SPY NEWS: 2023 — Week 16

Summary of the espionage-related news stories for the Week 16 (April 16–22) of 2023.

1. India: Gangster Atiq Ahmed Admitted Links to Pakistani Spy Agency ISI

NDTV reported on April 17th that “gangster-politician Atiq Ahmed, who was shot dead along with his brother at point-blank range, had admitted during questioning by police that he had links with Pakistan’s Inter-Services Intelligence and terror outfit Lashkar-e-Taiba, according to an FIR. Ahmed and his brother Ashraf were killed by three men posing as journalists in the middle of a media interaction on Saturday night while police personnel were escorting them to a medical college here for a checkup. The three accused — Lavlesh Tiwari, Sunny and Arun Maurya — were arrested over their alleged role in the crime. As per an FIR registered at the Shahganj police station, Ahmed admitted to having links with the Inter-Services Intelligence (ISI) and Lashkar-e-Taiba (LeT). Police said Ahmed’s statement was recorded on court orders. “The ISI, using drones, used to drop weapons in Punjab, and someone linked to the ISI used to collect these arms and send some of them to LeT, some to Khalistan separatist organisations, and some weapons like .45 bore pistol, AK-47 and RDX were made available to me, and I used to pay for the same. “People belonging to these organisations also used to come to my place. And, information gathered from their conversations suggested that they wanted to cause a major incident in the country,” Ahmed told police. He also told police that he knew the whereabouts of some of these people associated with ISI and LeT, while his brother knew the details of others.”

2. Australian Businessman Allegedly Given Envelopes of Cash from Chinese Spies for Information

Following last week’s story #82, The Guardian reported on April 17th that “an Australian businessman received envelopes of cash from suspected Chinese spies in exchange for handwritten reports on Australia’s foreign alliances, a court has been told. Alexander Csergo, 55, is accused of accepting money from two spies dubbed “Ken” and “Evelyn” in exchange for reports on Australian defence, economic and national security arrangements while he worked in China during Shanghai’s extended Covid-19 lockdown. The Aukus and Quad alliances, lithium mining in Australia and “iron ore risk” were among the topics sought, Australian authorities allege. The communications and technology infrastructure consultant was arrested and charged on Friday. He had faced weeks of questioning by Australian Security Intelligence Organisation and federal police and an extensive search of his phone and laptop including WeChat messages, Downing Centre local court was told on Monday. Csergo allegedly conceded early in the interview process that he suspected Ken and Evelyn were spies soon after meeting them but remained in contact with them for two years. “He clearly has links to the Chinese state and two people he clearly thinks work for the MSS [Ministry of State Security],” the commonwealth prosecutor Connor McCraith told a Sydney court. “He also travelled back to Australia with a shopping list.” The so-called shopping list was discovered by Asio three weeks after Csergo arrived in Australia earlier this year. McCraith said a reasonable person would have alerted Australian authorities immediately. Instead, Csergo had continued communication with the male suspected spy, including inviting him to “visit”, he said. Csergo’s lawyer, the prominent barrister Bernard Collaery, cast the reports as anything but sinister.”

3. Israel: Netanyahu: I’m Sure CIA Knows Mossad Was Not Behind Anti-government Protests

On April 16th The Times of Israel reported that “Prime Minister Benjamin Netanyahu denies the Central Intelligence Agency’s leaked analysis that the Mossad spy agency was backing the protests against his government’s effort to overhaul the judiciary. “I value American intelligence a little more than that, and I think they probably know the truth,” Netanyahu tells NBC’s Meet the Press, when asked about the leaks that were widely covered in US media and quickly denied by Israel. “The truth is that the Mossad legal adviser said that under Israeli law, junior members of Mossad can participate in demonstrations, not senior members. That’s, I think, what led to this misunderstanding,” he says. “The Mossad, the military, the internal security services are working hand-in-hand with me as prime minister to assure the security of the country, and they’re doing a damn good job of it. The 15-minute interview focuses largely on the judicial overhaul, with Netanyahu repeating talking points about the need for reform to restore a balance of power between the branches of government, and insisting that he is seeking as broad of a consensus as possible for the changes he is seeking.”

4. Spy Collection: SISMI Magnetic Paperweight by Cleto Munari

On April 17th we published a new video in our memorabilia items playlist. As per its description, “this memorabilia item was designed by the Italian designer & artist Cleto Munari in the mid-2000s for the Italian SISMI (Military Intelligence and Security Service). SISMI was dissolved in 2007 due to a major reform of the Italian intelligence community. This was a gift that was given to SISMI officers.”

5. Citizen Lab’s Research Was the Last Nail: Israeli QuaDream is Closing

Following last week’s story #10, on April 16th the Israeli Calcalist reported that “the Israeli offensive cyber company QuaDream is closing down — Calcalist learned this from several sources in the industry. This is apparently as a result of the difficult situation in which the multitude of cyber espionage companies find themselves following the growing global criticism of their activities and the problematic use made of their products. According to the sources, all the company’s employees were summoned for a hearing and in practice it has already stopped its activities. The immediate background to QuaDream’s closure is a joint study by Microsoft and the University of Toronto’s Citizen Lab research institute on the company. According to the study, published last week, QuaDream’s spyware, known as REIGN, was used to attack civil society activists, journalists and politicians in Latin America, Central Asia, Southeast Asia, Europe and the Middle East. The QuaDream spyware was operated from, among others, Israel, Bulgaria, the Czech Republic, Hungary, Ghana, Mexico, Romania, the United Arab Emirates and Uzbekistan, and used a zero-click attack against iPhones running version 14 of the iOS operating system. According to Mekorot, the company has been in a difficult situation for several months, and the research was the last nail in its coffin. Apparently, in practice the company is no longer active and there are only two employees left in its offices whose job it is to look after the computers and other equipment. At the same time, the board of directors is trying to sell the intellectual property of QuaDream.”

6. United States: Russian Propaganda Channel “Donbass Devushka” Hosted by a Former U.S. Navy Officer

On April 17th NEXTA TV reported that “a major disinformation and Russian propaganda channel called “Donbass Devushka”, which published a fake version of “secret Pentagon documents,” is hosted by a former U.S. Navy officer who was recently discharged from military service. The “Mila Girl from Luhansk,” who hosts podcasts with pro-Kremlin propagandists, turned out to be Sarah Bils, a divorced American from New Jersey. She was exposed by members of the “North Atlantic Fella Organization” (NAFO), an online community that fights Russian propaganda. On Twitter, “Donbass Devushka” posted filtered photos of herself and wrote that her name was Mila. NAFO collated the photos and other information from one of the podcast videos and found out that her real name is Sarah Bils, but she had recently officially changed it to another, more Russian name. Bils is a former U.S. Navy officer, recently discharged from active duty. Bils herself claims she was “kicked out” of the military because of her “leftist views.” Former associates have expressed concern about her mental health and have called her a habitual liar. Beals’ mother claimed that her daughter often made up stories. On social media, “Donbass Devushka” claimed she was traveling between the Russian city of Rostov-on-Don and the Ukrainian city of Luhansk in 2014, but in reality, Bils was suing her ex-husband in Oak Harbor at the time. When Russia began a full-scale invasion of Ukraine on February 24, 2022, Bils created several Twitter accounts and added Telegram in April. Her Telegram channel publishes more “banned” Twitter content, including memes, fake images, and ultra-violence: such as cheering the killing of a U.S. volunteer who went to Ukraine, videos of dead Ukrainians, and supporting videos of a Ukrainian POW being beheaded by Russian mercenaries from the “Wagner” PMC. In January 2023 Jack Teixeira of the Massachusetts National Guard shared hundreds of classified documents on his Discord server. The Bellingcat investigation revealed the distribution of documents from Teixeira’s Discord to 4Chan, Telegram and Twitter. Two versions of the key documents were distributed: one showed that Russian losses far exceeded Ukrainian ones, and the other badly edited version showed the opposite. Belligcat claims that the falsified versions were created by the Telegram channel “Donbass Devushka”, but Bils denies this claim. Fox News host Tucker Carlson used the faked version circulated on “Donbass Devushka’s” Telegram channel to claim that Ukraine had a 7-to-1 troop loss ratio and is “losing the war” (video). The faked versions were spread by pro-Kremlin propagandists, and “Donbass Devushka” began supporting the well-known Z-channel. In November 2022, The Bell journalists found out that this channel received money from Yevgeny Prigozhin (head pf the PMC “Wagner”) and could be linked to the FSB.”

7. Podcast: Spycraft 101: The President, the Prosecutor, and the Spy with Justin Webster

On April 16th Spycraft 101 published this new episode. As per its description, “a Bersa Model 62 .22lr pistol covered in blood and gore was found beneath the body of Argentinian federal prosecutor Alberto Nisman in the early morning hours of January 19th, 2015. Just hours after his body was found in the bathroom of his apartment, Nisman was scheduled to testify before Congress that a years-long investigation by his office had determined that President Cristina Fernández de Kirchner’s administration had intentionally covered up Iranian government involvement in the 1994 AMIA bombing in Buenos Aires which killed 85 people and wounded hundreds more. Nisman was an ambitious and driven young prosecutor when he took on the investigation into the aftermath of the AMIA bombing in 1998. It would become his singular focus for the next seventeen years. He worked closely with a senior counterintelligence officer named Jaime Stiuso to establish extradition requests known as Red Notices through Interpol for five Iranian suspects in an effort to bring them to justice. He also managed to stay in the public eye with a series of interviews and media appearances throughout the investigation. He kept attention on the bombing and galvanized the public’s desire for the truth, and the formal complaint he lodged against Kirchner’s administration, which alleged they’d attempted to have the Interpol Red Notices lifted, stunned the entire nation. Was his death a professional hit intended to silence him, to the benefit of powerful officials in Argentina or elsewhere? Or did Nisman take his own life after realizing that, on the eve of what should have been his greatest lifelong professional triumph, the evidence did not support claims he’d made in public, and he was on the verge of destroying his own reputation and career? For episode 80 of the Spycraft 101 podcast I discussed the life and death of Alberto Nisman with Justin Webster, director of the Netflix documentary series “Nisman: The Prosecutor, the President, and the Spy.”.”

8. Czech: Interview with Counter-intelligence Director Michal Koudelka on Chinese and Russian Espionage

After last week’s story #62, the Czech Respekt published this interview on April 15th. The interview started by saying: “Classified wartime documents have been leaked from the US Department of Defense that describe US and NATO plans to strengthen the Ukrainian military ahead of a planned offensive against Russian troops. The Pentagon described the materials as “highly sensitive” and that their release poses a “very serious risk to national security”, while Ukrainian commentators, on the other hand, suggest that it may be an intelligence operation to confuse the Russians. What do you think? ( The interview took place before the arrest of Jack Teixeira, a member of the Air Force of the Massachusetts State Guard, whom the FBI suspects of the crime — editor’s note ) There are more options. Personally, I am not a fan of conspiracy theories that the Americans themselves brought it up, or that they did it in cooperation with the Ukrainians to somehow confuse the Russians. That seems a bit far-fetched to me. I know from my many years of experience that the reality in such cases is often rather simple. So I’m inclined to explain that it was released by someone who had some personal motivation, as it is now written about in the American media, he could also want to take revenge on someone or serve domestic politics, or if it was organized by a foreign power, then it would recorded to the Russians.”

9. Uighurs in UK Being Forced to Spy on Each Other as Their Families Back Home Effectively Held Hostage by China

On April 16th DailyMail reported that “Chinese agents are harassing Uighur Muslims living in Britain, a Foreign Office-funded report has found. The Uighurs are being forced to spy on each other with their families back home effectively held hostage. Those targeted are ordered to take pictures at pro-Uighur rallies, while others have been told to get work at Amnesty International and report back, to create paranoia and distrust in their community. Up to 60 per cent of British Uighurs have faced harassment from the Chinese authorities, the report concludes. They are informed that their families will be harmed if they fail to comply, with some given photos and videos of their loved ones surrounded by police officers.”

10. AFP Bust be ‘More Aggressive’ on Espionage: Senator

Following this week’s story #2, The Australian reported on April 16th that “opposition cyber security spokesman James Paterson says the AFP must be more aggressive in charging Australians for foreign interference and espionage crimes, following the arrest of Sydney businessman Alexander Csergo on Friday for selling Australia’s secrets to alleged overseas spies. Mr Csergo is only the second person to be arrested under federal foreign interference laws introduced in 2018, which Senator Paterson said was “inconsistent” with warnings from the Australian Security Intelligence Organisation about skyrocketing espionage threats. “If espionage is our №1 security threat, I’d expect to see more people being charged under those laws than just two people in five years,” said Senator Paterson, who is also the chairman of the Select Committee on Foreign Interference through Social Media. “I don’t think we’ve been aggressive enough in charging people.” While the AFP has “disrupted a lot of activities” through small measures such as revoking visas, Senator Paterson said the agency should be charging more individuals. “The reason why parliament passed the 2018 laws in the first place was so that it had a deterrent effect,” he said. “For the deterrent effect to work you actually have to charge people and convict them, and no one has been convicted yet.” Mr Csergo, 55, was arrested by Australian Federal Police at Bondi in Sydney’s eastern suburbs late on Friday and charged with one count of reckless foreign interference, a charge that carries a 15-year jail term. He fronted Parramatta Local Court on Saturday morning via video link, but the matter was adjourned for a subsequent release application.”

11. United States: You Paid For It: Training St. Louis Youngsters for Tech Jobs at NGA

On April 17th the FOX 2 St. Louis published this news report in its “You Paid for It” series. As per its description, “the National Geospatial Intelligence Agency will open its new, $1.7 billion headquarters in north St. Louis in 2025. The state of Missouri is spending millions in tax dollars on a deal that, hopefully, will provide young people a new future with the spy agency.”

12. United Kingdom: China Accused of Targeting MPs and Their Families in Intimidation Campaign

The Telegraph reported on April 16th that “prominent Conservative critics of China have revealed their fears that Beijing is monitoring their families as part of an intimidation campaign aimed at deterring them from speaking out. A Tory MP’s child allegedly had their university application jeopardised amid warnings Chinese funding would be pulled from the institution, while the child of one politician was knocked off course when they were blocked from travelling with a Chinese airline. Iain Duncan Smith, a former Conservative Party leader, told The Telegraph he believed Beijing was keeping tabs on his family members’ movements while Alicia Kearns, a fellow critic of the regime, said she would not rule this out as China would “want us to feel watched”. The senior Tory MP also said she knew of one colleague whose child’s study plans had been thrown into disarray because their parent was a politician who had been sanctioned by the Chinese state. She said the prospective student’s university bid was threatened when the institution in question was warned all Chinese funds would be withdrawn if they accepted the application. It has also been claimed one politician’s child ran into trouble after being assigned a flight with a Chinese airline when their original journey was cancelled. They were allegedly barred from getting on the plane for the replacement trip because of their surname. The claims have emerged as The Telegraph spoke to five prominent China critics in Westminster — four Tory MPs and one crossbench peer — about the pressures they believe they are under to keep quiet.”

13. Elon Musk Says U.S. Government ‘Had Full Access’ to Private Twitter DMs

On April 17th Forbes reported that “Elon Musk, who purchased Twitter in October 2022 for $44 billion, claims the U.S. government had full access to everything on the social media platform, including private direct messages (DMs) between users, according to an explosive new teaser clip shared by Tucker Carlson. And while the clip will likely make people curious to see the full interview with Musk, which is reportedly airing on Fox News on Monday, there are a lot of follow-up questions that hopefully Carlson had the foresight to ask. “The degree to which various government agencies effectively had full access to everything that was going on on Twitter blew my mind. I was not aware of that,” Musk said in the new clip that’s available on Twitter. “Would that include people’s DMs?” Carlson asked. “Ah, yes,” Musk responded in the short clip.”

14. Sweden Releases Russian Woman Detained on Suspicion of Industrial Espionage

Following last week’s story #47, TASS reported on April 15th that “the Swedish prosecutor’s office has released a Russian women detained on Thursday on the suspicion of industrial espionage. “Suspicions against the detainee became weaker on Thursday. Also, there were no sufficient grounds for detention. Therefore, I made a decision today to release this individual,” Prosecutor James von Reis said. The preliminary investigation is continuing. The prosecutor was not available for comment. The press service of the prosecutor’s office has no further information regarding this case. The TV4 channel said on Friday the detainee worked at the oil refinery of the Preem company in Gothenburg. In connection with the Russian woman’s detention a number of persons were summoned for questioning, and “searches were made at various places.”.”

15. Stakeknife: Who Was Army’s IRA Spy Freddie Scappaticci?

BBC published this article on April 15th stating that “Freddie Scappaticci once told one of his captives that if he had his way he would be hung upside down in a cowshed and no-one would hear him squeal as he was skinned alive. The would-be victim Sandy Lynch was rescued from IRA execution by the security forces. The year was 1990 and Mr Scappaticci’s double life as an agent within the IRA was approaching an end. But it would be a further 13 years before he was unmasked as Stakeknife. Mr Scappaticci, who died last week aged 77, was for a long period the British Army’s “golden egg” within the IRA. “Scap”, as he was known, was born to an Italian family which came to Belfast in the 1940s. A bricklayer by trade, he was interned without trial between 1971 and 1974. A few years later he became a paid spy for the Army, reportedly crossing over after being beaten up by the IRA following a row with a senior member. By the 1980s he was operating at the heart of the IRA, within its internal security unit. It was known as the “nutting squad” because the informers it uncovered were shot in the head — the nut — and their bodies dumped after interrogations involving torture.”

16. Shin Bet Blackmails Gay Palestinians Into Betrayal

On April 14th Tikun Olam published this story saying that “the Lion’s Den, the most formidable West Bank resistance group, was founded in Jenin. Planning and execution of several attacks against Israel originated there. After these terror attacks, it became critical for the Shin Bet to identify Lion’s Den leaders and eliminate them. This effort led to horrific Israeli attacks there and in Nablus which left scores of Palestinians dead and wounded. Some were militants, but many were innocent bystanders. One of the key methods for identifying wanted suspects begins the IDF SIGINT Unit 8200. It has the most sophisticated surveillance tools in the world which scour communications of Israel’s rivals and enemies throughout the Middle East, but in Palestine in particular. Unit 8200 personnel possess one of the most comprehensive and intrusive suite of weapons tracking the lives and conversations of Palestinians. They have access to the Palestinian communications network, permitting it to hear every phone call, read virtually any text message, and access any Palestinian internet provider. The Israeli spooks use data-mining tools searching for particular words that either might indicate someone planning a terror attack; or someone in particular distress. This ranges from people in financial distress, facing severe illness, engaged in adultery or LGBTQ individuals. All of these are ripe for exploitation because their vulnerabilities offer the Shin Bet opportunities to recruit them as informers. A former Unit 8200 officer who joined a group of refusers who objected to its methods, described them: “Every case in which they can snare an innocent person, who can be extorted in exchange for information or can be recruited as a collaborator, is gold for us,” said N., one of the 43 graduates of unit 8200, who refused to report for reserve duty in 2014 following these atrocities. For a dark institution undeterred by the most heinous tactics, the fragile status of Palestinian LGBTQ people is a gold mine. “In the training course they study and learn by heart various words for gay in Arabic,” N. said. The goal is to trace in wiretapping the slightest hint of a random person’s sexuality and use it against them. Then the most moral army in the world will ruin that person’s life, only because he’s gay. This practice also makes every LGBTQ person in the territories seen as a potential collaborator making the already persecuted community’s situation even worse.”

17. Leaked U.S. Intelligence Reveals Military Was Aware of Four More Chinese Spy Balloons

DailyMail reported on April 15th that “top-secret intelligence documents allegedly leaked by Massachusetts Air National Guardsman Jack Teixeira (pictured) reveal that U.S. intelligence agencies were aware of up to four more Chinese spy balloons in addition to the one that flew over the country earlier this year. One balloon flew over a U.S. carrier strike group, another, code named Bulger-21 by U.S. officials, circumnavigated the Earth from Dec 2021 until May 2022, a third named Accardo-21 is also mentioned in the documents and a fourth is said to have crashed in the South China sea.” It continues that “the documents also identify the balloon that crossed the continental U.S. in January and February before being shot down off the coast of South Carolina was code-named Killeen-23. A U.S. official told the Washington Post that the naming convention for such balloons is alphabetical, which suggests there may be even more incidents of Chinese spy balloons being identified that were not leaked.”

18. Russians Boasted that Just 1% of Fake Social Profiles are Caught, Leak Shows

The Washington Post reported on April 16th that “the Russian government has become far more successful at manipulating social media and search engine rankings than previously known, boosting lies about Ukraine’s military and the side effects of vaccines with hundreds of thousands of fake online accounts, according to documents recently leaked on the chat app Discord. The Russian operators of those accounts boast that they are detected by social networks only about 1 percent of the time, one document says. That claim, described here for the first time, drew alarm from former government officials and experts inside and outside social media companies contacted for this article. “Google and Meta and others are trying to stop this, and Russia is trying to get better. The figure that you are citing suggests that Russia is winning,” said Thomas Rid, a disinformation scholar and professor at Johns Hopkins University’s School of Advanced International Studies. He added that the 1 percent claim was probably exaggerated or misleading. The undated analysis of Russia’s effectiveness at boosting propaganda on Twitter, YouTube, TikTok, Telegram and other social media platforms cites activity in late 2022 and was apparently presented to U.S. military leaders in recent months. It is part of a trove of documents circulated in a Discord chatroom and obtained by The Washington Post. Air National Guard technician Jack Teixeira was charged Friday with taking and transmitting the classified papers, charges for which he faces 15 years in prison.”

19. Netherlands: AIVD Releases Annual Report 2022

On April 17th the Dutch General Intelligence and Security Service (AIVD) published their Annual Report for 2022. You can find the PDF version here. The 58-pages long report is split into the following chapters: 1) National Threats, 2) International Threats, 3) Assistance in Preventing or Eliminating Threats, and 4) Organisation and key figures.

20. Google Uncovers APT41’s Use of Open Source GC2 Tool to Target Media and Job Sites

The Hacker News reported on April 17th that “a Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control (GC2) amid broader abuse of Google’s infrastructure for malicious ends. The tech giant’s Threat Analysis Group (TAG) attributed the campaign to a threat actor it tracks under the geological and geographical-themed moniker HOODOO, which is also known by the names APT41, Barium, Bronze Atlas, Wicked Panda, and Winnti. The starting point of the attack is a phishing email that contains links to a password-protected file hosted on Google Drive, which, in turn, incorporates the GC2 tool to read commands from Google Sheets and exfiltrate data using the cloud storage service. “After installation on the victim machine, the malware queries Google Sheets to obtain attacker commands,” Google’s cloud division said in its sixth Threat Horizons Report. “In addition to exfiltration via Drive, GC2 enables the attacker to download additional files from Drive onto the victim system.” Google said the threat actor previously utilized the same malware in July 2022 to target an Italian job search website.”

21. Arunachal Pradesh is Top of the Agenda in India-US Intelligence Exchanges

Intelligence Online reported on April 17th that “India’s national security adviser, Ajit Doval, is pushing for greater US support in Arunachal Pradesh, the disputed territory bordering China that Beijing has in its sights.”

22. New Videos Released by Former CIA Officer Jason Hanson

Throughout this week former CIA officer Jason Hanson published the following new videos: 1) Here’s how to Make Money After You Completely Disappear Without a Trace, 2) Here's One of the Best Gold Coins and Why It's a Must-have Item for Me, 3) Here’s What I Like About Revolvers…

23. United States: Former Intelligence Chief to Say a Lab Leak is the ‘Only Explanation’ for COVID

According to this report from Fox News on April 17th, “former Director of National Intelligence John Ratcliffe says the “only explanation” and “plausible assessment” for the COVID-19 global pandemic is a leak from a Chinese Communist Party-controlled lab, citing U.S. intelligence and “numerous, diverse and unassailable” sources for the information. Fox News exclusively obtained Ratcliffe’s prepared testimony ahead of his appearance before the House Select Subcommittee on the Coronavirus Pandemic. Ratcliffe, who was confirmed to serve as director of national intelligence in May 2020 — during the pandemic — is expected to deliver an unclassified overview of what the intelligence community learned about the origins of COVID-19. Ratcliffe is also expected to say the Biden administration declaring the assessment would have “enormous geopolitical implications” that they “seemingly” do “not want to face head-on.” “My informed assessment, as a person with as much or more access than anyone to our government’s intelligence during the initial year of the virus outbreak and pandemic onset, has been and continues to be that a lab leak is the only explanation credibly supported by our intelligence, by science and by common sense,” Ratcliffe is expected to say.”

24. Former Uzbek President Spied for Turkey When He Served as a Member of the USSR Politburo

The Nordic Monitor published this article on April 17th stating that “Islam Karimov, the late president of Uzbekistan, had passed confidential information to Turkey when he was serving as a member of the Political Bureau of the Central Committee of the Communist Party of the Soviet Union (Politburo), the Soviet Union’s highest decision making body, between 1990 and 1991. According to official Turkish documents obtained by Nordic Monitor, Karimov’s secret mission at the Politburo was revealed In February by a former Turkish intelligence officer who worked as a trusted go-between for Karimov and the Turkish leadership. Testifying in court on February 14 in Ankara, Enver Altaylı, a veteran intelligence officer who had worked for Turkey’s National Intelligence Organization (MIT) in the ’60s and ’70s, said he had secretly carried messages from Karimov to Turkish leaders about discussions that took place at the Politburo. “Until the end of 1991, before going to every Politburo meeting, he [Karimov] would talk to me and say, ‘Enver, my brother, talk to Turgut [Özal] and Süleyman [Demirel] … to see if there’s anything in particular they want to know [about the meeting]’,” he told the court. At the time Özal was president and Demirel was his prime minister. This means he had spied for Turkey by informing the Turkish president during the Cold War era, Altaylı said, highlighting the significance of passing top secret information to Turkey, a member of NATO. He said Karimov was wiling to share sensitive information because of his Turkic roots.”

25. Polish GEOINT Firm SATIM Eyes US Market

On April 18th Intelligence Online reported that “mindful of a growing need to monitor vast contested maritime areas that are conducive to clandestine actions, SATIM is trying to sell its synthetic aperture radar (SAR) image analysis tools in the US and Europe.”

