SPY NEWS: 2022 — Week 4

Summary of the espionage-related news stories for the Week 4 (24–31 January) of 2022.

9 min readFeb 3, 2022

1. China Unicom Banned in the U.S. Over Espionage Concerns

The U.S. Federal Communications Commission (FCC) announced that they unanimously voted to revoke the authorisation of China Unicom to operate in the United States. The company was given 60 days to cease all operations in the United States. China Unicom told the BBC that its U.S. business “has a good record of complying with relevant U.S. laws and regulations and providing telecommunication services and solutions as a reliable partner of its customers in the past two decades.”

2. Security Researchers Uncover Mossad Fake Website to Recruit Iranian Spies

On Monday, January 24, security researchers reported a series of fake recruitment websites (the most prominent being “VIP Human Solutions”) looking for Hezbollah and Iranian military/intelligence experts to hire as consultants. According to the reporters, those websites, which were advertised in various Farsi and Arabic-speaking online communities, as well as using services like Google Ads, were covertly operated by Mossad to identify and recruit agents. Currently, there has been no technical analysis or released evidence that support the attribution claims.

3. CIA “Violet” Black Site in Lithuania is Put For Sale

On the 24th of January Lithuanian government announced that a site outside Vilnius known as “Project No 2” will be put for sale soon. This building was previously used by the CIA for extraordinary rendition operations and it was known in the Agency as “Detention Site Violet”. It was part of a complex of “black sites” the Agency was operating around the globe which became known due to the controversial Enhanced Interrogation Techniques (EIT) program that was taking place in those locations.

4. Researcher States that German Federal Telecommunications Service (BST) is a Front for the German Intelligence Agency (BND)

On January 24, German researcher Lilith Wittmann published a detailed article using various investigative techniques to prove that the German Federal Telecommunications Service (Bundesservice Telekommunikation (BST)) is a front of the German Federal Intelligence Service (BND). Among others, L. Wittmann shipped packages with hidden Apple AirTag trackers to BST’s addresses to identify the physical location of the buildings.

5. Highly-Targeted Russian GRU Cyber-Espionage Operation Against Western Asia Officials

On January 25th, cyber-security firm Trellix (the company after the merge of McAfee Enterprise and FireEye) released a threat research on a cyber-espionage operation that was running at least since June 18, 2021 and was targeting high-ranking government and military officials in Western Asia. The analysis concludes, with moderate level of confidence, that the operation was executed by a nation-state actor dubbed as “APT28”, which is associated with Russia’s Military Intelligence agency (GRU).

6. French National Benjamin Brière Sentenced to 8 Years in Prison in Iran for Espionage Charges

The trial of French national Benjamin Brière, 36, ended with a verdict of 8 years in prison with additional 8 months for propaganda charges. B. Brière is currently held in the Vakilabad prison in the eastern city of Mashhad, Iran.

7. Head of U.S. ODNI States that the Classification System is “Broken”

The Wall Street Journal published a news story featuring the Head of U.S. Office of the Director of National Intelligence (ODNI), Avril Heines, who sent a letter to two Senators, Jerry Moran (R., Kan.) and Ron Wyden (D., Ore.) reporting major issues with the U.S. intelligence community’s (IC) classification system. The report raised concerns due to over-classification in the IC, continuously increasing backlog of declassification and reclassification requests, and other identified issues with the classification processes.

8. BfV Reports Chinese Cyber-Espionage Operation Targeting German Pharmaceuticals and Technology Companies

On January 26th the Federal Office for the Protection of the Constitution (BfV) of Germany announced the disruption of a cyber-espionage operation aiming to penetrate customers’ and service providers’ networks to infiltrate several companies at once. The companies were from the pharmaceuticals and technology industries and the operation was attributed to a nation-state actor dubbed as “APT27”. This actor has been previously associated with Chinese nation-state intelligence agencies.

9. Pakistani FIA Disrupts Iranian Spy Network in Karachi

On January 28th, SM Ali Abbas Bukhari, co-founder and managing editor of Global Defense Insight, tweeted about a Pakistani counter-intelligence operation executed by Pakistan’s Federal Investigation Agency (FIA) which led to the arrest of an Iranian espionage network with 13 people in Karachi, Pakistan. The reporter states the arrested suspects were from a Swiss money exchange company.

10. Germany Expelled SVR Officer Operating Under Diplomatic Cover in Munich

Der Spiegel and Reuters reported that shortly after the detention of the Russian recruited agent Ilnur N. in the summer of 2021, a Russian Foreign Intelligence Service (SVR) officer was expelled from the Russian Consulate of Munich. The expelled SVR officer was the handler Ilnur N. whose charges were announced on Thursday, January 27. Ilnur N. was an Augsburg University researcher who is accused of espionage acts of passing information about Europe’s Ariane space launch vehicle to his SVR handler.

11. Finnish Diplomats Under Surveillance with Pegasus by Unidentified Nation-State Actor

On Friday, January 28th, Matti Parviaine, Director of Data Security of Finland’s Ministry of Foreign Affairs publicly stated that for months they were investigating cyber-espionage activities against Finnish diplomats deployed abroad who were targeted by an unnamed nation-state using Pegasus software implant on their mobile phones. Pegasus is developed and sold by the Israeli NSO Group. M. Parviaine gave no details on the number, location, or other information on the diplomats whose phones were compromised.

12. OSINT Report on the Russia’s GRU Information Operations Websites

On January 27th the French OpenFacto released an Open-Source Intelligence (OSINT) research on the galaxy of Information Operations (IO) websites the Russian intelligence community, and mainly the Military Intelligence agency (GRU), are operating. The article was accompanied with a 20-pages long report analysing the subject.

13. State Department Report on the Role of RT and Sputnik in Information Operations

The Global Engagement Centre of the U.S. State Department published a 33-pages long report titled “Kremlin-Funded Media: RT and Sputnik’s Role in Russia’s Disinformation and Propaganda Ecosystem” describing how Russian government utilises those state-funded media outlets to support in their Influence/Information Operations (IO).

14. Former Military Officer Claims CIA Knew About Alleged 2020 Venezuela Coup Plot

On January 31st, Joseph Fitsanakis of Intel News published a summary of the latest developments in the 2020 coup plot involving retired Venezuelan Bolivarian Army’s Major General Clíver Alcalá Cordones who used retired U.S. military contractors from Silvercorp USA to, allegedly, execute the “Enfrentamiento en El Junquito” (“El Junquito Raid”) which was part of what he is referring to as “Operación GEDEÓN”, a coup operation against President Nicolás Maduro in Venezuela. In the latest developments, his lawyers claim that this was a U.S. government-backed covert operation with the support of former Secretary of State Mike Pompeo, the CIA station in Colombia, and other U.S. government officials. No evidence has been provided to support those claims yet.

15. OSINT-Discovered ELINT/SIGINT Flights

This is a brief summary of ELINT/SIGINT flights identified by aviation enthusiasts during this week:

24JAN2022: Summary of ISR flights over the Ukraine-Russia border. Source
24JAN2022: U.S. Army Challenger 650 ARTEMIS (N/A reg. number, callsign: CL60) flight to the Black Sea around the Russian border. Source
24JAN2022: U.S. Air Force RC-135W Rivet Joint (62–4134, callsign JAKE11) flight from RAF Mildenhall, UK to Kaliningrad. Source
25JAN2022: Summary of ISR flights over the Ukraine-Russia border. Source
25JAN2022: U.S. Air Force Boeing RC-135V River Joint (64–14843, callsign N/A) flight from Kadena Air Base in Okinawa to over the Philippines Sea. Source
25JAN2022: U.S. Army Challenger 650 ARTEMIS (N/A reg. number, callsign: CL60) flight to the Black Sea around the Russian border. Source
25JAN2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7207) flight from RAF Waddington to Black Sea at the Russian border. Source
25JAN2022: U.S. Air Force Boeing RC-135W River Joint (62–4125. callsign PYTHN52) flight from Al Udeid Air Base, Qatar towards Iraq. Source
25JAN2022: Qatar Armed Forces Bayraktar TB2 (likely QA605, callsign N/A) flight on the western edge of Al-Shamal municipality. Source
25JAN2022: (Probably) U.S. Army MQ-1C Gray Eagle (11–00195, callsign N/A) from Fort Huachuca on flight over the Arizona. Source
25JAN2022: General Atomics MQ-9B SkyGuardian (N190TC, callsign N/A) together with Unmanned Applications Institute International chase aircraft (N231EX, callsign N/A) flight from Grand Sky UAS Park near Grand Forks, North Dakota. Source
26JAN2022: Summary of ISR flights over the Ukraine-Russia border. Source
26JAN2022: U.S. Air Force Boeing RC-135V River Joint (64–14843, callsign N/A) flight from Kadena Air Base in Okinawa to over the Philippines Sea. Source
26JAN2022: U.S. Air Force RC-135W Rivet Joint (62–4134, callsign JAKE11) flight from RAF Mildenhall, UK to Ukraine-Russia border. Source
26JAN2022: U.S. Army Challenger 650 ARTEMIS (N/A reg. number, callsign: CL60) flight from Mihail Kogălniceanu Air Base in Constanța, Romania to the Black Sea, close to the Russian border. Source
26JAN2022: U.S. Air Force Boeing RC-135V River Joint (63–9792, callsign HOMER31) flight from Crete, Greece to Black Sea around the Russian border. Source
26JAN2022: U.S. Air Force RQ-4A Global Hawk (42015, callsign FORTE12) flight over Ukraine-Russia borders. Source
27JAN2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102003, callsign SVF623) flight over the Gulf of Gdansk and Kaliningrad. Source
27JAN2022: Summary of ISR flights over the Ukraine-Russian border. Source
27JAN2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7208) flight from RAF Waddington to Ukraine (borders with Russia and Black Sea). Source
27JAN2022: U.S. Army Challenger 650 ARTEMIS (N/A reg. number, callsign: CL60) flight to Poland around Kaliningrad. Source
27JAN2022: U.S. Air Force Boeing E-8C JSTARS (95–0121, callsign N/A) flight to the Black Sea. Source
27JAN2022: U.S. Navy EP-3E Orion (16–1410, callsign MN806) flight over the Strait of Hormuz and the Persian Gulf. Source1 Source2
28JAN2022: Summary of ISR flights over the Ukraine-Russian border. Source
28JAN2022: U.S. Air Force Boeing RC-135V Rivet joint (64–14844, callsign LEGIT44) flight from Lincoln Airport, Nebraska to the Caribbean Sea close to the Colombia-Venezuela North borders. Source
28JAN2022: U.S. Air Force Boeing RC-135V River Joint (63–9792, callsign HOMER51) flight from Crete, Greece to Black Sea around the Russian border. Source
28JAN2022: U.S. Air Force Boeing RC-135V River Joint (63–9792, callsign HOMER51) flight from Crete, Greece to Ukraine-Russia borders together with a U.S. Air Force RQ-4A Global Hawk (42015, callsign FORTE12). Source
28JAN2022: U.S. Air Force RC-135W Rivet Joint (62–4134, callsign JAKE11) flight from RAF Mildenhall, UK to Kaliningrad. Source
28JAN2022: U.S. Air Force Boeing RC-135V Stratotanker (64–14843, callsign HAWG23) flight over the South/North Korea borders. Source
28JAN2022: British Army Thales Watchkeeper WK049 (43C887, callsign POINTR49) training flight from RAF Akrotiri, Cyprus. Source
28JAN2022: Two U.S. government General Atomics UAVs, an MQ-9 Reaper UAVs (N341HK, callsign UAV12) and an MQ-20 Avenger (N901PC, callsign UAV11) took off from U.S. Government El Mirage Field Airport, and accompanied by Chalk 2 Inc. Cessna 210 Centurion (N732JZ, callsign N/A) chase plane near Edwards Air Force Base in California. Source
29JAN2022: Summary of ISR flights over the Ukraine-Russian border. Source
29JAN2022: U.S. Air Force Boeing RC-135V River Joint (63–9792, callsign HOMER61) flight from Crete, Greece to Black Sea around the Russian border. Source
29JAN2022: U.S. Air Force Boeing E-8C JSTARS (95–0121, callsign REDEYE6) flight close to Ukraine-Russia borders. Source
30JAN2022: Summary of ISR flights over the Ukraine-Russian border. Source
30JAN2022: U.S. Army Challenger 650 ARTEMIS (N/A reg. number, callsign: CL60) flight from Mihail Kogălniceanu Air Base in Constanța, Romania to the Black Sea, close to the Russian border. Source
30JAN2022: U.S. Air Force Boeing RC-135V River Joint (63–9792, callsign HOMER71) flight from Crete, Greece to Black Sea around the Russian border. Source
30JAN2022: Israeli Air Force Gulfstream V G550 CAEW Nachshon-Aitam (569, callsign N/A) flight over the West Bank as part of the 122nd Squadron (Nahshon Squadron). Source
30JAN2022: Israeli Air Force 676 Gulfstream V G550 SIGINT Nachshon-Shavit (676, callsign N/A) flight over the West Bank as part of the 122nd Squadron (Nahshon Squadron). Source
30JAN2022: Israeli Air Force Gulfstream V G550 CAEW Nachshon-Oron (452, callsign N/A) flight over the West Bank as part of the 122nd Squadron (Nahshon Squadron). Source
30JAN2022: Israeli Air Force Boeing 707–3W6C Re’em (290, callsign N/A) flight over the West Bank as part of the 122nd Squadron (Nahshon Squadron). Source
30JAN2022: Israeli Air Force Raytheon B200T Zufit 5 (848, callsign N/A) flight over the West Bank as part of the 122nd Squadron (Nahshon Squadron). Source
30JAN2022: U.S. Navy Lockheed EP-3 ARIES II (157316, callsign RUMHAM16) flight over South China Sea, close to Hong Kong. Source
31JAN2022: Summary of U.S., Swedish, British ISR flights over Ukraine-Russia borders and Kaliningrad. Source
31JAN2022: U.S. Navy Lockheed EP-3 ARIES II (157316, callsign JOEBRR09) flight over Manila, Philippines. Source