SPY NEWS: 2022 — Week 18

Summary of the espionage-related news stories for the Week 18 (1–7 May) of 2022.

1. Mossad Claims to Have Disrupted Assassinations by Iranian Quds Force Operative, Member of Unit 840

Following last week’s developments in Turkey with the disrupted Iranian assassination ring (see week 17 story #14), this week Israel’s Mossad claims that they have evidence that an Iranian identifying himself as Mansour Rasouli (or Rassouli), is a member of the Unit 840, part of Iran’s IRGC paramilitary force known as Quds Force, and was paid $150,000 to travel to Istanbul, Turkey and organise the assassination of “an Israeli diplomat, an American military official and a French reporter” that were related to anti-Iran activities. He claimed that he was going to receive another $1 million after the successful completion of the mission, and he was planning on using drug trafficking networks’ members to carry out the assassinations.

2. SBU Disrupted Sabotage Network Planning on Downing Commercial Airliner Over Belarus or Russia

Based on an official announcement from Ukraine’s Security Service (SBU), a sabotage group was disrupted in Ukraine. The group consisted of 2 dual (Ukrainian/Russian) citizens and their handler was Russian Armed Forces General Staff member, Alexander Tyuterev, with the cryptonym “Marine.” One of their tasks was to plan the downing of a commercial airliner over Belarus or Russia using Western MANPADS, as well as obtaining Western MANPADS and clandestinely providing them to the Russian special services. To do that, they posed as Ukrainians with insights into Chechen forces movements, trying to infiltrate the Armed Forces of Ukraine. SBU also discovered that under the instructions of Tyuterev the group “prepared and staged photos and videos about the alleged attack on the TPO checkpoint.”

3. Russian Spy Plane Violates Swedish and Danish Airspace

As it was reported, last Friday Swedish Defence Ministry detected and photographed a Russian military Antonov An-30 Clank reconnaissance aircraft “flying east of Bornholm, a Danish island in the Baltic, before it headed towards Swedish territory.” Sweden summoned the Russian ambassador to formally complain about the violation, and Denmark did the same actions on the same day.

4. Somali Court Lawsuit for NISA Human Rights Violations — Ex-Spy Chief Flees to Qatar

On week 6 (story #36) there were several reports of human rights violations by Somalia’s National Intelligence Service Agency (NISA). This week, Somalia’s Military Court almost completed the lawsuit for some of those human rights violations which were mainly targeting former NISA commander, Fahad Yasin Dahir. To evade prosecution, the article states that “Fahad, who recently changed his name into Fahad Ahmed Dahir, has covertly travelled to Doha, Qatar on a flight via Addis Ababa, Ethiopia on Saturday.” According to officials, this was expected since he’s facing up to death penalty. A Military Court official said that “we can confirm that ex-NISA commander, Fahad Yasin had left the country. We have no further details.” A lawyer working on the case said that “the charges we are filing against Mr. Fahad include the disappearance and the murder of Ikran Tahlil Farah as well as several charges related to attacks, unlawful detentions, torture and injuries against journalists and members of the opposition politicians.”

5. Podcast: Spies, Germans and Invading Malta

On May 2nd, the “We Have Ways of Making You Talk” podcast published a new 1-hour long episode titled “Spies, Germans and Invading Malta” and covering historical subjects during and after WWII. Among them, the podcast talks about “Neville Chamberlain’s unorthodox domestic espionage” and the Mussolini’s and Hitler’s secret plan to invade Malta.

6. Saudi Spy Planes Did 35 Violations of the Military Truce in Yemen

According to military officials from Yemen, despite the humanitarian and military truce between Saudi Arabia and Yemen, last week there were 124 violations of it from the Saudi government. Among them, 35 were related to illegal flights from “reconnaissance aircrafts in the airspace of the governorates of Marib, Hajjah, Al Jawf, Saada and Taiz” in Yemen.

7. Chinese Cyber Espionage Targeting Telcos in Central Asia

Sentinel Labs cyber security firm published a technical report for a previously unknown cyber espionage operation targeting the telecommunication sector in Central Asia. Among other techniques, the actor hijacked the installed security/antivirus products to covertly load the cyber espionage software implants. The operation was attributed to an actor dubbed as “MOSHEN DRAGON” who is related with the Chinese intelligence community. The researchers note that the actor was “harvesting as many credentials as possible to insure unlimited access, and focusing on data exfiltration.”

8. The Unknown WWII Spy History of Romanian Diva Maria Tănase

On May 2nd, Tylaz published an article about Maria Tănase (1913–1963), a very famous Romanian singer. She was living with Maurice Nègre, a covert French intelligence officer who was sentenced to 10 years for espionage in Bucharest, Romania and from this relationship, she also became a French spy. Later it’s said that she was also recruited by the “secret service of the German army” but she refused it. However, she was arrested as a British spy when she returned to Romania. She then started a relationship with Eugen Cristescu, Head of Romania’s Secret Intelligence Service (SSI), where she also participated in operational activities. Before her death, the Soviet Union was also interested in recruiting her as a spy via the Securitate, but she refused.

9. Podcast: The True Story of the Poison Gun and the KGB Defector

On May 2nd, the Spycraft 101 podcast published a new over an hour long episode featuring Dr. Serhii Plokhy, Professor of Ukrainian history at Harvard University, Director of the Harvard Ukrainian Research Institute, and author of “The Man with the Poison Gun”. The podcast is about the history of Soviet spy Bogdan Stashynsky and a special poison gun he used for the assassination of Ukrainian politician, Nazi collaborator and theorist of the militant wing of the far-right Organisation of Ukrainian Nationalists (OUN), Stepan Bandera.

10. CIA Advertises Darkweb Website to Evade Russian Controls

In an effort to get informants and potential agents inside Russia via online means, starting on Monday, the CIA started advertising a darkweb (Tor) service to contact the Agency. The darkweb service bypasses the censorship and monitoring controls that the Russian government has deployed on domestic internet communications. CIA’s social media such as Facebook provided guides in English and Russian on how to connect to the darkweb/Tor and send information to the CIA without getting detected by Russia’s internet monitoring apparatus. Russian government later announced that anyone communicating to the CIA via this would be charged for treason, and that this is a clear case of “internal affairs interference” by the United States.

11. Israeli Shin Bet Disrupts Iranian Online HUMINT Operation

Israel’s domestic intelligence service, the Shin Bet, announced on May 2nd that they uncovered an Iranian espionage operative who used social media to identify and “recruit Israeli civilians for spy missions and to prepare attacks on targets in Israel.” The operative used a Facebook profile with the name “Sara Puppi” pretending to be “a young Jewish woman with personal and business ties to Israel.” Shin Bet found that “after making contact with would-be recruits, the operatives managing the profile moved the conversation to WhatsApp.” The article says “the Iranian handler sent bitcoin currency and claimed the attacks were for revenge against people who owed him money, people in conflict with him, and a general desire to attack gay and lesbian individuals. The operative also attempted to advertise statements that would harm Russian-Israeli relations, the investigation found, while gathering information on Arab diplomats and Arab companies working in Israel.”

12. Podcast: Janes — Coming of Age for OSINT Technology

On May 3rd, Janes published a new 39-minute long podcast episode in The World of Intelligence series. As per the description, the episode features “Emily Harding, Deputy Director and Senior Fellow, International Security Program at the Center for Strategic and International Studies (CSIS) around the latest technology in OSINT, in particular we cover the recent report “Move Over JARVIS, Meet OSCAR: Open-Source, Cloud-Based, AI-Enabled Reporting for the Intelligence Community”.”

13. Spanish Prime Minister’s and Defence Minister’s Phones Compromised with Pegasus

The government of Spain is investigating who was behind a cyber espionage case that was recently discovered in Spain. Specifically, in May 2021 the mobile phone of Spain’s Prime Minister Pedro Sánchez was compromised with the covert cyber espionage suite Pegasus (developed and sold by the Israeli NSO Group), and a month later, in June 2021, the mobile phone of Spain’s Minister of Defence, Margarita Robles, was also compromised using Pegasus. Note that on week 16 (story #9) it was uncovered that the Spanish National Intelligence Centre (CNI) had used Pegasus to spy on Catalan officials, and on week 17 (story #28) it was revealed that CNI also used Pegasus to spy on Swiss politicians.

14. Corruption in Turkish Government Involving COMSEC Mobile Devices Given and Used for Contacting Organised Crime Members

On April 2nd, investigative journalist Abdullah Bozkurt published an article. including previously classified documents, indicating that secure mobile phones developed by Turkey’s Scientific and Technical Research Council of Turkey (TÜBİTAK) — an organisation similar to the US NSA when it comes to Communications Security (COMSEC) — for classified government officials, were given to international criminals who were discussing criminal activities with government officials. Many of them were marked for wiretapping in relation to criminal activities. As per the article, “the report made clear that the second-generation secure phones that were flagged were used by Erdoğan personally and several of his inner circle including chief advisor Sefer Turan, a suspect in a Quds Force terrorism investigation. The phone calls of intelligence chief Hakan Fidan and some of his agents, also suspected of involvement in criminal acts by Turkish prosecutors, were also intercepted. Other people whose phones were also flagged included then-Foreign Minister Ahmet Davutoğlu, economy czar Ali Babacan, Prime Ministry Undersecretary and top bureaucrat Efgan Ala, Economy Minister Zafer Çağlayan, who was indicted in the US in a sanctions-busting scheme involving Iran, Deputy Prime Minister Beşir Atalay, a known pro-Iranian operative, and many others.”

15. Former Saudi Spy Chief Reports Lack of US Support

Saudi Prince Turki al-Faisal, former Head of the Saudi Public Intelligence Department, stated that the “relations between Saudi Arabia and the US have plummeted since Biden took power.” Apart from the revelations of the human rights abuses by Saudi Arabia, the US also ended its support to Saudi Arabia’s ongoing conflict with Yemen.

16. How Khrushchev Tricked the US Into Admitting Spying Activity

On May 1st, Ilya Mokhov published an article discussing how in 1960 Soviet Union’s Premier Nikita Khrushchev tricked the US into admitting it was indeed a CIA clandestine U-2 aerial reconnaissance operation, and not a scientific flight as initially portrayed. This was done by controlled leaks, initially stating it was just the downing of a foreign plane, then the revelation that they had detained the pilot who confessed was a CIA operative, and then releasing photos of the spy equipment. Additionally, the article claims that the pilot’s guidance was to commit suicide and this is why U-2 was “rigged” with explosives and the pilot had a concealed cyanide ampoule sewn in his suit.

