period of 1996–2012, and was also assigned to the Secret Intelligence Service (SIS), better known as MI6, as a case officer in 1997–2002. The podcast focuses on a protection mission he was responsible for in Baghdad, Iraq to prepare the ground for a British Minister to go and participate in the negotiations.

29. US DoD Used Mobile Applications to Spy on Muslims

Al Jazeera published a new investigative article authored by their Washington correspondent, Amr Hassan. According to the investigation, numerous mobile applications frequently used by Muslims arecovertly collecting location data and other sensitive information, which the owning companies are then providing to the US Department of Defence (DoD) and other US government agencies. According to the report, among them, those include the: Muslim Mingle, Muslim Pro’s Features, Full Quran MP3 — Ramadan 2022, Qibla Compass, QR barcode scanner, and Al-Moazin Lite. Following this, the Council on American-Islamic Relations (CAIR) urged the US Federal Trade Commission (FTC) to rein in the reported cases of location tracking and Google removed those mobile applications.

30. Russia Removes Over 100 FSB Officers Related to Potential Double Agent

On week 14 (story #85) it was revealed that FSB’s Head of DOI, Fifth Service, General Sergey Beseda, 68, was arrested on espionage allegations. This week, The Times reported that over 100 FSB officers of the FSB’s Fifth Service have been dismissed, making it a total of about 150 officers since the war started. According to the article, this is likely related to the arrest of S. Beseda, but there are not enough evidence to confirm this assumption.

31. Chinese Cyber Espionage Operation Targeting EU Entities

A cyber threat researcher from Group-IB cyber security firm published technical indicators of a new cyber espionage operation targeting EU government entities via lure documents impersonating official announcements. The TTPs are similar to those of week 12 (story #48) and the activity was attributed to an actor dubbed as “MUSTANG PANDA” who has been previously associated with China’s main foreign intelligence agency, the Ministry of State Security (MSS).

32. Israeli Shin Bet Apologises to China After Invalid Accusations Over Bugged Thermal Mugs

As it was reported this week, the Chinese Embassy in Tel Aviv, Israel sent a gift thermal mug to Orit Farkash-Hacohen, Israel’s Minister of Science, Technology and Space. On a routine inspection, Israel’s domestic intelligence agency, the Shin Bet, identified an electronic component at the base of the thermal mug and this quickly leaked to the media with Shin Bet wanting to restrict any gifts to the offices and instead send them to Shin Bet for inspection. The Chinese Embassy called this a “baseless rumour” and later on, it was discovered that it was indeed a false accusation. The electronics were related to temperature and pressure control. This forced Shin Bet and the Israeli government to apologise to China for the false accusations. This comes along the strong criticising of Shin Bet’s HUMINT failures in the wave of attacks Israel has been recently experiencing.

33. Podcast: Ukraine and How Private Sector Intelligence is Defining a New World

On April 13th, The Cipher Brief published a new 53-minute long episode titled “Ukraine and How Private Sector Intelligence is Defining a New World” and featuring Suzanne Kelly, the CEO & Publisher of Cipher Brief who was previously CNN’s Intelligence Correspondent, and Brad Christian, COO of Cipher Brief with extensive past career in the private intelligence and defence industry, as well as the US Army. The special guest of this episode was Kevin Mandia, CEO of Mandiant cyber security and intelligence firm, with 20 years of experience in the information security space, and former US Air Force officer and special agent.

34. Denmark Warns of Increased Russian, Chinese and Iranian Spying Activity but No Immediate Military Threat

The Danish Security and Intelligence Service (PET) highlighted that the top espionage activity in the country originates from Russia, China and Iran and it includes “espionage, influence operations, harassment, attempts to smuggle items, technology and knowledge transfers and, in exceptional cases, assassination attempts.” Later in the week, the Danish Defence Intelligence Service (FE in Danish or DDIS in English) announced to the parliament’s Defence Committee that “it is unlikely that Russia desires a military conflict with NATO. Russia has probably no intention of using military force against Denmark. FE thereby concludes that there is no direct military threat to Denmark.”

