SPY NEWS: 2022 — Week 30

Summary of the espionage-related news stories for the Week 30 (July 24–30) of 2022.

1. Podcast: Team House: The Life & Death of One of America’s Secret Soldiers

This is a nearly 2.5-hour long episode covering the story of Michael Froede (see week 5 story #34). M. Froede committed suicide in 2019 after a series of mental health problems related to his clandestine profession as a Human Intelligence (HUMINT) and cyber warfare operations expert in the secretive Communications Technology Research Activity (COMTECH) of the U.S. Army Intelligence Command (INSCOM). In the video, Froede’s ex-wife, a subject matter expert, Dr Kate Rocklein, covers the subject of suicides in special operations community. As per the description, “Dr. Kemplin earned her BNSc at Queen’s University, MScN and Doctorate in Nursing Practice at Loyola University (New Orleans), and PhD from Rush University (Chicago). Kate was a civilian emergency/trauma nurse specialist for the United States Army before becoming faculty in Nursing and Operational Medicine at the Medical College of Georgia with subsequent appointments in the University of North Carolina and University of Tennessee systems. In early 2020, Kate was appointed Chief Nursing Officer of Columbia/Presbyterian’s 220-bed COVID hospital during New York City’s worst pandemic surges to date. Dr. Kemplin returns home to Queen’s from the University of Windsor Faculty of Nursing where she directed the Kemplin Lacesso Research Lab.”

2. New Wikipedia Page for Namibia’s NCIS

On July 24th, someone created the first ever Wikipedia page for the Namibia Central Intelligence Service (NCIS), as per the page, NCIS “is responsible for all intelligence services of Namibia and was established in June 1998 through Proclamation 12/1998 which enforced the Namibia Central Intelligence Service Act 10 of 1997.” Since then, NCIS had 4 Director-Generals with the current one being Benedictus Likando.

3. Russian Government Accuses Navalny’s Alliance of Teachers of Providing Information to the Ukrainian SBU and the West

As it was reported, “the Head of the State Duma Committee on Information Policy, Information Technologies and Communications, Alexander Khinshtein, accused the trade union of opposition leader Alexei Navalny, the Alliance of Teachers, of openly transferring the personal data of Russian teachers working in the Donbass to the West and the SBU. As evidence, the deputy published on his Telegram channel screenshots from the VKontakte social network, which showed acts of espionage. Thus, in one of the posts, representatives of the association admitted that they had passed on the contacts of Russian teachers to journalists from The Washington Post. The parliamentarian added that he would send requests to the Prosecutor General’s Office and the FSB demanding to check the activities of the Alliance representatives. The Alliance of Teachers is part of the Navalny Trade Union, which was created by an associate of the opposition politician Daniil Ken in 2019.”

4. Belgium Intelligence to Monitor Chinese Investments

Intelligence Online reported on Monday that Belgium drafted a new law to crate an intelligence agency “to “filter” foreign investments, which is in line with the approach taken by more and more European countries.” The article notes that this is because the government of Belgium wants “its intelligence services to keep tabs on Chinese investments.”

5. New Russian FSB Cyber Espionage Operation Targeting Ukraine

On Monday, cyber threat intelligence researcher Souiten discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as GAMAREDON, who has been previously associated with Russia’s Federal Security Service (FSB). The operation used a lure document titled “Попереднє бойове розпорядження зі зв’язку начальника штабу — першего заступника командира 43 оабр.lnk” (Preliminary combat order on the communication of the chief of staff — the first deputy commander of the 43rd Heavy Artillery Brigade.lnk) which, if opened, was covertly installing a custom cyber espionage software implant. Note that the Ukrainian Armed Forces 43rd Heavy Artillery Brigade is based in Pereiaslav and is actively operating in the eastern front.

6. Spy Collection: AID TX-788 Disguise Motorola Pager Audio Transmitter (bug)

We published a video about an early-1990s covert listening device disguised as a Motorola pager, manufactured by the Audio Intelligence Devices (AID). At that time, AID was the largest manufacturer of covert surveillance electronic devices and extensively used by intelligence agencies and law enforcement agencies conducting covert surveillance operations.

7. Further Details on Mossad Operatives Arrested Last Week in Iran

This is a follow up from week 29’s story #80 that was published on Monday. The new report says that “an “Israeli-linked” sabotage team it recently arrested had planned to destroy a sensitive facility in the central Iranian province of Esfahan. According to a Sunday report by Nour News, a website affiliated with the secretary of Iran’s Supreme National Security Council (SNSC), Ali Shamkhani, “These individuals (Mossad-linked agents) had identified a sensitive center in Esfahan, planted strong explosives there, and only a few hours were left until the explosion” when they were arrested. The report added that the members of the network were trained in an African country for months and had simulated the planned operation several times. It claimed that Iran’s security forces were monitoring the team even before it arrived in Iran and all its members and contacts both inside and outside the country were identified by the Intelligence Ministry several months before they entered the country. The report did not disclose the name of the site, but Esfahan is home to Iran’s largest multi-purpose nuclear research complex with about 3,000 scientists. It also operates a conversion facility, a fuel production plant, a zirconium cladding plant, and four small nuclear research reactors — all supplied by China — as well as other facilities and laboratories. Moreover, it could also mean the all-important Natanz uranium enrichment facility, which is located in the province of Esfahan. Natanz was the target of two major sabotage acts in the past two years- in July 2020 and April 2021, both ascribed to Israeli intelligence.” Later on, the Iranian Ministry of Intelligence (MOIS) released more details, including photos of the confiscated espionage and sabotage equipment captured with the Mossad operatives.

8. The Death of DGSE’s Intelligence Directorate in 2022 Reforms

As reported by Intelligence Online, “the reform of France’s external intelligence service, the DGSE, which was published on 16 July, looks to have signed the death warrant of its intelligence department, Direction du Renseignement (DR). Former DR executives remain as influential as ever, however, in the new structure.” Note that the last significant reforms in DR where in 2000 when DR was restructured to two services, the “le service de renseignement politique (SRP)” (political service), and the “le service de renseignement de sécurité (SRS)” (security intelligence service). A smaller restructure took place in 2012 when DR was restructured to four departments: 1) Counter-proliferation, 2) Counter-terrorism, 3) Economic security, and 4) geopolitical intelligence and counter-intelligence. The new (2022) structure changed the entire DGSE organisation which currently has: 1) DR (Intelligence Directorate), 2) DA (Administration Directorate), 3) DO (Operations Directorate), 4) DS (Strategy Directorate), and 5) DT (Technical Department). The new structure tries to “break the silos” by having: 1) DA ( Administration Directorate), 2) DRO (Research & Operations Directorate), 3) DTI (Technical & Innovation Directorate), and SGAS (General Secretariat for Analysis and Strategy), and multiple dedicated mission centres.

9. Turkish MİT Assassinates PKK/YPJ Commander in Syria Causing Tensions with US Government

This week it was reported that the Turkish National Intelligence Organisation (MİT) assassinated Kurdish female PKK/YPJ Commander Salwa Yusuk with a drone strike. According to the Turkish government PKK and YPJ are classified as terrorist organisations, but YPJ is part of the US-backed Syrian Democratic Forces (SDF), with Salwa Yusuk being a strategic ally of the US special operations and intelligence community. The US Central Command (CENTOM) said that “Salwa was a critical SDF leader who led forces in combat vs ISIS since the height of the fight to defeat the vile ideology in NE Syria in 2017, CENTCOM extends our condolences to the Families of these 3 SDF fighters, the people in Northeast Syria & our SDF partners.”

10. Dutch Law Enforcement Spies on Millions of People

On Monday it was reported that despite the Dutch government’s efforts to control the data collected by intelligence agencies and law enforcement, it was discovered that the law enforcement keeps permanent records of millions of people including living conditions, marital status, DNA samples, data of people per postcode, and other details, even for people that were never part of any criminal investigation. The article concludes that “according to privacy expert Rejo Zenger of civil rights organisation Bits of Freedom, the police are breaking the law by collecting data they do not need. “The police should not collect more data than is strictly necessary for their task,” he says. Large amounts of information carry risks, he says, such as data breaches. The police force denies in Trouw that the law is being broken. “The police cannot do their job without up-to-date personal data,” said Henk Geveke of the police force management. “We have a legal basis for using and keeping that data up to date. We have come to the conclusion that we can do with less data, and we are working on that.””

11. North Korean Cyber Espionage Operation Targeting US, EU and South Korea

On Thursday cyber security and intelligence firm Volexity published a technical analysis for a new cyber espionage operation attributed to an actor dubbed as SHARPTONGUE who has been previously associated with the intelligence services of North Korea. As per the report, the North Korean cyber operators were observed “targeting and victimizing individuals working for organizations in the United States, Europe and South Korea who work on topics involving North Korea, nuclear issues, weapons systems, and other matters of strategic interest to North Korea.”

12. The Untold Story of the CIA/Stasi Double Agent Abandoned After 22 Years of Service

The Conversation published this story based on an interview of a double agent (CIA and Stasi) codenamed as “M” in the story. As per the article, “these are the words of double agent “M”, who operated for the Dutch security service and the CIA against the East German Stasi for 22 years. In early 1985, it appeared that the Stasi may have uncovered his deception — and his true loyalty to the west. He was in East Berlin at the time and the men had rudely awoken M around 4am. Still in pyjamas, he was taken from the safe house where he was staying for debriefing sessions with his Stasi handlers to a van with darkened windows that transported him, under armed guard, to a prison. They told him he was in the Untersuchungshaftanstalt (pre-trial detention center) Berlin-Hohenschönhausen, a notorious site during the cold war under the control of the Ministry of State Security (Stasi). M was forced to undergo a degrading and extremely painful cavity inspection, before being taken — still naked — to an interrogation room. His captors intimidated him by pouring cold water over him from a bucket until the afternoon. They taunted him constantly, saying things like “You betrayed Marxism-Leninism” and “You are a CIA agent”. Yet M said he felt strangely reassured because these accusations were not specific — they were meant to provoke him. In other words, his interrogators seemed to lack proof.”

13. Ukrainian SBU Exposed Network Providing Ukrainian Passports to Russian Saboteurs

On July 28th Ukraine’s Security Service (SBU) announced the dismantling of a network “organised by a former tax official from Donetsk who, after the temporary occupation of the regional centre, moved to Kharkiv. The perpetrator used personal connections in the law enforcement field to produce fake documents.” According to the SBU, the fake passports were utilised to “carry out intelligence and subversive actions for the benefit of Russia while trying to legalise them on the territory of Ukraine for purposes of conspiracy.”

14. UK’s MI5 ‘Breached Surveillance Laws for More Than a Decade’

On July 26th the Forbes reported stating that “a UK tribunal has been told that security service MI5 has been breaching surveillance laws since 2010, and unlawfully obtaining bulk surveillance warrants against the public. Human rights groups Liberty and Privacy International have told the Investigatory Powers Tribunal that MI5 has stored data on members of the public without the legal right to do so, and failed to disclose this to the Home Office and oversight bodies.”

15. Austrian Counter-intelligence Arrested 3 Turkish Spies

On Tuesday it was reported that the Austrian authorities uncovered and arrested 3 individuals located in two houses in Tyrol who had infiltrated the local Fethullah Gülen movement groups, which is classified as a terrorist organisation by Turkey, and were gathering intelligence on the members of the movement located in Austria. According to the report, they managed to provide their Turkish MİT handlers with the identities of 800 members of the Gülen movement currently residing in Austria.

16. Podcast: 6 New Episodes by Spycraft 101

Throughout this week, the Spycraft 101 published a total of 6 new podcast episodes. Those were: 1) An Amoral Intelligence Superstar with Blaine Harden, 2) The Green Beret Defector with Greg Walker, 3) The CIA and Polish Intelligence with John Pomfret, 4) The Complicated Case of James Angleton, 5) Communist Indoctrination of American POWs with Brian D. McKnight, and 6) A Counterintelligence Agent Turned Romanov Heir with Tim Tate.

17. Secret Briefing Zeroes in on Suspected Russian Spy Station in New York

On July 27th, The Daily Beast published this story stating that “classified talks were held in D.C. on Friday, with pressure growing on counterespionage officials to stamp out a suspected Russian intelligence compound in the Bronx.” Quoting the article, “Torres, a member of the House Homeland Security Committee, requested that the Biden Administration consider opening an investigation into the compound in order to protect the country against Russian espionage. It’s not clear what the outcome of the meeting was. Torres declined to comment on what was discussed in the meeting, citing the classified nature of the gathering. Due to security reasons, the State Department also declined to share details about the meeting. But the compound — located at 355 West 255th St. in Riverdale, NY — has long been suspected to serve not only as a residence for Russian diplomats, but also as an outpost for Russian intelligence agencies. Ever since the austere, 20-story white building in the complex was constructed in the 1970s to serve as an enclave for Russian diplomats working at the United Nations (UN), it’s been the focus of speculation that the Russians are using the building’s towering perch to conduct surveillance, evade U.S. intelligence operatives, and conduct other spy work.”

18. Canada’s Spy Agency Ditches Job Ads After Mixed Reviews from Focus Groups

On July 26th it was reported that “Canada’s cyberspy agency has changed course on proposed recruitment efforts after focus groups found job ads had too much of a “Big Brother vibe.” The Communications Security Establishment spent just over $56,000 earlier this year on research from Earnscliffe Strategy Group that explored reactions to various branding concepts, including graphic designs that featured big camera lenses. Some focus group participants told the researchers that the agency’s logo in the middle of a lens evoked “surveillance, a Big Brother vibe, and that CSE is always watching.” In a statement, the cybersecurity agency specifically tested Chinese-language ads as part of its effort to recruit diverse analysts to monitor foreign intelligence.”

19. 24th Intelligence Agencies of Turkic Speaking Countries Conference (TÜRKON)

This week Sadir Caparov, President of Kyrgyzstan, headed the TÜRKON which was attended by the Kyrgyzstan National Security State Committee (UKMK) Chairman Kamchibek Tasiyev, Azerbaijan State Security Services (DTX) Chairman Ali Nagiyev and Azerbaijan Foreign Intelligence Service (XKX) Deputy Chairman Samir Ismailov, Kazakhstan National Security State Committee (KGB) Chairman Ermek Sagimbayev, Turkish National Intelligence Organisation (MİT) Head Hakan Fidan and Uzbekistan State Security Service (DXX) Head Abdusalom Azizov. The spy chiefs discussed the common challenges and future collaboration among the agencies.

20. Podcast: SpyCast: The Spies Who Came in From the Cold

The International Spy Museum’s SpyCast published a new podcast episode featuring Chris Costa and John Quattrocki. The intelligence topics covered are: 1) Two Cold War intelligence experiences, 2) Two perspectives on the U.S. intel. community in the 80’s & early 90’s, 3) Two reflections on the art and science of counterintelligence, and 4) Two perspectives on serving on the National Security Council.

21. Ukraine’s SBU Captures Russian Agent in Sumy

On July 27th Ukraine’s SBU issued a press release for the detainment of a Ukrainian national acting as a Russian FSB agent in the region of Sumy. The report states that his FSB handlers “were especially interested in information about the movement of units with military equipment” and also says that “during the reconnaissance of Ukrainian positions, the enemy agent took photos and videos, and then forwarded them to an officer of Russia’s FSB in the form of electronic files linked to the area. The occupiers planned to use this data for massive artillery shelling of the region. The traitor is a local resident recruited by a representative of the Russian special services after the full-scale invasion of the Russian Federation. SBU officers have already identified the identity of the occupier with whom this agent cooperated.”

22. Microsoft MSTIC Uncovers Austrian Cyber Espionage Vendor

The Microsoft Threat Intelligence Centre (MSTIC) uncovered and exposed an Austrian private company (DSIRF) which develops and sells cyber espionage solutions to government intelligence agencies. According to MSTIC the cyber espionage solutions offered by DSIRF “have targeted law firms, banks, and strategic consultancy organizations worldwide, including Austria, the United Kingdom, and Panama.” The cyber espionage suite DSIRF is selling is named “SubZero” but MSTIC had given it the codename KNOTWEED. Their report concludes that they see such vendors increasingly “selling their tools to authoritarian governments that act inconsistently with the rule of law and human rights norms, where they are used to target human rights advocates, journalists, dissidents and others involved in civil society.”

23. Chinese Intelligence Tried to Establish an Espionage Network Inside the US Federal Reserve

NBC News reported that “the Chinese government tried to obtain sensitive internal information and build a network of influence and informants inside the Federal Reserve, according to a new report released Tuesday by Republican staff members of the Senate Homeland Security and Governmental Affairs Committee. The report from the committee staff of Sen. Rob Portman of Ohio, the ranking member, did not conclude whether the attempts, which included the detention of a Federal Reserve employee, were successful.” According to FedScoop, “Chinese officials allegedly compromised IT equipment belonging to a Federal Reserve employee and copied information from the individual’s WeChat account, according to a report published yesterday by the Senate Homeland Security and Governmental Affairs Committee. An investigation by minority staff on the committee alleges that the equipment was compromised while the Fed employee was detained four times by Chinese government staff during a trip to Shanghai in 2019.”

24. Polish Intelligence Exposes Network of Russian Covert Prisons in Ukraine

On July 27th, the Polish intelligence publicly released details of a series of unmarked buildings in the Russian occupied territories stating that in those covert facilities Russian officials are carrying out “verification of the detained, looking for people with combat experience and officials of the Ukrainian government. They also study the attitudes of specific people towards Russia. Those who do not raise any objections from the invaders are generally deported to Russia. Some of these people are forcibly conscripted into the Russian army and then sent to the front. People who raise doubts are brutally repressed. They are tortured, they are forced to testify or make statements against Ukraine, or they are brought to court as part of propaganda, show political trials. Russian FSB officers are responsible for the described actions against the civilian population, and they also “interrogate” the detained Ukrainians.”

25. Former Nac Couple Suspected of Spying for Russia

The Daily Sentinel reported that “a former Nacogdoches couple suspected of spying for Russia faces federal charges after investigators say they stole the identity of two dead children and used them for decades. Walter Glen Primrose and Gwynn Darle Morrison were arrested Friday at their home in Kapolei, Hawaii, on four counts related to identity theft, and court filings this week link them to Russian intelligence.” Clearance Jobs also published an article about this same case.

26. British MoD Seeks Ground Segment Solution for Space ISR

Olivia Savage of Jane’s reported that “the UK Ministry of Defence (MoD) has launched a new GBP20 million (USD24.2 million) 36-month project named Beroe, which seeks a ground segment software solution for controlling UK’s space-based intelligence, surveillance, and reconnaissance (ISR) constellation.”

27. Latvian VDD Prosecutes Belarusian on Espionage Charges

Via an official announcement Latvia’s State Security Service (VDD) stated that “on 18 July 2022 VDD referred a case to the Prosecutor’s Office to initiate criminal prosecution against a person for espionage in the interests of a Belarusian military intelligence service.” The report highlights that “during the investigation it has been determined that the person on behalf of the Belarusian military intelligence service has covertly photographed and filmed objects of the Latvian defense system, critical infrastructure objects for electricity supply, as well as significant civil infrastructure objects. Information obtained by VDD during the investigation indicates that the person has obtained intelligence regarding at least 17 nationally important objects.” The suspect was detained on February 15 this year.

28. HawkEye 360 Opens Advanced Technology and Development Centre in Northern Virginia

This week it was announced that the spy satellites vendor HawkEye 360 opened a 19,000 sq. ft. facility in Herndon, Virginia, US. As per the announcement, “Hawkeye 360 is pleased to announce the grand opening of our Advanced Technology and Development Center in Herndon, Virginia. This 19,000 square-foot data processing, software development, and satellite manufacturing facility continues HawkEye 360’s commitment to supporting the U.S. and allied government needs.”

29. Summary of Cyber Espionage Activity from Q2 2022

On July 28th the Global Research & Analysis Team (GReAT) of Kaspersky published their Trends Report for nation-state cyber espionage activity observed throughout the 2nd quarter of 2022. It covers operations from Russia, China, Middle East, Southeast Asia and Korean Peninsula, as well as some other interesting discoveries.

30. Ukrainian SBU Detains Russian Agent in Kiev

On July 25th Ukrainian SBU stated that they detained a 41-year old Ukrainian national, resident of Kiev, who was recruited by Russian intelligence services and acted as an agent since April 2022. SBU says that “he received an assignment from a Russian citizen who is in the temporarily occupied territories of Ukraine as a military correspondent for one of the Russian TV channels (“First Channel”). Since April 2022, the attacker regularly gave her information for the intelligence units of the Russian occupation forces. For the espionage, the agent used different mobile phone numbers and corresponded exclusively in messengers. And to identify each other in the network, “subscribers” used pre-agreed coded language.” Their communication was performed using the WhatsApp mobile application.

31. Spy Way of Life: The Travellers Club in the UK

For this week’s Spy Way of Life post, Intelligence Online selected a site in the United Kingdom. The Travellers Club, “a historic venue on the grand Pall Mall.” Intelligence Online describes it as a place where “big business meets big secrets” since, for example, Daily Telegraph executive editor Con Coughlin, best known for his access in the MI6, once said “there followed a series of lengthy discussions between Seif al-Islam and Mark Allen, then head of counter-terrorism at Britain’s Secret Intelligence Service (MI6), that were conducted within the elegant confines of London’s Travellers Club.”

32. US Defence Mapping Agency (DMA) 50th Anniversary

On July 28th the United States National Geospatial-intelligence Agency (NGA) published a short video for the 50th anniversary of the Defence Mapping Agency (DMA). As per the video description, “this July, we celebrate 50 years since the creation of the Defense Mapping Agency (DMA), a predecessor organization to NGA. Military mapping, charting, and geodesy have a long history. Until the creation of the DMA, the armed services pursued these activities independently, resulting in duplicated effort and unnecessary expense. For these reasons, the President’s Blue-Ribbon Defense Panel recommended creating one agency to handle these functions for all the services and other Department of Defense elements — creating the DMA.”

33. FSB Reveals Ukrainian Deception Operation to Lure Russian Air Force Pilots to Defect to Ukraine

Russian intelligence expert Christo Grozev wrote a detailed thread for a Russian Federal Security Service (FSB) counter-intelligence operation to stop a deception operation that Ukrainian SBU was running to target Russian Air Force pilots. SBU lured the Russian pilots by promising millions of USD in return of them flying with their aircraft to specific airfields in Ukraine and then defecting to Ukraine, with, allegedly, the end goal being their capture. Russia’s FSB used a wide variety of methods, including honey traps, to identify the Russian pilots that were considering that and arrest them.

34. Greek Opposition Leader Targeted with Predator by Unidentified Spy Agency

Following the ongoing investigation of the European Parliament of illegal uses of the cyber espionage suites, this week it was identified that among the mobile phones of 60 European Parliament members investigated, the one belonging to “Nikos Androulakis, leader of Greece’s third-largest political party and a member of the European parliament” was targeted on September 21st, 2021 by Predator (developed and sold by the Israeli Balinese). This resulted in a hearing, behind closed doors, in the Greek parliament headed by the Director of the National Intelligence Service (NIS).

35. Ukrainian SBU Neutralised Network of Russian Agents in Donetsk and Bakhmut

With a formal announcement Ukraine’s Security Service (SBU) stated that they successfully “neutralised the Russian agents who were correcting missile strikes on the Donetsk railway. The attackers were gathering intelligence on the positions of Ukrainian troops, and were also correcting artillery fire on critical infrastructure objects. SBU officers exposed the manager of one of the local Ukrainian Railways stations for collaborating with the enemy. While in office, she “leaked” secret information to the aggressors about the movement of the Defence Forces of Ukraine in the territory of the region. Another Russian agent was detained by counter-intelligence officers of the SBU in Bakhmut. The agent gave the aggressors information about the location of the units of the Armed Forces in the front-line. Two more enemy informants were detained for gathering of intelligence on the movement of Ukrainian troops in the Bakhmut district and near Druzhkivka.”

36. British MI5 Labels LinkedIn as a Major Threat with Foreign Intelligence Agencies Using it to Target National Security Staff

Former CIA officer Christopher Burgess published this article stating that “the United Kingdom’s MI5 director general Ken McCallum called out the behavior of the UK’s intelligence and military communities’ personnel and their use of the social network, LinkedIn. McCallum minced no words noting that personnel were identifying themselves as involved in sensitive classified work and that these disclosures were a breach of government directives. McCallum highlighted how LinkedIn was being used to target UK government and business by the nation’s adversaries.”

37. Polish AW Releases More Intercepted Russian Communications

Following week 26 story #61, week 27 story #68, and week 28 story #26 on July 29th the Foreign Intelligence Agency (AW) of Poland released more intercepted communications of Russian troops. The summary of this post states that those communications indicate “lack of procedures, cheating soldiers, collapse of morale in the army and the authority of commanders, respect for the efficiency of the Ukrainian army — another interview intercepted by the Foreign Intelligence Agency shows the real situation in the Russian military and proves that soldiers are aware of the gap between the facts and the lies of the Kremlin. The Russian soldier overheard says straightforwardly: “Propaganda is working in our country.”.”

38. Citizen Lab Demonstrated Evidence Showing that the Thai Intelligence Had Purchased Pegasus Cyber Espionage Suite

With a tweet the Director of Citizen Lab shared a procurement document of the Thai government as a follow up from week 29 story #26 which demonstrated how the Thai authorities were using the Pegasus cyber espionage suite (developed and sold by the Israeli NSO Group) to target pro-democracy protesters, and activists calling for reforms to the monarchy. The document shows that Pegasus was purchased on December 2021 for €9,483,306 and it was codenamed as an Israeli product from “Q Cyber Minotaur.”

39. Interview: Ric Prado, Former Chief of Operations, CIA’s CTC, and Senior CIA Operations and Paramilitary Officer

Last Sunday, the US Association of Foreign Intelligence Officers (AFIO) published a 21-minute long video of an interview with Enrique “Ric” Prado, who, as per the description is a “Former Chief of Operations of CIA’s Counterterrorism Center (CTC) and Senior CIA Operations and Paramilitary Officer, and AFIO President James Hughes, a former senior CIA Operations Officer.”

40. Georgian Citizen Charged as Spy in Abkhazia

On July 26th it was announced that “the security service of Russian-occupied Abkhazia filed charges of spying against 24-year-old Kristine Takalandze who lives in Nabakevi village, in the ethnic Georgian majority Gali district on July 25. Takalandze, who is a Georgian citizen, was detained in her home during a special operation on July 20. She faces ten to fifteen years imprisonment under Article 274 of the Abkhaz criminal code on the grounds that she went against the constitution and the Abkhazian “state.”.” The video of her arrest was also released.

41. Frederick Barclay Received £800,000 to Settle Ritz Espionage Case

Jane Martinson of The Guardian reported that “Sir Frederick Barclay received £800,000 from his nephews for settling a legal battle over alleged “commercial espionage on a vast scale” that included bugging of thousands of his private conversations at the five-star Ritz hotel, a court was told. It also emerged in the high court on Tuesday that the feud played out between two sides of the Barclay family, which owns the Telegraph media group as well as Yodel and Shop Direct.”

42. Israeli RAFAEL Releases New Video on the IMILITE Intelligence System

On Thursday the Israeli RAFAEL published a new 3-minute long video for the IMILITE Intelligence System, described as a “multi-sensor, multi-mission AI-based exploitation system for unified IMINT centers.”

43. National Security Search Engine: Google’s Ranks Are Filled With CIA Agents

The MR Online published an article based on Open Source Intelligence (OSINT) showing how some cases of CIA-Google collaboration as well as several key positions in Google which are held by former CIA officers. Some examples of former CIA officers working for Google include the Senior Manager of Intelligence Collection in Trust & Safety, a Senior Policy Advisor, an All-Source Intelligence Analyst Lead in YouTube, the Director of Global Risk Analysis in Google’s Global Security Resilience Services, and others. The article concludes that “while this article is not trying to claim any of the individuals named are nefarious CIA plants, the way in which Google and the CIA have worked so closely together raises national security questions for all other nations, especially those attempting to pursue foreign policies independent of the United States. Ultimately, the line between big tech and big brother has been blurred beyond recognition.”

44. In Malaysia, Probe Against Ex-Spy Chief Still Going On

The FMT reported that “the Malaysian Anti-Corruption Commission (MACC) is still investigating former intelligence chief Hasanah Ab Hamid for alleged criminal breach of trust, says law minister Wan Junaidi Tuanku Jaafar. In April, Hasanah, the former head of the Malaysian External Intelligence Organisation, was granted a discharge not amounting to an acquittal (DNAA) in her RM50 million CBT case. The prosecution had indicated that she would face the charge at a later date following the discovery of a “new development”.”

45. Analysis: The West Should Not Trust Ukrainian Spy Agencies. Neither Should Ukrainians

This article was published by IntelNews on July 28th describing the recent revelations of the Ukrainian intelligence agencies having been penetrated by the Russian ones, and what this means for the trust that is put in them.

46. North Korean Cyber Espionage Operation Targeting South Korea

On July 25th cyber threat intelligence researcher Jazi discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as KIMSUKY, who has been previously associated with the intelligence services of North Korea. The operation involves a lure document impersonating South Korea’s National Assembly, related to the issues of the National Intelligence Service (NIS) of South Korea. If the target(s) opened the lure file, it was covertly installing a custom cyber espionage software implant.

47. A Juror Explains Why a CIA Hacker Was Convicted

Patrick Radden Keefe of The New Yorker published this article for the case of former CIA software engineer Joshua Schulte who was recently convicted for being the person behind the Vault 7 WikiLeaks revelations of CIA’s hacking capabilities (see week 28 story #36).

48. Overview of Nikolai Luzan, FSB’s Favourite Spy Writer

Soviet and Russian intelligence expert Dr. Filip Kovacevic shared two slides from one of his presentations relating to Nikolai Luzan, a spy fiction writer who is highly regarded among the Russian intelligence community, and mainly within the Federal Security Service (FSB).

49. New Group to Promote Open-Source Intelligence, Seen as Vital in Ukraine War

On July 27th Dustin Volz of the Wall Street Journal published this article stating that “a group of former U.S. national security officials has formed a professional association to promote the tradecraft of open-source intelligence, the analysis of publicly available data that has helped Western powers understand and track Russia’s war on Ukraine. The creation of the Open Source Intelligence Foundation, which was done in consultation with the nation’s spy agencies but isn’t formally associated with them, seeks to raise the prominence of a field of intelligence-gathering long viewed as less vital to national security priorities than traditional forms of espionage. “It’s an increasingly critical discipline,” said Barbara Alexander, president of the new foundation, which will be based in Northern Virginia and is expected to formally launch next week.”

50. FBI CD: Three in Lebanon Charged in Schemes to Smuggle Weapons from Cleveland and Income Tax Evasion

On Tuesday, United States FBI Counterintelligence Division (CD) released a statement that “three indictments were unsealed in federal court, detailing charges against three men, two formerly of Northeast Ohio, who are believed to be currently residing in Lebanon. Named in the indictments are George Nakhle Ajaltouni, 47, formerly of North Olmsted; Jean Youssef Issa, 48, of Batroun, Lebanon; and Nakhle “Mike” Nader, 51, formerly of Cleveland. Ajaltouni and Issa are charged for their roles in a scheme to smuggle and illegally ship firearms from Cleveland to Lebanon. Nader is charged in a separate indictment with income tax evasion.” The three indictments are available online for: 1) George Nakhle Ajaltouni, 2) George Nakhle Ajaltouni (fraud case), and 3) Nakhle “Mike” Nader.

51. Another Indian Army Officer Honey Trapped by Pakistani ISI

After several such cases this year, on July 29th it was reported that “another Indian Army soldier Shantimay Rana, 24, allegedly leaks sensitive information to Pakistan. According to the details, he is being accused of leaking information related to the Indian Army to the female Pakistani woman and has been arrested for the offence. Reports claim Rana shared the information about his regiment and videos of exercises of the Indian Army through social media. Indian Army officer belongs to Kanchanpur in West Bengal and was posted in the Artillery Unit in Jaipur. He has been in the Indian Army since 2018. Director General of Intelligence Wing of Rajasthan Police Umesh Mishra said, “Pakistani agents Gurnaur Kaur alias Ankita and Nisha had contacted the Jawan through social media.” “The women honey trapped him and sought information from him. The soldier shared classified information related to his regiment and videos related to army exercises. He also received the money in place of it,” he said.”

52. United States NRO Announces New Launch Date for the NROL-199 Spy Satellites Mission

After the Rocket Lab delay (see week 29 story #18) this week the US National Reconnaissance Office (NRO) announced an update for the NRO Launch 199 (NROL-199) spy satellite mission stating that “software updates are complete and we’re now targeting no earlier than 1 a.m. EDT / 5 a.m. UTC, August 2 for our NROL199 mission launch on a RocketLab Electron rocket from New Zealand.”

53. Venezuelan Spy and Alleged Drug Trafficker Linked to Luxury Flats in Barcelona

On July 29th The Paradise reported that “Pedro Luis Martin Olivares is a former Venezuelan intelligence chief wanted in the U.S. for drug trafficking. His family has managed to acquire millions of dollars’ worth of property in Spain.”

54. SBU Detains Head of Security of Ukrainian Parliament Deputy

On July 27th Ukraine’s SBU announced the arrest of the Head of Security of a Deputy from the Ukrainian parliament (Verkhovna Rada). As per the announcement, “SBU counterintelligence officers and NABU detectives detained the Head of the Security of one of the People’s Deputies of Ukraine. The man is suspected of illegal possession of ammunition, several hand grenades, as well as cartridges for rifled firearms, were seized from him. According to the SBU, the suspect was close to a fugitive incumbent deputy, whom the SBU considers working for the Russian intelligence services. In particular, this deputy oversaw the creation of a number of private security companies in various regions in order to use these structures for a quick takeover of Ukraine. The law enforcement officers discovered and seized materials from the Head of Security that prove long-term subversive actions by the People’s Deputy against Ukraine, his constant connections with representatives of the Russian state and collaborators. After a detailed study and analysis of the discovered items and documents, the actions of the elected official and his accomplices will be given a proper legal assessment.”

55. New Report on the MI5 Failures in the 2017 Manchester Arena Terrorist Attack

Following week 26 (story #40) and week 7 (story #16) revealing that the 2017 Manchester Arena terrorist attack was an intelligence failure from the British MI5, and then there were cover-up attempts, this week the Declassified UK published a new research article revealing a documentary for this case. As per the article, “Declassified UK’s new film on the Manchester Arena attack investigates the long-term political roots of the tragedy, probing the role of British foreign policy. It uncovers evidence UK authorities not only failed to prevent the atrocity, but contributed to it.”

56. Kyrylo Budanov Appointed Head of Ukraine’s Intelligence Committee

On July 26th it was announced that “Kyrylo Budanov, Head of the Main Intelligence Agency of the Ministry of Defense of Ukraine, has been appointed head of the Intelligence Affairs Committee under the President. “Kyrylo Budanov will also chair the Committee on Intelligence under the President of Ukraine,” President of Ukraine Volodymyr Zelensky said in his traditional video message on Monday evening. Until July 25, 2022, the Intelligence Committee was headed by Ruslan Demchenko, who was dismissed on July 24 from the post of head of the Intelligence Committee and First Deputy Secretary of the Security and Defense Council of Ukraine.”

57. Burned and Blinded: Escalation Risks of Intelligence Loss from Countercyber Operations in Crisis

On July 25th, the CryptoMe published a 28-pages long academic research, originally published at the International Journal of Intelligence and Counterintelligence. The abstract of the paper says, “as the limitations of purely defensive cyber operations continue to be demonstrated in the continuing pressure of hostile cyberthreats, the U.S. government has introduced new doctrine to shape countercyber operations (CCO) leveraging offensive options to degrade threat capabilities and infrastructure. Planners have only begun to understand the broader implications of these new concepts in difficult periods of crisis. The article explores the parallels to other strategic early warning and intelligence capabilities, surfacing distinctions based on the unique dynamics of cyberconflict to identify scenarios in which CCO successes may prove potentially destabilizing and lead to greater escalation risk.”

58. Greek NIS Confirms Covert Surveillance of Journalist, Denies Political Espionage

Following story #34, after the classified hearing of the Director of the National Intelligence Service (NIS) in the Greek Parliament, it was revealed that: 1) That it wasn’t NIS who had Greek opposition leader Nikos Androulakis, and 2) Investigative journalist Thanasis Koukakis (see week 17 story #16 and week 15 story #16) was indeed under surveillance, using Predator, by the Greek NIS. As per the reports, “the Director of the NIS admitted that they were having journalist Thanasis Koukakis under surveillance. According to information, Panagiotis Kontoleon during the closed meeting of the Institutions and Transparency Committee said that this was done “at the request of the foreign services”.

59. Cyber Espionage Operation Targeting Iranian Companies

The InQuest cyber security firm published a technical analysis of a cyber espionage operation recently observed targeting Iranian entities, which is not yet attributed to a specific nation-state actor. The lure document impersonated “the supply of services to an energy company from southern Iran «Tavangoostar Niro va Gashtavar Jonob». The document also contains a link to this energy company.” However, if opened, it is covertly installing a custom cyber espionage software implant. The software implant “contains many spying features” but none of them links it directly to any previously known nation-state actor.

60. Belarusian KGB Keeps Lebiadok in Prison

Intelligence Online reported that “Yahor Lebiadok, the man behind the Telegram channel @lebiadok and a reserve officer in the Belarusian armed forces, last posted on social media on 11 July, one day before he was arrested for “refusing to comply” and transferred to Okrestina prison. Until early 2022 he was employed at the state laboratory of optics, optoelectronics and laser technologies at the National Academy of Sciences of Belarus, but according to Intelligence Online’s sources, following his dismissal this engineer had been living in his native province for several months. His firing from his post was likely linked to his activity as a commentator on military affairs in Eastern Europe and his statements to media outlets that had been blacklisted by the regime.” The article also highlights that “since the disputed elections, more than a thousand citizens recognised by the United Nations as political prisoners have been or are still being held in Okrestina, the police detention centre, or in the KGB detention centre, Amerikanka. This contingent has grown since Russia’s invasion of Ukraine, which has exacerbated social tensions in the country and made its security officials fearful of civil war breaking out. Witness accounts of torture taking place in both locations have been obtained from former detainees and from law enforcement defectives now organised under the aegis of the Bypol association.”

61. Turkish MİT Assassinates Another Female Kurdish Leader in Iraq

As per Medya Ege, the Turkish MİT assassinated Hatice Hezer, Council Member of the PKK, which is classified as a terrorist organisation by Turkey. MİT states that Hatice Hezer was codenamed “Berivan Zilan” and was assassinated in Northern Iraq, in the region of Kurdistan.

62. Former CIA Chief Admits to US Meddling in Foreign Elections

On July 26th, MR Online reported that “former CIA director James Woolsey has admitted that the U.S. “interferes” in elections in other countries to protect its interests. He made the candid remarks during an interview with Fox News presenter Laura Ingraham on Saturday. Asked whether the U.S. “meddles in other countries elections,” the former CIA chief replied: “Oh probably, but it was for the good of the system in order to prevent the communists from taking over.” Mr Woolsey cited Greece and Italy in the years following World War II as examples of how the U.S. has intervened to prevent communist parties from coming to power. “We don’t mess around,” he told the Fox News host. Nazi collaborators known as the Holy Bond of Greek Officers were handed $1 million (worth approx £13.7m today) annually by the CIA to prevent the country coming under the influence of the Soviet Union. Greece was an integral part of the NATO military alliance, with the Mountain Raiding Companies acting as part of its so-called stay-behind teams which crushed leftist groups across Europe.”

63. Tokyo Police Warn of Russian Industrial Espionage Attempts

As reported by NHK, “investigative sources have told NHK that Tokyo police have warned several Japanese high-tech companies about a Russian trade official suspected of approaching their employees in an apparent attempt to engage in industrial espionage. The sources say that last year an official from the Trade Representation of the Russian Federation in Japan was spotted outside several high-tech Japanese firms and seen approaching some of their employees. The official, speaking Japanese, reportedly made it look as if the person were just stopping to ask for directions. The Russian trade official was then seen asking for contact information, or inviting employees to dine together. Tokyo police suspect that this is part of a Russian attempt to conduct industrial espionage operations.”

64. US Space Force Establishes its Own Cryptologic Service

On July 29th, the FedScoop reported that “the Space Force has officially established its own cryptologic component, FedScoop has learned. Secretary of the Air Force Frank Kendall made the notification July 2, according to a Space Force spokesperson. The director for intelligence, surveillance and reconnaissance, S2, will serve as the service cryptologic chief with the S2 staff serving as the cryptologic staff. Each military service now has a cryptologic component which is responsible to the National Security Agency and Central Security Service. The NSA, in its combat support role, provides signals intelligence. The lesser-known Central Security Service “provides timely and accurate cryptologic support, knowledge and assistance to the military cryptologic community,” according to the organization’s website. Maj. Gen. Leah Lauderback, the current S2, is the first Space Force service cryptologic chief. She was recently nominated, however, to serve as Air Force deputy chief of staff for intelligence, surveillance, reconnaissance and cyber effects operations.”

65. DPR Reported They Found Intelligence Material on OSCE SMM Employees’s Luggage

On Friday it was reported that the, not recognised by most, forces of the Donetsk People’s Republic (DPR) found evidence that a staff member of the Organisation for Security and Co-operation in Europe (OSCE) Special Monitoring Mission (SMM) was conducting espionage in the region. As per the report, “the assumption that the staff of the OSCE Special Monitoring Mission was engaged in espionage was confirmed by the luggage of one of the representatives of the organisation, left by him at the Park Inn hotel in Donetsk. This was reported in the Headquarters of the Territorial Defence of the DPR. They clarified that at present the state security bodies of the Republic are studying the actions of one of the mission employees who collected official information about the Armed Forces of the DPR.”

66. How Fears of Chinese Digital Espionage ‘Got RAW Involved in Mauritius, Led to Snooping Scandal’

The Print published this story on July 28th saying that India’s “technical experts from the Research and Analysis Wing (RAW) issued multiple warnings, beginning early last year, about the People’s Liberation Army (PLA) using internet infrastructure built by controversial Chinese firm Huawei in Mauritius to conduct digital espionage against India and Western targets across the Indian Ocean, intelligence sources have told ThePrint. India’s concerns, which centred on a submarine landing station at Baie-du-Jacotet in Mauritius, were conveyed to the country through its National Security Advisor (NSA) Kumaresan Ilango, a former RAW officer, added the sources. Just last month, Mauritius Telecom (MT) chief executive Sherry Singh stepped down, claiming in an interview after the resignation that he received instructions from Mauritian Prime Minister Pravind Jugnauth to allow the installation of internet monitoring equipment at the Baie-du-Jacotet submarine-cable station. Singh’s allegations have snowballed into a growing political scandal, with opposition parties accusing him of treason. The equipment RAW sought to install is alleged to have consisted of digital sniffers — tools which allow internet traffic to be intercepted and stored for later analysis. India, sources said, has already deployed similar equipment at Kochi, one of the landing points for the South Africa-Far East (SAFE) optical fibre submarine cable linking South Africa, Mauritius, the French territory of La Réunion in the Indian Ocean, India, and Malaysia.”

67. Iranian Counterintelligence Arrested Swedish Spy

On Saturday morning, the Ministry of Intelligence (MOIS) of Iran announced the arrest of a Swedish national on espionage charges. The MOIS press releases states that the Swedish national was under MOIS’ counter-intelligence watchlist based on his past activities from multiple prior trips to Iran. That was based on suspicious actions such as visiting places entirely outside touristic destinations, following counter-surveillance tactics, and using covert communications. MOIS says his mission was to gather intelligence on another European spy arrested the past few months, especially related to his identity and intelligence network. He was arrested while attempting to leave the country. MOIS claims that he was there as a “proxy spy” in a collaboration of the Swedish and Israeli intelligence services.

68. 60 Minutes: “I am not a traitor”: Reality Winner Explains Why She Leaked a Classified Document

This week the CBS News’ 60 Minutes published an episode for former United States NSA linguist Reality Winner who in 2017 leaked a classified NSA report to the press, showing Russian GRU operators attempts to infiltrate political parties in the United States prior to the 2016 elections. Among others, Reality Winner stated that “I am not a traitor. I am not a spy. I am somebody who only acted out of love for what this country stands for.”

69. Russian Response on Irish Embassy Used for Espionage

On Saturday the Irish Times reported that the Russian ambassador to Ireland, “Yuriy Filatov, self-styled ‘whipping boy of Orwell Road’, mocks the idea the Dublin embassy is used for espionage.” The article continues that “Ireland has engaged in “unacceptable rhetoric which in my mind does not have any place in politics”, says Filatov. Dublin has already expelled four Russian diplomats this year after Taoiseach Micheál Martin said “their activities are not in accordance with the international standards of diplomatic behaviour” — political terminology for espionage. In turn, two Irish diplomats were expelled from Moscow”, and it concludes that “the Orwell Road complex has long been believed to operate as an espionage hub as well as an embassy. Security services suspect it is used to intercept signals as well as a base for agents tasked with influencing or blackmailing influential Irish figures.”

70. Cyber Espionage Operation Targeting Russian Financial Sector

On July 28th the Shadow Chaser Group of the GcowSec team discovered and disclosed technical indicators of a cyber espionage operation targeting Russian entities. Specifically, the lure document impersonated 1С-Битрикс (1C Bitrix), an open data platform for businesses. In this case it was targeting financial institutions and, if opened, it was covertly installing a cyber espionage software implant. No attribution statements were made.

71. The General Atomics MQ-9B SeaGuardian Spy Drone Participated in the RIMPAC Military Exercise

As reported by Navy Recognition, “according to a press release published by General Atomics on July 29, 2022, an MQ-9B SeaGuardian® Unmanned Aircraft System from General Atomics Aeronautical Systems, Inc. (GA-ASI) is under contract with the U.S. Navy to support the Rim of the Pacific (RIMPAC) 2022 exercise. RIMPAC, the world’s largest international maritime exercise, started in late June and continues until early August in Hawaii and Southern California operations areas. GA-ASI’s SeaGuardian is a maritime derivative of the MQ-9B SkyGuardian® and remains the first UAS that offers multi-domain Intelligence, Surveillance, Reconnaissance, and Targeting (ISR&T) as an internal payload that can search the ocean surface and the depths in support of Fleet Operations. The UAS is also providing real-time ISR data feeds to the U.S. Pacific Fleet Command Center using Signals Intelligence (SIGINT) parametric and full-motion video to the watch floor and intelligence centers for real-time, dynamic tasking. As of July 25, 2022, 11 flights totaling over 80 hours have been flown by SeaGuardian showcasing all operational payloads, which includes Electronic Intelligence (ELINT), Communication Intelligence (COMINT), Automatic Identification System (AIS), Anti-Submarine Warfare (ASW) monitor and control of sonobuoys, GA-ASI developed Lynx® Multi-mode Maritime Radar, high-definition Electro-Optical/Infra-Red (EO/IR) imaging system and Link 16. SeaGuardian’s multi-domain capabilities allow it to flex from mission to mission and pass real-time sensor data directly to the Fleet through Link 16 and satellite feeds to the shore-based command and intelligence centers. During RIMPAC, the MQ-9B has effectively passed ISR&T information to various surface and air units, such as the USS ABRAHAM LINCOLN, Guided Missile Destroyers, Littoral Combat Ships, frigates, patrol boats, P-8s, P-3s and a litany of other U.S. and foreign units taking part in the exercise.”

72. US DoJ: Russian National Charged with Conspiring to Have US Citizens Act as Illegal Agents of the Russian Government

On Friday the United States Department of Justice (DoJ) issued a press release stating that “an indictment was unsealed today in Tampa, Florida, charging a Russian national, working on behalf of the Russian government and in conjunction with the Russian Federal Security Service (FSB), with allegedly orchestrating a years-long foreign malign influence campaign that used various U.S. political groups to sow discord, spread pro-Russian propaganda, and interfere in elections within the United States. As alleged in the indictment, from at least December 2014 until March 2022, Aleksandr Viktorovich Ionov, a resident of Moscow, together with at least three Russian officials, engaged in a years-long foreign malign influence campaign targeting the United States. Ionov is the founder and president of the Anti-Globalization Movement of Russia (AGMR), an organization headquartered in Moscow and funded by the Russian government. Ionov utilized AGMR to carry out Russia’s influence campaign. “Ionov allegedly orchestrated a brazen influence campaign, turning U.S. political groups and U.S. citizens into instruments of the Russian government,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “The Department of Justice will not allow Russia to unlawfully sow division and spread misinformation inside the United States.” According to the indictment, Ionov — working under the supervision of the FSB and with the Russian government’s support — recruited political groups within the United States, including U.S. Political Group 1 in Florida, U.S. Political Group 2 in Georgia, and U.S. Political Group 3 in California, and exercised direction or control over them on behalf of the FSB. Specifically, Ionov provided financial support to these groups, directed them to publish pro-Russian propaganda, coordinated and funded direct action by these groups within the United States intended to further Russian interests, and coordinated coverage of this activity in Russian media outlets. Ionov also relayed detailed information about this influence campaign to three FSB officials.” You can access the indictment here.

73. Video: Northrop Grumman NGP Spy Satellites

On July 29th, Northrop Grumman shared a video for their two new Next Generation Overhead Persistent Infrared Polar (NGP) satellites. As per the description “the two NGP satellites, operating in highly elliptical orbits, will include infrared sensors to detect and track ballistic and hypersonic missiles; an enhanced communication system that will transmit mission data to the ground, allowing decision makers to identify infrared heat signatures of incoming threats; and resiliency features that reduce vulnerabilities to counter-space and cyberattacks.”

74. How Russia Spread a Secret Web of Agents Across Ukraine

The Voice of America (VOA) published this article based on a Reuters investigation. Quoting, “a Reuters investigation has found that Russia’s success at Chernobyl was no accident, but part of a long-standing Kremlin operation to infiltrate the Ukrainian state with secret agents. Five people with knowledge of the Kremlin’s preparations said war planners around President Vladimir Putin believed that, aided by these agents, Russia would require only a small military force and a few days to force Ukrainian President Volodymyr Zelenskyy’s administration to quit, flee or capitulate. Through interviews with dozens of officials in Russia and Ukraine and a review of Ukrainian court documents and statements to investigators, related to a probe into the conduct of people who worked at Chernobyl, Reuters has established that this infiltration reached far deeper than has been publicly acknowledged. The officials interviewed include people inside Russia who were briefed on Moscow’s invasion planning and Ukrainian investigators tasked with tracking down spies. “Apart from the external enemy, we unfortunately have an internal enemy, and this enemy is no less dangerous,” the secretary of Ukraine’s National Security and Defense Council, Oleksiy Danilov, said in an interview. At the time of the invasion, Danilov said, Russia had agents in the Ukrainian defense, security and law enforcement sectors. He declined to give names but said such traitors needed to be “neutralized” at all costs.”

75. North Korean Cyber Operation Targeting Cryptocurrency in South Korea

The Shadow Chaser Group of the GcowSec team discovered and disclosed technical indicators of a fake recruitment cyber operation attributed to an actor dubbed as LAZARUS, who has been previously associated with the intelligence services of North Korea. The operation, targeting South Korea, was impersonating a job opportunity at the Anchorage Digital cryptocurrency management platform. If opened, it was covertly installing a cyber espionage software implant. In the past, N. Korean operators had been using cryptocurrency acquisition cyber operations to fund government projects by evading the imposed economic sanction controls.

76. US House Intelligence Committee Open Hearing on Commercial Cyber Surveillance

On July 27th, the US House Permanent Select Committee on Intelligence published the unclassified part of a session for the “open hearing on commercial cyber surveillance.” You can find the recording here.

77. Podcast: Interview with Former CIA Officer, Jason L.

On July 29th, Grey Dynamics started a new podcast series and here you can find the first episode. As per the description, “we have a very illustrious guest, Jason L. Jason served as a Marine for 12 years. After that, he joined the Nuclear Security Industry. And from there on out, he was recruited by the CIA. Today he has a different role in the Intelligence Community (IC).”

78. German Counter-Intelligence Reports Increased Espionage Activity from Turkish Spies

The German newspaper Welt reported on Friday that “the Federal Public Prosecutor General has already initiated eight preliminary investigations on suspicion of secret service agent activity in accordance with Section 99 of the Criminal Code (as of July 19)” and continues that “Turkey is still one of the countries whose espionage activities concern the federal prosecutor the most. In the past year, seven espionage proceedings — and thus almost one in three — were opened against suspected Turkish agents. In 2022, investigations into suspected work for a Turkish secret service were launched in one case.” The article also notes that “according to the Federal Government’s response, Turkey is also making frequent use of the opportunity to request search warrants via the international investigative authority Interpol. In total, the Federal Criminal Police Office (BKA) submitted 1,227 Interpol search requests in the current year. Of these, 203 requests and thus more than 15 percent came from Turkey.”

79. Appointment of New Technical Director in the French DGSE

Intelligence Online reported that the French DGSE appointed Frédéric Valette as its Technical Director. Quoting the news story, “until now at the head of the technical direction of the DGSI, the general engineer of the armament Frédéric Valette should take over at the DGSE from Patrick Pailloux.”

80. Spanish Spy Agencies Unite Under the Joint Cyberspace Command

As it was announced this week, “both organisations, the National Cryptologic Centre and the Joint Cyberspace Command, have decided to join forces to jointly celebrate their great annual conferences.” This is an effort to allow the Spanish intelligence community to “promote a “single cybershield for Spain”.”

81. Palace Dog: The Secret War

On Saturday, Wes Martin of Grey Dynamics published this article covering PALACE DOG, “a shadowy and deadly US-led operation to fight the Laotian “Secret War”. The Geneva Accords, 1962, established Laos as a neutral country in Southeast Asia. However, North Vietnamese troops were still occupying parts of the country. As the saying goes, “the enemy of my enemy is my friend”, and soon Laos was seeking the covert aid of the United States to get North Vietnam out of Laotian territory. The North Vietnamese held the claim that no troops were within the borders of Laos. The United States saw the Laotian government as an ally in a “containment” zone.”

82. Investigation Indicates that Russian FSB Infiltration of German Power Grid

German investigative reporters published a story on July 28th stating that “it was a wide-ranging espionage operation in which more than 150 companies were to be hacked in Germany alone — especially in the sector of ​​so-called critical infrastructure. Specifically, the hackers wanted to gather intelligence on the electricity and water supply. According to information from BR and WDR , the Baden-Württemberg State Criminal Police Office has managed to identify one of the alleged perpetrators after years of investigation.”

83. Argentinian AFI Comments on Leaked Mossad Report

Argentina’s spy agency, the AFI, said this week via its Chief, Agustín Rossi that “we must be very cautious” over the report published by the New York Times (see week 29 story #68). AFI also highlights that “the information contradicts what was concluded by the Argentine Justice on the attack on the Jewish mutual in regard to a local connection and the Iranian collaboration in the organisation of the attack” and it continues that “Rossi stated that the investigation “has to follow the judicial path. Surely, the judge and the prosecutor will ask Israel for the evidence that they could contribute to these cases . If Israel sends the information, the justice system will have to determine if this information has judicial validity,” he said, saying he was not against “any other extra information other than what is known in the media.” “I prefer not to make any assumptions because it is also a very sensitive issue,” he added.”

84. CIA Covert Action: Was Operation SUCCESS a Success?

On July 27th, Nicholas Fullick of Grey Dynamics published this story saying that “in the Cold War, the US attempted to curb any Communist government in its sphere of Influence. In doing so, the CIA gained an important role in developing techniques that would maintain the US’ image while simultaneously meeting its aims. The CIA used covert actions as their technique of choice. The covert part reflects plausible deniability. Although, as we come to find out, deniability is rarely plausible and often undeniable. Thus was born Operation Success, the CIA’s operations in Guatemala. The CIA saw the operation as a victory as it succeeded in its goals. But as the story unfolds, we see that various factors outside the CIA’s specific control led to it being a success. These factors include the lack of secrecy hat spread of fear among officers, psychological operations, and sheer luck. Operation SUCCESS would lead the US to believe that their covert action tactics were effective at removing nefarious governments. This was a grave mistake as the CIA would repeat the tactic 10 years later at the Bay of Pigs.”

85. Turkish MİT Assassinated PKK Member in Syria

On Saturday it was reported that the Turkish National Intelligence Organisation (MİT) assassinated Nüsret Tebiş in the city of Al-Hasakah, Syria. He was a PKK member (classified as a terrorist organisation in Turkey) and was wanted for being one of the “perpetrators of the PKK’s bombing action in Istanbul/Güngören on July 27, 2008, which resulted in the death of 18 citizens and the injury of 154 citizens.”

86. Ukrainian Intelligence Reports FSB’s Increased Counter-Intelligence Measures in the Border Regions

According to Ukraine’s military intelligence, “Russia’s Federal Security Service (FSB) is intensifying counterintelligence measures in the areas bordering Ukraine in the Chernihiv and Sumy regions.”

87. Global Hawk Spy Drone Retirement Points to RQ-180 as a Replacement Candidate for the US Air Force

Joseph Trevithick of the Warzone published an article stating that “the U.S. Air Force is planning to retire its remaining RQ-4 Global Hawk high-altitude, long-endurance drones by the end of the 2027 Fiscal Year. The service says it has become clear that the RQ-4s would be overly vulnerable in any future conflict against a peer or near-peer adversary, but it’s not clear what aircraft (or other assets) might fill the resulting capability gap. This only adds to the growing evidence that a top-secret, high-flying, stealth spy drone, commonly referred to as the RQ-180, or variants or derivatives thereof, is getting close to entering service, if it isn’t already being employed operationally on some level.”

88. Khost: An Al-Qaeda victory against the CIA?

Bobby Payne of Grey Dynamics published this article saying that “on the 30th of December 2009, the Central Intelligence Agency (CIA) suffered its darkest day in the Global War on Terror (GWOT). However, the CIA’s darkest day would turn out to be Al-Qaeda’s (AQ) greatest success against its mortal enemy. AQ’s attack at the US military’s forward operating base (FOB) in Khost, claimed the lives of seven CIA officers and one Jordanian officer. The 1983 attack on the US embassy in Beirut is the only attack which has killed more US intelligence officers. A group of Al-Qaeda fighters did not carry out this attack in a firefight with US personnel at Khost’s FOB, but a single man perpetrated it: Humam al-Balawi. The fact that such an attack was possible has raised several concerns, such as how could a man with known ties to AQ could gain unchecked access to Camp Chapman in Khost? Was it operational security (OPSEC) failure on the US and Jordanian sides? Or was it a masterstroke from AQ? However, al-Balawi and AQ inflicted devastating losses on the CIA.”