SPY NEWS: 2023 — Week 18

Summary of the espionage-related news stories for the Week 18 (30 April-6 May) of 2023.

1. Islamic State Leader Abu Hussein al-Qurashi Killed by Turkish Spy Agency

ABC News reported on May 1st that “the leader of the Islamic State group, Abu Hussein al-Qurashi, has been killed in Syria in an operation carried out by Türkiye’s MIT intelligence agency, according to Turkish President Recep Tayyip Erdogan. “This individual was neutralised as part of an operation by the Turkish national intelligence organisation in Syria yesterday,” Mr Erdogan said in an interview with broadcaster TRT Türk. Mr Erdogan said the intelligence organisation had pursued al-Qurashi for a long time. Syrian local and security sources said the raid took place in the northern Syrian town of Jandaris, which is controlled by Turkish-backed rebel groups and was one of the worst-affected areas in the February 6 earthquake that hit both Türkiye and Syria. The Syrian National Army, an opposition faction with a security presence in the area, did not immediately issue a comment. One resident said clashes started on the edge of Jandaris on Saturday night, lasting for about an hour before residents heard a large explosion. The area was later encircled by security forces to prevent anyone from approaching the area.”

2. Australia: ‘Illegal’ ASIO Conduct May Galt Ex-pilot’s Extradition

Following 2022 week 50 story #83, on May 1st The West Australian reported that “potential misconduct by Australia’s spy agency could halt the United States’ bid to extradite a former fighter pilot accused of aiding the Chinese military. Daniel Edmund Duggan, 54, has filed an application to temporarily stay a lawsuit in Sydney’s Downing Centre Local Court which could prevent the ex-pilot being extradited to the US to face criminal prosecution there. Speaking to reporters on Monday, Duggan’s lawyer Dennis Miralis said a hearing for the stay set for July 25 would give his client the chance to protect his rights to a fair hearing. The Inspector-General of Intelligence and Security has launched an inquiry into the circumstances of Duggan’s return to Australia from China after the pilot made a formal complaint to the Australian Security Intelligence Organisation. “The substance of the complaint fundamentally relates to whether or not ASIO has acted illegally or improperly in its dealings with Mr Duggan over an extended period of time,” Mr Miralis told reporters. The lawyer has previously claimed the former pilot was “lured” back to Australia and then arrested. The time granted by the stay is hoped to allow Duggan access to the findings of the IGIS’s report which he will then use in his defence against extradition. “Dan knows that all the steps that have been taken are intended to secure his rights and to protect him, and to create the most favourable environment for him to be able to beat the extradition request from the US.” Duggan’s lawyers will also argue the case should be stayed after a large number of documents sought through 140 separate Freedom of Information requests to government agencies were rejected. Mr Miralis also said an application for bail could now be on foot, while acknowledging this could be “extremely difficult”. Barrister Trent Glover said on Monday that the US would fight the stay application, arguing the Local Court did not have the power to halt the extradition. Duggan has consistently denied the charges brought against him.”

3. Ukrainian SBU Detained Russian Agent in Odessa

On May 1st Ukraine’s Security Service (SBU) announced that they “detained an enemy informer who was “leaking” information about the defence of factories in Odesa region to the Russian Federation. The Security Service detained another supporter of racism, who was passing on the locations of the Defence Forces and industrial facilities in the Odesa region to Russia. The perpetrator was an employee of one of the local chemical plants. According to the investigation, he gave the coordinates of critical infrastructure on the territory of the enterprise to his acquaintances, citizens of the Russian Federation. He also “poured” to the aggressor country detailed information about the bases and types of weapons of the units of the Defence Forces, which are involved in the protection of the industrial facility. For communication, the attacker used closed chats of one of the messengers. In addition, he accompanied individual video files with his own comments in which he tried to discredit Ukrainian defenders.”

4. Spy Collection: Arsenal Kiev Vega Subminiature Cameras & KGB Cigarette Pack Concealments

On May 1st we published a new video. As per its description, “in this video we cover the Kiev Vega (Киïв Вега) subminiature camera as well as the Vega 2. Both manufactured by the Soviet Union’s Arsenal (Арсенал) factory based in Ukraine. The Vega 2 was used by the Counterintelligence Service of the Ukrainian KGB to construct spy cameras in cigarette packets concealment devices. In the video we also present two such examples from 1975.”

5. Is China’s Korla laser ASAT site hacking Western satellites?

Following week 16 story #69, Army Technology reported on May 1st that “new intra-day satellite imagery of the Korla East Test Site in Xinjiang, China, shows the operation of laser anti-satellite weapons (ASAT) to engage with Western satellites. The satellite imagery from geospatial intelligence company BlackSky has uncovered a pattern of behaviour at the Korla East Test Site that is consistent with China’s development of technology to disrupt, destroy or hijack foreign satellites, as mentioned in the recent US intelligence breach. Army Technology has reviewed satellites images of Korla East Test Site featuring two laser gimbals with supporting infrastructure, housed within separate hangars with retractable roofs, to the north and south of the compound, confirming the view that this site holds ASAT weapons. The evidence suggests a pattern of opening the hangars to operate the ASAT lasers around solar noon, the time when foreign imaging satellites are most active. According to satellite tracking data for a sample of days within the observation period, a large number of satellite companies orbited within line of sight of the facility during active ASAT periods, including SpaceX’s Starlink communications satellites, and constellations of commercial geo-imaging satellites that include the companies Spire and Planet Labs. National military satellites may also have been active in the region during this time, but their orbits are not public knowledge.”

6. America’s Spies Are Losing Their Edge: New Technologies and A Lack of Patriotism in Silicon Valley are Leveling the Playing Field for Russia and China

Bloomberg published this article on April 30th saying that “what a month this has been for secrets! Or rather, for no-longer-secrets. Ukraine is not winning its war, thinks the US military. Egypt planned to send rockets to Russia. Russia’s Wagner Group mercenaries tried to buy arms from Turkey through Mali. The US has penetrated Russian intelligence services. These are just a few of the delicious tidbits allegedly exposed by 21-year-old Air National Guardsman Jack Teixeira, apparently from a Pentagon treasure trove. If we sit down and think about these revelations, almost none comes as a surprise to those of us who study defense and foreign affairs. Everybody knows that almost all nations spy on their friends as well as on their enemies. For many moons there has been informed speculation about the stuff showcased in the leaks. The real damage derives from their authoritative sourcing to Washington — to America’s 18 intelligence agencies, nine of them within the Department of Defense. “Scandals” of this kind make headlines with monotonous regularity. The successes of intelligence agencies remain hidden from our gaze for years if not decades. The failures, however, fill whole books within months. As a student of warfare, I long ago concluded that while intelligence is a vital tool of national security, the activities of all secret services vacillate between deadly gravity and farce. Quite a few senior spymasters go mad, as did James Jesus Angleton, the Central Intelligence Agency’s counterintelligence chief who convinced himself in the 1960s and 1970s that Western agencies were riddled with traitors. Meanwhile, the CIA’s operations against Cuban leader Fidel Castro were unfailingly foolish and unsuccessful. The agency has always attracted more than its rightful share of cowboys. One day in 1972, I found myself stuck with a BBC camera crew at Pakse in Laos, when a communist offensive was launched. Out on the town’s airfield, I spotted three obvious Americans in jeans and sweatshirts, carrying rucksacks and M16 rifles. I asked them when the rumored “round-eye” evacuation flight would be coming in. They ignored me, looking studiously at the horizon until, at my third time of begging for information intended to save our frightened British necks, one man muttered between clenched teeth: “We don’t exist. We’re not here.” They were spooks, of course, behaving with a childishness that was pretty common in Indochina in those days, matched by ruthless carelessness with local people’s lives.”

7. Qatar Shuts Company Used by Indian Navy Officers for Espionage

Following 2022 week 45 story #9 and 2023 week 16 story #91, on April 30th Kashmir Media Service reported that “Qatar has shut down Dahra Global, a company involved in submarine espionage by Indian Navy officers. As many as 75 Indian nationals, the majority of whom are Indian Navy personnel, have been told that their last day of work at Dahra will be 31 May, foreign media reported. A majority of these Indian nationals will have to come back to India because of employment terms and conditions and rules related to work visa that are applicable in Qatar. Dahra Global has been in the eye of the storm since August last year after eight Indian Navy personnel, working with the said company in senior positions, were detained by Qatar’s intelligence agencies. These eight Indian nationals, too, have been sacked by Dahra. The arrested Indian Navy officials are now facing a potential death sentence as they have been charged with spying for Israel with the Qatari authorities said to be in possession of electronic evidence in this regard. The next hearing in the case is on 3 May during which it is expected that the charges under which they have been held will be revealed. The men were employed for a super-secret project to build Italian technology-based midget submarines with stealth characteristics. A new company reportedly called the “Advanced Services and Maintenance (ASM)” is in the process of taking over all the assets owned by Dahra, including office buildings, contracts and non-Indian employees.”

8. Video: The Strange Circles of Japan’s Signals Intelligence Network

On April 30th Ringway Manchester published a new video covering some of Japan’s SIGINT capabilities. The video goes through sites operated by the Japan Defence Intelligence Division Detachment across the country.

9. Sudanese Hackers Target Israeli Aviation, Weapons Industries Websites

The Fars News reported on April 30th that “Palestinian media outlets reported that the websites of Israel Aerospace Industries (IAI), Israel Weapon Industries (IWI) — an Israeli firearms manufacturer, Rafael Advanced Defense Systems Ltd. and Evigilo Ltd., which develops and delivers emergency mass-notification and alert multi-channel solutions, went down on Saturday. The attack was claimed by a group of hackers that goes by the name ‘Anonymous Sudan’, presstv reported. The same hacker group recently targeted the websites of the Israeli spy agency Mossad, the so-called internal security service Shin Bet, and several other companies across the occupied territories. The Hebrew-language Maariv daily newspaper reported on April 24 that various Israeli websites were knocked offline due to a widespread cyber-attack by Anonymous Sudan. Among those targeted were television, communication companies, banks, service companies, universities, newspapers, and Israel’s water company. On Wednesday, a group of hackers known as ‘Sharp Boys’ targeted the Atid vocational training institute, and put the stolen information up for sale after publishing part of it, including a file containing 200,000 names, identification numbers and addresses of the students. The hacker group claimed it had obtained the personal information of Israelis, including identification documents of people who served in the military and police forces of the occupying regime.”

10. Ukrainian SBU Disrupts Russian Information Operations Centre in Poltava

On May 1st, Ukraine’s SBU announced that they “eliminated a powerful proxy centre in Poltava, through which the Russian Federation conducted special information operations on the internet. As a result of comprehensive measures, the organisers of illegal activities were detained. They turned out to be two residents of Poltava and Kharkiv regions. Dilki set up an underground proxy centre that worked as a VPN service. It allowed subscribers from any country to impersonate Ukrainian mobile internet users. The cost of such a “subscription” was almost UAH 2.5 thousand per month. According to operational information, those involved received hundreds of “orders” every day, and money was received through prohibited payment systems. Among the “regular” customers were citizens of the Russian Federation who, through the services of the proxy centre, tried to hide their IP addresses to access popular social networks. At the same time, the servers of the enemy “cell” were located on the territory of the aggressor country. This allowed Russian intelligence services to gain remote access to the Ukrainian Internet space, as well as to spread Kremlin narratives and fake information about the situation at the front allegedly on behalf of Ukrainian citizens. During searches of the locations of the perpetrators, the following were found: Special hardware complex; ️120 thousand dollars and half a kilogram of gold; Cell phones and draft records with evidence of illegal activity.”

11. A Guide to Signals Intelligence (SIGINT)

Grey Dynamics published this article on May 1st. As per its introduction, “technology forms the backbone of the way the world communicates. Well before recorded history, various means of relaying information using nonelectrical systems emerged. These include instruments (such as drums), smoke signals, and flags. Electricity revolutionised the means by which communication happens. Militaries and governments immediately understood the massive benefit provided by beyond-line-of-sight and later international communications. Armies could better organise in the field, while governments could conduct diplomacy more centrally and rapidly. Simultaneously, intelligence experts recognised the vulnerabilities present in transmitting information through signals that do not abide by national borders. This branch of intelligence is called signals intelligence, or SIGINT. Signals can come from many systems, and SIGINT is interested in them all. These include radar, weapons systems, diplomatic communications, electronically monitored infrastructure, finance, industry, and more. As technology improves, so too will our reliance on signals. The prevalence of smart devices is a great example, with all transmitting and exchanging data via the Internet of Things. SIGINT will remain a vital component in intelligence operations for as long as signals are a part of communicating.”

12. Russia Calls for UN Security Council Meeting in Response to Polish Espionage Claims

Intel News reported on May 1st that “authorities in Poland have seized an abandoned school building in the Polish capital Warsaw, allegedly because it was being used as a base for espionage activities by the Russian government. Following the seizure of the building complex, Russian officials issued stern but vague warnings, saying that action will be taken in response to what they termed as an “act of provocation” by the Polish government. The controversial seizure was revealed on Saturday afternoon by Warsaw’s Deputy Mayor Tomasz Bratek, who announced that Warsaw city authorities had “taken possession” of the building. He was referring to a communist-era building complex in central Warsaw’s Ochota district, which, according to Moscow, belongs to the Russian government. The property was originally part of the Soviet embassy complex, but was later transformed into a high school and community center specializing in Russian language and culture. Many of its students were children of Russian diplomats who are stationed at the nearby Russian embassy. It has fallen into disuse in recent years. Poland claims that the Russian government never officially bought or leased the property, and that it had been using it without permission for over three decades. Warsaw city officials maintain that the building belongs to the Warsaw city council and that they have repeatedly asked Russia to vacate the building, but to no avail. In recent years, the Polish government has been accusing Russia of using the high school as a cover for espionage activities, and claims that the use of the building by Moscow violates Polish sovereignty while also constituting a security threat. Late on Saturday, the Russian government strongly denied the allegations and accused the Polish government of engaging in anti-Russian propaganda. It was later reported that Russia had called for an emergency meeting of the United Nations Security Council (which it currently chairs) to discuss the matter. The United States and other Western countries have not yet commented on the incident, but are likely to express support for Poland’s actions, given their own concerns about Russian intelligence activities in the region. The seizure of the high school building is just the latest incident in a long list of espionage and counter-espionage incidents involving Russia and its neighbors in Europe. Since the Russian invasion of Crimea in 2014, such incidents have increased considerably. The seizure of the high school building in Warsaw highlights the continuing tensions between Russia and its neighbors in Europe, as well as the centrality of intelligence-gathering and counter-intelligence efforts in the region.”

13. Chatroom to Pakistan: How a Love Affair Landed Pune Student in ISI Spy Plot

On May 1st The Indian Express published this article stating that “in 2005, a 25-year-old student in Pune began chatting with a Pakistani girl he met on the internet and fell in love. Two years later, the love affair that began with internet chats, hundreds of phone calls, two visits to Pakistan and a promise to convert to Islam ended with the student, Vishal, being arrested in an espionage case and sentenced to seven years in jail. With alleged links to an ISI agent and two officials from the Pakistan High Commission, the case even saw the Pune police seeking help from the Ministry of External Affairs. Sixteen years later, the alleged ISI agent Sallahudin Sha and his daughter Fatima Sha are still named as ‘wanted’ in the 2007 espionage case records. Vishal, who hailed from a middle-class family in Jharkhand, came to Pune in 2004 for his studies. He was studying at a Hadapsar college at the time of his arrest. In 2005, Vishal came in contact with a girl through Yahoo messenger. She identified herself as ‘Fatima Sallahudin Sha’, a resident of Karachi in Pakistan. He used to visit an internet café to chat with Fatima and they used to chat daily for hours together, the police said. Both shared details of their families, and as per police records, Fatima said Sallahudin was a retired Pakistani Army officer. Vishal fell in love and proposed marriage, to which Fatima allegedly agreed. She then shared a Pakistani cell phone number with him, as per police records. Vishal called her on this number from a local STD booth, running up bills to the amount of Rs 1.5 lakh, the STD booth owner told the police. He only paid Rs 40,000, the police said. Vishal also spoke to Fatima’s parents in Pakistan over the phone. Though they initially rejected his marriage proposal, they later agreed on the condition that he would convert to Islam, the police records say. Fatima and her father then allegedly invited Vishal to Pakistan. Her father lured him by saying he could settle in London after his wedding and handle a business there.”

14. Georgian Counter-intelligence Arrested a Man for Attempted Uranium Sale

Civil News of Georgia reported on May 1st that “as a result of operational and search measures, employees of the counterintelligence department of the State Security Service of Georgia/SSSG, together with the Prosecutor’s Office of Georgia, arrested a person for an attempt to illegally sell radioactive materials. The detainee was about to sell radioactive material in the city of Poti in exchange for USD 2,000,000 when he was arrested. According to the results of the radiological examination of the material seized during the search, it contains the radioactive substance uranium and belongs to the category of nuclear materials. The investigation is being conducted under the first part of Article 230 of the Georgian Criminal Code, which covers the illegal handling of radioactive substances and provides for a prison sentence for a period of 5 to 10 years. The counter-intelligence department of the State Security Service is conducting the investigation.”

15. Iranian Insider and British Spy: How a Double Life Ended on the Gallows

Following week 2 story #37, The New York Times reported on May 1st that “in April 2008, a senior British intelligence official flew to Tel Aviv to deliver an explosive revelation to his Israeli counterparts: Britain had a mole in Iran with high-level access to the country’s nuclear and defense secrets. The spy had provided valuable information — and would continue to do so for years — intelligence that would prove critical in eliminating any doubt in Western capitals that Iran was pursuing nuclear weapons and in persuading the world to impose sweeping sanctions against Tehran, according to intelligence officials. The identity of that spy has long been secret. But on Jan. 11, the execution in Iran of a former deputy defense minister named Alireza Akbari on espionage charges brought to light something that had been hidden for 15 years: Mr. Akbari was the British mole. Mr. Akbari had long lived a double life. To the public, he was a religious zealot and political hawk, a senior military commander of the Revolutionary Guards and a deputy defense minister who later moved to London and went into the private sector but never lost the trust of Iran’s leaders. But in 2004, according to the officials, he began sharing Iran’s nuclear secrets with British intelligence. He appeared to get away with it until 2019, when Iran discovered with the assistance of Russian intelligence officials that he had revealed the existence of a clandestine Iranian nuclear weapons program deep in the mountains near Tehran, according to two Iranian sources with links to Iran’s Revolutionary Guards. In addition to accusing Mr. Akbari of revealing its nuclear and military secrets, Iran has also said he disclosed the identity and activities of over 100 officials, most significantly Mohsen Fakhrizadeh, the chief nuclear scientist whom Israel assassinated in 2020.”

16. Lebanese Security Forces Arrest Photographer Over Spying for Israel’s Mossad

On May 2nd Press TV reported that “Lebanon’s security forces have arrested a professional Lebanese photographer over spying for Israel’s Mossad spy agency and collaborating with the regime’s authorities through collecting sensitive information and taking pictures of high-profile resistance figures residing in the Arab country. According to a report published by the Arabic-language al-Akhbar daily newspaper on Monday, the woman, identified as Layal Ramadan, was in close contact with Israeli intelligence officials between 2021 and 2022. She shot photographs and videos of a house in the Tariq al-Jadideh neighborhood of the capital Beirut, which apparently accommodated a senior leader of the Gaza-based Hamas resistance movement. Ramadan also took pictures of houses of Hezbollah members in Dahiyeh, the southern suburbs of Beirut, and sent them to Israeli agents later on. Al-Akhbar noted that the photographer received 50 dollars for each of her espionage missions. The daily newspaper went on to say that counter-espionage officers in the General Security Directorate detected in the summer of 2021 suspicious telephone conversations between a Lebanese phone number, whose owner resided in the al-Sanea area of ​​Beirut, and a number of foreign phone numbers. After months-long follow-ups, it was discovered that the foreign phone numbers belonged to Israeli users, while the Lebanese number was owned by a female photographer born in 1982. Al-Akhbar explained that Ramadan was a professional photographer, who worked for the Economic and Social Fund for Development (ESFD), which is affiliated with the Council for Development and Reconstruction, and published her photographs on her social media accounts. Lennon’s intelligence agency arrested the woman on April 5 on suspicion of collaborating with the Israeli regime, and it was found after careful investigations and interrogations that the photographer had sent hundreds of pictures and videos from different areas in Lebanon to Israeli authorities. The newspaper underscored that the woman’s connection with the Mossad spy agency has been conclusively proven.”

17. Former CIA Officer Jason Hanson Publishes New Videos

Throughout this week former United States Central Intelligence Agency (CIA) officer Jason Hanson published the following new videos: 1) Long-term food storage | How to survive in a crisis, 2) This is How I Got Into the CIA…, 3) Top Skills Needed to Work at the CIA.

18. Lawmaker Says Canada Government Did Not Inform Him of Report of China’s Threats to Family

Reuters reported on May 1st that “Michael Chong, a lawmaker with Canada’s main opposition Conservative party, said on Monday that the country’s spy agency did not inform him about threats against him and his family from China that were reported in a Canadian newspaper. Chong said he was “profoundly disappointed” to find out about the potential threat to his family in Hong Kong from a newspaper, which cited intelligence reports from 2021. The Globe and Mail reported on Monday that Beijing had sought information about a Canadian lawmaker’s relatives who may be in China in a likely effort to “make an example of this MP and deter others from taking anti-PRC positions.” The lawmaker, who was not named in the report produced by the Canadian Security Intelligence Service (CSIS), is Chong, the newspaper reported on Monday, citing a national security source. “While I have been briefed by CSIS about foreign interference threat activities, these briefings did not provide any information about this individual and specific threats to me or my family,” Chong said in a statement.”

19. Cyber Espionage Report: Chain Reaction — ROKRAT’s Missing Link

On May 1st private cyber security and intelligence firm Check Point Research published this report stating that “Check Point Research (CPR) continues to track the evolution of ROKRAT and its delivery methods; ROKRAT has not changed significantly over the years, but its deployment methods have evolved, now utilizing archives containing LNK files that initiate multi-stage infection chains. This is another representation of a major trend in the threat landscape, where APTs and cybercriminals alike attempt to overcome the blocking of macros from untrusted sources. The first sample we will discuss below was first discovered in July 2022, the same month that Microsoft began enforcing this new rule; The lures used as part of the ROKRAT infections are largely focused on South Korean foreign and domestic affairs. Most of those lures are in Korean, suggesting the targets are Korean-speaking individuals; Our findings suggest that various multi-stage infection chains used to eventually load ROKRAT were utilized in other attacks, leading to the deployment of additional tools affiliated with the same actor. Those tools include another custom backdoor, GOLDBACKDOOR, and the commodity malware Amadey.”

20. Iran APT Using ‘BellaCiao’ Malware Against Targets in US, Europe and Asia

The Record reported on April 30th that “an Iranian state-sponsored hacking group has been accused of deploying a new strain of malware named BellaCiao against several victims in the U.S., Europe, India, Turkey and other countries. Researchers from cybersecurity firm Bitdefender attributed the malware to APT35/APT42 — also known as Mint Sandstorm or Charming Kitten — an advanced persistent threat group that is allegedly run by Iran’s Islamic Revolutionary Guard Corps (IRGC). Martin Zugec, technical solutions director at Bitdefender, told Recorded Future News that the malware developers named the malware BellaCiao as a reference to an Italian folk song about resistance fighting. BellaCiao is a dropper malware designed to deliver other malware onto a victim’s device based on instructions from the attackers. “It is designed to be completely stealthy and doesn’t communicate with the threat actors much. It’s completely passive in receiving the instructions while it works. I’ve never seen the technique that they’re using before,” he said. “Every single implant is customized for that specific victim. It’s completely designed so that after initial compromise, it can turn into almost like a stealth mode. It doesn’t do anything until they are ready to weaponize their access.” Based on their analysis of several victims, Zugec said it was clear the hackers were organizing victims by country based on the folder names researchers found. They discovered folders named for Israel, Turkey, Austria, India and Italy.”

21. Former Dutch Diplomat: Russia Used Energy to Infiltrate, Influence, Spy in Europe

On May 1st EURACTIV reported that “the Nord Stream 1 pipeline was a Russian infiltration project, but this was ignored by the Dutch government, according to former Dutch diplomat Kees Klompenhouwer in an interview published on Friday. Klompenhouwer was head of foreign intelligence for the Dutch secret service (AIVD) between 2002 and 2006. He also acted as Dutch ambassador to Ukraine from 2013 until 2017. “[Nord Stream 1] was absolutely a Russian infiltration project,” Klompenhouwer told NRC in the interview published Friday. “It fits completely into Putin’s modus operandi”, he added. “The Russians lure their partners with short-term benefits, their dependence on Russia grows, they are tied to Russia — and then they are drained,” he added. The report touched upon how the Russian state spied on Dutch energy company Gasunie, which acquired a 9% share in the Nord Stream 1 pipeline and its employees. The report also points to a lack of coordination within Dutch authorities: Despite the AIVD repeatedly warning about Russia’s espionage activities in the country and the potential risk of being overly dependent on Russia in the energy sector, the Dutch government opted to ignore these preoccupations. “We thought: we have to be quick. If you are of importance in energy, you are taken more seriously in the EU too,” Netherland’s former Foreign Minister Bernard Bot (CDA) was quoted as saying.”

22. Interview: Erik J. Dahl, Naval Professor/Author — The COVID-19 Intelligence Failure: Why Warning Was Not Enough

The United States Association of Former Intelligence Officers (AFIO) published this video recording on April 30th. As per its description, “Erik Dahl and Jim Hughes discuss Dahl’s latest book, “The COVID-19 Intelligence Failure: Why Warning Was Not Enough” which explores the roles that both traditional intelligence services and medical intelligence and surveillance systems play in providing advance warning against public health threats ― and how these systems must be improved for the future. Epidemiologists and national security agencies warned for years about the potential for a deadly pandemic, but in the end global surveillance and warning systems were not enough to avert the COVID-19 disaster. ERIK J. DAHL is an associate professor in the National Security Affairs Department and a faculty member of the Center for Homeland Defense and Security at the US Naval Postgraduate School, Monterey, California. He is a former Naval Intelligence Officer. He is also the author of “Intelligence and Surprise Attack: Failure and Success from Pearl Harbor to 9/11 and Beyond” (Georgetown University Press, 2013).”

23. Fallen Kazakh Spymaster’s EU Supporters Hold On Through the Storm

On May 2nd Intelligence Online reported about “the former head of Kazakhstan’s internal intelligence service (KNB), Karim Massimov” that “a number of individuals in Brussels familiar with Kazakhstan quietly gave their support to Karim Massimov, the former intelligence chief sentenced to 18 years in prison for high treason, attempting a coup and abuse of power. His supporters included Pier Antonio Panzeri, who is being investigated himself as part of the Qatargate scandal.”

24. Australia: Revealing Secrets Strengthens Our Intelligence Services

The ANU Strategic and Defence Studies Centre published this article on May 2nd stating that “in the intelligence business, the secret of success lies in keeping one’s successes secret. After all, were a target or adversary to become aware of one’s ability to eavesdrop, they would be expected to alter their practices, making it that much harder to replicate the success that led to the boasting in the first place. Notwithstanding this truism, there is a place for a judicious but honest account of the place of intelligence in our lives and in our society. This is one of the key themes of my new book, co-authored with Clare Birgin, Revealing secrets, which explores the history of signals intelligence, or Sigint, in Australia as well as its future. In our book, we argue that this increased transparency is increasingly vital in the 21st century — especially as the ability of states to monitor each other as well as their citizens becomes increasingly powerful.”

25. GRU Agent Was in Zhanna Nemtsova’s Circle, Turns Out to Be Spanish Journalist of Russian Ancestry

Following 2022 week 9 story #66, 2022 week 13 story #1, and 2023 week 9 story #9, Novaya Gazeta Europe reported on May 2nd that “Zhanna Nemtsova, the daughter of Boris Nemtsov, used to have a GRU (Russia’s Main Intelligence Directorate) agent in her circle, Agentstvo cites two sources acquainted with Zhanna. The agent’s name is Pablo Gonzalez, he is a Spanish journalist of Russian ancestry who was detained in Poland in February 2022 on suspicion of espionage. According to a source from the Boris Nemtsov Foundation and an acquaintance of Nemtsova, Gonzalez met her in 2016 in Brussels during a PACE session on her father’s assassination (Boris Nemtsov was killed in downtown Moscow in 2015). The two became friends, and the journalist used to attend events set up by the Foundation, and he also used to invite the Foundation’s employees to visit him at his place. When Gonzalez was detained in Poland in February 2022, reports on the activities of Nemtsova and people from her circle were found on his digital media. In the reports, he described in detail how he passed the borders, whether he noticed surveillance, and also asked for help in solving problems. He was greatly interested in students of the Summer School of Journalism of the Nemtsov Foundation from Ukraine and the US. In one of his reports, Gonzalez wrote: “It’s good that there was no one from RBC who could recognise me at the Boris Nemtsov forum in Prague.” Gonzalez’s reports also describe events he moderated and mention people he met at the Nemtsov Foundation, including lawyer Ilya Novikov and opposition figure Vladimir Kara-Murza. Among other things, copies of Boris Nemtsov’s letters were found on the journalist’s digital media, which he probably got from Nemtsova’s laptop. Therefore, the investigation plans to charge him with illegal access to information.”

26. Podcast: Everyday Espionage: The Secret Shortcut to Winning Negotiations

On May 2nd, former CIA officer Andrew Bustamante released a new podcast episode. As per its description, “how much easier would your life be if you never lost a negotiation? Well, today is the first day of that new life! There is a simple and powerful secret that spies use to win every negotiation. And that CIA HACK has incredible value in the everyday world. In this episode, Andrew gives you a bulletproof plan to make more money, close more business, and unlock the career success you’ve always wanted.”

27. Belgian Federal Police Assemble New OSINT Unit

Intelligence Online reported on May 2nd that “seeking to strengthen its open source intelligence capabilities, Belgium’s federal police has launched a specialised service in Brussels that is, for the moment, using technology from Social Links and Maltego.”

