Open in app

Sign in

Write

Sign in

SPY NEWS: 2022 — Week 3

Summary of the espionage-related news stories for the Week 3 (17–23 January) of 2022.

The Spy Collection
11 min readFeb 2, 2022

1. U.S. Citizen Charged with Conspiracy to Provide Restricted Technology to Iran

On Tuesday, January 18, the U.S. Department of Justice published a criminal complaint against dual Iranian-U.S. citizen Kambiz Attar Kashani. The suspect and his co-conspirators procured U.S.-origin goods and technology for ultimate use in Iran, including for use by the Government of Iran. The network used two United Arab Emirates (UAE) based private companies to export the hardware/technology from the U.S. and subsequently, those UAE companies were forwarding them to Iran.

2. Newly Identified Cyber-Espionage Actor Operating on Behalf of China

Trend Micro’s Threat Research published a summary and a 42-pages long detailed report describing the cyber-espionage activities of a previously unknown Chinese nation-state actor. The actor, which they dubbed as “EARTH LUSCA” has been gathering intelligence on behalf of the Chinese government both domestically and abroad.

3. Swedish Security Agency Warns for Unknown Drone Flying Over Nuclear Facilities

In the previous week, Swedish authorities identified multiple instances of commercial drones flying nearby (or over) nuclear facilities. Later on, the Swedish Security Service (Säpo) took over the investigation. Some media report potential intelligence activities of Russian actors, but there has been no official statement.

4. MI5 Warning of Chinese Agents Trying to Conduct Close-Access Operations

After last week’s MI5 warning, now Nigel Nelson of The Mirror reports that MI5 (also known as Security Service) has concerns over sleeper cells of Chinese agents trying to infiltrate the U.K.’s House of Commons to steal classified documents from Parliament Members’ computers.

5. Australian National Yang Hengjun, Accused of Espionage Charges, Reports Terrible Detainment Conditions in the Chinese Prisons

On Monday, The Guardian published an update for the case of Yang Hengjun, 54. A former Chinese citizen who became an Australian citizen in 2002. A spy novels writer, blogger, regularly commenting on the non-democratic practices of the Chinese Communist Party (CCP). In 2019 he flew to Guangzhou, China with his family but was quickly apprehended at the airport and in a secret trial on May of 2021 was accused with espionage charges. There has been no formal verdict yet but his health condition and situation in the Chinese prison system is deteriorating, including bad living conditions, torture by China’s Ministry of State Security (MSS), and his relatives and friends are worried if he would survive those conditions.

6. New Advanced UEFI-Based Software Implant Used for Cyber-Espionage by Chinese Actor

On January 19th, Kaspersky published a 19-pages long technical analysis of a highly stealthy UEFI software implant they dubbed as “MoonBounce”. Cyber-security analysts managed to associate this with a series of highly targeted cyber-espionage activities from the period of 2020–2021, all of them attributed to a nation-state actor dubbed as “APT41”. This actor has been previously associated (by the U.S. government) with China’s main intelligence agency, the Ministry of State Security (MSS) and more precisely, a front company that was conducting cyber-espionage operations on behalf of the Chengdu Bureau of MSS, as well as the Ministry of Public Security (MPS) which is responsible for internal security matters.

7. British Government Information Operation to Ban E2EE

On the 19th of January Emma Vail of The Record wrote a news story describing a new influence/information operation (IO) of the U.K. government to get public support to ban the use of End-to-End-Encryption (E2EE) on communications platforms. The IO was named “No Place to Hide.” According to the official announcement of the British civil liberties group “Big Brother Watch”: “Our intelligence agencies and law enforcement already have extensive powers to gain total access to criminals’ phones and communications. But end-to-end encryption is crucial for protecting the safety and privacy of our chats en masse.”

8. Chinese Government Rewards Fishermen for Collecting and Handing Over Foreign Spy UUVs

Joseph Fitsanakis wrote a summary of a Chinese government-sponsored event titled “Special Commendation and Reward Symposium for Coastal National Security and People’s Defense Lines” created to reward 11 fishing crew members as well as 5 land-based fishing crew members for “salvaging and turning over suspicious underwater devices”. Past reports indicate that those were Unmanned Underwater Vehicles (UUV) operated by foreign nation-state actors for intelligence gathering, mainly around the South China Sea region.

9. Canada’s CCCS Issues Warning of Russian-backed Cyber Operations Against Critical Infrastructure

The Canadian Centre for Cyber Security (CCCS) released a Cyber Bulletin, following those of the United States’ CISA and United Kingdom’s NCSC from the previous week, on the increased threat of cyber operations conducted by Russian-backed actors against Canada’s critical infrastructure.