35. Germany Convicts SVR Spy to Suspended Prison Term

On April 13th, the case of Russia’s Foreign Intelligence Service (SVR) spy Ilnur Nagaev ended with a suspended term. For more details on the history of this case check week 4 (story #10) and week 7 (story #41). The Munich State Court concluded that the espionage activity started in February 2021 and lasted until April 2021. The defendant pleaded not guilty, saying he was not an SVR agent and he was only asked about publicly available material that didn’t consider them relevant to Russian intelligence services. Eventually, the court verdict was one year suspended sentence due to the defendant not being likely to reoffend, that he didn’t know his handler was a Russian intelligence officer and because of his cooperation with German authorities.

36. So-called LPR Claims OSCE Agents Conducting Espionage

According to the Ministry of State Security (MGB) of the, not recognised by most countries, Luhansk People’s Republic (LPR), staff members of the Organisation for Security and Co-operation in Europe (OSCE) are covertly performing “special intelligence functions” rather than observing the situation. MGB officials said that using their diplomatic status as cover OSCE has been collaborating with Armed Forces and Law Enforcement counter-intelligence personnel working among them to conduct counter-intelligence operations such as identifying foreign agents and intelligence gathering missions. According to the report, the Ukrainian Ministry of Foreign Affairs has given them those privileges and diplomatic immunity status. MGB continued that, for example, OSCE Security Officer Petko Lilov is actually a Bulgarian military intelligence Colonel and has been conducting such counter-intelligence missions. Another example given was Aleksei Kozakov, former OSCE agent in Luhansk, who was experienced military veteran and was tasked with coordinating local groups and obtaining access to information, as well as “forging” OSCE reports. The report notes that the OSCE stations near Luhansk were managed by the Ukrainian Armed Forces and were used to communicate the locations of LPR forces during battles.

37. Iranian State News Claim Israeli Intelligence Officials are Covertly Deployed in US Military Bases

Pooya Mirzaei of the Iranian state-controlled Nour News agency published an exclusive story on Monday claiming that Israeli military and intelligence officials are covertly stationed in “US bases in a number of countries in the region.” The report says that this project was under the US EUCOM and now moved to the CENTCOM. It was done to support the US intelligence community after the US withdrawal from Afghanistan. The article claims that aerial vehicles, intelligence collection equipment and personnel is present in US military bases conducting clandestine activities under the US military cover, and that those capabilities are also likely to target Iran.

38. Former German BND Covert Plane on Sale by Aero-Dienst

On week 9 (story #17) Open Source Intelligence (OSINT) practitioners identified two covert aircrafts used by the German Federal Intelligence Service (BND). One of them was the Dassault Falcon 900EX with the registration number D-AZEM (Serial Number 133) which is currently available for sale (including interior photos) by the German Aero-Dienst company. The description says that it was owned/operated by a single entity and is in the VIP configuration for 19 passengers. It’s in service since Feb. 4th, 2004 with a total of 8918 flight hours and 3631 landings. Two of its most recent flights were in Paris, France on February 18, 2022 as well as in RAF Brize Norton, UK in 2021, 2017 and 2016.

39. Turkish MİT Captured Syrian Man Last March — Fate Unknown

According to ANHA, the Turkish National Intelligence Organisation (MİT) conducted a mission together with the Gendarmerie General Command in the city of Kayseri, Turkey on March 23rd which resulted in the capture of 59-year old Mustafa Hussein Jassim. The suspect was originally from the Qara Baba of Rajo district, Afrin, Syria and moved to Turkey with his family in 2015 for work. The report says that he was captured after MİT detected that he was in communication with Shahba Canton members (a political unit in Aleppo, Syria). Almost a month after his capture, his fate is still unknown.

