Open in app

Sign in

Write

Sign in

SPY NEWS: 2022 — Week 8

Summary of the espionage-related news stories for the Week 8 (21–27 February) of 2022.

The Spy Collection
40 min readFeb 27, 2022

1. New Details on the Lebanese Journalist Spying for Israel

Last week (story #30) we reported on Lebanon’s disruption of an Israeli spy network, including a journalist who was getting paid to publish news articles promoting Israel’s foreign policy positions. New information became available this week identifying the suspect as Mohammed Shoaib, journalist of the “al-Manar” television network. He stated that he was recruited through an online advertisement of a company that “offered him a monthly salary in exchange for writing a number of articles a month.” Quickly after that, the suspect was contacted by an Israeli national identified as “Tom” who asked him “to report on political issues.” The news article concludes that “Tom not only specified the titles and political topics of the articles for Shoaib, but also asked the Lebanese journalist to publish his pieces on a number of websites, including Alkalima online and Lebanon 24.”

2. China’s PLA-N Used Laser Against Australian Spy Plane

Australian Department of Defence issued a press report claiming that one of its Boeing P-8A Poseidon airplanes, an airplane used for naval/maritime intelligence collection, “detected a laser illuminating the aircraft while in flight over Australia’s northern approaches.” The Australian report continued that the “laser was detected as emanating from a People’s Liberation Army — Navy (PLA-N) vessel” and this constitutes a “serious safety incident.”

3. The “Suisse Secrets” Revelations for Several Senior Spies

The Organised Crime and Corruption Reporting Project (OCCRP) published a series of investigative articles dubbed as “Suisse Secrets” based on leaked confidential documents from the Switzerland-based Credit Suisse financial institution. Among them, it’s also the “Bank of Spies: Credit Suisse Catered to Global Intelligence Figures” which shows how (at least) 15 intelligence figures, including directors of state intelligence agencies, had accounts on Credit Suisse. The article summarises this investigation as: “during the War on Terror, international strategy relied on intelligence officials from regimes accused of corruption and torture. Several of these spies and their families held large sums at Credit Suisse.”

4. Montenegro’s Yugoslav-Era Spy Agency Archives Still Classified

Samir Kajosevic of the Balkan Insight reported that unlike other former Yugoslavian and, even Soviet Union, countries having declassified their communist-era intelligence agencies’ archives, Montenegro is still refusing to do so for its Yugoslavian State Security Service (UDBA) archives. The article states that there has been pressure by activists, journalists, and even demands by the European Union to open the archives. In 2020 Montenegro passed a law “to weed out officials guilty of past human rights violations” and the report claims this could be related to the still classified archives of UDBA.

5. China’s Supply-Chain Cyber-Espionage in Taiwan’s Financial Sector

On Monday, Feb. 21st, the Taiwanese Aoyi Wisdom team of the CyCraft cyber-security firm uncovered an advanced cyber-espionage operation active since November 2021 and targeting nearly 80% of all Taiwanese financial organisations. The Chinese state cyber operators had compromised a software used by almost all organisations targeted in Taiwan and used it as an entry point. The software wasn’t named in the report since there is an ongoing criminal investigation. They used this software to infiltrate their targets’ networks while at the same time disguising the intrusion method by performing unrelated low-sophistication infiltration attempts.

6. Turkey-Cameroon Joint Intelligence Operations Agreement

Levent Kenez of the Nordic Monitor published details (including the original document) of a security agreement between Cameroon and Turkey for a variety of joint security operations, including operations targeting Turkish dissidents in Cameroon, expansion of intelligence sharing between the two countries, and counter-terrorism operations. As per the news article this “brings the possibility of new abductions or illegal deportations of Turkish citizens to the agenda since the Erdoğan government continuously calls political opponents “terrorists.”

7. Head of Russia’s SVR Accuses US of Information Operations

Sergei Naryshkin, the Director of Russia’s Foreign Intelligence Service (SVR) stated this Monday to Russian President Vladimir Putin that the “Western accusations that Russia plans to attack Ukraine are war propaganda cooked up in the U.S. State Department” and that “these accusations were designed to provoke Ukraine into taking military action.” That statement was published 3 days prior to the attack of Russian military troops in Ukraine.

8. Iraqi Intelligence Prevented “Regional War” According to PM

According Shafaq News, this Monday Prime Minister of Iraq, and former chief of the Iraqi National Intelligence Service (INIS), Mustafa al-Kadhimi, stated that “Intelligence agents worked, under the former and current governments, to converge the views between rival and avert the specter of regional war, it succeeded in many initiatives. Some of which took place inside this institution. Those initiatives achieved convergence between contesting parties and contributed to creating a regional integration in the security, political, and economic arena.”

9. Veteran Northrop Engineer Talks About “Tacit Blue” Spy Plane

Brett Tingley and Tyler Rogoway of the Warzone published an article about a 1970s DARPA top secret spy airplane project known as “Northrop Tacit Blue.” It was a concept design for a “low-observable stealth surveillance aircraft with a low-probability-of-intercept radar (LPIR)” and the article features retired Northrop Aerospace Engineer Don Murray, who played a key role in the development of Tacit Blue.

10. Pakistani FIA Uncovered Iranian Intelligence Money Launderers

Based on Zarak Khan’s article in Al-Mashareq, Pakistan’s Federal Investigation Agency (FIA) arrested 9 senior employees of the House Building Finance Corporation in Karachi, Pakistan. That is a financial subsidiary of the State Bank of Pakistan. An employee of the Balochistan government in Quetta was arrested too. According to the report, they were using hawala and hundi to fund Iranian-backed intelligence operatives. A Pakistani official said “The people arrested were working for an Iranian intelligence agency and were involved in sending funds and remittances through a currency exchange firm to its networks operating in Pakistan and elsewhere.”

11. New Details on the Iranian (IRGC) Spy Ring Disrupted in Turkey

In week 6 (story #44) we reported about the disruption of an Iranian assassination plot jointly by Turkey’s National Intelligence Organisation (MİT) and Israel’s Mossad. New details show that apart from the plot to assassinate Israeli-Turkish businessman Yair Geller, the network carried out tactical reconnaissance in order to kidnap an Iranian dissident living in Turkey, computer software developer and economist Shahnam Golshani. The spy network was split to two cells, one for covert surveillance and one for action (assassination/kidnapping). The first was headed by Iranian Yasin Taheremamkendi who also conducted covert surveillance on Golshani. The Israeli businessman was surveilled by another spy, Osman Çolak, and the collected intelligence was sent to Nihat Biçer. The second cell, responsible for the kidnapping and assassination, was led by İhsan Sağlam, owner of “By Sağlam Savunma Sanay”. For the kidnapping of Golshani the second cell’s leader, Sanay, received $100,000 by Sayed Mehdi Hossaini. The latter (Hossaini) was a direct report of Ali Ghahramaniajabad, head of the entire operation and a formal member of Iran’s Islamic Revolutionary Guard Corps (IRGC). Those top leaders of the network escaped arrest.

12. Podcast: Crypto AG, Part 2: The Death of Bo Jr.

Following last week’s part one (story #25), this week Cyber Reason cyber-security firm published the second part of the Crypto AG CIA-BND clandestine operation in Switzerland (1952–2018). This episode is titled “The Death of Bo Jr.” and it’s part of the “Malicious Life” podcast series. The episode is about the death of Bo Jr., Crypto AG founder’s son, who did not approve the clandestine operation once he became aware of it.

13. Yemen’s Military Intelligence Reveals Saudi-Led Mercenary Unit

Emad Almarshahi of the Hodhod Yemen News Agency reported that “Yemeni Military Intelligence Agency revealed an agreement between the leadership of the Saudi forces and Saudi-mercenaries to form a new militia unit named the “Happy Yemen Forces” at the end of 2021.” The 11-pages long agreement included four topics: 1) The unit reports only to Mutlaq bin Salem Al-Azima, Commander of the Joint Forces of Saudi Arabia 2) Mission is “preserving, stabilising, and securing the borders and ensuring the security of the Kingdom” 3) Obligation to cooperate with Saudi forces and reduce any security threats to Saudi Arabia 4) Rewards offered to the mercenaries and their families by the Saudi government including free education, health insurance and support, etc.

14. NSA’s National Cryptologic Museum Presentation of 1938 PURPLE

The United States National Cryptologic Museum (NCM) of the National Security Agency (NSA) announced the release of a new historical article on PURPLE. A Japanese diplomatic communications encryption machine from 1938 that the predecessor of the NSA, the Signal Intelligence Service (SIS), managed to break and had codenamed it as PURPLE.

15. Mongolia’s GIA Arrests Journalist on Espionage Charges

The General Intelligence Agency (GIA) of Mongolia did a press conference for the arrest of journalist, human rights activist, and Member of the Southern Mongolian Congress, Ch. Munkhbayar. The video of his arrest was also released, and according to GIA he is charged under Article 19.4 (Illegal Cooperation with Foreign Intelligence Agencies) with a potential prison term of 8–15 years. The GID spokesman stated that “he agreed to cooperate with a foreign intelligence service.” The charges are for the theft, collection, storage and transfer of information, documents and items related to state secrets with the intention to transfer them to a foreign intelligence agency.

16. 60 Minutes: Episode on the CIA Uncovered “Havana Syndrome”

On February 21st, the popular American television program “60 Minutes” published a 28-minutes long video on the, so-called, “Havana Syndrome” from which several United States Central Intelligence Agency (CIA) officials have been suffering, and the CIA is still investigating to find the root cause.

17. Bahrain Senior Official Discloses Cooperation with Mossad

At the Munich Security Conference, Sheikh Abdullah bin Ahmed Al Khalifa, undersecretary at Bahrain’s Ministry of Foreign Affairs stated that “There is intelligence cooperation between Bahrain and Israel. Mossad is in Bahrain and they’re present in the region. If this security cooperation between Bahrain and Israel would mean providing more stability and security, so be it, if it would mean saving the lives of innocent civilians.”

18. UK Parliament Setting Up Counter-Intelligence Agency

Following week 2 (story #15) MI5 warning of a Chinese penetration in the British Parliament, Intelligence Online reported this week that after the concerns of foreign intelligence agencies penetrations as well as foreign influence activities, a dedicated counter-intelligence agency named Security Intelligence & Risk Analysis Service (SIRAS) is getting set up to thwart this threat in the United Kingdom’s Parliament.

19. German National Charged with Selling Items Used in Chemical and Nuclear Weapons to Russian Intelligence

On Tuesday, February 22nd, Germany’s Federal Public Prosecutor filed charges against a German national identified as Alexander S. Since 2017 the suspect exported “dual purpose” (as in for both civilian and military use) chemicals to a front company operated by an unnamed Russian intelligence agency. The total worth of the chemicals was €1 million, but the same suspect is also accused of exporting restricted electronic devices worth €21,000 between September 2019 and November 2020 to a Russian institute dedicated to the development and manufacturing of nuclear weapons. The Federal Public Prosecutor stated that “the Russian company was part of a network run by a Russian secret service agency conspiring to hide the military purpose of the goods by disguising as a civilian entity.” The suspect was detained and arrested on May 2021 by customs officials in the city of Leipzig.

20. Interview with 34-year CIA Veteran Douglas London

The “Georgetown Security Studies Review” published a short interview of Douglas London, retired United States Central Intelligence Agency (CIA) officer about his book titled “The Recruiter: Spying and the Lost Art of American Intelligence.” Douglas London served with the CIA Directorate of Operations (DO) as a Senior Operations Officer, Chief of Station (COS), and Counterterrorism Chief for South and Southwest Asia.

21. South African SSA Disputes Allegations of Criminal Networks in the Agency

The State Security Agency (SSA) of South Africa issued a media statement in response to news about criminal networks inside South Africa’s main intelligence agency. The statement concludes that “there are no attempts to reaffirm some alleged “criminal networks” in the organization. If anything, a great deal of work is being undertaken in line with the recommendations of the High Level Review Panel on State Security to turn around the organization and focus it to achieve its Constitutional mandate.”

22. India’s Supreme Court Hearing on “Pegasus” Espionage

The Supreme Court of India postponed the hearing for the case of illegal use of “Pegasus” covert surveillance and infiltration solution (developed and sold by the Israeli NSO Group) by India’s authorities. The Investigative Committee that will present the case this Friday (25 Feb.) consists of cyber experts, including former law enforcement and intelligence officials from India.

23. Podcast: Hayden Center’s “Spies, Lies, and Algorithms”

The Hayden Center’s published an 1-hour long video based on Professor Amy B. Zegart’s book titled “Spies, Lies, and Algorithms: The History and Future of American Intelligence.” A. Zegart is an expert in U.S. intelligence and the podcast features Larry Pfeiffer, Director of the Hayden Center and very experience U.S. government intelligence professional, David Priess, former CIA Analyst and author, and Mark J. Rozell, Chair in Public Policy at the Schar School of Policy and Government of George Mason University.

24. Canadian Federal Court States that Chinese OCAO is Involved in Espionage on Behalf of China

Tom Blackwell published a story on February 23rd based on a Canadian Federal Court ruling for a citizenship case. In that ruling, the document mentions the following in relation to the Overseas Chinese Affairs Office (OCAO): “there were reasonable grounds to believe that OCAO had engaged in acts of espionage.” The article states that OCAO was operating under the direct guidance of the Chinese Communist Party (CCP) and although it is designed to “provide support to members of the Chinese diaspora” the article states that “ it gathers intelligence on and tries to influence people of Chinese descent in foreign countries.”

25. South African Police Minister Blames Intelligence Agency for Deliberately Withholding Reporting During 2021 Civil Unrest

Kamogelo Moichela of the Independent Online (IOL) published a story quoting Police Minister Bheki Cele. According to Cele the July 2021 South African civil unrest could have been prevented if the intelligence agency did not “deliberately withheld” reports that could have helped South African Police Service (SAPS). He also stated that “there is an issue in that division [intelligence]. There is several hundred million rand’s worth of equipment that has not been utilised. There is a law here that says the Minister of Police must request those gadgets (and to access them must consult the Minister of Justice). The Minister of Justice must consult the Minister of Defence and Communication before that equipment is used by the police and crime intelligence. It’s a big frustration for me. I’m told it can be used to crack social media and other things, but this administrative thing is blocking it.”

26. NGA Publishes Cold War Cuban Missile Crisis Historical Article

Due to the United States President’s Day, the National Geospatial-intelligence Agency (NGA) announced the publication of a small article related to the role of the, then President, John F. Kennedy and his influence at the NGA and its predecessor organisations. The article is the “JFK’s Legacy at NGA.

27. US Intelligence Reveals FSB Kill-list and the Fifth Service

On Tuesday, February 22nd, United States intelligence controlled disclosures revealed that the Russian Federal Security Service (FSB) has a “kill list” containing “names of senior Ukrainian politicians, Ukraine-based critics of the Russian and Belarusian governments, journalists and other activists.” This list is, reportedly, maintained by the Fifth Service of the FSB, also known as the “Service for Operational Information and International Communications” which is tasked with political action covert operations.

28. French DGSI Faces Internal Harassment and Violence Issues

On February 22nd, the French Mediapart published a story about a senior official in France’s General Directorate of Internal Security (DGSI) who filed a complaint against her supervisor in 2020 for “moral harassment” and “violence.” According to the report, the case was closed without any action or investigation, and now she proceeded with filing a civil complaint.