26. United States: FBI Arrest Two Chinese Operatives for Running Illegal Police Station in Manhattan to ‘Spy on and Harass Dissidents’ as DOJ Announces Charges on 44 Others in Major Crackdown on Espionage on US Soil

DailyMail reported on April 17th that “the FBI have arrested two Chinese operatives on suspicion of running an illegal police station in downtown Manhattan to spy on and harass dissidents on US soil. US attorney for the Eastern District of New York confirmed that two men have been arrested in connection with the station in New York City’s Chinatown neighborhood. Lu Jianwang, 61, of the Bronx, and Chen Jinping, 59, of Manhattan, were both arrested on Monday morning at their addresses in New York. They have been charged with conspiring to act as agents for the Chinese government, and are expected to appear in federal court in Brooklyn. More than a dozen Chinese nationals have been charged by federal prosecutors with waging a campaign of surveillance and harassment against dissidents living in the States.” Here are the two press releases from the United States Department of Justice: 1) Two Arrested for Operating Illegal Overseas Police Station of the Chinese Government, 2) 40 Officers of China’s National Police Charged in Transnational Repression Schemes Targeting U.S. Residents.

27. Video: Real Spies Talk About Intercepting Secret Numbers Stations

On April 16th Ringway Manchester published this new video covering quotes from covert operatives who have commented on how they were using number stations as a covert communications method. The people quoted are: 1) Former Soviet KGB sleeper agent Jack Philip Barsky (born Albrecht Dittrich), 2) Former CIA agent Eberhard Fätkenheuer, 3) Former British GCHQ linguist specialist Geoffrey Prime who was acting as a KGB agent, 4) StB covert operative Václav Jelínek (cover name Erwin van Haarlem), 5) The Cuban Five spy ring (Gerardo Hernández, Antonio Guerrero, Ramón Labañino, Fernando González, and René González), 6) Former DIA analyst Ana Montes who was acting as a Cuban DGI agent, 7) Carlos & Elsa Alvarez who were acting as Cuban DGI agents, 8) Former U.S. State Department employee Kendall Myers who was acting as Cuban DGI agent.

28. New Cyber Espionage Operating Targeting Russian Military

On April 18th cyber threat intelligence researcher Kimberly discovered and disclosed technical indicators of a new cyber espionage operation targeting Russian military individuals. The operation involved a lure document titled “День специалиста по радиоэлектронной борьбе.docx” (Electronic Warfare Specialist Day.docx) which, if opened, was installing a custom cyber espionage software implant.

29. Sweden: Russian Espionage from the Roof of the Embassy

The Swedish Expressen published this story on April 18th stating that “Russia has extensive signals intelligence equipment on the roofs of its embassies in Europe, Expressen can reveal in cooperation with a group of European journalists. Satellite images and close-ups with telephoto lenses reveal the equipment. Intelligence sources tell how mobile phones can be tapped and how the security police’s encrypted radio communications can be tracked.” It continues that “an analysis of satellite images shows that in eleven EU countries there are such sheds on the roofs of Russian embassies or buildings connected to the embassies. The largest is the facility on the roof of the Russian embassy in Madrid, where the shed covers the entire roof and in practice constitutes an extra floor. Other countries where such sheds have been erected are, apart from Sweden and Poland, Belgium, Bulgaria, the Czech Republic, Germany, Greece, Malta, Portugal, Romania.” The Belgian Tijd also published this story about the same topic, the Polish Front Story also published this article about the same story, and the FSB Dossier Centre.

30. Iraq: Baghdad Called Upon to Mediate Between the MIT and the PUK

Intelligence Online reported on April 18th that “hugely concerned about the origin of the intelligence that allowed the MIT to attack the Sulaymanyah airport on 7 April, the PUK has called on Baghdad to lead the investigation. It is also hoping to calm down the increasingly tense relations between the Talabani clan and Ankara.”

31. Ukraine War: The Russian Ships Accused of North Sea Sabotage

BBC reported on April 19th that “Russia has a programme to sabotage wind farms and communication cables in the North Sea, according to new allegations. The details come from a joint investigation by public broadcasters in Denmark, Norway, Sweden and Finland. It says Russia has a fleet of vessels disguised as fishing trawlers and research vessels in the North Sea. They carry underwater surveillance equipment and are mapping key sites for possible sabotage. The BBC understands that UK officials are aware of Russian vessels moving around UK waters as part of the programme. The first of a series of reports is due to be broadcast on Wednesday by DR in Denmark, NRK in Norway, SVT in Sweden and Yle in Finland. A Danish counter-intelligence officer says the sabotage plans are being prepared in case of a full conflict with the West while the head of Norwegian intelligence told the broadcasters the programme was considered highly important for Russia and controlled directly from Moscow. The broadcasters say they have analysed intercepted Russian communications which indicate so-called ghost ships sailing in Nordic waters which have turned off the transmitters so as not to reveal their locations. The report focuses on a Russian vessel called the Admiral Vladimirsky. Officially, this is an Expeditionary Oceanographic Ship, or underwater research vessel. But the report alleges that it is in fact a Russian spy ship.” The Danish DR published this article about this story, the Swedish SVT published this article, and the Norwegian NRK published this article.

32. Ukrainian SBU Announced Trial of Two Former SBU Officers Involved in Cyber Operations Targeting Ukraine’s Government on Behalf of Russia’s FSB

On April 19th Ukraine’s Security Service (SBU) issued this press release stating that “two traitors who helped the FSB carry out hacker attacks on the government of Ukraine will be tried according to the materials of the Security Service of Ukraine. Cyber ​​specialists of the Security Service, together with the Security Service of Ukraine and the OGP, gathered evidence on two more military traitors who helped the Russian Federation in the war against Ukraine. The auxiliaries are two former employees of the SBU in the Autonomous Republic of Crimea, who defected to the enemy in 2014 and joined the ranks of the FSB. There, they became part of the hacker group “Armageddon” controlled by the Russian intelligence services. It was established that from January 1, 2020 to March 10, 2021, criminals carried out a series of large-scale cyber attacks on government structures of Ukraine. During one of the cyber incidents, the FSB tried to gain access to secret data of the highest authorities of our country. However, thanks to the prompt response of the Security Service of Ukraine, it was possible to neutralise the consequences and eliminate the prerequisites for the penetration of the Russian intelligence services into the government information resources of Ukraine. As a result of comprehensive measures, the law enforcement officers established the involvement of both traitors in the subversive activities of the aggressor. In particular, in 2021, SBU cyber specialists carried out an unprecedented operation and identified the perpetrators by name, intercepted their conversations, and also obtained indisputable evidence of their involvement in cyber attacks on Ukraine. And this despite the fact that they used their own FSB virus programmes, as well as means of anonymisation and “covering” on the internet. At that time, 8 hostile hackers were identified at once, 5 of which were immediately suspected. So far, the law enforcement officers have completed the investigation of two of them.”

33. Four US Citizens Charged with Working for Russia Spy Agency to Interfere with Elections

The Mirror published this article on April 18th stating that “four members of US based Black liberation groups and three Russian FSB intelligence officers have been charged with conspiring to recruit other US citizens to act as illegal agents for the Russian government. Omali Yeshitela, the leader of the Uhuru Movement and the founder of the African People’s Socialist Party, is among the defendants, the US Justice Department said in a release. Penny Joanne Hess, Jesse Nevel, and Augustus C Romain Jr — aka Gazi Kodzo — are also among the accused. Romain Jr left the Uhurus in 2018, and set up the radical Georgia based Black Hammer Party. Yeshitela, Hess and Nevel have been charged with acting as Russia agents. A federal grand jury in Tampa, Florida, charged the seven with working on behalf of the Russian government. One of the Russian agents charged allegedly asked Yeshitela to make statements in support of the independence of the so-called Donetsk People’s Republic, a Russian-backed breakaway state in eastern Ukraine. The agent, Aleksandr Viktorovich Ionov, later allegedly boasted to the FSB that Yeshitela’s video-recorded statement of support was the first time that “American nonprofit organisations congratulated citizens” of the occupied region. On the day Russia invaded Ukraine in February 2022, Ionov allegedly emailed Nevel an “URGENT MESSAGE” which contained pro-Russian talking points in support of the invasion. The indictment comes eight months after the FBI raided several locations, including the Uhuru House in St. Petersburg, Florida. Group members have since denied they are working on behalf of Russia and have accused the US government of trying to silence them.” Here is the Department of Justice press statement for this case from April 18th, titled “U.S. Citizens and Russian Intelligence Officers Charged with Conspiring to Use U.S. Citizens as Illegal Agents of the Russian Government: Defendants Sought to Sow Discord, Spread Pro-Russia Propaganda and Interfere in Elections Within the United States.”

34. Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains

On April 18th Citizen Lab released this new research. As per the introduction, “the Citizen Lab first gained forensic visibility into NSO Group’s 2022 zero-click exploits in October 2022 in the course of a joint investigation with Mexican NGO Red en Defensa de los Derechos Digitales (R3D). After examining several devices belonging to members of Mexican civil society, we discovered FINDMYPWN, which helped us subsequently discover PWNYOURHOME and LATENTIMAGE within a broader target population (including outside Mexico). Two Mexican civil society targets consented to be named in this report.”

35. Video: The Hayden Centre: Counterintelligence Today

On April 18th The Hayden Centre published this video recording. As per its description, “a Chinese spy balloon flies over the United States, Russian spies are being thrown out of several countries, TikTok is collecting your data, foreign governments interfere in U.S. politics, and the global competition for existing and emerging technologies among near-peer states are center stage today. And all are at the center of the United States’ counterintelligence concerns today. Join the Michael V. Hayden Center for Intelligence, Policy, and International Security for an insightful conversation on today’s counterintelligence landscape. Our panel includes: Alan Kohler, Assistant Director of the Counterintelligence Division, Federal Bureau of Investigation; Mirriam-Grace MacIntyre, Executive Director of the National Counterintelligence and Security Center; David Priess, publisher of “Lawfare,” chief operating officer of the Lawfare Institute, and former Central Intelligence Agency analyst and briefer, will moderate the event. The Hayden Center is located at George Mason University’s Schar School of Policy and Government in Arlington, VA. General Hayden, our founder, has been a distinguished visiting professor at Schar School for 13 years. Mr. Priess is a senior fellow at the Hayden Center and has taught graduate-level courses at the Schar School as recently as the fall semester.”

36. North Korea Claims It’s Ready to Launch First Spy Satellite

Following 2022 week 51 story #7, CNN reported on April 18th that “North Korea’s leader Kim Jong Un has ordered officials to prepare to launch the country’s first military reconnaissance satellite, North Korean state media KCNA reported on Wednesday. During his visit to the National Aerospace Development Administration on Tuesday, Kim Jong Un said the country’s military reconnaissance satellite production has been completed and ordered the dispatching of “several reconnaissance satellites,” KCNA reported. He made the visit alongside his daughter believed to be Ju Ae. She has attended numerous events alongside her father so far this year. Last December, North Korea claimed it had conducted an “important final stage test” for the development of a spy satellite. The country’s space development agency announced that it would finish preparations for the first military reconnaissance satellite by April 2023.”

37. Hikvision Denies Allegations of Aiding Chinese Espionage

WebProNews published this story on April 18th saying that “Hikvision is under fire for allegedly aiding Beijing in conducting espionage, a claim the company is adamantly denying. Hikvision is a Chinese company that is extensively involved in creating and rolling out China’s domestic surveillance program. The company is also partially state-owned, with China Electronics Technology Group Corporation, another state-owned entity, being its biggest shareholder. According to BBC News, a leaked Pentagon document claims that Hikvision is disguising the equipment it sells to the US government in support of Beijing’s espionage efforts. The document, which BBC saw, describes Hikvision as “partnering with Chinese intelligence entities” and “using relationships with resellers to disguise its products for sale to government suppliers.” The company’s goal was “creating vectors for Beijing to compromise DoD [Department of Defense] networks.” What’s more, the document claims that Hikvision’s equipment would likely continue to be used because of the company’s efforts to mask its exports to retain access to US and allies’ markets.” In response to a BBC query, a Hikvision spokesperson said the company “has not, does not and will not violate the law in order to conduct its business”, and that it has “very clear and longstanding policies in place to prevent the improper labelling of its products by anyone for any reason.”.”

38. Mexican President Slams US for Espionage, Vows to Restrict Military Information

On April 18th the Daily Sabah reported that “President Andres Manuel Lopez Obrador accused the Pentagon of espionage on the Mexican government following the emergence of leaks in U.S. media, as he said he would start classifying army information for national security. His comments came several days after the Washington Post reported on apparent tensions between Mexico’s Navy and the Army, citing a U.S. military briefing revealed in online leaks of secret U.S. military records. “We’re now going to safeguard information from the Navy and the Defense Ministry because we’re being a target of spying by the Pentagon,” Lopez Obrador told his daily news conference. The Pentagon did not immediately respond to a request for comment. It has called the leak a “deliberate, criminal act.” The Washington Post story said there was no indication the cited document came from intercepted communications of Mexican officials. Lopez Obrador has come under pressure to hold the military accountable for years of alleged abuses, including reported disappearances and killings. Even so, he has increased the army’s role in public safety and sought to put the National Guard, a militarized police force, under Army control. On Monday, Lopez Obrador had described the U.S. intelligence in the leaks as an “abusive, overbearing intrusion that should not be accepted under any circumstance,” adding that he did not plan to rebuke the U.S., but would at some point discuss “conditions for collaborative work.” When presented on Tuesday with new allegations of the use of controversial spyware Pegasus during his government, he reiterated that his administration does not spy.”

39. United States: 15 Years Ago, the NSA Spied on World of Warcraft — But Did a Leak Change Anything?

Polygon published this article on April 18th saying that “it sounds like the plot of a Bush-era young-adult spy thriller: as millions of players raided their way through Azeroth from 2006 to at least 2013, Western intelligence agencies like the NSA and the British Government Communications Headquarters were working out ways to surveil and build informant networks to keep tabs on suspected Islamic extremists in World of Warcraft. WoW wasn’t the NSA’s only target: Together with GCHQ, the NSA also turned its eye toward social MMO Second Life, Microsoft’s original Xbox Live chat service, and other popular “Games and Virtual Environments.” We know this today because of former NSA contractor turned whistleblower Edward Snowden, who worked with newspapers The Guardian and The New York Times, as well as investigative nonprofit ProPublica, to release a trove of classified documents from the agency in 2013. According to the leaked documents, MMOs were fertile grounds for exploitation along both signals intelligence and human intelligence lines. In one such document, GCHQ claimed that it had found clear evidence of suspected terrorists logging into WoW and Second Life, correlating usernames and IP addresses to targets, and according to the joint news report, the British spy agency had even used an informant in Second Life to bust an online crime ring. At the time, the story was a bombshell, prompting companies like Linden Lab, the maker of Second Life, and Blizzard, the developer of World of Warcraft, to deny that any government surveillance was happening with their knowledge. Looking back on this story almost a decade later, three questions remained unclear: How did the NSA do it? Why did it care? And what did it accomplish?”

40. US, UK Warn of Government Hackers Using Custom Malware on Cisco Routers

Bleeping Computer reported on April 18th that “the US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named ‘Jaguar Tooth’ on Cisco IOS routers, allowing unauthenticated access to the device. APT28, also known as Fancy Bear, STRONTIUM, Sednit, and Sofacy, is a state-sponsored hacking group linked to Russia’s General Staff Main Intelligence Directorate (GRU). This hacking group has been attributed to a wide range of attacks on European and US interests and is known to abuse zero-day exploits to conduct cyber espionage. A joint report released today by the UK National Cyber Security Centre (NCSC), US Cybersecurity and Infrastructure Security Agency (CISA), the NSA, and the FBI details how the APT28 hackers have been exploiting an old SNMP flaw on Cisco IOS routers to deploy a custom malware named ‘Jaguar Tooth.’” Here is the press release about this from the NSA, and here is the from the NCSC. The full report is available in PDF by the US Department of Defence.

41. Myanmar and China in Cahoots: SIGINT Capabilities on Coco Island Get Boost

On April 17th the Observer Research Foundation published this article starting by stating that “there is evidence that Signals Intelligence (SIGINT) capabilities are being strengthened on Myanmar’s Coco Islands, which is 55 kilometres north of India’s tri-service base located at the Andaman and Nicobar (A&C) Islands. The Tatmadaw has vehemently denied that it is assisting the Chinese, but the latest satellite imagery released by Maxar shows that the military regime is expanding the size of the Coco Islands base by extending the length of the runway and establishing a stronger SIGINT architecture. Officially, a spokesperson for the military junta’s ruling State Administration Council has dismissed Indian concerns that Naypidaw is permitting the deployment of foreign troops, or more specifically Chinese forces, as part of its infrastructure expansion on the Coco Islands. Notwithstanding Naypidaw’s rejection of Indian concerns, it has no independent strategic or security rationale to boost the Coco Islands’ SIGINT installations, except to respond to the incentives given by Beijing. Most likely, the Coco Islands is a base controlled by Myanmar, but is being built with assistance from the People’s Republic of China (PRC) and to which Chinese military personnel, especially technical personnel from the People’s Liberation Army Strategic Support Force (PLASSF), have access. As a result of Myanmar’s international isolation, China has a very robust bilateral relationship with Naypidaw with the latter offering shore and off-shore facilities for the establishment of Chinese Intelligence, Surveillance and Reconnaissance (ISR) facilities in exchange for weapons, arms production facilities, and new military equipment. Chinese SIGINT facilities have been set up on not just the Great Coco Island, but also the Ramree Island off the Coast of Arakan; the Hangyii Island facility at the entrance of the Irrawaddy Delta; at Monkey Point in Rangoon; and close to the Kra Peninsula on an island called Zadetkyi Kyun.”

42. France: Next Call of the French SIGINT Vessel “Monge” in Tenerife

The Puente de Mando reported on April 18th that “for next Saturday, April 22, a stopover of the ship “Monge” (A 601), of the Marine Nationale, is scheduled in the port of Santa Cruz de Tenerife, where it will remain until Wednesday the 26th. The previous stopover of this striking ship was produced at the beginning of May 2017. The consignment will be handled by Marítima del Mediterráneo SAU. It is a ship specialised in signals intelligence (SIGINT), a generic term that includes both ELINT (electronic intelligence) and COMINT (communications intelligence). It is part of the squad dedicated to military tests and measurements, especially those carried out with ballistic missiles, as well as for the monitoring of devices launched into space, for which reason it has collaborated with the Ariane program of the European Space Agency. Built in the St. Nazaire shipyard, it entered service in November 1992. It displaces 21,000 tons and its main dimensions are 225.60 m in length, 24.84 m in width and 7.60 m in draft. She maintains a speed of 16 knots powered by two Pielstick engines on one shaft and has a range of 17,000 miles at an economic speed of 15 knots.”

43. United Kingdom: AI’s Main Threat is Disinformation, Warns GCHQ Chief

The Times reported on April 19th that “disinformation is one of the primary threats from artificial intelligence, GCHQ’s director has told the cabinet. Jeremy Fleming was briefing ministers on the technology, which has alarmed many in the industry because of the fast pace of its development. Fleming gave a “clear-eyed look at the potential for things like disinformation and the importance of people being aware of that” according to the prime minister’s spokesperson. Although the spy chief talked about some of the benefits of AI, its development must retain public confidence, the spokesman added. The prime minister concluded by saying that given the importance of artificial intelligence to the economy and national security, AI policy could be one of the most important in the next few years.”

44. South American APT-C-36 Deploys Cyber Espionage Capabilities Against Colombia

The Chinese 360 Threat Intelligence Centre published this technical analysis on April 18th stating that “APT-C-36 (BLIND EAGLE) is an APT organisation suspected to be from South America. Its main targets are located in Colombia, as well as other countries and regions in South America, such as Ecuador and Panama. Since its discovery in 2018 , the group has continued to launch attacks against Colombia. Even though security vendors have successfully captured and disclosed their attack activities in the past two years, they have not stopped APT-C-36’s actions and lurking, and its and more attacks have become more intense. Recently, 360 Advanced Threat Research Institute discovered and captured the BLIND EAGLE’s attack on the Colombia region during its daily intelligence mining. As always, the organisation uses phishing attacks, using PDF files as the entry point, and inducing users to click the link the document to download the RAR archive file. The compressed package file needs to enter the prompt password in the decoy document to decompress it. After decompression, it is a VBS script disguised as a PDF file icon. After the script is clicked and executed by the user, it will start a complex and multi-stage fileless attack chain, and finally load the LimeRAT remote access trojan, instead of using the previous AsyncRAT and NjRAT remote access trojans, which shows that the organisation’s intrusion weapons are rich and diverse.”

45. Video: The Lincolnshire Poacher Numbers Station — Everything You Need To Know

Following story #27, on April 19th Ringway Manchester published a new video. This one was focusing on the “Lincolnshire Poacher” E03 number station associated with the British Secret Intelligence Service (SIS), better known as the MI6.

46. United States: CIA Releases Unclassified Studies in Intelligence 67, №4

This week the CIA’s Centre for the Study of Intelligence (CSI) released the unclassified edition of the “Studies in Intelligence 67, №4” from March 2023. The articles included are: 1) In Memoriam: Former DDCIA Vaughn Bishop (1946–2023); 2) Intelligence on the High Seas: Using Intelligence to Counter Illegal, Unreported, and Unregulated Fishing; 3) From the Archive — Guardian Spies: The US Coast Guard and OSS Maritime Operations During World War II; 4) Former Intelligence Officer Responds to The Fourth Man; 5) Review Essay: Memoir of an Attorney General One Damn Thing After Another, by William P. Barr; 6) Review Essay: Perspectives on Japan’s Intelligence and National Security Challenges; 7) Spying Through a Glass Darkly: The Ethics of Espionage and Counter-Intelligence; 8) Accidental Czar: The Life and Lies of Vladimir Putin; 9) Russian “Hybrid Warfare”: Resurgence and Politicization; 10) Understanding the New Proxy Wars: Battlegrounds and Strategies Reshaping the Greater Middle East; 11) White Malice: The CIA and the Covert Recolonization of Africa; 12) From Development to Democracy: The Transformation of Modern Asia; 13) Need to Know: World War II and the Rise of American Intelligence; 14) Capturing Eichmann: The Memoir of a Mossad Spymaster; And 15) Intelligence Officer’s Bookshelf — March 2023.

47. Russia-based Hackers Ramping Up Attacks on Eastern European Energy Sector

The Record reported on April 19th that “Russia-based hackers stepped up attacks on Eastern Europe’s energy sector during the first three months of the year, according to new research. In a blog post from Google’s Threat Analysis Group (TAG) on Wednesday, the researchers outline coordinated campaigns operated by several known state-backed hacking groups. From January to March, Russian government-backed phishing campaigns targeted users in Ukraine the most — making up 60% of observed attempts. Google tracked one group of particular note, called FROZENBARENTS, which researchers believe is run by Unit 74455 of the Russian Armed Forces’ Main Directorate of the General Staff (GRU). “FROZENBARENTS remains the most versatile GRU cyber actor with offensive capabilities including credential phishing, mobile activity, malware, external exploitation of services, and beyond,” TAG’s Billy Leonard wrote in the post. “They target sectors of interest for Russian intelligence collection including government, defense, energy, transportation/logistics, education, and humanitarian organizations.” The group has exploited email servers and used them to access victim networks, send malicious emails and run several information operations. One of the most dangerous FROZENBARENTS operations tracked by TAG revolved around the Caspian Pipeline Consortium (CPC), which controls one of the largest oil pipelines in the world, moving oil from Kazakhstan to the Black Sea. “Since November 2022, FROZENBARENTS has engaged in a sustained effort to target organizations associated with the CPC and other energy sector organizations in Europe,” Google wrote. “The first campaign targeted CPC employees, specifically the Moscow office, with phishing links delivered via SMS.” The group then conducted multiple campaigns against energy sector organizations in Eastern Europe in which they used fake Windows update packages hosted on a domain spoofing the CPC. When opened, the update would run a version of the Rhadamanthys stealer — a malware first observed last December — to exfiltrate credentials. In addition to its work around CPC, the group targeted the Ukrainian defense industry, military, and Ukr.net webmail users with several waves of credential phishing attacks. The fake emails purported to be system administrator messages and were often sent through third-party email campaign management services.”

48. Greece Admits of Providing Predator Spyware to Sudan

Senior Researcher of Citizen Lab John-Scott Railton reported on April 19th that “Greece has now admitted Predator spyware was exported to Sudan. Comes on heels of eports last year that the mercenary spyware was secretly sent to the RSF militia… which is now attempting a violent coup d’etat.” And he continued that “to anyone paying attention to mercenary spyware, a few things are obvious: EU has a spyware crisis on 2 fronts: domestic abuses & bad export practices. Member states (e.g. Greece) are stonewalling domestic and EU level accountability (e.g. PEGA Committee). Even as some EU member states (e.g. France, Sweden) have begun making tangible moves to recognize & call out the spyware proliferation problem, others are leveraging political power & groups within the European Parliament to try and block progress.”

49. Australia: Foreign Spies Are Aggressively Seeking ‘Disloyal’ Insiders with Access to Australia’s Secrets, ASIO Warns

The Guardian reported on April 19th that “foreign spies are “aggressively seeking secrets across all parts of Australian society”, including trying to recruit “disloyal” government insiders to access classified information, Asio has warned. The intelligence agency said “hostile foreign powers and their proxies” were seeking to test the Australian government’s security clearance system. In a submission to a parliamentary inquiry, Asio argued in favour of legal changes to enable the agency to become centrally responsible for issuing the highest level of security clearances in Australia. Asio used the submission to give an updated assessment of the threat environment, saying foreign spies were “targeting our security clearance holders, those with access to Australia’s most privileged information, capabilities and secrets”. It said these attempts posed a threat to Australian government personnel across parliament, commonwealth employees, the Australian public service, Defence and even the judiciary. Asio said hostile foreign powers and their proxies “will continually seek to test the clearance system, seeking to put in place disloyal persons with access to classified and privileged information”. It said the security clearance system needed to be “hardened” otherwise the secrets of Australia and its closest allies could be put at risk.”

50. United States: Spy Agency to Prototype Ground Moving-target Tracking from Space

C4ISRNet reported on April 19th that “the National Reconnaissance Office, one of the “big five” U.S. intelligence agencies, expects to launch a ground moving-target sensor prototype into space within the next year as the mission shifts to satellites from aircraft. NRO Director Christopher Scolese told reporters April 18 that his agency, which builds and operates U.S. spy satellites, has already conducted some tests in orbit to better understand how satellites could play a role in tracking moving targets. “We’re in the process of actually manufacturing, and we’ll start launching within the next eight to 12 months,” he said during the Space Foundation’s Space Symposium in Colorado, adding that more launches would likely follow the first prototype mission.”

51. Russian FSB Detained Ukrainian Agent Preparing Sabotage in Crimea

On April 19th the Russian Federal Security Service (FSB) announced that “the Federal Security Service of the Russian Federation in the city of Kerch of the Republic of Crimea prevented the preparation of sabotage at the facility of the energy system of the peninsula. As a result of the measures taken, a citizen of Russia and Ukraine, born in 1971, who was involved in the preparation of this crime, was detained. The following items were confiscated at his address: an improvised explosive device and means of communication containing correspondence with a representative of the intelligence services of Ukraine, who coordinated his criminal activities.”

52. United States Never Forgotten: The Deadliest Day in CIA History

On April 18th the United States Central Intelligence Agency (CIA) published this story with its introduction saying that “CIA’s remarkable history contains chapter after chapter of men and women putting their own safety at risk in pursuit of a greater good: protecting American citizens from harm and upholding the values we hold so dear. The reality of our work is that it can come with real danger. Nowhere is this so tragically illustrated than in the bombing of the U.S. Embassy in Beirut 40 years ago, killing eight CIA officers who had stepped forward to serve in one of the most dangerous places in the world.”

53. AllaKore(d) the SideCopy Train: Identifying Connected Infrastructure and Management Activities

The cyber security and intelligence firm Team Cymru published this analysis on April 19th stating that “this blog post seeks to build on recent public reporting on campaigns attributed to SideCopy, a Pakistani-linked threat group. SideCopy has been active since 2019, primarily targeting South Asian countries, with a focus on India and Afghanistan. The group’s name comes from its use of an infection chain that mimics that of SideWinder APT, an Indian-linked threat group. Some reports suggest that SideCopy may be a subdivision of Transparent Tribe (APT36), with similar tactics and techniques observed.”

54. Ukraine: ICM Group Acts as Relay for International SIGINT Firms in Ukraine

Intelligence Online reported on April 20th that “Ukrainian multi-entrepreneur Yurii Voitenko’s firm, ICM Group, resells intelligence technologies, particularly in the areas of interception (SIGINT) and ISR.”

55. United States: Spy Satellite Agency Has Plans to Quadruple US Eyes in the Sky

Bloomberg reported on April 19th that “the US intelligence agency that develops and buys spy satellites plans a fourfold increase by 2033 in orbiting spacecraft like those now being used to monitor Russia’s invasion of Ukraine. “Within the next decade we expect to quadruple the number of satellites we currently have on orbit,” the National Reconnaissance Office, once a super-secret agency, said in a statement Wednesday. “These satellites — large and small, in multiple orbits” will collect and transmit “ten times as many signals and images as we’re getting now, and will engage a mix of government and commercial systems.”.”

56. United States: FBI Announces Natalia Burlinova as Wanted Russian FSB Agent

On April 19th the FBI Detroit released this wanted poster stating that “Natalia Burlinova is wanted for allegedly acting as an illegal agent of a foreign government, Russia, within the United States. Burlinova allegedly conspired with an officer of Russia’s Federal Security Service (FSB) to recruit United States citizens to travel to Moscow to participate in a program called Meeting Russia run by the organization that she led, Public Initiative Creative Diplomacy (PICREADI). The FSB officer allegedly provided Burlinova with funding and other support for her recruitment efforts. In return, Burlinova provided the FSB officer with information about recruited United States citizens, including their resumes, passport information, photographs, and analyses of their views toward Russia. Burlinova further identified for further collaboration particular United States citizens who had expressed positive attitudes towards Russia. During a recruitment trip to the United States in the Fall of 2018, Burlinova met with United States citizens at various United States universities and research institutions and provided the FSB officer with photographs of her meetings. On April 17, 2023, a federal arrest warrant was issued for Burlinova in the United States District Court, District of Columbia, Washington, D.C., after she was charged with Conspiracy to Commit Offense or to Defraud the United States and Agent of a Foreign Government.” Here is the US Department of Justice press release for this case, titled “Russian Public Diplomacy Advocate Charged With Acting As Agent of Russian Federation in the United States.”

57. This Russian Group Said it Wanted to Foster Ties with the West. Instead, U.S. Authorities Say, Young Canadians and Others Were Being Spied on

Following story #56, the Toronto Star reported on April 19th that “the head of an organization that promotes Russian ties with the West is facing allegations she conspired with and helped Russia’s main security agency spy on young western leaders, including Canadians, as part of an elaborate foreign influence operation. As Canada investigates suspicions about Chinese attempts to influence policy and perspectives in this country, the Russian case allegedly provides a look at the lengths to which foreign governments will go and the time and money they will invest to sway public opinion in foreign lands. Natalia Burlinova, a 39-year-old Muscovite, founded a non-governmental organization, PICREADI Creative Diplomacy, in 2010 that aimed to promote Russian voices and viewpoints, or “soft power,” to the world. In 2015, according to a criminal complaint released this week by the U.S. Justice Department, Burlinova hatched the idea to bring “young leaders” from the West to Russia for a three-day visit in which they would meet senior Russian government officials and other leaders. The program, dubbed “Meeting Russia,” was officially launched in 2017. Over the years, Burlinova has brought journalists, academics, activists and policymakers to the country. The criminal complaint only makes reference to U.S. citizens invited to participate in the program. It identifies none of the participants by name, as they are not suspected of wrongdoing. Zachary Paikin, a Canadian researcher and foreign policy expert with the Centre for European Policy Studies, told the Star he was “shocked and concerned” by the allegations against Burlinova, whom he met through the program in 2017 and has run into several times since at conferences in Europe.”

58. Russia: 80th Anniversary of the Creation of the SMERSH

The FSB issued this announcement on April 18th starting by stating that “April 19, 2023 marks the 80th anniversary of the creation of the SMERSH Main Directorate of Counter-intelligence of the People’s Commissariat of Defence of the USSR — the most effective intelligence service of the Second World War, which had no equal in scope and intensity of operational-investigation activities. Over the three years of its activity, SMERSH has written one of the most glorious and heroic pages in the history of domestic state security agencies. At the beginning of 1941, the country’s leadership began a large-scale reorganisation, within which, by the Decree of the Presidium of the Supreme Soviet of the USSR of February 3, the NKVD of the USSR was divided into the People’s Commissariat of Internal Affairs and the People’s Commissariat of State Security, and by a decree of the Council of People’s Commissars of the USSR of February 8, 1941, special departments were separated from the NKVD of the USSR and transferred to the People’s Commissariat of Defence (as the 3rd Directorate of the NPO of the USSR) and the People’s Commissariat of the Navy (as the 3rd Directorate of the NKVMF of the USSR).”

59. Russian Vulnerabilities Reseller Operation Zero Tries its Luck in the Gulf

Intelligence Online reported on April 20th that “the zero-day vulnerabilities firm headed by Russian hacker Sergei Zelenyuk has been prospecting in Abu Dhabi and Dubai.”

60. Pakistani Hackers Use Linux Malware Poseidon to Target Indian Government Agencies

The Hacker News reported on April 19th that “the Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. “Poseidon is a second-stage payload malware associated with Transparent Tribe,” Uptycs security researcher Tejaswini Sandapolla said in a technical report published this week. “It is a general-purpose backdoor that provides attackers with a wide range of capabilities to hijack an infected host. Its functionalities include logging keystrokes, taking screen captures, uploading and downloading files, and remotely administering the system in various ways.” Transparent Tribe is also tracked as APT36, Operation C-Major, PROJECTM, and Mythic Leopard, and has a track record of targeting Indian government organizations, military personnel, defense contractors, and educational entities.”

61. Podcast: True Spies: COINTELPRO, Part 2/2: The Burglary

Following last week’s story #4, on April 18th SpyScape’s True Spies released the second, and last, part of the latest podcast episode. As per its description, “it’s March, 1971. 15 months have passed since the murder of Black Panthers leader Fred Hampton by the Chicago PD. But Hampton’s killing is part of a concerted effort by the J Edgar Hoover’s FBI to put down protest movements in the USA. Soon, the world will know the truth — all thanks to an intrepid gang of activist burglars and a trove of explosive secret files. Join Sophia Di Martino and journalist Betty Medsger for the final episode exploring a shameful chapter in FBI history — COINTELPRO.”

62. China Readies Supersonic Spy Drone Unit, Leaked Document Says

The Washington Post reported on April 18th that “the Chinese military could soon deploy a high-altitude spy drone that travels at least three times the speed of sound, according to a leaked U.S. military assessment, a development that would dramatically strengthen China’s ability to conduct surveillance operations. A secret document from the National Geospatial-Intelligence Agency, which has not previously been reported, shows the Chinese military is making technological advances that could help it target American warships around Taiwan and military bases in the region. The document features satellite imagery dated Aug. 9 that shows two WZ-8 rocket-propelled reconnaissance drones at an air base in eastern China, about 350 miles inland from Shanghai. The drones are a cutting-edge surveillance system that could help China gather real-time mapping data to inform strategy or carry out missile strikes in a future conflict. The assessment says the People’s Liberation Army (PLA) had “almost certainly” established its first unmanned aerial vehicle unit at the base, which falls under the Eastern Theater Command, the branch of the Chinese military responsible for enforcing Beijing’s sovereignty claims over Taiwan.”

63. Netherlands: MIVD Releases Annual Report for 2022

On April 19th the Dutch Military Intelligence and Security Service (MIVD) published the Annual Report 2022. It’s a 52-pages long report split into the following chapters: 1) Forward from MIVD Director; 2) Intelligence and security for the Netherlands and the armed forces; 3) Responsibility towards politics and society; 4) An organisation in motion; And 5) Key figures.

64. Poland: Disinformation Operation Against Poland is Underway

On April 19th the Polish Ministry of Defence published this report stating that “on April 18, 2023, the CSIRT of the Ministry of National Defence observed a wide disinformation campaign consisting in the distribution of information about potential recruitment to the Lithuanian-Polish-Ukrainian Brigade of Grand Hetman Konstanty Ostrogski. The messages were sent to many citizens of the Republic of Poland in the form of SMS messages and using the Telegram messenger.”

65. More Than 80 Countries Have Purchased Spyware, British Cyber Agency Warns

The Record reported on April 19th that “More than 80 countries have purchased spyware over the past decade, Britain’s cyber agency revealed in an intelligence assessment released Wednesday. The GCHQ’s National Cyber Security Centre warned that the proliferation of these commercial hacking tools and services was increasingly lowering the barrier-to-entry for state and non-state actors in cyberspace. The assessment, published during the CyberUK conference in Belfast, was based on a fusion of “classified intelligence, industry knowledge, academic material and open source” information. While some of the countries have purchased these tools for legitimate law enforcement purposes, others have used them “to target journalists, human rights activists, political dissidents and opponents and foreign government officials.” Earlier on Wednesday, senior British minister Oliver Dowden singled out the Pegasus spyware developed by NSO Group as an example of the threats facing Britain. Dowden also warned that state-aligned but not state-controlled actors in Russia were complicating the ways that Britain could respond to cyber threats.”

66. Ukrainian SBU Detained Resident Supporting Creation of Russian Propaganda

On April 19th Ukraine’s Security Service (SBU) stated that they “detained in Kyiv a “fixer” of the Russian mass media, who helped the Russian Federation to create fakes about the war in Ukraine. As a result of comprehensive measures, a local resident was detained in Kyiv, who helped the enemy spread fakes about the socio-political situation in the capital. For this purpose, the attacker positioned himself as a “fixer” and remotely cooperated with the editorial office of the pro-Kremlin information agency “Bel.ru”, which is located in the Belgorod region of the Russian Federation. He gave Russian “journalists” fabricated and distorted information about events in Ukraine, including the alleged worsening of the internal situation in Kyiv after Russian missile attacks on the city. In addition, the attacker publicly supported the actions of the Russian occupiers and denied their crimes in Buch, Irpen and Izyum. Bel.ru representatives used the received disinformation to prepare fake news about the war in Ukraine. He also published his anti-Ukrainian narratives on his own social media pages, including those banned in Ukraine. Linguistic expertise initiated by the SBU confirmed the facts of subversive activities of the person involved against our state.”

67. European Union: Committee of Inquiry to Investigate the Use of the Pegasus and Equivalent Surveillance Spyware

On April 20th the European Parliament livestream (and also hosted a recording) of the “Committee of inquiry to investigate the use of the Pegasus and equivalent surveillance spyware”, better known as the PEGA.

68. United States: 780th Military Intelligence Brigade Releases New Journal

On April 20th the US 780th Military Intelligence Brigade published this journal titled “The BYTE, Vol. 11, Issue 2.” The journal is split into the following sections: 1) AvengerCon VII — Back and Better Than Ever; 2) Post-Quantum Cryptography and U.S. Government Activities; 3) Attacking the Brain: Adversarial Artificial Intelligence; 4) Exploiting Malware Communication Protocolsfor Command-and-Control Server Infiltration; 5) get_reveng() — Exploring an Approach to Reverse Engineering; 6) Let’s Play the Quantum Coin Game; 7) Protect Yourself From Gamer Input; 8) Hacking DevOps; 9) The problem with Chekhov’s Gun; 10) Connecting and Supporting Military Cyber Professionals; 11) Tool Developer Qualification Course; 12) AvengerCon VII returns for a hybrid in-person and virtual event; 13) 781st MI BN (Vanguard) Weapons Qualification Range; And 14) 780th MI Brigade (Cyber) — Strong Bonds.

69. China Building Cyber Weapons to Hijack Enemy Satellites, Says US Leak

The Financial Times reported on April 21st that “China is building sophisticated cyber weapons to “seize control” of enemy satellites, rendering them useless for data signals or surveillance during wartime, according to a leaked US intelligence report. The US assesses that China’s push to develop capabilities to “deny, exploit or hijack” enemy satellites is a core part of its goal to control information, which Beijing considers to be a key “war-fighting domain”. The CIA-marked document, which was issued this year and has not been previously reported, was one of dozens allegedly shared by a 21-year-old US Air Guardsman in the most significant American intelligence disclosures in more than a decade. A cyber capability of this nature would far exceed anything Russia has deployed in Ukraine, where electronic warfare teams have taken a brute-force approach with little effect. These attacks, first developed in the 1980s, attempt to drown out signals between low-orbit SpaceX satellites and their on-ground terminals by broadcasting on similar frequencies from truck-borne jamming systems such as the Tirada-2. China’s more ambitious cyber attacks aim to mimic the signals that enemy satellites receive from their operators, tricking them into either being taken over completely or to malfunction during crucial moments in combat. The classified US document said this cyber capability would allow China “to seize control of a satellite, rendering it ineffective to support communications, weapons, or intelligence, surveillance, and reconnaissance systems”. The US has never disclosed whether it has similar capabilities.”

70. Xiaoqiying Threat Actor Group Targets South Korea, Taiwan

Private intelligence firm Recorded Future published this analysis on April 20th stating that “Xiaoqiying (aka Genesis Day, Teng Snake) is a primarily Chinese-speaking threat group that is most well known for conducting website defacement and data exfiltration attacks on more than a dozen South Korean research and academic institutions in late-January 2023. New research from Recorded Future’s Insikt Group has found that more recently, the group’s affiliated threat actors have signaled a new round of cyberattacks against organizations in Japan and Taiwan. Although it shows no clear ties to the Chinese government, Xiaoqiying is staunchly pro-China and vows to target NATO countries as well as any country or region that is deemed hostile to China. Since January 25, 2023, open-source reporting from South Korea has revealed a mass cyberattack against websites belonging to 12 South Korean research and academic institutions during the Lunar New Year holiday conducted by Xiaoqiying. According to Korea Internet & Security Agency (KISA) reports, all 12 of the websites suffered website defacements in which the adversaries replaced each hosted website with their own in a compromised server. KISA also identified IP addresses linked with the attack to origins within various countries such as China, the US, Singapore, and Taiwan. Based on a report from The Korea Times (koreatimes.co.kr), the Chinese threat group disclosed on its public Telegram channel that it included KISA as one of its potential targets and it is the first government agency targeted by the threat group. Other reports claimed that the threat group threatened to target approximately 2,000 government agencies, including South Korea’s Ministry of Culture, Sports, and Tourism. Our analysis of Xiaoqiying’s activity on Telegram is based on 2 Telegram invitation links obtained in early January 2023. The Genesis Day threat group was active on Telegram up until February 2023 when the news of its alleged breaches reached the media. Then, both Telegram channels went offline. These 2 Telegram channels included an announcement channel and a member channel and consisted primarily of Chinese-speaking users. From analyzing the downloaded data, we identified the threat group’s administrators, tools and data shared among members, tactics, techniques, and procedures (TTPs) used by the threat group, and connections with other special-access cybercriminal forums and threat actors. We also assessed the credibility of the offers and predicted the future course of action of the group.”

71. United States: Second Conspirator in Russia-Ukraine Sanctions Violation Case Arrested

The FBI Counterintelligence Division (CD) announced on April 19th that “Sergey Karpushkin, 46, of Miami and a citizen of Belarus, has been arrested and charged by a federal criminal complaint with engaging in a scheme to violate U.S. sanctions against oligarch Sergey Kurchenko and two related companies by purchasing over $150 million in steelmaking materials. Karpushkin’s alleged co-conspirator, John C. Unsalan, 41, of Orlando, was indicted by a federal grand jury for the same scheme on April 12, and was arrested on April 14 on related charges. According to court documents, Kurchenko was sanctioned by the U.S. Department of the Treasury Office of Foreign Assets Control (OFAC) in 2015 for his role in misappropriating Ukrainian state assets or economically significant entities. The two sanctioned companies — Kompaniya Gaz-Alyans, OOO (Gaz-Alyans), based in the Russian Federation, and ZAO Vneshtorgservis (Vneshtorgservis), based in the unrecognized territory of South Ossetia — were designated by OFAC in 2018 for acting on behalf of and providing material support to the so-called Donetsk People’s Republic and Luhansk People’s Republic in the separatist-controlled regions of eastern Ukraine. The complaint charges Karpushkin with one count of conspiring to violate and evade U.S. sanctions, in violation of the International Emergency Economic Powers Act (IEEPA). The indictment against Unsalan charges him with one count of conspiring to violate and evade U.S. sanctions, in violation of the IEEPA; 10 counts of violating the IEEPA; one count of conspiring to commit international money laundering; and 10 counts of international money laundering. If convicted, Karpushkin and Unsalan each face up to 20 years in federal prison on each count with which they are charged. Unsalan made his initial appearance in federal court on April 17, and has been detained pending further court proceedings. Karpushkin made his initial appearance in federal court this afternoon and was also detained. The FBI Tampa and Washington Field Offices are investigating the case, with valuable assistance provided by U.S. Customs and Border Protection, OFAC, and the FBI Miami Field Office.”

72. Insider Job: Ukraine Targets High-level Double Agents Who Helped Putin Invade

Politico published this article on April 20th stating that “Ukraine is deepening a purge of double agents in its spy service, saying top-level traitors laid the ground for last year’s Russian invasion by helping enemy forces seize the southern city of Kherson and Chernobyl nuclear power plant in the north. Tetiana Sapian, spokesperson for the state investigations bureau of Ukraine, said Russia’s FSB intelligence operatives had infiltrated both Ukraine’s SBU security service and local government, undermining Ukraine from within with help from fugitive pro-Moscow Ukrainian officials, who fled the country after the Maidan uprising in 2014. Sapian suggested that revelations to date could prove to be only the tip of the iceberg. “The network is much wider and the investigation is engaged in finding out all the circumstances and actions of individual persons that caused the rapid capture of a part of the south by the troops of the aggressor from the territory of the annexed Crimea,” she said. At the beginning of this month, the state investigations bureau of Ukraine, working with the SBU, concluded an investigation into Oleh Kulinich, former head of the Crimean department of the SBU, based in Kherson. Law enforcers suspected Kulinich of working as an FSB mole, who burrowed into the highest-level security meetings in Ukraine with help from fugitive pro-Russian officials and a former lawmaker sanctioned by the United States.”

73. Ukrainian SBU Detained 2 DSNS Agents of Russia in Kyiv

On April 21st Ukraine’s Security Service (SBU) announced that they “detained two traitors who, at the beginning of the invasion of the Russian Federation, set fire to the Fire & Rescue Unit in Kyiv region. The Security Service detained two traitors from the State Emergency Service (DSNS), who helped the enemy during the occupation of Kyiv region in February-March 2022. The revelation took place with the personal assistance of the Minister of Internal Affairs of Ukraine, Ihor Klymenko. The perpetrators turned out to be two officials of the 41st State Fire and Rescue Unit of the Main Directorate of the State Emergency Service in the Kyiv region. During the occupation of the Vyshgorod district, they supported the Russian invaders and offered them their help. It was established that on March 22 of last year, traitors set fire to the premises of the Fire Department in the village of Ivankiv, in compliance with the enemy’s instructions. As a result of the fire, the administrative building was damaged, property and official equipment were destroyed. Thus, the aggressor tried to leave the settlement without an active fire and rescue unit and intimidate local residents. In addition, those involved “leaked” personal data of members of the resistance movement, including former ATO fighters, to the invaders. It was on their “tip-off” that the rioters broke into the apartments and kidnapped three local residents who were trying to put out the fire in the rescue unit. Then the victims were kept in the cells of the local “commandant’s office of the Russian Federation” until the liberation of the region. The traitors received food and basic necessities from the invaders, which were brought to their homes. Also, those involved had a “permit” to move freely through the territory of the district.”

74. United States: Meet a Forgotten CIA Critic Who Presciently Characterised the Agency as a Cancer in 1970 Book

On April 17th the Covert Action Magazine published this article stating that “in 1970, David W. Conde, an American journalist working in Japan, who had served with the U.S. Army Psychological Warfare Branch in World War II, published a now-forgotten book in New Delhi, CIA — Core of the Cancer. Five years before publication of CIA whistleblower Philip Agee’s Inside the Company: A CIA Diary, the book provided a damning indictment of the CIA’s involvement in criminal operations — particularly in Southeast Asia — and manipulation of public opinion through tax-exempt foundations financed by large corporations that corrupted a generation of intellectuals. Conde wrote that, “while there seems no question that historians will record that the CIA’s greatest defeat was its failure to overcome [Fidel] Castro’s forces at the Bay of Pigs invasion of Cuba, the CIA’s greatest victory may well turn out to be not its food poisoning, its ballot-stuffing, its coup d’états, or its mobilization of labor unions or students to serve U.S. interests overseas, but its research grants to U.S. and foreign scholars.” These scholars played an influential role in helping condition the public in the U.S. and in countries around the world to support U.S. foreign policy interests and Cold War mobilization against the Soviet Union. Conde noted that, “in Hitler’s Germany and Prince Konoe’s Japan, thought police used torture, and ordered death or [used] the threat of death to convert communists into anti-communists, but America being a rich country, relied upon the power of its money.” This money had a deeply corrupting effect, tarnishing intellectual and scientific integrity, debasing political life and causing almost all societal institutions to be up for sale.”

75. In Major Escalation, Israeli Commandos Invaded Lebanon Attacking “High-Value” Hezbollah Target

On April 19th Tikun Olam released this article stating that “Israeli special forces invaded Lebanon earlier this month and attacked a high-value Hezbollah target. Bibi Netanyahu confirmed the attack. The Israeli TV news report says that the target of the attack was one that was “important to Nasrallah.” The IDF had released a statement that the attacks were on Hamas targets, in an attempt not to ratchet up tensions with Hezbollah. But Netanyahu, in his constant search for glory, violated the security plan and threw a match on the burning pyre: “Look at what we’ve done recently. We hit the Iranians, we attacked Syria, we attacked Hezbollah and Hamas targets in Lebanon.” Netanyahu, ever the showman, who knows how to put on a good performance. What more theatrical a gesture than to announce a major military operation deep in enemy territory just as hundreds of thousands of enraged Israelis protest your government and seek to unseat you? Hassan Nasrallah denied the attack, saying Israel attacked a “banana farm.” Netanyahu waited to speak of it till last week, in order to determine how or whether Hezbollah would respond. This is the first known Israeli military ground operation on Lebanese soil in years. It marks a serious escalation in tension between Hezbollah and Israel. Israel routinely attacks Hezbollah and Syrian targets by air. A ground attack indicates a far more complex operation with a far more precise target that required boots on the ground. Whether it was a human target or an attack on infrastructure (Hezbollah is believed to have well over 100,000 missiles in its inventory) isn’t yet known.”

76. Ukraine’s SBU Announces Sentence of 15 Years in Prison for Russian Agent

On April 21st Ukraine’s SBU announced that “a traitor who “leaked” the positions of the Armed Forces of the Russian Federation to his son, a soldier of the Russian Federation, was sentenced to 15 years in prison. It was on his “tip-off” that the occupiers tried to attack the region’s infrastructure at the beginning of last summer. However, Ukrainian Air Defence Forces shot down all enemy missiles. Military counter-intelligence officers of the SBU detained the suspect during counter-subversive measures in the region. According to the materials of the Ukrainian intelligence service, the court sentenced him to 15 years in prison. According to the investigation, the perpetrator is a resident of Marhanets, who was released from the correctional colony in March last year, where he was serving a sentence for causing serious bodily harm. After that, he began to covertly collect information about the locations and movements of the Defence Forces in the region. First of all, he tried to identify the positions of the Ukrainian S-300 anti-aircraft missile systems. He passed on the information he received to his son, who was a member of the Russian occupation groups and participated in the shelling of populated areas in the Izyum direction. The traitor used one of the messengers to communicate with his son.”

77. Russia: An Employee of the Arms Factory Became a Defendant in the Case of Treason

On April 22nd the Russian Newizv reported that “FSB investigators charged Russian citizen Dmitry Kiche (Дмитри Киче). Earlier, a criminal case was opened against him under the article on treason for cooperation with foreign countries. Now he is under arrest. It is reported by TASS. In this criminal case, the defendant faces up to 20 years in prison. The capital court confirmed his arrest for two months. They did not give any other comments in court, citing the fact that the case against him is held under the heading “secret”. Dmitry Kiche was the Deputy Head of the testing laboratory of the capital’s arms factory “Promtekhnologiya” (Промтехнология). This plant produced hunting and sporting rifles under the ORSIS brand. The plant has been cooperating with this brand since 2011.”

78. Japan Gets Ready to Shoot Down North Korean Spy Satellite Debris

News Times reported on April 22nd that “Japan’s defense chief on Saturday ordered troops to activate missile interceptors and get ready to shoot down fragments from a North Korean satellite that may fall on the Japanese territory. North Korea’s leader Kim Jong Un said earlier this week that its first military spy satellite that will be launched at an unspecified date. North Korea has test-fired about 100 missiles since early last year, saying it was responding to joint U.S.-South Korean military drills that it calls an invasion rehearsal. Several of the missiles flew over Japan or landed off the northern Japanese coast. Last week, North Korea test-launched a solid-fueled intercontinental ballistic missile for the first time. Defense Minister Yasukazu Hamada on Saturday instructed troops to ready PAC-3 surface-to-air missiles in southwestern Japan, including Okinawa and nearby islands, in an area believed to be under a flight path of a North Korean rocket that will carry the satellite.”

79. Finland, Now a NATO Member, Sees an Uptick in Cyberattacks

On April 21st The Record reported that “Finnish organizations are increasingly being targeted with cyberattacks, the government announced Friday — two weeks after the country officially joined the North Atlantic Treaty Organization. Kirsi Karlamaa, director general of the Finnish Transport and Communications Agency (Trafficom), told reporters during a press conference that its Cyber Security Center “receives more and more notifications every year, and there is a constantly growing interest in Finnish networks and organizations.” “This growing interest has become a permanent trend,” she said. A statement issued by the agency singled out Russia as the source of the increase in cyber activity, highlighting Moscow’s shift from on-the-ground intelligence gathering to the digital sphere. “Russian cyber operations against Finland have also become more frequent because Russia has been forced to turn to the cyber environment as its human intelligence operations have become more difficult,” they wrote. Last September, the Finnish Security Intelligence Service warned that it expected to see a rise in Russian cyberattacks over the winter. That appears to have borne out, although none of the attempted incursions have caused large-scale damage.”

80. Ukrainian SBU Detained Russian Agent in Kyiv

On April 21st Ukraine’s SBU announced that they “detained a traitorous lawyer who collected data on HIMARS and maps of “minefields” near Kyiv for the Russian Federation. The Security Service exposed another Russian agent in the Kyiv region. The perpetrator turned out to be a local active lawyer who previously worked in the prosecutor’s office and was dismissed from this structure in 2021 due to unsuccessful certification. It was established that he was later recruited by the Russian intelligence service to carry out intelligence and subversive activities against Ukraine. At the direction of the enemy, he tried to obtain maps of minefields created by the Defence Forces on the approaches to Kyiv and on the territory of Chernihiv Oblast, as well as in the front-line areas of eastern Ukraine. In addition, he scouted the possible combat positions of the M142 HIMARS reactive artillery systems and locations of warehouses with ammunition and fuel and lubricants of the Armed Forces. The Russian agent was looking for informants to whom he offered a high monetary “reward” for the transfer of secret information. Intelligence was needed by the occupiers to carry out an air strike on units of Ukrainian troops, as well as to create their own map of Ukrainian fortifications. However, the SBU employees worked ahead of time — timely exposed the Russian agent, documented the criminal actions and detained him while giving him the simulated coordinates of the HIMARS base. In the course of the investigation, it was established that the suspect also organised a scheme for illegal departure of Ukrainian citizens of military age abroad. He involved several accomplices in the scheme, who offered their clients fictitious documents for escaping outside of Ukraine. During the search of the traitor lawyer, computer equipment, mobile phones and data carriers were found, which confirm the facts of subversive activities in favour of the aggressor country.”

81. United States: Raleigh County Man Pleads Guilty to Export Fraud Violation

The FBI Counterintelligence Division (CD) announced on April 20th that “Rana Zeeshan Tanveer, 42, of Beckley, pleaded guilty today to committing an export fraud violation. Tanveer admitted that he knowingly submitted false export valuations for two high-technology devices that Tanveer shipped to Pakistan. According to court documents and statements made in court, on May 31, 2017, Tanveer ordered the two high-technology items, paying more than $4,000 for both items. The two items were shipped to Tanveer in Beckley and he received them on June 7, 2017. Tanveer admitted to creating a false invoice that intentionally understated the value of the items as less than $200. Tanveer further admitted to using the false invoice to ship the items to Pakistan using a freight forwarding service in July 2017. Tanveer also admitted that he intentionally used false invoices on at least six other occasions, from June 14, 2014 through August 20, 2018, that deliberately undervalued the purchase cost of U.S.-origin technology that Tanveer exported to Pakistan. “Mr. Tanveer pleaded guilty to unlawfully shipping high-technology devices overseas and is now being held accountable,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “The Department of Justice is steadfast in its commitment to prosecute those who would undermine our nation’s security and economic interest by flouting U.S. export control laws.” Federal law requires the filing of accurate Electronic Export Information (EEI) through the Automated Export System (AES) about certain items that are exported from the United States. It is a federal crime to knowingly submit false or misleading Electronic Export Information. The purpose of this export requirement is to strengthen the ability of the United States to prevent the export of certain items to unauthorized destinations or end users. Accurate information in the Automated Export System also aids the United States in targeting, identifying, and, when necessary, confiscating suspicious or illegal items or shipments prior to export.”

82. Podcast: SpyCast: “Irregular Warfare & Intelligence” — with IWC Director Dennis Walters

The International Spy Museum’s SpyCast released a new episode on April 18th. As per its description, “this week on SpyCast, the IWC’s Acting Director Dr. Dennis Walters joins Andrew in a conversation about all thing’s irregular warfare. What is irregular warfare, and how does it differ from conventional warfare? What is the mission of the IW Center, and what tools and tactics do they employ to accomplish this? Tune in to find out. And… Want to keep your enemies at bay, try an irregular approach — throw a “Scorpion Bomb” at them: yes, it is literally a glass jar filled with scorpions. The tactic was resurrected by ISIS.”

83. Everything You Want to Know About the Pentagon/Discord Leak

ElectroSpaces published a detailed article on April 21st about the allegedly leaked US intelligence community documents. As per its introduction, “two weeks ago, a few highly classified military maps from Pentagon appeared on social media. As more and more of such documents surfaced, this became the most significant leak since the exposure of NSA and CIA hacking tools in 2016 & 2017. Because the content of the leaked documents has already been extensively discussed by the press, I will summarize the events, take a close look at the form of the documents and assess how the leaker might have been able to access them.”

84. Russia: Moscow Opened a New Criminal Case on Treason

The Russian Mediazone reported on April 21st that “the Lefortovsky District Court of Moscow received a petition for the arrest of Yu. V. Plyske (В. Ю. Плыске), who is suspected of treason (Article 275 of the Criminal Code). Mediazona found the relevant information in the database of Moscow courts. The case file says that the arrest request was registered yesterday, April 20, but the information in the database appeared only today. Probably the request has already been granted. Mediazona tried to confirm the information about Plyske’s arrest in the press service of the court, but they did not answer the calls. There is no additional information about the Plyska criminal case, the details of all treason cases are classified. On April 18, the State Duma adopted amendments in two readings at once , which will allow life imprisonment in cases of treason. The bill has not yet been approved by Vladimir Putin, so the amendments have not yet entered into force. According to the current legislation, under the article on treason, from 12 to 20 years in prison is provided.”

85. Businessman Illegally Brought to Turkey from Iraq Arrested Over Gülen Links

The Turkish Minute reported on April 20th that “a Turkish businessman who was illegally brought to Turkey from Iraq by the National Intelligence Organization (MİT) has been arrested on terrorism charges due to his alleged links to the Gülen movement, the Stockholm Center for Freedom reported. Mehmet Cintosun, who went missing in Erbil, Iraq, on January 29, turned out to be in police custody in Turkey when photos of him were made public by MİT on April 14. He was sought on terrorism charges for alleged membership in the Gülen movement, a faith-based group accused by Ankara of orchestrating a failed 2016 coup and designated as a terrorist organization. The movement strongly denies involvement in the coup attempt or any terrorist activity. The businessman appeared before a court in the eastern province of Elazığ on Tuesday that ruled for his arrest on charges of terrorist organization membership due to his links to the movement. According to local reports, he was living with his wife and three children in Erbil and received a phone call on January 29 from the Kurdistan Regional Government (KRG) to discuss his residence permit pursuant to his registration by the United Nations High Commissioner for Refugees (UNHCR). His family has never heard from him since.”

86. Russia: Moscow Court Seeks Arrest of Ukrainian Spy Chief Budanov

On April 21st The Jerusalem Post reported that “a Moscow court on Friday issued a warrant for the arrest of the head of Ukrainian military intelligence, Kyrylo Budanov, accusing the spy chief of organizing “terrorist attacks” inside Russia, state-owned news agency RIA reported. RIA cited the court as saying that Budanov was accused of offenses related to terrorism and arms smuggling. The move against him was announced “in absentia,” in an apparent acknowledgement that Budanov cannot be immediately detained.”

87. DAGGERFLY Cyberattack Campaign Hits African Telecom Services Providers

The Hacker News reported on April 20th that “telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as Daggerfly, and which is also monitored by the broader cybersecurity community as Bronze Highland and Evasive Panda. The campaign makes use of “previously unseen plugins from the MgBot malware framework,” the cybersecurity company said in a report shared with The Hacker News. “The attackers were also seen using a PlugX loader and abusing the legitimate AnyDesk remote desktop software.” Daggerfly’s use of the MgBot loader (aka BLame or MgmBot) was spotlighted by Malwarebytes in July 2020 as part of phishing attacks aimed at Indian government personnel and individuals in Hong Kong. According to a profile published by Secureworks, the threat actor uses spear-phishing as an initial infection vector to drop MgBot as well as other tools like Cobalt Strike, a legitimate adversary simulation software, and an Android-based remote access trojan (RAT) named KsRemote. The group is suspected to conduct espionage activities against domestic human rights and pro-democracy advocates and nations neighboring China as far back as 2014.”

88. Ex-C.I.A. Psychologist Re-enacts Interrogation Techniques for Guantánamo Court

The New York Times published this article on April 13th stating that “in court this week, a psychologist who waterboarded prisoners for the Central Intelligence Agency rolled up a towel, wrapped it around the neck of a criminal defense lawyer, and slowly pulled the lawyer toward him and up on her toes — a dramatic re-enactment of practices used on a Saudi detainee in the war on terrorism. There was no waterboarding or commanding the defense lawyer to crawl into a cramped confinement box. But the demonstration on Wednesday by the psychologist, John Bruce Jessen, was meant to replicate some of the approved “enhanced interrogation techniques” that C.I.A. agents used on the Saudi prisoner, Abd al-Rahim al-Nashiri, at a secret interrogation site in Thailand in late 2002. Defense lawyers used the demonstration in an effort to persuade a military judge to exclude certain evidence from Mr. Nashiri’s trial as the fruit of torture. The judge, Col. Lanny J. Acosta Jr., allowed the presentation to show practices that C.I.A. officials had destroyed video evidence of two decades ago. Mr. Nashiri is accused of plotting Al Qaeda’s suicide bombing of the U.S. Navy destroyer Cole off the coast of Yemen on Oct. 12, 2000. Seventeen American sailors died.”

89. 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible

Following week 13 story #68 and week 15 story #35, on April 20th Mandiant cyber security and intelligence firm published this analysis stating that “in March 2023, Mandiant Consulting responded to a supply chain compromise that affected 3CX Desktop App software. During this response, Mandiant identified that the initial compromise vector of 3CX’s network was via malicious software downloaded from Trading Technologies website. This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack. 3CX Desktop App is enterprise software that provides communications for its users including chat, video calls, and voice calls. In late March, 2023, a software supply chain compromise spread malware via a trojanized version of 3CX’s legitimate software that was available to download from their website. The affected software was 3CX DesktopApp 18.12.416 and earlier, which contained malicious code that ran a downloader, SUDDENICON, which in turn received additional command and control (C2) servers from encrypted icon files hosted on GitHub. The decrypted C2 server was used to download a third stage identified as ICONICSTEALER, a dataminer that steals browser information. Mandiant tracks this activity as UNC4736, a suspected North Korean nexus cluster of activity.”

90. Video: A British Intelligence Numbers Station In Australia — E03a Cherry Ripe

Following this week’s stories #27 and #45, on April 22nd Ringway Manchester published a third video on the same subject. This video covers the E03a “CHERRY RIPE” number station, located in Australia, and used by the British MI6 as a covert communications channel.

91. 8 Ex-India Navy Officers Accused of Spying on Qatar for Israel

Following 2022 week 45 story #9, the Middle East Monitor reported on April 20th that “eight former Indian naval personnel are currently facing trial in Qatar on charges of espionage. They are accused of gathering intelligence on Qatar’s secret project to acquire high-tech submarines manufactured in Italy, which are designed to be difficult to detect by adversaries. According to the Print, legal proceedings against the officers began on 29 March, with the next hearing scheduled for May. The eight were working for a company called Dahra Global Technologies and Consultancy Services, which was described as a “local business partner” of Qatar’s defence and other agencies. They were arrested back in August 2022, although no official charges were brought at the time, it was widely suspected that they were spying on behalf of Israel. An intelligence source was quoted by the Print as saying: “We’ve tried hard to convince our counterparts in Doha that India and its nationals were not involved in hostile intelligence operations against the emirate.” “But the Qataris are insisting that intelligence on their submarine programme was passed on to Israel.” The source added that Qatar State Security, the state intelligence agency, allegedly intercepted electronic communications implicating the naval officers in leaking sensitive information on the submarine programme. The purported evidence, he insisted, has not been shared with India. In December, India’s Ministry of External Affairs (MEA) confirmed that it had secured consular access to the defendants and last month stated that it “attaches high priority to the matter and remains engaged with the Qatari authorities regarding the case”. In 2020, the Trieste-based shipbuilding firm, Fincantieri SpA signed a memorandum of understanding with Qatar for the production of submarines. The contract included the construction of four corvettes, one amphibious vessel and two patrol vessels, in addition to support services in Qatar. Significantly, it included the “supply of cutting-edge naval vessels and submarines.” In doing so, Qatar will become the first Arab Gulf state to operate submarines, which has been described as a potential game-changer in the region. Currently, Iran is the only submarine operator in the Gulf, however two of Qatar’s neighbours — Saudi Arabia and UAE have expressed interest in acquiring submarines.”

92. Poland Detains 3 More Suspects in Russian Spy Network Case

AA reported on April 21st that “Poland has detained three more suspects on allegations of being part of a Russian spy network which authorities revealed last month, said local media on Thursday. The suspects are believed to have been gathering intelligence on routes for the delivery of military assistance to neighboring Ukraine for use in fighting off the Russian-launched war, said private broadcaster RMF FM. The broadcaster, citing officials, argued that the suspects had also been preparing acts of sabotage. A court in the eastern province of Lublin has ordered that all three be remanded in custody and also ordered the continued detention of the nine original suspects arrested last month by the Internal Security Agency on suspicion of collaborating with the Russian secret services, it added. Separately, news outlet dorzeczy.pl claimed that the three suspects are being charged with being part of an organized criminal group as well as with working for foreign intelligence and against Poland.”

93. Documentary: History Calls: Former KGB Spy on Dissention and Aftermath

On April 21st History Calls published this documentary. As per its description, “while the world knows of the KGB spies and agents who crossed over to the West, few know of this tale of secret dissention from within. There is one officer, Viktor Orekhov, who went from repression of dissidents to joining their cause. After months and months of searching, the filmmaker tracked down Orekhov and now brings his story to the world. In the 1970s, threats to the USSR system not only came from the West but also from within: dissident movements were growing and the KGB reinforced its troops to control the population. Viktor Orekhov was one of the officers in charge of monitoring, collecting evidence and severely punishing the dissidents. Little by little, he was drawn into the world of the people he was working against and begun questioning his own political opinions. He eventually risked his life by joining the dissidents’ struggle for freedom. Arrested in 1978, he was sent to the gulag for ten years. Viktor Orekhov now lives in hiding in the United States, cut off from the world, for security reasons. To this day, he cannot set foot on Russian soil.”

94. United States: Pentagon Requests $36 Million for Havana Syndrome

The Intercept published this story on April 20th saying that “House speaker Kevin McCarthy’s debt limit bill unveiled Wednesday would slash $130 billion from a broad range of domestic programs, including clean-energy subsidies and student loan forgiveness. But one thing the bill would not cut is the military, which last month requested an $842 billion budget. Buried in the Pentagon’s sprawling budget request is an ask for at least $36 million to respond to Havana syndrome, the mysterious symptoms alleged by U.S. spies and diplomats. Initially blamed on microwave weapons wielded by foreign powers like Russia, U.S. intelligence agencies have concluded there is “no credible evidence that a foreign adversary has a weapon or collection device that is causing” the symptoms — opening the possibility that they may be psychogenic in nature.”

95. Espionage and Foreign Interference Offences in Australia

Sydney Criminal Lawyers released this article on April 17th saying that “on Saturday 15 April 2023, Bondi man Alexander Csergo appeared in Parramatta Local Court charged with one count of reckless foreign interference contrary to section 92.3 of the Criminal Code Act 1995. The allegation is that Ms Csergo had been selling national security material to two foreign intelligence operatives. If convicted of the offence, he faces a maximum sentence of up to 15 years imprisonment. The arrest was made after a joint investigation by the Australian Security Intelligence Organisation (SIO), the Counter Foreign Interference Taskforce (CFIT) and the Australian federal police (AFP). Mr Csergo is the second person charged under enactments to the Criminal Code Act introduced by the National Security Legislation Amendment (Espionage and Foreign Interference) Act 2018. He has been refused bail and remanded in custody. It is alleged that the offences took place between February 2021 and April 2023 and occurred in Shanghai China and NSW Australia. AFP assistant commissioner Krissy Barrett has informed the media that Mr Csergo is alleged to have been offered money by two foreign intelligence officers for information relating to Australian defence, economic and national security matters, amongst other things.”

96. Spy Way of Life: Jasmine Hotel, Naypyidaw, Myanmar

This week’s selection for Intelligence Online’s Spy Way of Life was “the Jasmine Hotel, a luxurious Myanmar sanctuary where sanctions-hit Pasdaran and Junta meet.” As per the article, “this week, Intelligence Online explores the Jasmine Hotel in Naypyidaw, where three Iranian delegations discreetly met between December 2021 and mid-February 2022.”

97. North Korean Hackers Now Push Linux Malware via Fake Job Offers

Bleeping Computer reported on April 20th that “a new Lazarus campaign considered part of “Operation DreamJob” has been discovered targeting Linux users with malware for the first time. This new targeting was discovered by ESET’s researchers, who say it also helps confirm with high confidence that Lazarus conducted the recent supply-chain attack on VoIP provider 3CX. The attack was discovered in March 2023, compromising multiple companies that used the trojanized version of the 3CX client with information-stealing trojans. Lazarus was already suspected of being responsible for the attack, while multiple cybersecurity companies agreed with high confidence that the threat actor who trojanized 3CX was of North Korean nexus. Today, Mandiant published the results of their investigation into the 3CX breach, further linking the attack to North Korean threat actors.”

98. United Kingdom: MI6 Spy Chiefs Urge Secret Agents to Swap Supercars for Bicycles in New Green Scheme

Daily Star published this story on April 21st saying that “James Bond will be Aston Smartin after real life spy chiefs urged secret agents to swap supercars for bicycles. The Secret Intelligence Service — aka MI6 and SIS — has introduced a cycle-to-work initiative to encourage operatives to go green. Under the spokes-for-spooks scheme staff from the espionage agency — made famous by the movie exploits of Aston Martin-driving fictional spy Bond — can spend up to £4,000 on a new tax-free bike and safety equipment. It is part of a Government mission to promote healthier journeys and reduce pollution. Spy chiefs have launched a recruitment drive to find new agents with a range of espionage skills and the cycling scheme is being offered as a key incentive. New roles advertised on MI6’s website include Arabic and Russian language specialists and technical operational officers with expertise in cyber security. Recruits — who are also being offered jobs at sister spook agencies MI5 and GCHQ — will be based at a range of locations across the UK including London, Manchester and Cheltenham.”

99. United States: NSA Continues Work towards a Green Campus

Following this week’s story #98, on April 21st the NSA/CSS officially announced that “an empty space on the National Security Agency (NSA) Washington East Campus where construction materials are currently stacked up will soon be transformed into a new park. “Installations & Logistics (I&L) is working to create a place for people to be outside and disconnect from high-stress environments,” said Sarah Bowley, architect and master planner. “We don’t currently have anything like this on campus, and we are very excited to provide an outdoor park focused on the human experience and connection to nature.” The project is just one of the many sustainable initiatives NSA has implemented throughout the years. Other efforts include the creation of a robust recycling program, the establishment of electric vehicle charging stations, the addition of reclaimed wastewater treatments, the construction of “green” vegetated roofs, and more. Each April, Earth Day is celebrated globally to honor the achievements of the environmental movement, raise awareness of the need to protect the Earth for future generations, and reaffirm commitment to sustainability. NSA Executive Director Catherine Aucella, who recently toured NSAW to witness first-hand some of the Agency’s major projects concerning sustainability, spoke on why knowing about these efforts is important.”

100. Podcast: Inside The FBI Podcast: The China Threat

On April 21st the United States FBI published a new podcast episode. As per its description, “on this episode of Inside the FBI, we’ll discuss some recent criminal charges that demonstrate the lengths the Chinese government will go to to threaten the economic well-being, national security, and democratic values of the United States.”

101. Bahrain: Sheikh Salman’s Progression from Crown Prince to Bahraini Security State Kingpin

Intelligence Online released a new article in their Spymaster series on April 21st. As per the article, “Sheikh Salman’s dominance over Bahrain’s security circles has been increasingly undercut by his half-brother Sheikh Nasser’s rapid ascent within the country’s governmental apparatus. Salman’s many official roles, however, have helped him maintain control over Bahrain’s most sensitive affairs.”

102. Podcast: CIA Spy Andrew Bustamante Opens Up About His Life…

On April 21st, “Back to Your Story” podcast released a new episode. As per its description, “Andrew Bustamante is a former CIA intelligence officer whose life is defined by courage, innovation, and a relentless pursuit of excellence. With his expertise in national security and his unwavering commitment to protecting American interests, Bustamante has become a highly sought-after authority on global intelligence, leadership, and risk management. His exceptional career in the CIA has made him a formidable force in the world of espionage, and his commitment to empowering others to make informed decisions has made him a revered mentor and thought leader. Andrew Bustamante is a true American hero whose story inspires us all to aim higher, work harder, and never give up in the pursuit of our dreams.”

103. Japan’s System of Military Surveillance for Chinese Students Draws Interest in the West

On April 21st Intelligence Online reported that “the pioneering strategy Japan has put in place to fight Chinese interference in the academic sphere is earning attention from an increasing number of foreign powers, including France, the United States and Australia. Intelligence Online investigates the secret system of military surveillance of Chinese students.”

104. United Kingdom: MI6 Spy Killed Own Child from Trauma After Being Sent to Jihadist Camps

On April 22nd The Times reported that “a British spy sent by MI6 to a jihadist camp despite warnings about his extreme vulnerability went on to kill his own child. The man, then in his twenties, was vetted for his suitability for overseas work by the Secret Intelligence Service. It produced a report that said his emotional instability was the “highest it is possible to score”. The leaked document said he had more in common with a psychotic person than an average member of the population on some traits and was at risk of severe shock and trauma. Intelligence also knew he posed a potential danger to those around him. The man reported being sexually abused as a child, had a criminal record and had suffered a mental breakdown as a young adult. He had previously worked for MI6’s sister agency, MI5, during which time his wife was sent to a hostel for domestic abuse victims. However, MI6 sent him to infiltrate a village in Waziristan, the tribally administered mountainous region on Pakistan’s border with Afghanistan that served as a base for Taliban and al-Qaeda terrorists. Posing as a jihadist soldier, he was forced to wash and bury the disfigured bodies of Taliban fighters, witnessed the beheading of a family accused of being American spies, and was forced to hold the head of a decapitated child. On his return to the UK, MI6 recorded that he was in a state of extreme stress. He struggled to speak, felt angry for no reason and suffered vivid flashbacks and violent outbursts. The spy went on to kill his child, who was found dead with numerous injuries. He was arrested and charged with murder.”

105. Germany: Berlin Confirms Expulsion of Russian Spy Agents, Russia Expels Dozens of German Diplomats

Radio Moldova reported on April 22nd that “the government in Berlin confirmed Saturday afternoon that it has asked Russia to reduce the number of spy agents believed to be on German territory, amid the Moscow administration’s announcement of the expulsion of dozens of German diplomats as a retaliatory measure, Mediafax reports. The Foreign Ministry in Berlin announced on Saturday afternoon that it was aware of Russia’s decision to expel German diplomats. “The German government and the Russian side have been in contact in recent weeks about staff in diplomatic representations with the aim of reducing the presence of Russian intelligence services on German territory. The expulsions announced today by the Russian authorities are related to this,” the Berlin Foreign Ministry said. The Russian Foreign Ministry had previously announced the expulsion of “more than 20 German diplomats” in response to a similar German action, according to Le Monde.”

106. Video: These Documents Expose MI6’s Most Horrifying Secrets

On April 21st the YouTube channel “A Day In History” published this new video. As per its description, “Britain’s MI6 may have become known worldwide through stories of spies embarking on exciting missions in exotic locations, but the reality isn’t so glamorous. Officially called the Secret Intelligence Service, MI6 is the foreign arm of the British intelligence service and has been active all over the world since its foundation during the First World War. Today on A Day In History, we expose some of the most disturbing secrets from Britain’s legendary intelligence service. Operation Embarrass was ended in 1948. It was considered to have been a success. The attacks had almost entirely stopped the flow of refugee ships from Italy, effectively solving the illegal immigration policy for the remainder of the time of British control of Palestine. Still, the terrorist attacks inflamed tensions between Jews and Arabs that only got worse after the establishment of Israel and, of course, continue to this day. That MI6 committed such risky attacks and invented entire terrorist networks to cover for them has made people wonder what else they have done, and whether other supposed terrorist groups aren’t quite what they appear to be. 1953 Iran Coup. This was far from the only time MI6 meddled in the Middle East. In 2020, the transcript of a 1985 interview with the MI6 spy Norman Darbyshire was finally published. Darbyshire had overseen British intelligence operations in Iran in the early 1950s. It had long been known that MI6 and the CIA had a hand in the 1953 Iranian Coup, but this interview gave new details that showed how deep that involvement went. In 1951, Mohammad Mosaddegh became Prime Minister of Iran. He implemented numerous social and political reforms that, in the early days of the Cold War, were viewed by the West as being a little too Communistic. The greatest controversy came when his government nationalized the oil industry, seizing control of facilities and supplies from the mostly British companies that owned them. The Iranians argued they were taking control of their country, while the British saw it as theft and a step towards Communism. The British were furious and MI6 was quickly set to work gathering intelligence on Mosaddegh’s government and planning a response. The British soon became convinced that a full-blown coup was the only way to stop Mosadesgh. They approached the Americans for help soon after, but Washington declined. Meanwhile, the British government escalated its public response to the crisis by blockading Iran with the Royal Navy and demanding the return of stolen British oil assets.”