40. Nigeria Improving its Intelligence Community Alignment

The AIT News reported that the Nigerian intelligence community identified failures in intelligence gathering and collaboration and because of that, the Defence Intelligence College organised a 4-day course in criminal and security intelligence management for security agencies. The course was held in Abuja, the capital of Nigeria, and participants included military, paramilitary, relevant Ministries’ departments/agencies and stakeholders from the private sector. The goal of the course was to enhance the “synergy among the various actors within the nation’s intelligence community.”

41. NMRN: HMS Seraph on Operation MINCEMEAT

This week the British National Museum of Royal Navy (NMRN) published a short article for the history of HMS Seraph (P219) as part of the Operation MINCEMEAT, a WWII deception operation to disguise the 1943 Allied invasion of Sicily, Italy. The post was motivated by the British film “Operation Mincemeat” that aired on April 15th and it’s inspired by Ben Macintyre’s book about this specific WWII special operation.

42. Video: U-2S Dragon Lady Spy Plane in RAF Fairford

The Charlie Golf Aviation YouTube channel published a new 9-minute long video showing a US Lockheed U-2S Dragon Lady reconnaissance plane in the British RAF Fairford. The video shows the U-2S with registration number 68–10331 (callsign DRAGON86) landing at RAF Fairford on April 13th. It took off from the Beale Air Force Base located east of Marysville, California, US.

43. New Information on the Extradited to the UK Russian Spy

Last week (story #46) David Ballantyne Smith, 57, was extradited to the UK. He is accused of being a Russian spy in the British Embassy in Berlin, Germany. This week he appeared at the Westminster Magistrates Court and his trial will start on Feb. 13th 2023. According Germany’s counter-intelligence he was “taking videos of CCTV systems, gathering intelligence on the layout of the embassy, amassing documents marked ‘secret’ and making copies with a view to them being leaked.” The espionage charges also note that he “wrote a letter to General Major Sergey Chukhurov, the military attaché at the Russian Embassy in Germany, containing details about the activities, identities, addresses and telephone numbers of various members of Her Majesty’s Civil Service.”

44. US DIA 2022 Challenges to Security in Space and China

The US Defence Intelligence Agency (DIA) published an 80-pages long assessment titled “2022 Challenges to Security in Space: Space Reliance in an Era of Competition and Expansion” which was recently referenced by Senior Pentagon Reporter, Tara Copp, in her article “DIA Warns China’s Space Tech Seeks to Block U.S. Radars, Jam Munitions” published on Defence One. The article highlights the threats of space warfare and advancements the Chinese government has been making in this space and what it means to the US military operations and capabilities.

45. Japan Announces Intelligence Gathering on Russian Naval Forces

After the Russian Ministry of Defence announce that “two navy submarines had test-fired Kalibr cruise missiles in the Sea of Japan” the Defence Minister of Japan, Nobuo Kishi, said on Friday that “We will continue to collect information and conduct vigilant monitoring with a sense of concern.”

46. Video: Recently Abandoned NATO NADGE Secret Facility

The YouTube channel Exploring the Unbeaten Path published a new 25.5-minute long video of an abandoned NATO Air Defence Ground Environment (NADGE) secret facility with a RADAR and a bunker which was deactivated in 2015 and abandoned in 2021. The Spy Collection geolocated the facility in Belgium. It was the Belgian Control & Reporting Centre which was reporting to the Combined Air Operations Centre (CAOC) in Uedem, Germany and was also responsible for surveillance of the airspace of Luxembourg.

47. Convicted Taiwanese Spy Returns from China to Taiwan After Completing His Sentence

On Friday, April 15th, Lee Ming-che returned to Taiwan after completing his 5 year prison sentence in China. Ming-che was a worker of the Democratic Progressive Party of Taiwan and an NGO and was arrested in March 2017 after crossing the Gongbei border from Macao to Zhuhai, China for endangering China’s national security. Eventually, he was sentenced to 5 years in prison by a court in Hunan province in September 2017 for efforts to subvert the state power. During his trial he confessed that he had “criticised China’s ruling Communist Party” and also that he had “shared articles and arguments promoting Taiwan’s multi-party democracy.”