29. Espionage Charges for Moroccan Journalist for Spying for the UK

This Wednesday, Feb. 23rd, media shared that journalist Omar Radi (35) who was convicted on espionage and sexual assault charges in 2020, had his Casablanca Court of Appeal hearing. During that he confessed that in 2018 the British “G3” economic consultancy firm paid him to conduct research of their account on a Moroccan money transfer company (Cash Plus) because “the British sovereign fund seeks to enter into its capital.” He stated he used only official sources available to journalists and confirmed that he was in touch with Clive Newen, head of “G3” and active British intelligence officer. He also confessed that in 2020 he received another payment by the British “K2” economic consultancy firm which he described as providing consulting services as an economics expert. He was also questioned on communications he had in 2018 with diplomats, especially Cultural Attaché Arnold Simon of the Dutch Embassy in Rabat, Morocco, and other suspicious transactions. Amnesty International considers this a false accusation and also states how Radi was targeted with covert surveillance for years, including using “Pegasus” covert surveillance solution, by the authorities of Morocco due to his government critic and activist engagements.

30. US DIA Celebrates Digital Learning Day with the 2022 Curated List of Recommended Study Material

The United States Defence Intelligence Agency (DIA) announced the “DIA’s Bookshelf and Listening Library” to celebrate the Digital Learning Day. The 2022 list, and past recommendations, are available online at DIA’s website.

31. NSA Cyber-Espionage Operation Infiltrated 45 Countries

On February 23, the Chinese cyber-security firm “Pangu Labs” published a detailed technical analysis including a 56-pages long report, detailing an active cyber-espionage operation using a previously unknown covert surveillance solution they dubbed as “Bvp47.” The cyber-espionage operation has been active at least since 2013 and has been successfully used to infiltrate, reportedly, 287 organisations in 45 countries. The industries targeted are telecommunications, scientific/research institutions and universities, military, and economic development. The new cyber-espionage solution included the use of previously unknown exploits (so-called 0days) and innovative detection evasion techniques for Linux. The analysis concludes that this new cyber-espionage activity is attributed to an actor dubbed as “EQUATION GROUP” which has been previously associated with the United States National Security Agency’s (NSA) Tailored Access Operations (TAO), and Central Intelligence Agency’s (CIA) Centre for Cyber Intelligence (CCI).

32. US Space Force’s DARC Space Surveillance System

Brett Tingley of the Warzone published an article on a contract that the United States Space Force’s Space Systems Command (SSC) awarded to Northrop Grumman. The $341 million contract is about a Space Domain Awareness and it’s codenamed as Deep Space Advanced Radar Capability (DARC). The objective of this project is to improve Space Force’s identification, tracking, and monitoring of objects in orbit and part of its global Space Surveillance Network.

33. New “Pegasus” Covert Surveillance Targets Identified in Bahrain

The Citizen Lab of the University of Toronto uncovered three Bahraini individuals that were under covert surveillance through the “Pegasus” product (developed and sold by the Israeli NSO Group). Allegedly, the covert operation was conducted by the intelligence agency of Bahrain to monitor their activities. The three targets were: 1) Mohammed Al-Tajer, lawyer and human rights activist who was also under covert surveillance using “FinFisher” covert surveillance solution in 2011. 2) Dr. Sharifa Siwar, psychologist seeking asylum in the U.K. and who had revealed illegal activities involving government officials. 3) A Bahraini journalist that wanted to remain anonymous who has been covering the pro-Democracy movement in Bahrain.

34. New “Cyclops Blink” Russian GRU Cyber Attack Tool Revealed

On February 23rd, the U.K. National Cyber Security Center (NCSC), the U.S. Federal Bureau of Investigations (FBI), the U.S. Cybersecurity Infrastructure and Security Agency (CISA), and the U.S. National Security Agency (NSA) issued a joint intelligence report on a previously unknown cyber-attack tool dubbed as “Cyclops Blink.” You can find the reports here for NCSC, and here for the joint one. According to the intelligence reports, the new tool “appears to be a replacement framework for the VPNFilter malware exposed in 2018, and which exploited network devices, primarily small office/home office (SOHO) routers and network attached storage (NAS) devices” and has been active since 2019. The operators and developers of the tool are, reportedly, Russia’s military intelligence (GRU) Unit 74455, also known as GTsST (Main Centre for Special Technologies) which is dedicated to Computer Network Attack (CNA) operations (e.g. destructive cyber effects such as wiping systems, denial of service, etc.)

35. Dutch AIVD Publishes the Results and Solutions for the Christmas 2021 Challenge

Every year the Dutch General Intelligence and Security Service (AIVD) publishes a Christmas challenge, mainly relating to logic puzzles, cyber-security, and cryptology. The results of the participants as well as the solutions for the 2021 Christmas challenge are now public.

36. US Department of Justice Shuts Down China Counter-Espionage Program, and Starts the New “Big Four” Strategy

The United States Department of Justice (DoJ) 3-year counter-espionage program known as “China Initiative” was officially shut down. As reported on week 3 (story #21), media in China and the U.S. were discussing the failures of the “China Initiative” and this came as a follow up of those revelations. Assistant Attorney General for National Security, Matthew Olsen, announced the end of the project and also stated that “by grouping cases under the China Initiative rubric, we helped give rise to a harmful perception that the department applies a lower standard to investigate and prosecute criminal conduct related to that country or that we in some way view people with racial, ethnic or familial ties to China differently.” Olsen also announced that the new strategy against nation-state threats is focused on the “Big Four” — Russia, China, North Korea, and Iran. You can find the full DoJ video here.

37. Podcast: SpyScape — Sidney Riley, the “Ace of Spies”

SpyScape’s “True Spies” podcast series published a new 44-minutes long podcast on February 22nd titled “The Ace Of Spies: Sidney Riley spied for at least four great powers before he disappeared without a trace.” The podcast is about Russian-born Sidney Reilly (1873–1925) who, according to some experts, was the inspiration of Ian Fleming for the character of “James Bond.” He allegedly spied for four different nation-states and was a registered secret agent of Britain’s Foreign Section of the British Secret Service Bureau, the predecessor to the Secret Intelligence Service (SIS), better known as MI6.

38. New Cyber Attack Data-Wiping Capability Observed, Allegedly from Russian GRU

Several cyber-security firms reported a series of cyber attacks (meaning destructive cyber operations) against Ukraine right after the initiation of Russian troops movements inside Ukraine. After some network-based Distributed Denial of Service (DDoS) attacks, a never seen before cyber capability was detected erasing data from numerous organisations in Ukraine. Symantec’s Threat Intelligence reported that they discovered data-wiping attacks in Ukraine, Latvia, and Lithuania, and targets included finance and government contractors. Although there has been no formal attribution statement yet, Cyber Threat Intelligence (CTI) analysts see several similarities with past capabilities of the Russian military intelligence (GRU) Unit 74455, also known as GTsST (Main Centre for Special Technologies) which is dedicated to Computer Network Attack (CNA) operations (e.g. destructive cyber effects such as wiping systems, denial of service, etc.)

39. Israeli WiSpear Fined in Cyprus for Illegal Covert Surveillance

On Tuesday the Larnaca Criminal Court in Cyprus fined the Israeli covert surveillance firm WiSpear Systems Ltd with €76,000 for “42 charges, including illegal processing of personal data and illegal intervention in private communications.” The offences were committed in the period of 2018–2019 due to the use of a WiSpear covert surveillance and interception van in Cyprus illegally. The company is owned by Tal Dillian, former Israeli intelligence officer and well-known businessman in this industry.

40. NSA’s Cryptologic Museum: Introduction to Steganography

United States National Security Agency’s (NSA) National Cryptologic Museum (NCM) published a 20-minute video featuring NCM’s Director of Education, Jen Wilcox, providing an overview of steganography. The presentation was titled “Steganography: Hidden in History.”

41. News in the Argentinian Government Espionage Criminal Case

Since 2020 a complex espionage case is taking place in Lomas de Zamora, Argentina. Former President Mauricio Macri is accused of “ordering the surveillance of family members of 44 sailors who died in a 2017 navy submarine sinking.” The ARA San Juan (S-42) submarine. The latest development indicates that there might have been other illegal covert surveillance orders against politicians, journalists, trade union leaders, and more. This came after Prosecutor Franco Picardi worked on a series of cases indicating that the Federal Intelligence Agency’s (AGI) authorities expanded under Macri’s administration to enable those espionage executive orders.