17. Podcast: SpyCast — CIA Case Office Mike Susong (part 2)

This is the second part of the International Spy Museum’s SpyCast podcast that started last week (story #34). The episode features W. Michael Susong who was a CIA Case Officer (1990–2001) before moving to the private intelligence sector in companies including Fujitsu, Visa, ASIS International and more. The podcast’s intelligence learnings were: 1) Applying aspects of Mike’s training to the private sector using “competitive intelligence” 2) Mike’s role co-founding a pioneering company in the field of Cyber Threat Intelligence (CTI) 3) The role of technology in enabling and constraining espionage, and 4) What drew Mike to an annual free-thinking social experiment in the desert.

18. Summary of Completed SBU Counter-Intelligence Operations

On May 3rd, Ukraine’s Security Service (SBU) published a summary of recently completed counter-intelligence operations. Those were: 1) In Kiev SBU detained a Russian agent passing information about the deployment of reserve units to his handler. 2) SBU arrested a Russian collaborator in Kiev for providing coordinates for artillery strikes. 3) SBU detained 3 more Russian agents in Kiev for occupying a village, recruiting 2 residents of Brovary district and killing 2 citizens of the Velyka Dymerka village. 4) In the city of Lviv, SBU detained a Russian agent for espionage activities, and 5) In the area of Nikolaev, SBU uncovered that the Deputy Chairman of the Bashtansky Regional Council was recruited by Russia and covertly supported Russia, including the dissemination of fabricated stories and propaganda.

19. New Chinese Cyber Espionage — Operation CUCKOOBEES

On May 4th cyber security firm Cyber Reason published an article summarising a previously unknown cyber espionage operation, active since at least 2019, which they dubbed as “Operation CUCKOOBEES.” The Chinese operators were “targeting technology and manufacturing companies in North America, Europe, and Asia” for industrial/economic espionage and used a variety of evasive and advanced infiltration techniques. The activity was attributed with a “moderate-to-high degree of confidence” to an actor dubbed as “WINNTI” who has been previously associated with the Chinese Chengdu State Security Bureau of the Ministry of State Security (MSS), China’s main foreign intelligence service. Cyber Reason published two additional articles covering the custom software implant used as well as the evasive techniques employed by the Chinese actor.

20. Iran Announces Execution Day for Convicted Israeli Spy

Iran’s ISNA news agency announced that Swedish-Iranian national Ahmadreza Djalali will be executed on May 21st. He was arrested in April 2016 for allegedly acting as an Israeli Mossad agent in a plot to locate and enable the assassination of an Iranian nuclear scientist. The defendant claimed that he was a disaster medicine doctor and academic researcher, but a year later, in 2017, he was sentenced to death by Iran’s Supreme Court.

21. NATO History Declassifies 80s Espionage Awareness Film

On May 4th, NATO declassified a 9-minute long awareness film titled “Something of Value — Espionage at NATO” which was produced in 1979–1980 for training purposes. As per the description, it was created at the request of the “NATO Security Committee with the help of the Information Service, and was made by Vision Associates Inc.”

22. Suspicions of Covert Action Over Deaths of 7 Russian Oligarchs

The New York Post, The Mirror, CNN and other media outlets published stories summarising a series of suspicious deaths of Russian oligarchs who were, until recently, very close to Russian President Vladimir Putin. The articles point to potential GRU or FSB covert action to eliminate influential individuals that betrayed their clandestine relationship with the Russian government and special services. The 7 oligarchs mentioned died (or were killed) in the last couple of months in suspicious ways, not matching their lifestyle and situation. Those deaths included suspicious suicides and poisonings that took place in Spain, Russia and England.

23. Former Russian Police Officer Convicted as SBU Agent

On May 3rd it was announced that former Russian Police Lieutenant Colonel Dmitry Borzenkov was convicted of espionage on behalf of Ukraine’s Security Service (SBU) and sentenced to 13 years in prison and a fine of ₽200,000. Borzenkov was working in law enforcement since 1998 and FSB detained him in the summer of 2020, while working as the Head of Police Department №3 in the city of Shakhty. He initially pleaded not guilty, but the court assessed that evidence indicate that he was “collecting and transferring secret information to one of the units of Ukraine’s Security Service.”

24. Podcast: Three New Episodes by “Spies Like Us” Series

This week the Spies Like Us published three new episodes. The first is a 25.5-minute long episode featuring Wall Street Journal’s National-security reporter Warren Strobel on the subject of why “technology is a blessing and a curse to spycraft, and how intelligence agencies like the CIA are adapting.” The second episode is 34.5-minutes long featuring Poo Powell about her team at a non-profit organisation, SOSA (Safe from Online Sex Abuse), and how they perform undercover operations in collaboration with law enforcement agencies to identify and stop those predators. The third episode was 56.5-minutes long and featured Danish national Ulrich “the Mole” Larsen who infiltrated North Korea and managed to uncover the government-backed black market. The hosts of the podcast were former CIA Counter-Terrorism Officer Brandon Blackburn, and Mubin Shaikh, former undercover operative who had infiltrated terrorist organisations for his country.

25. Greece Drops 38 Positions in the Freedom of Press After Journalist Assassination and Domestic NIS Surveillance

According to the World Press Freedom report, Greece has dropped from the 70th position to the 108th in 2022 for freedom of the press. This came as a result of last year assassination of an investigative journalist which is still unsolved, cases of intimidation and bribing, as well as the revelation that under Prime Minister Kyriakos Mitsotakis’ orders, the National Intelligence Service (NIS) was spying on journalists (see week 17 story #16).

26. South Korea’s Spy Agency Joins NATO Cyber Defence Group

The Yonhap News Agency reported that on Thursday South Korea’s National Intelligence Service (NIS) was formally admitted to join NATO’s Cooperative Cyber Defense Centre of Excellence (CCDCOE) based in Tallinn, Estonia.

27. CIA Director Met Secretly with Saudi Crown Prince

According to Business Insider, in an attempt to recover the damaged relationship between the US and Saudi Arabia (see for example story #15), CIA Director William Burns travelled secretly last month to Saudi Arabia to meet Crown Prince Mohammed bin Salman. An anonymous US official said to the news agency that it was “a good conversation” with a “better tone than prior US government engagements.” CIA refused to comment.

28. German Fighter Jets Intercepted Russian Spy Plane

Following the incident in Denmark and Sweden (see story #3), a Russian reconnaissance Ilyushin IL-20 (Coot-A) aircraft was intercepted in the international airspace off the German Baltic Sea island of Rügen. NATO’s Quick Reaction Alert (QRA) was enabled and two German Eurofighter jets from the Laage Air Base in Germany intercepted it and escorted it.

29. Threat of Espionage in Norway Greater Than Before

On May 5th, the Norwegian government announced that, starting on May 8, all “Russian vessels are banned from calling at Norwegian ports.” Following this, the Police Security Service (PST) issued a warning that “ the threat of espionage in Norway is greater now than before the invasion.”

30. New Cyber Espionage Impersonating Venezuela’s MoD

Cyber threat intelligence researchers released technical indicators of a previously unknown cyber espionage operation impersonating an announcement from the Venezuelan Ministry of Defence. If opened, the document covertly installs a custom cyber espionage software implant. The operation has been attributed to an actor dubbed as “EL MACHETE” or “APT-C-43” and is linked with a Latin American country’s intelligence services.

31. Chinese Scientist Charged with Industrial Espionage

On May 2nd, the US Department of Justice made a press release for the case of Gongda Xue, 52, formerly a resident of Allschwil, Switzerland, a legal permanent resident of Switzerland and citizen of China. In the period from January 2010 to January 2016 he participated in “a conspiracy to steal trade secrets from Glaxo Smith Kline (GSK) pertaining to biopharmaceutical products under development.” He colluded with his sister, Yu Xue, who was working at GSK to steal “research relating to GSK’s anti-cancer drugs under development.” Gongda Xue, at that time, was working “as a scientist at the Friedrich Miescher Institute for Biomedical Research (“FMI”) in Switzerland, which is affiliated with Novartis.” FBI arrested his sister and another GSK employee, Lucy Xi, in 2016 and both pleaded guilty.

32. Webinar: The Japanese "Green" Crypto Machine

On May 7th, The National Museum of Computing (TNMOC) of the UK, published a 49-minute long webinar titled “the Japanese “Green” Crypto machine; a tentative reconstruction” and presented by Jerry McCarthy, retired cryptography software engineer, researcher and volunteer at the TNMOC. As per the description, “the talk will start with a brief description of the German 3-rotor Enigma then move on to a Japanese designed machine, designated as “GREEN”, which has some similarities to Enigma but also some major differences. An introduction to Japanese writing systems will also be included in this talk.”

33. Poland Reported Targeted Russian Information Operations

On May 6th, the Polish government published an article summarising a series of recent information operations executed by Russian special services to influence the public opinion on the ongoing war in Ukraine. A spokesperson for the Minister of Special Services of Poland said that “various threads used to denigrate Poland suggest that we are dealing with a coordinated campaign against the Republic of Poland, which has direct ties to Russia’s war against Ukraine.”

34. ManTech Developed Foreign Influence Tracking Solution for NGA

As it was published this week, private defence contractor ManTech “built a model that utilizes open-source intelligence to estimate the level of international influence in any nation in the globe” in reaction to interest demonstrated by the US National Geospatial-intelligence Agency (NGA). According to the public statement, the primary source was the “Global Database of Events, Language, and Tone (GDELT database). The Google-hosted GDELT Project monitors news from around the world in more than 100 languages, detecting people, places, numbers, quotes, organizations, topics, sources, emotions, photographs, and events.” ManTech dubbed this solution as “Project Syracuse,” named after Archimedes of Syracuse, a Greek mathematician.

35. Google TAG Update on Cyber Operations in Eastern Europe

On May 3rd, the Google Threat Analysis Group (TAG) published an article summarising the recently observed cyber operations in Eastern Europe themed after the war in Ukraine. Google TAG shared details of recent cyber espionage operations from Russia’s GRU, FSB, the Belarusian Ministry of Defence, as well as China’s PLA Strategic Support Force.

36. Suspicions of Moroccan Intelligence Services Behind Spanish Espionage

According to media, the ongoing espionage scandal in Spain and Catalonia (see story #13) has a new development with local newspapers and the “Podemos” political party of Spain suggesting that the operator of Pegasus was likely the Moroccan intelligence services. According to the news reports, this could be related to the Spanish decisions on the Western Sahara conflict.

37. Russian SVR Releases “Nuclear Shield” Video

On May 5th, Russia’s Foreign Intelligence Service (SVR) made a post for the publication of the recording of the “Nuclear Shield of the Country” show. That is a 57-minute long video recording of the premiere performance from the Moscow Palace of Pioneers. The performance is inspired by the history of intelligence services of the country.

38. Podcast: Team House — Legendary CIA Paramilitary Officer Jan “Dutch” Wierenga

This week, the Team House published a new over 2.5 hours long episode about one of the most legendary Paramilitary Operations Officers in the history of the CIA, Master Sergeant Jan W. “Dutch” Wierenga (1936–2022), who served for 60 years in numerous units of the US government. After his death, Kim Kipling, also retired CIA Paramilitary Operations Officer and friend of Dutch, published his biography and is the one presenting his story in this podcast episode.

39. New AFCEA SIGNAL Magazine Issue — May 2022

The Armed Forces Communications and Electronics Association (AFCEA) released its May 2022 issue featuring articles on Artificial Intelligence for monitoring internet behaviours, IARPA’s projects, the war in Ukraine, technological developments in special operations, and more.

40. GRU Cyber Espionage Operation Targeting Ukraine

The national CERT of Ukraine disclosed technical indicators of a cyber espionage operation attributed to Russia’s military intelligence (GRU). It was delivered through emails impersonating data breach notifications by CERT-UA which, if opened, would covertly install a tailored cyber espionage software implant.

41. US Deploys ARES Spy Plane in the Indo-Pacific Command’s Area

According to YNA, the US military deployed its Airborne Reconnaissance and Electronic Warfare System (ARES) reconnaissance aircraft to the area of operations of the Indo-Pacific Command (USINDOPACOM), likely in South Korea. The article notes that “the deployment comes amid the U.S.’ efforts to reinforce defense amid China’s growing assertiveness and North Korea’s provocative tendencies.” Luke Savoie, President of the ISR Sector of L3 Harris Technologies said that “our team rapidly responded to Army’s need for a full-spectrum SIGINT solution by upgrading, certifying and fielding the enhanced ARES platform in approximately seven month.”

42. Potential Sabotage Operations Occurring inside Russia

Following week 17’s story #57, story #12 and story #38, this week Intel News published a short article on the increased incidents with fires, explosions and similar events in Russia’s critical infrastructure and government facilities, raising more suspicions over coordinated, government-backed sabotage operations inside Russia. No official information exists on whether those are accidents, sabotage by disgruntled insiders or foreign sabotage clandestine activities yet.

43. DPR MGB Detains Second OSCE Employee on Espionage Charges

On week 16 (story #73) an Organisation for Security and Co-operation in Europe (OSCE) employee was detained in Luhansk and confessed that he was covertly collecting intelligence. This week, the Ministry of State Security (MGB) of the, not recognised by most countries, Donetsk People’s Republic (DPR) announced the detainment of a second OSCE employee, Vadim Nikolaevich Golda, born in 1967. The report says that under the orders of OSCE Security Officer Aman Akhmedzyanov and a foreign intelligence agency, V. Golda was collecting and transmitting information relating to the location of DPR forces as well as details of DPR facilities, including the defence ones. He is now facing espionage charges.

44. Podcast: SpyScape ‘s True Spies — Hidden Hand

On May 5th, SpyScape’s True Spies series published a new 37-minute long episode titled “Hidden Hand: Honduran Army Major Alex supplies and trains the Contra guerillas — except the ‘Major’ is Ric Prado, CIA.” The podcast features CIA Paramilitary Officer Ric Prado telling his story about this particular CIA paramilitary operation in Latin America.

45. North Carolina Man Sentenced for Industrial Espionage

The US Department of Justice issued a press release for Craig German, 60, who was sentenced to additional 20 months in prison for “Perjury and False Statements to a Government Agency.” He was originally sentenced to 70 months in prison after pleading guilty of “engaging in illegal and deceptive practices to steal information from private businesses.” Specifically, “German, Gilbert Basaldua, 63, of Hilton Head, S.C., and others were indicted in May 2019 to charges that they conspired to steal proprietary information from aircraft companies for which they worked inside and outside the Southern District, and then used that information to speed the design and regulatory review process for a competing aircraft company.”

46. Italian Authorities Investigate Covert Iranian Arms Trafficking

A large investigation has opened in Italy over the discovery of the covert trafficking of weapons costing €300 million from Italy to Iran. There are 14 people involved in the case, including some from the Italian and Iranian intelligence services. For example, in October 2020 the son of a former Iranian ambassador to Italy was shot near Rome, Italy. Allegedly, he was the middleman for the sale of dual purpose drones to the Iranian government and was also an agent of the Italian intelligence services. The article gives another example with “Danial Kassrae, who was accused of espionage, expelled from Albania and flown to Italy in the summer of 2020. He was believed to be working for MOIS, Tehran’s intelligence agency, and reportedly attempted to infiltrate and recruit Iranian-Albanian MEK members — the biggest Iranian political opposition group.”

47. FSB Celebrates its 100th Anniversary for Counter-Intelligence

On May 6th, the Russian Federal Security Service (FSB) made a public announcement for the celebration of the 100th anniversary of Counter-Intelligence (CI) units in domestic intelligence services. As per the post, the first such unit was established in May 6, 1922 in State Political Directorate (GPU) of the Russian Soviet Federative Socialist Republic (RSFSR). It was named the Counter-Intelligence Department (KRO) and was under the Secret Operational Directorate (SOU) of GPU. It was headed by Artur Khristianovich Artuzov (Frauchi). The post goes through all the history from there and until today’s CI units of the FSB. As part of that, the FSB also declassified documents from the WWII Red Army’s CI unit known as SMERSH.

48. Podcast: International Spy Museum’s Virtual Chat

On this episode of International Spy Museum’s Virtual Chat, the Museum’s Executive Director, Chris Costa was joined by Gerald P. Hamilton, former Senior Intelligence Service Officer with the Directorate of Operations of the Central Intelligence Agency (CIA). As per the description, “Hamilton served with the CIA for 35 years in numerous senior management positions. The majority of his career was devoted to overseas duty, primarily in Latin America, the Caribbean, Africa, South Asia and Europe. He is a recipient of the Distinguished Career Intelligence Medal, the National Clandestine Service Career Medal, and two Donovan Awards for Exceptional Performance.”

49. Update from Ukraine’s SBU on Counter-Intelligence Operations

Ukraine’s Security Service (SBU) published another update of recently completed counter-intelligence operations. Those were: 1) SBU detained the leaders of the Medvedchuk’s Ukrainian Choice political party for preparing to overthrow the government of Ukraine in coordinating with Russian special services. 2) In Luhansk, SBU exposed that the head of one of the Stanychno-Luhansk military-civil administration was operating under Russian instructions. 3) In the region of Poltava, SBU detained the Deputy Head of the Customs Post for requiring bribes for the “unimpeded registration of manufactured goods.”

50. Who is Nikolai Patrushev, ex-KGB Executive to Take Control in Putin’s Absence

The Times Now published a short article about Nikolai Patrushev who is considered as a temporary replacement of Russian President Vladimir Putin. He was born in 1951, joined the KGB and after the collapse of the Soviet Union he became the Head of the Directorate of Internal Security of the FSK (the predecessor of the FSB), in Moscow. He then became Deputy Chief, and then Director, of FSB’s Organisation and Inspection Department. Since 2008 he is the Secretary of the Security Council of Russia.

51. Lithuanian Court Upheld Sentence of Convicted Russian Spy

On May 6th, the Court of Appeal of Lithuania upheld the sentence of 6 years in prison for Algirdas Paleckis. According to the court, he was collecting information about “the judges, prosecutors, Lithuanian specialists who investigated the case on the events of January 13, 1991” and tried “to resume the activities of the party registered in Lithuania — the Lithuanian People’s Party (LNP) — and on September 23, 2011, on the basis of an agreement between the LNP and the Russian United Russia party, to receive financial support from the Russian party support for the political activities of the LNP and the Union of Russians in Lithuania.” He did that in collaboration with Russian intelligence services but in his appeal hearing he claimed it was part of his journalism investigation, not espionage related.

52. Bulgarian Military Historian Presents the “Great Spy”

On May 5th, Bulgarian Associate Professor Dr. Petar Nenkov presented his latest book to servicemen from the 61st Stryamska Mechanized Brigade at the Military Club of Karlovo. His book is titled “Теофан Райнов — един живот като легенда” (Teofan Raynov — A Life as a Legend), and talks about T. Raynov (1837–1910), a Bulgarian politician and public figure who penetrated the Turkish intelligence service and operated as a double agent. He later became the District Governor of Karlovo and later, Deputy Mayor of Sofia. He died in 1910 in Karlovo and is considered one of the most heroic figures in Bulgarian intelligence history, referenced as the “great spy.”

53. South Korean NIS Warns of Upcoming Nuclear Test by DPRK

On May 7th, South Korea’s National Intelligence Service (NIS) noted that North Korea is planning a nuclear missile test this month using small warheads. The article also highlights that “on Friday, the U.S. State Department said the North is preparing its Punggye-ri test site and could be ready to conduct a test there as early as this month.”

54. Video: Former DGSE Officer on Potential Use of Chemical Weapons by Russia in Ukraine

On May 3rd, former French DGSE Case Officer, Olivier Mas (codenamed Beryl 614) who served 4 years in the 1st Marine Infantry Paratroopers Regiment (1st PRIMa) and 15 years at the DGSE, published a 9-minutes long video on his assessment on the potential implications if Russia uses chemical weapons in Ukraine. He points out examples of Russian use of chemical weapons, and notes that after the use of chemical weapons in Syria DGSE developed a dedicated unit specifically for this threat, which among others, collects samples and can forensically prove if such weapons were used. He then said that people can be assured that French military and government have prepared response plans in case they have evidence for the use of chemical weapons. He notes that Russia knows that use of such a weapon will result in escalations, including economic and military responses. He concludes saying how in 2013, after the use of chemical weapons in Syria, both US and UK stepped back on their announced responses leaving France as the only military executing the agreed military retaliation missions.

55. Espionage in the Muslim Brotherhood in Egypt

According to reports by Al Ain, under the direct orders of Khairat el-Shater, Egyptian businessman and leader of the Muslim Brotherhood, people were placed or even recruited in Islamic communities to monitor their activities. This included both affiliated groups as well as rival groups. The article then expands on how the founder of the Muslim Brotherhood, Hassan al-Banna (1906–1949) was known for using and promoting those approaches, including spying on high-ranking political officials.

56. Ukrainian DBR Detains Russian Covert Operative in Zaporizhzhia

On the 6th of May Ukraine’s State Bureau of Investigation (DBR) announced the detainment of a Russian Air Force pilot who was detained in collaboration with the SBU in the city of Zaporizhzhia. The pilot entered Ukraine on February 8, 2022 to visit his family but quickly after the Russian invasion he disappeared and was introducing himself as a civil aviation pensioner. According to SBU he was an advance-force covert operative placed to conduct sabotage and reconnaissance activities to support Russian military objectives of strategic importance. He was monitoring the territorial defences, creating accurate data on their movements, locations, checkpoints and deployments.

57. Spy Way of Life: King David Hotel

Following the weekly Spy Way of Life series of Intelligence Online, this week the site is King David Hotel in Jerusalem. Intelligence Online notes that it is “a popular spot for numerous foreign spies. They prefer to deal with their sources in this sumptuous setting, under the watchful eye of the hotel’s staff who keep one ear tuned to the covert discussions taking place around the piano bar.” The hotel is near the French Consulate and as per the article “the hotel’s premises are buzzing with members of the Israeli intelligence services, especially from Mossad and Shin Bet. The latter group are also in charge, in liaison with the head of foreign delegations Jeremy Sheldon, of securing the arrival of foreign statesmen that the hotel hosts in Israel’s name.”

58. Yemen Reports Downing of Second Spy Saudi Drone

After the earlier report (see story #6), on Wednesday Houthi military spokesman Yahya Saree announced the downing of a “Saudi armed spy plane” over the Hajjah Governorate in Yemen. This was a Chinese CH-4 Unmanned Aerial Vehicle (UAV) manufactured by the China Aerospace Science and Technology Corporation (CASC). They noted that they have evidence the downed CH-4 belongs to the Saudi Air Force.

59. CSIS Releases 2021 Public Report

On Friday, the Canadian Security Intelligence Service (CSIS) released the CSIS Public Report 2021. It’s a 48-pages long report discussing the threats that Canada faces.

60. SVR Cyber Espionage Targeting Diplomatic Missions

Cyber security and intelligence firm Mandiant published a technical analysis of a new cyber espionage operation by the Russian Foreign Intelligence Service (SVR) targeting “diplomatic organizations in Europe, the Americas, and Asia.” The analysis is focused around a particular advanced cyber espionage operation targeting a diplomatic entity. The screenshot shown was an email impersonating a notification for the closure of the Embassy of Turkey due to COVID-19 incidents. This was the initial infiltration vector.

61. Media Report US Intelligence-Led Operations for Targeted Killings of Russian Generals — Former DGSE Case Officer Comments

On May 5th, Finnish reports, quoting various open sources, that the 12 Russian Armed Forces Generals that have been killed so far in Ukraine were targeted through US intelligence-led operations. Specifically, the US intelligence community has been using SIGINT methods to locate them, track them, and then pass the targeting packages to Ukrainian special services to do the kinetic portion of the mission. Former DGSE Case Officer Olivier Mas released a 7-minute long video commenting on the news. He said that it could be a controlled leak to increase the pressure on Russia, and that the US intelligence community has a lot of experience on identifying and eliminating High Value Targets (HVT) from the Global War On Terror (GWOT) and the same methods could be applied to target Russian Generals.

62. North Korea’s Cyber Espionage Tradecraft via Social Media

Cyber security firm NCC Group published a short article on how North Korean cyber operators have been using a combination of social media networks and social engineering techniques in their latest cyber espionage operations.

63. Video: Cellebrite — Modernising Investigations

On May 3rd, the Israeli Cellular Exploitation (CELLEX) vendor Cellebrite released its first episode of the series “Modernising Investigations.” The first episode is 26-minutes long, it is titled “Why Closing the Public Safety Gap is of Paramount Importance” and it is presented by Cellebrite’s CMO, Mark Gambill together with Cellebrite’s Strategic Advisor, Todd Adams. The topics covered are: 1) Exploding Volume of Digital Evidence and Amount of Devices to Examine 2) Expanding Scale and Complexity of Cases, more complex to manage and gain actionable insights from digital evidence 3) Increasing Technical and Digital Sophistication of Criminals 4) Expanding Public Scrutiny, and 5) Law Enforcement Budget Allocation.

64. Indian ULFA-I Executes 2 Cadres for Espionage

On May 7th it was announced that the United Liberation Front of Asom-Independent (ULFA-I), an armed separatist organisation operating in the Northeast Indian state of Assam, executed two of its new recruits, Dhanjit Das of Barpeta and Sanjib Sarma of Baihata Chairali. According to ULFA-I they were recruited by the Assam Police to infiltrate the ULFA-I and pass information about the organisation and its supporters so that the police can prosecute them. They confessed that they were paid to join ULFA-I and conduct those espionage activities.

65. CIA Paying Agents with Sears Products in the Vietnam War

The SOFREP website published a historical article on how CIA officer Jon Wiant came up with a concept of paying Vietnamese agents working for the CIA with products from the Sears catalogue. This was done to evade the counter-intelligence activities that were able to quickly pick up other forms of compensation that the CIA was using until then.

66. Chinese Cyber Espionage Operations Targeting EU and Russia

The Cisco TALOS cyber threat intelligence firm published a technical analysis of a series of Chinese cyber espionage operations they have observed starting in February 2022 targeting European entities, including Russian organisations, in order to collect intelligence relating to the war in Ukraine.

67. IED Found in Russian Media Agency in Germany; German Intelligence Warns of Issues on May 9th

An Improvised Explosive Device (IED) was detected and destroyed at a building housing Russian news agency Ria Novosti in Berlin, Germany. It is not currently known who placed it, but German intelligence agency warns that on the Victory Day (9 May) pro-Russia groups might perform activities on Russian soil which could result in clashes with opposing groups.

68. Wanted Indian Intelligence Officer Changed His Appearance to Evade Arrest for Sexual Assault on Minor

According to The New Indian Express, Kailash Kumar Lal Das, 60, an Assistant Central Intelligence Officer (ACIO-Grade II) was wanted for raping his friend’s minor daughter. After 2 months of pursuit by the Delhi Police department he was arrested on May 7th. According to police officials, “he lived like a vagabond in Chhatarpur temple during Navratri and as a patient in the Safdarjung Hospital to hide himself from police. […] Das did not rent any hotel or guesthouse for stay and used to keep his clothes in a bag.”

69. CIA Director Comments on Chinese Calculations on Taiwan

CIA Director William Burns spoke at a Financial Times event in Washington where he said that “Chinese government leadership has been struck by Ukraine’s fierce resistance to Russia’s invasion and by the economic costs Russia is bearing.” He highlighted that China is “closely monitoring Russia’s conflict in Ukraine and that it is affecting China’s calculations over Taiwan.”

70. New Indian Cyber Espionage Operations Uncovered

This week the Shadow Chaser Group of the GcowSec team uncovered two cyber espionage operations by an actor dubbed as “DONOT” who has been previously associated with the Indian nation-state. The first case was a fake Android mobile application named “My Collage Modelling Competition Album” which was hiding a cyber espionage software implant. And the second was a lure document pretending to be a Microsoft Word protected document titled “Scan Copy.doc” which, if enabled, it would covertly install a custom cyber espionage software implant. It is not known who were the targets of the operations identified.

71. SVR Publishes Video for the 77th Anniversary of the Victory Day

On May 6th, the Director of the Russian Foreign Intelligence Service (SVR), Sergey Naryshkin, released an 8-minutes long video celebrating the upcoming 77th Anniversary of the Victor Day (the fall of the Nazi Germany in WWII) from the, as Russia calls it, Great Patriotic War.

72. The Increased Adoption of WAMI ISR Technologies in Ukraine

The Economist published an article on the increased adoption of the Wide-Area Motion Imagery (WAMI) sensors that are deployed in Ukraine via unmanned aerial platforms designed for Intelligence, Surveillance and Reconnaissance (ISR) missions. The WAMI sensors fly continuously, capturing a wide area from high altitude and store the entire session, allowing intelligence analysts to go back in time and see what happened in the near past. The US military was using those when an IED was exploding in Iraq, to go back in time and see who placed it there, then track them and finish them.

73. Podcast: Combat Story — Lessons from a Delta Force Commander from Afghanistan to Panama

On May 7th, the Combat Story podcast published a new nearly 2-hours long episode featuring retired Delta Force Commander and operator, Pete Blaber. He served in Iraq, Afghanistan, Bosnia, Somalia, Colombia and Panama and has contributed in numerous clandestine operations along with US and allied intelligence agencies. This podcast is covering his life, how the became part of the most elite US Army unit and some notable missions he was involved with.

74. Previously Unknown Cyber Espionage Actor, Likely from Russia, Revealed

Cyber security and intelligence firm Mandiant published a technical blog post summarising a new cyber actor they dubbed as “UNC3524” who “heavily targets the emails of employees that focus on corporate development, mergers and acquisitions, and large corporate transactions.” Although Mandiant found similarities between this previously unknown actor and Russia’s GRU and SVR cyber operators, they conclude that “at the time of writing, Mandiant cannot conclusively link UNC3524 to an existing group.”

75. India’s Border Security Chased Away Pakistani Spy Drone

On May 7th, it was reported that India’s Border Security Force (BSF) chased away a Pakistani reconnaissance drone near the city of Jammu. No further details were released.