28. Danish Intelligence: Russia May Use Civilians, Journalists to Spy on Denmark

On May 2nd WTVB reported that “Denmark’s intelligence service expects Russia to recruit civilians and use journalists and business people to spy on the country as an alternative to Russian diplomats who were expelled last year on suspicion of espionage, it said on Tuesday. Russia’s invasion of Ukraine has intensified Moscow’s need for intelligence gathering in NATO countries, the Danish Security and Intelligence Service (PET) said in a report on Tuesday. Controlling the entrance to the Baltic Sea, Denmark would play an important strategic role in a potential military conflict with Russia as a transit point for NATO reinforcements, making the NATO-member a particular focus for Russia, PET said. Russia’s embassy in Copenhagen did not immediately respond to a request for comment by Reuters. When Denmark, in line with other EU countries, expelled 15 Russian diplomats in April last year, it crippled Russia’s capacity to spy on Danish soil. “But Russia’s need to obtain information in Denmark has increased … and PET therefore expects Russia to try to use other ways of spying in Denmark,” PET said. “…It could be stationing intelligence officers in Denmark outside the diplomatic representations, for example as journalists or business people, using visiting intelligence officers or that the Russian intelligence services to a greater extent recruit any Danish sources in Russia or in third countries.” Other methods would include different forms of electronic intelligence gathering and cyber espionage, it added.”

29. Israeli Authorities Are Using Facial Recognition Technology to Entrench Apartheid

Amnesty International published the results of a new investigation on May 2nd. As per its introduction, “the Israeli authorities are using an experimental facial recognition system known as Red Wolf to track Palestinians and automate harsh restrictions on their freedom of movement, Amnesty International said today. In a new report, Automated Apartheid, the organization documents how Red Wolf is part of an ever-growing surveillance network which is entrenching the Israeli government’s control over Palestinians, and which helps to maintain Israel’s system of apartheid. Red Wolf is deployed at military checkpoints in the city of Hebron in the occupied West Bank, where it scans Palestinians’ faces and adds them to vast surveillance databases without their consent. Amnesty International also documented how Israel’s use of facial recognition technology against Palestinians in occupied East Jerusalem has increased, especially in the wake of protests and in the areas around illegal settlements. In both Hebron and occupied East Jerusalem, facial recognition technology supports a dense network of Closed-Circuit Television (CCTV) cameras to keep Palestinians under near-constant observation. Automated Apartheid shows how this surveillance is part of a deliberate attempt by Israeli authorities to create a hostile and coercive environment for Palestinians, with the aim of minimizing their presence in strategic areas. “The Israeli authorities are using sophisticated surveillance tools to supercharge segregation and automate apartheid against Palestinians. In the H2 area of Hebron, we documented how a new facial recognition system called Red Wolf is reinforcing draconian restrictions on Palestinians’ freedom of movement, using illegitimately acquired biometric data to monitor and control Palestinians’ movements around the city,” said Agnès Callamard, Amnesty International’s Secretary General.”

30. Harry Belafonte and the CIA

On April 30th Counter Punch published this article stating that “a March 1984 summary noted that Belafonte had recently visited Moscow with members of PAND. Belafonte stressedthe role of artists in the “struggle for peace” and regretted the “absence of cultural agreement between USA and USSR” (CIA’s paraphrase). The CIA was concerned that Belafonte spoke directly to the people, not elites, of the USSR, reminding them that they have common cause with the people of the USA; in this case, literal survival.”

31. Discreetly, Berlin Confronts Russian Spies Hiding in Plain Sight

The New York Times published this article on May 2nd stating that “every day as he settles into his desk, Erhard Grundl, a German lawmaker, looks outside his office window into the embassy he knows may be spying on him. “I come into the office, and on a windy day, I see the Russian flag waving. It feels a bit like Psalm 23: ‘You prepare a table before me in the presence of my enemies,’” he said, chuckling. “I’m not religious, but I always think of that.” In the shadow of Berlin’s glass-domed Reichstag, beyond the sandstone columns of Brandenburg Gate, German parliamentary buildings sit cheek by jowl with Russia’s sprawling, Stalinist-style diplomatic mission. For years, a silent espionage struggle played out here along the city’s iconic Unter den Linden avenue. Members of Parliament like Mr. Grundl were warned by intelligence offices to protect themselves — to turn computer screens away from the window, stop using wireless devices that were easier to tap, and close the window blinds for meetings. It seems an almost comical situation for officials in one of Europe’s most powerful nations, where tensions over Russian espionage were something Germany’s government long seemed willing to ignore. That has become increasingly difficult since Russia’s invasion of Ukraine, as a Cold War-era style chill settles across the continent and recasts relations with Russia. Late last month, Russia exposed what it described as a “mass expulsion” of its diplomats in Germany when it announced a tit-for-tat expulsion of more than 20 German diplomats from Moscow. It was a rare sign, security analysts say, of a subdued but growing counterintelligence effort that Berlin is now belatedly undertaking, after years of increasingly brazen Russian intelligence operations on German soil. At least twice, Russian groups suspected of Kremlin links have hacked German politicians and Parliament — the last time just months before the 2021 elections that ended Angela Merkel’s 16 years at the helm and brought in Chancellor Olaf Scholz. A few years earlier, a gunman accused of ties to Russian intelligence shot dead a Georgian dissident in broad daylight at the leafy Kleiner Tiergarten park, less than a mile away from Berlin’s government district.”

32. Podcast: SpyCast: Ukraine & the Alliance with NATO’s Assistant Secretary General for Intelligence David Cattler

On May 2nd the International Spy Museum’s SpyCast released this new podcast episode. As per its description, “Last February, SpyCast brought you an episode featuring David Cattler, focused on his role as NATO’s Assistant Secretary General for Intelligence and Security. Only a few weeks after that episode was published, Russia invaded the Ukraine on February 24th, 2022, catalyzing the first war on European soil since World War II. Only three weeks ago, NATO gained their newest member of the alliance, Finland, with the hopes of ratifying Sweden’s membership soon. This week, we bring David back on to discuss how his position has evolved and changed alongside the war in Ukraine, and how NATO is responding to the ongoing crisis. What impact does the inclusion of Finland (and hopefully Sweden) make on the European continent? Tune in to find out more. And… With Finland’s recent membership, NATO is currently comprised of 31 independent nations. Out of these 30, only one member state doesn’t have a standing army — Can you guess which? Hint: It’s Iceland!”

33. NATO Says Moscow May Sabotage Undersea Cables As Part of War on Ukraine

Reuters reported on May 3rd that “Russia may sabotage undersea cables to punish Western nations for supporting Ukraine, NATO’s intelligence chief warned on Wednesday, as the alliance boosts efforts to protect undersea infrastructure following the Nord Stream attacks. “There are heightened concerns that Russia may target undersea cables and other critical infrastructure in an effort to disrupt Western life, to gain leverage against those nations that are providing security to Ukraine,” David Cattler told reporters. “The Russians are more active than we have seen them in years in this domain,” he said, adding they were patrolling more throughout the Atlantic than in recent years and had also stepped up activities in the North and Baltic seas. Threats to undersea cables and pipelines have become a focus of public attention since, in September 2022, as-yet unexplained explosions crippled the Nord Stream 1 and 2 pipelines, built to ship gas from Russia to Germany across the Baltic Sea. Citing ongoing investigations, Cattler declined to speculate about who was behind the attacks.”

34. Russian FSB Reports Disruption of Ukrainian GUR Agent Network in Crimea

On May 3rd Russia’s Federal Security Service (FSB) announced that they “stopped the activities of the intelligence network of the Main Intelligence Directorate of the Ministry of Defence of Ukraine, which planned to commit a series of high-profile sabotage and terrorist acts on the territory of the Republic of Crimea. The Head of the Republic Aksenov S. V. (Аксенов С.В.), Chairman of the Parliament Konstantinov V.A. (Константинов В.А.) were chosen as the objects of encroachment, and the mayor of Yalta Pavlenko Ya. P. (Ялта Павленко Я.П.), as well as elements of the transport infrastructure of the peninsula. It has been established that the direct organiser of the terrorist attacks and the coordinator of the preparation of the murders of high-ranking officials is the close connection of the head of the Main Intelligence Directorate of the MOU Kirill Budanov, an officer of the active military intelligence reserve Mashovets Roman (Машовец Роман), born in 1976, who has been deputy head of the Office of the President of Ukraine Volodymyr Zelensky since 2020. In the course of the measures taken, members of the deeply secret agent group of the Main Intelligence Directorate of the Ministry of Defence of Ukraine, citizens of Russia and Ukraine, were detained: Podvalny Viktor (Подвальный Виктор), born in 1967, Litvinenko Alexander (Литвиненко Александр), born in 1986, Krivoshein Sergey (Кривошеин Сергей), born in 1988, Evmenenko Konstantin (Евмененко Константин), born in 1971, Zorin Igor (Зорин Игорь), born in 1972 and Voinarovsky Sergey (Войнаровский Сергей), born in 1984, recruited by R. Mashovets, who planned to commit terrorist acts, carried out surveillance of officials using special technical means and acquired firearms, as well as a citizen of Ukraine and Bulgaria D. Petranov (Д. Петранов), born in 1979, involved in the delivery of weapons to Russia. During the searches, the detainees found 5 IEDs ready for use, made according to the type of shaped and concentrated charges, plastic explosives made in Great Britain, with a total weight of about 6 kilograms, military electric detonators, radio-controlled actuators for initiating explosive devices, trackers for surveillance , as well as means of communication for secret communication with handlers from the GUR MOU. As part of this work, the security authorities uncovered and localised an international channel of smuggling supplies from Bulgaria to Russia of explosives and components of explosive devices disguised as household electric stoves, which was supposed to be used by members of this group in terrorist activities, organised by Ukrainian intelligence services, passing through the territories of Turkey and Georgia. In Bulgaria, the organisation of shipment to Russia of electric stoves with components of explosive devices, which were later transferred to D. Petranov by citizens of Ukraine Smirnov Denis (Смирнов Денис), born in 1984 and Sarafinchan Vladislav (Сарафинчан Владислав), born in 1995, was handled by a citizen of Ukraine Matuschak Marina (Матущак Марина), born in 1974. After the delivery of electric stoves by road to the territory of Russia, their further transfer to the places of preparation of terrorist acts was carried out through the transport companies “SDEK” (СДЭК) and “Vozovoz” (Возовоз), and they were sent by the Ukrainian intelligence services “into the dark” Russian citizens who have commercial projects with a Bulgarian company headed by M. Matuschak.”

35. Meta: Chinese Disinformation Network was Behind London Front Company Recruiting Content Creators

The Record reported on May 3rd that “a Chinese disinformation network operating fictitious employee personas across the internet used a front company in London to recruit content creators and translators around the world, according to Meta. In a report published Wednesday, Meta revealed it had removed more than 100 accounts on Facebook and dozens on Instagram connected to the operation targeting “multiple internet services,” including almost all of the major social media platforms. The operation used a company called London New Europe Media, registered to an address on the upmarket Kensington High Street, that attempted to recruit real people to help it produce content. It is not clear how many people it ultimately recruited. London New Europe Media also “tried to engage individuals to record English-language videos scripted by the network,” in one case leading to a recording criticizing the United States being posted on YouTube, said Meta. While the actual operators of this network attempted to conceal their identities, Meta said its investigation had “found links to individuals in China associated with Xi’an Tainwendian Network Technology, an information technology company.” The London operation created fake personas impersonating companies and institutions in the U.S. and EU, initially making posts mimicking the entity before switching to publishing negative commentary about Uyghur activists and critics of the Chinese state. One of the fictitious personas the network had created even managed to partner with a nongovernmental organization in Uganda that featured the persona’s logo at one of its events, said Meta. The posts were mainly written in English, Russian, Uyghur and Chinese and included content about geopolitics in Central Asia. Meta said around 15,500 accounts had been following one or more of the group’s pages on Facebook. According to the government’s Companies House registration information, the London New Europe Media “front company” was incorporated in August 2021 and is directed by a 51-year-old Chinese national called Yong Liu. The Record didn’t receive a response when pressing the buzzer for Liu’s correspondence address at Applegate House in Stratford. Land registry information revealed it was a rental property and not owned by Liu.” Here is the full Meta report.

36. Turkish Intelligence Agency MIT Uses Journalism to Mask Undercover Agents, Assets and Informants

On May 1st the Nordic Monitor reported that “Turkish intelligence agency MIT has been using journalism as a cover to infiltrate and collect intelligence in other countries, dispatching its agents and assets as reporters to engage in spying, several sources familiar with the modus operandi of MIT told Nordic Monitor. “Mostly it was reporters who worked for state news agency Anadolu and Turkish Radio and Television [Türkiye Radyo ve Televizyon Kurumu, TRT] who were tapped as assets by MIT,” said one source who had served in a senior position in Turkish military intelligence. The source, who spoke anonymously for fear of repercussions from the Turkish government, said these reporters regularly filed reports and coordinated their work with their handlers. Yahya Bostan, the news coordinator for Anadolu, is one of those who work for Turkish intelligence. He had previously worked as news coordinator for TRT News for four years between 2017 and 2021. Before moving to the state-funded media, he was employed by the Sabah newspaper, owned by the Turkish president’s family. Bostan often writes articles praising MIT in his weekly column for the Islamist Yeni Şafak daily. Bostan was red flagged during a 2011–2014 terrorism probe into Iran’s Quds Force network in Turkey and listed as a suspect by prosecutors. He was put under surveillance and his phones were tapped by prosecutors who secured court warrants to determine Bostan’s clandestine connections. The investigation revealed he was regularly in contact with several high-profile Quds Force operatives. Prosecutors also discovered he was coordinating his activities with Nuh Yılmaz, a senior MIT official known for his anti-Israel and pro-mullah regime views who had worked for an Iranian-funded Turkish publication in the 1990s. The Quds Force probe was killed by the government of then-prime minister and current president Recep Tayyip Erdogan in February 2014 after it exposed a number of senior officials’ links to Quds Force cells.” The article names the following individuals as MIT assets under journalist cover: 1) Yahya Bostan, 2) Nuh Yılmaz, 3) Abdurrahman Şimşek, 4) Ferhat Ünlü, 5) Nazif Karaman, 6) Mustafa Özer, 7) Hande Fırat, 8) Fatih Altaylı, 9) Tuncay Özkan, 10) Mehmet Faraç, 11) Çetiner Çetin, 12) Cem Küçük.

37. NISA: Foreign Fighters Among Militants Killed in Somalia Operation

On May 3rd Garowe Online reported that “at least 10 foreign fighters were killed in an operation targeting Al-Shabaab militants in Somalia, the country’s National Security and Intelligence Agency [NISA] confirmed, in the latest crackdown which comes a few weeks before the commencement of the second phase of operations against the group. The spy agency said that the operation, which was aided by international partners, left at least 46 Al-Shabaab militants dead in Sharif Farm, about 8 kilometers north of Barire town within the troubled Lower Shabelle region. Barire town, 60 km south of Mogadishu is prone to frequent Al-Shabaab attacks. Among the dead were 10 foreign fighters but the spy agency did not reveal their nationalities at the time of press. Previously, foreign fighters have been killed in Al-Shabaab operations with the majority of them coming from neighboring Kenya, Tanzania, Ethiopia, and even Uganda, with others coming from Pakistan and Yemen.”

38. Presentation: Codename HEXAGON: Inside the Secret Satellite Program with Phil Pressel

On May 4th the International Spy Museum published the recording of this webinar. As per its description, “imagine a vehicle orbiting the earth taking photographs. Now imagine two film reels, each holding 30 miles of film. Now imagine the exposed film being dropped in a container from 100 miles above the earth. Imagine a skilled pilot catching the container in mid-air with a net pulling it into a plane and returning it to earth for skilled analysis. Now imagine this happening over and over again. That’s the core of the HEXAGON satellite program. Join us today in person, to hear about the US’s last film-based intelligence spy satellite program directly from Phil Pressel. Pressel was the project engineer in charge of the design of the formerly top-secret Hexagon KH-9 spy satellite’s stereo cameras. The Hexagon satellite was an invaluable asset providing photographic intelligence information during the Cold War. Pressel’s presentation will show photographs that the system took of some Russian military assets and of some cities. Hexagon was responsible for President Nixon signing the SALT treaty and allowing President Reagan to say, “trust but verify.” It was also one of America’s best and most successful spy satellites. Pressel’s book Meeting the Challenge, the Hexagon KH-9 Reconnaissance Satellite was published by the American Institute of Aeronautics and Astronautics (AIAA) in 2013. The program was declassified in 2011 by the RO/CIA in 2011, which is why Pressel can talk about it. After his talk, guests will have a chance to see the Museum’s own HEXAGON Take-Up Reel.”

39. French Foreign Ministry Sets Up New Anti-disinformation Task Force

Intelligence Online reported on May 3rd that “the French foreign ministry has recently gained some ground in the fight against disinformation, while France’s military and security aparatus already have their own structures in place.”

40. Israel: IAI Flies High with $100 Million Contract to Bring Airborne SIGINT Solutions to an International Customer

UAS Weekly reported on May 2nd that “Israel Aerospace Industries (IAI) has announced that its subsidiary, ELTA Systems, has been awarded a contract worth over $100 million to provide an international customer with airborne Signals Intelligence (SIGINT) solutions. The contract includes the delivery and maintenance of SIGINT systems and airborne communication suites for both manned and unmanned aircraft. The SIGINT capabilities of the systems are designed to handle complex signal formats in dense communications and electronic environments, and provide real-time intelligence to the customer on enemy activity and communications over a wide area. The systems are developed for Intelligence, Communications, and Electronic Warfare (EW), providing a full array of solutions for Electromagnetic Dominance. IAI offers systems in the fields of SIGINT, EW systems for self-protection and electronic attack, communications systems, and multi-intelligence software. ELTA’s VP and GM of Intelligence, Communications, and Electronic Warfare (EW) Division, Adi Dulberg, stated that achieving Electromagnetic Spectrum Dominance is a crucial goal in the modern battlefield, and ELTA’s expertise in airborne SIGINT and EW has been combat-tested and proven. ELTA is excited to provide its customer with cutting-edge technology to achieve their operational intelligence goals in the future.”

41. Russian Spy Network Smuggles Sensitive EU Tech Despite Sanctions

On May 3rd the Financial Times reported that “a Russian spy network has acquired sensitive technology from EU companies to fuel Vladimir Putin’s war in Ukraine even after a US-led crackdown on the covert smuggling ring. The network — set up to procure goods ranging from microchips to ammunition — has managed to obtain machine tools from Germany and Finland despite US sanctions imposed in March 2022, a Financial Times investigation has found. The procurement cell’s continued ability to operate in Europe illustrates the challenges faced by western governments as they attempt to choke off the supply of critical technology for Russia’s military-industrial complex. The “Serniya network” has been accused by the US Department of Justice of working on “highly sensitive and classified procurement activities” on behalf of Russia’s FSB spy agency, including for its Directorate for Scientific and Technological Intelligence, commonly known as “Directorate T”. Other clients include the Kremlin’s Foreign Intelligence Service, known as the SVR; the state-owned defence conglomerate Rostec; Russia’s Ministry of Defence; and Rosatom, the state atomic energy company in charge of the country’s nuclear arsenal. The FT has found that a Russian company, controlled by the same person that controls a Serniya network entity described by the US as “engaged in proliferation activities at the direction of Russian intelligence services”, has continued to buy items from companies inside the EU. Corporate records, import declarations and interviews reveal that Trading House Treydtuls, registered to an address in an industrial estate in north Moscow, has acquired $900,000 of materials since the Ukraine war started, including microchips and items for industrial manufacturing, mostly from the EU.” The article names the following people as involved in Russian intelligence activities: 1) Alexey Zibyrov, 2) Vadim Konoshchenok, 3) Yevgeniy Alexandrovich Grinin, 4) Boris Yakovlevich Livshits, 5) Aleksey Ippolitov, 6) Andrey Georgiyevich Zakharov.

42. REGAN Vest: Inside Denmark’s Secret Nuclear Bunker

BBC Travel published this article on May 2nd stating that “a top-secret atomic bunker has opened to the public in Denmark. Built to withstand a nuclear attack, it’s now an astonishing subterranean museum that sheds light on Cold War paranoia. Hidden in northern Jutland’s Rold Forest, some 400km north-west of Copenhagen, is the sprawling bunker complex of Koldrigsmuseet REGAN Vest (The Cold War Museum REGAN West). Secretly built in the 1960s at the height of Cold War tensions, this is where the Danish government and even the queen would have been evacuated if nuclear war had broken out. The plan was to run the country from inside this shelter, 60m below ground, and its very existence was kept hushed for decades until it was finally revealed in 2012. After years of preparations, it opened to the public for the first time in February 2023 as a museum. Only 50,000 visitors are permitted annually, and access has been limited to small groups of 10 on 90-minute guided tours that explore 2km of the labyrinthine bunker system. It’s an eye-opening journey into the heart of a Cold War-era time capsule. Stepping out of the train station in the small town of Skørping, I jumped straight into a taxi for the short ride to Rold Forest. The local driver had never heard of the mysterious bunker, and with no phone signal, we ended up driving around in circles trying to find it. Luckily, before long we chanced upon the road leading towards a cluster of dark metal and glass buildings partly obscured in the hillside that’s home to the smart new visitor centre.”

43. Russian Hacker Group Targets Ukraine’s Government with New Phishing Campaign

The Record reported on May 1st that “Russian hackers have been targeting Ukrainian government agencies with malicious emails containing fake instructions on how to protect devices from cyberattacks, Ukraine’s cyber agency reported over the weekend. The computer emergency response team (CERT-UA) attributed the attack to the Russian state-sponsored hacker group Fancy Bear, also known as APT28. The group is responsible for the attack on the U.S. Democratic National Committee during the 2016 elections and the breach of the World Anti-Doping Agency. Throughout the war, Fancy Bear has conducted phishing attacks on Ukraine and NATO countries. Earlier in April, the U.S. Cybersecurity and Infrastructure Security Agency released an advisory spotlighting Fancy Bear’s attacks on unpatched Cisco routers. The hackers’ most recent attack, which took place throughout April, involved sending phishing emails in which they pretended to be system administrators from the government agencies they were targeting. The emails purportedly provided instructions in the Ukrainian language on updating the Windows system, but in reality they deceived the victims into downloading a PowerShell script. The goal of the attack, according to CERT-UA, is to extract data from the victims’ computers and send it to a web-based service known as Mocky — a legitimate website that allows developers to produce mock application programming interfaces.”

44. Apprehensions Around Guyana “Spy” Agency Should Be Put to Bed

Following week 17 story #8, on May 4th Kaiteur News reported that “the NISA Legislation in Parliament is to establish a legal entity (a national agency) with responsibilities for protecting the State of Guyana against foreign and domestic enemies. To call or refer to NISA as a “spy” agency does not chime with the raison d’etre of said legislation. Columnist GHK Lall’s assertion that NISA is a “spy” agency is misleading and devoid of understanding of the role and function of a national intelligence agency. The fears and apprehensions that he referred to in his column of May 2nd are historically grounded and understandable. But those fears and legitimate concerns are precisely what the legal establishment of NISA would put to rest. Let us address one of those fears, a major one: unwarranted interception of communication. The Telecommunication’s Act passed in 2008 made it abundantly clear that a politician, minister of government, the president or prime minister, the vice president, not even the director of the “spy” agency can authorize an interception of communication. If such a request is sent to the director of the agency, the executing unit, the latter cannot authorize it without a ruling from a judge. Ideally though, Guyana should tighten up that Act’s modus operandi with a few amendments. The Government of Trinidad and Tobago passed its Interception of Communications Act in 2010. This Act stipulated that anyone of these three persons, the Commissioner of Police, the Chief of Defense Staff, and the Director of the Strategic Services Agency (SSA) can authorize an interception. But, the request to do so must be in writing, showing compelling evidence and reason or reasons for said interception. Moreover, the request cannot be open-ended; time specification is optimal. This T&T scenario makes it impossible for compromises. If the NISA legislation should incorporate this stipulation from the T&T 2010 Act, it would offer more protection to the citizens of Guyana. For example, the minister of home affairs or the president or vice president cannot call the director of NISA and request an interception of anyone’s communication. That would be a NO SHOW.”

45. Webinar: Manta UUV Sub Brief

Sub Brief released this webinar on May 4th with its description stating that “the Manta UUV (Unmanned Underwater Vehicle) is a modular, autonomous submarine developed by the German defense company ThyssenKrupp Marine Systems. The Manta is designed to perform a variety of tasks, including intelligence gathering, surveillance, reconnaissance, and mine countermeasures. The Manta UUV is a highly versatile platform that can be customized to suit specific mission requirements. The vehicle’s modular design allows for easy integration of a variety of sensors, payloads, and other mission-specific equipment. It is equipped with advanced sonar systems for detecting and identifying underwater objects, as well as cameras for imaging and video recording. The Manta UUV is capable of operating at depths of up to 300 meters and has a range of over 1,000 nautical miles. The vehicle is powered by a rechargeable lithium-ion battery and can operate autonomously for up to several weeks, depending on mission requirements. The Manta’s compact size and maneuverability make it well-suited for operating in shallow waters, where larger manned submarines may have difficulty maneuvering. It can be launched from a variety of platforms, including surface vessels, submarines, and shore-based facilities. Overall, the Manta UUV is a highly capable and flexible underwater platform that can perform a wide range of missions in challenging environments.”

46. South Korea: Spy Service, Election Agency at Odds Over Alleged North Korean Hacking

The Korea Herald reported on May 4th that “South Korea’s intelligence service said it found North Korean attempts to infiltrate the country’s election system, which the state election commission has denied. The National Intelligence Service said Thursday it notified the National Election Commission of North Korean hackers trying to penetrate the state election organizer’s networks, confirming the ruling People Power Party claims a day prior. Some ruling party lawmakers suggested that while the intelligence service warned the election commission of the North Korean activities and urged security measures, no action was taken. One of them told The Korea Herald that out of the eight known hacking attacks against the election commission in the past two years, seven were believed to have been by North Korean hackers. Ruling party lawmakers on the intelligence and interior committees are calling to convene plenary sessions next week to summon and grill election commission officials to look into the possible North Korean hacking. “North Korea’s attempts to tamper with our national election system is a serious threat to our democracy,” said People Power Party lawmakers on the interior committee, including ruling party leader Rep. Kim Gi-hyeon, in a joint statement.”

47. Ukrainian SBU Detains Russian Agent in Sloviansk

On May 2nd Ukraine’s Security Service (SBU) announced that they “detained an enemy informant who was “pointing” Russian missiles at Sloviansk. The Security Service exposed another accomplice of the aggressor during counter-subversive measures in the front-line areas of Donetsk region. The attacker turned out to be an unemployed resident of Slovyansk, who was gathering intelligence for the occupiers about the deployment of the Defence Forces on the territory of the city. First of all, the person involved tried to identify the places of temporary basing and relocation of units of the Armed Forces of Ukraine and the National Guard, which are involved in the Bakhmut area. In the case of receiving intelligence, the Russian invaders planned to use it to prepare missile strikes on the positions of Ukrainian troops. However, SBU officers detained an enemy informer and thus prevented the transfer of classified information to the aggressor. According to the investigation, the perpetrator was “in contact” with the “deputy commander of the commandant regiment of the people’s militia of the DNR”. The extra person went around the area and covertly recorded the locations of the Ukrainian defenders. Then he transmitted the information through one of the banned Russian social networks. For the help of the occupying groups, the enemy promised his henchman money and a “high position” in case of capturing the city.”

48. Dominican Republic: Nuria Says Danilo Authorised Espionage with Pegasus and that the Current Government Also Tapped Her Phone

The Dominican Today reported on May 4th that “journalist Nuria Piera claims that a reliable source informed her that former Dominican President Danilo Medina allegedly authorized the use of Pegasus software to tap her phone. According to Piera, the authorization was given during a meeting that included the former president, a general, and a colonel. She said that the former president expressed that the intervention should not harm her but that it should take place. Piera believes that her phone was hacked to find out who her source was for a story she was investigating regarding Adán Cáceres. Amnesty International’s Security Laboratory confirmed that Piera’s phone was targeted and infected with Pegasus on three separate occasions between 2020 and 2021. The investigation showed that the first infection occurred in July 2020. Piera said that she received warnings from Apple about attempted hacks on her phone, but they did not mention Pegasus. Piera also mentioned that the other two interventions on her phone occurred while she was investigating cases involving a police colonel and a complaint of sexual harassment against the former president of the Chamber of Accounts. Yesterday, the spokesman for the Dominican Presidency, Homero Figueroa, guaranteed an investigation into the espionage of which Piera was a victim. He also stated that the government has no agreement of any kind with the Israeli company NSO Group, the creator of Pegasus. Piera believes that the government does not want to admit the use of Pegasus due to national security concerns, although she suspects that the government has used Pegasus in other areas of national security.”

49. Covert Creatures: The History of Spy Animals

On May 4th Grey Dynamics published this article with its introduction stating that “when we discuss spies and espionage, it is normal to envision a James Bond figure or a tall man in a trench coat. What you may not picture is a cute kitten or a bird trying to steal your lunch. The unsuspecting nature of animals may, however, make them an excellent candidate to spy on your enemy. Throughout history, the military has used spy animals in tasks. Horses served as a transportation method on the battlefield, whilst dogs have been extremely talented at sniffing out explosive devices. Many states frequently used pigeons and dolphins during the Cold War to gather information. The future of creature espionage may be even more bizarre, with scientists developing robo-insects as drones.”

50. China Puts US on Notice Over CIA’s ‘Trans-border Covert Operations’

AA reported on May 4th that “China on Thursday sought answers from the US over its alleged use of “cyber weapons to carry out espionage” globally. Beijing also accused the US Central Intelligence Agency (CIA) of “directing color revolutions” by gathering intelligence from foreign governments. Citing a report on the US intelligence agency, Mao Ning, spokeswoman for China’s Foreign Ministry, said: “Over the years, the US Central Intelligence Agency (CIA) has gathered intelligence information from foreign governments, enterprises, and citizens, organized, carried out, directed and supervised trans-boundary covert actions, and secretly conducted ‘Peaceful Evolution’ and ‘Color Revolution’ around the world.” Mao was referring to the joint report released by China’s National Computer Virus Emergency Response Center and Chinese cybersecurity company Qihoo 360 Technology Co. Ltd. The report alleges cyberattacks against other countries by the CIA and “the consequences it led.” “The international community needs to stay on high alert against these moves,” she added. “The large number of real cases in China and other countries disclosed by the report once again testifies to CIA’s cyber-attack activities around the world over the years,” said the spokeswoman, urging Washington to “take seriously and respond to the concerns from the international community.” Washington must “stop using cyber weapons to carry out espionage and cyber-attacks around the world,” Mao added. According to Chinese state broadcaster CGTN, the joint report “unveils that the CIA took advantage of a zero-day vulnerability, including a number of backdoors and vulnerabilities that haven’t been disclosed to the public.” “This was done to set up ‘zombie’ networks to initiate springboard attacks by stages, targeting web servers, terminals, routers, as well as industrial control devices. The zero-day vulnerability is software loopholes that are discovered by attackers before the vendor has become aware of them,” it added. Back in 2020, Qihoo 360 discovered an unknown cyberattack organization “which carried out a slew of cyberattacks toward China and other countries by utilizing cyber tools related to CIA.” “Such cyberattacks can be traced back to the year 2011, and continue to this day. The targets of such espionage actions expand to fields such as countries’ key information infrastructure, the aerospace sector, scientific research institutes, petroleum industry, tech companies as well as government agencies,” said the report.”

51. Pentagon Documents: Hungarian Intelligence Report Confirms Our Reporting

Átlátszó reported on May 4th that “the Hungarian intelligence service has assessed the information contained by the leaked Pentagon documents (“War Leaks”) on Hungary as credible — comfirming the information previously reported by Átlátszó. The report refutes claims of the US wiretapping Prime Minister Viktor Orbán and confirms that Croatia may be transferring military helicopters to Ukraine through Hungarian airspace. The National Information Centre (NIK), the super intelligence service overseen by Antal Rogán’s ministry, shared a report on 19 April on what was in the newly leaked US intelligence documents about Hungary. The report was presented in a closed session of the Parliament’s national security committee, but it was recently released at the initiative of an opposition MP and made available on the Parliament’s website.”

52. Kazakhstan: KNB Investigates Evidence of Foreign Espionage

Ulys Media reported on May 2nd that “President of Kazakhstan Kassym-Jomart Tokayev received the Head of the KNB Yermek Sagimbayev. Tokaeu reported that KNB units prevented a number of terrorist crimes, including a terrorist attack using an improvised explosive device in one of the crowded places. According to these facts, 19 people were arrested. “Operations have been implemented to counter the intelligence activities of the intelligence services of foreign states. Pre-trial investigations are being carried out on a number of revealed facts. In four months of 2023, the KNB neutralised 8 dangerous organised criminal groups. 7 underground workshops for the manufacture of weapons and ammunition have been liquidated,” Akorda said in a statement.”

53. Russia: FSB Cases of Espionage in Favour of China Rained Down in the Far East

The Bulgarian OFFNews reported on May 2nd that “in 2023 alone, the FSB detained at least six residents of the Far East on suspicion of treason. According to media reports, two Russians have been accused of spying for China, even though the Kremlin calls that country its ally. The BBC has found that the names of the accused in these “espionage cases” are identical to those of a former official from the Chinese city of Heihe, a top manager of a Chinese special equipment company in Blagoveshchensk and an entrepreneur from Vladivostok. What is known about them and how do the special services look for “traitors” and “spies”? On February 17, around 5 p.m., a traffic police patrol stopped a brown Nissan Murano on a street in Blagoveshchensk, bordering China. It was driven by 37-year-old Ivan Lukin (Иван Лукин), a local businessman. The traffic cops take him to the police and the police to the court. The man spent the next 10 days in custody with administrative detention for swearing in the street. According to the decisions of the courts — the Annunciation City Court and the Amur Regional Court — this is a “violation of public order”. It is not unprecedented that during the war people were first arrested on such administrative charges, only to be met by the security forces on their release and sent to detention centres on criminal charges. This happened to oppositionists Ilya Yashin (Иля Яшин) and Vladimir Kara-Murza (Владимир Кара-Мурза). At least five people accused of treason were put behind bars under Article 275 of the Russian Criminal Code following the same scheme. Ivan Lukin is the sixth such defendant. He is detained in the Blagoveshchensk SIZO-1, the BBC was able to confirm this with the help of the FSIN-letters service. The agency sent a message to the detention centre under the name of 37-year-old Ivan Lukin (a man with such data was admitted to the special detention centre in February) and received a reply that it was delivered to the addressee. In mid-March, the news appeared in the media that two suspects of espionage for China were detained in the Far East — I.A. Lukin and S.B. Yatsenko (С.Б. Яценко). The reports have not been officially confirmed — possibly because Vladimir Putin met with Chinese leader Xi Jinping on March 20–21. Treason cases are classified. Courts do not always publish even the reports on the choice of a preventive measure for the accused — the law does not explicitly oblige them to do so. Telegram channels Astra and Baza, citing their sources, gave the names and initials of those detained in the “Chinese case”. One of them matches the name of Ivan Lukin, who was taken to the detention center in February for “using obscene expressions”. He was involved in the supply of forklifts and spare parts to Russia from China. The man has not answered his work and mobile phones for the second month now, with his partners evasively replying that the businessman is “untraceable”. Also in Vladivostok is 45-year-old businessman Sergey Yatsenko (Сергей Яценко) — a man with the same surname described in the media as being involved in a case of treason in favour of China, who is also connected to Lukin. An acquaintance of Yatsenko said that he is “in prison”, but did not explain where or for what. Through a FSIN letter, it was established that Yatsenko is in the detention centre in Vladivostok. The Astra Telegram channel has shared the numbers of the criminal cases for Lukin and Yatsenko, which show that both were filed in 2023. As Astra specifies, Yatsenko is being dealt with by the Primorsky Department of the FSB, and Lukin by the Amur Regional Department.”

54. Spacety Plans Launch of More SAR Satellites for Chinese Intelligence

On May 5th Intelligence Online reported that “the principal Chinese supplier of synthetic aperture radar imagery, recently blacklisted in the US for its close links with Chinese intelligence, is poised to expand its capacities.”

55. Ukraine’s SBU Detains Russian Agent in Mykolaiv

On May 3rd Ukraine’s SBU announced that they “detained another adjuster of the Russian air attacks on Mykolaiv. The Security Service detained another enemy adjuster who was “leaking” the bases of the Defence Forces in Mykolaiv to the occupiers. The intruder also gave the aggressor the locations of local social infrastructure facilities, including city educational institutions and hospitals. For each “mark” on the electronic card, the person involved received UAH 2,000 from the Russian invaders. Intelligence was needed by the enemy to prepare massive air attacks on the Ukrainian city. According to the investigation, the suspect turned out to be a student of one of the local universities, who was remotely involved in secret cooperation by the Russian intelligence service in March of this year. He came to the attention of the occupiers because of his pro-Kremlin comments, which he repeatedly published on various Telegram channels. The attacker maintained further communication with the aggressor through an anonymous chat in the messenger. During the search of the residence of the enemy informant, mobile phones with evidence of illegal activity were found.”

56. United States: FBI Adapting to ‘Growing’ Threat from Chinese Cyber Activity

The Record reported on May 1st that “the threat posed by malicious Chinese cyber activities is “absolutely a growing problem” as the U.S. tracks Beijing’s designs on Taiwan and prepares for the 2024 presidential election, according to a senior FBI official. “We know more than we used to know, but that probably just makes it all the more concerning,” Cynthia Kaiser, deputy assistant director of the FBI’s Cyber Division, told The Record during an interview at the RSA Conference. “We see China using cyber operations at the same time they’re using intelligence operations. They’re blending their operations to go after what they want to go after. And we don’t see a slowing down of those efforts,” she added. Kaiser made her remarks the same day FBI Director Christopher Wray testified that the bureau’s cyber personnel devoted to the China threat are outnumbered “50 to 1” by Chinese hackers. “They’ve got a bigger hacking program than every other major nation,” Wray told a House Appropriations subcommittee on Thursday. He noted the overall number of agency investigations into threats from Beijing has grown by 1,300% over the last decade. U.S. officials have spent years warning about the dangers posed by Chinese state-backed hackers. Taiwanese authorities have estimated there are 20 to 40 million attempted cyberattacks every month from Beijing, which recently prompted a group of congressional lawmakers to introduce legislation to help the island nation better defend itself digitally. In March, the U.S. publicly released the clandestine community’s assessment of a host of national security challenges and revealed that it believes the Chinese government hopes to field a military powerful enough by 2027 to stave off any U.S.-led intervention in an armed conflict over Taiwan. That report has opened up the FBI to go beyond speaking about more immediate digital threats, such as ransomware, to more actively discussing the potential armed conflict and its impact in cyberspace.”

57. US Spies Can’t Yet Judge Russia Claim That Ukraine Drones Targeted Kremlin

Bloomberg published this article on May 4th stating that “Director of National Intelligence Avril Haines said US spy agencies don’t have enough information to assess Russia’s claim that Ukraine was behind a drone attack it said was aimed at President Vladimir Putin’s residence in the Kremlin. “At this stage we don’t have information that would allow us to provide an independent assessment on this,” Haines told the Senate Armed Services Committee on Thursday.”

58. Philippines: Zambo Norte Cops Nab DI Extremist; ASG Spy Surrenders

On May 4th the Philippine News Agency announced that “authorities have arrested a Dawlah Islamiya (DI) extremist in a manhunt operation in Zamboanga del Norte, while an Abu Sayyaf Group (ASG) spy surrendered here, police and military reports said Thursday. In a statement, the Area Police Command — Western Mindanao (APC-WM) identified the arrested suspect as Nordy Alip, who is listed as the third most wanted person in Zamboanga Peninsula. Alip was arrested in Barangay San Vicente, Sirawai, Zamboanga del Norte at about 7:15 a.m. on Wednesday. Alip, a resident of Barangay Matiag, Siocon, Zamboanga del Norte, has a standing warrant of arrest for illegal possession of explosives issued by a court in Siocon on Dec. 28, 2021. Meanwhile, the APC-WM said an ASG spy, identified as Benjamin Husin Alias Sabar, surrendered Wednesday at the Naval Station Romulo Espaldon, which houses the Naval Forces Western Mindanao (NFWM) headquarters here. Rear Adm. Donn Anthony Miraflor, NFWM commander, said Thursday that Husin surrendered through the coordinated efforts of NFWM and Joint Task Force (JTF) — Zamboanga operatives. Husin joined the ASG as one of the followers of the late Sulu-based bandit leader Alhabsy Misaya in 2010, and served as a spy based in this city since 2017 after he was wounded in a clash with government troops in Sulu, Miraflor said. Misaya was killed in a clash with Philippine Marine troops in the forest between the towns of Indanan and Parang in Sulu on April 28, 2017. Husin was allegedly involved in the kidnapping of three foreigners in the Island Garden City of Samal, Davao del Norte on Sept. 21, 2015. Miraflor said Husin decided to surrender to live a normal life in the hope of reuniting with his family. He turned in a Garand rifle with 15 rounds of ammunition.”

59. Ukraine’s SBU Detains Russian Agent in Kyiv

On May 3rd Ukraine’s Security Service (SBU) announced that they “detained a traitor who was sending intelligence about the defence of Kyiv to the Russian Telegram bot. The intruder turned out to be a resident of the capital who, at the beginning of the full-scale invasion, was collecting information for the enemy about the locations of the Defence Forces in the city. To do this, he went around the streets and studied the situation near Ukrainian military facilities. The received information was sent through a chatbot controlled by the Russian intelligence services in the Telegram messenger. Later, trying to avoid responsibility, the person involved mobilised to the ranks of one of the units of the Armed Forces, which is involved in the Avdiiv region. However, SBU officers timely exposed the perpetrator, gradually documented the criminal activity and detained him in one of the front-line cities of the region. During the searches, a mobile phone was found in the detainee’s possession with evidence of the transfer of classified information to the aggressor.”

60. BouldSpy Android Spyware: Iranian Government’s Alleged Tool for Spying on Minority Groups

The Hacker News reported on May 2nd that “a new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups. The malware, dubbed BouldSpy, has been attributed with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Targeted victims include Iranian Kurds, Baluchis, Azeris, and Armenian Christian groups. “The spyware may also have been used in efforts to counter and monitor illegal trafficking activity related to arms, drugs, and alcohol,” Lookout said, based on exfiltrated data that contained photos of drugs, firearms, and official documents issued by FARAJA. BouldSpy, like other Android malware families, abuses its access to Android’s accessibility services and other intrusive permissions to harvest sensitive data such as web browser history, photos, contact lists, SMS logs, keystrokes, screenshots, clipboard content, microphone audio, and video call recordings. It’s worth pointing out that BouldSpy refers to the same Android malware that Cyble codenamed DAAM in its own analysis last month. Evidence gathered so far points to BouldSpy being installed on targets’ devices via physical access, potentially confiscated after detention. This theory is bolstered by the fact that the first locations gathered from victim devices are mostly concentrated around Iranian law enforcement establishments and border control posts. The malware comes alongside a command-and-control (C2) panel to manage victim devices, not to mention create new malicious apps that masquerade as seemingly innocuous apps like benchmarking tools, currency converters, interest calculators, and the Psiphon censorship circumvention utility.”

61. Swedish Foreign Minister: EU Condemns Execution of Swedish-Iranian Dissident

On May 5th The Local reported that “Swedish Foreign Minister Tobias Billstrom condemned Saturday the execution of Swedish-Iranian dissident Habib Chaab, as the Iranian judiciary announced Chaab’s death sentence had been carried out after a conviction for “terrorism.” “The death penalty is an inhuman and irreversible punishment and Sweden, together with the rest of the EU, condemns its application in all circumstances,” Billstrom, whose country currently holds the EU presidency, wrote on Twitter. He added that Stockholm had contacted Tehran “and demanded that the sentence not be carried out.” Chaab had been held in Iran since October 2020 after he vanished during a visit to Turkey before going on trial in Tehran, which does not recognise dual nationality. Convicted of “corruption on earth” for heading a rebel group, he was condemned to death on December 6 — a decision denounced by Sweden — and Iran’s supreme court upheld the sentence in March. Iranian authorities accused Chaab of staging attacks since 2005 “under the protection of two spy services, including the Mossad and Sapo” — the Israeli and Swedish agencies, respectively. “The death sentence for Habib Chaab… nicknamed Habib Asyud, the head of the Harakat al-Nidal terrorist group… was carried out today, Saturday morning,” the judiciary’s Mizan Online website reported on Saturday.”

62. Rinse and Repeat: Iran Accelerates Its Cyber Influence Operations Worldwide

On May 2nd the Digital Threat Analysis Centre of Microsoft published this report stating that “Iran continues to be a significant threat actor, and it is now supplementing its traditional cyberattacks with a new playbook, leveraging cyber-enabled influence operations (IO) to achieve its geopolitical aims. Microsoft has detected these efforts rapidly accelerating since June 2022. We attributed 24 unique cyber-enabled influence operations to the Iranian government last year — including 17 from June to December — compared to just seven in 2021. We assess that most of Iran’s cyber-enabled influence operations are being run by Emennet Pasargad — which we track as Cotton Sandstorm (formerly NEPTUNIUM) — an Iranian state actor sanctioned by the US Treasury Department for their attempts to undermine the integrity of the 2020 US Presidential Elections. Though Iran’s techniques may have changed, its targets have not. These operations remain focused on Israel, prominent Iranian opposition figures and groups, and Tehran’s Gulf state adversaries. More broadly speaking, Iran directed nearly a quarter (23%) of its cyber operations against Israel between October of 2022 and March of 2023, with the United States, United Arab Emirates, and Saudi Arabia also bearing the brunt of these efforts. Iranian cyber actors have been at the forefront of cyber-enabled IO, in which they combine offensive cyber operations with multi-pronged influence operations to fuel geopolitical change in alignment with the regime’s objectives. The goals of its cyber-enabled IO have included seeking to bolster Palestinian resistance, fomenting unrest in Bahrain, and countering the ongoing normalization of Arab-Israeli ties, with a particular focus on sowing panic and fear among Israeli citizens. Iran has also adopted cyber-enabled IO to undercut the momentum of nationwide protests by leaking information that aims to embarrass prominent regime opposition figures or to expose their “corrupt” relationships. Most of these operations have a predictable playbook, in which Iran uses a cyber persona to publicize and exaggerate a low-sophistication cyberattack before seemingly unassociated inauthentic online personas amplify and often further hype the impact of the attacks, using the language of the target audience. New Iranian influence techniques include their use of SMS messaging and victim impersonation to enhance the effectiveness of their amplification. These are a few of the insights in a new Microsoft Threat Intelligence report on Iranian cyber-enabled IO. The report highlights how Iran is leveraging these operations to retaliate against external and internal threats more effectively. It also looks at what actions we might see them take in the months ahead, including the increased speed with which they are operationalizing newly reported exploits. As some Iranian threat groups have turned to cyber-enabled IO, we have detected a corresponding decline in Iran’s use of ransomware or wiper attacks, for which for which they had become prolific in the past two years. At the same time, the future threat of increasingly destructive Iranian cyberattacks remains, particularly against Israel and the United States, as some Iranian groups are likely seeking cyberattack capabilities against industrial control systems. Iranian cyberattacks and influence operations are likely to remain focused on retaliating against foreign cyberattacks and perceived incitement of protests inside Iran.”

63. Turkey Elections: Interior Minister Alludes to Spying on German Embassy

The Middle East Eye reported on May 5th that “Turkish Interior Minister Suleyman Soylu said on Thursday that his security forces eavesdropped on a conversation between an EU ambassador and a senior Turkish opposition official, indicating Ankara has been spying on an allied country. Soylu said he met the interior minister of that ambassador’s country in November. At that time, Soylu met his German counterpart Nancy Faeser, indicating that his forces had been listening in on Germany’s ambassador. The revelation came as Soylu accused the opposition coalition, known as the Table of Six, of working with foreign powers against the elected government of President Recep Tayyip Erdogan. Turkey is scheduled to hold presidential and parliamentary elections on 14 May. Soylu alleged Unal Cevikoz, a chief foreign policy advisor to the opposition’s joint presidential candidate Kemal Kilicdaroglu, last year met the EU ambassador at their embassy to discuss the first meeting of the Table of Six alliance, which took place on 12 February 2022. “They sent Unal Cevikoz on behalf of the Table of Six to this European ambassador,” Soylu said during a live broadcast on NTV on Thursday. “He didn’t go there only for a simple meeting but to get corrections and get the ambassador’s views on [the Table of Six coalition agreement]. They talked about the future modalities.” Soylu said it was the Turkish state’s primary task to track people who spy against Turkey. He added that it is legitimate for all countries and states around the world to protect themselves when foreign powers resort to espionage. “Why should we tap Mr Cevikoz? Our target wasn’t him. It isn’t a phone call, I’m talking about his visit to an embassy and his conversation at the embassy,” he said.”

64. Ukraine’s SBU Detained Russian Mole in Ukraine’s Armed Forces

On May 4th Ukraine’s SBU announced that they “detained a Russian “mole” who spied on the combat aircraft of the Armed Forces of Ukraine. The perpetrator turned out to be a resident of Crimea, who in 2014 supported the Russian invaders and remained on the territory of the temporarily occupied peninsula. There he received a passport of a citizen of the Russian Federation and voluntarily entered the military register of the aggressor country. Later, a representative of the Russian intelligence service came to him with a “proposal” for secret cooperation. At the instruction of the aggressor, before the start of the full-scale invasion, the suspect arrived in the Mykolaiv region, where his relatives live. In the territory of the southern region, he was supposed to collect intelligence about the locations and movements of Ukrainian troops. For this last year, he was mobilised to the Armed Forces. Being in the ranks of one of the Ukrainian military units, the attacker spied on the movement of combat aircraft and the positions of the air defence system of our country. He was also interested in information about warehouses with ammunition and fuel and lubricants of the Defence Forces. SBU officers detained the person involved while he was carrying out an enemy intelligence mission. According to the investigation, he transmitted the obtained information remotely to the occupiers through his ex-wife, who lives in Crimea and is in the field of view of the Russian intelligence services. He used an anonymous messenger for communication.”

65. Russia: Moscow Court Arrests Ukrainian Woman in Espionage Case. She was Traveling to Visit Her Ill Father in Crimea

Novaya Gazeta reported on May 5th that “Lenie Umerova, a Ukrainian woman of Crimean Tatar ethnicity, was sent to a pre-trial facility in Moscow on Friday on charges of espionage, Mediazona reports citing the Moscow court database. News outlet Graty previously wrote citing the woman’s brother that she had been arrested back in December 2022 in North Ossetia, a region in southern Russia. The 25-year-old Umerova, who had moved to Kyiv in 2015, was traveling to Crimea to visit her father, who has cancer, when she was arrested by Russian border police in early December, fined, and taken to a detention center for non-Russian citizens in Vladikavkaz. In March, a court ruled that Umerova must be deported from Russia, but later revoked the decision saying that Umerova did not present a danger to the country. Umerova left the detention center on March 25 only to be kidnapped by unknown men and brought to a different neighborhood of the city, where she was immediately approached by several police officers who demanded that she go to the precinct with them. When she asked for details, she was arrested for refusing to comply with police demands. Umerova was later arrested three more times on the same charge, spending over five months in detention. Her last arrest was supposed to end on 11 May. On 4 May, her parents came to visit her and were told that she was “taken by the FSB”.”

66. Pakistan is America’s Backstabbing Ally

The Organiser published this article on May 6th saying that “although the United States has considered Pakistan its key ally in combating militancy and terror, especially in Afghanistan, Islamabad has always played the role of a backstabber. Pakistan has been using a significant portion of military hardware and funds it has been receiving from the United States towards funding terrorist outfits both inside Afghanistan as well as the South Asian region, including Pakistan-occupied Kashmir and Indian states, including Jammu & Kashmir. For these factors, most of the counterterrorism and geopolitical analysts — when discussing the various incovenient friendships of convenience in which the United States is entangled, they say — by depending on Pakistan, the US has not only been committing blunders, but it also risks the entire region and the world towards notoriety of terrorism and militancy. Pakistan has been consistently facing economic juggernauts since its creation in 1947, alongside a series of social challenges, domestic political instability, and continuous threats posed by its military establishment to democracy. Pakistani democracy is mostly seen as a system directly controlled by its mighty military establishment — including the Pakistani spy agency Inter-Service Intelligence (ISI).”

67. Ukrainian SBU Detains 11 Internet Agitators and Agents in Ukraine

On May 4th Ukraine’s SBU announced that they “blocked the activities of another extensive network of hostile internet agitators. It included 11 people from different regions of Ukraine. In messengers and social networks, they spread Kremlin fakes about the war in Ukraine. Information for their “publications” was taken from propaganda internet resources of the Russian Federation.” As per announcement that was 1) Kyiv: “SBU counter-intelligence officers exposed a businessman who denied Russian armed aggression on his Facebook page and claimed that the war in Ukraine is an “internal civil conflict.”.”; 2) Chernihiv: “the activities of two propagandists who, on the banned Odnoklassniki social network, shared posts in support of the Kremlin’s aggressive policy and sympathised with the invaders’ losses, were suspended.”; 3) Dnipropetrovsk: “four local residents were exposed, who called for cooperation with the occupiers and discredited the Defence Forces on social networks and among their close circle.”; 4) Kharkiv: “one more enemy henchman was detained. He posted propaganda videos on Facebook in which he glorified the Russian occupiers.”; 5) Kirovohrad: “the activities of two Internet agitators who justified the war crimes of the Rashists, including the shelling of Ukrainian cities, were documented.”; And 6) Odesa: “one of the administrators of the anonymous Telegram chat, which was created to collect information about the movement of Ukrainian military equipment in the region, was notified of suspicion.”

68. Spanish Journalist’s Supporters Denounce Spy Claims

Following 2022 week 9 story #66, the Voice of America reported on May 5th that “supporters of a Spanish journalist accused of spying for Moscow have condemned a Russian media outlet for publishing what it said were leaked allegations of espionage in the case against the reporter. Pablo Gonzalez has been held in pre-trial custody in Poland since February last year when Russia invaded Ukraine, while authorities investigate allegations that he was spying for Moscow — accusations the journalist has denied. Poland’s secret service says Gonzalez used his role as a journalist as a cover for espionage, but officials have not disclosed any supporting evidence. Agentstvo, an independent Russian online media outlet, published a report Tuesday saying Gonzalez was a Russian military secret service agent who infiltrated dissident circles. The website said it based its report on records from Gonzalez’s mobile phone and dissident contacts. In response, the Free Pablo Gonzalez Association, which campaigns on behalf of the journalist, tweeted: “We are not going to go into these leaks [from the investigation] but we are surprised that this has happened when the lawyers have not had access to the telephone records of Pablo. “In this way they have created accusations [against Gonzalez] without respecting the presumption of innocence, without proof of someone who has spent 14 months in prison and without respecting his rights as a European citizen.” The association added: “If Pablo is guilty or not, the only ones who can decide that is the justice system. The only thing we would ask is a rapid and fair trial.” Agentstvo said in its report that Gonzalez was an agent from the GRU, Russia’s military intelligence service.”

69. Podcast: Cold War Conversations: Discovering Your Husband is a KGB Spy

The Cold War Conversations published this podcast episode on May 6th. As per its description, “the second part of Svetlana’s story starts shortly after her arrival in West Germany with her husband Oleg who is the Chief Editor of the Russian Service of Radio Liberty a CIA-financed station beaming Western propaganda into the Soviet Union. To Svetlana’s horror, Oleg reveals that he has been working for the KGB for 14 years. Svetlana is now trapped. She is in a quandary. Should she betray the man she loves and risk the wrath of the KGB or should she stay loyal to her husband? Loyalty wins out and she is invited by the Americans to teach Russian to intelligence officers and later becomes assistant to the commander at the US Army Intelligence Institute in Munich. However, in 1986 Oleg disappears and leaves Svetlana on her own in West Germany. At a press conference in Moscow, he reveals his espionage and suspicion falls on Svetlana…”

70. Ukrainian SBU Announces 7 Year Prison Term for Russian Agent in Bakhmut

Following 2022 week 26 story #3, on May 4th Ukraine’s Security Service (SBU) announced that “an informant who “directed” Russian artillery fire at the positions of the Defence Forces in Bakhmut received a prison term. The Security Service gathered evidence on another accomplice of the aggressor, who handed over the locations of the Defence Forces to the occupiers on the eastern front. It was established that the enemy was primarily interested in information about the combat positions of Ukrainian troops in Bakhmut. In addition, the attacker “leaked” the coordinates of checkpoints and critical infrastructure in the region to the Russian invaders. SBU officers detained an enemy informer in June of last year during his intelligence mission. A Kalashnikov assault rifle and a mobile phone with evidence of criminal activity were seized from the detainee. According to the materials of the Ukrainian special service, the court sentenced him to 7 years in prison. According to the investigation, the perpetrator is a 36-year-old resident of Bakhmut, whom the Russian Federation remotely engaged in tacit cooperation. To communicate with the aggressor, he used anonymous messengers, and he transmitted confidential information in the form of text messages with electronic coordinates and photos of sites. Intelligence was needed by the occupiers to prepare and carry out targeted missile and artillery attacks on the positions of Ukrainian troops.”

71. Canada Considers Expelling Chinese Diplomat for Targeting Lawmaker

NBC News reported on May 5th that “Canada’s foreign minister said Thursday the country is considering the expulsion of Chinese diplomats over an intelligence agency report saying one of them plotted to intimidate the Hong Kong relatives of a Canadian lawmaker. Foreign Minister Melanie Joly said her department was summoning China’s ambassador to a meeting to underline that Canada won’t tolerate such interference. She said the intelligence agency report indicated that opposition Conservative lawmaker Michael Chong and his Hong Kong relatives were targeted after Chong criticized Beijing’s human rights record. “We’re assessing different options including the expulsion of diplomats,” Joly said before a Parliament committee. Canada’s spy agency has not released details publicly. Chong has said the report identifies a Toronto-based diplomat as being part of the plot. Chong has been critical of Beijing’s treatment of Uyghur Muslims in China’s Xinjiang province. “I cannot imagine the shock and concern of learning that your loved ones have been targeted in this way,” Joly said to Chong at the committee hearing. “There will be consequences.” Chong said the diplomat should be on the first plane out of Canada. “It is inexplicable that this diplomat hasn’t been told to leave the country already,” he said. “If we do not take this course of action we are basically putting up a giant billboard for all authoritarian states around world that says we are open to foreign interference targeting Canadian citizens. That’s why this individual needs to be sent packing.” Chinese Ambassador Cong Peiwu denied interference in a statement and warned against expelling its diplomats.”

72. Botswana: Katlholo Sues DIS, Magosi and Others

Mmgei Online reported on May 5th that “suspended Directorate on Corruption and Economic Crime (DCEC) Director General (DG), Tymon Katlholo is demanding P2 million from the state for defamation. The embattled Katlholo has filed a lawsuit against the Attorney General, Advocate Abraham Keetshabe, Director General of Directorate of Intelligence and Security (DIS) Peter Magosi, spy agency spokesperson Edward Robert, DCEC lead investigating officer Jet Mafuta, and acting Director General of DCEC Tshepo Pilane citing malicious and defamatory utterances by the abovementioned. In his suit, filed on Tuesday this week, Katlholo who was surrounded by controversy before his suspension last year June for daring to investigate the DIS boss, Magosi, demands damages from the state for what he alleges as statements made by the defendants that were deliberately malicious and intended to injure his good name and reputation.”

73. India: ‘Honey-Trapped’ DRDO Scientist Arrested in Pune for Leaking Secret Information to Pakistani Spy

Pragativadi reported on May 4th that “a Defense Research and Development Organization (DRDO) scientist, who was working at one of DRDO’s facilities in Pune, has been arrested by the Maharashtra Anti-Terrorism Squad (ATS) for providing classified information to Pakistani intelligence agency, officials said today. According to the ATS, the DRDO scientist was found to have been in contact with an agent of a “Pakistan intelligence operative” through WhatsApp and video calls. The accused have been identified as PM Kurulkar, director of the Research and Development Establishment (Engineer), a premier facility of the Defense Research and Development Organization (DRDO) in Pune. According to officials, prima facie it seems to be a case of honeytrap. Kurulkar fell victim to the honeytrap when he was six months away from retirement. For the last six months, it is learned that he was in touch with a woman associated with Pakistan’s intelligence agency. He was in touch with operatives based in Pakistan through voice messages and video calls and was suspected to have shared some sensitive information with the operatives. The accused was arrested on Wednesday. An ATS release said, “The scientist, abusing his official position, despite knowing that if the secrets of the officials obtained by the enemy country could pose a threat to the security of the country, he would not disclose the details to the enemy country.” be provided.” Maharashtra Police’s Anti-Terrorism Squad, Kalachowki, Mumbai has registered a case under Section 1923 of the Official Secrets Act 1923 and other relevant sections. Further investigation is being done by the investigating officer. According to the DRDO website, Kurulkar is an outstanding scientist who has taken over as Director, Research and Development Establishment (Engineers). [R&DE(E)] A premier systems engineering laboratory of the DRDO.”

74. Georgian Citizen Accused of Espionage Sentenced to 10.5 Years in Abkhazia

Following 2022 week 30 story #40, and 2023 week4 story #28, TASS reported on May 5th that “the Abkhazia Supreme Court sentenced Georgian citizen Kristine Takalandze, accused of spying for Georgia, to ten and a half years in prison on Friday, her lawyer Avtandil Chkadua told TASS. “Today the court sentenced Takalandze to 10 years and 6 months in prison [to be served in a penal colony],” Chkadua said. According to the lawyer, Takalandze does not admit her guilt. The lawyer intends to appeal the Supreme Court’s decision within the 15 days allowed by law. “[I hereby decree] to find Kristine Velodievna Takalandze <…> guilty of committing a crime under Article 274 (Espionage) of the Criminal Code of the Republic of Abkhazia and to sentence her to 10 years and six months of imprisonment in a penal colony. Takalandze shall remain in detention. The term of imprisonment shall be calculated from the date of her actual detention, on July 20, 2022,” the verdict said. Earlier, it was reported that the state prosecution demanded 13 years imprisonment for the Georgian citizen for her alleged spy activities. On July 25, 2022, Abkhazian investigators launched criminal proceedings against Takalandze on espionage charges. The Supreme Court of Abkhazia started probing into the criminal case in January. According to investigators, from September 2021 to July 20, 2022, Takalandze, acting deliberately on the instructions of foreign intelligence, was engaged in gathering and transferring data to representatives of Georgian intelligence services constituting state, military and other information protected by Abkhazian law.”

75. Documentary: These Documents Expose Mossad’s Most Horrifying Secrets

On May 6th “A Day In History” YouTube channel published this short documentary. As per its description, “in the years between the end of WWII in 1945 and the founding of the state of Israel in 1948, the men and women who would become the citizens of the first Jewish state in almost 2,000 years had already formed a small army equipped with an assortment of old British, American, and other assorted weapons, including a small number of tanks, trucks and armored personnel carriers. The Israelis had also formed the core of an air force that would eventually become one of the most effective forces on Earth. With these weapons and the determination to form their own country, defend the Jewish people coming already living there and those flooding into the area from the refugee camps of post-war Europe, the Israelis had a good start, but one thing was missing — an intelligence and spy organization. Without this, the armed forces of Israel might not know of plans to invade and destroy their country, and to do harm to its citizens and interests. In late 1949, the “Central Institute for Intelligence and Special Operations”, or “Mossad Merkazi le-Modiin ule-Tafkidim Meyuhadim,” or “The Mossad” as it is commonly known, was born. Before we begin, we should make clear one thing — what follows is intended to be an informative video on certain exciting and unusual episodes in Mossad history. We’re aware that from 1948 until today, both the actions of the Mossad and the development of the state of Israel are intense and emotional topics. While we condemn anti-Semitism in all its forms, we are also away of the many controversies surrounding both the Mossad, the birth of Israel and the current state of affairs in both Israel and Palestine. We are not taking sides — merely informing you about a part of history that many people know very little about.”

76. Malaysia: Ex-spy Agency Chief Hasanah Dies of Cancer

The Vides reported on May 5th that “the former director-general of the Malaysian External Intelligence Organisation (MEIO) in the Prime Minister’s Department, Datuk Hasanah Abdul Hamid, has died of cancer at her residence at Desa Putra, Putrajaya at 1.22pm today. News of her demise was announced by lawyer Mohd Khairul Azam Abdul Aziz who represented her in a court case on criminal breach of trust (CBT) involving US$12.1 million (RM53.6 million). He said Hasanah, who died aged 66, was prayed for and bathed at Surau Al Ikhwan in Desa Pinggiran Putra at 3pm. “(She) will be buried at the Kg Limau Manis Muslim cemetery in Putrajaya after Asar prayers,” he said when contacted today. According to Khairul, she was calm and brave in facing her illness. On August 9 last year, the high court acquitted and discharged Hasanah of the CBT charge involving government money over an alleged offence four years earlier. — Bernama, May 5, 2023.”

77. U.S. Spy Chiefs: N. Korea Funds Weapons Programs Through Illicit Crypto Crimes

KBS World reported on May 5th that “Washington’s top spy chiefs including Director of National Intelligence Avril Haines testified on Capitol Hill about North Korea’s illicit activities involving crypto currency, a method favored by some countries resorting to cyber crimes to evade sanctions so they can fund their weapons programs. They say North Korea is funding its nuclear weapons program via its crypto currency crimes and is posing threats to key cyber networks. Director of National Intelligence Avril Haines and key Intelligence officials attended a hearing at the Senate Armed Services Committee on Thursday and provided the assessment.”

78. Russian Citizen Arrested in Albania Under Espionage Doubts to Remain in Prison

Following 2022 week 33 story #71, 2022 week 34 stories #16 and #88, 2023 week 8 story #1, and 2023 week 9 story #86, Euronews reported on May 5th that “the court of Elbasan rejected the request of Russian citizen, Mikhail Zorin to change the security measure, after 9 months of imprisonment. The defense requested the revocation of the measure, arguing that the deadlines for the expertise had ended. “We presented a request for information from the prosecution body. From the evidence, we established that all investigative actions in connection to citizen Mikhail Zorin had been completed. As a result, we considered it necessary that the court decided to either revoke or replace the security measure. We consider the arrest in such a case to be very extreme, keeping in mind that my client has been in prison for 9 months. The court decided to dismiss the request,” clarified Isuf Shehu, attorney of the Russian citizen. The three arrested persons, Mikhail Zorin, Svetlana Timofeeva and Ukrainian citizen Fedir Alpatov were detained after an incident that took place within the perimeter of the former weapons factory in Gramsh. Zorin resisted the two soldiers who tried to stop him and used neutralizing spray against them. The three arrested are known as bloggers who are fond of visiting and photographing abandoned buildings. However, the prosecution accuses them of espionage and claims that they had come to Albania to gather military and strategic information that harms national security. These suspicions have so far been accepted by the court.”

79. U.S. Ambassador to Moscow Visits Imprisoned American Paul Whelan

The Moscow Times reported on May 4th that “the U.S. ambassador to Russia Lynne Tracy visited former U.S. marine Paul Whelan, who has been imprisoned in Russia on spy charges for over four years, on Thursday. Permission to pay a visit to Whelan in Mordovia, a southeastern Russian region, comes just over two weeks after Tracy was given access to U.S. journalist Evan Gershkovich, who was arrested in March on espionage charges. The prison visit also comes after Washington said “there was a proposal on the table for [the release of] Paul” in March. Washington says both Whelan and Gershkovich are “wrongfully detained” and has accused Moscow of “hostage-taking.” The U.S. embassy in Russia said Tracy traveled to the IK17 prison in Mordovia — some 400 kilometers southeast of Moscow — to visit Whelan in a region notorious for its harsh prisons. “The U.S. government will continue to engage Russian authorities on his case so Paul can come home as soon as possible,” it said. It called working on his release an “absolute priority.”.”

80. Ukrainian SBU Disrupts Bot Farms with Nearly 200,000 Fake Accounts

On May 3rd Ukraine’s SBU announced that they “eliminated a network of bot farms with an audience of almost 200,000 users: they were working to destabilise the situation in Ukraine. Cyber ​​specialists of the Security Service exposed an interregional network of bot farms that spread disinformation to destabilise the socio-political situation in Ukraine. First of all, the attackers tried to discredit the activities of the top military and political leadership of our country in wartime conditions. They also spread false information about terrorist attacks in Ukrainian cities and “mining” of objects with a mass gathering of people. To “disperse” fakes, anonymous accounts were created on social networks Facebook, Instagram and Twitter with a total audience of almost 200,000 users. As a result of a multi-stage special operation in different regions of Ukraine, 9 bot farms were neutralised and their organisers were exposed. Among them are active supporters of one of the domestic police forces. “Centres” of disinformation operated in Ternopil, Poltava, Cherkasy, Sumy, Lviv, Chernivtsi, Kharkiv, Mykolaiv, and Zakarpattia regions. The involved parties installed hardware and software complexes for “growing” bots in their own homes or office premises. During the searches, the perpetrators were found to have: ️computer equipment with evidence of illegal activity; ️bank cards on which money was received for informational “dumps”; 5 thousand SIM cards of Ukrainian mobile operators; GSM gateways and other specialised equipment.”

81. Podcast: Grey Dynamics: Intelligence Tradecraft Week, Tools, Tips and Tricks

On May 5th Grey Dynamics published this podcast episode. As per its description, “it is Intelligence Tradecraft Week here at Grey Dynamics, so for this week’s episode we thought we’d round up the tools and tricks used by practitioners, we’ve had on the podcast in the real world. They cover social media tools, advanced search techniques, monitoring services, AI and more.”

82. Iraq Increasing Airborne ISR Capacity

Janes reported on May 3rd that “the Iraqi military has significantly increased the number of hours its intelligence, surveillance, and reconnaissance (ISR) aircraft are flying, according to the latest quarterly report from the US Department of Defense’s Office of Inspector General (OIG). Released on 2 May and drawing on information supplied by the US-led coalition, the report said Iraqi fixed-wing ISR aircraft flew 85 hours in January, 139 hours in February, and 253 hours in March. While the Iraqi Air Force now uses its King Air 350 surveillance aircraft mainly in the light transport role, it increased their ISR hours from nine in January to 32 in February. The Iraqi Air Force’s only other manned fixed-wing ISR aircraft are its modified Cessna C-208 Caravans, which were credited with 59 hours in the quarter.”

83. Taiwan’s Spy Chief Says ‘Five Eyes’ Helping to Grasp Xi’s Motives

Bloomberg reported on May 4th that “Taiwan’s spy chief warned that Chinese President Xi Jinping’s moves to surround himself with a coterie of like-minded officials increases the risk of conflict over the island at the heart of US-China tensions. Gaming out the black box that is Xi’s government means Taiwan is increasingly exchanging information with the “Five Eyes” spy bloc in real time to understand China’s military plans.”

84. Israel Tells CENTCOM Intelligence Sharing Will Continue, Despite Pentagon Leak

Axios stated on May 3rd that “Israeli Defense Minister Yoav Gallant told Gen. Erik Kurilla, head of the U.S. Central Command, that Israel will continue information and intelligence sharing with the U.S., despite concerns after a trove of top-secret Pentagon documentswas leaked online, two Israeli defense officials told Axios.”

85. Executed Spy Reportedly Provided West and Israel with Intelligence About Iran’s Secret Nuclear Weapons Program

Following this week 2 story #37, and this week’s story #15, on May 3rd All Israel News reported that “a dual Iranian-British citizen, who previously served as Iran’s deputy defense minister, reportedly provided crucial information to Western and Israeli intelligence units about the Islamic Republic’s secret nuclear weapons program. Ali Reza Akbari was eventually caught by the Iranian regime, assisted by Russian intelligence, which accused him of espionage. Akbari was sentenced to death and hanged in January. after 15 years of spying for the West. The New York Times reported on Monday that Akbari’s intelligence helped Great Britain provide crucial information about Iran’s nuclear program to the Jewish state, including its top-secret Fordo site. Following Akbari’s execution in January, British Prime Minister Rishi Sunak blasted the Iranian regime. “This was a callous and cowardly act, carried out by a barbaric regime with no respect for the human rights of their own people,” stated Sunak. The ayatollah regime officially denies that it seeks to obtain nuclear weapons. However, Tehran has a long history of deception and few international pundits believe the ayatollahs are merely interested in ‘peaceful nuclear energy’ in a country exceedingly rich in oil and other natural resources. In addition, a recent Iranian exhibition in Afghanistan openly called for the “nuclear extinction” of the Jewish state. The ayatollah regime and its top officials have repeatedly called for Israel’s destruction. The combination of nuclear weapon ambitions and anti-Semitic ideology has only strengthened the belief that the Iranian regime poses an existential threat to the Jewish nation and its citizens.”

86. Ukraine’s SBU Detains 2 FSB Agents in Donetsk and Kharkiv

On May 5th Ukraine’s SBU announced that they “detained Russian agents who were “hunting” for HIMARS in the east of Ukraine. The Security Service detained two more members of the extensive FSB agent network, who were conducting reconnaissance and subversive activities in the front-line areas of Donetsk region. Five of their accomplices were detained during the counter-subversive measures of the Ukrainian intelligence service in December 2022 and at the beginning of the spring of this year. This time, it was possible to detain agents who were collecting intelligence on the locations of bases and movements of units of the Defence Forces in the territory of the Kramatorsk district. First of all, they tried to identify the combat positions of the HIMARS reactive artillery systems and transmit the corresponding coordinates to the aggressor. SBU officers promptly exposed and documented the criminal acts and detained both perpetrators while they were carrying out a hostile mission. According to the investigation, the suspects are two residents of the Donetsk and Kharkiv regions, who were recruited remotely by the Russian intelligence services at the beginning of the full-scale invasion. They maintained communication with the occupiers through their relative who lives in Moscow and is “in touch” with case officers of the FSB. Mobile phones and other tangible evidence of illegal activity were found during searches of the detainees’ residences.”

87. A Guide to Covert Surveillance

On May 5th Grey Dynamics published this article. As per its introduction, “out of all the various forms of collection methods available to intelligence analysts, HUMINT occupies a special place of reverence and value. By chance, it also may well be the hardest of all the collection methods to master. It takes a particular kind of individual to foster the skills and grit necessary to effectively run HUMINT operations. There are various costumes which HUMINT assumes, but a somewhat overlooked aspect of the discipline is that of covert surveillance. The ability to move unseen, to blend into the background of any environment, to follow and observe a target across multiple days and maintain the integrity of an investigation or operation is an exceedingly difficult task. Anyone who has practised this method of intelligence gathering can attest to that fact.”

88. Cyber Operators from North Korea Evolve Reconnaissance Capabilities in New Global Campaign

On May 4th cyber security and intelligence firm Sentinel One published this technical analysis. As per its executive summary: “SentinelLabs has observed ongoing attacks from Kimsuky, a North Korean state-sponsored APT that has a long history of targeting organizations across Asia, North America, and Europe; Ongoing campaigns use a new malware component we call ReconShark, which is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading to document downloads, and the execution of malicious macros; ReconShark functions as a reconnaissance tool with unique execution instructions and server communication methods. Recent activity has been linked to a wider set of activity we confidently attribute to North Korea.”

89. Turkish Forces Eliminate PKK/KCK Terrorist in N. Iraq

Daily Sabah reported on May 5th that “a wanted PKK/KCK terrorist was eliminated in an operation by Türkiye’s National Intelligence Organization (MIT) in northern Iraq, security sources announced Friday. Necirvan Seven, code-named “Firaz Zilan,” was involved in several attacks on Turkish security forces and took part in street protests, according to sources who requested anonymity due to restrictions on speaking to the media. Seven joined the rural establishment of the terrorist group in 2015 and was active in the so-called Patriotic Revolutionary Youth Movement (YDG-H), a PKK offshoot before February 2015, the sources said. Also, Seven participated in street riots in Türkiye to protest the conflicts between the PKK/YPG and Daesh terrorist groups in the northern Syrian region of Ain al-Arab, also known as Kobani. The terrorist was followed by Turkish intelligence due to his actions and his role in the logistics activities of the terrorist group after crossing into northern Iraq.”

90. British Surveillance Aircraft Patrols Near Ukraine Border

The UK Defence Journal published this article on May 5th stating that “a British RC-135 ‘Rivet Joint’, an electronic surveillance aircraft, has conducted a patrol over Romania close to the border of Ukraine.
The aircraft was there to conduct electronic surveillance and gather intelligence on Russian forces inside Ukraine. This isn’t a new occurrence, in fact it is quite routine. The UK has long been gathering intelligence about Russian forces since long before the invasion of Ukraine and it should be noted that these flights are designed to be visible so that the public and Russia know they’re happening. If it was a secret, I would not know. Also, for those remarking ‘this isn’t new’, that’s right but people only know this happens often because it is reported often.”

91. A Guide to Deception in Intelligence Tradecraft

Grey Dynamics published this article on May 5th with its introduction saying that “deception, the act of causing someone to believe in a false version of reality, is a common method in intelligence tradecraft and in global politics. States will often try to deceive other states, whether it be through false human intelligence, online disinformation or false flag operations. This article takes a deep-dive into the method of deception and how to spot it. It looks closely at the psychology behind deception and how methods of intelligence exploit human behaviour for the benefit of their state. This article also covers a few cases of deception, including a case of honey trapping, and an instance of a double agent and state deception through the military.”

92. In Rare Public Comments, Taiwan Spy Chief Points to 2027 as Key in China’s Plans

Following this week’s story #83, on May 5th Intel News published this article saying that “in a series of rare public comments, the director of Taiwan’s primary intelligence agency has singled out 2027 as a year of paramount significance for China’s military plans for Taiwan. On Thursday, Tsai Ming-yen (pictured), director-general of Taiwan’s National Security Bureau (NSB) since February, spoke to an audience of graduating students at Taiwan’s National Chung Hsing University in Taichung City. According to reports, it was the first time in a quarter of a century that an NSB director-general had addressed a university audience. In addition to his speech at the Chung Hsing University, Director-General Tsai, a former deputy foreign minister and diplomat, gave a rare interview to the United States-based Bloomberg news agency. He refused to weigh in on the ongoing discussion about a timeframe for a possible Chinese invasion of Taiwan. But he singled out the year 2027 as a significant one for Chinese Premier Xi Jinping’s plans to modernize the People’s Liberation Army (PLA). The Chinese leader first introduced his “PLA Modernization 2035” plan in 2017, describing it as a whole-of-government effort to significantly improve the PLA’s combat capabilities as a step toward achieving China’s long-term goal of becoming a major global military power. Tsai pointed out that the year 2027 will be the 10-year mark into President Xi’s 18-year program of military reforms. Additionally, Xi will most likely be campaigning for a fourth presidential term that year, Tsai said.”

93. Turkey Eliminates Top PKK/KCK Terrorist in Northern Iraq

Daily Sabah reported on May 4th that “the National Intelligence Organization (MIT) on Thursday announced that it eliminated a “high-ranking” member of the PKK/KCK terrorist group in a pinpoint operation in the northern Iraqi region of Gara. Ahmet Gümüş, codenamed “Cudi Engizek,” had been the so-called training officer of the KCK/PKK terrorists since 2022, the agency said, noting that he had been under surveillance since 2022 before being “neutralized.” He joined the organization in 1999 and had a hand in planning and implementing numerous bomb attacks and assassinations carried out in Türkiye, as well as Iraq and Syria until 2007. By 2008, Gümüş moved to lead the group’s training “academies” in Syria where he raised terrorists. After 2016, he began serving as a bodyguard to Murat Karayılan, the PKK’s de-facto leader, until last year. From 2022 onward, he commanded the so-called “Apollo Academies” of the PKK/KCK in northern Iraq. Gümüş was considered among the group’s best assassins professionally trained in Greece.”

94. Russian Hackers Use WinRAR to Wipe Ukraine State Agency’s Data

Bleeping Computer reported on May 3rd that “the Russian ‘Sandworm’ hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices. In a new advisory, the Ukrainian Government Computer Emergency Response Team (CERT-UA) says the Russian hackers used compromised VPN accounts that weren’t protected with multi-factor authentication to access critical systems in Ukrainian state networks. Once they gained access to the network, they employed scripts that wiped files on Windows and Linux machines using the WinRar archiving program.”

95. Greece: EYP Deputy Chief is Reassigned as Special Envoy in Ukraine Diplomatic Mission

On May 4th the Greek edolio5 reported that “we heard something that is admittedly not at all common and concerns Ambassador I. Raptakis, who in January was appointed by the Prime Minister as Deputy Chief of the EYP. Last week he was in Imbros island, during the visit of N. Dendias, and he also stayed on the island for the Easter holiday for personal reasons, as his wife is the Consul General of Constantinople G. Sultanopoulou. We are now learning that by a decision of the Foreign Minister N. Dendias, I. Raptakis is appointed Special Envoy of Greece for the reconstruction of Ukraine and assistance to the Ukrainian people. What does this mean? Did Mr. Raptakis quietly leave EYP or will he continue to have parallel activities, which are probably not compatible? We don’t talk about the issue of the wife and the position she serves because it might be to the benefit of Greece.”

96. A Guide to Front Organisations’ Role in Intelligence Operations

On May 4th Grey Dynamics published this article with its introduction saying that “front organisations are groups or entities formed to conceal the true identity or agenda of the individuals or groups behind them. Their goals are political, social, or criminal — to create a false sense of legitimacy, independence, and public support. Front organisations are important because of their ability to deceive and control public opinion and engage in activities that would be impossible under their real identity or goals. It’s important to understand their nature and methods to detect and counteract disinformation campaigns, propaganda, and criminal activities that may threaten democracy, human rights, and public safety.”

97. Russia: The Military Court Received a Case of Treason Against a Man Whose Namesake was Arrested in 2021 on Suspicion of Stealing Military Technology

Mediazone reported on May 3rd that “the Second Western District Military Court in Moscow received a case of high treason (Article 275 of the Criminal Code) against Alexander Derkunsky (Александр Деркунский) and Yevgeny Tarutin (Евгени Тарутин). Mediazona found information about this on the website of the court. The details of the case are unknown. At the end of June 2021, the Leninsky District Court of Rostov-on-Don arrested an entrepreneur named Alexander Derkunsky in a treason case. The man, according to the press service of the court, organized abroad the serial production of a “fundamentally new technology” developed for the needs of the Ministry of Defence. The City N publication writes that Derkunsky managed the Polish company Rusolut, whose only product is a data recovery device. As the press service of the court writes, the technology, which was produced by the accused, was used by “foreign organisations, including intelligence services.” The full namesake of another person involved in this case of treason — Evgeny Tarutin — worked at the Kursk Research Institute of the Ministry of Defence. So, for example, in 2012, a group that included a scientist patented a device called a NAND flash memory IC programmer.”

98. Ukrainian SBU Detains 2 Russian Agents in Kherson

On May 6th Ukraine’s SBU announced that they “foiled the escape of two Russian henchmen who were helping the enemy in Kherson Oblast. The perpetrators turned out to be local residents: a father and son who supported the invaders during the temporary occupation of the region. After the liberation of the right-bank Kherson region, the younger man continued to maintain contact with the Russian military, who fled to the left bank of the Dnieper. According to the investigation, he “leaked” to the occupiers the locations of the bases and movements of the Defence Forces in the territory of Bilozersky district. The enemy was most interested in the locations of the combat positions of the barrel artillery of the Armed Forces of Ukraine. The person involved also informed the invaders about the impact of Russian air attacks on local critical infrastructure facilities, social institutions and residential buildings. Intelligence was used by the occupiers to correct repeated rocket and artillery strikes on the settlements of Bilozerka, Kizomys and Veletenske, including with the use of guided aerial bombs. For communication, the traitor used anonymous messengers, and transmitted intelligence in the form of text and audio messages, as well as electronic coordinates. At the same time, during the temporary occupation of Kherson, the father of the enemy adjuster voluntarily agreed to be appointed to the “Ministry of Agriculture and Fisheries of the Kherson Region” created by the invaders. While in a leading “position”, he carried out Gauleiter Saldo’s instructions regarding the spread of the Kremlin regime in the region. It was established that the collaborator regularly participated in meetings chaired by the occupying “minister” and urged people to support the invaders. Understanding the inevitability of punishment for the crimes committed, both involved planned to flee to the temporarily captured part of the Kherson region.”

99. Russian FSB Disrupts Ukrainian GUR Subversive Action Group in Zaporizhia

On May 5th Russia’s FSB announced that they “stopped the activities of a sabotage and terrorist group, consisting of agents of the Ukrainian intelligence services. As a result of the measures taken at the preparation stage, a terrorist act against one of the leaders of the Zaporizhia NPP was suppressed. Coordination of criminal activity was carried out by Ukrainian intelligence services both directly through officers of the Main Intelligence Directorate of the Ministry of Education and Science Umansky Alexander Pavlovich (Уманский Александр Павлович) and Nikulin Andrey Vladimirovich (Никулин Андрей Владимирович), recruiting agent Victoria Anatolyevna Budnikova (Будникова Виктория Анатольевна), born in 1974, and through an intermediary — Yulia Viktorovna Tkachuk (Ткачук Юлия Викторовна), born in 1969, who is in Finland is a country that recently joined the NATO military-political bloc. An explosive device prepared for use, as well as automatic small arms, ammunition for it, and explosives were confiscated. It was established that members of the sabotage and terrorist group also collected information about the location of Russian military facilities, personnel of the armed forces and law enforcement agencies of Russia, and pro-Russian local residents. The involvement of members of the group in previously committed sabotage and terrorist acts is being checked. With regard to the two detained members of the group, who are citizens of Ukraine, born in 1984 and 1979, the investigative department of the FSB of Russia for the Zaporizhia region initiated a criminal case under Part 3 of Art. 30 and p. “a” part 2 of Art. 205 (preparation for a terrorist act) of the Criminal Code of Russia. A measure of restraint in the form of detention was chosen. All circumstances of criminal activity, as well as persons involved in it, are established.”

100. United States: Records Reveal Extent of CIA’s Mishandling of Sexual Misconduct

The Intercept published this article on May 3rd stating that “a CIA officer lied to a female employee about opening an investigation into a male co-worker she said was sexually harassing her — and then rejected her complaint for being untimely. Another agency employee was retaliated and discriminated against after reporting an instance of sexual assault. A third woman resigned from her contract position with the intelligence agency because she felt she had no recourse against a male colleague who was harassing her. These are just some of the allegations made in dozens of Equal Employment Opportunity Commission appeals filed by CIA employees and contractors over the last decade. The previously unreported legal documents lend credence to recent reports of a widespread breakdown in the CIA office charged with responding to allegations of misconduct, describing often invisible aspects of the CIA’s process for dealing with such reports and detailing the barriers people face when appealing to internal agency mechanisms for protection and adjudication. The classified nature of intelligence work makes it especially difficult for people to speak up about legitimate grievances, even within their own agencies. “In the intelligence community, victims of sexual harassment face a constant concern of the agency revoking their security clearance or abandoning them,” Kristin Alden, a prominent Washington, D.C., employment lawyer who represents intelligence community workers in discrimination and harassment cases, told The Intercept. “These are mostly women — they are overseas, they are undercover, they are not using their real names, they are alone and isolated and don’t have family or friends with them. It’s easy for managers to threaten and intimidate in these kinds of situations.” The secrecy shrouding the CIA’s internal functions extends even to Congress. Unlike most whistleblowers, intelligence community whistleblowers’ disclosures to Congress are only legally protected in certain “urgent” cases, and even then, they are required to first give their own agency’s oversight officials notice that they intend to communicate with lawmakers. Additionally, the whistleblower protections that do exist don’t always apply to intelligence community contractors, which comprise a large portion of intelligence personnel. That status quo was recently disrupted. As Politico reported last month, at least three female CIA employees have contacted the House Intelligence Committee this year to describe the ways the CIA has discouraged women from filing complaints. According to the CIA’s Office of Equal Employment Opportunity-mandated report on harassment, the agency has received 13 complaints of sexual harassment since 2018. That’s far fewer than the other types of complaints lodged with the agency, which received 102 total complaints in 2022 — more than double the complaints the previous year.”

101. SIGINT Historian: Britain’s Greatest Female Codebreaker

On May 4th former GCHQ departmental historian Tony Comer published this article. As per its introduction, “last week I spoke at the Irish Embassy in London at the launch of Jackie Uí Chionna’s biography: Queen of Codes: The Secret Life of Emily Anderson, Britain’s Greatest Female Code Breaker. I am part of the first generation of Siginters who joined GCHQ after the Bletchley Park story had become avowed, and after the myth of Bletchley had begun to take hold (How a Tiny Number of Boffins and Chess Players Defeated Hitler and Won the War). For those of us interested in accurate history, it was a bit hard to situate the myth against the realities of Sigint in the Cold War, and I suppose it was the realisation that the myth was a myth, and that by taking back bearings from where GCHQ was at the end of the 1980s it might be possible to achieve a better and more three-dimensional understanding of wartime Sigint.”

102. Australia Getting U.S. Containerized Submarine-Tracking Sonar System

The Warzone reported on May 5th that “Australia is set to become the latest customer for the U.S.-developed Surveillance Towed Array Sensor System–Expeditionary, or SURTASS-E, a passive submarine detection system. The move to acquire SURTASS-E is the latest step in Australia’s ambitious undersea warfare modernization effort, the flagship program of which will see the Royal Australian Navy, or RAN, introduce its first nuclear-powered, conventionally armed submarines, against the backdrop of increasing concerns about the Chinese submarine threat. The U.S. Defense Security Cooperation Agency (DSCA) yesterday announced that the State Department has approved a possible Foreign Military Sale to Australia of an undisclosed number of SURTASS-E systems, at an estimated total cost of $207 million.”

103. A Guide to Geospatial Intelligence (GEOINT)

On May 5th Grey Dynamics published this article. As per its introduction, “Geospatial Intelligence (GEOINT) is attracting growing interest and attention from the wider public. Indeed, the capacity to synthesise complex situations in visual representations allows it to directly reach a large audience. As Benjamin Strick said in our dedicated podcast episode: “I could do a Twitter thread of 500 tweets or I could write a 120 pages report on the complexities of a conflict but it’s still not as valuable as a single map.” The Open Source GEOINT maps created to monitor Russian violence in the current invasion of Ukraine well illustrated this power. Despite this popularity rise, GEOINT remains wrapped in a veil of mystification. Simply put, there is not enough attention to clarify what GEOINT means, and the techniques used to analyse geospatial data. In this article, we will unpack GEOINT and show how these investigations are within everyone’s reach.”