48. Ukrainian CERT Reports New Cyber Espionage Activities Targeting Government Entities

On April 14th the CERT-UA published technical indicators and a summary of newly detected cyber espionage activity targeting Ukrainian government entities. Emails impersonating the Ukrainian government were sent with subject “Volodymyr Zelenskyy presented the Golden Star Orders to serve the Armed Forces of Ukraine and members of the families of the fallen Heroes of Ukraine” which if opened, it triggered a reconfiguration on the target’s email software to also forward all emails to an email address controlled by the cyber actor. CERT-UA attributed the operation to an actor dubbed as “UAC-0097” without any clear association with a specific nation-state.

49. Former FAPSI Officer Helps Russia with OSINT in Myanmar

On April 13th the Intelligence Online reported that the Head of the Russian OSINT private company Lavina Pulse together with a delegation of Russian government officials spent a few days in Myanmar to support Russia’s foreign policy. The Head of Lavina Pulse is Andrei Masalovich, retired Lieutenant-Colonel of the Federal Agency for Government Communications and Information (FAPSI), Russia’s SIGINT agency which dissolved 2003 with its responsibilities being split among the FSB, the SVR and the Spetssviaz. His company has the Avalanche system for OSINT monitoring and analytics which is used by the Russian law enforcement and intelligence agencies.

50. MSS Reveals Espionage Cases in the 7th National Security Education Day

This Friday was the 7th National Security Education Day in China and the Ministry of State Security (MSS) revealed some past espionage cases as part of the program. For example, MSS noted that in 2021 in the Guangdong province they identified a taxi driver which led in the dismantling of an anti-China propaganda group. This was done after a passenger notified the police of the taxi driver’s attempts to sell him information and promote anti-Chinese propaganda. The group was handled by a foreign agent surnamed Qian who lives abroad and was using WeChat to communicate with his agents in China. The second case was from June 2021 where a “Guangzhou resident surnamed Xu picked up a suspicious electronic device when he was fishing with friends on a reef in the South China Sea. The device, with a foreign mark on the outside, was later found that it had an information transmitting equipment inside.” Next, in August 2021 “two officials from a village near a military base in Shanwei, Guangdong, noticed two suspicious men had been photographing the village committee’s bulletin board” and one of them was arrested and charged with espionage for a foreign government. And lastly, a case from 2016 where “a Zhanjiang resident surnamed Zheng received an email from an overseas maritime data company” to recruit him to deploy equipment and spy on their behalf.

51. Podcast: Team House — JSOC Spy Erick Miyares

On April 16th the Team House published a new 3-hours long podcast episode featuring retired Sergeant Major Erick Miyares who served in several US military intelligence positions, from low-visibility operations with JTF-6 and SOT-A, all the way to the premier Tier 1 intelligence-gathering Special Mission Unit (SMU) of JSOC. Although not explicitly mentioned, this is very likely a JSOC SMU that has changed many names over the years but it’s the technical surveillance/intelligence-gathering capability of JSOC. Past names include: Intelligence Support Activity (ISA), Office of Military Support, Field Operations Group (FOG), Task Force Orange (TFO), Gray Fox and others.

52. Summary of SBU Counter-Intelligence Operations

On Friday the Ukrainian Security Service (SBU) published a summary of recently completed counter-intelligence operations. In the city of Zhytomyr SBU neutralised a group of 6 people disseminating hostile propaganda and engaging in “agitating conversations” with locals. In Kiev, SBU captured two individuals who stole cars claiming they were for use in the Ukrainian military. In the region of Volyn SBU disrupted a network selling bulletproof vests and helmets provided as humanitarian aid in the black market. And lastly, in the city of Cherkasy SBU detained a Russian informant.

53. Greek NIS Leak for the Expelled Russian Diplomats

Last week (story #48) Greece expelled 12 Russian diplomats on espionage accusations. This week, Greek media state that through intelligence officials they were given more details on the expelled Russian diplomats. The expelled diplomats were rotating every 3 years and were already marked for “suspicious activities” by the National Intelligence Service (NIS) in classified reports. One was producing and disseminating Russian propaganda, and 3 of them were regularly involved in activities in northern Greece. 2 of them had tried to recruit Greek military personnel to obtain military intelligence such as NATO and military technology related material. Since the war in Ukraine started, they engaged with 20–30 people from Greek universities and smaller news websites to promote Russian positions. Finally, the Greek authorities are investigating potential financing of specific individuals and entities by the expelled diplomats including some anti-government movements, anti-vaxxer groups and pro-Russia communities in Greece.

54. North Korean Cyber Espionage Operation on Chemical Companies

According to the Threat Hunter Team of the Symantec cyber security firm, North Korean cyber operators were observed in January 2022 continuing a cyber espionage operation, dubbed “Operation Dream Job”, that started in 2020. The operation involves North Korean cyber operators setting up fake job recruitment offerings to lure targets into visiting malicious websites or opening file attachments that install custom covert cyber espionage software implants, giving full covert control to the actors. The latest campaign is targeting organisations of the chemical sector and the motivation, according to Symantec, is “to obtain intellectual property to further North Korea’s own pursuits in this area.”

55. CIA Director William Burns First Public Speech

As it was announced by the CIA, its Director, William J. Burns gave his first ever public speech as DCI since he moved to this position in 2021. The speech took place at the Georgia Institute of Technology’s Sam Nunn School of International Affairs and it was titled “The Role of Intelligence at a Transformational Moment” focusing mainly on the developments with Russia. It’s a 58-minutes long speech available online.

56. Lithuanian VSD Warns Travellers to Belarus and Russia of Recruitment Efforts

Arvydas Anušauskas, the Minister for National Defence of Lithuania, stated that the counter-intelligence division of the State Security Department (VSD) is “recording a number of cases where attempts are being made to recruit Lithuanians going to that country or those going to Russia, to obtain additional information, and to ask very detailed questions about things that we, for our part, if it was in Lithuania, would consider espionage.” Note that on Thursday, “Belarus announced that Latvian and Lithuanian citizens would be able to come to Belarus visa-free for a month, from April 15 to 15 May 15.” The VSD warned that “the intelligence services of these countries are stepping up their effort to recruit Lithuanian citizens travelling to Russia and Belarus.”

57. US DoJ Charges 3 Russians for Foreign Influence Activities

The US Department of Justice (DoJ) released the indictment of a Russian international foreign influence operation. After an FBI Counterintelligence Division investigation it was discovered that Aleksandr Babakov, Deputy Chairman in the Russian legislature, together with his staffers Mikhail Plisyuk and Aleksandr Vorobek “orchestrated a covert Russian propaganda campaign in the U.S. in order to advance Russia’s malevolent political designs against Ukraine and other countries, including the U.S. Today’s indictment demonstrates that Russia’s illegitimate actions against Ukraine extend beyond the battlefield, as political influencers under Russia’s control allegedly plotted to steer geopolitical change in Russia’s favor through surreptitious and illegal means in the U.S. and elsewhere in the West.” The activity is from at least 2012 and continued into at least 2017 according to the DoJ, in 2017 the OFAC sanctioned the three defendants.

58. Australia Introduces New Visa Authorities to Fight Espionage

According to IT News Australia, the federal government introduced a new legislations allowing them to cancel foreign nationals’ visas in cases of “unreasonable risk of unwanted critical technology knowledge transfer.” The new legislation was announced as a measure to “protect Australia’s critical technologies.”

59. Webinar: The Danger of the Femme Fatale Narrative

On April 16th, the International Spy Museum published a new 1-hour long webinar titled “The Danger of the Femme Fatale Narrative” hosted by the museum’s Director of Adult Education, Amanda Ohlke, and presented by Sloane Huey, a Bryn Mawr School Senior on her Edith Hamilton Scholars Research Project. As the description says, it’s a presentation of a research on “the intersection of feminism and espionage against the backdrop of cultural representations and definitions of womanhood in the 20th and 21st centuries.”

60. Former BND Head Warns of Increase Russian Espionage Activity

Gerhard Schindler, the former (2011–2016) Director of Germany’s Federal Intelligence Agency (BND) said that “when armed conflicts involve economic sanctions, it is clear that intelligence is also on the rise, we have certainly not yet reached the end of this development.” He continued that the known Russian spies are just “the tip of the iceberg” and expects the espionage activity of Russia in Germany to have intensified. On the expulsions he commented that expelling known spies is not a good practice since “if we send them home now, and then new ones come, then we go back to the beginning: you don’t know if the new cultural attaché is a spy or an ordinary diplomat.”

61. Was Egyptian Writer Mustafa Amin a CIA Spy?

On April 16th, the Masrwnasha published a new article about the well-known Egyptian writer and journalist Mustafa Min (1914–1997) on whether or not he was recruited as a spy from the CIA or not.

62. NATO Extends E-3A Spy Plane’s Lifetime

NATO launched the Final Lifetime Extension Programme (FLEP) for improving and extending the operational readiness of their Boeing E-3A Sentry Airborne Early Warning & Control (AEW&C) aircrafts. The first FLEP aircraft (N-1) left its base, the NATO Airborne Early Warning & Control Force (NAEW&CW) at Geilenkirchen, Germany on April 11th and headed to the Leonardo modification facility in Tessera, Italy. The modification is expected to be completed within the next 12 months.

63. US Government Attributes $540 Million Cryptocurrency Cyber Theft to North Korea and Issues New Measures

This week it was announced that the US Treasury’s Office of Foreign Assets Control (OFAC) attributed the March cyber intrusion operation in Ronin Platform cryptocurrency provider (around $540 million stolen) to North Korean intelligence cyber operatives. The operation was executed to evade economic sanctions and fund government programs, like new weapons development. This was followed by a US State Department announcement offering a reward of up to $5 million for “information about North Korean digital operations that help keep the regime afloat and fund its weapons programs.”

64. Podcast: Q&A With Former CIA Cyber Security Officer

On April 13th the US low-attribution products for professional Open Source Intelligence (OSINT) vendor Authentic8 published a new 22-minute long episode featuring the company’s Head of Strategic Initiatives, Matt Ashburn. Prior to that, M. Ashburn worked in a variety of cyber intelligence positions in the private and public sectors including about 6 years as Cyber Security Officer at the CIA, Intelligence Analyst at the FBI and even Chief Information Security Officer and Special Advisor to the National Security Council (NSC). This episode was a live Q&A session focusing on OSINT.

65. Turkish MİT Captured Syrian Woman in Syria

On April 16th, ANHA published that 27 year old Selda Kamal Sheikho was captured by Turkish National Intelligence Organisation (MİT) operatives while she was heading from the Tal Rifaat village in al-Shahba to the city of Tabqa, and then to the city of Jarabulus in Syria in order to go to Turkey. No further details were provided on why she was captured, where she was taken or other information.

66. The 1961 Death of UN Secretary-General and Signs of Assassination

This week a news story started circulating based on an ongoing investigation and a new book on the death of United Nations (UN) Secretary-General Dag Hammarskjöld in a plane crash in Ndola, Northern Rhodesia (now Zambia) in 1961. According to the latest developments, a previously unknown top secret document was recovered from the OAS (Organisation de l’Armée Secrète), a far-right French dissident paramilitary organisation during the Algerian War, which says that Hammarskjöld was “sentenced to death” by the Specialized Administrative Sections (SAS), a French civil-military program operating in French Algeria at the time, for his actions towards Algerian independence and he must be executed “as soon as possible.” The document was from July 1961 and his plane crashed on September 18, 1961 while he was travelling to negotiate a ceasefire.

67. Increase in Intelligence Gathering and Tactical Recon by Turkish Special Services in Greek Dodecanese Islands

According to government officials, the Greek military and intelligence services are monitoring closely some people associated with a Turkish espionage network in the Dodecanese islands. The article reports that this started in 2020 but it has intensified lately. The spies are focusing on tracking movements of Greek military forces and conducting tactical reconnaissance on key facilities using ground and aerial observation methods.

68. Controversial FBI Contract with Social Media Surveillance Firm

This week it was revealed that the FBI engaged with the private intelligence firm Babel X for 5,000 software licenses with a start date of March 30th. Babel X is an AI-powered social media and open-source monitoring solution that allows for efficient searching and tracking of online activities, including “predictive analytics” that can be configured based on the customer’s needs.

69. Deception and PSYOPs by Ukrainian Forces

Ben Macintyre of The Sunday Times published a short article on some unconventional methods used by the Ukrainian military in the ongoing conflict with Russia. Those include “dummy soldiers equipped with replica rocket launchers”, painted planks to look like vehicles from overhead platforms, decoy troops and even “scarecrow soldiers armed with fake anti-tank weapon.”

70. Podcast: Everyday Spy with Former CIA Officer A. Bustamante

On April 15th, the Secrets and Spies podcast published a new over 1-hour long episode featuring Andrew Bustamante, former CIA Case Officer, discussing his experiences and his post-CIA business, the “Everyday Spy”.

71. New State-Sponsored ICS Cyber Attack/Espionage Framework

The US Cybersecurity and Infrastructure Security Agency (CISA) published a joint threat alert together with the Department of Energy (DOE), the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) about a new advanced cyber espionage/attack framework targeting critical infrastructure’s Industrial Control Systems (ICS). The analysis states that it can be used both for espionage and destructive/attack purposes. It was not attributed to any particular nation-state but the threat alert includes two technical analyses published by private companies with expertise in this domain. The first was from Dragos who codenamed this new framework as PIPEDREAM and the actor behind it as CHERNOVITE. And the second was from Mandiant who codenamed the new framework as INCONTROLLER and highlight that there are circumstantial evidence and consistency with past operations that correlate it with Russian military intelligence, but no formal attribution statement was made.

72. Iran to Exchange Convicted Spies in Return of Funds Release

On April 14th, it was announced that the Iranian government is willing to release 3 Iranian-Americans convicted and imprisoned in Iran on espionage charges in exchange of releasing the $7 billion funds frozen in South Korea due to the US sanction controls. The three prisoners are denying the charges and according to the news release, those are: Siamak Namazi, Iranian-American businessman arrested by the Iranian Islamic Revolutionary Guard Corps (IRGC) in 2015 for espionage on behalf of the US government. Then his father, Baquer Namazi who was arrested by IRGC when he travelled in 2016 to visit his son and was also convicted with the same charges. And Iranian-American (with British citizenship) businessman Morad Tahbaz who was arrested in 2019 for espionage on behalf of the US government.

73. Podcast: Intelligence Agencies Advance AI in Patches, Struggle with Big Breakthroughts

On April 14th, the Federal News Network published a new 16-minute long podcast episode hosted by Justin Doubleday, defence and cybersecurity reporter for Federal News Network. The description of the episode is that “intelligence agencies are seeing some success using automation and machine learning for narrow applications. But officials say a more “integrated” approach is needed to transform spy tradecraft using artificial intelligence.”