10. Head of Finland’s Supo Reports Cold War-level Espionage Activity

Antti Pelttari, the Head of the Finnish Security Intelligence Service (Supo) gave an interview on iltalehti on January 20th stating that there are as many foreign spies in Finland today as they were during the Cold War. He mentioned that dozens of spies from Russia and China operate in Finland with the most common espionage targets being the political positions plans, in particular foreign and security policy positions, such as Finland’s relationship with NATO.

11. Egypt’s Ministry of Interior Looking at Spy Plane Capabilities

As reported by Intelligence Online, the Ministry of Interior in Egypt is actively looking at the development of Intelligence, Surveillance and Reconnaissance (ISR) aerial capabilities. This will, reportedly, rely on the CAE Aviation aircraft operated by the French Directorate of Military Intelligence, known as DRM.

12. Concerns Over Chinese Nuctech Airport Scanners in EU Airports Used for Espionage by Chinese Nation-State

A story of the Associated Press (AP) discloses the concerns of European Union (EU) and NATO members over the use of Nuctech’s security scanning technologies in 26 of 27 EU.member states. The company has deep ties with Chinese Communist Party (CCP) military and politicians and was previously banned from use in the United States due to national security concerns. Quoting AP: “Western security officials and policymakers fear that China could exploit Nuctech equipment to sabotage key transit points or get illicit access to government, industrial or personal data from the items that pass through its devices.”

13. U.S. CISA Warns for the Use of Destructive Malware and Other Attack Vectors by Nation-State Actors Targeting U.S. Entities

On January 19th, Lawrence Abrams of Bleeping Computer published a news story describing a newly issued U.S. Cybersecurity & Infrastructure Security Agency (CISA) Insights report based on the latest cyber attacks observed in Ukraine, which, according to Ukraine’s intelligence community, were executed by Russia’s intelligence apparatus.

14. French National Benjamin Brière on Trial in Iran Accused of Espionage

As per BBC’s report from January 21st, 36 year old Benjamin Brière, a French national who was arrested by Iranian authorities in May 2020 when he was detected flying a drone near the Iran-Turkmenistan border, is going on trial. His lawyer and the French Ministry of Foreign Affairs state that he was a tourist but the Iranian state is pressing espionage charges.

15. U.S. Drops Charges Against MIT Professor Gang Chen for Chinese Espionage Activities

On January 20th, MIT Professor Gang Chen proved innocent and all charges were dropped. His defence attorney Robert Fisher stated that: “Chen was never an overseas scientist for Beijing” and also that he “disclosed everything he was supposed to disclose and he never lied to the government or anyone else.”

16. U.S. Treasury Sanctions Russian-Backed Actors Responsible for Destabilisation Activities in Ukraine

In an official press release from January 20, the U.S. Department of Treasury stated that the Office of Foreign Assets Control (OFAC) is sanctioning four Russian-backed actors associated with Russia’s Federal Security Service (FSB) who conducted and/or supported destabilisation covert activities in Ukraine. Those are: Taras Kozak, Oleh Voloshyn, Volodymyr Oliynyk, and Vladimir Sivkovich.

17. Cyber-Espionage Operation Targeting Users in Middle East

On January 20th, cyber-security firm Zscaler released a threat intelligence report authored by their ThreatLabz research team. The report describes a cyber-espionage operation running from at least since 13 July 2021 and until 13 December 2021. The targets were various individuals in Middle Eastern countries and, according to the analysis, it’s related to the geopolitical conflicts between Israel and Palestine. The operation has been attributed to an actor dubbed as “MOLERATS” which is associated with an unidentified Middle Eastern country.

18. CIA Announces that the “Havana Syndrome” Unlikely to be Caused by Foreign Powers

A CIA report disclosed through the New York Times on January 20 states that the mysterious “Havana Syndrome” that several former and active CIA officers suffered from, is unlikely from a foreign nation-state actor. No explanation was given other than that the investigation is still ongoing.

19. Cyber Espionage Campaign Targeting Organisations and Individuals in South Asia

On 21 January Symantec Security Centre (now part of Broadcom) published a Protection Bulletin warning that they observed a nation-state sponsored actor dubbed as “DONOT TEAM” (also known as APT-C-35) targeting organisations and individuals in South Asia to conduct cyber-espionage. This actor has been previously associated with the India’s national objectives.

20. Dutch University Bans Chinese Fundings After Disclosure of Foreign Influence via Donations

As it was publicly disclosed on the 21st of January, the Vrije Universiteit (Free University) of Amsterdam in the Netherlands was received funding in 2018, 2019, and 2020 from the Southwest University of Politics and Law in Chongqing, China for the Cross-Cultural Human Rights Centre (CCHRC). Dutch counter-intelligence identified that CCHRC used this to place people in committees and university groups in order to influence the European public opinion on the human rights in China, and promote the collaboration with Chinese companies. Vrije Universiteit returned all funds and banned any future funding from Chinese entities. The Dutch intelligence community notified other potentially affected universities too.

21. U.S. Counter-Intelligence “China Initiative” May Not Be As Effective

On January 22nd, South China Morning Post (SCMP) published a story indicating some of the failures of the United States “China Initiative” counter-intelligence program that started in 2018. That program is aiming on discovering Chinese assets (mainly scientists, academics, researchers, and other professionals) that illegally perform “technology transfer” operations from the U.S. to China.

22. BBC Espionage Reporting Raises Concerns in U.K. Government

Starting in January 22nd, news reports appeared about British Attorney General wanting to prevent BBC for airing a news story on MI6 (also known as SIS — Security Intelligence Service) espionage operations since those could endanger government plans and the individuals involved. A secret hearing will take place in the next few days.

23. China’s Surveillance Plans for the 2022 Winter Olympics in Beijing

As published by Nicholas Eftimiades on January 23rd on The Diplomat, the Chinese Communist Party (CCP) has already released of surveillance measures for athletes participating in the 2022 Winter Olympics in Beijing. Those include a mobile application called “MY2022” which tracks movement, health, and travel data. More mass surveillance controls include monitoring of the internet access, facial recognition systems, as well as behavioural monitoring by CCP authorities.

24. Podcast on How MI5 Uncovered the Chinese Agent in U.K. Parliament

The Guardian released a 27-minutes long podcast discussing how the MI5 issued the extremely rare “interference alert” (only two have ever been issued), background of the story, and how MI5 uncovered Christine Lee as a Chinese asset.

25. Article on IRGC Quds Force’s Brigadier General Ahmed Foruzandeh

On January 21st Adam Rawnsley of the Daily Beast published an article profiling Brigadier General Ahmed Foruzandeh, a senior commander in the Quds Force of the Iranian Revolutionary Guard Corps (IRGC). Quds Force (or Jerusalem Force) is the most elite special operations force of the IRGC with mission to conduct covert and paramilitary operations beyond the borders of Iran. Until 2020 it was under the command of Lieutenant General Qassem Soleimani, and after his assassination, his deputy, Brigadier General Esmail Qaani took over its command.

26. OSINT-Discovered ELINT/SIGINT Flights

This is a brief summary of ELINT/SIGINT flights identified by aviation enthusiasts during this week:

  • 17JAN2022: Summary of 4 ISR flights over Ukraine-Russia borders by U.S., U.K., and Sweden. Source
  • 17JAN2022: U.S. Air Force General Atomics MQ-9A Reaper UAV (reg. number N/A, callsign SWIVL21) flight from Naval Air Station Sigonella, Italy to the Black Sea. Source
  • 17JAN2022: General Atomics MQ-20 Avenger (N903PC, callsign UAV12) from a “private owner” flight from U.S. Government El Mirage Field Airport for short flight in the region. Source
  • 17JAN2022: British Army Thales Watchkeeper WK049 (43C887, callsign POINTR49) training flight from RAF Akrotiri, Cyprus. Source
  • 18JAN2022: Summary of 10 ISR flights over Ukraine-Russia borders by several countries (U.S., U.K., Sweden, Norway, and Germany). Source
  • 18JAN2022: Indian R&AW’s Aviation Research Centre Bombardier Global 5000 (GB8002, callsign N/A) flight over the India-Pakistan borders. Source
  • 18JAN2022: Japan Air Self-Defense Force Kawasaki RC-2 (18–1202, callsign N/A) flight inside Japan. Source
  • 18JAN2022: U.S. government General Atomics MQ-9A Reaper UAVs (N390MC, callsign UBC97000–5) flight from the U.S. Government El Mirage Field Airport. Source
  • 18JAN2022: U.S. Navy MQ-8C Fire Scout (168809, callsign N/A) unmanned helicopter on flight near NAVAIR (Naval Air Station Patuxent River) in Maryland. Source
  • 18JAN2022: Training with multiple UAVs near the U.S. Government El Mirage Field Airport. MQ-9A Reaper UAV (N390MC, callsign UAV17), Piper PA-46–500TP (N168RV), Cessna 210M Centurion (N777RR), unidentified UAV (callsign UAV13), and MQ-9A Reaper UAV (N341HK, callsign UAV15). Source
  • 19JAN2022: Summary of 5 ISR flights over Ukraine-Russia borders by U.S. and Sweden. Source
  • 19JAN2022: Israeli Air Force Gulfstream V Nachshon-Shavit (676, callsign N/A) flight over the sea, close to Tel Aviv, Israel. Source
  • 19JAN2022: U.S. Air Force Boeing RC-135V (64–14846, callsign SHINR40) and Boeing NC-135 (61–2666, callsign SAME40) on test flight over Majors Field airport in Greenville, Texas. Source
  • 20JAN2022: Summary of 7 ISR flights over Ukraine-Russia borders by U.S., U.K., Sweden, and Germany. Source
  • 20JAN2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102003, callsign SVF623) flight from Malmen Airbase to patrol over Kaliningrad. Source
  • 20JAN2022: German Navy Lockheed P-3C CUP Orion (60+08, callsign GNY4500) flight over Kaliningrad. Source
  • 20JAN2022: U.S. Army Beech RC-12X Guardrail (88–00325, callsign YANK01) and (91–00516, callsign YANK02) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source
  • 20JAN2022: U.S. Army Beech C-12T-3 Huron (84–00177, callsign REBEL77) flight from Clay Kaserne base in Germany to Poland, at the borders with Kaliningrad. Source
  • 20JAN2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7206) flight from RAF Waddington to Ukraine (borders with Russia and Black Sea). Source
  • 20JAN2022: Ukrainian Air Force Bayraktar TB2 (reg. number N/A, callsign 12345678) flight over the Ukraine-Russia border. Source
  • 20JAN2022: NATO Boeing E-3 Sentry (TF33) AWACS (LX-N90451, callsign NATO07) flying close to Constanța, Romania near the Black Sea. Source
  • 20JAN2022: Two U.S. government General Atomics MQ-9A Reaper UAVs (N390MC, callsign UAV17) and (N429HK, callsign UAV11) in flight patterns near Edwards Air Force Base in California. UAV17 took off from the U.S. Government El Mirage Field Airport and UAV11 from the U.S. Government Grey Butte Field Airport. Source
  • 20JAN2022: U.S. government General Atomics MQ-9A Reaper UAV (N361HK, callsign N/A) returning to Laguna Army Airfield after arriving there 7–8 days ago (Jan. 13th) from the U.S. Government El Mirage Field Airport. Source
  • 20JAN2022: Two U.S. government General Atomics MQ-9 Reaper UAVs (N390MC, callsign UAV17) and (N341HK, callsign UAV15) in took off from the U.S. Government El Mirage Field Airport. Source
  • 21JAN2022: Summary of 5 ISR flights over Ukraine-Russia borders by U.S. and Sweden. Source
  • 21JAN2022: U.S. Air Force RQ-4 Global Hawk (AE5420, callsign UAVGH000) flight from Al Dhafra Air Base to the Persian Gulf and transiting to Jordan. Source
  • 21JAN2022: U.S. Air Force RQ-4 Global Hawk (AE5420, callsign UAVGH000) on ISR flight over Ukraine together with USAF RC-135W Rivet Joint (62–4134, callsign JAKE11). Source
  • 21JAN2022: Summary of 5 ISR flights over Ukraine-Russia borders by U.S., Ukraine, and Sweden. Source
  • 21JAN2022: U.S. government General Atomics MQ-9A Reaper UAV (N361HK, callsign RA-33303) took off from Laguna Army Airfield. Source
  • 22JAN2022: (potentially) U.S. Army MQ-1C Gray Eagle (11–00195, callsign N/A) from Fort Huachuca on ISR flight over the Arizona-Mexico border. Source
  • 22JAN2022: U.S. Army Beech RC-12X Guardrail (88–00325, callsign YANK01) and (91–00516, callsign YANK02) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad and Belarus. Source1 Source2
  • 23JAN2022: Unidentified (likely AAI RQ-7 Shadow) aircraft took off from a small airstrip at Fort Bliss, TX. Source
  • 23JAN2022: U.S. Air Force Boeing WC-135W Constant Phoenix (61–2667, callsign N/A) nuclear explosions detection aircraft flight from Eielson Air Force Base in Alaska. Source
  • 23JAN2022: Lasai Aviation (on behalf of U.S. Army) Challenger 650 Leidos ISR ARTEMIS (N488CR, callsign BRIO68) flight from Constanța, Romania to Ukraine-Russia border. Source
  • 23JAN2022: Summary of 5 ISR flights over Ukraine-Russia borders by U.S. and Sweden. Source

--

--

The Spy Collection

Written by The Spy Collection

1.1K Followers

Weekly summaries of all published espionage-related news stories. For inquiries please use: info@spycollection.org

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams