Open in app

Sign in

Write

Sign in

SPY NEWS: 2023 — Week 15

Summary of the espionage-related news stories for the Week 15 (April 9–15) of 2023.

The Spy Collection
65 min readApr 16, 2023

1. Head of Morocco’s Intelligence Services Receives CIA Chief

The Middle East Online reported that “Morocco’s Director General of Territory Surveillance (DGST) Abdellatif Hammouchi, received Friday at his office in Rabat, the Director of the US Central Intelligence Agency (CIA), William Burns. This meeting, which is part of the bilateral meetings between the two parties, was an opportunity to follow up on the implementation of the outcomes of the working visit made by Hammouchi to the United States on June 13 and 14, 2022, during which he met with the Director of US national intelligence Avril Haines, William Burns and the Director of the US Federal Bureau of Investigation (FBI) Christopher Wray, said a statement by the DGST. During this meeting, bilateral talks focused on the assessment of the security situation and risks associated with it at the regional level, and the review of threats and security challenges arising from the tense situation in some parts of the world, in addition to monitoring and anticipating threats from terrorist organizations, especially in the Sahel-Saharan region, said the same source. This visit, which attests to the strength and depth of the strategic cooperation and coordination in the fields of security and intelligence between the DGST and the CIA, confirms yet again the common will of both parties to strengthen this cooperation even further, and consolidate bilateral coordination in the fight against terrorism and various threats to security at the regional and international levels, concluded the statement.”

2. Revealed: The Terrorist Hired by the CIA to Catch Carlos the Jackal

The Guardian published this article on April 9th saying that “it is the stuff of an airport thriller: a story of a man radicalised in his teens, who goes on to spend two decades as a bomb-maker, arms dealer, prisoner, clandestine organiser and terrorist facilitator before disappearing on a dark night from a ship in the middle of the Mediterranean in a final unresolved mystery. Now the story of Bruno Bréguet, one the most enigmatic figures of the shadowy battle between western security services and international violent extremists during the so-called “golden age of terrorism” in the 1970s and 1980s, has been given a new twist. A new book has revealed that in his later years Bréguet served not only the infamous Illich Ramírez Sánchez, better known as Carlos the Jackal, but the US government too. Bréguet’s spying for the CIA earned him tens of thousands of dollars, and contributed to the capture of his erstwhile boss by French secret services in 1994. “Bréguet was there at all the important moments. His story tells us a huge amount about the violence and extremism of the time, but also really helps [us] understand the process of radicalisation both then and today,” said Adrian Hänni, a respected Swiss historian and expert on political violence who spent years sifting newly declassified archives and interviewing key witnesses to tell Bréguet’s story in a new book. The news that the CIA was prepared to hire as an agent a man like Bréguet, who had been twice convicted by Israel and France for his terrorist activities and is believed to have bombed a pro-democracy radio station in Munich funded by the US government, underlines the moral and ethical questions facing intelligence services when it comes to recruiting such individuals. Tim Weiner, a US-based journalist and prizewinning author of a history of the CIA, said the agency rarely showed many scruples.”

3. Video: Spycamerasaurus: The Meopta ‘Oko’- Made For The Czech Secret Service, The StB

On April 9th Spycamerasaurus published a new video. As per its description, “developed in the 1970s by Meopta of Prerov in Czechoslovakia. The Oko was used by the Czech state security organisation, the StB, for covert photography. ‘Oko’ is Czech for ‘eye’. As with other Meopta products for the StB, its designation number was preceded by the prefix ‘TI’. The 16mm unperforated film produced negatives in the format 14 x 21 mm and the motor drive was completely silent. The camera was designed to be used with a number of different lens mounts. This one accepts Berning Robot screw mount lenses and is designated as such on the casing, but other Oko cameras are known to exist that use the Carl Zeiss SO 3.5 pinhole lens for example. The camera was intended to be installed in a concealment and lined up with a removable viewfinder in place. Once the camera was in place with settings correct and the lens focussed, the viewfinder was removed from the body of the camera and replaced by the film cartridge. The casing of the camera could then be sealed and photography undertaken. This camera comes complete with remote release, boxed film cartridge and viewfinder. StB paperwork from 1977 documents this type of camera as being installed in a television set, viewing out through the loudspeaker grille, while being controlled remotely. In addition to being used by the StB, the camera is known to have been used by the East German Stasi, and it seems likely that it would have been used at some point by the KGB and possibly other Eastern Bloc security services. Very few of these cameras are known to exist.”

4. Podcast: True Spies: COINTELPRO, Part 1/2: The Black Panther Plot

On April 11th SpyScape’s True Spies released this new podcast episode. As per its description, “it’s 1969, and the Illinois Chapter of the Black Panther Party is led by 21-year-old Fred Hampton. Hampton is beloved by his supporters, and hated beyond measure by J Edgar Hoover, the head of the FBI. Hoover is determined to stamp out this potential ‘Black Messiah’ — and he’ll stop at nothing to do so. Join Sophia Di Martino and Civil Rights lawyer Jeffrey Haas for the first instalment in a 2-part exploration of a shameful chapter in FBI history — COINTELPRO.”

5. Ukrainian SBU Detained Russian Agent in South Ukraine

Ukraine’s Security Service (SBU) reported on April 10th that they “detained an enemy informant who was gathering intelligence about the defence of the Southern Ukrainian NPP. The intruder collected intelligence on the locations and numbers of units of the Defence Forces guarding the South Ukrainian Nuclear Power Plant. The occupiers needed classified information to prepare targeted missile strikes on Ukrainian energy facilities. For completing tasks, the informant received money from his Russian “handlers”. It is documented that the person involved received an “advance” of UAH 2,000 on his own bank card from the aggressor. The SBU officers detained the intruder while photographing one of the critical infrastructure facilities. A mobile phone with evidence of criminal activity was seized from the detainee. According to the investigation, the accomplice of the aggressor turned out to be a resident of Yuzhnoukrainsk, whom the Russian intelligence service remotely engaged in secret cooperation in February this year. He came into the field of view of the enemy because of his pro-Kremlin posts in one of the Russian Telegram channels.”

6. Inside the International Sting Operation to Catch North Korean Crypto Hackers

CNN reported on April 9th that “a team of South Korean spies and American private investigators quietly gathered at the South Korean intelligence service in January, just days after North Korea fired three ballistic missiles into the sea. For months, they’d been tracking $100 million stolen from a California cryptocurrency firm named Harmony, waiting for North Korean hackers to move the stolen crypto into accounts that could eventually be converted to dollars or Chinese yuan, hard currency that could fund the country’s illegal missile program. When the moment came, the spies and sleuths — working out of a government office in a city, Pangyo, known as South Korea’s Silicon Valley — would have only a few minutes to help seize the money before it could be laundered to safety through a series of accounts and rendered untouchable. Finally, in late January, the hackers moved a fraction of their loot to a cryptocurrency account pegged to the dollar, temporarily relinquishing control of it. The spies and investigators pounced, flagging the transaction to US law enforcement officials standing by to freeze the money. The team in Pangyo helped seize a little more than $1 million that day. Though analysts tell CNN that most of the stolen $100 million remains out of reach in cryptocurrency and other assets controlled by North Korea, it was the type of seizure that the US and its allies will need to prevent big paydays for Pyongyang. The sting operation, described to CNN by private investigators at Chainalysis, a New York-based blockchain-tracking firm, and confirmed by the South Korean National Intelligence Service, offers a rare window into the murky world of cryptocurrency espionage — and the burgeoning effort to shut down what has become a multibillion-dollar business for North Korea’s authoritarian regime.”

7. Spy Collection: Leaked document review: Ukraine Freeze of Favourable to Vehicle Manoeuvre Projections

On April 10th we published this new video. As per its description, “in the last few days several documents allegedly originating from the United States IC (intelligence community) have been leaked on various social media platforms. We cannot verify the authenticity or intention behind that. In this video we do an overview of one of those documents, the “Ukraine | Freeze Favorable To Vehicle Maneuver ( ~16 INCHES) Projections” with the goal of using it as an educational tool for intelligence analysis & production practices as well as for historical purposes.”

8. Several News Published for the Allegedly US Government Leaked Documents

Following last week’s stories #65, #71, and #72 throughout this week several new stories have been published. For instance, Reuters reported that “US scrambles to trace source of highly classified intel leak” on April 10th, The Guardian that “documents seemingly leaked from Pentagon draw denials from US allies” on April 9th, The Times of Israel reported on April 9th that “Mossad on US reports that spy agency heads stirred anti-overhaul protests: ‘Completely false, absurd’”, on April 10th The Straits Times reported that “hunt on for source of highly classified intel leak: Suspect could be American, say officials”, Bellingcat published this article titled “From Discord to 4chan: The Improbable Journey of a US Intelligence Leak”, DeclassifiedUK reported on April 11th that “U.S. Intel Leak Reveals 50 Elite British Troops in Ukraine”, on April 12th the Washington Post reported that “Leaker of U.S. secret documents worked on military base, friend says”, on April 14th The Brush Pass published “The Surreal Leaks of Jack Teixeira”, and more.

9. Interview: AFIO: Nigel West, Historian and Former MP, on Hitler’s Nest of Vipers: The Rise of The Abwehr

The United States Association of Former Intelligence Officers (AFIO) published this video recording on April 9th. As per its description, “ Nigel West and Jim Hughes discuss Nigel’s recent book, “Hitler’s Nest of Vipers: The Rise of The Abwehr.” Topics include: German Intelligence Service and military districts; wehrmacht; Sicherheitsdienst; Abwehr defectors; Maj Richard Wurmann; MI5 post-war analysis of interrogated prisoners; Penetration of French Resistance; compromise of Allied Networks; Soviet System compromises; Rote Kapelle (Red Orchestra) started by Abwehrstelle Belgium, a field office of Abwehr; Portugal and Spanish links to Abwehr; KOs — hybrids with three branches; Impact on GRU and Communist networks; Death of British agents in Holland; the truth about the effectiveness of the Double-Cross System; the double agent who escaped capture. The interview runs 22 minutes and includes several Q&As.”

10. Israeli Spyware Used to Hack Across 10 Countries, Microsoft and Watchdog Say

On April 11th Reuters reported that “an Israeli firm’s hacking tools have been used against journalists, opposition figures and advocacy organizations across at least 10 countries — including people in North America and Europe — according to new research published Tuesday by Microsoft Corp (MSFT.O) and the internet watchdog Citizen Lab. Citizen Lab said in its report that it had been able to identify a handful of civil society victims whose iPhones had been hacked using surveillance software developed by the Israeli company, QuaDream Ltd — a lower-profile competitor to the Israeli spyware company NSO Group, which has been blacklisted by the U.S. government over allegations of abuse. In its report published at the same time, Microsoft said it believed with “high confidence” that the spyware was “strongly linked to QuaDream.” In a statement, Microsoft Associate General Counsel Amy Hogan-Burney said that mercenary hacking groups like QuaDream “thrive in the shadows” and that publicly outing them was “essential to stopping this activity.” Israeli lawyer Vibeke Dank, whose email was listed on QuaDream’s corporate registration form, did not return a message seeking comment. Repeated attempts by Reuters to reach QuaDream over the past year — including a visit to the company’s office outside Tel Aviv — have been unsuccessful.”

11. Association of European Businesses Escapes Foreign Agent Status in Moscow and Brussels

Intelligence Online reported on April 12th that “the lobbying organisation, which has been caught in the crossfire since Russia invaded Ukraine, has been investigated by both the European Commission and the Russian justice ministry. Both have decided, however, not to take action against it.”

12. United Kingdom: New Director GCHQ Announced

On April 11th GCHQ officially announced that “Foreign Secretary James Cleverly today announced that Anne Keast-Butler has been appointed to succeed Sir Jeremy Fleming as Director GCHQ, with the agreement of the Prime Minister. Anne Keast-Butler is currently serving as Deputy Director General MI5 and will be the first woman to hold the top position at GCHQ. She will succeed Sir Jeremy Fleming, who in January announced his decision to step down after six years in the role. She will take up her post in May. The appointment was made following a cross-government recruitment process chaired by Cabinet Secretary, Simon Case.”

13. Video: Solving the Mystery Behind a Soviet Spy Bug : A True Masterpiece of Technical Elegance!

Following week 12 story #66, the “Machining and Microwaves” YouTube channel published this video on April 9th. As per its description, “how did a Mysterious Microwave Bugging Device operate secretly for SEVEN YEARS inside the US Ambassador’s study in Moscow with NO power source? As I’m an inquisitive and practical sort of chap, I MADE one for a BBC TV series with Professor Hannah Fry to discover EXACTLY How It Works! In this episode of Machining and Microwaves, I do a deep technical dive into precisely HOW this totally passive mechanical contrivance worked as an undetectable covert bugging device. It has no active components, no battery, no wires and needed no modifications to the building. Is this semi-magical Great Seal Bug somehow connected with infamous Moscow Signal? There’s a sneak preview of some of the machining work, but everyone wants to know the REAL MECHANISM behind how this weird “Thing” operates. I machined a batch of replicas and carried out practical experiments to uncover the REAL way they work.”

14. Ukrainian SBU Detained Russian Agent in Odesa

On April 10th Ukraine’s SBU announced that they “detained a traitor who “hunted” for HIMARS and scouted the ammunition depots of the Armed Forces of Ukraine in Odesa. The perpetrator turned out to be a conscript from one of the brigades of the Armed Forces of Ukraine, who was recruited by the enemy after the start of a full-scale aggression. It was established that the occupiers chose the pseudonym “Krymchanin” (Кримчанин) for him and completed the task of collecting information about the defence of the Odesa region. On the instructions of the Russian intelligence services, their agent secretly recorded the location of the headquarters, military equipment and warehouses with missile and artillery weapons of one of the military units in the region. In addition, he tried to detect the positions of the HIMARS reactive artillery system. The traitor tried to transfer the received information to his Russian “handler” through an anonymous messenger in the form of marks on electronic maps. However, the SBU officers acted in advance — they exposed the perpetrator in a timely manner, documented his criminal actions and detained him while he was performing an intelligence task. It was established that in order to mask criminal actions, the suspect often changed SIM cards on his own mobile phone, which he used to communicate with the aggressor.”

15. United States: Woman Sentenced to 48 Months in Prison for Conspiring to Violate U.S. Sanctions Against Iran

On April 10th the US Department of Justice published this press release stating that “a California woman was sentenced on April 7 to four years in prison followed by three years of supervised release for conspiring to violate the International Emergency Economic Powers Act (IEEPA) by providing services, including financial services, to Iran and the Government of Iran, in violation of U.S. sanctions against Iran, and for structuring. According to court documents, Niloufar Bahadorifar, aka Nellie Bahadorifar, 48, of Irvine, pleaded guilty on Dec. 15, 2022, before U.S. District Judge Ronnie Abrams, who imposed the sentence. “The Government of Iran has shown that it will take extreme measures to silence dissidents and critics around the world exercising their lawful rights, including through the use of violence on U.S. soil,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “We hold accountable an individual who violated U.S. sanctions by providing financial assistance that ultimately supported a failed kidnapping plot directed by the Iranian government, underscoring the Department’s commitment to bringing to justice those who criminally aid the Iranian regime.” “Niloufar Bahadorifar provided financial support to a brazen plot intended to kidnap an Iranian human rights activist living in the United States whom the Iranian Government has sought to silence for years,” said U.S. Attorney Damian Williams for the Southern District of New York. “Efforts by malign foreign governments to stifle free speech and peaceful protest by means of intimidation or repression cannot be tolerated. The right to free speech is a core fundamental principle of American ideals, and this office is proud to protect that right with every means at our disposal.” “Simply put, the defendant provided assistance to individuals who tried to help kidnap a journalist living in New York, who has criticized the regime in Teheran,” said Assistant Director Alan E. Kohler Jr. of the FBI’s Counterintelligence Division. “This case demonstrates that the government of Iran will continue to target dissidents and reach beyond their borders, violating U.S sanctions and national security, but more importantly threaten the personal safety of individuals living in our country. The FBI will continue to shield those who are targeted and aggressively pursue anyone who attempts to circumvent our laws and will leverage all our authorities to protect the right to free speech.”.”

16. Video: The Secret Coded Shortwave Messages of the MOSSAD

On April 11th Ringway Manchester published this new video covering the history of the E10 and E10a number stations that were actively used until March 2011 to transmit coded messages.

17. IRA Terror Plot Foiled in Northern Ireland Ahead of President Biden Visit

The New York Post reported on April 9th that “Police in Northern Ireland have thwarted an IRA terror bomb plot intended to disrupt President Biden’s upcoming visit to Belfast on Tuesday, it was revealed Sunday. Members of the paramilitary group, the New IRA, were allegedly looking to purchase bomb parts in Derry and scheming to build an explosive device to disrupt Biden’s diplomatic stopover, The Belfast Telegraph reported. “They were looking for parts to make a bomb,” a source told the newspaper. “The belief is that the New IRA was planning some sort of attack to coincide with Biden’s visit, similar to the mortar attack on the cops in Strabane last November.” Last November, the group claimed responsibility for detonating a roadside bomb targeting a police vehicle in County Tyrone. Two cops escaped injury when the bomb exploded next to their car. Thomas Mellon, the leader of the New IRA, wanted a “spectacular” way to undermine Biden’s visit, according to reports. “He wanted to have a spectacular, but with all the PSNI raids and Brit searches it’s likely he will have to settle for a riot on Easter Monday,” the source said. Mellon is on the terror watchlist of MI5, the United Kingdom’s counter-intelligence agency. Biden will visit Belfast on Tuesday to commemorate the 25th anniversary of the US-brokered Good Friday Agreement. The historic pact reached in 1998 ended decades of sectarian fighting between Catholics and Protestants in Northern Ireland, known as the Troubles.”

18. Turkish Cyber Opens Swiss and Dutch Offices to Win Over European Market

Intelligence Online reported on April 11th that “given the reluctance of European countries to hire Turkish companies close to the authorities in Ankara, Turkish cyber companies have been relocating their head offices to Europe.”

19. Ukrainian SBU Detained 2 FSB Agents in Kharkiv

On April 11th Ukraine’s SBU announced that they “detained two informants in the Kharkiv region who were scouting Ukrainian defence lines on the border with the Russian Federation. The auxiliaries turned out to be two residents of de-occupied Vovchansk, whom the enemy recruited to carry out reconnaissance and subversive activities in the east of the region. The intruders collected intelligence for the occupiers about the locations of bases and movements of the Defence Forces in the territory of the Vovchan community. First of all, they were interested in information on the arrangement of defence lines along the border with the Russian Federation and temporary deployment points of units of the Security Service and the National Police. The aggressor was also looking for information about the current socio-political situation in the border region, points of delivery of humanitarian aid to civilians. Intelligence was needed by the occupiers for the preparation of sabotage and rocket-artillery attacks on Ukrainian locations. According to the investigation, one of the members of the enemy group is a local resident who, immediately after the capture of part of the region, voluntarily cooperated with the aggressor. At the same time, he began to perform enemy intelligence tasks only at the beginning of this year. Subsequently, the person involved in the subversive activity involved his acquaintance, who then brought him into direct contact with the FSB. To communicate with the Russian intelligence service, the persons involved used the Telegram messenger in compliance with the measures of the conspiracy. During searches of the perpetrators’ residences, mobile phones were found, which they used to correspond with the FSB.”

20. United States: Is Soldier’s Death Related to the Pentagon Leaks?

On April 9th Divided & Conquered published this article saying that “a service member found dead in his car in the Pentagon parking lot last month was 42 year old Master Sgt. Juan Bordador. He was pronounced dead by Arlington Emergency Medical Services on March 14, following a welfare check. Police officers responded to a call for a welfare check when they found the body of the unidentified individual. “At approximately 3:30 p.m. EDT today the Pentagon Operations Center received a call requesting a welfare check on a military service member,” Pentagon press secretary Brig. Gen. Pat Ryder said. Ryder said Pentagon police officers responded to the North Parking, where they discovered the service member in his vehicle apparently deceased. According to the Pentagon, police officers found the body in the North Parking at approximately 3:30 p.m. Usually “welfare checks” in the Army are conducted in the barracks or off post housing. Why were they calling the police for a welfare check and how did they find him so quickly? “JP enlisted into the United States Army as a Counterintelligence and Force Protection Special Agent, kickstarting a triumphant career that spanned almost 2 decades. His military service took him to many parts of the world, from countries like Japan, Germany, Korea, Iraq, Russia, Israel, Canada, Belgium, France and more…assigned to the 500th Military Intelligence Brigade, Camp Zama, Japan. His military education included the Primary Leadership Development Course; Basic NCO Course; Advanced NCO Course; Airborne School; Master Resilience Training; TSCM Advanced Concepts Training; TSCM Course; Digital Training Management Systems Training; Jungle Warfare School; CI-HUMINT Operations Management; and the Basic Instructor Course. During his tenure with the 10th Regional Support Group, US Army Japan, he served as the S3 Operations NCOIC and as the Headquarters Company Platoon Sergeant… His training and experience led him to a successful career working alongside important individuals like General Mark A. Milley and General James ‘Mad Dog’ Mattis. He worked under 4 US Presidents: President George W. Bush, President Barack Obama, President Donald Trump, and President Joe Biden. In 2021, he was promoted to the Pentagon as the NCO in charge of the Technical Surveillance Countermeasure (TSCM) Program at the Joint Chiefs of Staff Security Office.” Technical Surveillance Countermeasures (TSCM) is a term created by the United States government that describes the action of sweeping for devices that may be spying on you.”

21. Russian GRU Officer Wanted by the FBI, Leader of the Hacker Group APT 28

On April 10th the OSINT group Inform Napalm published their latest research stating that “Ukrainian hacktivist team Cyber Resistance hacked the email of Lieutenant Colonel Sergey Alexandrovich Morgachev, an officer of the Russian Main Intelligence Directorate of the General Staff of the Russian Army (GRU), leader of the Russian hacker group APT 28, consisting of officers of the 85th Main Special Service Center of the GRU, military unit #26165. Dumps of his private correspondence were exclusively provided by the hacktivists to the volunteers of InformNapalm volunteer intelligence community for analysis. In this article we will disclose all relevant personal information regarding this Russian intelligence officer wanted by the FBI. We will wrap up with a story of a creative punishment through “moral humiliation” of the Russian hacker by Ukrainian hacktivists with an order on AlịExpress.”

22. Attack Targeting IRGC and Syrian Intelligence Officers

On April 10th the Atlantic Council’s Security Researcher Ruslan Trad reported that “another bad night for Iranian forces in Syria after an attack during a meeting between an IRGC officer and Syrian intelligence officers in Damascus. All reports indicate there are killed/wounded as result, but nothing is confirmed for now.”

23. New Report Assesses Record of Russian Unconventional Operations in Ukraine War

Intel News reported on April 10th that “a new report published by a London-based security think-tank concludes that Russia has employed unconventional operations effectively to subdue the population in occupied areas of Ukraine. These successes contrast sharply with the inferior performance of Russia’s conventional military forces, as revealed last week in a series of leaked documents belonging to the United States Department of Defense. The 39-page report was published on March 29 by the Royal United Services Institute (RUSI). It is titled “Preliminary Lessons from Russia’s Unconventional Operations During the Russo-Ukrainian War, Feb 2022-Feb 2023”. It suggests that the early assessments of the Russian intelligence community failed to anticipate by a wide margin the strength of the Ukrainian opposition to the Russian invasion, as well as the West’s resolve to assist Kyiv. Moreover, early assessments by Russian intelligence agencies severely over-estimated the capabilities of the Russian military, with near-catastrophic results. However, the report claims that, in contrast to its early assessments, the record of unconventional operations by Russia’s intelligence community in Ukraine has been largely successful, and has allowed Moscow to effectively subdue occupied populations in eastern Ukraine. It suggests that Russian intelligence agencies began planning for the military invasion at least eight months in advance. They prepared the ground by assembling a large network of agents on the ground in Ukraine, which included at least 800 Ukrainian government officials. Some of these officials offered to spy for Russia voluntarily, while others were coerced through various means. The agent network inside Ukraine gave Russian intelligence agencies access to government databases, as well as to communications intercepts. These were used to construct detailed assessments of targeted individuals in occupied areas of Ukraine, and enabled Russian intelligence agencies to operate surgically in neutralizing leading pro-Kyiv officials in those areas. That method has been largely effective in the past year, and has allowed Moscow to exercise strict control in areas under occupation through “a steady stream of human intelligence” from its agent networks, the report claims.”

24. New Videos by Former United States CIA Officer Jason Hanson

Throughout this week former US Central Intelligence Agency (CIA) officer Jason Hanson published the following videos: 1) This Tactical Tomahawk Could Put Any Attacker in Trouble, 2) Former CIA Agent Reacts to a Heist in South Africa, 3) Former CIA Reacts to a Home Invasion Where Homeowner Kills Robber in Self-defense, and 4) Former CIA Agent Reacts to Kidnapping Caught on Camera.

25. China Accused of Spying to Create Passenger Jet

CBS News reported on April 12th that “China is rolling out a new passenger airliner, designed to directly compete with Boeing and Airbus. Some say the designs were gathered through corporate espionage. Kris Van Cleave has the story.”

26. Podcast: SpyCast: “Havana Syndrome” — A Panel featuring Nicky Woolf, Marc Polymeropoulos, and Mark Zaid

On April 11th the International Spy Museum’s SpyCast released this new podcast episode. As per its description, “in late 2016, a number of American and Canadian embassy personnel in Havana, Cuba were the first to report debilitating idiopathic symptoms. Sufferers reported loud ringing in their ears, severe vertigo, headaches, and loss of cognitive abilities. Now, almost 6 years later, over 200 people have come forward experiencing similar symptoms. Despite the number of reported sufferers and extensive investigations, there is still no conclusive answer. This week on SpyCast, we bring you the recording of an in-person program held at the International Spy Museum in February which brought together a panel to examine the issue. And… This episode was produced in collaboration with THE SOUND, an investigative podcast series by Project Brazen and Goat Rodeo with PRX. Tune in to all 8 episodes of THE SOUND now for a more in-depth and comprehensive look at the mystery of Havana Syndrome.”

27. Crypto Museum: B2M (MITCHELL) Spy Radio Set

On April 12th the Netherlands-based Crypto Museum published a new page. As per its introduction, “B2M, codenamed MITCHELL, is a spy radio set, developed in 1946 by Telefunken in Hannover (Germany), for use by intelligence services and Stay-Behind Organisations (SBO) in post-war Europe. It is a direct clone of the British Type 3 Mark II (B2), albeit built with German parts. The device was succeeded in 1952 by the similar ESK-52, which was nicknamed Amateur Radio Set.”

28. No Letup in Turkish Intelligence Agency MIT Spy Work in Greece, Secret Documents Reveal

Nordic Monitor reported on April 12th that “Turkey’s spy agency, Milli İstihbarat Teşkilatı (MIT), has expanded its clandestine operations in Greek territory while Turkish and Greek diplomats have been engaging in what appears to be a thaw in bilateral ties in the wake of devastating earthquakes that killed 50,399 people in Turkey’s southern provinces. According to secret documents recently obtained by Nordic Monitor, the Turkish intelligence agency filed a report dated March 2, 2023, a little over two weeks after Greek Foreign Minister Nikos Dendias visited the quake zone to express his country’s solidarity and continued support for rescue and relief efforts. The MIT report makes clear that the diplomatic gestures and niceties at the political level did not really translate into curbing or restraining clandestine work by MIT. Rather, the opposite took place as MIT intensified its spying and surveillance in Greece. MIT operates directly under orders from Turkish President Recep Tayyip Erdogan, who entrusted the running of the agency to his long-time confidant Hakan Fidan, an anti-Western Islamist figure, more than a decade ago.”

29. Russian Sputnik News Journalist Marat Kasem Charged with “Espionage” in Latvia

Following week 1 story #43, on April 13th London Daily reported that “if China or Russia arrest journalists — it’s front-page news. When the west arrests journalists for the crime of reporting the truth (Julian Assange, as an example), everybody is very ok with this censorship against freedom of speech. Charging journalists with Espionage is just the same as charging a criminal lawyer with helping criminals. Espionage is what journalism is all about: exposing to the public what authorities are hiding; that which the public has the full and absolute right to know… as in democracy, the public owns the authorities and not the other way around. But the EU was never a democracy, so it’s ok. Marat Kasem, editor-in-chief of Sputnik Litva (the Lithuanian division of the pro-Kremlin news outlet Sputnik), was taken into custody in Latvia. According to sources cited by RIA Novosti, Kasem is suspected of espionage and violating EU sanctions against Russia. On December 5, 2022, a court in Riga issued an order for his arrest. Russia Today CEO Dmitry Kiselev says that Kasem is a Latvian citizen. Although he lived and worked in Moscow for the past several years, on December 30 he traveled to Latvia for family reasons. Kiselev qualified his arrest as “obviously a political persecution, entirely unlawful, absurd, and ungrounded.” Russian Foreign Ministry spokesperson Maria Zakharova claims that, about six months ago, Kasem complained about being persecuted for his work in the Baltic countries. “Now he is under arrest,” wrote Zakharova on Telegram. “This is the dictatorial regimes’ vengeance for his freedom, his truth, and his principles.” In May 2019, Marat Kasem was detained at the Vilnius airport and banned from entering Lithuania for the next five years. The following July, Lithuanian authorities ruled to block Sputnik Litva, citing copyright violations. Latvia, too, has blocked Sputnik’s Web pages and detained its employees in the past. The agency has also complained about being pressured by Estonian authorities.”

30. US President Joe Biden Calls Family of Reporter Accused of Espionage in Russia

Following week 13 story #69, and week 14 story #70, MSN reported on April 11th that “while en route to Belfast to begin a four-day visit to Ireland and Northern Ireland, Biden made the call. One day after the Biden administration officially announced the reporter had been “wrongfully imprisoned,” the call took place. The designation strengthens the case for Gershkovich’s release to the US government and designates a specific State Department office to spearhead the effort. On Tuesday, Biden once more denounced the journalist’s imprisonment before leaving Washington. The Wall Street Journal and the US administration have both angrily refuted the Russian claim that Gershkovich is a spy. “We’re making it real clear that it’s totally illegal what’s happening, and we declared it so,” Biden said. “It changes the dynamic.” White House press secretary Karine Jean-Pierre told reporters after the call that Biden “felt it was really important to connect with Evan’s family, his parents,” She said that Gershkovich, 31, has been “top of mind” for the president. White House National Security Council spokesman John Kirby said that the Russian government has yet to grant US consular access to Gershkovich.”

31. Podcast: Spycraft 101: An NSA Spy Unknown for Decades with John Whiteside

On April 12th Spycraft 101 published a new podcast episode. As per its description, “in 1964, US Army Private Robert Stephan Lipka was an intelligence analyst assigned to the National Security Agency, where he distributed classified documents from the teleprinters to their recipients. Not long after being assigned to the NSA, Lipka approached the Soviet embassy with an offer to spy for them. For the next two years, he smuggled out approximately 200 top-secret documents and left them at dead drops nearby. These documents included the NSA’s reports to the White House, and information on US troop movements worldwide. Lipka left the Army in 1967, but still had a large cache of stolen documents which he continued providing to the Soviets through 1974. During this time, the FBI identified his KGB handlers, but never learned who their source was inside the NSA. Over the next twenty years, Lipka tried to leave his old life behind, and opened a coin shop in Lancaster, PA. Unfortunately for him, his past caught up with him in the early 1990s when Vasiliy Mitrokhin defected to the United Kingdom. Between 1972 and 1984, Mitrokhin copied information out of the KGB archives in Moscow and smuggled it back home. By the time the USSR collapsed, he had created an in-depth look at KGB activities during the Cold War. Among the many pieces of information Mitrokhin provided during his extensive debriefings with MI6 were details sufficient to identify Lipka as a KGB asset. MI6 shared this information with the FBI, who used an undercover agent posing as a GRU officer against Lipka. At each meeting, the agent tried to get Lipka to verbally acknowledge his espionage activities, but Lipka was canny and never admitted to anything that could lead to a conviction. But after his ex-wife agreed to testify against him, Lipka took a plea bargain rather than face a possible life sentence. He served more than ten years in prison before his release in 2006.”

32. Estonian Spy Agency Warns of Russian Efforts to Recruit Refugees

Bloomberg reported on April 12th that “Russian security services have stepped up attempts to recruit Ukrainian refugees traveling to Estonia, the Baltic nation’s counterintelligence agency said in an annual report. The EU country bordering Russia provided refugee status to 45,000 Ukrainians fleeing Russia’s invasion. It’s one of the biggest influxes seen by any country on a per-capita basis, with many of the displaced Ukrainians arriving in Estonia after passing through shared neighbor Russia. Already in a vulnerable position from the war, the refugees are regularly interrogated by Russian spy agencies such as the Federal Security Service, known as the FSB, in filtration camps and border points, and “activities will likely intensify in the future,” according to the report released by Estonia’s Internal Security Service on Wednesday. “Conversations with the war refugees have shone a light on the FSB’s forceful actions against Ukrainians in Russia and the occupied territories,” the report said. “The FSB has also systematically worked to recruit war refugees arriving from Russia before they enter Estonia, both by threatening and bribing them.” Russian spies from the country’s SVR and GRU intelligence agencies have continued to visit Estonia, “using various covers,” according the report.”

33. United States FBI Releases Video to Recruit Russian Spies to Gather Intelligence on War, Sparks Backlash

The Republic World published this article on April 10th saying that “United States Federal Bureau of Investigation (FBI) on April 9 resorted to scaling up the Russian recruitment for the intelligence gathering as it appealed to Russian-origin nationals to collaborate with the American agencies. The move sparked backlash and controversy among Russian experts. In the visuals shared by the American intelligence firms, a man is heard speaking in the Russian language. He says that the FBI can change their future if they cooperate with US intelligence in providing the information that they are seeking. It went on to add that the FBI is looking for Russians who can work for the agency as spies, and ex-pats as well as with information on countering the Kremlin. FBI launched its social media campaign to recruit Russians in February. It has since been encouraging Russian nationals to join Americans in providing intelligence on Kremlin and Russia’s President Vladimir Putin. In an interview with Fox News, the ex-CIA Moscow station chief Dan Hoffman said that the FBI’s message in the video was “sharp” and “smart,” and that it could “help the FBI and the country prevail against that Russian aggression.” Russia’s communications regulator Roskomnadzor previously banned the US-based government websites, Federal Bureau of Investigation [FBI] and CIA accusing the American intelligence agencies of being involved in spreading “fake news” about the ongoing military operation in Ukraine. According to Roskomnadzor, the two US-based agencies rampantly published inaccurate material and information discrediting the Russian armed forces.”

34. Albania: Elbasan Court Hearing on Russian Spy Postponed

Following 2022 week 33 story #71, 2022 week 34 stories #16 and #88, 2023 week 8 story #1, and 2023 week 9 story #86, on April 12th Albanian Daily News reported that “session on Russian citizen, Mikhail Zorin, who is accused of Espionage in Albania, was postponed this Wednesday in Elbasan Court. Hearing was postponed, as the prosecutor of the case asked for time to familiarize himself with the acts of the file. Zorin requests teh change of the security measure, since according to his lawyer, the detention time liimts have passed. The court accepted the Prosecutor’s request and requested that information on the investigations be presented, for this reason it set the date 14.04.2023 at 13.00 for the next session. Few months ago, Mikhail Zorin, Svetlana Timofeeva and the Ukrainian Fyodor Mihailovic were photographing the premises at the Arms Factory in Gramsh, when they tried to get inside, they were spotted by Albanian soldiers who signaled them to stop. They did not obey the orders, while one of them, Mikhail Zorin, attacked them with a chemical spray.”

35. Breaking Down North Korea’s Advancing Cyber Prowess

Axios reported on April 11th that “recent attacks linked to North Korean state-backed hackers are spotlighting how technically adept and creative the regime’s cyber activity has become. The big picture: Experts say public perception of North Korea’s cyber threat risks painting the regime as an underfunded country solely focused on cybercrime to fund its government, but those perceptions aren’t quite right. Driving the news: Late last month, several cybersecurity firms found North Korean state-backed hackers attaching malware in a system update for video-conference tool 3CX — mirroring a tactic Russian hackers used in the infamous SolarWinds espionage campaign two years ago.”

36. Ukrainian SBU Reports on Former Berkut Man who Created a Russian FSB Spy Network

On April 12th Ukraine’s Security Service (SBU) reported on the“former Berkut man who created the Russian intelligence network in the frontline regions of Ukraine. He turned out to be a former employee of the disbanded Berkut (Беркут) special police unit — Valery Astakhov (Валерій Астахов). After the occupation of Crimea, he went over to the side of the enemy and joined the ranks of a group under the control of the Russian intelligence services called the Yevpatoriya Company of the People’s Militia (Євпаторійська рота народного ополчення). At the beginning of the full-scale invasion, the FSB instructed Astakhov to form his own intelligence network for intelligence and subversive activities against Ukraine. The traitor remotely recruited several dozen residents of the southern and eastern regions, including from Bakhmut, to its composition. The main task of the enemy agents was to collect intelligence about the bases and movements of the Defence Forces near the front. The attackers forwarded the received information to Astakhov via Telegram in the form of locations on electronic maps with a detailed description of the sites. The former “Berkutov” passed this data to his supervisors from the FSB on the territory of the captured Crimea. The occupiers needed them to guide and adjust rocket and artillery fire on the positions of Ukrainian troops. On the basis of the collected evidence, the investigators of the Security Service informed Astakhov of the suspicion under Part 2 of Art. 111 of the Criminal Code of Ukraine (treason committed under martial law). He is currently hiding in the temporarily occupied territory in the south of Ukraine. Comprehensive measures are underway to bring the traitor, as well as all his accomplices and their Russian “handlers” to justice. We will remind that during a special operation in Bakhmut at the end of the summer of 2022, the counter-intelligence of the SBU detained one of the active members of the enemy agency with the operational pseudonym “Sedoy” (Сєдой). The indictment against the detainee has already been submitted to the court.”

37. Video: The Not So Secret Short Wave Numbers Stations of North Korea

Following this week’s story #16, on April 12th Ringway Manchester also published this video. The video covers North Korean radio communications, with primary focus on the clandestine number stations of North Korea’s military intelligence agency, the Reconnaissance General Bureau (RGB). The North Korean number stations covered were: 1) V15, 2) V28, and 3) M40.

38. Norway Declares 15 Intelligence Officers Working at the Russian Embassy in Oslo Personae Non Gratae

On April 13th the government of Norway issued this press release stating that “‘the 15 intelligence officers have been engaging in activities that are not compatible with their diplomatic status,’ said Minister of Foreign Affairs Anniken Huitfeldt. The Government’s decision is in response to the changed security situation in Europe, which has led to an increased intelligence threat from Russia. ‘This is an important step in countering, and reducing the level of, Russian intelligence activity in Norway, and thus in safeguarding our national interests,’ Ms Huitfeldt said. The Government has now decided to declare as personae non gratae 15 Russian intelligence officers who have been working under diplomatic cover in Norway. The officers concerned must leave Norway shortly. Visas will not be issued to intelligence officers seeking to come to Norway. ‘Russia currently poses the greatest intelligence threat to Norway. We take this very seriously, and are now implementing measures to counter Russian intelligence activities in our country. We will not allow Russian intelligence officers to operate under diplomatic cover in Norway,’ Ms Huitfeldt said. The activities of these intelligence officers have been monitored over time. At the same time, there is an increasing Russian intelligence threat to Norway as a result of the deteriorating security situation. It is against this backdrop that we have decided to take this action now.”

39. United States: Trading with the Enemy

Seymour Hersh published this article on April 12th saying that “the Ukraine government, headed by Volodymyr Zelensky, has been using American taxpayers’ funds to pay dearly for the vitally needed diesel fuel that is keeping the Ukrainian army on the move in its war with Russia. It is unknown how much the Zelensky government is paying per gallon for the fuel, but the Pentagon was paying as much as $400 per gallon to transport gasoline from a port in Pakistan, via truck or parachute, into Afghanistan during the decades-long American war there. What also is unknown is that Zelensky has been buying the fuel from Russia, the country with which it, and Washington, are at war, and the Ukrainian president and many in his entourage have been skimming untold millions from the American dollars earmarked for diesel fuel payments. One estimate by analysts from the Central Intelligence Agency put the embezzled funds at $400 million last year, at least; another expert compared the level of corruption in Kiev as approaching that of the Afghan war, “although there will be no professional audit reports emerging from the Ukraine.” “Zelensky’s been buying discount diesel from the Russians,” one knowledgeable American intelligence official told me. “And who’s paying for the gas and oil? We are. Putin and his oligarchs are making millions” on it. Many government ministries in Kiev have been literally “competing,” I was told, to set up front companies for export contracts for weapons and ammunition with private arms dealers around the world, all of which provide kickbacks. Many of those companies are in Poland and Czechia, but others are thought to exist in the Persian Gulf and Israel. “I wouldn’t be surprised to learn that there are others in places like the Cayman Islands and Panama, and there are lots of Americans involved,” an American expert on international trade told me. The issue of corruption was directly raised with Zelensky in a meeting last January in Kiev with CIA Director William Burns. His message to the Ukrainian president, I was told by an intelligence official with direct knowledge of the meeting, was out of a 1950s mob movie.”

40. Webinar: The China Index: Measuring PRC Influence Around The Globe

On April 13th the Hoover Institution published this video recording. As per its description, “the Hoover Project on China’s Global Sharp Power invites you to The China Index: Measuring PRC Influence Around the Globe on Tuesday, April 11, 2023 at 9:00 AM PT | 12:00 PM ET. The China Index is the first cross-regional project to objectively measure and visualize China’s overseas influence through comparable data. This event brings together report contributors from Bogota, Berlin, Tblisi, and Taipei, who will analyze the PRC’s influence campaigns in their regions, from Latin America to Germany to Central Asia.”

41. Ukrainian SBU Detained Russian Informant in Odesa

Ukraine’s SBU announced on April 13th that they “detained another enemy informant in the course of counter-subversion measures in Odesa. According to SBU counter-intelligence data, the attacker disseminated information about the location of units of the Defence Forces and strategically important sites of the Odesa defence-industrial complex. It was at his coordinates that the occupiers carried out one of the strikes by Iranian drones “Shahed” on the territory of the regional centre. According to the investigation, the accomplice of the occupiers turned out to be a radio mechanic from one of the Odesa factories of the military-industrial complex. The man disseminated information about the location of the defense enterprise and the units of the Defence Forces and their weapons in the group he created in the Telegram messenger, the members of which were mainly Russians. In addition, the informant “leaked” data on the company’s execution of defence orders. It was established that after the Russian air attacks, the person involved recorded and disseminated in his own group the consequences of the “arrivals” detailing the degree of damage to the attacked objects. The enemy could use this data to carry out repeated and prepare new strikes with kamikaze drones on the Ukrainian city.”

42. Poland: Espionage Campaign Linked to Russian Intelligence Services

On April 13th the Polish government released this analysis stating that “the Military Counterintelligence Service and the CERT Polska team (CERT.PL) observed a widespread espionage campaign linked to Russian intelligence services, aimed at collecting information from foreign ministries and diplomatic entities. Most of the identified targets of the campaign are located in NATO member states, the European Union and, to a lesser extent, in Africa. Many elements of the observed campaign — the infrastructure, the techniques used and the tools — overlap, in part or in full, with activity described in the past, referred to by Microsoft as “NOBELIUM” and by Mandiant as “APT29”. The actor behind them has been linked to, among other things, a campaign called “SOLARWINDS” and the tools “SUNBURST”, “ENVYSCOUT”. and “BOOMBOX”, as well as numerous other espionage campaigns. The activities described here differ from the previous ones in the use of software unique to this campaign and not previously described publicly. New tools were used at the same time and independently of each other, or replacing those whose effectiveness had declined, allowing the actor to maintain continues, high operational tempo. At the time of publication of the report, the campaign is still ongoing and in development. The Military Counterintelligence Service and CERT.PL recommend all entities which may be in the area of interest of the actor to implement mechanisms aimed at improving the security of IT Security systems in use and increasing the detection of attacks. Examples of configuration changes and detection mechanisms are proposed in the recommendations. The aim of publishing the advisory is to disrupt the ongoing espionage campaign, impose additional cost of operations against allied nations and enable the detection, analysis and tracking of the activity by affected parties and the wider cyber security industry.”

43. Spy Collection: Leaked document review: Why are JDAM-ER Failing? BDA from Recent Strikes

Following story #7, on April 15th we published a new video. As per its description, “in early April 2023 a series of allegedly US intelligence community documents were publicly disclosed on social media platforms. In this video we review 4 of those documents for educational and historical purposes. All four documents were part of the same RFI (Request for Information), relating to failures of JDAM-ER weapon systems in Ukraine. We cannot assess the validity of the content, who released them to the public domain, and why, but they are great practical examples of military intelligence products, valuable as an educational tool in intelligence analysis & production, as well as for historical purposes (in case they turn out to be unmodified, real military intelligence products).”

44. Russian Spy Revealed in Norway Has Also Worked in Denmark

Following this week’s story #38, on April 14th the Danish DR reported that “an intelligence officer from Russia’s military intelligence service , the GRU, who has just been revealed in Norway, has been in Denmark for several years. It is about 39-year-old Vladislav Khlestov, who, together with three other intelligence officers, was revealed yesterday . It happened on the same day that Norway expelled 15 Russian intelligence officers who, according to the Norwegian authorities, had operated from the embassy in Oslo . The identities of the four intelligence officers have been revealed in connection with the documentary series ‘The Shadow War’, in which DR , NRK, SVT and Yle investigate Russia’s secret operations in the Nordics. The Norwegian Police Security Service (PST) now confirms that before the deportations there were around 20 Russian intelligence officers in Norway. There are people who pretend to be Russian diplomats stationed at embassies and consulates , who in reality work for Russian intelligence services , says department director Inger Haugland from PST.” The names of 4 GRU officers revealed in this report were: 1) Vladislav Olegovich Khlestov, 2) Maxim Viktorovich Toroptsev, 3) Maxim Vitalevich Koloss, and 4) Semen Ivanovich Seliverstov.

45. Podcast: Team House: From MACV-SOG to CIA Paramilitary Officer | Frank McClosky

On April 15th the Team House released this new podcast episode. As per its description, “Frank served in MACV-SOG during the Vietnam War and then with the CIA where he was awarded the intelligence star for action in Central America.”

46. Ukraine: 3 FSB Agents in the Area of Donetsk Received Prison Terms

On April 13th Ukraine’s Security Service announced that “three more FSB informants who corrected Russian strikes in the Bakhmut area received prison terms, and the Kramatorsk. Security Service collected indisputable evidence of the guilt of three more FSB informants who conducted reconnaissance and subversive activities in the front-line areas of Donetsk region. The attackers collected information about the locations of bases and movements of the Defence Forces in the zone of active hostilities in the eastern direction. First of all, they tried to identify the fortified areas and fortifications of the units of the Armed Forces, and also “hunted” for the positions of the HIMARS rocket artillery systems. In addition, enemy henchmen gave the aggressor the coordinates of social infrastructure facilities, including local schools. SBU officers detained enemy informants during counter-subversive measures in the region in the summer and autumn of last year. According to the materials of the Ukrainian intelligence service, the court sentenced the perpetrators to 8 to 12 years in prison. Among the convicts is an engineer of one of the strategic enterprises of Donetsk region. During June last year, the official scouted the bases of the Defence Forces near Bakhmut and transmitted the collected information to the aggressor via messenger. On the basis of the collected evidence, he was found guilty under Part 7 of Art. 111–1 of the Criminal Code of Ukraine. Another enemy accomplice turned out to be a resident of Kramatorsk, who gave the FSB the location of the city’s critical and social infrastructure facilities. The perpetrator tried to involve local residents as informers in the subversive activity. For this purpose, he created and personally administered three pro-Russian Telegram channels with a total audience of over 10,000 subscribers. Also, a resident of Pokrovsky district, whom the FSB attracted to cooperation through the banned social networks “Vkontakte” and “Odnoklassniki”, was sentenced to a real term of imprisonment. At the instruction of the aggressor, she covertly photographed the locations of personnel and military equipment of the Defence Forces in the Avdiiv direction.”

47. Russian Woman Arrested in Sweden on Suspicion of Espionage

Svoboda reported on April 14th that “on April 13, a Russian citizen was detained in the Swedish city of Gothenburg on suspicion of industrial espionage. Her name is not revealed. According to police, the Russian woman was detained at the Preem refinery. Now she is under arrest. The press service of Preem confirmed her detention and clarified that the detainee worked for one of the company’s subcontractors. After her detention, the Swedish intelligence services interrogated witnesses and searched her. The details of the case are not disclosed in the interests of the investigation. In recent months, citizens of Russia and other countries have been detained several times in Sweden on suspicion of spying for Russia. On January 19, the court found the brothers Peyman and Payama Kia guilty of espionage . Peyman was sentenced to life imprisonment, while his brother Payama was sentenced to nine years and ten months in prison. At the end of 2022, a Russian couple was detained in Sweden. Sergey Skvortsov and Elena Kulkova have lived in the country for 20 years. They are suspected of collaborating with the Russian intelligence services.”

48. Pakistan-Aligned Cyber Actor Expands Interest in Indian Education Sector

Private cyber security firm Sentinel One published this technical analysis on April 13th stating that “Transparent Tribe is a suspected Pakistan-based threat group active since at least 2013. The group is not very sophisticated; however, it is a highly persistent threat actor that continuously adapts its operational strategy. Transparent Tribe has previously focused mainly on Indian military and government personnel, but it has recently expanded its scope to include educational institutions and students in the Indian subcontinent. Crimson RAT is a consistent staple in the group’s malware arsenal the adversary uses in its campaigns.” As per the executive summary: “SentinelLabs has been tracking a cluster of malicious documents that stage Crimson RAT, distributed by APT36 (Transparent Tribe). We assess that this activity is part of the group’s previously reported targeting of the education sector in the Indian subcontinent. We observed APT36 introducing OLE embedding to its typically used techniques for staging malware from lure documents and versioned changes to the implementation of Crimson RAT, indicating the ongoing evolution of APT36’s tactics and malware arsenal.”

49. Alexandru Musteata, Moldova’s Novice Spymaster Trying to Push Back Russia

Intelligence Online reported on April 14th that “the youthful head of Moldova’s intelligence service took on his new role last year with two battles to wage: combating Moscow’s influence and fighting corruption. To reach his goals, Moldova’s spy in chief will have to dismantle the agency’s Russian networks and bring it closer to Western standards.”

50. Jack Teixeira: National Guard Airman Arrested Over Leaked Pentagon Documents

Following last week’s stories #65, #71, #72, and this week’s story #8, on April 13th BBC reported that “a 21-year-old US Air National Guardsman has been arrested over a leak of classified military intelligence that has rattled the US and its allies. Jack Teixeira, who reportedly shared the files in an online gaming chatroom, faces charges under the Espionage Act. Aerial footage showed officers making an arrest at Mr Teixeira’s family home in Dighton, Massachusetts. The documents he leaked revealed intelligence about the war in Ukraine and US spying on allies. Footage of the arrest in the town of 8,000 people about an hour south of Boston shows a young man, believed to be Mr Teixeira, walking backwards with his hands raised to armed FBI officers. He was handcuffed and led to a vehicle. Roads in the area were blocked by police officers during the arrest. “There were about six to eight Army guys with rifles walking around,” local resident Dick Treacy told Reuters news agency. “This is a very quiet area.” Mr Teixeira is expected to make his first court appearance in Boston on Friday. He was listed as a member of the intelligence wing of the Massachusetts Air National Guard, based at Otis Air National Guard Base in western Cape Cod. According to his service record, obtained by CBS News, the BBC’s US partner, Mr Teixeira joined the force in 2019. His official title is Cyber Transport Systems journeyman and he holds the rank of Airman 1st Class — a relatively junior position. In a brief statement on Thursday, US Attorney General Merrick Garland said the suspect had been taken into custody without incident.”

51. United States: Senate Foreign Relations Committee Cravenly Rubber Stamps CIA Plan for More Coups, Assassinations, Drone Strikes, Kidnappings and Torture to Save America from Fabricated Foreign Enemies

The Covert Action Magazine published this story on April 10th saying that “the concept of separation of powers was pivotal to the so-called ideal of democracy laid out by the founding fathers of the United States. Some of the more democratically inclined founders would be horrified by the subservience displayed by the Senate Foreign Relations Committee today toward the Executive Branch and Central Intelligence Agency (CIA). On March 28, Chairman Robert Menendez (D-NJ) presided over hearings that provided a platform for Damon Wilson, the President and CEO of the National Endowment for Democracy (NED), a CIA offshoot that was founded in the 1980s to promote propaganda and support opposition figures in countries the U.S. targets for regime change. In his testimony, Wilson said that, while the world was far more democratic than in the late 1980s when many countries still were behind the Iron Curtain, authoritarianism was now again “on offense, led by Beijing and Moscow, in an increasingly coordinated campaign with autocrats around the world from Tehran to Minsk to Havana.” These statements dovetailed well with Joe Biden’s remarks during the second Democracy Summit that he was hosting one day later, in which Biden pledged $690 million for foreign influence operations to support democracy around the world, including by funding free media outlets in authoritarian regimes and pro-democratic reformers, which is what the NED does.”

52. Surveillance in the United Arab Emirates

Grey Dynamics published this article on April 12th saying that “while the increasing digitalisation in the United Arab Emirates (UAE) has enhanced overall safety and contributed to lower crime rates, it poses serious concerns for privacy and individual rights. Public-private partnership fosters the enhanced physical and online surveillance of the population under the banner of long-term objectives of sustainability and digital economy. In essence, the existing partnerships between China and the UAE, as well as their common appetite for digital innovation and control of the population, could lead the UAE to shift away from the U.S. Key Judgement 1: Technocratic inclinations increasing within the UAE are highly likely to gradually impede on individual rights. Key Judgement 2: Rising private-public partnerships and technological developments are likely to result in increased physical and psychological control of the population. Key Judgement 3: The UAE is likely to further develop its relationship with the People’s Republic of China to satisfy its ever-growing reliance on digital technologies, thus progressively shifting away from the United States.”

53. Spy Way of Life: The Brand 910 Restaurant in Tashkent, Uzbekistan

This week’s selection for Intelligence Online’s Spy Way of Life was “Brand 910 inherits Aurum 898’s mantle as Uzbek intelligence community’s new favourite haunt.” As per the article, “this week, Intelligence Online visits Brand 910, a restaurant popular with karaoke-loving State Security Service officers in Tashkent.”

54. Ukraine: 15 Years in Prison for FSB Agent Arrested Last Year

Following 2022 week 27 story #78, on April 12th Ukraine’s SBU announced that “the FSB agent who corrected 10 enemy attacks on civilian sites in Mykolaiv will spend 15 years behind bars. It was on his “tip-off” that during June 26–30 of last year, the occupiers carried out targeted missile strikes on ten city sites. Among them are civil infrastructure buildings. SBU counter-intelligence officers detained a Russian agent in the regional centre in July last year. During the searches, explosives, unregistered firearms and ammunition were found in the possession of the intruder. According to the materials of the Security Service, the court sentenced him to 15 years in prison. It was established that the enemy accomplice is a local resident whom the FSB involved in secret cooperation in May of last year. For recruitment, the enemy used one of the pro-Kremlin Telegram channels, where the figure actively justified the armed aggression of the Russian Federation in his own comments. To fulfil the tasks of the Russian intelligence service, he went around the city and covertly photographed Ukrainian sites. He sent the collected files to an FSB case officer through an anonymous chat in the messenger.”

55. US Army Developing HADES ISR Prototypes

Janes reported on April 13th that “the US Army’s aviation directorate is soliciting industry input for prototype development of a new airborne intelligence, surveillance, and reconnaissance (ISR) system to support long-range precision fires operations and close “deep-sensing gaps” in the army’s ISR portfolio, according to a recent service announcement. Officials from Program Executive Office Aviation, in co-ordination with the space, missile defence, and special programmes directorate at Army Contracting Command — Redstone Arsenal, issued the 7 April request for information (RFI) for the High Accuracy Detection and Exploitation System (HADES). The RFI is calling on potential industry participants to provide details on possible scope of work requirements, evaluation criteria, and data rights information pertaining to the development of three HADES prototypes, the 7 April notice stated.”

56. North Korean Cyber Espionage Operation Targeting South Korea

On April 14th the Shadow Chaser Group discovered and disclosed technical indicators of a new cyber espionage operations attributed to an actor dubbed as KONNI, previously associated with the intelligence services of North Korea. The operation involved a lure document titled “소명자료 목록(국세징수법 시행규칙).hwp.lnk” (List of explanatory materials (Enforcement Rules of the National Tax Collection Act).hwp.lnk) which, if opened, was covertly installing a cyber espionage software implant.

57. French Interior Ministry Seeks New Investigation Platform

Intelligence Online reported on April 13th that “the French interior ministry has set the process in motion to replace its investigative platform Analyst Notebook, designed by UK firm I2 Group. This potentially lucrative contract is drawing specialists in the field in droves.”

58. Russia Accuses NATO of Launching 5,000 Cyberattacks Since 2022

Bleeping Computer reported on April 14th that “the Federal Security Service of the Russian Federation (FSB) has accused the United States and other NATO countries of launching over 5,000 cyberattacks against critical infrastructure in the country since the beginning of 2022. The agency says it has taken timely measures to prevent these attacks from causing any negative consequences to Russia. Furthermore, the FSB claims that these attacks originate from Ukrainian territories, which are used for masking the true origin and identity of the perpetrators. At the same time, the attacks also involve the deployment of “new types of cyber-weapons.” “In the analysis of identified computer threats, data were obtained indicating the use of Ukrainian territory by the United States and NATO countries for conducting massive computer attacks on civilian objects in Russia,” reads the machine-translated FSB statement. “Currently, the network infrastructure of Ukraine is used by units of offensive cyber operations of Western countries, allowing them to secretly use new types of cyber weapons.” The FSB claims that despite many of the attacks being presented as activities by the “IT Army of Ukraine,” it was able to discern the involvement of pro-west hacker groups such as “Anonymous,” “Sailens,” “Goast clan,” “Ji-En-Ji,” “SquadZOZ,” and others. The timing of this statement from FSB is suspicious, as Poland’s Military Counterintelligence Service and its Computer Emergency Response Team linked APT29 state-backed Russian hackers to widespread attacks against several EU and NATO countries just yesterday.”

59. Greece: Mount Athos was Turned into a CIA/NSA “Nest”

According to Greek news website Edolio5, “Thanasis Martinos, political head of the Monastic State of Athos, reportedly submitted to the Prime Minister a request to be relieved of his duties as administrator, after a four-year term. The well-known shipowner, who likes to be called “national benefactor” and who on the one hand aligned with Al. Tsipras (see Sounio) and on the other hand he was promoting his daughter as a ND candidate for parliament in Eastern Attica, fortunately he “emptied us” of himself “the corner”, he left the political leadership of Mount Athos. Like a good Christian, Thanasis Martinos had become a traffic policeman without speaking to the sight where they entered and exited as alleged monks, spies of all kinds and malicious elements! We, from edolio5, a long time ago pointed out the fact that both the American Embassy in Athens and the American Authorities had turned Mount Athos into their annex but at the same time Martinos was bringing his tankers full of Russian oil back and forth. What is certain, however, is that the departure of Martinos from Mount Athos is an important first step for the de-industrialisation of Mount Athos and the formation of security conditions and controls, which had essentially been abolished.”

60. Greece: Angela — The New Female CIA Chief of Station in Athens

Following story #59, Edolio5 also revealed the identity of the new CIA Chief of Station (COS) in the US Embassy in Athens, Greece. As per the article, “for the first time in its history in Athens, the CIA chose a woman —Chief of Station! Other times women of the American embassy had a dominant role but never the first place. This time the Greek-American woman from Zakynthos, married with 2 children, assumed the role of the head of the CIA cell in Athens. In essence, she was promoted from the position he had in the same Agency and in the same Embassy. A friend of “Madame Boudoir” from the old days that she took care of even with successes — bubble of the last time that saw the front pages of the newspapers to seal her new role. A few days ago a little bird saw them lounging on a main street of Athens and their hands were full of branded bags that contained the shopping they did. They sat and drank coffee and like good friends talked about everyone and everything. “Elena” is missing from their company since “Madame Boudoir” has degraded her and does not let her in the major cases. We’re told that “Angeliki from Zakynthos”, or “Angelas” (her last name and photo are currently not important) in the CIA world is “Kalomiraki” because of her temperament and artificial innocence as and the well-known Greek-American singer who entered our lives for a month. Of course, let’s say that “Angela” is not Valerie Plame who worked big in Athens on behalf of the CIA and as things show, she doesn’t even have the potential to become like her, even if she wanted to. Different times then, different interests and of course different qualifications.”

61. Amid Russian Espionage Fears, Poland Sets Exclusion Zone Around Swinoujscie LNG Terminal

RFERL reported on April 12th that “Poland will introduce a temporary 200-meter (656 feet) exclusion zone around its Swinoujscie Liquified Natural Gas (LNG) terminal starting on April 13, the interior minister said, citing concerns about Russian espionage. The exclusion zone for members of the public will not affect the terminal’s operations, Poland’s gas pipeline operator said of the plant located on the Baltic coast. A staunch ally of Ukraine and a hub for deliveries of weapons to Kyiv’s armed forces, Poland says it has regularly found itself the target of Russian efforts to destabilize the country.”

62. Czech Government to Consider Promotion of BIS Counterintelligence Service Chief Koudelka to General

BNN reported on April 15th that “the Czech government is set to discuss the potential promotion of Michal Koudelka, the head of the Czech BIS counterintelligence service, to the rank of general in the upcoming week, according to a spokesperson. Koudelka’s advancement has been a contentious issue in the past, with former President Miloš Zeman questioning the competence of BIS and refusing on seven separate occasions to promote Koudelka to the esteemed position. In contrast, the current President Petr Pavel has expressed his commitment to respecting the government’s decision on Koudelka’s promotion, demonstrating a shift in political sentiment. The previous cabinet, led by Andrej Babiš, as well as the current administration under Petr Fiala, have both seen their efforts to promote Koudelka thwarted by Zeman’s opposition. The upcoming discussion on Koudelka’s promotion signifies a potential turning point for the BIS leader, who has consistently faced roadblocks in his pursuit of the general rank. Koudelka’s potential promotion also highlights the importance of a strong and competent counterintelligence service in the Czech Republic, as the nation continues to face various security threats and challenges.”

63. Chaim Topol: Fiddler on the Roof Actor was Mossad Spy, Say Family

The Sunday Times published this story on April 15th saying that “the Israeli star of Fiddler on the Roof was an operative for the Mossad spy agency, his family have revealed. Chaim Topol, who died last month aged 87, worked for the Mossad branch in London as part of his intriguing double life, they said in an interview with the Israeli newspaper Haaretz. Topol played Tevye the milkman on Fiddler on the Roof. He was also James Bond’s wingman in For Your Eyes Only and a nutty professor in the 1980′s cult hit Flash Gordon. He was his country’s most famous Hollywood star long before Bar Refaeli, the supermodel, and Gal Gadot, the Wonder Woman actress, made their names internationally.”

64. British Spy Planes Dangerously Close to Russia

DeclassifedUK published this article on April 13th stating that “the Royal Air Force has had three close encounters with Russian jets over the Black Sea since September, with Britain’s parliament only told about the first incident. UK spy plane and two fighter jets came within 100 feet of Russian military aircraft in December, the leak indicates. The revelation will add to fears the Ukraine conflict is spiralling out of control.”

65. Russia: Ukrainian Citizen Sentenced to 15 Years in Prison for Espionage

Following 2022 week 34 story #24, Mediazone reported on April 12th that “the Kursk Regional Court sentenced 41-year-old E. A. Fedenko to 15 years in a strict regime colony on cases of espionage and attempted drug trafficking. This was reported by the press service of the courts of the region. A resident of Kursk, the press service said, a citizen of both Russia and Ukraine. He worked as an individual entrepreneur. In addition to imprisonment, Fedenko was fined 200 thousand rubles. Details of the espionage case are not given, since the trial was held behind closed doors (Article 276 of the Criminal Code). According to the press release, Fedenko was also found guilty of attempted sale of more than 2.9 kilograms of an unnamed drug via the internet in the Kursk region (Part 1 of Article 30 of the Criminal Code, Part 5 of Article 228.1 of the Criminal Code). Fedenko pleaded not guilty. The state prosecution requested for him 18 years in a strict regime colony and a fine of 500 thousand rubles, the defense asked to justify the person involved under each article. In August 2022, the FSB reported that it had detained “an agent of the Main Intelligence Directorate of the Ministry of Defence of Ukraine” in Kursk. The service published a video with footage of the detention and interrogation. The suspect said on camera that he “collected data about officers and their families, homes, officers of the aviation regiment and other military units.” He added that his tasks included “recruiting smaller ones (employees — Ministry of Health) and laying caches.” The FSB claimed that the detainee was a citizen of Ukraine. In the video, he said that he was born in the city of Sumy and was “recruited to the Ukrainian intelligence services in February 2018 on compromising conditions.” “I gave a receipt for cooperation with the news agency of Ukraine, receiving the pseudonym Altendorf and the first funds for current expenses,” the detainee said. The FSB reported that “special equipment and literature on guerrilla warfare and sabotage” were confiscated from the suspect. At that time, only the initiation of a case of espionage was reported, the article on the attempted sale of drugs was not mentioned in the message of the special services.”

66. SIGINT Historian: Gwen: A Stressed Spinster

Following week 11 story #87, week 12 story #65, week 13 story #82, and last week’s story #60 on April 11th the former GCHQ departmental historian Tony Comer published this article saying that “in September 1949, when I arrived back in Eastcote, rumours were circulating about a move away from the London area, possibly to Blackpool or to Cheltenham. At the time the government was keen on dispersing departments, what with the Russians having the atom bomb and thousands of foreign (ie American) troops on British soil. It was never quite clear, however, to whom we might be sending reports, apart from the War Cabinet in their bunker, because the main departments — Home Office, FCO, and the three Service Ministries remained in Whitehall. Perhaps that led to a further story: that aircraft were standing by to take key GCHQ personnel to Canada. The Gloucestershire Echo recently published a summary of the arrangements — the start of building at Oakley, the takeover of wartime huts at Benhall, and some information on how it all progressed. But the articles did not give any idea of what it felt like to be in the middle of it all, so what follows is the emotional stuff.”

67. Open Source Intelligence Firm “Social Links” Scouts for Partners in France

Intelligence Online reported on April 14th that “an attendee of the recent International Cybersecurity Forum in Lille, the open source intelligence firm Social Links is prospecting for a partner to move into the European marketplace.”

68. Russia: FSB Detained Resident of Khabarovsk for Financial Assistance to the Armed Forces of Ukraine

Through an official statement on April 11th, Russia’s FSB stated that “the Federal Security Service of the Russian Federation stopped the illegal activities of a resident of Khabarovsk, who was involved in committing high treason in the form of financial assistance to the Armed Forces of Ukraine in activities directed against the security of the Russian Federation. During the operational-search activities, it was established that the suspect made transfers of personal funds for the acquisition of weapons, ammunition and uniforms by the Armed Forces of Ukraine. On this fact, the investigative unit of the FSB of Russia initiated a criminal case under article 275 of the Criminal Code of Russia (“high treason”). Currently, investigative actions are being carried out aimed at securing evidence in a criminal case.”

69. Chinese Influence in Latin America: A 24-month Forecast

Grey Dynamics published this article on April 15th saying that “Chinese influence in Latin America is growing in recent years as China seeks to expand its economic and political interests globally. China is the largest trading partner for many Latin America countries and heavily invests in the region. China also provided loans to Latin America countries and continues building diplomatic and military ties with them. This is likely to lead the EU and US to become more actively involved in countering China. Key judgement 1. It is highly likely that in the next 24 months, China will continue establishing strategic partnerships and engaging economically in Latin America. Key judgement 2. It is likely that in the next 24 months, China will increase its defence cooperation with Latin American countries and increase military sales at the expense of the West. Key judgement 3. It is likely that in the next 24 months, the United States and the European Union will try to strengthen ties with Latin America to counterbalance China’s influence in the region.”

70. Ukrainian SBU Detains FSB agent in Sumy

On April 14th Ukraine’s Security Service (SBU) announced that they “detained a Russian agent who was looking for “weak spots” on the Ukrainian-Russian border. The Security Service exposed another FSB agent during counter-subversive measures in the Sumy region. He turned out to be a local resident, whom the Russian intelligence service involved in tacit cooperation even before the start of a full-scale invasion. According to SBU counter-intelligence, the attacker was recruited during one of his trips to the Russian Federation, where he maintained contact with a Russian working for the FSB. After February 24 of last year, the person involved received a hostile task: to collect intelligence on the bases of the Defence Forces in the border regions of the northeastern part of Ukraine. First of all, the enemy was interested in the locations of fortified areas, fortifications and the available weapons of Ukrainian defenders on the territory of the Sumy region. In order to collect information, the Russian agent traveled around the settlements of Sumy Oblast in his own car. During such trips, he met with local residents, in which, under the guise of conversations on everyday topics, he asked about the presence of the Ukrainian military in the border areas. After that, the traitor went to the area, clarified the information and marked the coordinates of Ukrainian objects on an electronic map for transmission to the FSB. To communicate with the aggressor, he used the closed chat of one of the messengers. Counter-intelligence officers of the SBU detained the attacker while performing an intelligence mission. According to the results of the searches, mobile phones and computer equipment with evidence of subversive activities in favour of the occupiers were seized from the suspect.”

71. Documentary: When Spy Games Go Horribly Wrong — The Venlo Incident

Philip Thompson published a new episode in the True Life Spy Stories on April 14th. As per its description, “while the successes of the British Secret Intelligence Service, or SIS, are held in great admiration, its failures are often overlooked. For reasons of national pride, these are relegated to the archives of memory and are seldom portrayed on the silver screen. It was on the 9th of November 1939 that MI6 fell victim to an elaborate sting orchestrated by the Sicherheitsdienst, the SS intelligence agency. On the outskirts of a small Dutch border town named Venlo, two senior MI6 intelligence officers were captured by the Nazis. Captain Sigismund Payne Best and Major Richard Stevens would spend the rest of World War 2 imprisoned. British intelligence in Europe was crippled at the worst possible time. What became known as the Venlo Incident sent a shockwave through British intelligence and caused tremendous embarrassment for the British government. Even worse, however, was that it gave Adolf Hitler the political pretext he needed to move forward with his planned invasion of the Netherlands the following year. This is the story of a British clandestine spying operation gone horribly wrong.”

72. Following the Lazarus Group by Tracking DeathNote Campaign

On April 12th private cyber security and intelligence firm Kaspersky published this analysis for a cyber espionage actor dubbed as LAZARUS, previously associated with the intelligence service of North Korea. As per its introduction, “the Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. We have previously published information about the connections of each cluster of this group. In this blog, we’ll focus on an active cluster that we dubbed DeathNote because the malware responsible for downloading additional payloads is named Dn.dll or Dn64.dll. This threat is also known as Operation DreamJob or NukeSped. Over the past few years, we have closely monitored the DeathNote cluster, observing a shift in their targets as well as the development and refinement of their tools, techniques, and procedures. In this blog, we will provide an overview of the significant modifications that have taken place within this cluster, both in terms of its technical and strategic aspects.”

73. Russian FSB Points to Ukraine for Assassination of War Correspondent in St. Petersburg

Following last week’s story #4, on April 13th Russia’s FSB announced that “the Federal Security Service of the Russian Federation, together with the Investigative Committee of the Russian Federation and the police authorities, established that the organisers of the terrorist attack on April 2, 2023 in St. Petersburg, were the intelligence services of Ukraine and their agents, including from among the Russian opposition hiding abroad. Thus, after the start of a special military operation, the leaders of the extremist organisation “Anti-Corruption Foundation” L. Volkov (Л. Волков) and I. Zhdanov (И. Жданов) repeatedly stated the need to conduct subversive activities in Russia in order to change the constitutional order of the Russian Federation “by any available means.” The Investigative Committee of Russia has initiated and is investigating criminal cases against them for public calls to carry out terrorist and extremist activities (Articles 205.2 and 280 of the Criminal Code of the Russian Federation), under which they have been put on the wanted list. As a result, on April 2 this year. A supporter of the “ideology of Navalny”, who previously registered in one of the key projects of FBK — “Smart Voting”, a citizen of the Russian Federation Daria Trepova (Дарья Трепова), born in 1997, committed a terrorist act in St. Petersburg. Her defence is carried out by lawyer Daniil Berman (Даниил Берман), who previously represented the interests of the coordinator of the Ufa headquarters of A. Navalny — L. Chanysheva, a member of the feminist group “Pussy Riot” M. Alyokhina, as well as the American journalist E. Gershkovich accused of espionage. In the course of further measures, it was established that the murder of M. Fomin, together with D. Trepova, was prepared by a member of the Ukrainian sabotage and terrorist group, a citizen of Ukraine Yuriy Denisov (Юрий Денисов), born in 1987, who, through the “express delivery” service, through an intermediary, transferred it to the city of In Moscow, an explosive device camouflaged as a plaster bust of a military commissar. Y. Denisov, on the instructions of the Ukrainian intelligence services, in February 2023 arrived from Kiev through the territory of Latvia to the capital region, where he collected information about the lifestyle and places visited by M. Fomin. To this end, he purchased a car and rented an apartment near his place of residence. After the act of terrorism on April 3, Y. Denisov flew out of Russia in transit through Armenia to Turkey. The procedure for putting him on the international wanted list has been initiated. The investigation into the attack continues. All its organisers and accomplices will be held accountable in accordance with the legislation of the Russian Federation.”

74. Sweden: Prosecution for Gross Unauthorised Position with Secret Information

On April 13th Sweden’s Security Service (SÄPO) announced that “a person is prosecuted at Uppsala district court on suspicion of gross unauthorised position with secret information. The person is suspected of having unauthorisedly taken a position with secret information about 19 defence facilities. The person is also suspected of unauthorised promotion and disclosure of secret information about 26 defence facilities. In the past, several other people have been prosecuted and sentenced for the same type of crime. The Security Service has conducted the preliminary investigations under the direction of prosecutors at the National Security Unit.”

75. Russia: Clients’ Revolts Expose Partners of FSB Shipbuilder

Intelligence Online reported on April 13th that “Vladivostok’s Vostochnaya Verf shipyard, which is on Western countries’ sanctions list and has declared itself bankrupt, finds itself caught in the crossfire between its clients — the FSB and the Ministry of Defence — and its suppliers, whose identities have been exposed via the legal action they have taken in Russia.”

76. Ukrainian SBU Announced Prison Term of 11 Years for Correctional Officer at Mykolaiv, Operating as Covert FSB Agent

Following 2022 week 31 story #76, on April 15th Ukraine’s SBU announced that “the correctional officer who pointed “Kalibr” missiles at Mykolaiv received a prison term. The Security Service has gathered indisputable evidence of the guilt of another FSB informant who was active in the front-line areas in the south of Ukraine. The attacker corrected missile strikes on Mykolaiv with Russian “Kalibr” cruise missiles. In addition, he collected intelligence on the locations of bases and movements of units of the Defence Forces in the region. First of all, the enemy henchman tried to identify the combat positions of the artillery and air defence systems of the Armed Forces. Officers of the Security Service detained the attacker at the beginning of August last year during counter-subversive measures in the Mykolaiv region. According to SBU materials, the court sentenced him to eleven years of imprisonment. As the investigators established, the enemy informant turned out to be a resident of the regional centre. At the beginning of the summer of last year, the Russian intelligence service involved him in secret cooperation through a representative of the “MDB DNR”. He came into the enemy’s field of vision on one of the pro-Kremlin Telegram channels, where he regularly justified Russian armed aggression against Ukraine. During the search, a mobile phone was found in the attacker’s possession, which he used to communicate with the occupiers.”

77. Ukrainian Accused of Espionage, Sabotage, Assassination Attempts in DPR

TASS reported on April 15th that “a Ukrainian citizen is accused of espionage, sabotage and dozens of crimes committed in the Donetsk People’s Republic (DPR), a district military court told TASS. “The case of Grigory Sinchenko was assigned to a judge,” the Southern district military court said. The date of a court session has not been appointed yet, the court added. According to the DPR Interior Ministry, Sinchenko was first detained in 2016. He was suspected of blowing up vending kiosks and a power transmission line. He made explosives himself and carried out blasts to extort money from businessmen. He got to Ukraine as part of a prisoner exchange, but later he illegally returned to the DPR to continue his illegal activities. He was detained again in 2020. Sinchenko, a Donetsk native, is accused of more than 40 crimes, including espionage, sabotage that caused grave consequences, and attempts on the life of judges and law enforcement officers. He also deliberately caused damage to property, trespassed the border, fled from custody, extorted money from entrepreneurs and participated in a terrorist ring.”

78. South Korea Opposition Calls for Probe into US Spying

RTL Today reported on April 12th that “South Korea’s opposition urged the government on Wednesday to investigate alleged espionage by the United States after leaked documents appeared to show Washington spying on its key Asian ally. A trove of highly sensitive US intelligence that has emerged online included revelations that Washington had been spying on President Yoon Suk Yeol’s national security advisors as part of an effort to secure arms supplies for Ukraine. Seoul sought to downplay the importance of the leaked documents on Tuesday, with Yoon’s office claiming “a significant number” of the documents were fake and his national security advisor saying there were no “malicious intentions” in the incident. But the revelation has sparked criticism in South Korea about the vulnerability of sensitive sites including the presidential office. “The government must get to the bottom of eavesdropping allegations and if they are found to be true, it must get an official apology and guarantee that it won’t do it again from the US,” Lee Jae-myung, head of the opposition Democratic party, said on Wednesday. Opposition lawmakers have accused the government of trying to move past the incident and smooth relations ahead of Yoon’s state visit to Washington due later this month.”

79. Canadian MP Felt ‘Shadow of Doubt’ after Spy Agency Warned Him about Diplomat

On April 14th CBC published this exclusive story stating that “a veteran Canadian MP met three times with the ambassador of a country in the crosshairs of the Canadian Security Intelligence Service, leading CSIS to warn the parliamentarian away from further interactions, CBC News has learned. “You just cast a shadow of doubt over everyone,” the MP said, speaking confidentially because he was not authorized to comment publicly on the matter. “Once you have that doubt placed on you, I don’t know how you recover.” CBC News is not identifying the country in question in order to protect the MP’s identity. CBC reached out to more than 30 MPs across party lines who identify as members of ethnic or religious minorities to ask if they thought they had ever been inappropriately surveilled by Canada’s intelligence agencies. The MP who spoke to CBC News said the ambassador reached out to him for a meeting and he felt he needed to oblige out of politeness — although he was well aware of Canada’s issues with the government the diplomat represented. “I may have met with him three times,” the MP said. He said he was surprised when the spy agency reached out to him afterwards. The MP said CSIS warned him, in a face-to-face encounter, to “be careful” because the diplomat in question was “not trustworthy” and “might be seeking information.” “It’s not like I disagree,” the MP said, adding he thought it was strange a Canadian intelligence official felt the need to visit him in person. The MP said he never saw the ambassador again after hearing from CSIS.”

80. Estonia: The Threats to Estonia’s Security Arising from Russia Have Not Changed

The Estonian Internal Security Service (KAPO) published this press release this week, along with its Annual Review 2022–2023. Among others, stating that “the threats to Estonia’s security arising from Russia have not changed. In this annual review, we cover the usual developments in the protection of constitutional order and counterintelligence, as well as some changes in cyberspace. To provide some context, we should note that Russia’s resources are currently being primarily expended on attacking Ukraine, but yet they have no shortage of resources. Russia has enough time and energy to continue threatening our safety and security. Russia’s influence activities cover many areas of life. The standard open attacks by the propaganda machine, along with the covert manipulation of information and smear campaigns aimed against Estonia, have been so persistent that many have developed immunity. Often, we pay no heed to hostile propaganda anymore and simply shrug it off. So what? It makes no difference to us. But is that always the case? While hostile action may not be a direct at-tack against us, the consequences often manifest in other ways and forms. We still have a pending court judgment regarding a propagandist who acted in the interests of Moscow and collaborated with foreign special services and whose lies gave rise to accusations at the international level of human rights violations in Estonia.”

81. China Punishes Citizens for Sharing Information on Xinjiang

SCMP reported on April 14th that “Beijing has used anti-espionage laws to punish Chinese nationals for providing overseas organisations with Xinjiang-related documents, some of which were used to fuel allegations of forced labour, according to cases made public on Friday. Details of the cases were revealed in an article posted on the website of the Central Political and Legal Affairs Commission, the Communist Party’s top security body responsible for overseeing all law enforcement agencies, national security and intelligence systems. The six cases, meant to serve as warnings about offences that threaten national security, were made public a day before National Security Education Day on April 15.”

82. Australian Arrested of Allegedly Selling Information to Foreign Spies

Al Arabiya reported on April 15th that “an Australian national who recently returned to the country after living overseas has been arrested for allegedly selling sensitive information to a foreign intelligence service, police said. The Australian Federal Police said Alexander Csergo, 55, had been compiling reports for two foreign spies known to him as “Ken” and “Evelyn”. The pair offered to pay Csergo for information on Australia’s “national security arrangements”, police said, without naming which intelligence agency they were allegedly working for. “Espionage and foreign interference pose a serious threat to Australia’s sovereignty, security and integrity of our national institutions,” police added. Csergo, an IT and marketing specialist, was arrested in Sydney on Friday evening, and briefly appeared in a local court via video link on Saturday morning. He was first approached while he was working overseas by an individual who claimed to be representing a think-tank, police sad. That individual arranged for Csergo to meet the pair known as “Ken” and “Evelyn”. Assistant police commissioner Krissy Barrett said Ken and Evelyn work for a “foreign intelligence service and are undertaking intelligence collection activities”. Barrett said other Australians may have been approached. Csergo is charged with one count of “reckless foreign interference” — carrying a maximum prison sentence of 15 years — and is just the second person to be charged under anti-spying laws passed by the former conservative government in 2018. He is due to reappear in court on Monday.”

83. Five Austrians on Trial Over Syrian Ex-general

On April 15th RUDAW reported that “five Austrian ex-officials went on trial in Vienna on Friday, risking up to five years in prison for allegedly granting asylum to a Syrian former general suspected of crimes against humanity. It is the latest case linked to the prosecution of Syrian officials in Europe, where Syrian refugees have drawn on the principle of universal jurisdiction to ensure suspected war criminals are held accountable. In 2016, an international non-profit organisation tipped off Austrian authorities about war crimes allegations against Khaled al-Halabi, who served as head of state security in the northwest city of Raqqa from 2009–2013, after locating him in Vienna. The Commission for International Justice and Accountability (CIJA) accuses the branch under Halabi’s command of committing “egregious crimes against humanity, including murder and torture, along with sexual offences… with his knowledge”. The defendants — four ex-senior officials in Austria’s domestic BVT intelligence agency and a former asylum agency official — are accused of abusing their office to procure asylum for Halabi under an alleged deal with Mossad, Israel’s secret service. Prosecutors say they helped Halabi transfer from France to Austria and obtain asylum in 2015 “under false pretences” under a “cooperation agreement” between a “foreign partner service” and the BVT. Austrian media have identified the “foreign partner service” as Mossad.”

84. Discord Leaks Reveal Chinese Spy Balloons Are Named For Mob Bosses

Forbes reported on April 14th that “Whitey Bulger, Donald Killeen and Tony “Big Tuna” Accardo were all big names in organized crime during the 20th century. But they’re also the names given to Chinese spy balloons by U.S. intelligence, according to documents leaked on Discord over the past few months. The Washington Post has a fascinating new report about various Chinese spy balloons that U.S. authorities were tracking before the balloon that captured national attention back in February. The revelations are part of the documents allegedly leaked by a 21-year-old IT worker with the U.S. military on the messaging platform Discord. And while the presence of previously undisclosed spy balloons is certainly interesting in and of itself, the unique nature of the Discord leaks means we’re getting a peek behind the secretive curtain at U.S. intelligence agencies which includes details that would normally only be revealed decades later, if they were revealed at all. One Chinese spy balloon, dubbed the Bulger-21, was named for Whitey Bulger, the organized crime boss who evaded authorities for decades before being caught in 2011. Bulger died in prison in 2018. The Bulger-21 circled the globe from December 2021 until May 2022 and carried “sophisticated surveillance equipment,” according to the Washington Post. A leaked document about Bulger-21 includes a photograph taken by the spy balloon, though it’s not clear how U.S. intelligence obtained the image. The documents all originated with intelligence agencies that don’t get much attention in the press but are considered vital to U.S. military interests, like the National Geospatial-Intelligence Agency (NGA) and the National Reconnaissance Office (NRO). Another Chinese balloon, called the Killeen-23 by U.S. intelligence agencies, was named for Donald Killeen, a South Boston crime boss who was murdered in 1972. Killeen-23 contained a “parabolic dish measuring 1.2 meters in diameter,” but its image collection capabilities were apparently still a mystery. Another spy balloon, Accardo-21, was named after Tony “Big Tuna” Accardo, a Chicago crime boss who died of old age in the early 1990s. The Accardo-21 reportedly carried a “foil-lined gimbaled” sensor, though the Post story doesn’t include enough contextual information to explain what that would be used for.”

85. Russian FSB Declassifies WWII Documents from SMERSH Investigations on German POW Camp Dulag-205

On April 13th Russia’s FSB announced the declassification of some documents stating that “the FSB of Russia publishes on its official website under the heading “Archival materials” of the section “History” declassified archival documents on the activities of the counter-intelligence agencies “SMERSH” in investigating crimes committed by the administration of the German prisoner of war camp “DULAG-205” near the village of Alekseevka near Stalingrad. Published documents testify that about 3,000 corpses of Red Army prisoners of war and commanders who died of exhaustion and cold were found on the territory of the camp and near it. In addition to the unbearable conditions of the prisoners of war in the camp and constant hunger, the prisoners of the camp were bullied by the guards, dogs were set on them, and those who could not do the work were shot on the spot. At the end of the investigation of crimes in the commission of murders and torture of the civilian population and captured Red Army soldiers, the Military Tribunal of the 3rd Baltic Front sentenced the perpetrators from among the former leaders of the camp administration to death.”

86. Germany: Russian Spies are Looking for Bundeswehr Soldiers on Tinder

The German WELT reported on April 15th that “Russia’s intelligence service is under pressure and is aggressive in Germany. Authorities are currently not only warning of cyber attacks, but also of honey traps for soldiers on dating platforms. Everything starts with a swipe. With this promise, the dating platform Tinder in Germany is trying to attract people who are willing to love. That means: just swipe to the right on the mobile phone screen, where your dream partner is already waiting. Or the Russian intelligence service. According to information from WELT AM SONNTAG, Putin’s spies are currently supposed to set up honey traps there.”

Espionage
Sigint
Osint
Humint
Spy

--

--

The Spy Collection

Written by The Spy Collection

1.1K Followers

Weekly summaries of all published espionage-related news stories. For inquiries please use: info@spycollection.org

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams