Open in app

Sign in

Write

Sign in

SPY NEWS: 2022 — Week 9

Summary of the espionage-related news stories for the Week 9 (28 February-6 March) of 2022.

The Spy Collection
46 min readMar 6, 2022

1. Russian FSB Warns Citizens of Espionage Charges for Helping Ukrainian Intelligence Agencies

On February 28th, the Moscow department of Russia’s Federal Security Service (FSB) announced that citizens who are helping the Ukrainian intelligence agencies will be facing criminal charges. The statement highlighted that “the transfer or collection, on the instructions of foreign intelligence or a person acting in its interests, of information for use against the security of the Russian Federation constitutes a crime under Article 276 of the Criminal Code (espionage), and is punishable by imprisonment for up to 20 years.” This came after several calls (see story #5) for general public’s support by the security and defence services of the Ukrainian government.

2. [Spy Collection] KMZ FT-2 (ФТ-2) Panoramic Camera Video

On Monday, February 28th, we published a video presentation of a Cold War panoramic camera, designed by Fedor Tokarev, produced by KMZ, and used also by Soviet Union’s KGB in the period of 1958–1967 for surveillance operations. The Soviet FT-2 (ФТ-2) panoramic camera.

3. Yemeni Armed Forces Shoot Down Another US-made Spy Drone

Following last week’s (story #80) Yemeni military shooting down of two U.S.-made surveillance drones operated by Saudi Arabia, on Monday Yemeni Armed Forces spokesman, Brigadier General Yahya Saree, announced that another U.S.-made surveillance drone was shot down by the air defence units while flying over the northern province of Hajjah, Yemen. The announcement identified it as a Boeing Insitu ScanEagle unmanned aerial vehicle (UAV).

4. IBM Security X-Force Publishes 2022 Threat Intelligence Index

IBM’s X-Force cybersecurity published the “Threat Intelligence Index 2022” which includes a 59-pages long intelligence report based on all the threats IBM’s threat intelligence department identified throughout 2021. Only 2% of all observed cyber activity was related to nation-state cyber-espionage operations, and the report briefly highlights a few examples of those.

5. Ukrainian SBU Asks People for Cyber Intelligence on Russia

Through their official Telegram and Twitter accounts the Ukrainian Security Service (SBU) announced the creation of the “STOP Russian War” (@stop_russian_war_bot) social media bot which is there to receive tips on vulnerabilities, misconfigurations, flaws, backdoors, credentials, or other exploitable issues on Russian infrastructure that SBU cyber operators can use to conduct cyber-espionage and cyber attack operations against Russia. See story #1 for Russia’s response to this.

6. AFIO Interview: The Highest-Ranking CIA Officer Ever Convicted of Espionage and the Son He Trained

The U.S. Association of Former Intelligence Officers (AFIO) published an 19-minutes long interview of investigative reporter Bryan Denson about his 2015 book “The Spy’s Son: The True Story of the Highest-Ranking CIA Officer Ever Convicted of Espionage and the Son He Trained to Spy for Russia.” The host of the interview is James R. Hughes, 17th President of AFIO and 37-year veteran Central Intelligence Agency (CIA) Operations Officer.

7. New “Daxin” Chinese Cyber-Espionage Software Implant

The Threat Hunter Team of Symantec cyber-security firm uncovered a previously unknown cyber-espionage software implant developed and used by China-linked cyber operators to conduct espionage on behalf of the intelligence services of China. The researchers discovered it in a compromised system in November 2021 but they have evidence that earlier versions go back as far as 2013. The covert software implant they dubbed as “Daxin” performs several advanced operations including the creation of a covert communications network using the compromised systems. The analysis states that it appears to be used in “a long-running espionage campaign against select governments and other critical infrastructure targets.”

8. North Korea Claims to Have Tested Spy Satellite EO Sensor and Communications Systems

In a public statement the North Korean government announced via the Korean Central News Agency (KCNA) that there was a successful test of an Electro-Optical (EO) sensor (e.g. an EO camera) which will be installed on a reconnaissance satellite. According to expert Dr. Jeffrey Lewis there was no space launch, but the test might have been conducted using a suborbital trajectory missile. He also commented that this is not a common methodology for testing those types of sensors. Later on, on Saturday, the N. Korea’s National Aerospace Development Administration (NADA) also stated that using a missile test near the Sunan area, they successfully completed the communications (transmission/reception) system testing for the satellite.

9. Leaked 2014 Classified Document Shows Russia’s Intent to Challenge NATO and Reveals COP “EAGLE GUARDIAN”

Investigative journalist Abdullah Bozkurt published an article leaking a 2014 document from the Supreme Allied Commander — Europe (SACEUR) of NATO, classified as “SECRET”, which was a series of Contingency Plans (COP) in case Russia decides to challenge the NATO membership of nearby countries. One of the COPs presented was the “EAGLE GUARDIAN” which was around the reinforcement of Poland and/or Estonia, Latvia, and Lithuania during such a crisis. The 2014 document, that was signed by U.S. Air Force General Philip M. Breedlove, shows that “EAGLE GUARDIAN” was updated to “deal effectively with a crisis that may develop as a result of Russian aggression threatening the sovereignty and territorial integrity of Poland and/or Estonia, Latvia and Lithuania. The crisis leads to an increase in tension between Russia supported by Belarus on one side and Poland and/or Estonia, Latvia and Lithuania on the other, culminating in Russia non-military/asymmetric actions and possible military actions that could lead to a military confrontation.”

10. International Spy Museum’s Virtual Spy Chat

On Feb. 28th, The Washington DC-based International Spy Museum published an 1-hour long video conference recording from an event that took place on Feb. 17th. The event was facilitated by International Spy Museum’s Director of Adult Education, Amanda Ohlke, and featured the museum’s CEO and 34-year veteran of the Department of Defense with extensive experience in Special Operations Forces (SOF) and Special Mission Units (SMUs), Chris Costa, who was also recently the Special Assistant to the President & Senior Director for Counterterrorism at the National Security Council. The “special guest” of the event is Debra Evans, Former Deputy Assistant Director of the Counterintelligence Division of the FBI.

11. Canadian CSIS Spy Releases Book About his Experiences

Canadian Security Intelligence Service (CSIS) intelligence officer Andrew Kirsch announced the release of a book titled “I Was Never Here.” He joined CSIS in 2006 and served until June 2016. He said that “there hadn’t been any spy memoirs that I know, about Canadian spies… and I can say that no, there were certainly some moments, in a windowless office, writing memos, reading reports, that I thought this is not what I signed up for. And then, there were times where I was out late at night, doing special operations, where I thought, yeah, this is exactly what I hoped to be doing, and sometimes be careful what you wish for.”

12. Italian DIS Publishes Annual Parliament Intelligence Report

On Monday, Italy’s overarching organisation for all Italian intelligence agencies, the Department of Information for Security (DIS), released their “Relazione al Parlamento 2021” (Report to Parliament 2021) that summarises all the intelligence-related events of 2021 and forecasts this year’s development. The 136-pages long report is in Italian and covers the following 7 domains: 1) National security, 2) Geopolitical scenarios, 3) International terrorism, 4) Illegal immigration, 5) Subversion and extremist, 6) Criminal interference, and 7) Environmental safety. The Decode39 published a summary of the DIS intelligence report in English.

13. Russian Cyber Espionage Operation Impersonating SBU

According to Ukraine’s Security Service (SBU), CERT-UA, and Cyber Police, there was a mass cyber operation targeting the general public of Ukraine by impersonating evacuation plans notifications originating from SBU. The announcement states that the objective was to install cyber-espionage software on the victims’ devices and the operation was attributed to Russia.

14. South African SSA’s Clandestine “Operation Justice” Uncovered

Based on an investigation by News24 through the process of documents declassification, South Africa’s intelligence agency, the State Security Agency (SSA), initiated a clandestine operation dubbed as “Operation Justice” in 2015 with the intention to have control of the country’s justice system. The documents indicate that SSA covertly hand-delivered around R4.5 million (which is roughly $292,000) to the then Minister of State Security, David Mahlobo. The reporters state that this was to “influence and recruit sources within the judiciary and influence court cases.”

15. US Expels 12 for Espionage from Russia’s Mission to the UN

On March 1st, Deputy U.S. Representative to the United Nations, Ambassador Richard Mills, announced 12 U.N. diplomats of the Russian mission are persona non grata (PNG) and have to leave by March 7. Although the PNG process does not require a justification, R. Mills stated that those 12 Russian nationals “abused their privileges of residency in the United States by engaging in espionage activities that are adverse to our national security.” Russia described this as a “hostile action” and violation of the commitments by the U.S. as host country of the United Nations headquarters. Lastly, the Russian Permanent Representative to the U.N., Vasily Nebenzya, promised a Russian response to the expulsion of diplomats on an “eye for an eye” basis.

16. Australian Intelligence Community Obtaining More Intelligence Collection Power for Domestic Covert Operations

On Monday all of the Australian intelligence communities agencies came before the Australian Parliament to support the new legislation that is in the review and approval process. The new law expands their domestic intelligence-collection authorities for cases when “an Australian person’s safety is in imminent risk” and also to “seek ministerial authorisation to produce intelligence on Australians involved with a listed terrorist organisation rather than having to obtain multiple, concurrent authorisations” and other similar powers. The Australian intelligence community supported their authority expansion by stating that those new powers will only be used in “niche circumstances.”

17. Aviation Experts Uncover BND Covert Planes and Front Company

On the German-speaking SIGINT-Group forum researchers discovered correlations between new and old/confirmed covert flights of the German Federal Intelligence Service (BND) allowing them to link the private aviation company “Zeman Flugtechnik und Logistik München GmbH” and “ZEMAN NEXTGEN” operator with the BND. This also revealed that BND operates a Dassault Falcon 900EX with the registration number D-AZEM, as well as a Dassault Falcon 8X with the registration number D-AAND. The new aircraft so far has been using the callsign “AYJ” which is also the 3-Letter-Designator (3LD) of the Germany-based “ZEMAN NEXTGEN.”

18. Russia’s Secretive RSB, the Hunt for President Zelensky, and the FSB Double Agents

According to Intelligence Online reporting, private Russian intelligence firm RSB, a company employing almost exclusively former Russian Military Intelligence (GRU) operatives, is in Kiev, Ukraine along with the Russian Private Military Contractor (PMC) Wagner are on a joint special operation and intelligence gathering mission to discover the location of Ukrainian President Volodymyr Zelensky, and assassinate him. Later in the week, The Times reported that this mission, along with another one (see story #26) were thwarted by anti-war Russian intelligence officers from Russia’s Federal Security Service (FSB) who notified the Ukrainian Security Service (SBU) in a timely manner to protect President Zelensky.

19. Podcast: Havana Syndrome Special

Last week (story #16) the “60 Minutes” show was dedicated to the, so-called, “Havana Syndrome” from which several U.S. intelligence officials have been suffering and the Central Intelligence Agency (CIA) is actively investigating. This week, SpyScape’s “True Spies” podcast series published a new episode titled “Havana Syndrome Special” and featuring 26-year CIA veteran Marc Polymeropoulos who was affected by this during a CIA trip to Russia in 2017.

20. BBC Asks High Court to Reveal MI5 Agent’s Real Identity to Protect Women from His Abusive Actions

BBC’s legal team is following the court route for an, alleged, British MI5 agent referenced only as “X” in the proceedings. According to BBC this male individual represents a danger to women based on accusations from his previous two partners, one of them stating that “he is dangerous enough to kill a woman and I fear that he will do so if he is not challenged and exposed.” During the court hearing, U.K. government’s Attorney General, Suella Braverman, neither confirmed nor denied that “X” is an MI5 agent or Covert Human Intelligence Source (CHIS). According to the report Braverman “is seeking an injunction to block the broadcast, arguing that identifying X would create a “real and immediate risk” of serious or life-threatening harm to him and would damage national security.”

21. Ukraine Asks for SAR Data to Produce Actionable Intelligence

Through a tweet message the Vice Prime Minister of Digital Transformation of Ukraine, Mykhailo Fedorov, asked a few specific satellite vendors to provide Ukraine with Synthetic Aperture Radar (SAR) satellite data so that Ukraine’s intelligence analysts can use it to uncover Russian forces’ activities.The explicit request for SAR data is explained by Fedorov as “…especially at night when our technologies are blind in fact! SAR satellite data is important to understanding Russian troop and vehicle movements at night considering that clouds cover about 80 percent of Ukraine during the day.”

22. Belarusian Intelligence Faced Interception Jamming in Ukraine

On March 1st, Intelligence Online reported that the Belarusian intelligence that was tasked with Signals Intelligence (SIGINT) in Ukraine, in support of their close ally, Russia, started facing issues around 10 days prior to the Russian attack in Ukraine. The report says that the Belarusian interception cells were jammed and unable to collect SIGINT. Belarus informed their Russian counterparts of the issue but the root cause of this (potentially Electronic Warfare (EW) capabilities) is not publicly known yet.

23. North Korean Cyber Espionage Operation Targeting Think Tanks

On Tuesday, March 1st, Huntress cyber-security firm’s Senior Security Researcher John Hammond published a technical analysis of a cyber-espionage operation his employer identified and investigated on February 16th. The cyber-espionage operation was/is targeting “security think tanks” using a custom-made and advanced covert software implant dubbed as “BABYSHARK.” The analysis highlights that “this activity aligns with known tradecraft attributed to North Korean threat actors.”

24. Crypto Museum: Štolba 1930s Cipher Machine

The Netherlands-based Crypto Museum added a new page for the lesser-known Štolba pneumatic rotor-based cipher machine which was used by the Czechoslovak Army in the late 1930s, and later in Slovakia during World War II, for secure military communications. The images originate from the Security Services Archive, founds of the Intelligence Department of the General Headquarters of the Czechoslovak Army.

25. French Military Intelligence “Plateau Méditerranée” Fusion Cell

As reported by Intelligence Online the French Ministry of Defence’s Directorate of Military Intelligence (DRM) is trying out a new operating model with “fusion cells.” One that became recently known, mainly due to job listings, is “Plateau Méditerranée” (Mediterranean Stage), which, based on the job listings, “covers the countries around the Mediterranean” and is mission is “implementing geostrategic intelligence, information capitalization and cross-checking know-how, as well as developing intelligence of military interest.” The “Plateau Méditerranée” is headquartered in Paris, France and, according to Intelligence Online, the new cell “is designed to help it better anticipate crises in the strategic region amid mounting in-house organisational woes and staffing issues.”

26. Ukraine Forces Reportedly Stop President Assassination Plot By the Kadyrovtsy Force Based on Russian Intelligence Tip-Off

As reported by Joseph Trevithick of the Warzone, the Ukrainian National Security and Defense Council Chief, Oleksiy Danilov, announced that the Ukrainian forces killed members of the paramilitary “Kadyrovtsy” force, a unit led by Ramzzan Kadyrov from the semi-autonomous Chechnya. Danilov claimed that they were on a mission to assassinate Ukraine’s President Volodymyr Zelensky but they were killed in Kiev. According to Danilov, this was done thanks to a tip-off the Ukrainian intelligence received from some Russian Federal Security Service (FSB) officers that were opposed to the military conflict between the two countries. Later in the week, The Times reported, that another assassination plot (see story #18) was thwarted by the same FSB individuals, for the same reasons.

27. Microsoft Intelligence Summary on Cyber Operations in Ukraine

Microsoft published a summary of the cyber activity they observed in Ukraine including that hours before the Russian attack Microsoft’s Threat Intelligence Centre (MSTIC) detected a cyber attack against Ukraine’s digital infrastructure with a new custom-made software implant (trojan) they dubbed as “FoxBlade.” Based on MSTIC’s description, FoxBlade covertly infects systems in order to perform “distributed denial-of-service (DDoS) attacks without your knowledge.” The post also states that they are collaborating with the Ukrainian authorities, NATO officials in Europe, and American officials in Washington to respond to those cyber threats. Apart from this, the post also highlights how Microsoft Start platform will stop displaying Russian state-sponsored RT and Sputnik content, in accordance with an EU decision. The post also includes topics such as humanitarian support and protection of employees.

28. CIA Data Mining in SWIFT Financial Data from Europe

Erich Moechel originally published this research in German, but on March 2nd it was also translated to English by DeepSec Blog. SWIFT is a restricted network that financial institutions use for transactions. Due to The Terrorist Finance Tracking Program (TFTP) treaty, the E.U. sends massive amount of SWIFT datasets to the U.S. As it became known, the U.S. provides those to the Central Intelligence Agency (CIA), among others, to identify terrorist financing activities. However, over the years there have been indications that the CIA might be using that E.U. sensitive data for other purposes too.

29. Afghanistan’s GDI Uses Its Resources to Suppress Free Speech

The Committee to Protect Journalists (CPJ) published an article explaining how the Taliban-controlled General Directorate of Intelligence (GDI) has been systemically using its capabilities and resources to suppress free speech, harass, and arrest journalists and activists that provide opposing views. For instance, GDI issued mandatory rules on what is not allowed to report on, journalists have been detained, tortured, and interrogated for their work, etc. Note that the Director of GDI, appointed by the Taliban, is Abdul Haq Wasiq, a suspected terrorist who was apprehended and detained in Guantanamo detention camp, Cuba (2002–2014). He was released in 2014 in exchange of the U.S. Army soldier Bowe Bergdahl who was captured by the Taliban-affiliated Haqqani terrorist group.

30. New Destructive Cyber Operations Identified in Ukraine

Following last week’s (story #38), ESET cyber-security firm published a new technical analysis on a second destructive cyber operation that hit Ukrainian government’s networks on Feb. 24th, prior to the Russian military attack. This cyber attack was using a never seen before software implant that ESET dubbed as “IsaacWiper” and had no similarities to the one used in the previous attack. The technical analysis indicates that it was compiled on October 19th, 2021 and it’s designed to detect storage drives on a computer and then wipe their data. On Feb. 25th, the operators deployed a new version of “IsaacWiper” with additional logging capabilities to the infected systems which, according to ESET researchers, “may indicate that the attackers were unable to wipe some of the targeted machines and added log messages to understand what was happening.” No attribution was made by ESET.

31. ASIS on Observations and Challenges of Modern HUMINT

The YouTube channel of the Australian Secret Intelligence Service (ASIS) published a 24-minute long presentation of its Director-General, Paul Symon, on the topic of “Fundamentally Human: Observations and Challenges of Modern HUMINT.” Although this was published on March 2nd, the original event took place on Feb. 24th at the Australian Institute of Professional Officers (AIPIO) 2021 Conference. Note that 2022 marks the 70th anniversary of ASIS (1952–2022).

32. Bulgaria Expels 2 Russian Diplomats on Espionage Accusations

On Wednesday, Mach 2nd, Bulgaria’s Minister of Foreign Affairs, Teodora Genchovska summoned Russia’s Ambassador, and soon after that, it was publicly announced by Genchovska that “two Russian diplomats have been declared persona non grata, after we received a letter from the chief prosecutor.” According to Bulgarian media, Bulgaria’s State Agency for National Security (SANS) identified a high-ranking Bulgarian military retired officer working in Bulgaria’s Ministry of Defense, Brigadier-General Valentin Tsankov, allegedly, was selling classified military information to an unnamed Russian adviser from the Russian embassy, the documents were mainly related to NATO and E.U. developments.

33. Verdict Announcement for ASMLA Spy Ring in Denmark

In week 5 (story #28) we discussed the case of the 3 arrested and charged members of the Iranian separatist group Arab Struggle Movement for the Liberation of Ahwaz (ASMLA) in Copenhagen, Denmark. The group was conducting espionage on behalf of Saudi Arabia. This week it was announced that the group’s leader, Habib Yabor Kabi, was sentenced to 8 years in prison. His brother, Tamim Farouk Beck, to 7 years in prison. And Kabi’s son-in-law, who is a Danish citizen named Jacob Mohamed, was sentenced to 6 years in prison. The court found all 3 guilty of “creating an intelligence unit for a Saudi intelligence service over a period of several years.” This case started in 2018 when the Danish Defence Intelligence Service (DDIS) foiled an assassination attempt against Kabi “allegedly sponsored by the Iranian regime in retaliation for the killing of 24 people in Ahvaz in September 2018.” Later in 2020, Denmark convicted a Norwegian-Iranian to 7 years in prison for his role in this assassination plot against Kabi. Note that the Iranian ASMLA “supports self-determination for the Ahvaz area in Iran’s southwest, and its leaders live in Denmark and the Netherlands.”

34. Podcast: Retired CIA B. Johnson on Ukraine, Russia, Canada, Vladimir Putin, Zelensky, Xi Jingping

On March 2nd, Addy Adds published an 1-hour long podcast featuring Brad Johnson, 25-year veteran United States Central Intelligence Agency (CIA) Senior Operations Officer and Chief of Station (COS). The podcast covers the latest developments in geopolitics from the perspective of a recently retired and experienced CIA Operations Officer.

35. Russian Forces Bomb Ukrainian SBU and 72nd PSO Centre

On Wednesday Russian Defense Ministry spokesman, Major General Igor Konashenkov, announced a warning to citizens living nearby the headquarters of the Ukrainian Security Service (SBU) and the 72nd Psychological Operations (PSO) Centre in Kiev, to evacuate the area. Later on, the Russian forces proceeded with bombing the sites, including disabling the control room of the“Kiev TV” tower that was used for broadcasts.

36. Belarus Uses Compromised Ukrainian Military Emails to Target EU Governments for Refugee Movements Tracking

The Threat Research Team of cyber-security firm Proofpoint published a threat research on an active cyber-espionage operation likely executed by an actor dubbed as “UNC1151” and who has been previously associated with the Belarusian Ministry of Defence. The actor used compromised private emails of Ukrainian military personnel (allegedly a follow up of last week’s story #67) to target European government officials involved in the logistics of refugees fleeing Ukraine. The covert software implant developed and used by the actors was dubbed as “SunSeed” by Proofpoint’s team.

37. Qatar Used Former CIA Spies for “World Cup 2022” Covert Influence Operation

Associated Press (AP) reported that to combat the views of the Head of the German Soccer Federation, Theo Zwanziger, who was protesting against awarding the “2022 World Cup” to Qatar, due to human rights abuses and violations the Qatari government paid $10 million for a covert influence operation they dubbed as “Project Riverbed” for which AP obtained confidential documents. The report highlights that this project was executed by former U.S. CIA officers, and explicitly names former CIA officer Kevin Chalker and company, Global Risk Advisors (GRA). When AP asked Chalker he responded that the only activity performed was “a media monitoring project staffed by interns and supervised by one full-time employee, who were responsible for reading and summarizing news articles.” According to a GRA document AP had access to, “the primary objective of Project Riverbed was to neutralize the effectiveness of Theo Zwanziger’s criticism of the 2022 Qatar World Cup and his attempts to compel FIFA to take the World Cup from Qatar.” The project ran from Jan. 2012 to mid-2014 and concluded as “successfully employed complex traditional intelligence tradecraft to target individuals within Zwanziger’s circle of influence and modify sentiment associated with the Qatar World Cup.” This was done by engaging with people influential to Zwanziger in order to change their perspective via a coordinated influence operation, and them changing Zwanziger’s views.

38. Ret. DGSE Officer on the Role of French Intelligence in Ukraine

15-year veteran French Directorate-General for External Security (DGSE) officer, Olivier Mas (also known as Beryl 614) published a 10-minute long video titled “Guerre en Ukraine : que peut faire la DGSE?” (War in Ukraine: what can the DGSE do?) for his series “Talks with a Spy.” The presenter explains how in those situations DGSE provides daily briefings to the heads of state, working to dismantle any disinformation, and provide fact-based assessments. He mentions that Russian is one of the top 3 linguist expertise areas of DGSE (along with Arabic and Chinese). Operating in Russia is very challenging. For instance “fake thugs” could physically assault you while on subway, on route for a covert meeting to “pass you the message” that this is not welcome. Both DRM and DGSE would definitely have on-the-ground assets to closely monitor the situation in Ukraine, as well as to assess which measures could work best against Russia’s leadership. Most DGSE technical collection capabilities (such as satellite interceptions, wiretaps, etc.) would be pointed to the Ukraine-Russia “box of operation.” DGSE would be collaborating with Ukrainian intelligence to help them effectively plan and execute interceptions, infiltrate/build human spy networks, share intelligence, etc. If French government decides to activate covert action, then DGSE will have a different mission set such as covert arms deals, paramilitary operations, and even clandestine direct action missions. The covert action risk is high because of the media coverage in Ukraine. Because of this, it’s challenging to remain secret. If covert action is revealed it will likely escalate the tensions with France. People should not lose their focus on China which remains a strategic threat for France.

39. Pakistan Resurfaces the 2016 Espionage Case of Kulbhushan

On March 3rd, the Pakistani Minister for Information and Broadcasting, Fawad Chaudhary, resurfaced the case of Kulbhushan Jadhav who was arrested on March 3, 2016 by Pakistan’s Army for planning to execute subversive actions in Pakistan on behalf of India’s foreign intelligence agency, the Research and Analysis Wing (RAW). According to Pakistani court he was an Indian Navy Commander and had direct involvement in terrorist acts in Pakistan, in the areas of Balochistan and Karachi. In 2017 he was sentenced to death. India’s Ministry of Foreign Affairs stated then that he was “kidnapped last year from Iran and his subsequent presence in Pakistan has never been explained credible.” Later on, in 2019, India appealed for his release but it was rejected. In 2021, Pakistan’s Parliament enacted a law to give Kulbhushan the right to file a review appeal against his conviction. On March 4, 2022 Pakistan urged the Indian government to appoint a lawyer for Kulbhushan before April 13th, 2022 to proceed with the case.

40. US Expels Another Russian Spy Working in the UN

Following the expulsion of the 12 Russian diplomats from the United Nations mission in the U.S. on espionage accusations (see story #15), Reuters reported that a spokesperson of the U.S. mission to United Nations expelled another Russian “intelligence operative” who worked in the U.N. Following that, U.N. spokesman Stephane Dujarric said “we regret that we find ourselves in this situation, but are engaging with the host country. What makes this decision a little difficult to understand is that the staff member was scheduled to end his assignment on March 14th.” The U.N. Ambassador of Russia, Vassily Nebenzia described this as “hostile” move of the U.S.

41. New Missile Warning Spy Satellites for the US Space Force by 2025

Lockheed Martin announced that they will be working with Raytheon for a second mission payload on the U.S. Space Force’s Space Systems Command (SSC) contract for Next Generation Overhead Persistent Infrared Geosynchronous Earth Orbit Block 0 (NGG) satellite surveillance system. The first satellite (of the total 3) will be launched in 2025. NGG satellite constellation’s mission is to be a space-based missile early-warning system that can detect and track current and emerging threats from hostile entities on a global scale.

42. Russian NCCCI Releases Alert on USG Cyber Attacks in Russia

On March 2nd, the Russian National Coordination Centre for Computer Incidents (NCCCI), an organisation of the Federal Security Service (FSB) established in 2018 to prevent and detect cyber attacks in critical infrastructure, announced along with a list of technical indicators that Russian entities are being targeted by Distributed Denial of Service (DDoS) cyber attacks. Based on the analysis of Ravie Lakshmanan of The Hacker News, some of the indicators listed as sources of the DDoS attack included infrastructure registered to the “U.S. Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), and websites of several media publications such as the USA Today, 24News.ge, megatv.ge, and Ukraine’s Korrespondent magazine.” On March 5th, a second list was published. According to Bleeping Computer “while the list of IPs does not provide info on the attackers’ identity, the list of domains points to European Union and US organizations, including the sites of the FBI and CIA (although one can spoof the referrer header info).” The second announcement also revealed instruction guides posted online on how to conduct DDoS attacks against Russian entities using the Low Orbit Ion Cannon (LOIC) DDoS attack tool.

43. Documentary “Inside the Mossad” (Virtually) Screens on March 6

The Azrieli Institute of Israel Studies of the Concordia University in Canada announced that on Sunday, March 6, 2022 there will be a free virtual screening of the documentary “Inside the Mossad.” The film is about the history of the Israeli Mossad from its early post-WWII days to its current state. The Director of the film is Duki Dror who studied film at UCLA and Columbia College Chicago.

44. US Supreme Court Pro-CIA Ruling in Abu Zubaydah Torture Case

On March 3rd, the United States Supreme Court dealing with the case of detaining and torturing Abu Zubaydah issued a ruling that the two Central Intelligence Agency (CIA) contractors that were originally scheduled to testify on the detainee treatment at the CIA “black sites” might not be allowed to do so, because the federal government could invoke the “state secrets” privilege. Specifically, despite being publicly known by previous developments, Associate Justice, Stephen Breyer stated that if the CIA contractors testify they would “necessarily tend to confirm (or deny) that the CIA maintained a detention site in Poland.”

45. Russian SVR Chief Says Cold War Has Turned Hot

Reuters reported that Sergey Naryshkin, Head of Russia’s Foreign Intelligence Agency (SVR) commented on the West describing the situation as a modern Cold War that “if only because in the second half of the 20th century Russia fought with the West on the distant approaches, and now the war has come to the very borders of our Motherland. So for us it is definitely not ‘cold’, but quite ‘hot’”. This was posted in SVR’s official website which has been experiencing availability issues throughout the week.

46. China Releases Japanese Spy Arrested by MSS in Guangzhou

China released a Japanese male national who was convicted of espionage acts in 2019 after being arrested in Guangzhou, China. According to Japan’s Ministry of Foreign Affairs, he is an over 40 years old man that was not a spy, he was an employee of Itochu group, one of the largest Japanese general trading companies. In February 2018 China’s Ministry of State Security (MSS) detained him on espionage suspicions while on a business trip in Guangzhou. His trial took place on October 15, 2019 and the verdict was 3 years in prison for espionage and confiscation of unidentified items and $21,300 the Japanese national had on his possession. This week, 3 years later, he was released after completing that sentence. Still, no details on the exact acts of espionage are publicly known.

47. TEDx Talk: Former CIA M. Baker “Nothing Stays The Same”

TEDx Talks official channel published a 19-minutes long talk titled “Nothing Stays The Same” and presented by 20-year U.S. Central Intelligence Agency (CIA) covert field operations officer veteran, Michael Baker. In the video M. Baker shares his experiences at the CIA and how those apply to everyday life.

48. MIVD States GRU Compromised Dutch Routers for Cyber Attacks

The Director of the Dutch Military Intelligence and Security Service (MIVD), Jan Swillens, told de Volkskrant that the covert Russian Military Intelligence (GRU) operation announced on week 8 (story #34) also affected Dutch users. According to MIVD, they identified several compromised network routers in the Netherlands and notified the victims to remove the state malware used to launch Distributed Denial of Service (DDoS) cyber attacks in Ukraine. MIVD attributed the activity to GRU’s Unit 74455, also known as GTsST (Main Centre for Special Technologies) which is dedicated to Computer Network Attack (CNA) operations (e.g. destructive cyber effects such as wiping systems, denial of service, etc.)

49. Video Inside the NATO E-3A AWACS Spy Plane Over Ukraine

For the last few weeks in the last section of our summary you can find the detected daily spy flights around the globe. On a daily basis, NATO flies some Boeing E-3TF Sentry spy planes operating the Airborne Warning And Control System (AWACS). The AWACS is a proprietary system for the E-3 airplane, the general term for this type of technology is Airborne Early Warning & Control (AEW&C) platforms. The 6-minutes long video gives a unique glimpse inside and outside the LX-N90446 which is one of the NATO AWACS that fly on a daily basis to monitor the situation in Ukraine. BBC also published a video onboard, what appears to be some similar footage and some from another Boeing E-3 Sentry with registration number LX-N90456, which is used for the same reconnaissance and surveillance missions. The callsigns of those flights over Ukraine are NATOxx (where xx is the number of the flight). For more details on their flights, check out the last section on the weekly updates.

50. Chinese MFA Spokesperson on US Espionage Activities

During China’s Regular Press Conference of March 3rd, 2022 the spokesperson of the Ministry of Foreign Affairs, Wang Wenbin stated that “China again strongly urges the US to stop cyber espionage and attacks on China and the whole world, and join others to jointly safeguard peace and security in cyberspace with a responsible attitude” in response to the NSA-linked cyber-espionage operation uncovered last week (story #31). On the subject of the 12 expelled Russians from the U.N. mission (see story #15) he stated that “China is concerned about the US action and hopes the US can offer a detailed explanation.” Other important topics were covered too.

51. More Details on the Spanish Political Espionage Case

Following last week’s (story #82) developments in the case of espionage by Ángel Carromero, secretary general of the Madrid regional branch of the Spanish People’s Party’s youth organisation Nuevas Generaciones, to obtain incriminating financial information for Tomás Díaz Ayuso, brother of the president of Madrid, more details became known this week. The source of the espionage was identified as Juan Díaz, private banking lawyer and mayor of Higuera de las Dueñas municipality in Spain. He is a friend of Pablo Casado and Daniel Alcazar, president of Priviet Sportive. The former, Pablo Casado, is a very close friend with Julio Gutiez, owner of the “Mira” private investigations firm that conducted the espionage. So, the case indicates that the banking lawyer and mayor (Juan Díaz) colluded with his friend (Julio Gutiez) to leak financial documents of Spanish politicians (like Tomás Díaz Ayuso). The wife of the suspect lawyer, Gema Ruiz, supporting his statement said that he is “victim of defamation, of malicious information without any evidence” on social media.

52. IISS Panel: What is Intelligence Today? Space (Sp)eyes

The International Institute for Strategic Studies (IISS) published an 1-hour long panel discussion with experts in space intelligence to discuss “how the proliferation of actors and activities in space is impacting intelligence.” The panel consisted of Kari Bingen, Chief Strategy Officer at Hawkeye 360. Colonel Benjamin R. Ogden, Space Operations Officer at the U.S Army War College. Peter Round, Consulting Senior Fellow for European Defence at the IISS. And Dr. Genevieve Lester, De Serio Chair of Strategic Intelligence at the U.S. Army War College.

53. Turkey Looks for 30-year Sentence for Iranian Spy Ring That Attempted to Kidnap Iranian Defector

In September 2021, the Turkish National Intelligence Organisation (MİT) disrupted an 11-member Iranian spy network with the mission to covertly surveil and kidnap Iranian Air Army Aviation AH-1J attack helicopter pilot Major Mehrdad Abdarbashi who defected to Turkey instead of serving in Syria as ordered. According to the Turkish court, the Iranian Ministry of Intelligence (MOIS) has attempted 3 times to take Mehrdad Abdarbashi back to Iran with covert operations. Among others, in 2021 an attractive female MOIS officer tried to lure him by inviting him to a house. M. Abdarbashi reported the attempt to MİT which eventually led to the disruption of the 11-member Iranian spy ring in 2021. The Prosecutor stated that the spy network was set up in the city of Van, Turkey with operational costs of $30,000. Currently the Prosecutor seeks 30-years prison term for the arrested spy network members.

54. Extensive GRU Online Information Operations in Ukraine

In a series of warnings and public reports, several Ukrainian government entities, including the Security Service (SBU), are notifying the general public of extensive online Information Operations (IOs) executed by Russia’s Military Intelligence (GRU) to disseminate fake information on the conflict developments. Among them there are compromises of legitimate official Ukrainian websites and publishing of IO content, as well as the creation of social media profiles in Telegram to promote Russian IO content.

55. The KGB & CIA Spies That Accidentally Became Friends

On March 3rd, the “how it toast” YouTube channel published a 10-minutes long video titled “The KGB & CIA Spies That Accidentally Became Friends” presenting the case of Soviet KGB officer Gennadiy Vasilenko and U.S. CIA officer Jack Platt who tried to recruit each other during the Cold War era and eventually became friends.

56. New Updates on Data Wiper Cyber Attack in Ukraine

Last week (story #38) a new data-wiper covert software implant was uncovered targeting Ukrainian digital infrastructure. This week CrowdStrike Intelligence firm conducted reverse engineering and identified that the software implant, dubbed as “HermeticWiper” and “DriveSlayer”, has a cryptologic flaw which allows reversing of its covert destructive operation (files encryption). Later on, Trellix cyber-security firm published a deep technical analysis on how “HermeticWiper” works, and later during this week the Threat Research Team of Avast Threat Labs cyber-security firm released a free decryptor program to recover any systems infected by the “HermeticWiper” by taking advantage of the design flaw identified by CrowdStrike Intelligence. Other deep technical analyses of “HermeticWiper” published this week were those of Kasperksy and Malware Bytes Labs. Note that no attribution has been made yet, but experts assess that “HermeticWiper” is a likely Russian cyber actor capability.

57. Research on North Korea’s Illicit Arms Trade (1981–1986)

On March 4th, Daniel Salisbury released (for free) a research article titled “Countering a technological Berlin tunnel: North Korean operatives, helicopters and intelligence in the Cold War illicit arms trade, 1981–1986.” The research is about the relationship of intelligence agencies and arms trade using the North Korea’s procurement of 86 Hughes helicopters in the 1980s as a case study. The article was published in the latest “Intelligence and National Security” journal.

58. Ukrainian Government Captured Classified Black Sea Fleet Marines Documents and Publicly Disclosed Them

The Ukrainian Joint Forces Operation Command announced that they captured classified as “SECRET” documents of a unit belonging to the 810th Brigade of the Battalion Tactical Group of Russia’s Black Sea Fleet Marines that show that the offensive operation plans were approved on January 18th, and the capture of Ukraine was planned to be executed within 15 days, from February 20th until March 6th. More details were published by the Ukrainian Pravda.

59. Former Turkish MİT Spies Work for German BND and the US CIA

On Thursday, March 3rd, Turkish journalist Fuat Uğur published an article on the “Türkiye Gazetesi” newspaper stating that through confidential sources he was informed that after the failed July 2016 coup in Turkey, several FETÖ members fled the country to avoid prosecution, since FETÖ was classified as a terrorist organisation in Turkey. Some of those had critical positions in state institutions, including Turkey’s National Intelligence Organisation (MİT). The report says that some of those ended up getting recruited and working in the counter-intelligence offices of foreign intelligence agencies including Germany’s Federal Intelligence Service (BND), and the United States Central Intelligence Agency (CIA). Fuat Uğur concludes that he was informed of such a former MİT officer who now is placed in the “Turkey Office” of a counter-intelligence agency, and asks for more active controls against those people.

60. Egypt Disrupted Smuggling Attempt of Chinese Surveillance and Drone Parts

For the second time in 2022, Egypt’s Customs disrupted an attempt to smuggle drone and eavesdropping parts in the country. The parcel was marked as a loudspeaker but once inspected, it was discovered that its body was filled with foam and contained 46 Chinese components to construct a small surveillance drone. Photos of the seized items were also released, but no statements were made on the sender or the origin of the parcel.

61. ICIT Think Tank: Returning to the Wilderness of Mirrors

On March 3rd, the Institute for Critical Infrastructure Technology (ICIT) think tank announced the release of a whitepaper authored by Lead Researcher Drew Spaniel, with contributions of several former and active U.S. intelligence experts. The 18-pages long whitepaper is titled “Returning to the Wilderness of Mirrors: How Great Power Competition and Cyberwarfare Could Precipitate a Digital-Age Cold War” and assesses the risks, among others, of modern espionage techniques through the cyber domain.

62. General Atomics Revealed New “Gambit” USAF Spy Drone

The General Atomics Aeronautical Systems, Inc. (GA-ASI) revealed for the first time on Thursday, March 3rd, a new concept Unmanned Aircraft Systems (UAS) codenamed “Gambit.” Among others, “Gambit” will “use AI and autonomy to complete a variety of tasks without being prompted by an operator.” Also, the announcement highlights that “Gambit will also be able to sense and track targets of interest, and distribute that information across the battlespace.” According to AutoEvolution, it “will enable manned-unmanned teaming (MUT) by working alongside human-piloted aircraft.” This UAS is for the U.S. Air Force’s Off-Boarding Sensing Station (OBSS) program.

63. Military Cyber-Espionage Operation Allegedly from Pakistan

The “Shadow Chaser Group” of the GcowSec team announced the discovery of cyber-espionage lure document and infrastructure, likely related to an active intelligence collection operation targeting India’s Ministry of Defence. The researchers attributed it to an actor dubbed as “SideCopy” which has been previously associated with the Pakistani intelligence services. Note, that a similar attempt was discovered in week 6 (story #16).

64. CSIS Dismantles Algerian Spy Network in Quebec, Canada

According to several Arabic-speaking news outlets, starting from the “ألجيري بار” (Algerian Bar) newspaper, the Canadian Security Intelligence Service (CSIS) dismantled a spy network of Algerian agents in the province of Quebec, Canada. According to the reports, 3 weeks ago after a tip-off from a high-ranking official of Canada’s National Security and Intelligence Committee of Parliamentarians (NSICOP) CSIS conducted a counter-intelligence operation which revealed that 4 Algerians with Canadian citizenship, residing in Quebec, had links with the Algerian intelligence agency, and their handlers were operating from the Algerian Embassy in Washington DC, U.S. A criminal investigation was opened for the case.

65. Recorded Future’s Ukraine Intelligence-Driven Insights

The U.S. intelligence firm Recorded Future released a freely available dedicated section on their website with several analytical products on different aspects of the Ukraine-Russia conflict. The new section is titled “Ukraine: Intelligence-Driven Insights” and contains a wide variety of intelligence products including reports, webinars, podcasts, and more from Recorded Future intelligence experts, some of which with prior experience as Russia Subject Matter Experts (SMEs) in national intelligence agencies.

66. Poland Detains Journalist on Espionage Charges for Russia’s GRU

In the morning of Monday, February 28th, Poland’s Internal Security Agency (ABW) arrested a Spanish national named Pablo González on espionage charges. According to the Committee to Protect Journalists (CPJ) he is a freelance reporter covering the refugee movements between the Ukrainian and Polish borders, and not a spy. He was reporting refugee movements to the Spanish “Público” newspaper, “La Sexta” television channel, and (in the past) to the “VOA”. ABW stated that he was “preparing to travel to Ukraine” and that he was conducting espionage for Russia while taking advantage of his journalist status. On March 4th, ABW added that he is “a Spanish citizen of Russian origin” and that he “has been identified as an agent for the GRU.” CPJ highlights that on Feb. 6th he was detained by Ukraine’s Security Service (SBU) for several hours in Kiev accused of “reporting from military-controlled areas in the Donbas region without proper accreditation” but was later released. Currently he is at a prison in the city of Rzeszów, Poland and if found guilty of espionage faces up to 10 years in prison.

67. Podcast: Black Ops: The Life of a Legendary CIA Shadow Warrior

The SpyCast, by the International Spy Museum, released a new episode titled “Black Ops: The Life of a Legendary CIA Shadow Warrior” and featuring Enrique “Ric” Prado. Ric is a 24-year CIA veteran who among others was the CIA Counterterrorist Centre Chief of Operations when the 9/11 terrorist attack happened. The podcast is based on his memoir titled “Black Ops.” The CBS News also published an 8-minute long video about it.

68. Azov Battalion and SBU Detained 3 Russian Spies in Ukraine

According to public statements, the right-wing neo-Nazi unit of the National Guard of Ukraine, known as “Azov Special Operations Detachment” or “Azov Battalion” in collaboration with Ukraine’s Security Service (SBU) detained Russian spies operating in the city of Mariupol. The photos released show laptops, cameras, Russian passports, external storage devices, cell phones, radios, and other electronic equipment. According to the Azov Battalion the network consisted of 3 Russians (two females and a male). SBU collected the evidence and, reportedly, recovered valuable intelligence. The spy network was collecting tactical intelligence and transmitting it back to their Russian handlers through covert communications channels.

69. The History of Killenworth, an Alleged Russian Spy Hub in NY

Clio Chang of the Cured published an article titled “A Brief History of Glen Cove’s Very Own Alleged Spy Hub” in relation to the recent developments (see story #15) with the Russian U.N. mission diplomats expulsion as spies. From 1951 the Killenworth mansion in New York was owned by the Soviet Union, and over the years has been the epicentre of espionage stories, with the latest one being the U.N. diplomats expulsion since, reportedly, this was the building for Russia’s U.N. diplomatic mission.

70. Brazilian Army Started Receiving New UAVs for Spying Missions

As Victor Barreira of Janes reported, starting on Friday, March 4th, the Brazilian Army started receiving the Nauru 1000C Unmanned Aerial Vehicles (UAVs), manufactured by the Brazilian XMbotots. The acceptance process will take until June 2022 and is performed at the Army Aviation Command (CAvEx) located in the city of Taubaté, in São Paulo, Brazil. The UAVs will be used in Intelligence, Surveillance, Target Acquisition, and Reconnaissance (ISTAR) missions once the acceptance process, technical, and operation experimentation phases are completed.

71. US Army Fort Huachuca: Updated Intelligence Museum Annex

On the 1st of March, U.S. Army’s Fort Huachuca, the home the Intelligence Centre of Excellence, the Network Enterprise Technology Command (NETCOM)/9th Army Signal Command, and a core facility for military intelligence training announced the update of the “Museum Annex.” The announcement was accompanied with a 3-minute long video presenting the “Museum Annex” history and parts of its exhibitions.

72. Ukrainian Government Uncovers New Cyber Espionage Campaign Targeting State Authorities Personnel and Citizens

On March 4th, the national Computer Emergency Response Team of Ukraine (CERT-UA) provided technical details for an ongoing cyber-espionage campaign targeting employees of state authorities and citizens of Ukraine. The emails pretended to be from Ukraine’s Ministry of Justice and having a malicious attachment which was pretending to be the successes of the Ministry. The file was named “лист справедливості.xlsx” (letter of justice.xlsx) and if opened, it was exploiting a Microsoft Windows vulnerability (CVE-2017–11882) and covertly installing a cyber-espionage implant known as “FormBook.” No attribution statements were made.

73. HAI Seminar: Spies, Lies, and Algorithms

Stanford Professor of Political Science and U.S. intelligence expert, Dr. Amy Zegart presented this week at the Stanford Institute for Human-centred Artificial Intelligence (HAI) a seminar titled “Spies, Lies, and Algorithms: The History and Future of American Intelligence” based on her latest book.

74. Corporate Espionage Between Cartier and Tiffany & Co

This week Cartier reportedly sued its luxury competitor, Tiffany & Co, for using espionage techniques to collect information on Cartier’s “high jewellery” collection which typically cost from $50,000 to $10 million. Cartier’s court documents mention the hiring of Junior Manager Megan Marino as well as a former Cartier executive despite their 6-month non-compete agreement, and using them to collect information on Cartier’s “high jewellery” collection. Megan Marino said that Tiffany & Co was “more interested in hiring me as a source of information than as a High Jewelry manager.”

75. Canada’s Military Intelligence Concerned over China Invasion

The Chief of Canada’s Military Intelligence Branch, Major-General Michael Wright, stated that the Western military intelligence community is “very concerned” if China would take the opportunity of the Ukraine crisis to “accelerate their own plans for greater control of their near abroad, specifically Taiwan.” The Major-General continued that “I would hope that with the reaction of the international community, and specifically NATO and the West, that China would have pause for any of their authoritarian plans for the future” but at the same time, Western countries should be prepared for it.

76. Video of the “Nuke Sniffing” Boeing WC-135 Constant Phoenix

For the last 3 weeks (week 6, week 7, and week 8) we have been reporting on a U.S. Air Force Boeing WC-135W Constant Phoenix (with registration number 61–2667 and callsign JAKE21) flying over Europe to collect intelligence on the Ukraine-Russia conflict. This week, the “Forces News” YouTube channel published an 1-minute long video showing how this special-purpose intelligence collection platform is used to detect and identify nuclear explosions. The airplane is nicknamed “nuke sniffer.”

77. SpyScape’s Article on Mossad’s Honey Trap Spies

The SpyScape published a short article demonstrating three examples of honey traps by the Israeli Mossad. The first is from 1986 when Cheryl “Cindy” Bentov targeted Israeli nuclear technician Mordechai Vanunu. The second one was from the 1970s, with Sylvia Raphael Schjødt under the cover identity of Patricia Roxborough in Canada. And thirdly, the 2017 espionage case of Lebanese Ziad Ahmad Itani who was recruited by an unnamed female Mossad agent posing as a Swedish woman.

78. Ukraine Finds Another Intelligence Gathering Cyber Operation

The Ukrainian Computer Emergency Response Team (CERT-UA) released a warning of a new campaign followed by another one with further technical indicators. This campaign was designed to collect email credentials of Ukrainian citizens. The email pretends to be a notification that someone logged in to your account from the Donetsk region, and asking you to verify if this was you by sending you to a fake email login page, designed to capture the credentials and send them to the operator of the campaign. No attribution statement was made on who is running this intelligence gathering operation.

79. Montenegro Expels Russian Diplomat Based on Intelligence Tip-Off

On Friday, March 4th, the Ministry of Foreign Affairs (MFA) of Montenegro declared a Russian diplomat from the Embassy of Russia in Montenegro as Persona Non Grata (PNG), giving 72 hours for his departure. The MFA said the expulsion was in relation to conflict with the Vienna Convention on Diplomatic Relations and was the result of a tip-off from Montenegro’s National Security Agency (ANB) which is responsible for counter-intelligence. As per Balkan Insight this came “after a report in daily Pobjeda on February 26 that two Russian citizens, Victor Antipin and Alexander Perishov, met a senior official from the ruling pro-Serbian Democratic Front, Strahinja Bulajic, currently serving as interim speaker, in Danilovgrad, on February 20. The paper said Antipin and Perishov had both been on the Montenegrin National Security Agency’s radar for least two years.”

80. Ukraine to Join NATO’s Cyber Intelligence Hub

NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) officially announced that Ukraine has a lot to offer in NATO’s CCDCOE since it “could bring valuable first-hand knowledge of several adversaries within the cyber domain to be used for research, exercises and training.”

81. Podcast: My Father, the KGB Spy

On Saturday, March 5th, the “Cold War Conversations” published a new podcast along with a small article featuring Ieva Lesinska. Her father was Soviet Union KGB officer. During the Cold War her father was working under diplomatic cover in New York, U.S. at the United Nations headquarters as a Soviet translator.

82. SBU Detained Ukrainian Spy from the Lutsk Air Base

The Ukrainian Security Service (SBU) announced, along with a video, that they detained a Ukrainian national from the Ukrainian Air Force’s Lutsk Air Base. The “traitor” (quoting SBU) was providing Russian intelligence operatives with details on the number of aircrafts, their exact locations, training flights, and personal data of the servicemen working there.

83. Former MI6 Officer: London is the Epicentre of Espionage

The Daily Mail published a story based on a new documentary series titled “Secrets of the Spies.” The article covers various espionage-related topics but also highlights that 5-year MI6 veteran, Matthew Dunn, stated that “London is the epicentre of espionage.” The article focuses mainly on Russian operations.

84. SVR Says CIA/JSOC Trained Operatives in Syria and Now Are Sending them to Fight in Donbas, Ukraine

The Russian Foreign Intelligence Service (SVR) started a controlled disclosure about the United States Central Intelligence Agency (CIA) and the Special Operations Command (SOCOM), more likely, the Joint Special Operations Command (JSOC). According to the disclosure, the CIA/JSOC are “forming new ISIS units in the Middle East and the African states who are scheduled to be transported in cooperation with the NATO intelligence services in order to participate in the activities of sabotage and terrorism in Ukraine through the territories of neighboring Poland.” The report says that those operatives were trained at the Al-Tanf military base in Syria, and that CIA/JSOC are selecting “terrorists of Russian nationality in addition to others from the Commonwealth of Independent States (CIS) affiliated to Daesh terrorist organization sending them to al-Tanf base controlled by US occupation ,as they underwent special training on the methods of dong acts of sabotage and terrorism with a focus on Donbas.”

85. Ukrainian SBU Shot Dead Ukrainian Negotiator as Russian Spy

Clashing reports appeared on Saturday for the death of Ukrainian Denis Kireev, member of Ukraine’s negotiation team. Some reports state that he was shot by Ukraine’s Security Service (SBU) during his detention with an unnamed official stating that “he was a [Russian] agent. You yourself know why agents are killed.” The Ukrainian Ministry of Defense made the following public statement, which included D. Kireev’s name in the list of killed personnel: “during the performance of special tasks, three scouts were killed — employees of the Chief Intelligence Department of the Ministry of Defense of Ukraine.”

86. Russian SVR States that Poland Became a Western Spy Hub

In another (see #84) controlled disclosure, the Russian Foreign Intelligence Service (SVR) announced that NATO countries are providing classified intelligence on Russian forces, movements, and plans by using Poland as their “logistical hub.” SVR stated that “hey maintain direct contact with Ukrainian security and military intelligence representatives, by supplying them, inter alia, with intelligence about Russian military plans and movements” and that countries involved include Britain, Canada, and other NATO members.

87. Former MI6 Chief on the Ukraine-Russia Conflict

The Oxford Union published a 34-minute long debate with Sir Robert John Sawers, British intelligence officer, diplomat, and civil servant, who was the Chief of the Secret Intelligence Service (SIS), better known as MI6, in the period of 2009–2014. The debate is focusing on the Ukraine-Russia conflict.

88. UMEX 2022 Event in Abu Dhabi, UAE

The UMEX 2022 (Unmanned Systems Exhibition & Conference) took place on 21–23 February 2022 in the Abu Dhabi National Exhibitions Centre (ADNEC), United Arab Emirates. This week, the “Defense Web TV” started publishing videos of the event, including new intelligence platforms and technologies presented for the first time in UMEX 2022.

89. Double Agent (KGB/MI6) Makarov in Fear of his Life from Russia

This is based on a new article published by Daily Mail. Victor Makarov, former KGB officer (who attended the same class as Russian President Vladimir Putin) is raising concerns over assassination attempts Russia might be planning for him and other double agents (Makarov was passing KGB secrets to the MI6, and later MI5, before defecting to the U.K.) He is stating that the British government needs to do more to protect them. This comes a week after another KGB defector, Boris Karpichkov, learned that the British government had accidentally leaked his identity and address to Latvia (week 8, story #84).

90. Small Talk: WWII Director of Counter-Espionage in MI5

The former U.K.’s GCHQ historian, Tony Comer, published a blog post titled “Intelligence Officers’ Small Talk: Tiltman Meets Liddell” and providing some snippets of the diary of Guy Liddell, the Director of Counter-Espionage in MI5 during WWII, among various other roles in the U.K. intelligence community.

91. Case of Czech/German Spy Ivan Safronov Goes to Court in Russia

This week a high-profile espionage case from 2021 was sent to the Moscow city court in Russia. It is that of journalist Ivan Safronov who is charged with espionage on behalf of Czech’s intelligence for the period of 2015–2019. He is accused of collecting and passing classified information via an encrypted channel to a Czech intelligence officer, information including “data on Russia’s military-technical cooperation with the countries of Africa, the Middle East, the Balkan Peninsula and the states that are members of the CSTO.” The investigation also discovered that Safronov provided “political researcher Demuri Voronin, who has Russian and German passports, with certain information concerning the Russian Armed Forces’ operations in Syria to December 2015 for a reward of $248.” Subsequently, that information was sent to representatives of the University of Zurich, Switzerland and the German Federal Intelligence Service (BND).

92. Russian FSB Discovers Hidden Caches with Weapons in Crimea

With a public statement Russia’s Federal Security Service (FSB) announced the discovery of several concealed caches of weapons, ammunition and explosives in the areas of Crimea and Sevastopol. Specifically, the caches were located near Simferopol and Leninsky in Crimea and were disguised as construction debris. Caches included 20kg of TNT explosives in metal canisters, 8 electric detonators, material to construct Improvised Explosive Devices (IEDs), an anti-tank mine, radio-controlled initiating devices, 35 kg of TNT, and more. According to the FSB, those were to be used for sabotage acts.

93. Previously Unknown Iranian Spy Drone Base Revealed

According to Arabic-speaking news a new Unmanned Aerial Vehicles (UAVs) base, operated by the Air Force of Iran’s Islamic Revolutionary Guard Corps (IRGC) is located in the mountains of Kermanshah province, Iran. Major General Hossein Salami, commander-in-chief of the IRGC, confirmed this stating that this allows up to 60 UAVs flying in parallel with a range of 2,000 km. The area of operations for the drones are the Persian Gulf and Southern Iraq and the UAVs are used also “for espionage purposes.”

94. OSINT-Discovered ELINT/SIGINT Flights

This is a brief summary of ELINT/SIGINT/ISR flights identified by aviation enthusiasts during this week:

  • 28FEB2022: U.S. Air Force Northrop Grumman E-8C J-STARS (95–0121, callsign REDEYE6) flight from Ramstein Air Base, Germany to the Poland-Ukraine border. Source
  • 28FEB2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source1 Source2
  • 28FEB2022: U.S. Air Force Boeing RC-135U Combat Sent (64–14849, callsign HOMER19) flight from Souda Bay, Crete, Greece to the coast of Libya. Source
  • 28FEB2022: U.S. Army Beech RC-12X Guardrail (88–00325, callsign YANK01) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source1 Source2
  • 28FEB2022: U.S. Air Force RC-135W Rivet Joint (62–4130, callsign JAKE12) flight from RAF Mildenhall, UK to Poland-Ukraine border. Source1 Source2
  • 28FEB2022: Two U.S. government General Atomics MQ-9A Reaper (15–2168 and 15–2169, callsigns N/A) flight from Saber Army Airfield at Fort Campbell and flying nearby. Source
  • 28FEB2022: U.S. Air Force Boeing RC-135V Rivet Joint (64–14843, callsign N/A) flight on the South/North Korea border. Source
  • 28FEB2022: U.S. Air Force Boeing RC-135V Rivet Joint (64–14846, callsign SHINR40) flight from Majors Airport, Texas to Portsmouth International Airport, New Hampshire and back. Source
  • 28FEB2022: Israeli Air Force 676 Gulfstream V G550 SIGINT Nachshon-Shavit (676, callsign N/A) flight over the West Bank as part of the 122nd Squadron (Nahshon Squadron). Source
  • 28FEB2022: Israeli Air Force Gulfstream V G550 CAEW Nachshon-Aitam (537, callsign N/A) flight over the West Bank as part of the 122nd Squadron (Nahshon Squadron). Source
  • 28FEB2022: Israeli Air Force Gulfstream V G550 SIGINT Nachshon-Shavit (684, callsign N/A) flight over the West Bank as part of the 122nd Squadron (Nahshon Squadron). Source
  • 28FEB2022: Israeli Air Force Gulfstream V G550 SIGINT Nachshon-Aitam (569, callsign N/A) flight over the West Bank as part of the 122nd Squadron (Nahshon Squadron). Source
  • 28FEB2022: Qatar Air Force Bayraktar TB2 (QA605, callsign N/A) flight from the Al-Shamal UAV base to ISR pattern over Abu Sidrah. Source
  • 28FEB2022: French Air Force Beechcraft Super King Air 350 (1030, callsign ROUBL26) flight from Nîmes Alès Camargue Cévennes Airport, France heading North. Source
  • 28FEB2022: 5 Turkish Bayraktar TB2 on circular orbits West of Aleppo, Syria. Source
  • 28FEB2022: Thales (UK) Diamond Surveillance DA62 MPP (OE-FMF, callsign OEFMF) flight from the Albrecht Dürer Airport, Germany to ISR flight near Truppenübungsplatz Altmark military training site, Germany. Source
  • 28FEB2022: RAF Boeing P8 Poseidon MRA1 (ZP801, callsign N/A) flight from Crete, Greece to patrol North of the island. Source
  • 28FEB2022: Hellenic Air Force Embraer EMB-145H AEW&C (729, callsign OURAN31) flight from Athens, Greece to patrol near Crete, Greece. Source
  • 28FEB2022: 2x RAF Beech Shadow R.MK 1 (ZZ418 and ZZ416, callsigns RRR7401 and RRR7402) flight from Cyprus to Jordan and back. Source
  • 28FEB2022: U.S. Navy P8 Poseidon (AE686C, callsign N/A) flight over the Ionian Sea. Source
  • 28FEB2022: Diamond Executive Aviation covert special mission Beech 90 King Air (G-WKTS, WKT33) flight from Retford Gamston Airport to Birmingham Airport, UK. Source
  • 01MAR2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
  • 01MAR2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7219) flight from RAF Waddington to the Poland-Ukraine border. Source
  • 01MAR2022: U.S. Army Beech RC-12X Guardrail (88–00325, callsign YANK01) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source
  • 01MAR2022: U.S. Air Force Boeing E-3B Sentry (75–0556, callsign N/A) flight near the coast of UAE. Source
  • 01MAR2022: U.S. Air Force Boeing RC-135U Combat Sent (64–14849, callsign HOMER29) flight from Souda Bay, Crete, Greece to the coast of Syria and Lebanon. Source
  • 01MAR2022: U.S. Army Challenger 650 ARTEMIS (N488CR, callsign: BRIO68) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source1 Source2
  • 01MAR2022: U.S. Air Force General Atomics MQ-1C Gray Eagle (likely 11–00169, callsign N/A) flight from Mielec Airport, Poland towards the Poland-Ukraine border. Source
  • 01MAR2022: Swedish Air Force AEW&C Saab S100D Argus (100003, callsign C603) flight from Malmen Airbase to Kaliningrad. Source
  • 01MAR2022: U.S. Air Force General Atomics MQ-1C Gray Eagle (11–00167, callsign N/A) flight from Mielec Airport, Poland towards the Poland-Ukraine border. Source
  • 01MAR2022: 2 U.S. Navy P8 Poseidon (AE6941 and AE6874, callsigns N/A) on patrol in the Mediterranean Sea. Source
  • 01MAR2022: U.S. Air Force Boeing RC-135V River Joint (63–9792, callsign HOMER21) flight from Crete, Greece to Black Sea around Romania-Moldova border. Source1 Source2
  • 01MAR2022: U.S. Navy P8 Poseidon (AE67AE, callsign N/A) flight from RAF Lossiemouth heading to the North Sea. Source
  • 01MAR2022: NATO AEW&C Boeing E-3TF Sentry (LX-N90446, callsign NATO03) flight over Poland-Ukraine border. Source
  • 01MAR2022: Diamond Executive Aviation covert special mission Beech 90 King Air (G-WKTO, WKT37) flight from Birmingham Airport to ISR flight near and over the Snowdonia National Park, UK. Source
  • 01MAR2022: RAF Beechcraft Super King Air 350 (ZZ507, callsign RRR7507) flight from Belfast International Airport, Ireland to RAF Scampton, UK. Source
  • 02MAR2022: Summary of at least 14 ISR flights from the U.S. and Sweden near Ukraine. Source
  • 02MAR2022: U.S. Air Force Boeing RC-135S Cobra Ball MASINT (61–2663, callsign EDGE92) flight from Kadena Air Base to the Sea of Japan. Source
  • 02MAR2022: U.S. Air Force RC-135W Rivet Joint (62–4130, callsign JAKE12) flight from RAF Mildenhall, UK to Poland-Ukraine and Romania-Ukraine border. Source
  • 02MAR2022: U.S. Army Challenger 650 ARTEMIS (N488CR, callsign: BRIO68) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
  • 02MAR2022: Qatar Air Force Bayraktar TB2 (QA601, callsign N/A) flight from the Al-Shamal UAV base to ISR pattern over Abu Sidrah. Source
  • 02MAR2022: U.S. Air Force RQ-4A Global Hawk (reg. number N/A, callsign FORTE10) flight from Naval Air Station Sigonella to the borders of Belarus and Kaliningrad. Source
  • 02MAR2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7220) flight from RAF Waddington to the Poland-Ukraine border. Source1 Source2
  • 02MAR2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
  • 02MAR2022: U.S. Army Beech RC-12X Guardrail (88–00325, callsign YANK01) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source
  • 02MAR2022: Israeli Air Force Gulfstream V G550 SIGINT Nachshon-Aitam (569, callsign 4X980) flight over the West Bank as part of the 122nd Squadron (Nahshon Squadron). Source
  • 02MAR2022: U.S. Navy Lockheed EP-3E ARIES II(156529, callsign BATMN30) flight over the North/South Korea border. Source
  • 02MAR2022: RAF Beech Shadow R.Mk 1 (ZZ419, callsigns RRR7419) flight from Aberdeen, Scotland to RAF Waddington, and Belfast International Airport, Ireland. Source
  • 03MAR2022: NATO AGS RQ-4D Phoenix (MM-AV-SA-0018, callsign UAVGH000) flight from Naval Air Station Sigonella, Italy to the Black Sea. Source
  • 03MAR2022: U.S. Air Force Boeing RC-135S Cobra Ball MASINT (61–2663, callsign MYTH61) flight from Kadena Air Base to the Sea of Japan. Source
  • 03MAR2022: Romanian Police Schiebel Camcopter S-100 RPAS (819, callsign RBP01) flight out of Mangalia, Romania. Source
  • 03MAR2022: Diamond Executive Aviation covert special mission Beech 90 King Air (G-WKTS, WKT33) flight from Belfast International Airport, Ireland to ISR flight over Londonderry back to Birmingham Airport, UK. Source
  • 03MAR2022: U.S. Air Force Northrop Grumman E-8C J-STARS (95–0121, callsign REDEYE6) flight from Ramstein Air Base, Germany to the Poland-Ukraine border. Source
  • 03MAR2022: U.S. Air Force RQ-4A Global Hawk (reg. number N/A, callsign FORTE10) flight from Naval Air Station Sigonella to the borders of Belarus and Kaliningrad. Source1 Source2
  • 03MAR2022: U.S. Air Force Boeing RC-135U Combat Sent (64–14849, callsign HOMER49) flight from Souda Bay, Crete, Greece to Romania, near the border with Moldova. Source1 Source2
  • 03MAR2022: U.S. Air Force Boeing RC-135V River Joint (63–9792, callsign HOMER41) flight from Crete, Greece to Romania-Ukraine border. Source1 Source2
  • 03MAR2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
  • 03MAR2022: Swedish Air Force AEW&C Saab S100D Argus (100003, callsign C603) flight from Malmen Airbase to Kaliningrad. Source
  • 03MAR2022: NATO AEW&C Boeing E-3TF Sentry (LX-N90448, callsign NATO11) flight over Poland-Ukraine border. Source
  • 04MAR2022: U.S. Air Force RC-135W Rivet Joint (62–4130, callsign JAKE12) flight from RAF Mildenhall, UK to Poland-Ukraine border. Source
  • 04MAR2022: U.S. Air Force RQ-4A Global Hawk (10–2045, callsign FORTE10) flight from Naval Air Station Sigonella to the borders of Belarus and Kaliningrad. Source
  • 04MAR2022: Diamond Executive Aviation covert special mission DA-42 Guardian (G-DSPY, WKT38) flight from Retford Gamston Airport to ISR flight over Dublin Bay, Ireland. Source
  • 04MAR2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign SVF622) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
  • 04MAR2022: U.S. Army Challenger 650 ARTEMIS (N488CR, callsign: BRIO68) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
  • 04MAR2022: Diamond Executive Aviation covert special mission Beech 90 King Air (G-WKTS, WKT33) flight from Birmingham Airport, UK to locations nearby Limerick, Ireland and back. Source
  • 04MAR2022: U.S. Air Force Boeing RC-135U Combat Sent (64–14849, callsign HOMER59) flight from Souda Bay, Crete, Greece to Romania, near the border with Moldova. Source
  • 04MAR2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7221) flight from RAF Waddington to the Poland-Ukraine border. Source
  • 04MAR2022: U.S. Air Force Boeing RC-135V River Joint (63–9792, callsign HOMER51) flight from Crete, Greece to Romania-Ukraine border. Source1 Source2
  • 04MAR2022: NATO AEW&C Boeing E-3TF Sentry (LX-N90446, callsign NATO01) flight over Poland-Ukraine border. Source
  • 04MAR2022: Diamond Executive Aviation covert special mission Beech 90 King Air (G-WKTO, WKT14) flight from Birmingham Airport to ISR flight near Sligo Bay, Ireland. Source
  • 05MAR2022: U.S. Navy Lockheed EP-3E ARIES II Orion (16–1410, callsign QY84) flight from Crete, Greece to SIGINT flight over Romania border. Source1 Source2
  • 05MAR2022: RAF Boeing RC-135W River Joint (ZZ665, callsign RRR7240) flight from RAF Waddington to the Poland-Ukraine border. Source1 Source2
  • 05MAR2022: U.S. Air Force Boeing RC-135S Cobra Ball MASINT (61–2663, callsign RUNNY79) flight from Kadena Air Base to the Sea of Japan. Source
  • 05MAR2022: 3x P8 Poseidon airplanes participate in the Dynamic Manta NATO exercise in the Mediterranean Sea. 2x U.S. Navy (AE6874 and AE6872) and one from RAF (ZP803, callsign RRR7040). Source
  • 05MAR2022: U.S. Air Force RQ-4A Global Hawk (10–2045, callsign FORTE10) flight from Naval Air Station Sigonella to the borders of Belarus and Kaliningrad. Source
  • 05MAR2022: Diamond Executive Aviation covert special mission Beech 90 King Air (G-WKTS, WKT58) flight from Birmingham Airport, UK to ISR flights near the cities of Aberaeron, Swansea, Cardiff and back. Source
  • 05MAR2022: 2x (covert CIA) De Havilland Canada Dash 8–200 (N541AV and N437YV, callsigns BYA541 and BYA437) from Larnaca, Cyprus to Souda Bay, Crete, Greece. Source
  • 05MAR2022: RAF Beech Shadow R.MK 1 (ZZ416, callsigns SNAKE46) and P-8A Poseidon (ZP803, callsign RRR7040) flight from Cyprus to South of the island. Source
  • 06MAR2022: Swedish Air Force Gulfstream IV SP S102B Korpen (102002, callsign ATPTEST) flight from Malmen Airbase to over the Gulf of Gdansk and Kaliningrad. Source
  • 06MAR2022: U.S. Army Challenger 650 ARTEMIS (N488CR, callsign: BRIO68) from Mihail Kogălniceanu International Airport, Romania to the border of Belarus. Source
  • 06MAR2022: French Air Force Transall C-160 Gabriel (F216, callsign HOOPA01) flight over Romania. Source
  • 06MAR2022: NATO AEW&C Boeing E-3TF Sentry (LX-N90448, callsign NATO11) flight over Poland-Ukraine border. Source
  • 06MAR2022: U.S. Navy Lockheed EP-3E ARIES II(156529, callsign BATMN30) flight over the North/South Korea border. Source
  • 06MAR2022: U.S. Army Beech RC-12X Guardrail (88–00325, callsign YANK01) flight from Šiauliai Air Base in Lithuania, to the borders with Kaliningrad. Source
Spy
Espionage
Sigint
Humint
Elint

--

--

The Spy Collection

Written by The Spy Collection

1.1K Followers

Weekly summaries of all published espionage-related news stories. For inquiries please use: info@spycollection.org

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams