SPY NEWS: 2023 — Week 11

Summary of the espionage-related news stories for the Week 11 (March 12–18) of 2023.

1. United Kingdom: MI5: National Protective Security Authority Begins Work

On March 13th the British MI5 issued this press release saying that “a new body has been created to help the UK combat national security threats. State-sponsored attempts at stealing sensitive research and information can undermine UK businesses and harm our country’s competitiveness on the world stage. As part of the Integrated Review Refresh, the government has today (13 March 2023) announced the creation of the National Protective Security Authority (NPSA) to help businesses and organisations defend themselves against national security threats. This new body, which is part of MI5, will increase the UK’s resilience to state threats as well as terrorism, and will play an important part in strengthening our country’s economic security. NPSA has absorbed the responsibilities of the Centre for the Protection of National Infrastructure but with a broader remit, reflecting the fact that the threats the UK faces today extend far beyond critical national infrastructure. Advice will be provided in an accessible and informative way so that it can be understood and used by a broad range of private and public sector organisations, including tech start-ups, businesses, events venues and universities.”

2. Mexico: Despite Evidence, Lopez Obrador Denies Espionage, He Says it is “Intelligence Work”

Following last week’s story #22, Mexico Daily Post reported on March 12th that “Mexican President Andres Manuel Lopez Obrador on Friday denied his government carried out unauthorized monitoring of its citizens, responding to a report that accused the military of hacking the communications of a prominent human rights activist. “We have to do investigations, but not spying, that’s different,” Lopez Obrador said in response to a question at a news conference, before complaining that several Mexican media outlets that published the allegations were biased against him. “I can guarantee we don’t spy on anyone,” he said. “There’s nothing illegal.” Mexican digital rights group R3D, along with other media, published documents this week that it said showed the armed forces had access to messages sent by rights activist Raymundo Ramos, who represents victims of military abuses in the violent northern state of Tamaulipas.”

3. Iran Court Upholds Death Sentence of Iranian-Swedish Dissident

Al Jazeera reported on March 12th that “Iran’s Supreme Court has upheld the death sentence of an Iranian-Swedish dissident for alleged “terrorist” activities, signalling he may be executed soon. The official news outlet of the Iranian judiciary on Sunday announced that Habib Farajollah Chaab’s death sentence had been confirmed for leading an Arab separatist group called the Arab Struggle Movement for the Liberation of Ahwaz. A lower court had issued the death sentence for “corruption on earth” in early December. Iran does not formally recognise dual nationality status. The group, according to the judiciary website, has launched many “terrorist” operations on Iranian soil, leading to many deaths and injuries, including a 2018 attack on a military parade that killed 25 and wounded close to 250 people. Iran said in 2020 that its security forces arrested Sweden-based Chaab in Turkey and took him to Tehran, without saying where or how he was captured. “Chaab was sentenced to death after several court sessions with the presence of his lawyer … The Supreme Court confirmed his death sentence,” Iran’s judiciary’s Mizan news agency reported.”

4. Spy Collection: C-8057/ARC Instrument Panel for KY-28 NESTOR

On March 13th we published a new video. As per its description, “this is the control/instrument panel that was installed in US Navy’s LTV A-7 Corsair II during the Cold War era to operate the National Security Agency’s (NSA) KY-28 NESTOR cryptographic device which was installed in the aircraft to provide wideband tactical secure voice communications.”

5. Qatar Bugged Secret Meeting Between Swiss Attorney General Lauber and FIFA President Infantino

The Swiss NZZ reported on March 12th that “an intelligence operation commissioned by Qatar targeted an informal meeting between Swiss Attorney General Michael Lauber and FIFA President Gianni Infantino. Operatives on behalf of Qatar were already planning to recruit the Attorney General for their cause at the end of 2011. It was a secret meeting that former Attorney General Michael Lauber says he no longer remembers — and that ultimately cost him his job: On 16 June 2017, Lauber met with the FIFA President Gianni Infantino at the Hotel Schweizerhof in Bern for an informal exchange, while he was, at the same time, conducting a range of cases against FIFA officials. No minutes of the meeting exist and Infantino also said he did not remember it. The meeting was so unusual that two special prosecutors are still investigating Lauber and Infantino in the matter. The meeting was held in a building that has been owned by the State of Qatar since 2009. The secret session took place in Conference Room №3, just a few metres away from the Qatari Embassy, which was in the same corridor of the hotel. A months-long investigation by NZZ am Sonntag reveals that the covert meeting was secretly recorded by intelligence operatives on behalf of Qatar. The gulf state nation was at the time worried that they would lose the hosting of the FIFA World Cup 2022 due to corruption allegations and human rights violations. It therefore launched an international espionage and influence operation over several years, with the help of ex-CIA agents. FIFA officials were spied upon, and the Swiss Attorney General was likewise of particular interest for Qatar. This was because Lauber’s office was also responsible for investigations regarding irregularities in the awarding of the World Cup to Qatar. The conference room in which Lauber and Infantino met each other was bugged. This newspaper has obtained official secret documents which prove the espionage action. And sources with direct knowledge of the incident described the operation — under the condition of anonymity, due to fear of reprisals. People who were aware of the espionage operation on Swiss soil shortly after it was carried out knew it under the code name «Project Matterhorn.».”

6. Belgium Poised to Ratify New Telecoms Data Collection Legislation

On March 13th Intelligence Online reported that “Intelligence Online has had access to the draft memorandum on telecommunications operators’ sharing of client data and metadata with the relevant intelligence and government services. It is intended to bring Belgian law into line with the needs of those services and the decisions of the European Court of Justice.”

7. CNBC TV18: All About India, U.S. Chip Partnership, China’s Cyber Espionage

On March 12th the Indian CNBC TV18 published this detailed news summary. As per its description, “Alexander Slater, MD, USIBC, and K Krishna Moorthy, President & CEO, Indian Electronics and Semiconductor Association decode the impact and benefits of India and the US signing MoU to build semiconductor supply chains. Also, Adam Meyers, SVP, Crowdstrike talks about China’s cyber espionage, targeted sector, impact on India, and more.”

8. Ukrainian SBU Detained Russian Informant in Synelnyk

On March 13th Ukraine’s Security Service (SBU) announced that they “detained an enemy informer who was gathering intelligence about the defence of Dnipropetrovsk region. The perpetrator, on his own initiative, published photo and video materials of the bases of the Defence Forces in the region in pro-Russian media. In this way, he came to the attention of the Russian intelligence services, which accessed him through controlled administrators of pro-Kremlin internet resources. Through the messenger, they offered the attacker cooperation for money, which was then sent to his bank card. On the instructions of the enemy, he went to the area and covertly photographed the movement of the units of the Armed Forces of Ukraine in the territory of the region. First of all, the aggressor was interested in information about the possible movement of convoys with foreign-made military equipment. The Russian invaders planned to use the intelligence to prepare and carry out targeted missile strikes on Ukrainian targets. Counter-intelligence officers of the SBU detained an enemy informer trying to pass classified information to the occupiers. According to the investigation, the attacker turned out to be a resident of the Synelnyk district, who publicly supported the armed aggression of the Russian Federation against Ukraine. He spread his pro-Kremlin views from his own account in popular social networks. During the search of the suspect’s place of residence, law enforcement officers found a computer and a mobile phone with evidence of illegal activity.”

9. Talos Uncovers Espionage Campaigns Targeting CIS Countries, Embassies and EU Healthcare Aagency

On March 14th private cyber threat intelligence firm Cisco Talos published this technical analysis stating that “Cisco Talos has identified a new threat actor, which we are naming “YoroTrooper,” that has been running several successful espionage campaigns since at least June 2022. YoroTrooper’s main targets are government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth of Independent States (CIS), based on our analysis. We also observed YoroTrooper compromise accounts from at least two international organizations: a critical European Union (EU) health care agency and the World Intellectual Property Organization (WIPO). Successful compromises also included Embassies of European countries including Azerbaijan and Turkmenistan. We assess the actor also likely targets other organizations across Europe and Turkish (Türkiye) government agencies. Information stolen from successful compromises include credentials from multiple applications, browser histories & cookies, system information and screenshots. YoroTrooper’s main tools include Python-based, custom-built and open-source information stealers, such as the Stink stealer wrapped into executables via the Nuitka framework and PyInstaller. For remote access, YoroTrooper has also deployed commodity malware, such as AveMaria/Warzone RAT, LodaRAT and Meterpreter. The infection chain consists of malicious shortcut files (LNKs) and optional decoy documents wrapped in malicious archives delivered to targets. The actor appears intent on exfiltrating documents and other information, likely for use in future operations.”

10. Interview: AFIO: Vince Houghton PhD, Director, National Cryptologic Museum, Describes the Exhibits in Reopened Museum

On March 12th the United States Association of Former Intelligence Officers (AFIO) published the recording of this interview. As per its description, “Interview of Friday, 20 January 2023 of Vince Houghton PhD, Director/Curator, National Cryptologic Museum, NSA, former Historian/Curator International Spy Museum. Interviewer — Host: James Hughes, AFIO President, a former CIA Operations Officer. Vince Houghton and Jim Hughes discuss all the changes made while the National Cryptologic Museum was closed during the pandemic. So many changes that it is fair to call it the “All New” National Cryptologic Museum. New one-of-a-kind items pulled out or declassified from NSA archives and now on display include: The DEC Alpha which made THE nuclear codes; the MP37 which made the “Biscuit” or the “Cookie” for subs, bombers, and ICBMs; the ill-fated Challenger mission encryption system pulled from the wreckage; The Bombe — the only remaining 4-rotor bomb for breaking German submarine comms; The Hitler Enigma — the only remaining B-variant Enigma; The Purple Analog built to break Japanese Purple system; the original manuscript of Herbert Yardley’s American Black Chamber; the original Jefferson Cipher device.”

11. Washington Calls Tehran’s Claims of Prisoner Swap Deal ‘A Cruel Lie’

Iran International reported on March 12th that “while Islamic Republic’s foreign minister says Iran and the US have reached a prisoner exchange deal, the Biden administration dismissed the claim as a “cruel lie.” Iran’s foreign minister Hossein Amir-Abdollahian told state TV Sunday that “Regarding the exchange of current prisoners between Iran and the US, we have reached an agreement within the past few days. If everything goes well on the American side, I think we will witness a prisoner exchange in the near future. We see this as an entirely humanitarian case.” A White House official immediately denied Amir-Abdollahian’s statement about the prisoner swap, reiterating that the United States was committed to securing the release of Americans held in Iran. Amir-Abdollahian claimed that a document laying out the exchange had been “indirectly signed and approved” since early March 2022, without saying who would be exchanged in the prisoner swap. One of several Americans held in Iran is Siamak Namazi, a businessman with dual US-Iranian citizenship, who was sentenced to 10 years in prison in 2016 on charges of espionage and cooperating with the US government. Emad Sharghi, another Iranian-American businessman, was arrested in 2018 when he was working for a tech investment company. Iranian-American environmentalist Morad Tahbaz, who also holds British citizenship, is a third prisoner.”

12. Taiwan Soldier Who Went Missing, Suspected of Deserting Post, Found in China

The Straits Times reported on March 13th that “a Taiwanese soldier serving on an islet close to the Chinese coast who went missing last week has been found in China, a senior Taiwan minister said on Monday, an incident that occurred amid heightened tensions. Taiwan’s Defence Ministry said on Thursday that the soldier had failed to report for roll call on Erdan islet, part of the Taiwan-controlled Kinmen group of islands that lie near the Chinese city of Xiamen. Speaking to reporters in Parliament, Mr Chiu Tai-san, head of Taiwan’s China-policy making Mainland Affairs Council, said the soldier was in China. “It’s confirmed that he is in the mainland. The Defence Ministry and relevant departments are actively aware of the relevant progress and situation,” he said. “The Defence Ministry has their relevant mechanisms for identifying deserters,” Mr Chiu added. Initial theories in Taiwan’s media suggested he may have been swept away by the waves, but later, reports focused on the possibility of desertion. The Defence Ministry declined to comment.”

13. United Arab Emirates: Influx of Russian Hackers Benefits Abu Dhabi’s Cyber Offensive Capabilities

Intelligence Online reported on March 13th that “Beacon Red, the Edge Group conglomerate’s Emirati cyber subsidiary, has hired a wave of cyber engineers fleeing Russia after the invasion of Ukraine. Intelligence Online understands the Russian recruits are being housed on a site separate from the rest of the company.”

14. Crypto Museum: AU-015 UHF/FM Bug — Transmitter

This week the Netherlands-based Crypto Museum added a new article to their online museum. As per its description, “AU-015 is a miniature crystal-controlled narrowband FM covert listening device (bug), developed in the early to mid-1990s by an unknown manufacturer in Japan. It operates in the UHF band on one of two predetermined spot frequencies (marked as A or B) near 400 MHz. For reception of the bug, the matching AU-018 2-channel receiver was recommended. The range was ~ 300 metres.”