42. New Iranian Cyber-Espionage Activity in Middle East

R. Tomcik, E. Haeghebaert, and T. Ahmed of Mandiant cyber-security firm, published a blog post for a previously unknown cyber-espionage operation attributed to the Iranian government. The analysis is based on an intrusion Mandiant investigated in November 2021 and it involved two new cyber-espionage tools developed by this Iranian actor. Mandiant codenamed those tools as GRAMDOOR and STARWHALE respectively. The initial access was via spear-phishing emails, and the report states that the targets were “Middle Eastern government and technology entities” with the intention of the actor being to “conduct surveillance and collect strategic information to support Iranian interests and decision-making.”

43. Romanian SRI Head Warns of Increased Espionage Activity

On February 22nd, the Head of the Romanian Intelligence Service (SRI), Eduard Hellvig, presented the latest threats to Romania at the SRI Commission. The Ukraine crisis was assessed to have 3 effects to Romania: 1) migration of people, 2) economic crisis, 3) cross-border crime. Hellvig also stated that “cyber attacks, espionage activities and those associated with the “fake news” phenomenon have intensified recently” and continued that “espionage actions carried out by the secret services hostile to Romania have increased, especially against the background of the deployment of some NATO troops on the Romanian territory.”

44. Norway Inspected Luxury Yacht of Former KGB Officer

The Norwegian Armed Forces Coast Guard inspected the Russian luxury yacht “Ragnar” in the Narvik harbour on February 24th. According to media reports the yacht is owned by former KGB Officer Vladimir Strzhalkovsky, personal friend of Russian President Vladimir Putin, and was observed near NATO military exercise areas. Some state that it might be even related with last month’s covert disruption of a Norwegian undersea cable. When media asked former intelligence chief in Norway, Ola Kaldager, to comment he stated that “this is something the Russians have been doing for years when there have been large, allied exercises in northern Norway” and continued that they are looking at “technical information, interception of radio communications, possibly if they are so lucky that they have contacts on land that can give them more information.” The next day it was announced that no irregularities were found in the inspection. The Norwegian Navy refused to comment.

45. Ukrainian SBU Headquarters Burning Classified Material

On February 24th, once Russian military forces started getting closer to the capital of Ukraine, Kiev and attacking key military facilities videos appeared on social media allegedly showing several Ukrainian Security Service (SBU) employees burning documents and other classified material near the headquarters of the SBU. This is a common practice for secure destruction of anything that could harm national security if it falls in the wrong hands.

46. US-Iran Spy Swap is Expected Soon as Talks are Finalised

As the United States-Iranian negotiations continue, last Saturday the Minister of Foreign Affairs of Iran, Hossein Amirabdollahian, stated that “the Islamic Republic is ready for an immediate prisoner exchange with the United States.” Both the U.S. and Iran have detained people on espionage charges and those are considered the most prominent candidates for the exchange.

47. Chinese Embassy in Estonia Lashes at Estonian EFIS 2022 Report

Right after the release of the 2022 intelligence report of the Estonian Foreign Intelligence Service (EFIS) we shared last week (story #6), the Chinese Embassy in Tallinn, Estonia condemned EFIS for the China-related assessments. The Chinese Embassy stated that its China-related content had “no factual basis at all” and that the entire report is “full of subjective assumptions, Cold War mentality and ideological prejudice.”

48. President Putin’s Live-Streamed Argument with SVR Spy Chief

During a live-streamed (televised) discussion of the Russian government on the Ukraine separatist regions, Russian President Vladimir Putin had an open argument with the Head of Russia’s Foreign Intelligence Service (SVR), Sergei Naryshkin, on next steps to resolve the situation. According to media reports “Putin bullied one of his top spy chiefs who looked nervous.” You can watch the argument with English subtitles here.

49. Podcast: Russian Spy Chiefs, Ukraine Hit Squads

This week’s SpyTalk podcast features Filip Kovacevic, University of San Francisco Researcher on Russian and Soviet Intelligence, presenting his analysis of “Vladimir Putin’s spy bosses” and Amy MacKinnon, Foreign Policy magazine correspondent, talks about “Russian plans for Ukraine roundups and assassinations with co-host Jeanne Meserve.” The episode is titled “Russian Spy Chiefs, Ukraine Hit Squads.”

50. Iranian Cyber Espionage Operation Targeting Turkish Entities

The Cyber Threat Intelligence (CTI) firm iZOOlogic published a blog post stating that they observed an active cyber espionage operation “targeting Turkish government institutions and private organisations.” The initial entry is achieved through spear-phishing emails using malicious documents disguised to look like documents of the “Turkish Health and Interior Ministries.” The researchers attributed the campaign to an actor dubbed as “MUDDY WATER” that has been officially associated with Iran’s Ministry of Intelligence (MOIS) by the U.S. Cyber Command.

51. Pakistani ISI Concerned with Protecting Chinese Investments in Balochistan

On February 23rd Intelligence Online reported that the Pakistani Inter-Services Intelligence (ISI) is struggling and trying to put more focus on the stability and security of Balochistan province due to major investment projects there by Chinese entities. ISI is concerned since recently the instability in the region has increased and ISI wasn’t successful in stopping those threats.

52. British MoD Gets £2.8 Million for “Bright Corvus” Spy Project

The U.K. government announced the availability £2.8 million to support the Ministry of Defence’s (MoD) “Bright Corvus” Project via the Defence and Security Accelerator (DASA). The competition opening is called “Advanced Radio Frequency Sensing, Integrated Effects and PNT” and the £2.8 million will be used to fund 15–20 proposals for “disruptive innovations that enhance our approach to delivering pervasive, resilient Intelligence, Surveillance and Reconnaissance (ISR) and agile effects, supported by Position, Navigation and Timing (PNT) as a Service (PNTaaS), into future Defence & Security Electromagnetic Spectrum (EMS) landscapes.”

53. New Podcast Series on “Secrets and Spies Podcast”

The “Secrets and Spies Podcast” uploaded 19 podcast episodes in their official YouTube channel. The episodes cover a wide variety of espionage subjects with several intelligence experts, mainly from the United States.

54. Chinese Cyber Espionage Targeting US Defence Industry

The threat research group Unit 42 of the Palo Alto Networks firm published a research on a previous unknown cyber-espionage operation targeting United States defence industry entities. The campaign used a previously unknown advanced cyber-espionage tool Unit 42 dubbed as “SockDetour” to infiltrate at least 3 U.S. based defence contractors from July 2021 and to this day. The operator has been previously associated with China’s intelligence agencies.

55. Greek NIS on “Orange” Threat Level due to Ukraine Conflict

According to media reports due to the Russia-Ukraine conflict, the National Intelligence Service (NIS) of Greece went in “orange” national threat level which includes extensive covert close and cyber surveillance of “persons of interest” (dubbed as “red targets”), doubling up the staff for shifts, enabling RF jammers on sensitive government sites, larger government protection detail and undercover patrolling operatives, as well as increased security controls for Embassies and diplomatic missions.

56. New SIGINT Blog by Former GCHQ Departmental Historian

Starting on February 22nd, Tony Comer, former Departmental Historian of Britain’s Government Communications Headquarters (GCHQ) started a personal blog named “SIGINT Historian.” The blog already features a three-part story titled “Personnel Security at Bletchley Park.”

57. Improvements in Mossad-MİT Collaboration Efforts

This week, Intelligence Online reported that discussions have resumed between Israel’s Mossad and Turkey’s National Intelligence Organisation (MİT) with official visits, starting with a visit of Mossad officials in Ankara, Turkey, in order to relaunch the spy agencies’ collaboration efforts.

58. Researchers Discover India’s New Cyber-Espionage Campaign

The Shadow Chaser Group of the GcowSec team discovered and disclosed active infrastructure delivering a malicious Microsoft Word document for cyber-espionage on unidentified targets. The new cyber-espionage campaign is attributed to an actor dubbed as “DONOT TEAM” which has been previously associated with India-based covert cyber surveillance and infiltration vendor “Innefu Labs” which has been providing those products and services to government intelligence agencies since 2010.

59. NSA’s NCM Discusses the “Japanese Diplomatic Secrets” Artefact

United States National Security Agency’s (NSA) National Cryptologic Museum (NCM) released a video for a rare artefact from the NCM’s Library, the “Japanese Diplomatic Secrets” book by Herbert Yardley, a cryptologist and Head of MI8 (better known as the Black Chamber). This book was a forgotten piece of the espionage history until 1979 when David Khan discovered it.

60. Pakistan’s ISI Issues Direct Order to Avoid Agency Politicisation

On Friday, February 25th, news reports revealed that the Director General (DG) of Pakistan’s Inter-Services Intelligence (ISI), Lieutenant General Nadeem Anjum, issued an order to all ISI officials that “no interference in politics would henceforth be tolerated.” It is not clear what led to this order. The article states that “some opposition political leaders have been complaining about the political interference of some ISI officials.” When retired Lieutenant General Amjad Shoaib was asked to comment on the news story, he stated that “such instructions must have been issued” and that the current “DG ISI is a non-political person.”

61. Joint FIVE EYES Warning on Iranian Cyber-Espionage Operations

On February 24th, Thursday, the Signals Intelligence (SIGINT) agencies of the United States, United Kingdom, Australia, Canada, and New Zealand (also known as the FIVE EYES) issued an alert along with a Joint Cybersecurity Advisory on ongoing cyber-espionage operations targeting “global government and commercial networks.” The advisory includes technical indicators, brief overview of the cyber-espionage utilities used, and also attributes the operations to an actor dubbed as “MUDDY WATER” that the joint advisory describes as “a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS)” which is conducting those cyber operations for the “support of MOIS objectives since approximately 2018.”

62. Israeli Court Concludes that NSO Group Was Not Illegally Used

Following week 6 (story #2) case of Israeli police abusing their covert cyber surveillance solution “Pegasus” (developed and sold by NSO Group), the court decided that there was no illegal “Pegasus” use. The investigation results say that “in two instances, unsuccessful attempts were made to hack the phones of people subject to court orders authorising the tracking of their electronic communications, and in a third case the police succeeded, the probe found. It also said investigators looked into the use of a second type of spyware available to police and again found no signs of wrongdoing.”

63. Overview of UK Embassies Covert Communication Antennas

On February 24th, “Ringway Manchester” radio communications history YouTube channel published a 5.5-minute long video on Radio Frequency (RF) antennas observed on embassy buildings in London, U.K., and how those were used for covert RF communications over the years, including communicating with spies of those nation-states.

64. CAR Detainment of French Servicemen on Covert Op Allegation

This week Central African Republic (CAR) authorities arrested 4 French servicemen, part of the MINUSCA mission, at Bangui airport. The 4 army members were later released since they were, according to U.N. spokesman, close protection team of General Stéphane Marchenoir. According to CAR Public Prosecutor’s Office, the “four soldiers were found in a “suspicious” vehicle with weapons” and rumours appeared in the news that they were in a covert operation to initiate a coup by assassinating the President of CAR, Faustin-Archange Touadéra. U.N. spokesman described this as “another disinformation campaign around this incident which is underway on social media in an effort to continue to manipulate public sentiment.”

65. International Spy Museum’s Trabant Car IR Door from Stasi

On February 23rd, the International Spy Museum published a 3-minutes long video presented by historian and collector, Keith Melton. The video was about a covert illumination device concealed in a Trabant car’s door by the East Germany’s Ministry for State Security (MfS), better known as Stasi, to be able to conduct night covert photography operations.

66. MI6 Chief Highlights FIVE EYES Espionage Success on the Russian-Ukrainian Conflict

Richard Moore, Chief of Britain’s Secret Intelligence Service (SIS), also known as MI6, stated the following in relation to Russian President Vladimir Putin’s intentions in the Russia-Ukraine conflict: “we exposed his attempts to engineer ‘false flag’, fake attacks to justify his invasion. This attack was long planned, unprovoked, cruel aggression.” The article includes more similar perspectives from other senior intelligence officers from the U.K. and the U.S.

67. Ukraine Discloses Cyber-Espionage Operation from Belarus

The national Computer Emergency Response Team of Ukraine (CERT-UA) issued a warning on Friday about an active spear-phishing campaign impersonating a popular Ukrainian email provider, and targeting explicitly “Ukrainian military personnel and related individuals.” According to CERT-UA, the cyber-espionage operation can be attributed to an actor dubbed as “UNC1151” who is identified as a Minsk-based group from the Ministry of Defence of the Republic of Belarus.

68. HawkEye 360 Video on Satellite RF Signals Exploitation

On February 24th, Geospatial Intelligence (GEOINT) vendor “HawkEye 360” published a 6-minute long video which is the second episode of the “HawkEye 101” series, and it’s titled “Exploiting RF Signals.” The first episode was published at the end of 2021 and it was titled “Intro to Radio Frequency.”

69. Head of German BND Evacuated from Ukraine with the Support of Special Operations Forces

As reported by Reuters, Bruno Kahl, President of Germany’s Federal Intelligence Service (BND) was in Kiev, Ukraine when the Russian attacks started and due to the closure of the airspace, he was stranded in the country. Special Operations Forces (SOF) organised a rescue mission and escorted him overland back to Germany on a trip that lasted approximately 2 days. The Wall Street Journal noted that this is “highlighting the low-risk assessment of the German and other European intelligence services about the potential for an invasion of Ukraine, which left many capitals largely unprepared for the war despite weeks of warnings from U.S. and U.K. intelligence.”

70. Norwegian Intelligence Releases 2022 Threat Assessment

The Norwegian government published their 2022 National Threat Assessment (NTV) in both Norwegian and English. The report is co-authored by the Norwegian Police Security Service (PST), the Norwegian Intelligence Service (NIS), and the Norwegian National Security Authority (NSM). The report has 3 sections: 1) State intelligence activities, 2) Politically motivated violence-extremism, and 3) The threat against dignitaries. In terms of espionage, the greatest threat is assessed to be originating from Russia and China.

71. US Army Publishes Video on Fort Huachuca’s Multi-Domain Operations Modernisation Efforts

On February 22nd, the United States Army published a 12.5-minute long video on “Modernizing in Multi-Domains.” The video focuses on the current and future role of Fort Huachuca, located in Sierra Vista, Arizona. This establishment is a key facility for U.S. Army’s intelligence capabilities including the U.S. Army Intelligence Centre (USAICoE), the Network Enterprise Technology Command (NETCOM), and more.

72. Israeli Intelligence Concerns Over Chinese Penetration in Israel

On Friday, Feb. 25th, Amos Harel of the Haaretz published a story on Chinese espionage on Israel’s industrial-technological industry, and influence covert operations. The article quotes several high-ranking Israeli intelligence and government officials who raise concerns over the recent collaborations between Chinese and Israeli companies. For example, Nir Ben Moshe, Director of the Directorate of Security for the Defence Establishment (DSDE) in the Ministry of Defence of Israel stated that he had dealt intensively with Chinese infiltrations and that Israeli companies may be targets of Chinese intelligence collection both for their research & development (R&D), but also due to their deep ties with Israeli counterparts like the United States.

73. Former NSA Hackers Head Becomes CEO of “bracket f, Inc.”

The cyber-security firm [redacted] announced that Tim Kosiba, a 33-year veteran of the U.S. Intelligence Community (IC) is joining their new subsidiary “bracket f, Inc.” as the Chief Executive Officer (CEO). According to Intelligence Online, up to 2019 T. Kosiba was heading National Security Agency’s (NSA) Computer Network Operations (CNO) Division, better known with its past name, the Office for Tailored Access Operations (TAO), responsible for conducting cyber-espionage activities. The new “bracket f, Inc.” focuses purely on the government sector, and according to its parent entity, called [redacted], its mission is “to bring the same state-of-the art platform and nation-state level defense that [redacted] provides to the private sector to government organizations.”

74. SANS Institute Video on Russian Cyber Capabilities & Operations

The conflict of Russia-Ukraine led to an increase in cyber exploitation and cyber attack operations, especially from Russia. For this reason, Cyber Threat Intelligence (CTI) experts from the public and private sector working with the SANS Institute published an 1-hour long webinar titled “Russian Cyber Attack Escalation in Ukraine — What You Need To Know!” which covers 3 areas: 1) Russia’s Cyber Capabilities, 2) Current Russian Cyber Capabilities, and 3) Critical Infrastructure in Conflict.

75. Forbes Reveals “PenLink” — A Widely Used Covert Surveillance Vendor from the United States

Thomas Brewster of Forbes published an investigation on a private firm called “PenLink” that since 1986 has been providing covert surveillance solutions to the U.S. government. According to the report, that includes wiretaps, Advertising-based Intelligence (ADINT), near real-time online tracking, and more. The article also states that the company has an annual revenue of $20 million from U.S. government customers such as the Drug Enforcement Administration (DEA), the Federal Bureau of Investigation (FBI), the Immigration Customs Enforcement (ICE) and numerous more federal and other government agencies in the law enforcement and intelligence space.

76. Podcast: A Secret CIA Leadership Tool

Former United States Central Intelligence Agency (CIA) Clandestine Service officer, Andrew Bustamante, published a new 16-minute long podcast on his series “Every Day Espionage.” The new episode is about a leadership model he was taught at the CIA which differentiates the peoples’ leadership capabilities to two groups, the “Runners” and the “Builders.”

77. Russian Embassy in South Dublin, Ireland is a Spy Hub

According to news reports on The Journal of Ireland, confidential sources informed The Journal that the “Russian Embassy in South Dublin is not just a diplomatic unit but also that it has a high end intelligence capability including monitoring and communicating with agents across Europe.” It was was characterised as a major communications centre, and a training/testing ground prior to deployments to other English-speaking countries. The confidential sources expect 10–15 Russian communications and signals intelligence (SIGINT) experts operating there, mainly from Russia’s Military Intelligence (GRU) and its Foreign Intelligence Service (SVR).

78. Article on the 90s Counter-Intelligence Operation of D. Boone

Former United States Central Intelligence Agency (CIA) officer, Christopher Burgess, published an article detailing how retired U.S. Army First Sergeant (E-7) David Sheldon Boone became a Soviet KGB agent in Germany, how after the Soviet Union collapse continued to spy for the Russian SVR, and eventually, how he was arrested in 1998 through a sting operation and was sentenced in 1999. D. Boone (69) was released from prison in 2020.

79. Podcast: US Military HUMINT Collector James Rasone

On February 26th, the “Combat Story” published a new 2.5-hour long episode featuring James Rasone, former United States military intelligence Human Intelligence (HUMINT) collector. J. Rasone talks about his experiences interrogating terrorists, the training, challenges of HUMINT, the development of intelligence packages for Tier 1 special operations units, and the impact of this profession to his personal and professional life.

80. Yemeni Military Shot Down US-Made Saudi Spy Drone

On Friday, the spokesman for Yemen’s Armed Forces, Brigadier General Yahya Saree, announced that the air defence forces shot down a U.S.-made Intelligence, Surveillance, and Reconnaissance (ISR) drone, operated by the Saudi Arabian government near they city of Al-Juba in Ma’rib Province. This came after a similar event with a U.S.-provided General Atomics MQ-9 Reaper, operated by the Saudi government, that was shot down in the Al-Jawf province of Yemen, near the borders with Saudi Arabia.

81. Alleged Media of Captured Russian Spies in Ukraine

Two persons are shared on social media as, allegedly, Russian spies operating inside Ukraine to assist in the ongoing military operations. The first was detained in Hostomel, near the city of Kiev, and was providing exact coordinates of Ukrainian military positions. According to he reports he is affiliated with Russia’s military intelligence (GRU). The second one (also here), captured in Kharkiv, was transporting specialised weapons (e.g. RG-60TB thermobaric grenades, sniper rifles, quadcopter/drone, etc.) and an inventory sheet with the title “Группа применения специальных средств” (special operations group). Allegedly, this individual was part of a special operations (Spetsnaz) reconnaissance force, potentially from the GRU. The top numbered rows are, reportedly, the 5 members of this unit, along with the identification numbers and rank.

82. Espionage and Corruption In the Spanish Government

On Sunday, Feb. 27th, Archytele published an article on corruption and illegal activities among members of the Spanish government. The article highlights the case of Julio Gutiez, owner of the “Mira” private investigations firm who was charged with covert surveillance targeting Ignacio González, former Madrid president, in Cartagena de Indias (Colombia) in 2008. Another highlighted case is that of Ángel Carromero, secretary general of the Madrid regional branch of the Spanish People’s Party’s youth organisation Nuevas Generaciones, who reportedly hired two private investigators in December 2021 to obtain tax-related information on Tomás Díaz Ayuso, brother of the president of Madrid. The article highlights other cases of bribery, abuse of public funds, and blackmailing indicating a general high-level of corruption.

83. The 1960 Shoot down of of CIA U2 Spy Plane in the Soviet Union

On week 6 (story #35) it was the anniversary of the KGB-CIA spy exchange, and this week the “Dark Docs” YouTube channel published a 9.5-minutes long video about the CIA captured pilot, Francis Gary Powers, and the incident of his U-2 spy plane that was shot down on May 1st, 1960 while flying over the Soviet Union. The U-2 aircraft was already operational for 6 years and until that date it was considered beyond the reach of any missile system.

84. Former Russian Spy that Defected to the UK is Afraid for His Life

Jon Ungoed-Thomas of The Guardian published an article about Soviet defector Boris Karpichkov, former KGB officer who became an FSB officer after the Soviet Union collapse. He defected to Britain in 1998 after operating as a double agent in Latvia. In 2019 Latvian authorities started the extradition proceedings and accidentally the British National Crime Agency (NCA) disclosed his assumed name and current address. He is seriously concerned that this information is known to Russian intelligence who are planning his assassination. He stated “I expect to be killed and I can’t protect myself. My fate can only be described as a dead man walking.”

85. Podcast: The Sacrifices of Adolf Tolkachev

On February 26th, the “Spycraft 101” YouTube channel published an 1-hour long podcast titled “The Sacrifices of Adolf Tolkachev: A Soviet CIA Asset” featuring Pulitzer Prize-winning author David E. Hoffman who wrote the book “Billion Dollar Spy” about A. Tolkachev.

86. Ukraine Uncovers Belarusian Government Cyber Operations

Following the earlier (see story #67 of this week) reporting by the national Computer Emergency Response Team of Ukraine (CERT-UA), a new post from Saturday, Feb. 26th, uncovers more cyber operations. The operations, conducted by “officers of the Ministry of Defence of the Republic of Belarus” target Polish, Russian, and Belarusian organisations. CERT-UA identified the following 7 targets for the new, ongoing, cyber-espionage operation: 1) The World Association of Belarusians (an international civic organisation) 2) Belarusian Music Festival 3) Samara Regional NGO ‘Russian-Belarusian Brotherhood 2000’ 4) The ‘Dziejaslou’ literature & arts magazine 5) ‘Sovetskaya Belorussiya’, a daily newspaper in Belarus 6) Employees of the National Academy of Sciences of Belarus, and 7) ‘Voice of Motherland’, a local newspaper.

87. US-based “Premise” Mobile Application Suspends Ukrainian Activities After Espionage Allegations

On Sunday, Feb. 27th, NBC News reported that the California-based “Premise” mobile application found itself in espionage allegations for the Ukraine-Russia conflict. “Premise” is a crowdsourcing mobile application that prior to the Russian attacks was asking Ukrainian citizens “to take pictures in order to understand citizens’ perceptions.” On an official Facebook post, the Ukrainian General Staff of the Armed Forces stated that Russian intelligence “uses the “premise” application in smartphones. Those facts are confirmed in Stryi and other cities. Therefore, in the event of public detention of such persons, please check their mobile phones and report it to law enforcement agencies.” Following those allegations the CEO of “Premise” Maury Blackman, made an official statement for the suspension of all operations in Ukraine.

88. NSA SIGINT Spy Base in North Yorkshire, UK

The Teesside Live published an article relating to a not-so-well-known United States National Security Agency (NSA) facility inside the United Kingdom. It’s a Signals Intelligence (SIGINT) station located inside RAF Menwith Hill used jointly by the NSA and Britain’s counterpart, the Government Communications Headquarters (GCHQ). The station was established in 1954 and according to the article “despite demolition work taking place at the site in 2019, it was reported that RAF Menwith Hill would remain an integral part of joint UK and US security and has an assured future.”

89. OSINT-Discovered ELINT/SIGINT Flights

This is a brief summary of ELINT/SIGINT flights identified by aviation enthusiasts during this week:

  • 21FEB2022: Summary of at least 8 ISR flights from the U.S. and Ukraine over Ukraine-Russia border. Source
  • 21FEB2022: U.S. Air Force RQ-4B Global Hawk (09–2039, callsign FORTE10) flight from Naval Air Station Sigonella to the borders of Belarus and Ukraine-Russia. Source
  • 21FEB2022: U.S. Army Challenger 650 ARTEMIS (N488CR, callsign: CL60) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
  • 21FEB2022: U.S. Air Force RQ-4B Global Hawk (reg. number N/A, callsign FORTE11) flight from Naval Air Station Sigonella to the borders of Belarus and Ukraine-Russia. Source
  • 21FEB2022: U.S. Navy EP-3E ARIES II(160764, callsign N/A) flight from Crete, Greece. Source
  • 21FEB2022: U.S. Air Force Northrop Grumman E-8C J-STARS (95–0121, callsign REDEYE6) flight from Ramstein Air Base, Germany to Ukraine. Source
  • 21FEB2022: U.S. Air Force Boeing RC-135U Combat Sent (64–14849, callsign HOMER19) flight from Souda Bay, Crete, Greece to the coast of Syria and Lebanon. Source
  • 21FEB2022: U.S. Army Beech RC-12X Guardrail (88–00325, callsign YANK01) and (91–00516, callsign YANK02) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source
  • 21FEB2022: Hellenic Air Force Embraer EMB-145H AEW&C (729, callsign HAF380) flight from Athens to over Bulgaria. Source
  • 21FEB2022: U.S. Navy P8 Poseidon aircrafts (AE679B, callsign N/A) flight from Sigonella Naval Air Station to the Ionian Sea. Source
  • 21FEB2022: U.S. Navy P8 Poseidon (AE67A5 and AE6874 and AE6872, callsign N/A) flight near Russian Navy Slava-class cruiser Marshal Ustinov in the Ionian Sea. Source1 Source2
  • 22FEB2022: Summary of at least 13 ISR flights from the U.S. and Germany over Ukraine-Russia border. Source
  • 22FEB2022: U.S. Air Force Boeing RC-135V River Joint (63–9792, callsign HOMER21) flight from Crete, Greece to Black Sea around the Russian border. Source
  • 22FEB2022: U.S. Air Force Northrop Grumman RQ-4 Global Hawk (reg. number N/A, callsign FORTE12) flight from Sigonella Naval Air Station, Italy to the Ukraine-Russia border. Source
  • 22FEB2022: U.S. Air Force WC-135W Constant Phoenix (61–2667, callsign JAKE21) nuclear explosions identification aircraft took off from RAF Mildenhall, UK declared hydraulic failure emergency. Source1 Source2
  • 22FEB2022: U.S. Air Force RC-135W Rivet Joint (62–4134, callsign JAKE11) flight from RAF Mildenhall, UK to Ukraine-Russia border. Source
  • 22FEB2022: Ukrainian Air Force Bayraktar TB2 (reg. number N/A, callsign N/A) flight near the Ukraine-Russia border. Source
  • 22FEB2022: U.S. Army Challenger 650 ARTEMIS (N488CR, callsign: CL60) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
  • 22FEB2022: RAF Boeing RC-135W River Joint (ZZ664, callsign RRR7215) flight from RAF Brize Norton to the Black Sea at the Russia-Ukraine border. Source
  • 22FEB2022: Italian Air Force Gulfstream G550 AEW (MM62293, callsign IAM1470) flight from Leonardo da Vinci International Airport, Italy to racetrack pattern over the Ionian Sea, near Catanzaro, Italy. Source
  • 22FEB2022: U.S. Air Force Boeing RC-135W Rivet Joint (62–4138, callsign N/A) flight on the South/North Korea border. Source
  • 22FEB2022: U.S. Army Beech RC-12X Guardrail (88–00325, callsign YANK01) and (91–00516, callsign YANK02) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source
  • 22FEB2022: U.S. Navy P8 Poseidon (AE67FE, callsign N/A) flight near Crete, Greece. Source
  • 22FEB2022: U.S. Navy P8 Poseidon (AE6891, callsign N/A) flight near the Skagerrak Strait. Source
  • 22FEB2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
  • 22FEB2022: U.S. Army Beech RC-12X Guardrail (88–00325, callsign YANK03) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source
  • 22FEB2022: U.S. Air Force Boeing RC-135V Rivet Joint (64–14845, callsign N/A) flight over the South/North Korea border. Source
  • 22FEB2022: NATO AEW&C Boeing E-3A Sentry (LX-N90448, callsign NATO06) flight over Poland and Kaliningrad. Source
  • 23FEB2022: Summary of at least 23 ISR flights from the U.S., Sweden and Ukraine over Ukraine-Russia border. Source
  • 23FEB2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7218) flight near the Belarus border. Source
  • 23FEB2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source1 Source2
  • 23FEB2022: U.S. Air Force RQ-4B Global Hawk (10–2045, callsign FORTE11) flight from Naval Air Station Sigonella to the borders of Belarus and Ukraine-Russia. Source1 Source2
  • 23FEB2022: U.S. Air Force RC-135W Rivet Joint (62–4134, callsign JAKE12) flight from RAF Mildenhall, UK to Ukraine-Russia border. Source
  • 23FEB2022: U.S. Army Challenger 650 ARTEMIS (N488CR, callsign: CL60) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
  • 23FEB2022: U.S. Air Force Boeing RC-135U Combat Sent (64–14849, callsign HOMER39) flight from Souda Bay, Crete, Greece to the coast of Syria and Lebanon. Source
  • 23FEB2022: U.S. Navy Lockheed EP-3E ARIES II(156529, callsign BATMN30) flight over the North/South Korea border. Source
  • 23FEB2022: U.S. Air Force Boeing RC-135W Rivet Joint (62–4130, callsign WNSOR01) flight from Minneapolis−Saint Paul International Airport, U.S. to RAF Mildenhall, UK. Source
  • 23FEB2022: U.S. Navy P8 Poseidon (AE67AE, call sign N/A) heading towards Skagerrak. Source
  • 23FEB2022: NATO AEW&C Boeing E-3A Sentry (LX-N90454, callsign NATO02) flight over Ukraine-Russia border. Source
  • 23FEB2022: U.S. Air Force RQ-4 Global Hawk (reg. number N/A, callsign R03319) flight from Naval Air Station Sigonella to the borders of Belarus and Ukraine-Russia. Source
  • 23FEB2022: Diamond Executive Aviation covert special mission Beech 90 King Air (G-WKTO, WKT14) flight from Birmingham Airport to ISR flights in cities near Brecon Beacons National Park, UK. Source
  • 23FEB2022: U.S. Army Beech RC-12X Guardrail (91–00516, callsign YANK03) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source
  • 23FEB2022: Compagnia Aeronautica Italiana (covert Italian intelligence) Dassault Falcon 900LX (I-DIEM, callsign CPI231) flight from Budapest, Hungary to Ukraine. Source
  • 23FEB2022: 2 Excel Aviation (allegedly covert MI5) Beechcraft Super King Air 200 (G-WCCP, callsign BRO26) flight from Jersey Airport to Doncaster Sheffield Airport, UK. Source
  • 23FEB2022: Qatar Air Force Bayraktar TB2 (QA601, callsign N/A) flight from the Al-Shamal UAV base to ISR pattern over Abu Sidrah. Source
  • 24FEB2022: Summary of at least 19 ISR flights from the U.S., Sweden and Ukraine over Ukraine-Russia border. Source
  • 24FEB2022: U.S. Air Force RC-135W Rivet Joint (62–4130, callsign JAKE11) flight from RAF Mildenhall, UK to Ukraine-Russia border. Source
  • 24FEB2022: U.S. Navy P8 Poseidon (AE6834, callsign N/A) flight over the Ionian Sea. Source
  • 24FEB2022: NATO AGS RQ-4D Phoenix (MM-AV-SA-001, callsign UAVGH000) flight from Naval Air Station Sigonella, Italy to the Black Sea and back. Source
  • 24FEB2022: NATO AEW&C Boeing E-3A Sentry (LX-N90456, callsign NATO01) flight over Ukraine and Kaliningrad. Source
  • 24FEB2022: U.S. Air Force RQ-4A Global Hawk (reg. number N/A, callsign FORTE12) flight from Naval Air Station Sigonella to the Black Sea near the Ukraine-Russia border. Source
  • 24FEB2022: U.S. Army Challenger 650 ARTEMIS (N488CR, callsign: BRIO68) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
  • 24FEB2022: U.S. Navy P8 Poseidon (AE48AA, callsign N/A) flight near the Skagerrak Strait. Source
  • 24FEB2022: U.S. Air Force Northrop Grumman E-8C J-STARS (95–0121, callsign REDEYE6) flight from Ramstein Air Base, Germany to Poland. Source
  • 24FEB2022: NATO AEW&C Boeing E-3A Sentry (LX-N90448, callsign NATO09) flight over Poland and Kaliningrad. Source
  • 24FEB2022: RAF Beechcraft Super King Air 350 (ZZ419, callsign RRR7419) flight from Belfast International Airport, Ireland to Farnborough Airport, UK and back. Source
  • 24FEB2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
  • 24FEB2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7216) flight from RAF Waddington to Poland. Source
  • 24FEB2022: Skyborne Aviation Diamond Surveillance DA42 MPP Guardian (G-SADB, callsign EXM18) flight from Cardiff Airport, to ISR racetrack patterns in the nearby coast and over River Severn, to more ISR nearby Gloucester, and landing at the Gloucestershire Airport. Source
  • 24FEB2022: U.S. Army Beech RC-12X Guardrail (91–00516, callsign YANK03) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source
  • 24FEB2022: U.S. Air Force Boeing RC-135W Rivet Joint (62–4138, callsign N/A) flight on the South/North Korea border. Source
  • 24FEB2022: Swedish Air Force AEW&C Saab S100D Argus (100003, callsign 00C603) flight from Malmen Airbase to Kaliningrad. Source
  • 25FEB2022: Summary of at least 25 ISR flights from the U.S., Sweden and Ukraine over Ukraine-Russia border. Source
  • 25FEB2022: U.S. Air Force RQ-4B Global Hawk (10–2045, callsign FORTE11) flight from Naval Air Station Sigonella to the borders of Belarus and Ukraine-Russia. Source
  • 25FEB2022: U.S. Air Force RC-135W Rivet Joint (62–4134, callsign JAKE12) flight from RAF Mildenhall, UK to Ukraine-Russia border. Source
  • 25FEB2022: U.S. Army Challenger 650 ARTEMIS (N488CR, callsign: BRIO68) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
  • 25FEB2022: NATO AEW&C Boeing E-3A Sentry (LX-N90454, callsign NATO01) flight over Poland and Kaliningrad. Source
  • 25FEB2022: U.S. Navy Poseidon P8 (AE688B, callsign N/A) on patrol near the coast of Denmark. Source
  • 25FEB2022: RavenAir Pilatus PC-12 NGX covert surveillance plane (G-MDSI, callsign RVR12SI) flight from Manchester Airport, to Oxford Airport, to Waterford Airport, and return to Birmingham Airport, UK. Source
  • 25FEB2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
  • 25FEB2022: Thales (UK) Diamond Surveillance DA62 MPP (OE-FMF, callsign OEFMF) flight from the Albrecht Dürer Airport, Germany to ISR flight near Würzburg, Germany and return to Magdeburg–Cochstedt Airport, Germany. Source
  • 25FEB2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7235) flight from RAF Waddington to Poland. Source1 Source2
  • 25FEB2022: U.S. Air Force RQ-4A Global Hawk (reg. number N/A, callsign FORTE12) flight from Naval Air Station Sigonella to the Black Sea near the Ukraine-Russia border. Source
  • 25FEB2022: U.S. Air Force RC-135W Rivet Joint (62–4135, callsign GAUDY42) flight off the coast of Baja, California. Source
  • 25FEB2022: Diamond Executive Aviation covert special mission Beech 90 King Air (G-WKTO, WKT37) flight from Birmingham Airport to ISR flights in cities near Brecon Beacons National Park, UK. Source
  • 25FEB2022: U.S. Air Force Boeing RC-135U Combat Sent (64–14849, callsign HOMER59) flight from Souda Bay, Crete, Greece to the coast of Syria and Lebanon. Source
  • 26FEB2022:
  • 26FEB2022: Two U.S. Air Force RQ-4B Global Hawk (10–2045 and 09–2039, callsign FORTE11) flight from Naval Air Station Sigonella to the Black Sea. Source
  • 26FEB2022: U.S. Air Force RC-135W Rivet Joint (62–4134, callsign WNSOR01) flight from RAF Mildenhall, UK to Ukraine-Russia border. Source
  • 26FEB2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
  • 26FEB2022: U.S. Air Force Boeing RC-135U Combat Sent (64–14849, callsign HOMER69) flight from Souda Bay, Crete, Greece to the coast of Syria and Lebanon. Source
  • 26FEB2022: U.S. Air Force Northrop Grumman E-8C J-STARS (95–0121, callsign REDEYE6) flight from Ramstein Air Base, Germany to Ukraine. Source
  • 26FEB2022: U.S. Air Force RC-135W Rivet Joint (62–4130, callsign JAKE11) flight from RAF Mildenhall, UK to Poland-Ukraine border. Source
  • 26FEB2022: U.S. Air Force Boeing RC-135W River Joint (62–4139. callsign PYTHN56) flight from Al Udeid Air Base, Qatar towards Iraq. Source
  • 26FEB2022: U.S. Air Force Boeing RC-135V River Joint (63–9792, callsign HOMER21) flight from Crete, Greece to Black Sea around Romania-Moldova border. Source
  • 27FEB2022: U.S. Army Challenger 650 ARTEMIS (N488CR, callsign: CL60) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
  • 27FEB2022: NATO AEW&C Boeing E-3A Sentry (LX-N90448, callsign NATO09) flight over Poland and Kaliningrad. Source
  • 27FEB2022: U.S. Air Force RQ-4B Global Hawk (reg. number N/A, callsign FORTE11) flight from Naval Air Station Sigonella to the Black Sea. Source
  • 27FEB2022: Diamond Executive Aviation covert special mission Beech 90 King Air (G-WKTO, WKT58) flight from Birmingham Airport to ISR flights in cities near Tywi Forest. Source
  • 27FEB2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
  • 27FEB2022: Thales (UK) Diamond Surveillance DA62 MPP (OE-FMF, callsign OEFMF) flight from Magdeburg–Cochstedt Airport, Germany to Nuremberg Airport, Germany. Source
  • 27FEB2022: U.S. Army Beech RC-12X Guardrail (88–00325, callsign YANK02) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source
  • 27FEB2022: U.S. Navy Lockheed EP-3E ARIES II(156529, callsign BATMN01) flight over the North/South Korea border. Source
Espionage
Spy
Humint
Sigint
Cyber

--

--

The Spy Collection

Written by The Spy Collection

1.1K Followers

Weekly summaries of all published espionage-related news stories. For inquiries please use: info@spycollection.org

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams