SPY NEWS: 2022 — Week 29

Summary of the espionage-related news stories for the Week 29 (July 17–23) of 2022.

1. Ukrainian President Fires SBU Chief and Prosecutor General Over Accusations of Several Russian Penetrations Among Staff

On week 25 (story #68) it was reported that Ivan Bakanov, the Head of the Security Service (SBU) and personal friend of Ukrainian President Volodymyr Zelenskiy, was not as effective and there were rumours of being, himself, a Russian agent. This week it was officially announced that Ivan Bakanov as well as Prosecutor General Iryna Venediktova were removed from their positions. Ukrainian President said that “651 cases of alleged treason and collaboration had been opened against prosecutorial and law enforcement officials, and that more than 60 officials from Bakanov and Venediktova’s agencies were now working against Ukraine in Russian-occupied territories.” The SBU also issued a press release by I. Bakanov stating, among others, that “yes, not everything that was planned was completed. There were also miscalculations, the reasons for which should be analysed separately. At the same time, it is worth remembering that it is difficult in a few years to change a system that has been under the influence of a strong and insidious enemy with unlimited resources for decades.”

2. South Korean NIS Searched Amid Squabbling Over North Korean Cases

Following the recent (week 28 story #4 and week 29 stories #30 and #77) now the South Korean National Intelligence Service (NIS) faces more challenges. As per the article, “South Korean prosecutors raided the country’s main spy agency Wednesday in an investigation into two past North Korea-related incidents that drew criticism that the previous liberal government ignored basic human rights to improve ties with the North.” Those cases are “North Korea’s fatal shooting of a South Korean fisheries official near the Koreas’ western sea boundary in 2020, and South Korea’s deportation of two North Korean fishermen despite their wish to resettle in South Korea in 2019” as well as another case that “involved the Moon government’s expulsion of two North Korean fishermen days after they were captured on their vessel off South Korea’s east coast.”

3. Jammeh-era Victims Welcome Death Sentence for Gambian ex-Spies (Including Former Spy Chief)

On week 28 (story #40) it was announced that the former Chief of Gambia’s National Intelligence Agency (NIA) along with 4 of his officers were sentenced to death for the 2016 murder of an opponent of ex-president Yahya Jammeh. This week political activists who were tortured by Gambia’s NIA in the past as well as others indicated hope and a “fulfilment and relief.” This included gatherings and celebrations while waiting for the execution of the death sentence penalty for the 5 former spies.

4. Why Did British MI5 Named Christine Lee a Chinese Influence Agent?

Gordon Corera of BBC published this article about a Chinese infiltration case to the UK government which became public on week 4 (story #15). Christine Lee was named by the MI5 as an “agent of influence” working for the Chinese intelligence services. This article highlights some of her activities which could have been the indicators that led the British counter-intelligence to identify her. Quoting the article, “Christine Lee was involved in a “seeding operation”, multiple officials claim, reflecting the way the Chinese state operates — a willingness to wait years for efforts to pay off. Without naming individuals, security sources say there were a handful of candidates across all major parties. In remarks to journalists after his 6 July speech, the head of MI5 also emphasised this danger: “It’s not always the case of seeking to influence a national leader or someone at cabinet level. One of the things that is very striking is that they are prepared to invest in cultivating people at local level potentially and at the outset of their political career.” US intelligence officials have also warned that local officials are increasingly targeted by China.”

5. SBU Releases Summary of 3 Completed Counter-Intelligence Operations

On July 18th, Ukraine’s Security Service (SBU) published a summary of 3 recently completed counter-intelligence operations. Those were: 1) In Luhansk, SBU exposed a former deputy of the district council who was collaborating with Russian special services, as well as two more local residents who agreed to join the, not recognised by Ukraine, Luhansk government entities. 2) In the region of Donetsk, SBU exposed two residents of the city of Mariupol who also voluntarily agreed to join the, not recognised by Ukraine, Donetsk government entities, and lastly, 3) in Kherson SBU exposed a local resident who, in collaboration with Russia, joined the, not recognised by Ukraine, Kherson government entities.

6. Spy Collection: FinFisher Promotional Videos for Cyber Espionage Solutions (2011)

On Friday we published a collection 9 promotional videos that cyber espionage vendor FinFisher was using in 2011 to promote their cyber espionage products and services to intelligence agencies. The videos are for: FinTraining, FinSpy, FinSpy Mobile, FinFly ISP, FinFly LAN, FinFly Web, FinIntrusion Kit (including FinTrack), FinFireWire, and FinUSB.

7. Podcast: Cleared Hot: US Military Intelligence Veteran Matthew Reed

On July 18th the Cleared Hot Podcast published a new 2.5-hours long episode featuring Matthew Reed, a US Military Intelligence veteran, expert in Human Intelligence (HUMINT) and counter-intelligence, who has worked from tactical to strategic positions, covering his experiences and commenting on current threats. As per the description, “Matthew Reed is a Veteran of the Wars in Iraq and Afghanistan as well as a former member of the U.S. Military Intelligence Community who worked for five years in Afghanistan as an Intelligence Contractor/Analyst and six years as a Counter-Intelligence Analyst in the Balkans region of Europe. In the Balkans, his mission was to root out hostile penetrations of our HUMINT Source pool.”

8. India Reveals Links of Sidhu Moosewala Shooters with Pakistani Spy Agency

On July 21st the Republic World reported that two of the killers of Indian singer and politician Sidhu Moosewala were “in touch with Pakistan-based Khalistani terrorist Harvinder Singh Ridha. The latter is believed to be under the scanner of intelligence agencies for his role in activating the Khalistani terror module and connection with Pakistan’s spy agency ISI.”

9. Japanese Man Arrested in China, Possibly on Spy Charges

The NHK World reported that on July 20th “a Japanese man detained in Shanghai since last year has been arrested by Chinese authorities. Japanese and Chinese diplomatic sources say the man in his 50s was detained in December. It was believed at the time that he was suspected of spying. Japan’s Consulate-General in Shanghai says China arrested him in June. It says it cannot comment on the details of the allegations against the man.”

10. Update on Cyber Espionage Activities in Eastern Europe

On July 19th, Google’s Threat Analysis Group (TAG) published a post summarising some recently observed cyber espionage operations in Eastern Europe. Specifically, an operation by Russia’s Federal Security Service (FSB) distributing a fake Ukrainian Azov Regiment Android application, which provided full access to the FSB operators if installed. Another fake Android application named “StoWar.pro” which was asking people to join the Ukrainian cyber army by installing it, and it was also a covert cyber espionage platform of the Russian FSB. An operation by Russia’s military intelligence (GRU) to compromise Ukrainian media organisations. Another cyber espionage operation by the military intelligence of Belarus targeting accounts of webmail and social media of Polish users. As well as a Russian operation targeting government and defence officials, politicians, NGOs and think tanks, and journalists related to Ukraine.

11. South Africa’s Corruption Watchdog to Subpoena Country’s President Over Spy Chief Accusations

On week 22 (story #23) the former Head of South Africa’s intelligence service, Arthur Fraser, filed a legal complaint against South African President Cyril Ramaphosa for staged robbery and kidnapping to steal $4 million. This week it was announced that “South Africa’s public protector said Tuesday she would invoke the body’s “subpoena powers” to get answers on the theft of foreign currency in Cyril Ramaphosa’s Phala Phala game reserve scandal. “We confirm that the President had until July 18, 2022 to respond to the allegations letter of June 07, 2022 after his previous request to have the initial return date of June 22, 2022 extended”, a statement read. If Ramaphosa’s instead filed a request for a further extension, it was denied and was communicated to the President on July 18.”

12. Turkey and Iran: ‘Keep Your Friends Close but Enemies Closer’

On July 20th, the Jewish News Syndicate published an article for the current relationships among the spy agencies of Turkey and Israel, and the foreign policy that this is likely supporting in the wider Middle East region.

13. SBU Detained Former Head of a Regional SBU Office for Being a Russian Agent

Following story #1 from this week, on July 17th Ukraine’s SBU announced the detainment of the head of a regional SBU office. The former spy was dismissed from his duties and is facing several criminal charges. As per the announcement, “during the investigation of the criminal proceedings, evidence was found that could indicate the cooperation of the detainee with representatives of the special services of Russia.” No further details were released as to what were that evidence and the espionage activity observed.

14. US Senate Bill to Require Annual Briefing on the NSA-CYBERCOM Relationship

As reported by FedScoop, the United States “Senate committee wants annual briefings on the relationship between U.S. Cyber Command and the National Security Agency, which are currently co-located and have shared resources. The provision is found in the Senate Armed Services Committee’s version of the fiscal 2023 National Defense Authorization Act, which passed the committee June 16, but language wasn’t released until July 18. When Cyber Command was initially being built, the Department of Defense co-located it with the NSA as a means to help it grow, relying on the expertise, staff and even tools and infrastructure of the spy agency to get it off and running. The two still share a boss and are co-located, which is referred to as the dual hat. However, the arrangement has been understood that it would be temporary given the inherently different missions of each organization and potential undue risk to each: NSA charged with foreign intelligence and the Department of Defense with war fighting. Opponents of the arrangement cite the outsized power of one person leading both organizations and relying on intelligence infrastructure and tools, which are meant to stay undetected, for military activity, which typically isn’t, poses risks to such espionage activity.”

15. Russia and Azerbaijan Sign Spying Agreement

On July 19th it was announced that Russia’s Foreign Intelligence Service (SVR) and the Foreign Intelligence Service of Azerbaijan signed an agreement in Baku, Azerbaijan. The agreement is to have closer collaboration on foreign intelligence activities in order to “promote the protection of the national sovereignty and territorial integrity of the two states, the fight against international terrorism and radical extremism, the protection of the interests of foreign agencies and citizens of Russia and Azerbaijan in third countries.” The two spy chiefs noted the good history in intelligence cooperation between the two countries and how this agreement gives “an additional momentum to the development of our relations and cooperation.”

16. Greek-American Journalist Arrested in Congo on Espionage Accusations

Last Sunday it was confirmed that Greek-American journalist Stavros Nicolas Niarchos is held by Congo’s intelligence service on espionage accusations. As per the Congolese authorities, the suspect was making contacts with “armed groups including the Bakata Katanga militia.”

17. Indian Cyber Espionage Operation Targeting Pakistani Navy

On July 20th cyber threat intelligence researcher Jazi discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as SIDEWINDER, who has previously associated with the intelligence services of India. The operation was delivering a lure document via email impersonating retired Pakistani Navy Captain Abdur Rahman Kharal, manager of the Karachi Port Trust of the Pakistani Navy. If the target(s) opened the lure document, it was covertly installing a custom cyber espionage software implant.

18. RocketLab Delays Scheduled Launch of United States NRO Spy Satellites Due to Software Updates

This week it was announced that “barely weeks after the successful launch of its first US spy satellite, American firm Rocket Lab has delayed its second satellite launch due to software updates. On July 13, Rocket Lab delivered NROL-162 to orbit for the US National Reconnaissance Office (NRO), which operates the nation’s fleet of spy satellites. But the next mission NROL-199 scheduled for launch on July 22 has been put on hold, Rocket Lab announced on Twitter. The announcement came after the NRO on Twitter mentioned about “software updates for NROL-199”. “NRO is currently implementing payload software updates for NROL-199. As soon as the updates are implemented, NRO and @RocketLab will provide a new launch date for NROL-199,” the NRO officials wrote on the microblogging site. In reply, Rocket Lab said: “We adapt to ever-changing mission requirements”. “Operating our own launch site gives our customers maximum flexibility on launch timing. We’ll be ready to launch when you are, @natreconofc!”. The company, however, did not update on when the new launch date will be announced.”

19. South Korea’s Spy Chief Made Unannounced Trip to Washington

On Tuesday, the Director of South Korea’s National Intelligence Service (NIS) Kim Kyou-hyun made an unannounced visit to Washington DC, US. According to the article, it was “to discuss a possible nuclear test by North Korea.” The article continues that “Kim was likely scheduled to meet with Avril Haines, director of national intelligence, and William Burns, director of the Central Intelligence Agency.”

20. Podcast: SpyScape: Special Relationships, Part II: The Lisbon Connection

The SpyScape’s True Spies series released a new 28-minute long episode. As per the video’s description, “after a shaky start, the friendship between Britain and America has blossomed in to one of the most important alliances on the world stage. In this anthology, Vanessa Kirby relates three crucial chapters in the evolution of the Special Relationship. In Part 2, scholar and intelligence professional Dr. Anthony Wells takes us behind the scenes in WW2-era Lisbon, where rival spies work tirelessly to turn the tide of war. Among their number is Commander Ian Fleming, who mounts an operation that will provide the inspiration for a daring new American intelligence agency…”

21. Ukrainian SBU Uncovers 60-Year Old Female Russian Agent in Kiev

On July 18th Ukraine’s Security Service (SBU) announced the arrest of a 60-year old Ukrainian resident of Kiev who was recruited by Russian intelligence services. As per the announcement, “she received assignments from her Russian handlers and sent them photos and geolocations of military facilities. To do this, she used messenger applications.” According to SBU Russia was planning to use that information to target missile strikes and perform sabotage operations inside Kiev, Ukraine.

22. US CIA and Russia’s SVR Visit Armenia Within Days of One Another

This week the Director of CIA, William Burns, flew to Yerevan, Armenia on an official visit with the Armenian Prime Minister Nikol Pashinyan and his intelligence service counterparts. 3 days after that visit, the Director of SVR, Sergey Naryshkin also visited Armenia and held meetings with the same government officials. The article concludes that “Pashinyan also met earlier this month in Yerevan with Ali Shamkhani, the head of the Iranian Supreme National Security Council. They discussed the potential of “developing and strengthening relations in all fields” and “exchanged thoughts on ensuring regional stability and security,” according to an Armenian government statement. It remains unclear exactly what was discussed at Pashinyan’s meetings with Naryshkin, Burns, and Shamkhani, but the timing of their visits to Yerevan — all within two weeks of one other — has attracted significant attention in Armenian political circles and on Armenian social networks. The visits come amid a flurry of diplomatic activity in the Caucasus region by U.S., European, and Russian officials, as well as what appear to be accelerating efforts by Armenia to normalize relations with Azerbaijan and Turkey.”

23. Palestinian Spy Chief to Head 17-Member Delegation At UN Torture Committee

According to UN Watch, the “Palestinian interior minister and former intelligence commander Ziad Hab al-Reeh, long-time chief of the Preventive Security agency that last year beat critic Nizar Banat to death, will head a senior delegation of 17 officials from Ramallah at tomorrow’s United Nations review of the Palestinian Authority record on eradicating torture.”

24. Previously Unknown MacOS Cyber Espionage Software Implant Used in Targeted Infiltration Operations

On July 19th, researcher Marc-Etienne M.Léveillé of the ESET cyber security firm published a technical analysis of a previously unknown sophisticated cyber espionage software implant designed for cyber espionage purposes on MacOS devices. The implant was named CloudMensis and its core component is known as the “CloudMensis Spy Agent.” It was observed being used to target specific individuals for more than a year and is still actively used. ESET researchers conclude that “CloudMensis is a threat to Mac users, but its very limited distribution suggests that it is used as part of a targeted operation. From what we have seen, operators of this malware family deploy CloudMensis to specific targets that are of interest to them” and also that “a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets.”

25. Videos: Israeli Shin Bet Releases 3 New Recruitment Videos

On July 20th the domestic spy agency of Israel, Shin Bet, released 3 new short videos to boost its recruitment efforts. The videos are: 1) The General Security Service — the operational unit recruits 1, 2) The General Security Service — the operational unit recruits 2, and 3) The General Security Service — the operational unit recruits 3.

26. Covert Surveillance on Thailand’s Pro-Democracy Movement Using the Israeli Pegasus Cyber Espionage Solution

On July 17th the Citizen Lab of the University of Toronto released a research showing how the intelligence services of Thailand have been consistently targeting at least 30 individuals, including Thai pro-democracy protesters, and activists calling for reforms to the monarchy. To do that, the Thai authorities have been using the cyber espionage product Pegasus, developed and sold by the Israeli NSO Group.

27. OSINT Reports for Chinese MSS APT41 Cyber Operators

This week an anonymous Open-Source Intelligence (OSINT) analysis group known as “Intrusion Truth” published as 4 blog posts detailing the inner workings of a group of China’s main spy agency, the Ministry of State Security (MSS). The 3 blog posts were: 1) APT41: A Case Sudy, 2) The old school hackers behind APT41, 3) Chengdu 404 and 4) The people behind Chengdu 404.

28. Mossad Trains European Intelligence Officers in OSINT Spy Tools/Analysis

Intelligence Online published an article highlighting how “Israel’s secret service has launched a special programme to train European agents to tap the huge potential of open-source investigation tools to boost their recruitment and intelligence-gathering capacities.” The article continues that “the Belgian, Italian and Spanish intelligence services have reportedly been approving, for at least a year, a new training programme offered by Mossad to hone the source recruitment and information gathering skills of their personnel. Coordination of this programme is managed directly by the Israeli intelligence service. It organises intensive courses for a very small number of officials in different European capitals. Designed by Yossi Cohen, director of Mossad from 2016 to April 2021, these cross-disciplinary exchanges of techniques and experience are also of great value to his successor, David Barnea.”

29. Dutch AIVD Announces Security Investigations Act

On July 20th, the Dutch General Intelligence and Security Service (AIVD) announced a new legislation allowing for more extensive monitoring of people in “positions of trust” such as those handling state secrets or being possible targets of espionage. The new Act includes that the “employers are obliged to report to the Security Investigations Unit (UVO) when someone is going to fill a position of trust and when that person no longer holds that position. This gives the UVO an up-to-date summary of all active confidential officers. This makes it possible to set up automated alerts for everyone who fulfils a position of trust. If a confidential officer changes the Judicial Documentation System, or if the AIVD or MIVD receives new information about activities that pose a threat to the state or anti-democratic activities, the UVO will automatically receive a notification. Such an alert may be a reason for the UVO to initiate a renewed safety investigation. A possible outcome of this could be that a previously issued clearance is revoked.”

30. Ukraine Announces that FSB Agent Received 7 Year Prison Term

On July 19th, Ukraine’s SBU announced that the Svalyavskyi District Court of Zakarpattia Oblast sentenced a Ukrainian national to 7 years in prison for acting as an agent of Russia’s FSB. This case is about the suspect (now convicted spy) that was detained on week 10 (story #10) by SBU.

31. Podcast: Janes Intelligence: OSINT in Action

On July 21st Janes’ World of Intelligence published a new 40-minute long episode with the host being Harry Kemsley, the President of Government & National Security at Janes and the guest being Sean Corbett. As per the description, “Sean Corbett retired from the Royal Air Force in September 2018 after a 30-year career as a professional intelligence officer, where he reached the pinnacle of his profession. He then established a Defence, Security and Intelligence Directorate within a ‘new space’ geospatial intelligence company, Earth-i, where he advanced innovative Al applications to earth observation data in support of the defence and security sector, and instigated the concept of ‘intelligence as a service’, leveraging a wide spectrum of publicly available information to answer challenging questions for the community. In October 2019, he set up his own business as a consultant specialising in the provision of strategic advice, commercial intelligence, the space sector, and the optimisation of organisational leadership and change management.”

32. Spy Way of Life: Café Le Zimmer in Paris France

This week’s selection from Intelligence Online’s Spy Way of Life was the Le Zimmer café, located in Paris, France and described as “a Belle Époque cafe for artists and spies.” According to Intelligence Online Le Zimmer is “a central Parisian cafe that makes for a handy meeting point for French foreign intelligence officers and their sources.”

33. Former Head of Greek NIS Writes About the 1974 Turkish Invasion of Cyprus

On July 18th the former Director (1999–2004) of the Greek National Intelligence Service (NIS), Pavlos Apostolidis published an article about his experiences during the 1974 Turkish invasion of Cyprus where he was living at that time.

34. Somali and Kenyan Spy Chiefs Discuss CT Plans for Al Shabaab

The Somali Guardian reported that on Wednesday, “Somalia’s spy chief mahad Salad and his Kenyan counterpart Philip Wachira Kameru discussed efforts to step up fight against Al-Qaeda-aligned militant group Al-Shabaab.” This comes as a new effort between the two nation-states to reset their diplomatic relations and improve their coordinated counter-terrorism (CT) responses. As per the article, “among the issues raised during the meeting were indiscriminate Kenyan air strikes that have killed many Somalis and their livestock herds in Gedo region over the past years. Salad urged Kenyan security officials not to carry out strikes without coordination with the Somali federal government in order to minimize civilian casualties, but it has not yet been clear if Kenya will cease its deadly air raids on Somali civilians in the region. Kenyan warplanes have destroyed telecommunication masts belonging to Hormuud and Somtel Telecom giants, “massacred” civilians and killed hundreds of livestock in strikes conducted over the past years. Agreements reached in the past failed to limit casualties inflicted by the air raids on civilians.”

35. Director of Russian SVR Names Restoration of Peace in South Caucasus as SVR Priority

With a formal press release, Sergei Naryshkin, the Director of Russia’s SVR stated that “Russia can play a key role in the issues of delimitation and demarcation of the Azerbaijani-Armenian border, opening communications and signing a peace agreement. For the foreign policy of the Russian Federation in the regional aspect, the issue of restoring peace in the South Caucasus is a priority.”

36. Inside the NATO’s RQ-4D “Phoenix” Drone Operations

Elisabeth Gosselin-Malo of the Warzone published this article discussing the Intelligence, Surveillance and Reconnaissance (ISR) missions that the NATO RQ-4D spy drones are executing in support NATO’s response in Ukraine.

37. Podcast: SpyCast: The Spy of the Century — Kim Philby

On July 19th the International Spy Museum’s SpyCast published a new podcast episode in celebration of the museum’s 20th anniversary. The episode covers the story of MI6 officer Kim Philby who became a KGB agent in the Cold War era. The topics covered are: 1) Why Philby has been called “The Spy of the Century”, 2) Philby the man, the ideologue, the spy, and the traitor, 3) Philby’s corrosive effect on Cold War British and American intelligence, and 4) The cultural blind spot that allowed him to hide in plain sight then ride a storm of suspicion.

38. US CIA Director’s Remarks at the Aspect Security Forum

With an official press release the United States CIA stated that “on July 20, 2022 CIA Director William Burns gave remarks at the Aspen Security Forum in a fireside chat with NBC Correspondent Andrea Mitchell.” You can find the full transcript here and the full video recording here.

39. France Tightens Controls for Spies Interested in Moving to the Private Sector

Following Italy (see week 7 story #2) and the United States (see week 11 story #42), now France is also looking at legislation to control “defence and intelligence officials switching to the private sector.” This is part of the many ongoing reforms programmes in the French military and intelligence community.

40. AW Publishes Post for WWII Spy Elżbieta Zawacka

As part of the 20th anniversary (see week 26 story #20) of the Polish Foreign Intelligence Agency (AW), this week AW released a poster for Elżbieta Zawacka (1909–2009). A Polish university professor who became a well-known British SOE operative during WWII, and also became the second and last woman in Polish Army’s history to get to the rank of Brigadier General.

41. Aspen Security Forum 2022: Cyber, Domestic Terrorism, and Spies Inside the System

On July 20th, the Aspen Security Forum 2022 published the recording of the “Cyber, Domestic Terrorism, and Spies Inside the System” talk by Jane Holl Lute, Former Deputy Secretary, US Department of Homeland Security and Matthew Olsen, Assistant Attorney General for National Security, US Department of Justice. The moderator was David Sanger, White House and National Security Correspondent, The New York Times.

42. US Probes Chinese Huawei of SIGINT/MASINT/ELINT Concerns

As reported by Reuters on Thursday, “the Biden administration is investigating Chinese telecoms equipment maker Huawei over concerns that U.S. cell towers fitted with its gear could capture sensitive information from military bases and missile silos that the company could then transmit to China, two people familiar with the matter said. Authorities are concerned Huawei (HWT.UL) could obtain sensitive data on military drills and the readiness status of bases and personnel via the equipment, one of the people said, requesting anonymity because the investigation is confidential and involves national security.”

43. Research on 60s-70s MI5 Plans to Overthrow Labour Government in the United Kingdom

On July 19th the Declassified UK released a research assessing the “allegations that MI5 officers and sections of the media sought to bring down Britain’s Labour government in the 1960s and 70s have resurfaced, raising fresh questions about plots that remain hidden behind a wall of official secrecy.”

44. Ukrainian SBU Neutralised 4 Russian Agents in Bakhmut

On July 20th Ukraine’s SBU stated that they “conducted a counter-sabotage operation during which four enemy agents were neutralised and detained. They were recruited by the special services of Russia for reconnaissance and subversive actions against Ukraine. Specifically, the agents collected the coordinates of the city’s infrastructure facilities, and information on the location and movement of Armed Forces units in the region. The agents also tried to obtain identification data for the Ukrainian defenders, including employees of the SBU. The enemy planned to use this information to carry out a series of missile strikes on Bakhmut and sabotage against the Armed Forces near the eastern front. The agents used specially created Telegram groups to communicate with their Russian handlers.”

45. Israeli Shin Bet Seeks Exclusion From Ruling to Provide Minimum Cell Space to Palestinian Prisoners

According to the Middle East Monitor, the domestic spy agency of Israel, Shin Ben, “aims to be excluded from taking part in ruling to provide Palestinian prisoners with minimum cell space. It comes as prisons are now overpopulated and do not comply with a 2017 High Court ruling, which requires the State to allot each prisoner minimal living space.”

46. Ukrainian and Russian Intelligence Services Keep Close Watch Over Kerch Strait Bridge

On Friday, the Intelligence Online reported that “the Russian bridge over the 35 km-long strait, which has both symbolic and strategic importance, has been kept under increased surveillance by both the Ukrainian and Russian intelligence services in recent months.”

47. Aspen Security Forum 2022: Fireside Chat with Head of MI6

The Aspen Security Forum 2022 published the recording of a fireside chat with Richard Moore, the Chief of the British MI6 (also known as Secret Intelligence Service — SIS). The moderator was Jim Sciutto, Chief National Security Correspondent, CNN.

48. Gathering Intelligence on the World’s Largest Secret Society: The Chinese Government

On July 21st Joseph Fitsanakis of IntelNews published a short article commenting on an article titled “Beijingology 2.0: Bridging the ‘Art’ and ‘Science’ of China Watching in Xi Jinping’s New Era”, published on Monday in the International Journal of Intelligence and CounterIntelligence by Bjørnar Sverdrup-Thygeson and Stig Stenslie.

49. Ukrainian GUR Reports that Russian Spies Instructed to Track Western Weapons’ Shipments to Ukraine

Ukraine’s military intelligence (GUR) announced that “enemy agents were tasked to identify and track the routes through which weapons are delivered to Ukraine. In order to determine the delivery methods and the amount of weapons, which are transferred to the Ukrainian defenders to repel the Russian invasion by partner countries, the Russian military attachés in the EU countries received orders through secure channels to initiate the recruitment of police officers and citizens involved in the transportation of the weapons. In regions bordering with Ukraine, Russian intelligence services are trying to require representatives of local communities and pro-Russian activists.”

50. Cyber Espionage Operation Impersonating NATO

Cyber threat intelligence researcher Souiten discovered and disclosed technical indicators of a cyber espionage operation delivered via a lure document impersonating a NATO announcement titled “New measures for medical assistance from NATO Trust Fund.” The document was observed targeting entities in Ukraine. If the target(s) open the lure document, a custom cyber espionage software implant is covertly installed. There were no attribution statements for its origin.

51. Details for the Bulgarian Man Arrested in Skopje on Espionage Charges

Bulgarian media reported that Nikolay Dikovski was arrested recently in his residence in Skopje, North Macedonia, on espionage charges. He was interrogated and then forced to leave the country. He said that he had an expired Visa but he still does not know where the accusation for espionage comes from. The article states that during his interrogation by dozens of people in civilian clothes no one specifically mentioned the word “espionage”, however the questions were around this subject. Quoting, “they asked him who trained him, who sent him, was he leading the protests. However, Dikovski claims that even as a spectator he did not go to the protests.”

52. United States NRO Releases Internship Recruitment Video

The US National Reconnaissance Office (NRO) published a new short video for recruitment purposes in the agency’s internship programme.

53. Turkish MİT Captures Wanted PKK Member

On July 20th Turkish media reported that the National Intelligence Organisation (MİT) captured wanted PKK and KCK Kurdish national, Savaş Çelik, codenamed “Zerdeşt”, who “has been playing an active role in the actions by conducting collaborative activities with PKK/KCK members in the rural area of ​​Muş since 2014.” According to the report, he was caught before attempting to escape to Europe. Note that PKK and KCK are classified as terrorist organisations in Turkey.

54. Podcast: Team House: Senior CIA Officer Weighs in on Ukraine and Syria

The Team House published an over 2-hour long podcast episode featuring Doug H. Wise, a former CIA Senior Intelligence Service officer who retired in August 2016. Prior to that he held several positions in the US intelligence community including Deputy Director of the Defence intelligence Agency (DIA), 4 times CIA Chief of Station (COS), CIA Chief of Operational Training, and other positions.

55. Bangladeshi SIGINT Buys Geolocation Equipment from Intersec

As it was reported this week, the Bangladeshi intelligence was looking for a 5G-enabled smart geolocation solution and the main companies assessed were the SS8 from the United States and the Creativity Software from the UK. However, the contract for this SIGINT solution was eventually won by the French Intersec for their product, called Agora. As per the company’s website, Agora is an AI-powered platform which can support: 1) 5G mass-scale active and passive location history (GMLC + SMLC), 2) Mobility and Activity data are collected, stored, grouped, and processed by Agora, the Intersec platform, 3) AI rule-based engine that triggers events and actions in real-time, 4) Real time rule-based engine triggers on events and takes actions on-the-fly.

56. Ukrainian SBU Detains GRU Agent in Zhytomyr

On July 22th, Ukraine’s SBU stated that they “detained a Russian military intelligence agent who was providing information to the enemy for the shelling of the Zhytomyr region.” The GRU agent “provided his handler with maps and references to the location of military facilities of the Ukrainian Armed Forces and the manufacturing facilities of defence products in the region. The enemy planned to use the information to carry out massive missile strikes on strategically important infrastructure. It was established that the traitor was a resident of Korosten and had previously worked at one of the strategically important plants. According to counter-intelligence officers, his GRU handler did a detailed briefing with his agent on intelligence gathering and covert communications methods for transmitting the collected information.”

57. CBN News: How China Uses TikTok to Collect Personal Data

On Friday the CBN News published a 5-minute long video briefly explaining the threat of the Chinese intelligence services getting access to data collected by the Chinese social media platform TikTok. The video includes a quote from Brendan Carr, FCC Commissioner stating that “China has a national security law that compels every entity within its jurisdiction to aid its espionage and what they view as their national security efforts.”

58. Cyber Espionage Operations Targeting Ukrainian Entities

On July 20th, the Mandiant Threat Intelligence private firm published a blog post based on technical indicators released to the public by the US Cyber Command (CYBERCOM), and their own insights responding to some of those cyber espionage operations. Mandiant identified two main actors behind the operations, the intelligence services of Belarus and Russia. They highlight that “these operations were designed to gain access to networks of interest, but we do not have insight into the planned follow-on activities.”

59. China and the CIA Project of Right Judgments of Future Predictors

Dr. Nadia Helmy published this article on Modern Diplomacy covering her personal experience with “the (Project of Sound Judgments of Brilliant Future Predictors), which is funded by the “Advance Intelligence Research Projects Activity” section of the US government and the US Central Intelligence Agency (CIA), is striving to recruit, sort and employ brilliant geniuses who are able to predict the future in an unprecedented and genius way, by discovering new ways in advanced intelligence proactive thinking, which allows predicting the shape of the future and the new world order, and its network of international alliances globally.”

60. The United States 902d Military Intelligence Group is Inactivated

According to social media reports the United States Army Intelligence and Security Command’s (INSCOM) 902d Military Intelligence Group will have its inactivation ceremony on July 28th at the ACI Headquarters Building, 2600 Ernie Pyle St., Fort George G. Meade, MD 20755. At the same event, Brigadier General Rhett R. Cox will activate and assume command of the US Army Counterintelligence Command.

61. Turkish MİT Kidnaps Man from Afrin, Syria

According to ANHA, the Turkish National Intelligence Organisation (MİT) “raided the village of Deir Sawan, which is affiliated with the district, and kidnapped the citizen Hussein Hadak on false accusations. According to the same source, MIT took the kidnapped to an unknown destination, and his fate is still unknown.”

62. Russia Cyber Operators Breach Ukrainian Network Radio for Information Operations, also Using DeepFakes

Bleeping Computer reported that cyber operators linked with the Russian services breached the TAVR media group of Ukraine, a network operating 9 major radio stations “including Hit FM, Radio ROKS, KISS FM, Radio RELAX, Melody FM, Nashe Radio, Radio JAZZ, Classic Radio, and Radio Bayraktar.” The cyber operators then started disseminating Information Operations (IO) content stating that Ukraine “is not controlled by President Zelenskiy as he is in hospital, or rather, in intensive care because of a ‘serious health condition’.” Bleeping Computer also highlights how Russian cyber operators have been using DeepFake technologies in some of those IOs.

63. US DHS and CBP Domestic Spying Using Phone Tracking Data

The Politico published this story showing how the United States Department of Homeland Security (DHS) as well as the Customs & Border Patrol (CBP) have been using “mobile location data to track people’s movements on a larger scale than previously known.” The article notes that “despite the privacy concerns raised within the agency, other branches of DHS and law enforcement remain eager to use phone location data. Records show that the Department of Justice also expressed interest in using data from Venntel, as did a police department in Cincinnati, Ohio, which sought to use the location data to address the opioid crisis. And the agencies don’t show any signs of slowing their use of location data. ICE signed another contract with Venntel in November, which is set to expire in June 2023.”

64. Cyber Espionage Operations in Middle East Using Candiru

The threat research team of Avast cyber security firm published a technical analysis for new cyber espionage operations observed in Middle East using the Candiru cyber espionage suite, developed and sold to intelligence agencies by the Israeli Saito Tech company. The operation exploited a previously unknown flaw in Google Chrome to gain access to their targets and covertly install the cyber espionage software implant. As per the report, “a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties.” The report also highlights that Candiru was updated in March 2022 and since then is targeting specific individuals in “Lebanon, Turkey, Yemen, and Palestine.” Currently, it is not known who is the operator behind those targeted cyber espionage operations.

65. Robert Parry Exposed CIA Criminality and Set the Gold Standard for Investigative Journalism

On July 22nd, former CIA intelligence analyst John Kyriakou published this article on the Covert Action Magazine, inspired by the recently published “American Dispatches: A Robert Parry Reader” book. As per the article, “Robert Parry is best known for breaking the news that the CIA had provided the Contra rebels in Nicaragua with a copy of their notorious “assassination manual” and that the CIA was helping the Contras send shipments of cocaine to the United States and then using the profits to buy weapons. Parry was a winner of the George Polk Award for his Contra stories, the I. F. Stone Medal for Journalistic Independence, and the Martha Gellhorn Prize for Journalism. He was also a Pulitzer Prize finalist.”

66. FBI Investigation: Chinese Huawei Equipment Could Disrupt US Nuclear Arsenal Communications

Following story #42, Katie Bo Lillis of the CNN published an exclusive story on Saturday stating that “US counterintelligence officials began digging into the details, they found numerous red flags. The pagoda, they noted, would have been strategically placed on one of the highest points in Washington DC, just two miles from the US Capitol, a perfect spot for signals intelligence collection.” The article highlights that “among the most alarming things the FBI uncovered pertains to Chinese-made Huawei equipment atop cell towers near US military bases in the rural Midwest. According to multiple sources familiar with the matter, the FBI determined the equipment was capable of capturing and disrupting highly restricted Defense Department communications, including those used by US Strategic Command, which oversees the country’s nuclear weapons.”

67. Poland Attributes Cyber Operations to Russian Spy Agencies

With an official press statement the Polish intelligence announced that cyber operators linked with the Russian intelligence agencies “are continuing their actions against Poland. Activity designed to destabilise public opinion is also conducted in other Western countries.” The announcement continues that “it is worth recalling that the target of the Russian services are public figures not only in our country, and the activities of the group responsible for this operation were identified as early as 2016. Intelligence operations involving cyber operations, taking over information resources and using them to manipulate public opinion have been used by the Kremlin in recent years in its fight against NATO. Already in June 2021, we informed that the intelligence community had indicators that allowed cyber operations against public figures in Poland to be clearly attributed to the UNC1151 actor associated with the Russian intelligence agencies. Such operations are managed by the intelligence services of Russia, a hostile and aggressive country, including towards Poland. A country that is currently waging a war against Ukraine and an information war against NATO. The cyber activities are being used by Russia on an ongoing basis both against Ukraine and the Allies. The same actor behind Operation GhostWriter was used to target Ukrainian entities during the war against Ukraine. In recent weeks, there has been an increase in publications following the hostile actions in the continuation of Operation GhostWriter, which in the West is commonly regarded as a Russian intelligence operation — both partner services and cyber security experts agree. Breaching the security of email or social media profiles against selected people in Poland is intended to interfere with public debate as well as international relations, including allied ones.”

68. Mossad Says Iran Didn’t Play “On the Ground” Role in Hezbollah’s Argentina Bombings of the Early 1990s

Times of Israel reported that Mossad concluded that although Iranian covert operatives did train the terrorists involved in the 1990s Argentinian bombings, they had no direct, on-the-ground, involvement with the attacks. The Mossad reports includes details such as that “according to the Mossad, the same operatives behind the pair of bombings in Buenos Aires also blew up a Panamanian plane a day after the AMIA attack, killing all 21 on board, including 12 members of the Jewish community. The involvement of Hezbollah has long been suspected and in 2018, Panamanian President Juan Carlos Varela sought to reopen a probe after saying he received Israeli intelligence. The Mossad probe found that Hezbollah was setting up infrastructure for possible attacks in South America as early as 1988, scoping out possible sites, building out front companies and taking notes on border security. Terrorists managed to smuggle explosives hidden in shampoo bottles or chocolate into Argentina on commercial flights from Europe, later hiding them in a park. Other bomb-making materials were acquired through a front company, the Mossad said.”

69. Russian Investigative Committee Did Not Find Signs of Crime in the Death of Chinese Spy Rocket Scientist

On week 27 (story #3) it was reported that Russian scientist Dr Dmitry Kolker, convicted for being a Chinese spy, died of cancer. This week it was reported that after an investigation by the Main Military Investigation Department of the Investigative Committee on the allegations that he was killed by the FSB, it has been officially concluded that there were no criminal actions or policy violations that led to his death.

70. Turkish MİT Assassinates 5 PKK Members in Iraq

As reported by Turkish media, the MİT executed a strike 137 km from the Turkish border, inside Iraq, targeting a group of Kurds who have been operating YPG camps in Syria. Note that both YPG and PKK are classified as terrorist organisations by Turkey. Starting on July 17th, 14:22 local time, MİT followed a vehicle travelling from Syria to Iraq using UAVs. After they entered Iraq and moved towards Mosul, MİT launched a drone strike killing all 5 passengers, 1 female and 4 males. According to MİT the driver, named Ahmaad İlyas, was a PKK courier and was tasked with transporting the 4 Kurdish YPG fighters (terrorists as per Turkish legislation) from Syria to Qandil.

71. US Cyber Command Looking for 0day Supplier for Cyber Espionage and Offensive Cyber Operations

As reported by Intelligence Online, the United States CYBERCOM launched the Joint Cyber Weapons programme and is looking for suppliers to purchase 0day cyber capabilities. That is covert infiltration technologies for popular software and devices that aren’t known to the vendors so that CYBERCOM could use them to conduct cyber espionage operations as well as offensive cyber operations.

72. Russian Spies Targeting NATO Countries in New Cyber Espionage Campaign

On Tuesday, Sky News reported this story where they stated that “cyber spies suspected of working for Russia’s foreign intelligence service (SVR) are targeting NATO countries in a recent hacking campaign, according to a new industry report. The hackers are using online storage services such as Google Drive and Dropbox to avoid being detected, said cyber security company Palo Alto. The hacking attempts have included phishing emails containing an agenda for an upcoming meeting with an ambassador as a lure, and were sent to several Western and NATO diplomatic missions between May and June of this year. A spokesperson for Dropbox told Sky News: “We can confirm that we worked with our industry partners and the researchers on this matter, and disabled user accounts immediately.” Palo Alto assessed that the attackers are part of the same organisation blamed for the SolarWinds breach in 2020 which gave Russia’s spies access to the networks of at least nine US government agencies.”

73. Taiwan’s Highest Court Dismisses Appeal of Serviceman Convicted of Espionage

On Friday it was reported that former Taiwanese Air Force Lieutenant Colonel Tu Yongshin “did not provide any new evidence or facts to challenge the lower court’s verdict. Therefore, an appeal against its decision is not possible.” Tu left the Air Force in 1994 to move to China and start a business. However, he was recruited by the Chinese intelligence and returned back to Taiwan in 2011 and started recruiting financially struggling former colleagues to join his Chinese spy ring.

74. Podcast: Combat Story: CIA Legendary Case Officer, Black Ops, Author Enrique ‘Ric’ Prado

On Saturday the Combat Story published a new nearly 2-hour long episode featuring Enrique ‘Ric’ Prado who, as per the description, is described as “a legendary CIA Case Officer, Paramilitary Operations Officer, and Senior Leader Enrique ‘Ric’ Prado, who fought terrorists from the jungles of Central America with the storied Special Activities Division to eventally overseeing all Agency operations at the helm of the Counterterrorism Center (or CTC).”

75. Russian Court Releases Air Traffic Controller Convicted for Espionage Due to Health Issues

On July 19th it was announced that the Russian Tambov Regional Court “approved the decision to release 66-year-old air traffic controller Pyotr Parpulov from prison, who was sentenced to 12 years in prison for a case of treason.” The, now released spy, “was diagnosed with cancer of the caecum and synchronous cancer of the transverse colon.” He was originally sentenced to 12 years in prison on January 2016 after the FSB discovered that he was selling state secrets he had access to, to the intelligence service of Georgia.

76. Turkish Counter-Intelligence Arrests 7 Iranian Operatives Plotting Assassinations of Israeli Citizens in Turkey

On Friday it was reported that the counter-intelligence of Turkey conducted an operation which led to the arrest of 7 Iranians, and a travel ban to 8 more Iranian women associated with the plot. According to reports “the first five suspects were detained during a special operation on June 17. Four of them were arrested, one was released on bail. All suspects are charged with “military and political espionage.” The second operation took place on July 14, three more Iranian citizens who were planning to kill Israelis were detained. Three 7.65 mm pistols and their cartridges, three silencers and two laser sights were confiscated from them.”

77. How the NSA is Moving Toward a Quantum-Resilient Future

Patrick Shore of the National Interest published this story talking about the challenges of quantum computing and what efforts the United States National Security Agency (NSA) is making to proactively protect the US government for any quantum computing threats.

78. Indian Cyber Espionage Operation Targeting Pakistani Air Force

Cyber threat intelligence researcher Jazi discovered and disclosed technical indicators of a previously unknown cyber espionage operation attributed to an actor dubbed as SIDEWINDER, who has been previously associated with the intelligence services of India. In this case, a lure document was used impersonating financial reporting from the Pakistani Air Force. If the target(s) opened the lure document, a custom cyber espionage software implant was covertly installed.

79. North Korean Cyber Espionage Operations Targeting European Countries

On Saturday it was reported that a cyber actor dubbed as APT37, previously associated with the intelligence services of North Korea, has been “targeting high-value organisations in the Czech Republic, Poland, and other European countries. The operation is delivered via e-mail with lure documents titled “missile.docx” and “_weapons.doc.lnk.lnk” which, if the target(s) opens them, they covertly install a custom cyber espionage software implant dubbed as KONNI. The report also highlights that there are some similarities in the tactics and the toolset used with another cyber actor, dubbed as APT28, who has been previously associated with the military intelligence (GRU) of Russia.

80. Iran Claims Bust of Israeli Spy Network in Tehran

On July 23rd, Times of Israel reported that “Iran claimed Saturday to have stopped an Israeli spy network, arresting agents who had entered the Islamic republic to carry out attacks against “sensitive” sites. The Islamic Republic’s official IRNA news agency said the agents, who were in contact with Israel’s Mossad spy agency, had entered the country from northern Iraq’s Kurdistan region for the purpose of carrying out sabotage and “terrorist operations” with the help of state-of-the-art technology. “All of them were captured,” it said, “and their weapons, explosives, technical and communications equipment were entirely discovered and confiscated.” The statement did not say how many suspects were arrested or give their nationalities, nor did it identify the targets of the purported plots.”

81. Greek NIS Investigates Potential Sabotage/Arson in Wildfires Near Sensitive Sites

This Saturday it was reported that anonymous sources from the Greek National Intelligence Service (NIS) reported that “a special investigation is being carried out for the two specific fires by the Fire Department and the Hellenic Police, while the NIS has also been informed . The authorities are examining all scenarios, even that of sabotage. All possibilities are currently open, i.e. it may be random incidents and the fires were caused by negligence, but the authorities do not rule out arson or even sabotage by immigrants.”