15. Turkish Intelligence Chief Hakan Fidan Admits to Targeting, Surveilling Journalists Abroad

Following last week’s story #9, Nordic Monitor published this article on March 13th stating that “as he tried to defend his record, the head of Turkey’s notorious intelligence agency Milli İstihbarat Teşkilatı (MIT) admitted to having targeted journalists and media professionals abroad in a recent report published by the agency. In the 16-page report, obtained by Nordic Monitor, MIT chief Hakan Fidan, a close confidant of Turkish President Recep Tayyip Erdoğan, wrote that in the year 2022 “[t]he work on deciphering the black propaganda attempts aimed at undermining our country has continued without interruption.” What Fidan described as “black propaganda” is a reference to coverage critical of Turkey by journalists who were forced to go into exile and pursue their careers abroad after the Erdoğan government started arresting journalists by the hundreds, wiping out nearly the entire critical, independent and opposition media in Turkey over the last decade. The undated report, written some time in March 2023, is the assessment of the work done by the intelligence agency in 2022 and tantamount to an admission of targeting and harassing Turkish journalists who live in Europe and North America, where MIT agents run illegal surveillance operations. Fidan publicly owned up to this surveillance and bragged about intelligence gathering that targets critical journalists by presenting this as one of the successes of the agency under his watch. MIT’s spying on journalists in Europe was exposed last year when the agency leaked surveillance photos and the residential addresses of journalists who live in Germany and Sweden as part of the Erdoğan government’s intimidation campaign.”

16. Podcast: Team House: Delta Force Operator and CIA Officer Gary Harrington

On March 14th the Team House released a new podcast episode. As per its description, “I spent most of my career working in the shadows. While some of my service was spent with large groups, such as the 32nd Marine Amphibious Unit, serving in Beirut in 1982, I spent most of my career working on small teams or alone. We often lived and worked with foreign military units like a Kuwaiti tank unit in the northern desert in 1996. In 1998, I worked alone in Yemen. Trouble spots on my own became my specialty. After 9/11, I launched to Uzbekistan in the vanguard for 5th Special Forces Group and served on several teams in Afghanistan during 2001 and 2002, participating in major combat operations alongside Afghan indigenous forces. Often, my mission was to enter a country to determine if other special operations forces could safely follow and operate. If so, I would develop the situation and make ready for them to arrive. In 2002, after departing Afghanistan, I moved to a mid-Eastern location to prepare the way for the next conflict. Working independently and conducting successful, often classified missions on several continents taught me the power of prudence…and the skills that must accompany it.”

17. Ukrainian SBU Announced FSB Agent Will Spend 15 Years in Prison

Following 2022 week 21 story #1, on March 13th Ukraine’s Security Service (SBU) announced that “the Russian agent who was promised the position of “Deputy Minister” in Crimea by the FSB will spend 15 years behind bars. The perpetrator is the former vice-rector of one of Kyiv’s higher medical educational institutions. After his release in 2020, he moved to the temporarily occupied Crimea, where he was recruited by the FSB. A month before the start of the full-scale invasion, he returned to Kyiv to carry out enemy missions. It was established that the traitor was gathering information for the aggressor about servicemen of the Armed Forces who were undergoing inpatient treatment in military hospitals and hospitals in the Kyiv region. In addition, the agent established contacts with Ukrainian and foreign scientists for their further recruitment into the FSB. In order to find the “necessary connections”, he involved his former work colleagues and university graduates, whom he approached under the pretext of preparing a dissertation. In the case of successful completion of the tasks, the Russian intelligence service “guaranteed” its agent the appointment of “Deputy Minister of Health” of the occupation administration of the peninsula. However, the SBU prevented these “plans” — it documented criminal actions and detained the perpetrator in May of last year for attempting to transfer intelligence information to the enemy.”

18. North Korea: Kim Jong Un Executes State’s Own Spy for Googling Him

On March 13th FirstPost published this story saying that “an official from North Korean Secret agency was allegedly executed by the nation’s army for allegedly reading about the dictator Kim Jong-un on Google. The unnamed agent risks being executed by firing squad for having the audacity to read about the dictator from within Bureau 10, the covert organisation that keeps tabs on both internal and external contacts in the oppressive state. According to sources in Pyongyang who spoke to the South Korean publication Daily NK, the person was one of several intelligence agents who were turned in to the Ministry of State Security by a fellow agent. According to reports, the other cops have been fired from their positions. All of the intelligence officers involved in the purge at Bureau 10 are believed to be young, having joined the organisation not long after receiving their degrees last year. According to Daily NK, they were primarily of mid- to high-rank at the organisation and tasked with creating plans for managing the nation’s information barrier. Even top-level intelligence officials cannot access the internet without permission in North Korea, the so-called “hermit kingdom” due to its seclusion from the rest of the world and the quasi-religious cult of personality surrounding the country’s leader. “Bureau 10 departments are given access to the internet,” the source told Daily NK, “which had enabled agents to turn off their search word recording devices and search the web as much as they like without problem.” But since a new bureau chief assumed charge, even these formerly minor problems have escalated into significant incidents.”

19. Former United States CIA Officer Jason Hanson Publishes New Videos

This week former US Central Intelligence Agency (CIA) officer Jason Hanson published the following videos: 1) Ex-CIA Reacts to a Lawyer Shot Three Times by Her Client…, 2) A Homeowner Fights Back Against 3 Home Invaders and What Happens Next Will Shock You…, 3) Axe-Wielding Driver Caught on Camera in a Terrifying Road Rage Incident.

20. Bulgaria: Nikolay Malinov the New Georgi Dimitrov. The Bulgarian accused of espionage headed the Russophile International

The Bulgarian OFFNews reported on March 14th that “Nikolay Malinov, the leader of the party “Russophiles for the Revival of the Fatherland”, indicted in Bulgaria for espionage in favour of Russia, was elected chairman of the International Russophile Movement at a founding congress in the Pushkin State Museum in Moscow. TASS reported on the election of a Bulgarian as the leader of the Russophile International. According to Tsargrad, 120 people from 46 countries attended the gathering in the Russian capital.”

21. Azerbaijan Security Service Arrests Foreign Citizen on Espionage Suspicion

APA reported on March 15th that “during the investigation of the criminal case by the State Security Service of Azerbaijan (SSS), reasonable suspicions were established that foreign citizen Ghaedi Mohammad Najaf, born in 1994, had committed criminal acts of espionage in the territory of the Republic of Azerbaijan, SSS told APA. According to the information, it was revealed on the basis of the numerous collected proofs that Ghaedi Mohammad Najaf, on the instruction of the foreign special service institution, acted in the direction of the organization of data collection and provision of information that is a state secret and to be used to the detriment of the security of the Republic of Azerbaijan, as well as getting the personal information of the employees of the law-enforcement body of the Republic of Azerbaijan, building personal relationships with them and involving them in the secret cooperation by the special service body of the foreign country. Ghaedi Mohammad Najaf was charged with criminal responsibility under Article 276 (espionage) of the Criminal Code of the Republic of Azerbaijan and the court ordered preventive detention against him. Criminal investigations are ongoing.”

22. SpyChat with Chris Costa | Guest: Alan E. Kohler, Jr.

On March 14th the International Spy Museum published this video recording. As per its description, “join us for an online discussion of the latest intelligence, national security, and terrorism issues in the news with Spy Museum Executive Director, Chris Costa. He will be joined by Alan E. Kohler, Jr., FBI Assistant Director, Counterintelligence Division. Kohler was named assistant director of the FBI’s Counterintelligence Division in April 2020. Kohler had most recently served as the special agent in charge of the Washington Field Office’s Counterintelligence Division. He joined the FBI as a special agent in 1996 and worked counterintelligence matters at the Washington Field Office. He also served on the Evidence Response Team and took part in the FBI’s response to the 9/11 attack on the Pentagon. In 2003, he transferred to the Counterintelligence Division to manage Russian counterintelligence investigations and was promoted to unit chief in 2004. In 2006, Kohler transferred to the New York Field Office to supervise a counterintelligence squad and then later a squad working cyber national security and criminal matters. He served as an assistant legal attaché in London beginning in 2012, acting as the FBI’s liaison with British intelligence and law enforcement agencies. Kohler moved to the Norfolk Field Office in Virginia in 2016 as the assistant special agent in charge of the counterintelligence, counterterrorism, intelligence, and crisis management programs. He returned to FBI Headquarters in 2017 as the chief of the Eurasian Section, which manages the Bureau’s operations countering Russian intelligence threats. In 2018, he was promoted to deputy assistant director in the Counterintelligence Division and managed multiple portfolios. He was promoted to the special agent in charge of the Counterintelligence Division at the Washington Field Office in 2019. He is a recipient of the Attorney General’s Award for Exceptional Service, the FBI Director’s Award for Outstanding Counterintelligence Investigation, and the Exceptional Achievement Medal from the Director of National Intelligence.”

23. Information Warfare: Washington Provides Funds to Counter Chinese Messaging in Italy

On March 13th Intelligence Online reported that “the US State Department has given Italy’s Istituto Affari Internazionali think tank financial help to contribute to the debate in that country on the risks posed by disinformation from the Chinese Communist Party. That was only the first operation in a wider-ranging US campaign to come in Europe.”

24. Ukraine’s SBU Detained Russian Agent in Kherson

On March 14th Ukraine’s SBU announced that they “detained a traitor who was “contaminating” the enemy’s positions with the Armed Forces of Ukraine and planning to join the ranks of the occupiers. The figure is a contractor of one of the military units stationed in the region. In February 2023, on his own initiative, he went to the intelligence service of the Russian Federation, to which he offered his help in the war against Ukraine, and also expressed his desire to join the ranks of the occupiers. In order to establish contact with the aggressor, he “turned” to his sister, who lives in Russia and is in a close relationship with an official of the occupation groups. He turned out to be Volodymyr Snegovsky (Володимир Снєговський), the deputy commander for military and political work of the 83rd separate repair and restoration battalion of the Russian Armed Forces. The woman met the enemy after the temporary seizure of one of the villages in the Kherson region, where she lived at the beginning of the full-scale invasion. During the liberation of the district, she decided to flee with the invaders, and then settled in the Russian Federation, where she continued “communication” with Snegovsky. It was established that it was he who passed on information about her relative to a case officer of the Russian intelligence service, who then contacted the person involved. According to the investigation, the enemy agent carried out the instructions of his “handler” regarding the collection of data on the deployment of units of the Armed Forces in Mykolaiv and Vinnytsia regions. The invaders needed the intelligence to prepare targeted missile strikes on Ukrainian targets. The traitor also discussed with a representative of the Russian intelligence service the conditions of crossing the front line and being captured. However, counter-intelligence officers of the SBU timely exposed the intruder, gradually documented his criminal actions and detained him in one of the administrative buildings during the execution of an intelligence mission.”

25. Russian PSYOPs in Northern Europe

Grey Dynamics published this article on March 15th with its introduction stating that “Russian Strategic Psychological Operations (Psyops), specifically information operations, have an important place in the Kremlin’s foreign policy and Russian military strategy. Russia is conducting psyops on a global scale. Still, the war in Ukraine, the increasing attention to the Arctic region, and the Swedish and Finnish applications to NATO are all factors which increase strategic value in psyops targeting Northern Europe. Psyops are mainly operations intending to influence an adversary’s emotions and motives to shape the behaviour of governments, organisations, groups, and individuals. Strategic psyops mainly focus on shaping narratives through disinformation campaigns and other types of influence operations, encouraging popular discontent and degrading an adversary’s ability to maintain unity at domestic and foreign policy levels. Strategic psyops constitute a desirable alternative to inflicting harm on an opponent below the threshold of war. Looking at the influence operations element of psyops, these are the coordinated covert activities initiated by a state actor to influence decision-making, perceptions, and policy-objectives of influential actors such as experts and media outlets in opponent states. Such operations aim to achieve foreign policy objectives through tailored disinformation campaigns.”

26. Secret Kremlin Document: How Russia Plans to Overturn Moldova

Following last week’s story #34, VSquare reported on March 14th that “the document on Moldova was created in 2021 in the same department that drew up the strategy for Belarus, that is, in the Directorate for Cross-Border Cooperation. By Putin’s decree, that department began dealing with the “European direction” in August 2021. Its tasks include informational and analytical support to the presidential administration, and also participation in “the preparation of proposals relating to the improvement of activities for the implementation of projects and programs to assist international development in the economic, political and humanitarian spheres.” The strategy for Moldova, like the one for Belarus, lists exactly such areas. The documents have reached the desk of Dmitry Kozak, deputy head of the Russian presidential administration, among others. In October 2020, the London-based Dossier Center identified four people dealing with Moldova in this unit. We managed to identify another one: according to our sources in western intelligence, the main author of the document is department counsel Andrei Vavilov, a graduate of the FSB academy (he spent almost a decade in the service afterwards).” Details were also published by Yahoo! News on March 15th.

27. United Kingdom: Woman Stabbed in Car Park ‘is US Spy Working at GCHQ’

The Times reported on March 15th that “a woman stabbed outside a leisure centre in Cheltenham last week is an American spy on secondment to GCHQ, it was reported last night. Police were called to the Gloucestershire town at about 9.15pm on Thursday after reports that a woman had been attacked. She suffered serious injuries and was taken to hospital for surgery. She was said to be in a stable condition. A 29-year-old man from Cheltenham was arrested on suspicion of the commission, preparation or instigation of terrorism contrary to section 41 of the Terrorism Act (2000), as well as on suspicion of preparing acts of terrorism under section 5 of the Terrorism Act (2006). According to the Daily Mail, the woman is a US intelligence agent on secondment to Government Communications Headquarters, three miles from the leisure centre. The victim is reported to have been sitting in a car when the knifeman “lashed out” and “stabbed her” in the car park. She staggered out of the vehicle to seek help from staff at the leisure centre. On Saturday, Gloucestershire police said that due to some “specific details” of the incident, Counter Terrorism Policing South East was leading the investigation, working alongside Counter Terrorism Policing South West and officers from Gloucestershire police.”

28. China’s Spy Balloon Masks Espionage Iceberg in U.S.

NewsWeek reported on March 16th that “the downing of a Chinese spy balloon has led to heightened scrutiny of espionage efforts under Xi Jinping. Not as widely noted has been China’s expansion of traditional surveillance capabilities, while its cyber espionage has found success due to poorly secured U.S. networks. Beijing has also leveraged members of the Chinese diaspora in America for corporate spying in places of interest. The Chinese state security ministry’s use of ethnic ties has proved a challenge for Western governments. Balancing a watchful posture with an approach that maintains American ideals is key, one expert tells Newsweek.”

29. Webinar: The Double Life of Katharine Clark with Katharine Gregorio

On March 17th the International Spy Museum published this recording. As per its description, “she was the first female accredited correspondent during World War II. After secret meetings with its author, she smuggled The New Class, an anti-Communist manifesto out of Yugoslavia, where it went on to sell more than three million copies and be translated into more than 60 languages. Isn’t it time you knew her story? Katharine Clark was the first female military accredited correspondent during World War II. Staying on as a foreign correspondent behind the Iron Curtain after the War, she risked her life to expose the truth about the realities of Communism to the world. Join author Katharine Gregorio to discover a trailblazer and an intense and too little-known Cold War story. Gregorio dug into the real life of her great aunt to write The Double Life of Katharine Clark: The Untold Story of the Fearless Journalist Who Risked Her Life for Truth and Justice. From her early radio broadcasts in 1939 supporting her father, General Sanderford Jarman, to keep his troops connected in the jungles of Panama to becoming the first woman to broadcast out of Allied Occupied Berlin after World War II ended, her background gave her a unique position at the onset of the Cold War. As a foreign correspondent, she developed a friendship with Milovan Djilas, who helped establish the Communist government of Yugoslavia. The remarkable work Clark did with Djilas as he turned against Communism happened against the backdrop of protests in Poland and a revolution in Hungary, both of which Clark covered as the first female wire reporter behind the Iron Curtain for the International News Service.”

30. Spy Way of Life: Nogal Club, Bogota, Colombia

This week’s selection for Intelligence Online’s Spy Way of Life was the “Nogal Club, an enduring haven for Colombia’s military, political and business elites.” As per its description, “this week, Intelligence Online takes a peak inside Bogota’s exclusive Nogal Club, a historical sanctuary for Colombia’s right wing and military uppercrust, bombed by the FARC in 2003.”

31. Video: Forces News: How the Surveillance and Reconnaissance Squadron Operate Behind Enemy Lines

On March 15th the Forces News released this short video. As per its description, “the Surveillance and Reconnaissance Squadron (SRS), primarily made up of Royal Marines from 30 Commando Information Exploitation Group, is dubbed the eyes and ears of the UK Commando Force. Their focus is to gather information on the enemy and topography, so either larger amphibious forces can follow or lethal Royal Marine strike teams can carry out their operations. It is not the role of SRS to be part of long firefights but they could come under attack, so it is important they practise getting out of an area and back to their boats as quickly as possible.”

32. Russian Plot to Sabotage Poland’s Train Lines in Bid to Stop the Country Delivering Arms to Ukraine is Uncovered, with Six ‘Foreign Agents’ Arrested

On March 15th the Daily Mail reported that “a Russian plot to sabotage Poland’s train lines in a bid to stop the country delivering arms to Ukraine has been uncovered, with six suspected foreign agents arrested. According to news outlet RMF FM, the ‘foreigners from across our eastern border’ were detained by Poland’s Internal Security Agency ‘on suspicion of working on behalf of the Russian special services’. The six agents — who are thought to be from Belarus — were seized after intelligence officers from Poland’s ABW found hidden cameras recording important railway routes for transferring weapons and ammo to Ukraine. They are suspected of trying to sabotage the lines to disrupt Kyiv’s war effort. Poland’s special forces minister said an official statement would be given tomorrow. The arrests come just weeks after the minster responsible for the country’s special services revealed that nine other people suspected of collaborating with the Russian and Belarusian services had also been detained in recent months.” Here’s the official Polish government press release. Chapter97 stated on March 16th that “the names of the detainees and video of their relatives, saying they are innocent, appeared on a pro-government resource. According to the pro-government channel, three Belarusians have been detained in Poland: Mikalai Maskalenka, born in 1971. Uladzislau Pasmitsiukha, born in 1994. Maryja Medvedziava, born in 2004.”

33. A Spy Wants to Connect With You on LinkedIn

The WIRED published this article on March 15th saying that “there is nothing immediately suspicious about Camille Lons’ LinkedIn page. The politics and security researcher’s profile photo is of her giving a talk. Her professional network is made up of almost 400 people; she has a detailed career history and biography. Lons has also shared a link to a recent podcast appearance — “always enjoying these conversations” — and liked posts from diplomats across the Middle East. So when Lons got in touch with freelance journalist Anahita Saymidinova last fall, her offer of work appeared genuine. They swapped messages on LinkedIn before Lons asked to share more details of a project she was working on via email. “I just shoot an email to your inbox,” she wrote. What Saymidinova didn’t know at the time was that the person messaging her wasn’t Lons at all. Saymidinova, who does work for Iran International, a Persian-language news outlet that has been harassed and threatened by Iranian government officials, was being targeted by a state-backed actor. The account was an imposter that researchers have since linked to Iranian hacking group Charming Kitten. (The real Camille Lons is a politics and security researcher, and a LinkedIn profile with verified contact details has existed since 2014. The real Lons did not respond to WIRED’s requests for comment.) When the fake account emailed Saymidinova, her suspicions were raised by a PDF that said the US State Department had provided $500,000 to fund a research project. “When I saw the budget, it was so unrealistic,” Saymidinova says. But the attackers were persistent and asked the journalist to join a Zoom call to discuss the proposal further, as well as sending some links to review. Saymidinova, now on high alert, says she told an Iran International IT staff member about the approach and stopped replying. “It was very clear that they wanted to hack my computer,” she says. Amin Sabeti, the founder of Certfa Lab, a security organization that researches threats from Iran, analyzed the fake profile’s behavior and correspondence with Saymidinova and says the incident closely mimics other approaches on LinkedIn from Charming Kitten. The Lons incident, which has not been previously reported, is at the murkiest end of LinkedIn’s problem with fake accounts. Sophisticated state-backed groups from Iran, North Korea, Russia, and China regularly leverage LinkedIn to connect with targets in an attempt to steal information through phishing scams or by using malware. The episode highlights LinkedIn’s ongoing battle against “inauthentic behavior,” which includes everything from irritating spam to shady espionage.”

34. Ukrainian SBU Detained Female Russian Collaborator in Lyman

On March 14th Ukraine’s Security Service (SBU) announced that they “detained a female collaborator in Lyman, who was collecting personal data of Ukrainians who remained in the occupation for the Russians. The perpetrator turned out to be a former employee of one of the branches of Ukrainian Postal Service (Ukrposhta) on the territory of Lyman. After the capture of the city, she voluntarily cooperated with the enemy and joined the ranks of the local occupation administration. There she was appointed the head of the “Citizen Reception Department of the Department of Labour and Social Protection of the Population of the DNR”. While in the “post”, the collaborator collected personal data of citizens, which she handed over to the Russian occupiers. Forced pensioners and beneficiaries to transfer social benefits under “Russian jurisdiction”. After Lyman’s release, the suspect tried to hide from justice and even returned to her previous job at Ukrposhta. However, she never managed to implement her “plans”. SBU officers established the facts of the collaborative activity of the enemy’s accomplice and detained her.”

35. Kyrgyzstan: Spymaster Tashiev Wins Friends and Influence in Politics and Security

On March 16th Intelligence Online reported about the “Head of the State Committee for National Security (GKNB) Kamchybek Tashiev”, saying that “the career politician and head of the State Committee for National Security is acutely aware of the value in strengthening his support base and popularity among the general population, which he achieves in part through the financing of infrastructure and equipment projects.”

36. Peeking at Reaper’s Surveillance Operations

On March 16th private cyber security firm Sekoia published this technical analysis, stating that “during our day to day hunting to protect our customers, we came across two Command and Control servers (C2s) of the North Korea-nexus intrusion set Reaper (aka APT37) with open directories, allowing us to observe hosted implants as well as victim’s exfiltrated data. Reaper is active since at least 2012, primarily conducting cyberespionage campaigns against NGOs and civil society (dissidents, journalists, DPRK defectors). Reaper’s assessed missions are surveillance and counter intelligence in support of DPRK’s strategic interests, notably the Ministry of State Security (MSS) aka. Bowibu. Reaper used infection vectors in past campaigns include watering holes exploiting 0 day vulnerabilities, and phishing emails with malicious attachment. SEKOIA.IO analysts’ investigation led to the uncovering of several phishing webpages, a CHM infection vector, new PowerShell implants and Chinotto malware modules, a Reaper signature malware documented by Kaspersky in November 2021. We assess the recently observed activity almost certainly pertains to the surveillance of North Korea defectors, and associate it to Reaper with high confidence.”

37. Israel: Former Mossad Chief Urges Rapprochement with Iran

The Middle East Eye reported on March 16th that “Israel’s former spymaster has called for his country to explore whether a rapprochement with Iran is possible following a dramatic breakthrough in relations between Tehran and Riyadh last week. Efraim Halevy, the former director of Israel’s Mossad spy agency, made the comments on Wednesday evening in an interview on CNN. Describing the deals as “very startling”, Halevy urged Israeli leaders not to “prejudge” the deal but to find ways of working with the new development. “[Israel should] understand what it is that brought the Iranians to their rapprochement with Saudi Arabia,” said Halevy. Halevy went on to ask whether “the time has come for Israel also to seek a different policy towards Iran”. Israel should explore in a “concealed manner” the possibility of rapprochement between Israel and Iran, said Halevy. While Halevy accepted that such a possibility might be low, he cautioned that such a deal between Iran and Saudi Arabia also looked inconceivable just weeks ago. Following Chinese-led negotiations, Tehran and Riyadh agreed to resume diplomatic relations last week and reopen embassies within two months, according to a statement released by both sides. That China could pull off such an agreement should be more deeply analysed, said Halevy. The Chinese format could provide a “different approach to the Iranian-Israeli conflict” which Tel Aviv had not previously considered, added the former spy chief. “We had a very, very good relationship with Iran under the previous leadership of the Shah. There is no real conflict of interest between Israel and Iran. “We don’t have a territorial confrontation. We don’t have a common border and there is no real reason that there should be a state of war between Israel and Iran,” said Halevy.”

38. Greece Uncovers Russian Spy Operating Under ‘Deep Cover’

The Greek Reporter published this story on March 16th saying that “Greece’s intelligence services uncovered a Russian spy who, they say, was operating in the country since 2018 in “deep cover”. According to the National Intelligence Service (EYP), the foreign national named “Irina A. S.” had gained Greek citizenship and an identity card and was working as a photographer. She was also the owner of a handicraft store in Athens. She was living in Pagrati, close to the center of the Greek capital. The woman was presenting herself as “Maria Tsalla.” The statement by EYP does not say what the nationality of the spy was, but later reports suggest she was Russian and that her real name is Irina Alexandrova Smireva. She returned to her country in January. EYP says her exposure started after the detection of a third country’s attempt to gain access to the personal data of deceased Greek citizens. It adds that “Maria Tsalla’s” activity would not have been limited to Greece. Being an EU citizen she would have been able to travel and work in many European countries. The spy was very active on all social media and especially on Facebook. On her profile, there are hundreds of pictures of cats, and she reproduces ads from people who give cats up for adoption. In essence, she has spent five years building a profile in order to infiltrate various communities. However, two things are striking. One is that even though she has a lot of photos on her social media profiles, in almost all of them she covers her face, either with her knitting or with a camera, and the second is that she preferred to pay her house rent in cash, avoiding banking transactions.” Athens News released further details on March 17th with the news story ““The double life of a Russian spy in Greece”or why this news appeared on March 16.”

39. United Kingdom: GCHQ: Manchester

This week Britain’s GCHQ published a new article for the Agency’s latest office site in the UK. As per the article, “Heron House, which opened in late 2019, is the home to our newest offices in Albert Square in the heart of Manchester, contributing to an already thriving technology scene. The hi-tech premises see us using cutting edge technology and technical ingenuity to identify and disrupt threats to the UK while allowing us to draw on the talents of companies and people in one of the most vibrant and diverse cities in the UK.”

40. United States: DoJ Protects Ex-CIA Officer Sought for Questioning in Colombia Over Murders

Following week 6 story #51, on March 17th Intelligence Online reported that “between stints with CIA, James Adkins served as security chief for Drummond Co., an Alabama mining firm active in Colombia. He and other company officials have been accused of having a role in the killings of union leaders committed by a paramilitary force. They deny the allegations.”

41. UAE Spymaster Purchases $100 Million Stake in TikTok Maker ByteDance

WION reported on March 15th that “United Arab Emirates spy chief, royal Sheikh Tahnoon bin Zayed Al Nahyan has purchased a more than $100 million stake in ByteDance Ltd., the parent company behind the popular video platform TikTok, says a Bloomberg report. In recent months, Abu Dhabi-based AI firm G42, a technology group controlled by the UAE royal, reportedly acquired the $100 million-plus stake from existing investors through its 42XFund. At the recent private-market investment, G42 valued ByteDance at around $220 billion.”

42. Russian Jet Dows U.S. Spy Drone After Collision Over Black Sea

The Wall Street Journal released this story on March 16th. As per its description, “Video released by the Pentagon showed a U.S. MQ-9 surveillance drone buzzed by a Russian Su-27 jet moments before it crashed over the Black Sea on Tuesday. This marked one of the first direct military confrontations between the two nations’ forces since the war in Ukraine began. Photo: U.S. European Command.”

43. Podcast: SpyCast: “Hitler’s Trojan Horse” — Nazi Intelligence with Nigel West

On March 14th the International Spy Museum’s SpyCast released a new episode. As per its description, “for decades historians have considered the German wartime intelligence service, the Abwehr, a relative failure. However, our understanding of intelligence history is always evolving as more information is declassified and uncovered. This week on SpyCast, Nigel West joins Andrew to discuss and challenge the conventional wisdom on the Abwehr. Just how effective was German intelligence during the WWII? Why has scholarship underestimated the areas in which they were successful? And… Nigel’s real name is Rupert Allason: Nigel West is the pen name he uses for his books on espionage. Do you know whose real name was David Cornwell?”

44. Spymaster: Daniel Markic, Croatian Champion of European Intelligence Cooperation

Intelligence Online released this story on March 17th about the “Director of the Croatian Security and Intelligence Agency (SOA) Daniel Markic.” As per the article, “over his two terms in office, the director of Croatia’s security and intelligence agency, SOA, has spared no effort to put his service at the heart of European security and intelligence alliances. He has put cyber defence at the forefront of his cooperation strategy.”

45. Ukrainian SBU Detained Two FSB Agents in the Donetsk Region

On March 17th Ukraine’s SBU announced that they “detained informants who passed intelligence on the Defence Forces in the Avdiyiv direction to the enemy. The Security Service exposed two FSB informants during counter-subversion measures in the Donetsk region. They collected intelligence about the location of combat positions and fortified areas of the Defence Forces in the Avdiiv direction. The received information was transmitted to the enemy in the form of encrypted codes through anonymous messengers and the banned Odnoklassniki social network. Intelligence was needed by the occupiers to prepare missile and artillery strikes on the bases of Ukrainian troops. The SBU officers gradually documented the criminal actions of both perpetrators and detained them for gathering secret information for the aggressor. According to the investigation, two residents of Novogrodivka, Pokrovsky district, who publicly supported the armed aggression of the Russian Federation against Ukraine, turned out to be enemy accomplices. It was established that they actively spread destructive narratives through banned Russian social networks. It was because of such activity that they came into the field of view of a case officer of the FSB, who remotely involved them in cooperation as informants. To collect intelligence, they went to the area, fixed the locations of Ukrainian sites and transmitted their coordinates through a “liaison”. He turned out to be a militant of the terrorist organisation “DNR”, which is currently part of the occupation groups on the eastern front. During searches of the detainees’ residences, mobile phones and computers were found, which they used to communicate with the aggressor. Security Service investigators informed both hostile informants of the suspicion. The perpetrators are currently in custody. The investigation is ongoing, during which the identity of their “handler” from the FSB and “liaison” has already been identified.”

46. ​​​​​​​Turkish Intelligence Kidnaps Afrin’s Flute Player

ANHA reported on March 16th that “the sources said that Turkish intelligence kidnapped the flute player (Hussein Haj Nasser) from the occupied city of Afrin, in the center of Istanbul. The sources did not mention other details about the kidnapping.”

47. Lebanon’s Former Security Chief Abbas Ibrahim Falls from Grace After Support Dwindles

Intelligence Online released this story on March 15th about “Lebanon’s former internal security chief Major General Abbas Ibrahim.” As per the article, “the country’s former powerful general security chief Abbas Ibrahim has reluctantly had to stand down in favour of Elias Baissari. The top official had hoped to be championed by his supporters from Beirut to Washington, but backing to keep him in the job turned out to be weaker than he claimed.”

48. This Is the New Leader of Russia’s Infamous Sandworm Hacking Unit

WIRED published this article on March 15th saying that “for years, the hacking unit within Russia’s GRU military intelligence agency known as Sandworm has carried out some of the worst cyberattacks in history — blackouts, fake ransomware, data-destroying worms — from behind a carefully maintained veil of anonymity. But after half a decade of the spy agency’s botched operations, blown cover stories, and international indictments, perhaps it’s no surprise that pulling the mask off the man leading that highly destructive hacking group today reveals a familiar face. The commander of Sandworm, the notorious division of the agency’s hacking forces responsible for many of the GRU’s most aggressive campaigns of cyberwar and sabotage, is now an official named Evgenii Serebriakov, according to sources from a Western intelligence service who spoke to WIRED on the condition of anonymity. If that name rings a bell, it may be because Serebriakov was indicted, along with six other GRU agents, after being caught in the midst of a close-range cyberespionage operation in the Netherlands in 2018 that targeted the Organization for the Prohibition of Chemical Weapons in the Hague.”

49. Video: Deadly Explosion Rips Through Russian Spy Building

On March 16th The Telegraph reported that “at least one person has been killed and two injured in a fire at a building used by Russia’s Federal Security Service (FSB) in the city of Rostov-on-Don, close to the Ukrainian border. Rostov’s regional governor said a short circuit appeared to have caused the fire, which ignited fuel tanks. The blaze building belonging to the FSB’s regional border patrol section in a built-up area of the city.” The FSB issued a press release on March 16th stating that “at 12.20 in the repair shop of the garage box of the FSB of Russia in the Rostov region, a fire occurred in fuels and lubricants, which caused an explosion and partial destruction of the building. There are casualties as a result of the incident.”

50. Marc Polymeropoulos: Remembering My CIA Service in Iraq

The Washington Examiner published this article on March 16th. As per its introduction, “the 20th anniversary of the invasion of Iraq brings up wildly conflicting emotions for me. I have vivid memories of my first nights in the country. I called home from a satellite phone on the tarmac of Baghdad International Airport to let my loved ones know I was alive. I remember walking the streets of the Mansour district, even sharing a meal with an Iraqi agent in his house. Then, there were the midnight raids, late-night meetings in safe houses, the intense terror of firefights, and periods of near death. There was carnage on the streets with dead and mutilated bodies. I engaged with a bewildered population that did not know how to greet the invading U.S. and allied forces. These are my memories. Some may disagree and dismiss them, but my experiences endure in my mind to this day. I was part of a joint U.S. special operations and intelligence community team that was deployed to northern Iraq beginning in late 2002. I then relocated to a special operations base in the Gulf for the pending infiltration into Iraq. It was a time of hope and excitement. I had been involved in Iraqi operations for some time and knew well the terrible nature of Saddam Hussein’s regime. Having handled high-level Iraqi agents and heard firsthand about the human rights horrors inside the country, I always felt that there was a moral piece to our pending invasion. Saddam was one of the cruelest dictators on the planet. There was a sense that a new dawn could soon come for the Iraqi people. Our agents had hope. And the CIA case officers did as well. We thought we were doing something special.”

51. Ukrainian SBU Detained Female Russian Agent in Kirovohrad

On March 17th Ukraine’s SBU announced that they “detained a Russian agent in Kirovohrad Oblast, who was spying on the locations of Ukrainian defence industry enterprises. The figure is a resident of Oleksandriysky district, who was remotely recruited by representatives of the Russian intelligence service to cooperate against Ukraine. At the aggressor’s direction, she collected up-to-date information on the location of military and critical infrastructure facilities in the region. First of all, the enemy was interested in information about enterprises that fulfil state defence orders for the needs of the Armed Forces. She had to convey the received information by messenger through “liaisons” who are part of the occupation groups on the eastern front. Intelligence was needed by the occupiers to prepare a series of missile attacks on Ukrainian sites. However, the SBU officers worked ahead of time and promptly detained the traitor while she was taking photos of one of the local enterprises. A mobile phone was seized from the detainee, which she used to photograph sites linked to the area, as well as to communicate with the aggressor.”

52. United States: Pentagon Analyst Kept Intelligence Job After Joining January 6 Mob, Planned to Kidnap Jewish Leaders

The Intercept reported on March 13th that “in 2018, a newly hired software engineer at a defense and intelligence contractor in the Washington, D.C., suburbs was assigned to a team led by a senior developer named Hatchet Speed. At first, the new engineer, Richard Ngo, got along well with Speed. They sometimes went out to lunch together and socialized away from the office. “Speed was my mentor at Novetta as the software lead,” Ngo later said in court testimony. “We worked together every day.” But after the insurrection at the U.S. Capitol on January 6, 2021, Ngo noticed that Speed, a longtime Navy reservist who had deployed to Iraq and Afghanistan as an intelligence analyst and held other sensitive cyber and intelligence posts in connection with Naval Special Warfare units, seemed to be changing. Ngo had always known that Speed was a gun enthusiast, but after the Capitol riot, he became more openly anti-government than he had ever been before. “He was just frustrated with just how everything was going,” Ngo testified, adding that Speed was “panic-buying” guns. What Ngo didn’t realize was that Speed, who had legally changed his first name from Daniel to Hatchet in 2007, according to Utah court records, had been an apocalyptic far-right extremist long before January 6.”

53. Russian Cyberspies Abuse EU Information Exchange Systems in Government Attacks

SecurityWeek reported on March 15th that “Russia-linked cyberespionage group APT29 has been observed abusing two legitimate information exchange systems used by European countries, BlackBerry reports. APT29 is a Russian advanced persistent threat (APT) actor mainly focused on cyberespionage. The group, believed to be sponsored by the Russian Foreign Intelligence Service (SVR), is also tracked as Cozy Bear, the Dukes, Nobelium, and Yttrium. As part of a recently observed campaign aimed at EU governments, the group was seen sending phishing emails with a malicious document attached, using the Polish Foreign Minister’s recent visit to the US as a lure. Another lure, BlackBerry says, abuses multiple legitimate systems, including LegisWrite and eTrustEx, two official services used for information and data sharing among the governments of European countries. “LegisWrite is an editing program that allows secure document creation, revision, and exchange between governments within the European Union. The fact that LegisWrite is used in the malicious lure indicates that the threat actor behind this lure is specifically targeting state organizations within the European Union,” BlackBerry notes.”

54. New Payload Seen on Iranian Shahed-129 UAV

Janes reported on March 15th that “at least one of the Shahed-129 unmanned aerial vehicles (UAVs) operated by Iran’s Islamic Revolution Guard Corps (IRGC) has been fitted with a previously unseen sensor, prompting speculation that it is a synthetic aperture radar (SAR) that could significantly improve the force’s situational awareness. The UAV was seen with a new dome mounted midway along the underside of its fuselage in photographs published by the Islamic Republic News Agency (IRNA) on 11 March to show students visiting various IRGC facilities, including an airbase that could be identified as the one on Qeshm island. While the dome could house electronic/signals intelligence antennas, it was about the right size to accommodate the antenna of the SAR displayed next to a Shahed-129 at the IRGC Aerospace Force museum in Tehran since it opened in 2019.”

55. Dark Pink APT Group Strikes Government Entities in South Asian Countries

Cyber threat intelligence firm EclecticIQ published this technical analysis stating that “in February 2023, EclecticIQ researchers identified multiple KamiKakaBot malwares which are very likely used to target government entities in ASEAN (Association of Southeast Asian Nations) countries. The latest attacks, which took place in February 2023, were almost identical to previous attacks reported by Group-IB on January 11, 2023 (1). In January 2023, the threat actors used ISO images to deliver KamiKakaBot, which was executed using a DLL side-loading technique. The main difference in the February campaign is that the malware’s obfuscation routine has improved to better evade anti-malware measures. Multiple overlaps in this new campaign aided EclecticIQ analysts in attributing it very likely to the Dark Pink APT group. Dark Pink is an Advanced Persistent Threat (APT) group active in the ASEAN region. Group-IB originally named this group “Dark Pink,” and it has also been referred to as “Saaiwc” by Chinese cybersecurity researchers (1,2). According to Group-IB, Dark Pink is thought to have started operations as early as mid-2021 with increasing activity in 2022. KamiKakaBot’s primary function is to steal data stored in web browsers such as Chrome, Edge, and Firefox. This includes saved credentials, browsing history, and cookies. Additionally, the threat actors can gain initial access on infected devices to execute remote code. Developers of KamiKakaBot employ various evasion techniques to remain undetected while executing malicious actions on infected devices. For example, they use Living-off-the-Land binaries (LOLBINs), such as MsBuild.exe, to run the KamiKakaBot malware on victims’ devices.”

56. EU: MEPs Probing Spyware ‘Stonewalled’ by EU States

EUObserver reported on March 17th that “MEPs probing spyware are set to visit Spain next week amid brewing resentment with member states and the European Commission. “I sincerely hope that we can count on full cooperation with the Spanish authorities, unlike what we received in our previous missions,” Belgian Green MEP Saskia Bricmont said on Thursday (16 March). The comment comes as frustration continues to mount among MEPs sitting on the Pega committee, set up in the wake of a wiretapping scandal, which saw Israeli spyware Pegasus being used to target opposition politicians, lawyers, prosecutors, journalists and others. But the committee has been flat-out stonewalled by a number of EU states. National authorities in Poland and Hungary refused to even meet them, for instance. The frustration spilled out on the plenary floor in Strasbourg earlier this week when the committee’s chair, Dutch centre-right MEP Jeroen Lenaers, accused both the commission and member states of delaying tactics and obfuscation. The European Commission says it has no competence in national security matters and that individuals should seek justice at the court. But Lenaers pointed out that the commission is taking Poland to task over the lack of its judicial independence, while at the same time, telling “Polish victims of Pegasus to turn to the same judicial system to get justice.” “It doesn’t make sense,” he said. He said the commission has failed to take the threat posed by spyware seriously and is not sticking to its duties as guardian of the treaty. Austrian socialist MEP Hannes Heide, who also sits on the committee, said Hungary accused them of being financed by US-based philanthropist George Soros. Similar comments were made by Dutch liberal Sophie In’t Veld, who is the MEP drafting the committee’s final report.”

57. Canada Investigating Claims of Secret Chinese Police Stations in Montreal

On March 15th Intel News reported that “authorities in Canada are reportedly probing claims that the Chinese government is operating at least two “clandestine police stations” in Montreal, which allegedly monitor the activities of Chinese citizens and Canadians of Chinese origin. The announcement comes less than four months after a similar investigation took place into the alleged existence of four illegal Chinese police stations operating in the Toronto area. The investigations were sparked by a report issued in 2022 by Safeguard Defenders, a Spanish-based non-government organization that focuses on the state of human rights in China. The report, titled “110 Overseas: Chinese Transnational Policing Gone Wild”, claimed that China’s Ministry of Public Security, in association with Chinese diplomatic facilities, operated dozens of clandestine police stations around the world. Their official mission, according to the report, was to service the needs of Chinese citizens living abroad, as well as visitors from China. At the same time, however, these clandestine police stations were “actively […] engaging in covert and illegal policing operations” against Chinese citizens and expatriates, according to Safeguard Defenders.”

58. Winter Vivern APT Hackers Use Fake Antivirus Scans to Install Malware

Bleeping Computer reported on March 16th that “an advanced hacking group named ‘Winter Vivern’ targets European government organizations and telecommunication service providers to conduct espionage. The group’s activities align with the interests of the Russian and Belarusian governments, so it is believed that this is a pro-Russian APT (advanced persistent threat) group. SentinelLabs reports that the threat group functions on limited resources; however, their creativity compensates for these limitations. Winter Vivern was first documented by DomainTools in 2021 when it was seen targeting government organizations in Lithuania, Slovakia, the Vatican, and India. In more recent campaigns seen by Sentinel Labs, the hackers target individuals working in the governments of Poland, Italy, Ukraine, and India. In addition to high-profile state targets, the hackers have also targeted telecommunication companies, such as those supporting Ukraine since the Russian invasion. Starting in early 2023, the hackers created webpages that mimicked those of Poland’s Central Bureau for Combating Cybercrime, the Ukraine Ministry of Foreign Affairs, and the Security Service of Ukraine.”

59. Reforms in Austrian DSN Announced

On March 14th Austria’s DSN issued this official announcement saying that “the state offices for the protection of the constitution and the fight against terrorism are being reformed. State security and the fight against extremism are becoming regional. The main points of the reform were presented during a press conference on March 14, 2023. “It is the current threat scenarios that require a consistent further development of our state security, especially in the federal states. The previous state offices for constitutional protection and counter-terrorism will be developed into state offices for state security and counter-extremism,” said Interior Minister Gerhard Karner at a press conference on central points of the State office reform on March 14, 2023 in Vienna. The Minister of the Interior added: “We are thus expanding the protective shield of the republic in order to continue to guarantee the security of the people in this country.” The implementation of the regional reform is currently starting and should be completed in early 2024. In the future, investigative areas for cyberspace and cyber forensics will be set up in every state office. This creates competencies and areas of investigation that are needed in state security to counter radicalisation and extremist crimes in cyberspace. In order to take decisive action against any form of extremism, preventive measures are also needed, with a special focus on schools and clubs. Specially trained police officers will hold awareness-raising lectures in schools in the future. “State security sensors” ensure that the regional nature of the protection of the constitution is strengthened. State security sensors are specially trained police officers who will be the ears and eyes of the intelligence community in the districts. This means that information relevant to state security can be passed on quickly to investigative authorities at federal or state level. The current extremism situation shows the need for reform, emphasised Karner. While the pandemic has reduced many “classic crimes”, such as theft, there has been an increase in extremist crimes in recent years. This would include crimes by identitarians, state refusers and Reich citizens, but also anti-Semitic crimes, such as wearing Jewish stars with the inscription “unvaccinated” at demonstrations. In 2022, more than 660 people were reported for extremism, more than 100 house searches were carried out and 37 arrests were made.”

60. Suspected China-linked Hackers Exploit Fortinet Zero-day in Spying Campaign

The Record reported on March 17th that “a suspected state-sponsored hacking group based in China has exploited zero-day vulnerabilities and deployed custom malware to spy on defense, government, tech, and telecom organizations, according to a new report. Cybersecurity firm Mandiant said it investigated “dozens of intrusions” in recent years where China-linked groups have used these techniques to steal user credentials and maintain long-term access to the victims’ devices. One group — tracked by Mandiant as UNC3886 — was observed in several attacks in mid-2022 targeting network security systems, firewalls, and virtualization technologies that enable computers to run multiple operating systems and applications simultaneously. The group used backdoors on Fortinet and VMware systems to attack victims’ devices. Mandiant’s Chief Technical Officer Charles Carmakal told The Record that researchers have identified nearly 10 victims across the defense, technology, and telecom industries in the U.S., Europe, and Asia that were impacted by the attacks. According to a joint investigation from Mandiant and Fortinet, hackers deployed their malware across multiple Fortinet systems. The hacking group initially accessed Fortinet’s centralized management device, FortiManager — which is accessible from the internet — before exploiting the CVE-2022–41328 zero-day vulnerability. The high-severity bug was discovered and patched by Fortinet earlier in March, and allows hackers to execute malicious code and deploy malware payloads on unpatched FortiGate firewall devices. Researchers traced the attack to China based on victim selection and the use of techniques and malware previously employed by China-affiliated hackers. The UNC3886 group is associated with a novel malware framework, which was disclosed by Mandiant in September 2022.”

61. Podcast: Combat Story: CIA Legend, Former Director of the Directorate of Operations, Case Officer, Jose Rodriguez

On March 18th the Combat Story published this new podcast episode. As per its description, “today we hear a unique Combat Story from the former Director of the CIA’s Directorate of Operations and long-time Case Officer Jose Rodriguez. Jose’s level at the CIA was equivalent to a general officer in the military, to give you an idea of his responsibility and impact. Jose was a case officer and Chief of Station in several Latin American countries and would eventually lead Latin America Division at the CIA before transitioning over to CTC right after 9/11 where he served as the Division’s Chief Operating Officer (a title he made up in true Agency fashion) and then was tapped to lead CTC just months after the invasion of Afghanistan. Jose has a fantastic book titled “Hard Measures: How Aggressive CIA Actions After 9/11 Saved American Lives” which recounts not only some of the innovative HUMINT ops he ran as a CO (like his ability to use horses to gain access), but also some of the incredibly challenging decisions he made at the highest levels of the CIA, including the creation of the Enhanced Interrogation program. This was a really special episode for me given Jose’s role and history at the Agency and hope you enjoy a glimpse behind the curtain of one of the most secretive organizations from someone who went from the bottom to the very top as much as I did.”

62. Ukrainian SBU Detains FSB Agent in Kharkiv

On March 15th Ukraine’s Security Service (SBU) announced that they “detained an FSB agent in Kharkiv, who was preparing terrorist attacks against Ukrainian pilots and special forces. The attacker was engaged in the preparation of terrorist attacks against military personnel of the Defence Forces, who are in the territory of the regional centre. For this purpose, he monitored the Ukrainian defenders — tried to establish their temporary deployment and residence, as well as the routes of movement in their own cars. In the “zone of special attention” of the enemy agent were military pilots, commanders of special units of the Armed Forces of Ukraine and employees of the Security Service. The facts of covert photo and video recording of the surrounding territory of the bases of the Ukrainian defence forces and their vehicles are documented. Counter-intelligence officers of the SBU detained the attacker while trying to transfer intelligence to the aggressor. At the same time, an enemy cache of explosives, which the enemy planned to use to commit terrorist attacks, was discovered near one of the houses where Ukrainian servicemen live. According to the investigation, the person involved is a local resident who was recruited in November last year by a case officer of the FSB operative group in the Belgorod region, A.P. Salitsev (Саліцев А.П.). It was established that assistance in contacts of the Kharkiv resident with the Russian intelligence service was provided by his relative living in the territory of the Russian Federation. In addition to monitoring Ukrainian defenders, the attacker performed hostile tasks to identify disguised enterprises of the defense-industrial complex of Ukraine. The occupiers needed the coordinates of strategic objects to carry out targeted missile strikes on the city. To communicate with the FSB, their agent used anonymous messengers, and the transfer of intelligence was accompanied by media files with a link to the area.”

63. Burkina Faso Arrests Frenchman Suspected of Espionage

KBC reported on March 16th that “soon after the arrest, the French consultant for the International Crisis Group (ICG) operating in Burkina Faso was released and able to leave the country. The arrest took place nearly three months after Burkinabe authorities expelled two French citizens suspected of spying for Paris. Burkina Faso’s authorities have arrested ICG consultant Mathieu Pellerin on charges of espionage. Pellerin was later released following a short detention, the ICG has said in a statement. “He had been detained in Ouagadougou since Friday evening while authorities examined his work. A consultant for the International Crisis Group since 2018, Mr. Pellerin was carrying out a research mission for us when he was arrested. Since then, he left the country,” explained the ICG. The ICG claims to have had “productive discussions with the transitional authorities” about the terrorist threat and to have always maintained good relations with different Burkinabe governments. Despite the assurances of the ICG on the relationship with the Burkinabe authorities, certain internet users suspected Pellerin of espionage. In December 2022, two French citizens were expelled from the country amid suspicions of spying for France, as reported by the Burkina Information Agency. Certain observers from Burkina Faso believe that Paris might try to destabilize the country by spying on the African country’s intelligence system or hacking into its secret communications, Salif Warma, secretary general of the Burkinabe Association of Barcelona, told Sputnik. In recent months, the Burkinabe people have repeatedly protested in the streets of Ouagadougou against the French military presence on the West African nation’s soil, stressing that the French troops were incapable of countering the terrorist threat in the Sahel region. At the end of February, Paris finally declared the end of its military operations in the country and pulled out its troops.”

64. Canada: Chinese Diplomat Named in CSIS Reports Should Have Been Expelled, Says Former Mayor

BIV reported on March 17th that “former Vancouver mayor Kennedy Stewart wonders why the federal government did not order China’s consul general in Vancouver to leave the country. Tong Xiaoling figures heavily in Canadian spy agency reports leaked to The Globe and Mail. According to the Canadian Security Intelligence Service (CSIS), she boasted of helping replace two Conservative MPs in Richmond with two Liberals in the 2021 federal election. In early 2022, she allegedly discussed a strategy to replace Stewart with a Chinese-Canadian candidate. NDP MP Stewart edged businessman Ken Sim in 2018 by under 1,000 votes, but Sim registered a 36,000-vote landslide in 2022. Stewart had rocky relations with Tong, beginning shortly after he was elected in 2018. She rebuked him and other officials at a Chinatown banquet more than a week after the U.S.-requested arrest of Huawei executive Meng Wanzhou at Vancouver International Airport for alleged bank fraud. Stewart suspended meetings with Chinese officials in April 2021. His friend, Conservative MP Michael Chong, was among those sanctioned in the wake of the House of Commons declaring China’s treatment of Uyghur Muslims a genocide. In November 2021, Tong publicly lashed out at Stewart for exploring a “friendship city” relationship with Kaohsiung, Taiwan. Stewart was already talking to Taiwanese trade officials and community members in Vancouver about closer ties with the self-governing island that Xi Jinping is eager to annex. Stewart also has a niece who is Taiwanese. “I thought, holy cow, this is way out of line,” Stewart said. “And this person should have been expelled a long time ago, but there was really no action taken. So our relationship really deteriorated.” Tong’s five-year posting in Vancouver ended last July, more than two months before the election. Her replacement, Yang Shu, arrived in September. Stewart said he remembers the surprise when a staff member advised him at a daily briefing last spring that federal intelligence officers wanted to visit. “They said, ‘Oh, CSIS has requested a meeting with you,’ and I thought CSIS, that’s weird,” said Stewart, now director of the Centre for Public Policy Research at Simon Fraser University. “I actually asked to see their badges and they showed me their badges that say they were CSIS and they said they had to brush them off, because they never did this. They don’t typically brief people.” The meeting with two officers, including one from the China desk, lasted two hours. He was also surprised when they didn’t mind that the meeting would be disclosed on his publicly released May calendar. CSIS also met with city hall’s top election officials in the clerk’s office and counterparts from Elections BC.”

65. United States: Pentagon Budget 2024: US Navy Seeks R&D Funds for E-2 Hawkeye Upgrade

Janes released this article on March 14th stating that “the US Navy (USN) has requested USD339.9 million in research and development (R&D) funds for the E-2D Advanced Hawkeye (AHE), to replace old cockpit components, add a heads-up display, and ready the aircraft for the Joint All-Domain Command and Control (JADC2) network. The Hawkeye Cockpit Technical Refresh is intended to replace what the USN describes as “obsolete and failing” cockpit components, including the aircraft’s Avionics Flight Management Computer. The programme would also add a heads-up display. Early warning aircraft represent critical nodes in JADC2, the Pentagon’s under-construction effort to link all major platforms and sensors into the same network. The Theater Combat Identification (TCID) is meant to integrate the E-2 by making the aircraft’s radar systems interoperable with the network. The Cooperative Engagement Capability and Signal Data Processor programme “will provide processing and cryptographic upgrades” to upgrade the E-2’s participation in the Naval Integrated Fire Control-Counter Air network by bringing the computer software aboard into Delta System Software Configuration 5.”

66. QiAnXin’s Global Annual 2022 Threat Report

User blackorbird shared the Chinese Qi An Xin Threat Intelligence Centre’s Global Annual 2022 Threat Report this week. The report is split into the following chapters: 1) Overview of Advanced Persistent Threats in China, 2) Overview of Global Advanced Persistent Threats, 3) APT Organisations, Activities, and Trends in Geopolitics, 4) A Large Number of 0day Vulnerabilities Used in APT Attacks, and 5) 2022 Advanced Persistent Threat Forecast.

67. Saudi Arabia: Ex-spymaster Turki Al Faisal Lends Weight to Saudi Arabia’s UNESCO Lobbying Efforts

On March 14th Intelligence Online reported that “Saudi Arabian intelligence and diplomacy supremo Turki bin Faisal Al Saud was at UNESCO in Paris on Monday to support Saudi Arabia’s campaign for the organisation’s top slot.” The article is about “Turki bin Faisal Al Saud (also known as Turki Al Faisal), former director of the General Intelligence Presidency (GIP).”

68. Spanish PM Plays Down EU Espionage Committee and Will Send Undersecretary to Meeting

Following this week’s story #56, on March 17th El Natcional reported that “Neither Pedro Sánchez nor one of his ministers, despite this being sought by some of the MEPs who are travelling to Madrid next week as part of the European Parliament’s Pegasus committee. The Spanish government has decided to limit its executive participation in the mission on spyware use to second-rank officials. The meeting will be with the Secretary of State for European Affairs, Pascual Navarro, non-elected undersecretary who is responsible for managing Spain’s relations with the European Parliament. This is what has emerged from another update of the agenda this Friday afternoon, which has also incorporated a Vox deputy into the contingent from the Catalan Parliament’s Catalangate committee, and has confirmed the attendance of both the senior Catalan Republican Left (ERC) politician Ernest Maragall and the director of the NGO Rights International Spain. Parliamentary sources do not rule out that, during the weekend, there will be more news. With this move, the Moncloa government palace in Madrid further reduces the political importance it attributes to the committee from the European chamber, which lands on Monday 20th, a public holiday in Madrid, and leaves the following afternoon. According to the agenda, the meeting with the Secretary of State for European Affairs will be on Monday afternoon at the headquarters of the Spanish foreign ministry. In fact, sources consulted by El Nacional.cat on Thursday already stressed that the Spanish government was emphasizing the judicial process of the case rather than its political side.”

69. South Korea: 4 Indicted on Espionage Charges

On March 16th the KBS News reported that “4 individuals have been charged for allegedly carrying out anti-government activities after receiving orders by a North Korean spy organization disguised as the Cultural Exchange Bureau. The prosecution believe they met with North Korean spies in South Asian countries since 2016, and even received operational money. A woman walks out after an arrest warrant review. She is to be tried for violating the National Security Act. The prosecution claimed that she was in charge of the western Gyeongnam region under the People’s Vanguard for Independent Unification, better known as the Changwon Spy Ring. The prosecution charged four people associated with the spy group — this woman, the spy ring boss, and the spies in charge of the eastern Gyeongnam and Seoul areas. They are accused of secretly contacting the spies from the North Korean spy organization disguised as the Cultural Exchange Bureau in Cambodia and other Southeast Asian countries since 2016.”

70. Erdoğan Considers Appointing Turkey’s Intelligence Chief in Possible New Cabinet

Medya News published this article on March 14th stating that “Hakan Fidan, the head of the Turkish Intelligence Agency (MİT), may be one of the surprising names in the Turkish government if the Turkish President Recep Tayyip Erdoğan declares another victory in 14 May elections. The news that Erdoğan is considering both Fidan and İbrahim Kalın, the presidential spokesman, as candidates for vice president in the new cabinet, was first reported last week by Hande Fırat, a journalist known for her close ties to the ruling Justice and Development Party (AKP). Since then, other outlets have confirmed rumours about Erdoğan’s plans for both Fidan and Kalın. Fidan, who is known to have political ambitions, wanted to run in June 2015 elections but later withdrew his application upon Erdoğan’s request. If the country’s intelligence chief wants to run in parliamentary elections on 14 May, he has until Friday evening to offer his resignation. However, Fidan can also stay in his post until the end of the elections and can be appointed to the cabinet by Erdoğan later, as Turkey’s presidential system does not necessitate cabinet members to be elected from lawmakers.”

71. Ukrainian SBU Exposed GRU Spy Ring Near Bakhmut

On March 16th Ukraine’s SBU announced that they “exposed an agent group of the Russian military intelligence, which “fluffed” the enemy positions of the Defence Forces near Bakhmut. The enemy agents included two residents of Kramatorsk. One of them is a nurse of the combat unit of Terodefense of the Armed Forces of Ukraine. At the instruction of the aggressor, they collected intelligence on the bases and movements of the Defence Forces in the Bakhmut direction. In the “zone of special attention” of the enemy were the routes of the probable movement of heavy armoured vehicles of the Ukrainian troops in the direction of the eastern front. Intelligence was needed by the occupiers to plan combat operations in the Bakhmut area. In addition, the attackers recorded the results of enemy attacks on Ukrainian infrastructure in order to correct repeated enemy strikes. SBU counter-intelligence officers detained both Russian agents during their intelligence mission. According to the investigation, they were in remote communication with a case officer of the Russian military intelligence. It was established that he recruited female agents through a representative of the intelligence unit of the 1st Army Corps of the Southern Military District of the Russian Federation, which includes the son of one of the female agents. In case of capture of the region, the aggressor “guaranteed” his accomplices “leading positions” in the local occupation administration. During searches of the perpetrators’ residences, mobile phones and a laptop were found, which they used to communicate with the Russian “handler”.”

72. United States: Pentagon Budget 2024: Chinese Balloon Incident Prompts Last-minute ISR Investment

On March 14th Janes reported that “the fallout from the detection and eventual shoot-down of a Chinese high-altitude intelligence, surveillance, and reconnaissance (ISR) balloon operating in US airspace prompted several last-minute changes in the US Department of Defense (DoD) budget proposal for fiscal year (FY) 2024. Roughly USD90 million has been requested to finance future initiatives to better prepare US armed forces to protect against similar threats, said US Navy Vice Admiral Sara Joyner during a DoD briefing on the Pentagon’s FY 2024 spending proposal, released on 13 March. “I will tell you today that our sensors are capable of seeing high-altitude balloons and capable of tracking them, but it is a matter [of] tuning and optimising those systems to try and get after all forms of intrusions into our airspace,” said Vice Adm Joyner, who serves as the director of Force Structure, Resources, and Assessment on the Joint Staff.”

73. United Kingdom: How Our Elite Troops Became Corporate Spies for Hire

On March 11th The Times released this story stating that “from their mobile phones in their 12th-floor office in London, the team of corporate spies drawn from the UK military was able to keep constant watch on their quarry more than 40 miles away in rural Sussex. They were monitoring the comings and goings at Hunters Farm, a 52-acre, £3.6 million estate with an 18th-century country house belonging to wealthy City of London solicitor Neil Gerrard. A spy “hide” was camouflaged with chicken wire and foliage using techniques employed by the British Army. A long cable led to a tree just inside the estate where a high-tech video camera, triggered by a motion sensor, had been secreted to beam back live pictures to London. The faces of guests and their vehicle details were recorded.”

74. Brazil to Probe Claims of Spy Agency Eavesdropping on Cell Phones

On March 15th Reuters posted that “Brazil’s new government will investigate whether the country’s intelligence agency ABIN illegally spied on Brazilians through their cell phones, Justice Minister Flavio Dino said on Wednesday. Dino has spoken to the director of the Federal Police and will make an announcement later on Wednesday, he told reporters in a briefing at Palacio do Planalto in Brasilia. O Globo newspaper reported on Monday that ABIN, which stands for Brazilian National Intelligence Agency, bought and used Israeli software that allowed it to track the movement of up to 10,000 people for 12 months through their cellphone numbers. ABIN used the equipment until May 2021, the agency said in a message to the media. Globo reported that the software was used without a court order.”

75. Report: Russia’s Cyber Tactics: Lessons Learned 2022

This week Ukraine’s State Service of Special Communications and Information Protection released this cyber threat intelligence report. The report is split into the following chapters: 1) What, 2) How, 3) Why, 4) Who, and 5) Recommendations.

76. United Kingdom: When MI6 Betrayed Ukraine’s Resistance to Russia

On March 16th Declassified UK released this story stating that “the CIA and British intelligence supported anti-communist guerrillas in Ukraine during the Cold War. All the while, a traitor at the heart of MI6 was sabotaging their secret operations. MI6 worked in the late 1940s with Stepan Bandera, a former Nazi collaborator whose forces murdered thousands of Jews. This January, Ukraine’s parliament commemorated Bandera’s birthday. On February 24th, the head of Britain’s foreign intelligence service MI6 tweeted: “One year ago today, Russia illegally invaded Ukraine. But the Kremlin fatally underestimated both the courage and determination of the Ukrainian people, and the unity of their allies in the face of Russian aggression. MI6 stands proudly with Ukraine”. This is compelling rhetoric. But MI6 has been less keen to publicise its murky history of support for Ukraine’s resistance against Russia. During the Cold War, when Ukraine was part of the Soviet Union, MI6 covertly backed anti-communist rebels, with disastrous results. A traitor at the heart of MI6 was betraying the guerrilla movement, feeding back their positions to Stalin, who ruthlessly rounded them up. The Kremlin viewed the rebels, not without foundation, as far-right militants who had supported the Nazis during World War Two. The little-known episode centres on Britain’s most infamous double agent, Kim Philby, a member of the Cambridge spy ring — students who were recruited at the elite university by the KGB. Philby became a high-ranking MI6 officer with access to Ukrainian resistance plans, which he leaked to his Russian handlers.”

77. Turkey: 4 Suspects of Terrorist Organisation Arrested in Izmir

On March 16th Medya Ege reported that “4 suspects, for whom an arrest warrant was issued for allegedly being members of a terrorist organisation, were caught in an operation carried out by the Provincial Gendarmerie Command teams under the coordination of the National Intelligence Organisation (MIT). Efforts were made to apprehend terrorist organisation members under the coordination of İzmir Provincial Gendarmerie Command Anti-Terrorism (TEM) Branch Directorate, Intelligence Branch Directorate and National Intelligence Organisation (MIT) Regional Presidency. Within the framework of the investigation, the member of the organisation named B.Y., who had an arrest warrant for making propaganda for the PKK/KCK/YPG/PYD armed terrorist organisation, on 13 December, the member of the organisation named S.A., who had an arrest warrant for the crime of being a member of the FETÖ/PDY armed terrorist organisation, on 14 December, the S.Y.. A member of the organisation named E.A. was caught on 13 December and detained on 13 December. While the detained suspects B.Y., S.A., and S.Y. were arrested by the court to which they were referred, E.A. was released pending trial.”

78. Ukrainian SBU Detains Former SBU Intelligence Officer

On March 15th Ukraine’s SBU announced that they “detained a former employee of the Service who called on Ukrainian defenders to desert. Internal security officers of the SBU detained a former employee of one of the structural units of the special service, who carried out subversive activities in favour of the aggressor country. On the eve of a full-scale invasion, he resigned from the service and left for one of the countries of the European Union. From there, he called former colleagues and urged them to desert from Kyiv, promising that “everything will be fine” with them. And in case of refusal, he threatened to “leak” their personal data to representatives of the Russian intelligence services. In addition, the intruder tried to convey to the enemy information about the progress of mobilisation measures and the locations of individual units of the Defence Forces. To do this, he tried to ask the SBU employees for this information. In March 2023, he crossed the state border of Ukraine, where he was immediately detained.”

79. India: FIR Filed Against Manish Sisodia in Espionage Case

Rozana Spokesman reported on March 16th that “former Deputy Chief Minister of Delhi, Manish Sisodia, lodged in Tihar Jail in the case of liquor scam, has got into a new trouble. On March 14, the CBI had registered an FIR under the Prevention of Corruption Act against seven people, including Manish Sisodia in the spy case related to the alleged ‘Feedback Unit’ (FBU) of the Aam Aadmi Party (AAP). Delhi Chief Minister Arvind Kejriwal’s adviser Gopal Mohan is also named in the FIR. FIR includes the name of…. Manish Sisodia, former Deputy CM. Sukesh Kumar Jain (IRS 1992), then Vigilance Secretary, New Delhi. Rakesh Kumar Sinha (Retd, DIG, CISF), Special Adviser to Chief Minister and Joint Director, Feedback Unit, Delhi. Pradeep Kumar (Retd. Joint Deputy Director, IB), Deputy Director, Delhi Feedback Unit. Satish Kshetrapal (Retd Assistant Commandant, CISF), working as Feedback Officer, Delhi Govt. Gopal Mohan, Chief Minister Arvind Kejriwal’s anti-corruption advisor. Taking to Twitter, Delhi CM Arvind Kejriwal wrote, “PM’s plan is to slap several false cases against Manish and keep him in custody for a long period. Sad for the country!”.”

80. United States: Former CIA Officer and Bestselling Author Robert Baer Lobbies for Arms Shipments to Ukraine

Intelligence Online reported on March 15th that “breaking news published on 15/03/23, 16h30 -The ex-CIA operative Bob Baer has taken on an unpaid mission for Kyiv to convince the US Congress to speed up arms shipments to Ukraine. The first-time lobbyist, whose client is the Ukrainian military intelligence agency, will also be communicating with the Pentagon but not with his former employer, with whom ties remain frayed.”

81. Taiwan Charges ex-MP and Former Admiral with Spying for China

BBC reported on March 18th that “Taiwan has charged two former state officials with violating the national security law by organising meetings between former senior military officers and Chinese intelligence personnel. Those encounters allegedly allowed the Chinese to “contact and even recruit” ex-military officers to their network. Prosecutors say the pair arranged 13 free trips to mainland China for 48 former officers from 2013 to 2018. The men earlier denied they were recruiting spies for China. The meetings also promoted China’s unification with Taiwan, prosecutors say. Retired rear admiral Hsia Fu-hsiang and ex-MP Lo Chih-ming face up to five years in jail if convicted. China considers self-ruled Taiwan as a breakaway province and has vowed to place it under its control, by force if necessary. Taiwan’s strongest ally, the US, warned in October that China is pursuing unification at a much faster timeline. At around the same time, China’s leader Xi Jinping embarked on a historic third term as head of both the Communist Party and the military. Beijing and Taipei have spied on each other since the end of a civil war in 1949 that saw the Communist Party take control of the mainland while nationalists settled on Taiwan island. Prosecutors say Mr Hsia and Mr Lo have been involved with Chinese organisations that advocate for unification since 2013. The two men have been detained since January. But there is no evidence showing the retired officers who joined these trips collected confidential information for China, so they are listed as witnesses, prosecutors say.”

82. Nine Amazing CIA Spy Techniques

On March 15th The Mystery Reporter published this Medium post describing very briefly the following: 1) The “Dead Drop” Method, 2) The Honeypot Method, 3) The Cut-Out Strategy, 4) The Sleeping Beauty Method, 5) Brush Pass Method, 6) Burn Bag Method, 7) Graffiti Method of Communication, 8) Pinhole Camera, and 9) The Drop Box Method.

83. Podcast: State Secrets: Which Cards Could Beijing Play on Ukraine, North Korea and Taiwan?

On March 15th The Cipher Brief’s State Secrets released a new podcast episode. As per its description, “Ambassador Joe DeTrani has spent much of his career centered on China. He is not only a former Special Envoy for Six Party Talks with North Korea, he is also a former director of East Asia Operations at the CIA. In this episode, Cipher Brief COO Brad Christian sits down with Ambassador DeTrani to discuss senior leadership changes in Beijing and a potential phone call between Xi and US President Joe Biden.”

84. Russian FSB Detained SBU Agent in Stavropol

On March 14th Mediazone reported that “the FSB department for the Stavropol Territory reported on the detention of a local resident suspected of collaborating with Ukrainian intelligence. It is reported by RIA Novosti. According to the security forces, a man living in the Shpakovsky municipal district, on the instructions of the SBU officers, collected information about military units and railway stations in the Stavropol Territory. A criminal case was opened against him for treason (Article 275 of the Criminal Code). The measure of restraint chosen for the Stavropol citizen is not reported.”

85. The Brush Pass: There are Four Burning Intelligence Questions about Ukraine in the Year Since Russia Launched its Bitter War

This article was published by Zach Dorfman on March 13th. As per the article, “the war in Ukraine has given rise to many, often overlapping — and intensely opaque–intelligence issues. Questions about Russia’s intentions in Ukraine dominated the intelligence space in the run-up to Moscow’s February 2022 full-scale invasion, with the Biden administration selectively declassifying information about Russia’s plans in order to rally its allies, and international publics, against Moscow. It was a bold transmogrification of secret intelligence into public diplomacy. Since then, Ukraine-related intelligence battles have mostly returned to their natural, subterranean place in the conflict. But they still occasionally, if partially, burst into view. Here’s four big outstanding Ukraine-related intelligence questions. This isn’t an exhaustive list–there are other important ones–but all of these, for me at least, have been front of mind.” The four questions of the article are: 1) Just how bad was the damage from Russia’s mole within German intelligence? 2) How intact, or degraded, are Russia’s human spying networks in Ukraine? 3) How extensive, and active, are Ukraine’s own intelligence networks within Russian-occupied areas of the country, particularly in the south? And 4) Finally, what’s the state of tactical and strategic intelligence-sharing between the U.S. and Ukraine, particularly regarding the upcoming counteroffensive?

86. Swedish SÄPO: Person Prosecuted in Lund on Suspicion of Misuse of Classified Information

On March 17th the Swedish Security Service (SÄPO) announced that “a person is prosecuted at the Lund district court on suspicion of gross unauthorised position with secret information. The person is suspected of having taken a position with information about 41 defense facilities. In the past, several other people have been prosecuted and sentenced for the same type of crime. The security police have conducted the preliminary investigations under the direction of prosecutors at the National Security Unit.”

87. SIGINT Historian: Gwen’s Road to Bletchley Park

On March 16th the former GCHQ Departmental Historian Tony Comer published this blog post. As per its introduction, “in December 2022 we said farewell to a 98 year old former colleague, Gwen Tovey who in 1942, while still Gwen Herbert, had begun a career in signals intelligence which lasted until she retired. Seven or eight years before she retired, she dictated her memories of her time at Bletchley and of the move of GCHQ to Cheltenham into a cassette recorder and these were transcribed by a friend. This transcription was spread across a number of separate pieces which were shared with retired and current members of GCHQ. At her funeral I asked members of her family and the friend who had transcribed them whether I could publish them here, and as everybody agreed, here is the first instalment.”

88. United States: U-2 Dragon Lady Spy Planes Are Facing the Axe Again

The Warzone published this article on March 15th stating that “the U.S. Air Force is again looking to retire its fleet of iconic U-2S Dragon Lady spy planes by 2026, according to a new report. The service is also reportedly sticking to its previously announced plan to get rid of its remaining RQ-4 Global Hawk drones, the fate of which has often been intertwined with that of the U-2s, within four years. The planned divestment of the U-2s adds to other evidence in recent years that a top-secret, high-flying, stealth spy drone commonly referred to as the RQ-180, or variants or derivatives thereof, are close to becoming operational, if they aren’t to some degree already. Aviation Week first reported earlier today that the Air Force’s U-2 fleet is again on the chopping block based on official information the outlet said it obtained. This follows the rollout of the Air Force’s latest budget proposal, which includes plans to cut 310 aircraft, but no Dragon Ladies, in the 2024 Fiscal Year. A single Global Hawk does stand to be divested in the upcoming fiscal cycle. As it stands now, the Air Force has around 27 U-2s, including a small number of two-seat TU-2S trainers, and some 10 RQ-4 Global Hawks, all Block 40 types, in service.”

89. Podcast: Intelligence Matters: The U.S. Invasion of Iraq: A Look at Intelligence, 20 Years Later

CBS News’ Intelligence Matters released this new podcast episode on March 15th. As per its description, “in this special episode of Intelligence Matters, host Michael Morell speaks with five former senior CIA officers about the agency’s work before, during and after the U.S. invasion of Iraq in 2003. With personal recollections and reflections, Morell offers a candid walkthrough of what the CIA and other intelligence agencies assessed about Saddam Hussein’s intentions and weapons programs in the lead-up to the invasion, how intelligence was used within the U.S. government throughout this period, and how the consequences of the CIA’s missteps — as well as its successes — continue to reverberate today.”

90. Russian FSB Stopped Activist Involved in High Treason in Khabarovsk

On March 13th Russia’s FSB announced that they “stopped the illegal activities of an activist of the YAMYFURGAL movement, a resident of Khabarovsk, who was involved in committing high treason in the form of providing financial assistance to the Armed Forces of Ukraine in activities directed against the security of the Russian Federation. During the operational-search activities, it was established that the suspect, acting on the motives of political hatred and enmity, made transfers of personal funds for the acquisition of weapons, ammunition and uniforms by the Armed Forces of Ukraine. On this fact, the Investigation Department of the FSB of Russia initiated a criminal case under article 275 of the Criminal Code of Russia (“high treason”). Currently, investigative actions are being carried out aimed at consolidating evidence in the named criminal case.”

91. Armenia: NSS Archive Case No. 837: Charents’s Case

On March 16th the Armenian National Security Service (NSS) released a new video presenting for the first time some unique parts of its archive, such as a case of the Armenian poet Yeghishe Charents.”

92. Iran: Kurdish Prisoners Accused of ‘Espionage for Israel’ Go on Hunger Strike

The Kurdistan Human Rights Network reported on March 15th that “Kurdish prisoners Aram Omari, Rahman Parhazou, Amir Moshtagh Gangachin, Fakhroddin Doudkanlou Milan, and Ashkan Osmannezhad went on a hunger strike in Orumiyeh, north-western Iran, protesting against their “unfair” sentences. After they announced the hunger strike, the prisoners were transferred to solitary confinement on the orders of prison authorities. In February, the Islamic Revolutionary Court of Orumiyeh sentenced Omari and Parhazou to death, and Gangachin, Doudkanlou Milan and Osmannezhad to 10 years in prison. The court charged these prisoners with “participation in intelligence cooperation and espionage for Israel”. Security forces arrested the Kurdish prisoners in Orumiyeh between the fall of 2021 and early 2022 and transferred them to a security detention centre in the city. Forced to “confess” under severe physical and mental torture, they denied all allegations of the security agencies during their trial, adding that they were “tortured” during their interrogation.”

93. China’s Spy Agencies Collect Intelligence with TikTok

SOFREP released this article on March 18th saying that “spy agencies in every major country use social media for open-source intelligence gathering and manipulation. This is a fact. Apple is one of the only big tech companies that has tried to protect American consumer privacy, but it’s also not widely known that Steve Jobs was once a card-carrying CIA badge member. Google? Quite a different story. Google (GOOG) has been a partner with the CIA since 2004, when the company bought Keyhole, a mapping technology business that eventually became Google Earth. In 2010, Google and In-Q-Tel made a joint investment in a company called Recorded Future, which has the Minority Report-style goal of creating a “temporal analytics engine” that scours the web and creates curves that predict where events may head.” It concludes that “America, the EU, and the UK all know that China’s intelligence community certainly has a direct line with the Chinese-owned social media platform and are using it to collect intelligence. Imagine the data they can collect on American, EU, and UK people (especially children’s behavioral patterns) around the World…and imagine the content they can push to manipulate, especially young kids. This is why Western governments are right to be nervous about TikTok and are banning it on government devices, the UK being the most recent. I predict that TikTok will be banned or boycotted in America soon for the same concerns, and this is why if you’re an influencer on TikTok, you should be very concerned. That advertising revenue for clicks could dry up like the Salton Sea in the California desert. Until then, we will monitor the situation and report back to you accordingly.”

94. Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

Security Week reported on March 16th that “Russia has been ramping up its cyberespionage operations in 2023, according to a new intelligence report from Microsoft that analyzes Russia’s hybrid warfare in Ukraine. Russia has launched many disruptive cyberattacks against Ukraine, including DDoS attacks and wiper attacks, and it has stepped up its misinformation campaigns. Since the start of the conflict, Moscow-backed hackers have deployed at least two ransomware and nine wiper families against over 100 organizations. However, Ukraine is not the only country targeted by Russian state-sponsored cyber actors since the start of the war, particularly when it comes to cyberespionage operations. A report published on Wednesday by Microsoft’s threat intelligence unit shows that at least 17 European countries have been targeted in espionage campaigns in the first couple of months of 2023, and 74 countries have been targeted since the start of the war. Of these 74 countries — the list does not include Ukraine — Microsoft saw the highest percentage of attacks against the United States (21%), followed by Poland (10%) and the UK (9%). “EU and NATO member states, especially on the eastern flank, dominate the top 10 most targeted countries by number of threat events recorded. However, Russian threat actors conducted activities that ranged from reconnaissance to data exfiltration in organizations across the globe, in Africa, Asia, Latin America, and the Middle East,” Microsoft explained. Unsurprisingly, the government sector was the most targeted, followed by IT/communications, and think tank/NGO.”

95. United States: From Georgetown to Langley: The Controversial Connection Between a Prestigious University and the CIA

Mint Press News released this story on March 15th saying that “if you have ever wondered, “where do America’s spies come from?” the answer is quite possibly the Walsh School of Foreign Service (SFS) at Georgetown University. It is only a modestly-seized institution, yet the school provides the backbone for the Central Intelligence Agency, Department of Defense, State Department, and other organs of the national security state. From overthrowing foreign governments and conducting worldwide psychological operations to overseeing drug and gun smuggling and a global torture network, the CIA is perhaps the world’s most controversial and dangerous organization. All of which begs the question, should an educational institution have any formal relationship with it, let alone such a storied school as Georgetown? Yet, with more than two dozen ex-CIA officials among its teaching staff, the school tailors its courses towards producing the next generation of analysts, assassins, coup-plotters and economic hitmen, fast-tracking graduates into the upper echelons of the national security state. The CIA has also quietly funded the SFS, as journalist Will Sommer revealed. The agency, based in Langley, VA, secretly donated hundreds of thousands of dollars to fund the department’s work, despite Georgetown insisting on its website that this money came from anonymous donations from individuals.”

96. Canada: National Security and Intelligence Review Agency New Publications

On March 14th the Canadian NSIRA’s released the Review of CRA’s Review and Analysis Division (RAD), and on March 17th NSIRA released the Review Considerations Matrix.

97. Israel’s Former Spy Chief Warns that Country Could Turn Into a ‘Dictatorship’

The Middle East Eye reported on March 17th that “​​Israel’s former spymaster has likened the government’s overhaul of the judicial system to “a car hurtling towards the abyss” in an interview with a local TV channel. Nadav Argaman, former director of the Shin Bet, Israel’s internal security service, hit out at the reforms on Thursday evening. Argaman warned that the checks and balances holding the Israeli government accountable in parliament had broken down, and Prime Minister Benjamin Netanyahu was hijacking the process. “This is a world turned upside down, a crazy world. The anarchist has become the ruler,” said Argaman. “Only one person can stop this madness. That’s the prime minister,” the former spy chief said. “He is the one who pushed for this whole move, which was meticulously planned in advance, and he’s the one who can stop it. Everything is entirely in his hands.” Israel is currently experiencing a political crisis that has pitted Netanyahu’s far-right government against the country’s civil society, academic and business elite, as well as former government ministers and military figures. The prime minister is currently on trial for corruption, and the reforms could enable him to evade conviction or see his case dismissed. Since being indicted in 2019, Netanyahu has railed publicly against the justice system, saying it is biased against him. Argaman warned that Israel could be on the brink of a constitutional crisis and insisted that Ronen Bar, the current head of the Shin Bet, “must listen only and exclusively to the law”. “The head of the Shin Bet is subordinate to the prime minister, but above all, he is subordinate to the law,” he said.”

98. New Cyber Espionage Operation Attributed to India

On March 17th cyber security researcher Kimberly discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as DONOT, previously associated with the government of India. The operation involved a lure document titled “State of Comn Eqpt.xls” which, if opened, was covertly installing a cyber espionage software implant.

99. Ukrainian SBU Detained Russian Informant in Odessa

On March 16th Ukraine’s SBU announced that they “detained an enemy informer who was correcting missile strikes on the city. Cyber ​​specialists of the Security Service exposed another accomplice of the Rashists in the Odesa region. The attacker covertly collected information about the location of the units of the Defence Forces and strategically important objects of the transport infrastructure in the region. In addition, the enemy informer recorded the “results” of Russian air attacks and sent them to the enemy for further adjustment of repeated strikes on Odessa. He passed the information he received to individual racist “military correspondents”, who, in turn, informed the representatives of the special services of the aggressor state about the information he had collected. For communication, they used an anonymous chat in the banned Vkontakte social network. In order to gather intelligence, the attacker traveled around the region and photographed Ukrainian sites. SBU officers detained an enemy accomplice trying to spread classified information. According to the investigation, the suspect is a local resident who supports the armed aggression of the Russian Federation and justifies the war crimes of the Russians. During the search of the suspect’s place of residence, a computer with evidence of his criminal activity was found.”

100. Russian FSB Declassifies Documents on the Participation of Lithuanian Assistants of Nazi’s Germany in the Mass Murder of Civilians in the Occupied Territory of the USSR

On March 15th Russia’s FSB issued this announcement, and here are the declassified documents from the FSB’s archive. As per the description, “after the German attack on the USSR in the occupied territory, the Nazis attracted Baltic nationalists from among the local residents to carry out the “dirty work”. They carried out punitive actions against the civilian population, Soviet prisoners of war and the liquidation of Jewish citizens.”

101. Webinar: Virtual Parlor Chat: Espionage and Enslavement with Claire Bellerjeau

On March 18th Morris-Jumel Mansion published the recording of this presentation. As per its description, “historian and author Claire Bellerjeau discusses the incredible life of an enslaved Black woman from New York named Elizabeth, or Liss. Liss was enslaved by the Townsend family of Oyster Bay, Long Island, whose son, Robert Townsend (aka “Culper, Jr.”), was George Washington’s lead spy in Manhattan during the Revolutionary War. As the Culper Spy Ring used secret codes and invisible ink to smuggle vital information to Washington, evidence suggests Liss may also have engaged in intelligence gathering for the Patriot cause. Liss’ complex struggle for freedom sheds new light on the lives of thousands of other forgotten African Americans during the founding era. Bellerjeau’s ongoing research began 18 years ago, as she scoured archives from Long Island and New York City to South Carolina, Michigan, Canada, and Connecticut. Newly digitized newspapers from the 18th and early 19th centuries provided a trail of breadcrumbs that helped to illuminate the lives of many of those connected to the narrative. As her research progressed, Liss’ incredible life, once hidden from view, came into sharper focus. Bellerjeau’s work and the book she co-authored, Espionage and Enslavement in the Revolution: The True Story of Robert Townsend & Elizabeth, tie into Morris-Jumel Mansion’s mission of sharing stories previously excluded from historical narratives.”

102. Accused of Espionage in Albania, BIRN’s Investigation Shocks: The Elbasan Prosecutor’s Office Becomes a Party and Defends Russia’s Demands for the Extradition of Svetlana Timofeeva

Following 2022 week 33 story #71, 2022 week 34 stories #16 and #88, as well as 2023 week 8 story #1 and 2023 week 9 story #86, on March 18th SOT reported that “despite the fact that there is a case under investigation against her in Albania, the prosecutor’s office of Elbasan asks the court to proceed with the extradition of blogger Svetlana Timofeeva to Russia. In written submissions filed with the court by prosecutor Mustafa Turku, which were read at the March 17 hearing, the prosecution defends Russia’s request to extradite Timofeeva, whom Moscow accuses of “illegal acquisition of state secret information.” “In this particular case, the request for the extradition to Russia of the citizen Timofeeva is in compliance with the formal and substantial aspects and with the criteria and rules defined in the international agreements”, it is stated in the request of the prosecution, which BIRN has.Just like the Ministry of Justice, the prosecution bases the request on the guarantees received from the Russian counterparts. “The General Prosecutor’s Office of the Russian Federation guarantees that the extradition request is not intended to persecute the person for political reasons, because of race, religion, nationality or political views,” the extradition request states. It also claims that Timofeeva will be given opportunities for protection and that she will not be subjected to torture. The prosecution says that it also received guarantees that the Albanian embassy in Russia would be able to visit Timofeeva in case of extradition and that the issues that arose could be discussed in video conferences. In the request, it is not pointed out how the extradition to Russia would affect or not the case under investigation in Albania, for which the prosecutor’s office of Elbasan has been holding Timofeeva and two other people in a cell for 8 months. “From our side, it is estimated that our request for the extradition of the citizen Timofeeva SV should be considered by the court, as the request is in accordance with the European Convention on Extradition”, says the prosecution. Timofeeva’s defenders Isuf Shehu and Fatmir Lushi and the 33-year-old herself, who is also facing similar charges in Albania for which she is still under investigation, opposed the extradition. In submissions, Shehu says that the prosecution cannot be satisfied with guarantees from Russia, but must collect evidence that “this guarantee is implemented”. Presenting a list of reports from international organizations and positions of the European Court of Human Rights, Shehu says in defense that the guarantees given “are not respected” by Russia.”

103. Man Who Plotted to Kill Ukraine’s Defence Minister, Spy Chief at Russia’s Behest Sentenced to 12 Years

On March 16th Euromaidan Press reported that “a Ukrainian citizen who served in Russia’s proxy “Luhansk People’s Republic” and planned to kill Ukrainian citizens on the orders of Russian special services has been sentenced to 12 years in prison. On March 14, the Pechersk District Court of Kyiv announced the verdict for the defendant charged with state treason, preparing assassinations, participating in illegal armed groups, and a terrorist organization. During the trial, the prosecutor proved that in 2014, the resident of Luhansk Oblast supported Russia’s armed aggression against Ukraine and personally took part in combat operations on the side of the occupiers in the ranks of the so-called “Luhansk People’s Militia.” After the full-scale invasion of Russian troops into Ukraine in February 2022, the accused was recruited by representatives of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation. He was tasked with organizing the targeted assassination of the leader of one of the Ukrainian military units, which Ukrainian law enforcement officers prevented. This assassination was aimed to test its effectiveness before executing similar orders against other political and public figures in Ukraine, including the Minister of Defense of Ukraine Oleksiy Reznikov, the head of the Main Intelligence Directorate of the Ministry of Defense of Ukraine Kyrylo Budanov, and other prominent persons. Russian handlers promised a reward of at least $100,000 for each of these killings. After a multi-stage special operation, the defendant was detained in the Volyn region in August 2022. During the trial, the man fully confessed to his guilt. The pre-trial investigation was carried out by the Pechersk Directorate of the National Police of Kyiv with the operational support of the Counterintelligence Department of the Security Service of Ukraine in Kyiv and the Kyiv Oblast.”

104.How Russia’s FSB is Fighting Against Ukraine: Murders, Terrorist Attacks, Moles and Cyberattacks

The Ukrainian Pravda published this article on March 13th saying that ““Yakuza” is the word that Russian personnel in the occupied city of Berdiansk use for representatives of the FSB, adding, “We are the force, and they are the brain”. Recruiting agents, murders, terrorist attacks, cyberattacks, putting proxies in senior positions within the occupying authorities, suppressing pro-Ukrainian sentiment — this is the work of Russia’s Federal Security Service (the FSB) in Ukraine. Or, to be more precise, the work of several “Ukrainian” units, as the secret servicemen refer to them among themselves. They infiltrated our country’s most secure state structures, with agents among law enforcement officers, priests, members of parliament, and ordinary citizens ready to betray Ukraine’s interests. This story describes the role that Russia’s most covert security structure has played in the war against our country.”

105. From Pigeon-mounted Cameras to Dragonfly Drones, Here’s How Aerial Surveillance Has Evolved to Spy on People Over the Past 200 Years

On March 12th Business Insider reported that “last month, the US government shot down a Chinese spy balloon floating near a South Carolina beach. The Pentagon said it was there gathering intelligence. China said it was doing civilian research. Regardless, it was nothing new. Governments have been spying on each other for hundreds of years. They’ve used all sorts of techniques, from the German army using pigeon-carrying cameras to the US releasing hundreds of balloons in the hope they would float across the entirety of Russia and get to Japan. Here’s how surveillance from the sky has developed over the years.”

106. Bulgaria: Who Was the “Umbrella Killer”?

On March 16th DW published this article stating that “Francesco Gullino alias “Agent Piccadilly” was probably the murderer of the dissident Georgi Markov. A new film now shows: Nobody really knew Gullino. He even fooled the Bulgarian secret service.”

107. A Mossad Agent’s Treasure Trove of Photos

On March 13th the New York Times published this story saying that “Sylvia Rafael worked undercover as a news agency photographer. Her pictures for the Israeli spy agency sat in its archives for decades before being released for a show.”