SPY NEWS: 2023 — Week 22

Summary of the espionage-related news stories for the Week 22 (28 May-3 June) of 2023.

1. ‘Egypt, Syria are Coordinating’: IDF Estimates on Eve of Yom Kippur War Declassified

The Times of Israel reported on May 28th that “new Defense Ministry website with over 20,000 files includes previously unseen intelligence assessments, diaries of SIGINT commander, eyewitness accounts of fall of Hermon outpost. The Defense Ministry on Sunday launched a website hosting dozens of newly declassified documents, images, videos and other files from the 1973 Yom Kippur War, in honor of the conflict’s 50th anniversary later this year. Among the documents being published for the first time were Military Intelligence assessments from the month prior to the conflict, later submitted to a commission that investigated the war; the diaries of Brig. Gen. Yoel Ben-Porat, head of the Israel Defense Forces’ signals intelligence unit, which described the intelligence failures in the leadup to the war; and eyewitness accounts of the fall of the Hermon outpost during the first day of the conflict. In all, the website (Hebrew link) comprises 15,301 photographs, 6,085 documents, 215 videos, 40 audio recordings and 169 maps related to the Yom Kippur War, some of which have only recently been cleared for publication. “The Yom Kippur War website was established in order to tell the story of the generation of the war, to commemorate the bravery of the fighters, and to be an official platform for passing down the legacy of the war to future generations,” the ministry said in a statement.”

2. Ukrainian SBU Detained FSB Agent in Zaporizhzhia

On May 29th Ukraine’s Security Service (SBU) announced that they “detained a former communist deputy of the Zaporizhzhia city council, who was “pointing” Russian missiles at Ukraine. Under his guidance, the Russian invaders carried out a series of rocket attacks on the city in April and May of this year. Then, as a result of enemy shelling, 3 local residents died. Also, 30 private houses were destroyed and one of the industrial enterprises of the region was damaged. According to the investigation, the enemy accomplice turned out to be an ardent supporter of communism, who in 2001 received 6 years in prison for planning a coup d’état in Ukraine. After his release, he joined the local branch of the banned Communist Party and in 2015 was a deputy of the Zaporizhia City Council for almost half a year. He was also an active member of the pro-Kremlin organisations “Union of Soviet Officers” and “Immortal Regiment”. At the end of 2022, he was recruited by an FSB case officer to carry out intelligence and subversive activities against Ukraine. To carry out enemy tasks, the Russian agent formed his own informant network. It included former “party members” of the figure who live in Zaporizhzhia. Through them, he “in the dark” received information about operating industrial enterprises and the technical condition of critical infrastructure. Then the traitor personally went to the area and carried out covert photo and video recording of Ukrainian locations. The received information was transmitted by the Russian Federation for the preparation of air attacks on the territory of the region. After the enemy strikes, the attacker “reported” their consequences to the FSB. During searches of the detainee’s residence, mobile phones were found, which he used to communicate with the Russian intelligence services. A large number of banned communist symbols were also confiscated from him.”

3. Spy Collection: Russian GRU 2014–2016 Cyber-Espionage Operation Pawn Storm, Part 3

On May 29th we published a new video. As per its description, “throughout the early 2010s the Military Unit 26165, also known as 85th Main Special Service Centre (GTsSS), of the Russian GRU conducted a very high amount of cyber-espionage operations against a wide variety of targets, ranging from governments and military entities, to private companies and individuals of interest. This part 3 presents five (5) of those cases from a historical context to demonstrate the modern history of cyber-espionage operations.” The five cases presented are: 1) French Ministry of Defence (2011); 2) Vatican Embassy in Iraq (2012); 3) Hungarian Ministry of Defence (2014); 4) Academi private military company (2014); 5) Bulgarian State Agency for National Security (DANS) (2014).

4. New Zealand: Lack of Transparency from Intelligence Agencies, Taumaru Report Finds

RNZ reported on May 29th that “a comprehensive review into New Zealand’s national security system has found there is a lack of transparency from intelligence agencies on their activities, and is concerned over the effectiveness of control and oversight mechanisms. The Taumaru report is the first review into New Zealand’s intelligence and security laws since the Intelligence and Security Act was established in 2017. Since then, the country has experienced two terror attacks, and seen a rise in cybersecurity threats, foreign interference, and disinformation. The 274 page report, written by former Solicitor General Sir Terence Arnold and prominent Māori lawyer Matanuku Mahuika, looked into the operations and oversight of New Zealand’s two intelligence and security agencies: The Government Communications Security Bureau (GCSB) and the New Zealand Security Intelligence Service (NZSIS). It made 52 recommendations, which the government will now consider. The review was brought forward following the Report of the Royal Commission of Inquiry into the Christchurch terror attacks. That report criticised the transparency and scale of New Zealand’s national security system, saying it functioned as a collection of agencies with little shared direction. There was currently no definition of what “protection of national security” actually meant in the act. The report recommended applying one, suggesting defining it as “the protection of New Zealand, its communities and people from activities that are threats because they undermine, or seek to undermine, one or more of New Zealand’s…” — and then a list of the types of activities that could constitute a threat. It suggested the agencies make public what their priorities actually were, so the public had a realistic understanding of what they actually did. The authors believed this would enable meaningful public engagement, and enhance the agencies’ social license to operate in New Zealand. The report also recommended the Intelligence and Security Committee be overhauled. Established in 1996, it is the only select committee chaired by a member of the Executive (the prime minister). It also meets less frequently than other committees.”

5. North Korea Notifies Japan of its Plan to Launch Satellite Between May 31-June 11

Following week 20 story #30, the Korea Herald reported on May 29th that “North Korea has notified Japan of its plan to launch a satellite between May 31 and June 11, a Japanese media report said Monday, as the secretive regime is preparing to put its first military spy satellite into orbit. The North notified the Japanese government of its plan to establish a maritime danger zone during the cited period, Japan’s Kyodo News reported. North Korea also informed the International Maritime Organization of its plan for the satellite launch, according to Japanese broadcaster NHK. North Korea has announced the completion of preparations to mount its first military spy satellite on a rocket, raising speculation that the North may launch it as early as June. The North’s leader, Kim Jong-un, has recently inspected a non-permanent committee responsible for preparing for the launch of a military reconnaissance satellite and approved of its “future action plan.” The North’s proposed satellite launch would violate a series of United Nations Security Council resolutions banning its nuclear and missile programs, as it uses the same technology used in ballistic missiles.”

6. Russian FSB Publishes Interview with First Deputy Director — Head of the FSB Border Service

On May 28th Russia’s Federal Security Service (FSB) published this interview. Its an interview of 16 questions for the First Deputy Director — Head of the FSB Border Service Vladimir Grigoryevich (Владимир Григорьевич).

7. French DGSE’s Technical Department Opens Up to Innovation Cooperation

Intelligence Online reported on May 29th that “France’s external intelligence service has traditionally been reluctant to open up to private companies, but it is edging closer to working with dedicated defence and intelligence innovation outfits.”

8. Pakistan Presents Captured Terrorist Commander to Media

On May 28th the Medialine reported that “counterterrorism experts are divided as to whether the arrest of Baloch separatist Gulzar Imam will significantly reduce terrorism in the region [Islamabad] Pakistan presented an apprehended terrorist commander to the media on Tuesday. At the press conference, captured Baloch Nationalist Army (BNA) Commander Gulzar Imam, also known as Shambay, urged the Baloch people to give up their armed rebellion. Imam has been accused of developing links with hostile spy agencies and was involved in dozens of violent attacks in Pakistan. The Pakistan Armed Forces published a press release last month confirming Imam’s arrest, which is believed to have taken place in September 2022. The press release described him as “a hardcore militant” and “a staunch believer in an independent Balochistan.”.” The announcement continues that “speaking on condition of anonymity, an Islamabad-based senior counter-intelligence official described Imam as “a highly trained, cunning operative and a shrewd terrorist commander” who “used 1,400 fake documents and 66 different organizations in 11 countries to hide his identity.” The official noted that a neighboring country, which he declined to name, provided safe haven to Imam. He did reveal that Imam visited India in 2017 using fake documents. After identifying Imam through collaborative efforts with 11 foreign spy agencies over the course of more than a year, Pakistan carried out Imam’s arrest in only 12 hours. Experts are divided as to the effect that Imam’s arrest will have on terrorist organizations in the region and on Pakistan-US relations.”

9. Video: How China Threatens Companies with the New Spying Law

The VisualPolitikEN published this video on May 28th. As per its description, “at the end of April 2023, China pushed through a reform of its counter-espionage law. This law now directly affects companies… This has set off all the alarm bells. Now the information and data of companies are also covered by this law, so that anyone who has handled sensitive information of a project or a company in China could be charged with nothing less than the counterespionage law. A law that carries not only prison sentences but also summary trials. But what the hell is going on in China, why are so many red alerts going off, is Xi Jinping’s government using espionage legislation to pressure, punish or cut ties with some foreign companies, and what could all this mean for the economic future of the People’s Republic of China? We tell you all the details in this new video here on VisualPolitik.”

10. Ukraine’s SBU Detains GRU Agent in Donbas

On May 30th Ukraine’s SBU announced that they “detained an informant of the Russian GRU who was spying on the Defence Forces in Donbas. He collected intelligence for the occupiers about the locations of deployments and ways of movement of the Defence Forces in the areas of Sloviansk, Lyman, and Mykolaivka. He paid special attention to the movement routes of Ukrainian military convoys crossing the Siverskyi Donets River in the direction of Bakhmut. The attacker also gave coordinates of local factories and railway infrastructure to the aggressor. Intelligence was needed by the invaders to prepare airstrikes against Ukrainian sites, including the use of drones. According to the investigation materials, the resident of the liberated Liman, who was remotely recruited by Russian military intelligence, turned out to be an enemy accomplice. In order to transmit intelligence, he was “in touch” with a scout of the assault battalion of the GRU special forces and a gunner of a tank company of the enemy tactical group “Kupol”. It was established that communication was maintained through the banned Odnoklassniki social network.”

11. Pegasus-pusher NSO Gets New Owner Keen On the Commercial Spyware Business

The Register reported on May 30th that “spyware maker NSO Group has a new ringleader, as the notorious biz seeks to revamp its image amid new reports that the company’s Pegasus malware is targeting yet more human rights advocates and journalists. Once installed on a victim’s device, Pegasus can, among other things, secretly snoop on that person’s calls, messages, and other activities, and access their phone’s camera without permission. This has led to government sanctions against NSO and a massive lawsuit from Meta, which the Supreme Court allowed to proceed in January. The Israeli company’s creditors, Credit Suisse and Senate Investment Group, foreclosed on NSO earlier this year, according to the Wall Street Journal, which broke that story the other day. Essentially, we’re told, NSO’s lenders forced the biz into a restructure and change of ownership after it ran into various government ban lists and ensuing financial difficulties. The new owner is a Luxembourg-based holding firm called Dufresne Holdings controlled by NSO co-founder Omri Lavie, according to the newspaper report. Corporate filings now list Dufresne Holdings as the sole shareholder of NSO parent company NorthPole. Dufresne Holdings has removed “a number of directors and officers” across NSO and is involved in the company’s day-to-day management, the Wall Street Journal added. An NSO spokesperson meanwhile told The Register “the company is managed directly by our CEO, Yaron Shohat. The lenders are currently in a process of restructuring the shareholders.” The company has not only faced criticism over its Pegasus spyware implant, US and European officials over the past couple of years have cracked down on NSO in particular, and commercial spyware in general.”

12. Chinese Surveillance Firms Hikvision and Dahua Targeted by Ukrainian Investigators

Intelligence Online reported on May 31st that “Ukrainian investigative collective Underdog — the UnLawyers has alerted the government agencies of the widespread use of surveillance tools by these two major Chinese companies operating in the country. The firms’ potential support for the Russian offensive has raised several questions.”

13. Natural Spies: Astonishing Role of Animals in Espionage

On May 29th Mirage News reported that “the world of espionage, a realm often associated with covert operations, secret agents, and high-tech spy gadgets, has had some unexpected participants — animals. The natural abilities of animals, from the acute eyesight of birds to the aquatic prowess of dolphins, have been harnessed for espionage purposes over the centuries. Here we delve into the intriguing and lesser-known history of animal espionage, and the remarkable stories of these unsung heroes of the covert world.” The article covers: 1) Carrier pigeons; 2) Spy cats; 3) Marine mammals; 4) Insect drones; 5) Bat bombers; 6) Snake robots; 7) Spying squirrels; 8) Ravens; 9) Robotic fish.

14. Taiwan Raids 8 Chinese Companies for Alleged Tech Espionage

Taiwan News reported on May 29th that “the Ministry of Justice Investigation Bureau (MJIB) raided eight technology companies with ties to China between May 22–25 for allegedly seeking to steal technology from Taiwanese companies and poach IT staff. To counter attempts by China to engage in industrial espionage, the MJIB sent 112 investigators to raid eight companies allegedly posing as firms backed by Taiwanese or foreign investors, reported CNA. After investigators searched 25 locations in Taipei City, New Taipei City, Hsinchu City, Hsinchu County, Chiayi County, and Taichung City, a total of 49 individuals were taken in for questioning. The Chinese companies were engaged in database management, software development, memory modules, digital integrated circuits, firmware design, solid-state drive controller chip design and development, motor driver chip research development, electronic component research and development, Internet of Things, 5G communication module and chip design, and semiconductors. The MJIB said that in addition to injecting copious government funds into developing high-tech industries, China has used illegal means to poach talent from Taiwan’s industrial chains. Investigators found that Chinese companies pose as foreign-funded firms to attract Taiwanese engineers, who are encouraged to hand over technology from their prior employers. In addition, the bureau said that many of these companies operate small offices in Taiwan with local staff who work remotely. They also may set up two branches to keep the operation running in case one branch is shut down by the authorities. The companies are being investigated for violating the Act Governing Relations Between the People of the Taiwan Area and the Mainland Area (臺灣地區與大陸地區人民關係條例). Two companies were identified by local media as Fuzhou Sinoregal and Quectel Wireless Solutions, both based in Shanghai.”

15. Oman’s Sultan Visits Iran to Strengthen Ties, Discuss Region

Following last week’s story #69, Iran International reported on May 28th that “Oman’s sultan arrived in Iran on Sunday for a two-day visit and met with President Ebrahim Raisi in a visit expected to focus on regional diplomatic and security issues. The visit by Sultan Haitham bin Tariq al-Said came two days after Muscat mediated a prisoner swap between Iran and Belgium. Oman has traditionally been an interlocutor between the West with the IslamicRepublic and has mediated the release of several foreign citizens and dual nationals held hostage by Iran. On Friday, Oman helped secure the release of a Belgian aid worker, who was arrested in 2022 and sentenced to 40 years in prison and 74 lashes on trumped-up charges including spying, in exchange for Iranian diplomat and intelligence agent Assadollah Assadi sentenced to 20 years in prison for a failed bomb plot in France against exiled opposition group Mujahideen-e Khalq (MEK). Dozens of foreigners and dual nationals still remain in jail in Iran, most facing espionage and security-related accusations. Rights groups have criticized the arrests as a hostage-taking tactic by Tehran to win concessions from the West.”

16. Podcast: Can Jonna Mendez Survive this Podcast?

On May 30th Clint Emerson published a new podcast episode. As per its description, “Jonna Mendez is a former Chief of Disguise with the Central Intelligence Agency (CIA). She worked with the Agency for 27 years, and during her time there, she served as a technical operations officer and as the CIA’s Chief of Disguise. She retired from the CIA in 1993 and later co-authored the book “Spy Dust: Two Masters of Disguise Reveal the Tools and Operations That Helped Win the Cold War” with her husband Antonio Mendez. The book details their experiences working for the CIA during the Cold War, including their work with Soviet defector Aldrich Ames.”

17. Ukrainian SBU Exposed 2 Russian Spies in Kyiv

On May 30th Ukraine’s SBU announced that they “exposed two Russian spies who wanted to place their agent at a defence plant in Kyiv. One of them is an employee of the Main Department of International Military Cooperation of the Ministry of Defence of the Russian Federation, Colonel Dmytro Gulii (Дмитро Гулій). Another Russian spy turned out to be the Deputy Director of the legal department of the Ministry of Economic Development of the aggressor country, Vitaly Tekhelev (Віталій Техтелєв). It was established that at the beginning of the full-scale invasion, they remotely recruited a resident of Kyiv. Soon, the man received a task from them — to get a job with one of the defence companies in the capital region. The ultimate goal of this agent is to collect and transmit intelligence to the Russian Federation. In this way, Russian officials tried to obtain secret information about the available Ukrainian weapons, which are delivered to the Defence Forces at the front. In addition, they were interested in data on the consequences of Russian missile strikes on the critical infrastructure of Kyiv. In February 2023, the Security Service detained an enemy agent and informed him of suspicion of treason. During the investigation, the employees of the Ukrainian intelligence service “split” the detainee — he provided the personal data of his “handlers” from the Russian Federation. According to the investigation, the traitor maintained contact with Russian officials through a messenger. In the event of the capture of Kyiv, they promised their agent loyal treatment on the part of the occupiers.”

18. Beluga Whale Spotted Off the Swedish Coast Previously Accused of Spying for Russia

On May 30th EuroNews reported that “the several-metre-long white whale was first sighted a few years ago wearing a camera harness near Norway, fuelling suspicions it was being used for espionage. It has since been nicknamed Hvaldimir, combining the words ‘hval’ (whale in Norwegian) and the common Russian first name Vladimir. When first spotted in 2019, the whale’s harness was fitted with a base for a small camera with ‘Equipment St. Peterburg’ printed on the plastic strap. The biologists who found Hvaldimir were able to remove the harness fixed around his head. The Norwegian Directorate of Fisheries speculated at the time the whale had escaped from an enclosure where it was possibly trained by the Russian Navy since it was accustomed to human company and would approach ships. Moscow has never officially commented on the case.”

19. Iraq: Turkey’s MIT Hands Control of Makhmur Refugee Camp to Baghdad

Intelligence Online reported no May 31st that “forced to give in to Turkish intelligence demands, the Iraqi government in Baghdad is conducting an operation to control suspected PKK fighters, with the implicit involvement of the Barzanis’ KDP, which remains close to Turkey.”

20. Albania: Accused of Espionage, the Russian Blogger Openly Challenges the State Police and Comes Out with a Strong Call

Following 2022 week 33 story #71, 2022 week 34 stories #16 and #88, 2023 week 8 story #1, 2023 week 9 story #86, 2023 week 18 story #78, and 2023 week 21 story #61, the Albanian SOT reported on May 29th that “the Russian blogger, Svetlana Timofeeva, has spoken about the accusations against her, her acquaintance with the other two suspects as spies Mikail Zorin and Fedir Alpatov. “I’m not a spy”, she says in Albanian, repeating several times in Russian and English that she has been a blogger for 15 years and that she has a blog with many followers where she writes and publishes photos from her travels in different countries of the world. “It’s been my hobby for 20 years, not only to take pictures of these places but also to learn the history of the places I visit and get their content. I have been to 33 countries, to almost all of Europe, to Japan and to several islands in Asia, so to many countries,” she said. Svetlana Timofeeva was arrested on August 20, 2022, together with two other citizens, Mikhail Zorin from Russia and Fedir Alpatov from Ukraine after they tried to enter the premises of the former mechanical weapons factory in Gramsh. All three were arrested by the police and charged with espionage. “I have proof that I am a photographer, I am a blogger, I am a traveler. They must bring proof that I am a spy. If the police say that I am a spy, they must find the evidence that I am a spy,” said Timofeeva. But what connected the 34-year-old blogger with the other two suspects as Russian spies Mikhail Zorin and Ukrainian Fedir Alpatov? “I have a hobby relationship with the boys, I know Mikhail better because I have met him several times in Russia and we have been guides in some abandoned places in the Russian Federation. Also in Ukraine, but after the war in Ukraine started, he left for the Czech Republic with studies while I left for Georgia. As for Fedir, the Ukrainian citizen, he is a friend of Mikhail. I don’t know him well. I met him when I came to Albania. We are connected by our shared hobby of exploring abandoned places. We did not plan to come to Albania, Mikhail invited me. I cut the tickets because at that time I was living in Georgia, I was in transit from Istanbul. I came to Albania, we met and continued our exploration”.”

21. Video: Software Defined Statecraft featuring Chief Technology Officer of the CIA, Nand Mulchandani

On May 31st the Second Front Systems published this video recording. As per its description, “watch as Nand Mulchandani, Chief Technology Officer of the Central Intelligence Agency (CIA), discusses the future of software-enabled statecraft and the challenges of technology adoption in the public sector. Joined by Tyler Sweatt, Chief Revenue Officer at Second Front, Mulchandani shares insights on bridging the gap between traditional spycraft and modern technological advancements. Listen to discover the importance of establishing a solid foundation for technology implementation and scalability, and explore the collaborative efforts between the public and private sectors in driving innovation.”

22. Newly Uncovered Chinese Espionage Incident Causes Alarm Among US Authorities

SOFREP reported on May 30th that “unlike the attention-grabbing Chinese spy balloon, which garnered sensationalized media coverage earlier this year, this recently uncovered espionage incident is causing even greater alarm among authorities. As millions of American watch the dramatic shot down of the spy balloon that was reportedly equipped with surveillance and believed to be an equipment part of China’s intelligence-gathering program, US Intelligence agencies and tech giant Microsoft found an unknown computer code stealthily traversing over telecommunication systems in Guam. It also appears to be weaving through other network locations across the state. Microsoft released a detailed report last week, determining that a hacking group associated with the Chinese government installed the mysterious code that aimed to target American critical infrastructure organizations, subsequently causing significant concern. The report noted that a group called “Volt Typhoon” is responsible for the cyberattack, a known state-sponsored Chinese hacker that generally focuses on espionage and information-gathering initiatives. Based on the assessment of the tech giant, the group appears to be pursuing a potential to “disrupt critical communications infrastructure between the United States and Asia region during future crises.”.”

23. Ukrainian and Western Intelligence Services Consider Options for Collaboration on Vetting Foreign Combatants

Intelligence Online reported on May 29th that “informal consultations are currently underway between the SBU, Interpol and various Western intelligence services that could lead to new standardised procedures for sharing data on individuals wanted in their countries of origin.”

24. Spying for Human Rights: Why Documenting Abuses Should Be Part of the Intelligence Community’s Job

On May 31st the Foreign Affairs published this article saying that “the U.S. intelligence community appears to be doing more to document Russian atrocities in the war in Ukraine than it has to document human rights abuses in any conflict in history. American spy agencies have gathered evidence that Russian commanders intentionally targeted civilian areas and planned to kidnap thousands of Ukrainian children, according to The New York Times. The Biden administration has also made clear that its intelligence assets are watching Russian President Vladimir Putin’s every move. And the U.S. State Department has set up a new Conflict Observatory for Ukraine that is gathering loads of open-source evidence of Russian misconduct. But Ukraine is the exception, not the norm. Policymakers almost never have this breadth or depth of intelligence on human rights abuses at their disposal. The reason for that is simple, intelligence analysts say: their job is not to hoover up intelligence on human rights abuses around the world but to help their bosses understand threats and opportunities in foreign policy. Human rights is not a routine or prioritized issue for intelligence collection. As a result, classified briefings on countries or issues don’t regularly include information on human rights violations such as crackdowns on political dissent, proposed laws discriminating against minorities, or misuse of security forces — even though such information is essential for policymaking. True, policymakers have access to open-source information on rights abuses, including what can be found on Twitter, in news outlets, and even on the Dark Web. Human Rights Watch, where I work, documents human rights abuses in over 100 countries — everything from wartime atrocities to forced labor to discrimination against women. Our research is regularly used by the U.S. government and often cited in the State Department’s annual human rights report. But there is a limit to how much Human Rights Watch and similar organizations can document by comparison with the U.S. intelligence community. U.S. President Joe Biden and his national security adviser should make human rights an intelligence priority and invest in training an intelligence community that understands why and how human rights are essential for policymaking.”

25. United States PACAF Global Hawks Arrive at Yokota Air Base

Mirage News reported on May 28th that “U.S. Pacific Air Forces began positioning RQ-4 Global Hawks at Yokota Air Base, Japan, from Andersen Air Force Base, Guam, May 15 to provide theater-wide enduring operations in support of maintaining a free and open Indo-Pacific. The Global Hawk’s mission is to provide a broad range of U.S. intelligence, surveillance, and reconnaissance capabilities to support joint forces, and Allies and partners in worldwide peacetime, contingency and crisis operations. The Global Hawk serves as a high-altitude, long-endurance, remotely piloted and unarmed, aerial reconnaissance system. The aircraft provides persistent, day and night, high-resolution, all-weather imagery of large geographic areas with an array of integrated sensors and cameras.”

26. Turkish MIT Disrupted DAESH Operation During Election Day

The Turkish Akdeniz Manşet Gazetesi reported on May 30th that “the National Intelligence Organisation (MIT) and the Konya Police Department Anti-Terrorism Branch have determined that the terrorist organisation DEASH was planning to carry out an action in the second round of the Presidential Election. A.H., who settled in Konya after receiving training in conflict zones on behalf of the terrorist organisation, was identified by the police forces. A raid was carried out on the addresses where A.H. and the 5 suspects he was related to were hidden, with the participation of the special operations police. It was learned that A.H., one of the suspects taken into custody, tried to obtain ammunition, that he was one of the so-called leaders of the organisation and that he organised a group of 5 people in Konya. A.H., H.E., Y.B., M.C., S.P. and Z.D. were detained. A.H. and H.E., who were found to have carried out executions on behalf of DAESH in Syria, were arrested. Y.B. was given a travel ban. The other three suspects were released.”

27. France: DGSE Relocation Pushed Back by Two Years

Following 2022 week 17 story #1, Intelligence Online reported on May 30th that “the future DGSE headquarters in Vincennes, scheduled for 2028, will now not be ready until 2030. Work has not even begun yet.”

28. Dark Pink Hackers Continue to Target Government and Military Organisations

Bleeping Computer reported on May 31st that “the Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations in Indonesia, Brunei, and Vietnam. The threat group has been active since at least mid-2021, primarily targeting entities in the Asia-Pacific region, but it was first exposed in January 2023 by a Group-IB report. The researchers report that after analyzing signs of previous activity by the threat actor, they now discovered additional breaches against an educational institute in Belgium and a military body in Thailand. Despite the previous exposure by Group-IB, Dark Pink has not shown any signs of slowing down, and the company says it identified at least five attacks perpetrated by the group following the publication of the previous report. In the recent attacks, Dark Pink showcased a revamped attack chain, implemented different persistence mechanisms, and deployed new data exfiltration tools, likely attempting to dodge detection by distancing their operations from publicly available IoCs (indicators of compromise).”

29. North Korea Says Spy Satellite Launch Crashed Into Sea

Following this week’s story #5, BBC reported on May 31st that “Pyongyang announced earlier it planned to launch a satellite by 11 June to monitor US military activities. It now says it will attempt a second launch as soon as possible. The launch sparked a false alarm in the South Korean capital Seoul, while in Japan a warning was issued to residents of Okinawa, in the south. There was chaos and confusion in Seoul as people awoke to the sound of an air raid siren and an emergency message telling them to prepare for an evacuation — only to be told 20 minutes later it had been sent in error. The stakes are high on the Korean Peninsula, where tensions have existed between the two countries for 70 years, and this false alarm could seriously damage people’s trust in the alert system. North Korea poses a threat to South Korea, and if there is an alert in the future one question being asked is whether it will be taken seriously, or brushed off as another mistake. Kim, a 33-year-old mother living in Seoul, told the BBC she was “very scared” when she received the emergency alert and started packing her bags to evacuate. “I didn’t believe there would be a war, but after the war in Ukraine it made me think that North Korea or China might invade [South] Korea,” she said, adding she thought Pyongyang had “lost its mind” and launched an invasion. In a press conference, Seoul mayor Oh Se-hoon acknowledged the emergency text “may have been an overreaction” but said “there can be no compromise on safety”. He said the city would improve its warning system to avoid confusion, AFP news agency reports.”

30. New Videos by Former United States CIA Officer Jason Hanson

Throughout this week former US Central Intelligence Officer (CIA) Jason Hanson published the following videos: 1) How To Maintain Physical Fitness to Survive in Tough Situations, 2) Here’s How to Protect Your Privacy Online & Offline.., 3) How Spies Prepare for High-Pressure Situations…, 4) How to Protect Your Privacy from the Government.

31. North Korean Hackers Target Windows IIS Web Servers for Initial Access

On May 29th Bleeping Computer reported that “the notorious North Korean state-backed hackers, known as the Lazarus Group, are now targeting vulnerable Windows Internet Information Services (IIS) web servers to gain initial access to corporate networks. Lazarus is primarily financially motivated, with many analysts believing that the hackers’ malicious activities help fund North Korea’s weapons development programs. However, the group has also been involved in several espionage operations. The latest tactic of targeting Windows IIS servers was discovered by South Korean researchers at the AhnLab Security Emergency Response Center (ASEC).”

32. Army’s IRA Spy Freddie Scappaticci Admitted Killing Suspected Informer

Following week 16 story #15, on May 30th BBC reported that “the man suspected of being one of the British Army’s top agents within the IRA admitted in 1990 that he had shot dead a suspected informer. The detail has been uncovered in a court document during a BBC Spotlight investigation into his activities. Freddie Scappaticci, who died in April, had always denied that he was the agent given the codename Stakeknife. Stakeknife is thought to have been linked to more than 20 murders during the Troubles in Northern Ireland. By 1990 Freddie Scappaticci had become the IRA’s chief spy catcher within its internal security unit. It was known as the “nutting squad” because the informers it uncovered were shot in the head — the nut — and their bodies were dumped after interrogations involving torture. In February 1989 Joe Fenton was shot dead after being interrogated by the IRA’s internal security unit in a house in west Belfast. No-one has ever been charged with his murder.”

33. Israel: Cyberintelligence Firm Blue Ocean’s Mystery Clients Revealed

Intelligence Online reported on May 30th that “the usually low-profile Israeli cyberintelligence firm Blue Ocean has been in the spotlight since obtaining export licences for a Southeast Asian country and a European country. Intelligence Online has the low-down on which ones.”

34. Video: True Life Spy Stories: The Espionage Masterstroke that Turned the Tide of War

On May 28th Philip Thompson published this documentary. As per its description, “in the shadowy world of espionage, secrets are currency, and deception is an art. As World War 2 raged on, the Allies became ever more aware of the truth of this statement. Having dealt with the Nazi threat in North Africa, the Allies set their sights on invading Italy to wrest it from the control of fascism and the influence of Nazi Germany. But to do this, it was necessary to devise a plan so cunning, so audacious, that if it were pulled off successfully it would certainly be remembered as one of the most ingenious military deceptions in all history. By means of a dead body and a briefcase full of fake documents, British intelligence was able to fool Axis powers at a crucial juncture of the war. Two British men, Ewen Montagu and Charles Cholmondeley, were tasked with developing Operation Mincemeat further and clearing the way for the Allied forces ahead of Operation Husky. This is a documentary that tells the story of Operation Mincemeat — the espionage masterstroke that turned the tide of World War 2.”

35. Iran: I Planned to Spy and Carry Out Assassinations… Dismantling 6 Cells Working for the Mossad in Iran

QudsN reported on May 29th that “today, Monday, the Centre for Protection and Information in the Judicial Authority in Iran announced the arrest of a cell linked to the Israeli Mossad. And according to the Iranian Tasnim agency, the Iranian security forces in West Azerbaijan province managed to arrest 14 members linked to the Zionist movements who intended to identify and assassinate people. On May 21, 2023, the Iranian Minister of Intelligence, Ismail Khatib, revealed the arrest of a group linked to the Israeli Mossad on the western borders of Iran. Last January, the Iranian Ministry of Security announced the arrest of two cells, accusing them of spying for the Israeli occupation. The number of cells accused of spying for the Mossad rose to 6, after Tehran announced the dismantling of four operational espionage cells in December 2022. It is noteworthy that Iran announces from time to time the detention of people it says are spying for foreign countries, including the United States and the Israeli occupation.” The Al-Quds News also reported on this saying that “according to the report, “the elements of the Israeli spy cell were identified and arrested in different cities.” He explained that two leaders of the spy organisation were trained in the “Israeli” House of Justice organisation, which is located in the Baha’i Centre in Haifa, and they established a spy cell with other members of the organisation. And as a complement to the announcement of the Iranian Ministry of Intelligence, it was reported that members of the organisation communicated secretly, and relied on the basis of messages sent from Haifa and the Israeli regime. The director of the General Intelligence for the Mazandaran region said: “Any activity of spy networks linked to the Zionist regime of anti-revolutionary activity is closely monitored by the intelligence and its agents will be dealt with decisively.” It is noteworthy that this is the second time that Iranian intelligence reported that it had arrested suspects of espionage for “Israel” from the Baha’i sect.”

36. Ukrainian SBU Detained FSB Agent in Kryvyi Rih

On May 31st Ukraine’s Security Service (SBU) announced that they “detained an FSB agent in Kryvyi Rih. Military counter-intelligence of the Security Service conducted a special operation to expose an FSB informant in the Dnipropetrovsk region. As a result, a woman was detained, who was gathering intelligence for the occupiers about the bases and routes of movement of the Defence Forces in Kryvyi Rih. She also documented the consequences of Russian airstrikes on the city. The received information was transmitted to the enemy via Telegram. The invaders used this data to adjust repeated and prepare new air attacks on Kryvyi Rih. According to the investigation, the suspect is a local woman who, at the beginning of the full-scale invasion of the Russian Federation, supported the aggressor and repeatedly spoke about it among those around her. In this way, she came into the field of view of the FSB, which later remotely involved her in secret cooperation against Ukraine. In order to carry out enemy tasks, the person involved independently traveled the streets of the city and carried out covert photo and video recording of Ukrainian sites.”

37. Milosevic Spymasters Handed Longer Jail Terms in Final UN Court Verdict

France 24 reported on May 31st that “judges rejected appeals by former state security service boss Jovica Stanisic and his deputy Franko Simatovic against their 2021 convictions, and added three years to their original sentences of 12 years. Stanisic, 72, and Simatovic, 73, were convicted of backing a Serb death squad that terrorised the Bosnian town of Bosanski Samac in 1992 with killings, rapes and looting. The pair had challenged their convictions for the war crime of murder and the crimes against humanity of murder, persecution, forcible transfer and deportation, and appealed the sentence. Prosecutors had appealed against their acquittal on several other charges, and asked for a longer sentence from the court, known as the International Residual Mechanism for Criminal Tribunals (MICT). “The appeals chamber dismisses the appeals by (Jovica) Stanisic and (Franko) Simatovic… and imposes a sentence of 15 years” on each, head appeals judge Graciela Gatti Santana said. The case has been running for two decades, making it the longest and the last at the UN tribunal dealing with crimes from the wars that tore apart Yugoslavia after the fall of communism. The pair were arrested in 2003 and cleared at an initial trial in 2013, but the court ordered a retrial. “This pronouncement marks a milestone in the mechanism’s history… The appeals chamber pronounces the last appeal judgment”, Gatti Santana said. The MICT has taken over cases left over from the International Criminal Tribunal for the former Yugoslavia (ICTY), which closed in 2017 after bringing key suspects to justice over the Balkans wars.”

38. United States: Adversaries Can Reconstruct Classified Information from Unclassified Data, Warns White House Official

The Record reported on May 31st that “the proliferation of sensitive but unclassified information poses a major security challenge for NATO members, a White House official said on Wednesday, due to the ability for nation-state adversaries “to take seemingly disparate unclassified data elements and reconstruct classified information from them.” Delivering a keynote opening the 15th annual International Conference on Cyber Conflict (CyCon) in Tallinn, the White House’s acting national cyber director, Kemba Walden, noted that protecting classified data had been an issue “of immense concern for decades” pre-dating digitalization. While information technology has made protecting this data more difficult, “the fundamental tenets of working with cleared defense contractors to protect sensitive information has not changed,” Walden said. But she warned it was a game-changer for cyber spies to have the ability to steal unclassified information and then use advanced data analysis techniques to reconstruct material with serious national security sensitivities for the target country. “Thirty years ago, physically breaking into dozens of defense subcontractors’ offices to make off with reams of paper and then somehow making sense of it all would have been a massive intelligence operation. Today, it’s done in a matter of a few clicks,” Walden said. Cyber thefts of defense contractor information and of very large datasets on the public — including from the credit reporting business Equifax and the U.S. Office of Personnel Management — have been attributed to hackers working for China. William Evanina, the former top counterintelligence official in the U.S., told Foreign Policy magazine that Chinese technology companies were providing assistance to Beijing to process this bulk data and make it useful for China’s intelligence services.”

39. Kenya: On Haji as Spy Chief, Let Ruto Have His Way

On May 29th Nation Africa reported that “Parliament this week vets Noordin Haji, the President’s nominee for Director-General of the National Intelligence Service, in special circumstances. For starters, 90 per cent of his CV will be missing: As a member of the clandestine security services, his professional achievements are national secrets and unavailable for use to advance career. Unfortunately also, his record as Director of Public Prosecution might not receive comprehensive attention with the trending topic being the withdrawal of some high-profile corruption cases. The desire of the street to make a big guy sweat is, in Kenya, a highly valued outcome.”

40. Russia: Kremlin’s Protection Arm Prevails in Information War

On May 31st Intelligence Online reported that “the Russian state security agency, the FSO, has new responsibilities regarding information security. It must rub elbows with several other departments and especially with the FSB.”

41. Canada’s Top Spy Agency Warns Hong Kong-born Lawmaker She is on China’s ‘Evergreen’ Target List

Fox News reported on May 30th that “Canadian Member of Parliament Jenny Kwan, who was born in Hong Kong, told reporters Monday that the Canadian Security Intelligence Service (CSIS) informed her during a classified briefing Friday that she is and will forever remain an “evergreen” target of the Chinese government in Beijing. “While I’m not able to disclose the details of how that foreign interference applied to me specifically for national security reasons, CSIS has confirmed with me that I am being targeted for foreign interference and will continue to be a target,” Kwan said at a press conference on Parliament Hill. “They used the term evergreen, meaning that I will forever be targeted,” she said. “The reason why I’m being targeted is because of my activism in support and to fight for basic human rights — not just for Canadians, but for those who are abroad as well.” The subject of the classified briefing was her targeting by the Chinese government, Kwan said, noting though, that she has also been sanctioned by the Russian government.”

42. Israel: Retired Mossad Agent, Still ‘Devoted to State Security,’ Died on Capsized Boat

The Times of Israel reported on May 31st that “the Prime Minister’s Office confirmed on Wednesday that an Israeli man who was among four people who drowned when a boat capsized in Italy’s Lake Maggiore had served in the Mossad spy agency. The victim has been named by Italian media as 50-year-old Erez Shimoni, although his identity has not been announced by Israeli authorities. In a brief statement, the PMO said that “due to his service in the organization, it is impossible to elaborate” on his activities. “The Mossad lost a dear friend, a devoted and professional worker who for decades dedicated his life to the security of the State of Israel, even after his retirement,” it said. “The Mossad mourns the loss and shares in the family’s sorrow.” Shimoni’s body was transported back to Israel for burial. The admission came as Italian media cited new quotes from the skipper of the boat, who is suspected of negligent homicide. The captain, Claudio Carminati, is a suspect due to the fact that the boat was carrying 23 passengers when it could only legally hold 15. His wife was among the dead. Corriere della Sera on Wednesday quoted Carminati as saying, “It was 30 seconds, then the apocalypse came, the boat immediately capsized and we fell into the water.” He insisted that there was no prior warning that the weather would turn bad.”

43. Two Italian Intelligence Agents and Israeli Ex-spy Killed Along with a Russian Woman as Party Boat Sunk by ‘Whirlwind’

Along with this week’s story #42, The Sun reported on May 29th that “two Italian intelligence agents and an Israeli ex-spy were killed along with a Russian woman after their party boat was sunk by a “whirlwind”. The tragedy struck when the 52ft pleasure boat Goduria capsized, tipping everyone on board into the choppy waters of Lake Maggiore on the border between Italy and Switzerland. Some 14 people managed to swim 150 yards to shore, and another five were rescued in a huge emergency operation. Fire brigade spokesman Luca Cari said that the bodies of four people were recovered. Israel’s foreign ministry said one of the dead was Erez Shimoni, 50, a former member of the country’s security forces in his fifties. Italian intelligence agents Claudio Alonzi, 62, and Tiziana Barnobi, 53, were also killed in the accident. A spokesperson for the Italian security service said: “The two employees, belonging to the intelligence department, were taking part in a convivial meeting organised to celebrate the birthday of one of the group.” The fourth victim was Anya Bozhkova, 50, the Russian partner of the boat’s owner and captain Claudio Carminati, 53.”

44. South Korea’s Spy Agency Says Kim Jong Un May Have Insomnia

Bloomberg published this article on May 31st stating that “South Korea’s spy agency says North Korean leader Kim Jong Un may be suffering from a sleep disorder and they’re monitoring him for a potentially worsening alcohol and nicotine dependency. North Korean authorities are “intensely” collecting overseas medical information for top ranking officials with insomnia, including details on medications used to treat it like Zolpidem, the National Intelligence Service told lawmakers Wednesday.”

45. Turkey: New Details Reveal on MIT’s Giant Operation Against Mossad

ANews reported on May 31st that “an important development took place regarding the operation carried out by Türkiye’s National Intelligence Agency (MIT) against the new 15-person espionage network created by Israeli spy agency Mossad in Türkiye. The police proceedings for 11 out of the 13 suspects, including the leader of the espionage network, private detective Selçuk Küçükkaya, and his assistant Musa Kuş, have been concluded. The suspects, after being transferred to the Istanbul Courthouse, underwent questioning by the Istanbul Chief Public Prosecutor’s Office. Out of the 11 suspects, 4 of them were presented to the Istanbul Criminal Judgeship of Peace on Duty with a request for arrest, while the remaining 7 were released after the prosecutor’s interrogation. It has been reported that 2 suspects are still at large and considered fugitives. According to the referral letter from the prosecutor’s office, significant details were revealed about the network involved in leaking information to Mossad. The network was reportedly monitoring and reporting on a company as well as 23 individuals who had commercial relations with Iran. The leader of the network, Selçuk Küçükkaya, was found to have operated in accordance with the requests of Mossad managers during the period of 2018–2022. In the article, it was highlighted that Selçuk Küçükkaya and his team, operating under the code name ‘Taner Sezgin’, were involved in the crime of political espionage. They gathered confidential information from individuals residing in Türkiye and provided it to external actors, specifically Mossad. Cenk B., Emre B., Cengiz Ç., and Ayhan Ş. have been arrested and subsequently sent to prison for their involvement in “providing the state’s confidential information for the purpose of political or military espionage.” As part of the ongoing investigation, the number of detainees has increased to six, including Selçuk Küçükkaya, the leader of the 15-person network.”

46. Netherlands: MIVD Plays a Role in Preventing Unwanted Knowledge Transfer by Companies

The Dutch Ministry of Defence announced on May 31st that “there is now an Economic Security Business Desk. This is an information and advice desk for Dutch knowledge-intensive small and medium-sized enterprises (SME). Several ministries, the Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) work together at this desk. The aim is to protect the Dutch economy and knowledge-intensive companies through unwanted knowledge transfer.”

47. UK Spy Agencies Under Scrutiny Over Torture of Saudi Men by CIA

Middle East Eye reported on May 31st that “British intelligence agencies are facing a new investigation over their alleged complicity in the torture of two Saudi men at CIA “black sites” prior to their detention at Guantanamo Bay. In separate legal cases, the two men accuse British intelligence agencies of conspiring with US officials in a CIA-run “secret detention, torture and interrogation programme” in the aftermath of the 9/11 al-Qaeda attacks in the US in 2001. Lawyers representing the two men, Mustafa al-Hawsawi and Abd al-Rahim al-Nashiri, have filed complaints with the Investigatory Powers Tribunal, a court that hears allegations of wrongdoing by the UK’s security services. In a key judgment, judges last week unanimously agreed that the tribunal would consider Hawsawi’s complaint, rejecting arguments by the British government that it did not have jurisdiction in the case. They said the case raised issues “of the gravest possible kind”. “If the allegations are true, it is imperative that that should be established. If they are not true, it is just as important that that should be made clear, so as to maintain public confidence,” the judgment said.”

48. United States: NGA Seeks Aeronautical Charting Support

Intelligence Community News reported on May 31st that “on March 30, the National Geospatial-Intelligence Agency (NGA) issued a request for information (RFI) for aeronautical automated charting. Responses are due by 12:00 p.m. Eastern on June 14. NGA in support of the Source Directorate is seeking information on how an interested contractor could: Deliver aeronautical automated charting software for terminal procedures with capabilities to render DoD Terminal Airport Diagrams including Instrument Approach Procedures (IAPs), Standard Instrument Departures (SID), Standard Terminal Arrival Routes (STAR) and Airport Diagram (AD) Charts to be published in digital format and hardcopy with the functionality described in Appendix A of the SOW; Provide ongoing software development in accordance with the backlog at the Government’s direction; Provide or migrate the software to the Cloud; Provision and maintain software including meeting NGA software security requirements for an on-premise, Unclassified and / or Classified Cloud environment as needed.”

49. Ukrainian SBU Detained GRU Mole in Ukrainian Armed Forces

On June 1st Ukraine’s Security Service (SBU) announced that they “detained a Russian “mole” in the ranks of the Armed Forces of Ukraine, who collected information about Western weapons and “hunted” for anti-aircraft defence. The attacker turned out to be a resident of Bakhmut, who was recruited by a representative of the 72nd Intelligence Centre of the Military Intelligence Service of the Russian Federation (better known as the GRU), Mykyta Klimovsky (Микита Климовський), even before the start of the full-scale invasion. After February 24 last year, the Russian gave his agent the first intelligence task — to inform the aggressor about the consequences of airstrikes on the Ukrainian city. The occupiers were also interested in the exact coordinates of bridge crossings in Bakhmut and its surroundings. Subsequently, the traitor received the next task from the Russian military intelligence — to arrive in Dnipropetrovsk region and mobilise to the ranks of the Defence Forces. After enlisting in one of the military units of the Armed Forces, the enemy agent collected information about the number of personnel and available weapons in the units. The person involved also gave the aggressor information about possible visits to the garrison by representatives of the higher command of the Armed Forces of Ukraine. In this regard, the information regarding the preparation of a possible sabotage against the officials of the Armed Forces is being checked. In addition, the attacker tried to identify the bases of the Ukrainian air defence system and the latest Western weapons. However, military counter-intelligence and SBU investigators worked ahead of time — they exposed the traitor in a timely manner, documented the criminal actions and detained him while trying to pass intelligence to the Russian special services. It was established that their accomplice used the Telegram messenger to communicate with the military intelligence of the Russian Federation. During the searches, two mobile phones were found in the suspect’s possession, one of which he used only to communicate with his “supervisor” from the GRU.”

50. Infozahyst Plays Key Role in Ukrainian Intelligence Gathering from Captured Russian Equipment

On June 1st Intelligence Online reported that “Ukrainian company Infozahyst revealed the secrets of Russian military communications technology to electronic warfare specialists attending the annual meeting of the Association of Old Crows. This is part of a wide-ranging plan for the exchange of intelligence on captured equipment between Ukraine and its NATO partners.”

51. UAE: States Must Urge the United Arab Emirates to Reform Its Dismal Rights Record to Help Ensure a Successful Climate Meeting

Amnesty International reported on June 1st that “States participating in a climate meeting starting on 5 June in Bonn, which will help set the agenda for the COP28 in Dubai later this year, should urge the United Arab Emirates to improve its dismal human rights record to ensure a successful conference, Amnesty International said today. An Amnesty International briefing, The Human Rights Situation in the UAE ahead of COP28, identifies key human rights risks in the United Arab Emirates (UAE) that threaten the success of COP28, including the suppression of the right to freedom of expression and a closure of civic space, the danger of digital espionage and monitoring, and the host country’s opposition to the rapid phasing out of fossil fuels.”

52. Reverse Engineering RokRAT: A Closer Look at APT37’s Onedrive-Based Attack Vector

Cyber security and intelligence firm ThreatMon published this report on May 31st, focusing on North Korean cyber espionage actor APT37. As per its introduction, “this analysis report presents an investigation into the RokRAT malware, which was employed as part of a recent cyber attack attributed to APT37 (Advanced Persistent Threat 37). RokRAT is a sophisticated remote access trojan (RAT) that has been observed as a critical component within the attack chain, enabling the threat actors to gain unauthorized access, exfiltrate sensitive information, and potentially maintain persistent control over compromised systems.”

53. United States: Case Against Ex-CIA Officer Accused of Abusing Women May Collapse Because of How Federal Agents Searched His Phones

NBC News reported on May 31st that “the prosecution’s case against a former CIA officer accused of sexually abusing more than 20 incapacitated women in Mexico City is at risk of collapsing because the Justice and State departments may have botched the execution of a warrant to seize the officer’s iPhones, court records show. A federal judge is set to hear arguments Thursday about whether nearly 600 photos of the defendant allegedly abusing incapacitated women should be thrown out, in a dispute that could make new law on the question of what constitutes an improper search in the digital age. The former CIA officer, Brian Jeffrey Raymond, has been held without bail in a Washington, D.C., jail for nearly three years. He made a deal to plead guilty to two counts of sexual abuse in July 2021, admitting in court to preying upon women he met in and outside the U.S. through dating sites even as he carried out his clandestine duties. But the one-time spy withdrew his plea last year after members of his legal team realized there were significant problems with how the evidence in the case was obtained. In allowing Raymond to change his plea, the federal judge ruled that one of his former defense lawyers had been ineffective in noting major concerns about the manner in which investigators gained access to Raymond’s iPhones. The judge ruled that law enforcement agents may have violated Raymond’s rights under the Fourth Amendment, which guards against unreasonable search and seizure, and under the Fifth, which says a person can’t be forced to testify against himself.”

54. Iranian Dissidents’ Claim of Presidential Hack Likely Legitimate, Experts Say

On May 31st CyberScoop reported that “a trove of documents, images and videos from the offices of Iranian President Ebrahim Raisi posted online Monday appear to be authentic, cybersecurity experts familiar with the matter told CyberScoop on Wednesday. The materials posted to a Telegram channel Monday by a group called “GhyamSarnegouni” (“Rise to Overthrow”) include alleged diplomatic correspondence, floor plans for the offices and sleeping quarters of the Iranian president and other top government offices, detailed network topologies for sensitive Iranian government networks and more. “The hack is legit,” said Amin Sabeti, the founder of the Computer Emergency Response Team in Farsi, which focuses on Iranian cybersecurity issues. Amir Rashidi, the director of internet security and digital rights at the Miaan Group, an Iranian digital and human rights organization, also told CyberScoop that the files “seem legitimate,” perhaps obtained by someone with insider access. While the documents could reveal previously non-public details, Rashidi said many of the Iranian government’s activities exposed in the documents are already well known and discussed. “None of this information is really crazy critical,” Rashidi said, other than perhaps the floor plans and some of the other more technical details. It’s more that it’s “embarrassing,” he added, noting that the information seems to confirm what was largely known about how the Iranian government operates. The material also reportedly includes internal information about nuclear expansion within the country, according to Iran International news.”

55. Video: United States DIA: This is the Defence Attaché Service

On June 1st the United States Defence Intelligence Agency (DIA) published this video. As per its description, “this video is an overview of the Defense Attaché Service. The Defense Attaché Service is an arm of the Defense Intelligence Agency tasked with representing the United States in defense and military-related matters with foreign governments around the world. Defense Attaché Offices operate from U.S. embassies in more than a hundred locations globally. Defense Attaché Offices are composed of the five uniformed services and Department of Defense civilian employees, most of whom receive specialized training before their appointment. In this video, military defense attachés and senior members of the Defense Attaché Service describe their experiences and how their contributions were vital to the diplomatic and defense interests of the United States.”

56. France: Gabriel Attal’s Tax Intelligence Unit Idea Faces Headwinds

On June 1st Intelligence Online reported that “within audit bodies, intelligence services and the PM’s office, plans by the French budget minister to set up a tax intelligence unit are raising eyebrows and eliciting rumbles of opposition.”

57. Cyber Espionage Operation Targeting Israel

On May 30th cyber security firm Perception Point published this technical analysis. As per the article, “Operation Red Deer: Outing Aggah’s Sophisticated Tactics, Techniques and Procedures (TTPs) Targeting Israel. In this blog we will deep dive into a malware campaign crafted specifically for the Israeli audience: Red Deer. We’ve been tracking the activity of the campaign for the past year and noticed minor shifts in the TTPs of the actor that will be explained in this blog. The name chosen for this operation is “Red Deer” because the threat actor behind this phishing email campaign was impersonating the Israeli postal company (“Israel Post”), whose logo is a red deer.”

58. Podcast: SpyTalk: The Forever Spies

On June 2nd SpyTalk published this new podcast episode. As per its description, “Jeff talks with Calder Walton, author of “Spies: The Epic Intelligence War Between East and West.”.”

59. Ukraine’s SBU Exposed 4 Female Bloggers Helping Russian Forces

On May 31st Ukraine’s Security Service (SBU) announced that they “informed of the suspicion of four female bloggers who “illuminated” the work of the Air Defence Forces during the Russian attack on Kyiv on May 16. The Security Service gathered evidence and received expert opinions that confirmed the illegal activities of four residents of the capital, who spread information about the work of the Ukrainian Air Defense Forces during the massive attack Russian Federation to Kyiv on May 16. One of them — a 32-year-old woman from Kyiv — posted prohibited content on her social networks and sent it to the administrator of one of the popular Telegram channels. And within a few hours, her video was shared on pro-Russian platforms. Another — a 36-year-old woman from Kyiv — published a video of the work of air defence and the results of hitting enemy targets on her own Instagram account. The third figure also shared her video on social networks. The fourth suspect is a native of Sumy Oblast, who lives in Kyiv. First, she filmed the results of shooting down enemy missiles, and then sent the files to her acquaintances in various messengers. To avoid criminal liability, the perpetrator tried to delete prohibited messages. SBU investigators informed all four of the suspicion under Part 2 of Art. 114–2 of the Criminal Code of Ukraine (dissemination of information about the movement, movement or location of the Armed Forces of Ukraine or other military formations formed in accordance with the laws of Ukraine, if it is possible to identify them on the ground, if such information was not made publicly available by the General Staff of the Armed Forces of Ukraine, the Ministry of Defence of Ukraine or other by authorised state bodies, committed under martial law). Bloggers face up to 8 years in prison. During urgent investigative actions at the places of residence, mobile phones and computers were found, which they used to distribute their videos. Investigations are ongoing with regard to two other persons involved, who also published prohibited content that day and were immediately exposed by the SBU.”

60. United States: CIA Director Visited China Last Month as US Seeks to Reset Relations

On June 2nd CNN reported that “CIA Director Bill Burns secretly traveled to China last month, a US official told CNN Friday, amid efforts by the United States to reset relations with Beijing after a year of extremely heightened tensions. According to the US official, Burns “met with Chinese counterparts and emphasized the importance of maintaining open lines of communication in intelligence channels.” Another US official explained that the trip was was an intelligence to intelligence engagement, not a diplomatic mission. But Burns’ visit comes as the US has repeatedly signaled that Washington is seeking to diminish tensions with Beijing, particularly after the spy balloon incident earlier this year, which inflamed the bilateral relationship and caused Secretary of State Antony Blinken to postpone a planned trip to China. Burns’ trip, which was first reported by the Financial Times, is the highest-level visit by a US official to date, and comes as the Biden administration has sought to resume cabinet-level engagement with Chinese officials, to varying degrees of success. The specific intelligence matter that Burns discussed in Beijing is unclear. US officials — including Burns — have been warning for months that US intelligence indicated Chinese leadership was considering provide lethal support to Ukraine, but so far Beijing has not moved ahead with that support. US officials have also warned about a possible Chinese effort to takeover Taiwan. “Our assessment at CIA is that I wouldn’t underestimate President Xi’s ambitions with regard to Taiwan,” Burns said earlier this year. On Friday, US Secretary of Defense Lloyd Austin and his Chinese counterpart Li Shangfu “spoke briefly” in Singapore, a Pentagon spokesperson said, after Beijing rebuffed a US request for a formal meeting between the two officials. “Secretary Austin and PRC Minister of National Defense Li Shangfu spoke briefly at tonight’s opening dinner of the Shangri-La Dialogue in Singapore. The two leaders shook hands, but did not have a substantive exchange,” Pentagon Press Secretary Brig. Gen. Pat Ryder said in a statement.”

61. New Cyber Espionage Taking Advantage of Apple iOS Flaw Linked with United States NSA

On June 1st private cyber security and intelligence firm Kaspersky published a technical analysis of a previously unknown cyber espionage operation stating that “while monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise. We are calling this campaign “Operation Triangulation”, and all the related information we have on it will be collected on the Operation Triangulation page. If you have any additional details to share, please contact us: triangulation[at]kaspersky.com.” Soon after that, Russia’s Federal Security Service (FSB) issued a public statement stating that they “uncovered a reconnaissance operation by American intelligence services carried out using Apple mobile devices (USA). In the course of ensuring the security of the Russian telecommunications infrastructure, anomalies were identified that are specific only to users of Apple mobile phones and are caused by the operation of previously unknown malicious software (VPO) that uses software vulnerabilities provided by the manufacturer. It was found that several thousand telephone sets of this brand were infected. At the same time, in addition to domestic subscribers, facts of infection of foreign numbers and subscribers using SIM cards registered with diplomatic missions and embassies in Russia, including the countries of the NATO bloc and the post-Soviet space, as well as Israel, SAR of China and China, were revealed. Thus, the information received by the Russian intelligence services testifies to the close cooperation of the American company Apple with the national intelligence community, in particular the NSA, and confirms that the declared policy of ensuring the confidentiality of personal data of users of Apple devices is not true. The company provides the US intelligence services with a wide range of opportunities to control both any person of interest to the White House, including their partners in anti-Russian activities, and their own citizens.”

62. Azerbaijani Student Who Disappeared Three Months Ago in Iran Accused of Espionage

JAM News reported on June 2nd that “Farid Safarli, an Azerbaijani citizen who left for Iran and disappeared there in February this year, was arrested on charges of espionage. Relatives reported that Farid, then studying in Germany, followed a girl he met in Jena to Iran and then lost touch with him. His parents are asking for help from the country’s president and first lady to save him from the Iranian regime. Farid Safarli, born in 1997, graduated from the Faculty of Economics of the Azerbaijan Diplomatic Academy (ADA). He was studying for a master’s degree at the University of Jena. According to his mother, Dilara Askerova, Farid met a girl who is a citizen of the Islamic Republic of Iran, who was in Germany for an internship, and when she returned to her homeland, he went to Iran to meet her. Farida’s mother learned about all this from her son’s friends in Germany. “We believe that Farid left Germany on February 20th. On March 4, he told his housemates in Germany that he was in Iran and asked to buy a ticket for him, because his card did not work. After that, nothing more is known about Farid,” she said. The mother noted that a ticket for the Tehran-Istanbul-Berlin flight was bought for him, but he never arrived in Turkey.”

63. New Chinese Cyber Espionage Operation Discovered

On May 30th, cyber threat intelligence researcher Kimberly discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as SHARP PANDA, previously associated with the intelligence services of China. The operation involved a lure document titled “[FINAL] Hiroshima Action Statement for Resilient Global Food Security_trackchanged.docx” which, if opened, was covertly installing a cyber espionage software implant. It’s likely the targets of the document were related to the 49th G7 summit (19–21 May 2023) taking place in Hiroshima, Japan.

64. Poland: Spymaster: Radoslaw Jaworski, Safeguarding Poland’s Institutions

Intelligence Online’s spymaster series released a new article on June 2nd. As per the article, “presidential trips, embassy security, terrorism, internal security risks: the Polish state protection service works on all fronts to protect the heart of the country’s government institutions. The young commander “Jawor” heads up the service, which has been given a new lease of life after the closure of its forerunner.”

65. Mossad Agent Who Died in Italy Was on Mission Working Against Iran

Following this week’s story #42, the Jerusalem Post reported on June 2nd that “the Mossad and Italian intelligence personnel that were on the boat that capsized earlier this week at Lake Maggiore in northern Italy were working together to prevent Tehran from obtaining advanced weapons, according to a Friday report by the Italian newspaper La Repubblica. The operation was exposed when the boat sunk, killing four people, including one retired Mossad agent, the report said. Others that drowned include two that worked for Italian intelligence as well as the wife of the ship’s captain. The collaboration of the two espionage organizations reportedly began following Italian media reports which claimed that Russian oligarchs were operating in the area and taking part in transferring Iranian-manufactured UAVs to Moscow.”

66. Afghanistan: How a Covert Relationship with the Taliban Backfired for US Ally Pakistan

On June 2nd the Ponca City News reported that “about two weeks after the Taliban retook Afghanistan in 2021, the then head of Pakistan’s spy agency arrived at one of Kabul’s plushest hotels, smiling, sipping tea and appearing at ease with the militants’ return to power. Lieutenant-General Faiz Hameed of Inter-Services Intelligence had reason to believe Pakistan was about to reap the rewards of clandestinely supporting the Taliban.”

67. Ukrainian SBU Detained Belarusian KGB Agent in the Border

Ukraine’s SBU announced on June 2nd that they “detained an agent of the Belarusian KGB who was spying on the northern border of Ukraine. The informant turned out to be a Belarusian citizen who has a permanent residence permit in our country and has been living in the Rivne region for a long time. At the beginning of the full-scale invasion of the Russian Federation, he was recruited by the Belarusian KGB and carried out intelligence and subversive activities against Ukraine. The task of the agent was to collect data on the defence of the northern borders of our state and the routes of the movement of military equipment. Officers of the SBU detained an enemy henchman at his place of residence during another attempt to transfer intelligence to the Russian Federation. It has been established that he came into the field of view of the Belarusian KGB as a former commander of a unit of the airborne assault troops of the Soviet Union. Then he took an active part in combat operations in Afghanistan. In order to carry out reconnaissance in the Rivne region, he went around the border area and observed the movement of the Defence Forces.”

68. Podcast: MI6-Trained Navy SEAL Takes Us Inside CIA | Shawn Ryan

On June 2nd Julian Dorey published a new podcast episode. As per its description, “Shawn Ryan is a former Navy SEAL, CIA GRS Spy, and current acclaimed podcast host. After 15 years in the SEALs and CIA, Shawn started the Shawn Ryan Show Podcast which is currently a Top-10 podcast in the country.”

69. Spy Way of Life: The Sari Pacific in Jakarta, Indonesia

This week’s selection for Intelligence Online’s Spy Way of Life was the Sari Pacific in Jakarta, Indonesia. As per the article, “now a popular joint for business travellers in Indonesia, this hotel, used for many years by Australia’s spies, could once again become the place to be as strategic shifts in the region bring agents back to the country.”

70. South Korea Slaps Sanctions on North’s Hacking Group After Pyongyang’s Space Launch

Bernama reported on June 2nd that “South Korea on Friday imposed unilateral sanctions on a North Korean hacking group known as Kimsuky, Seoul’s foreign ministry said, in response to Pyongyang’s botched rocket launch aimed at putting a military spy satellite into space. Seoul also issued a joint security advisory with Washington to warn the international community on the illegal activities of the group accused of having engaged in information and technology theft, reported Yonhap news agency. According to the ministry, Kimsuky, a unit within the Reconnaissance General Bureau, the North’s military intelligence agency, is accused of collecting intelligence from individuals and institutions in the fields of diplomacy, security and national defence, and delivering it to the North Korean regime. The group is also known to have engaged in acquiring cutting-edge technologies related to weapons development, satellites and space technology worldwide, as well as having been directly or indirectly contributing to North Korea’s satellite development project. Seoul’s announcement marks the world’s first unilateral sanctions against the North Korean hacking group. It also represents the eighth unilateral sanctions measure against the North since the launch of the Yoon Suk Yeol administration in May last year.” Here’s the South Korean MFA announcement. And here is the joint detailed technical report published jointly by the U.S. Federal Bureau of Investigation (FBI), U.S. Department of State, and the Republic of Korea’s (ROK) National Intelligence Service, National Policy Agency, and Ministry of Foreign Affairs.

71. A Long March: China’s Military-industrial Espionage

The Asia Times published this article on June 2nd saying that “recent revelations that Chinese state-sponsored hackers penetrated US critical infrastructure and have the ability to disrupt oil and gas pipelines, rail systems, and the US Navy’s communications in the Pacific theater should come as no surprise. China’s pursuit of digital dominance has been decades in the making. Reveille for China’s planners was sounded in the early 1990s during the Gulf War, in which the United States and its allies effortlessly toppled Iraqi forces. The first conflict of the digital era demonstrated to Chinese strategists the critical role of information technology on and off the battlefield. Chinese leaders watched with dismay as the American military routed and dismantled the Iraqi military in what is considered one of the most one-sided conflicts in the history of modern warfare. Going into the first Gulf War, Iraq’s military was ranked fourth in the world — having ballooned to more than a million troops who had been trained on weapons financed by the West to fight its bloody eight-year war with Iran. The Chinese military, although larger in headcount at the time, paled in technological comparison with the forces commanded by Saddam Hussein. At the time, China’s air force consisted of a few fighter jets, mostly of its J-7 model — an indigenously produced replica of the Russian 1960s-era MiG-21. Iraq’s air force, by contrast, was made up of far more advanced fighters, such as the Russian MiG-29, and its planes were supported by advanced antiaircraft missile defense systems. Yet even those advanced weapon systems proved wholly ineffective against 1990s-era American technology. “The Chinese looked at Iraq and saw an army similarly equipped as theirs with old Soviet weaponry, and they saw how quickly the Iraqis were taken apart,” says analyst Scott Henderson of the cybersecurity firm Mandiant. Henderson was with the US Army at the time, specializing in China.”

72. Iran Releases Two Iranian-Austrian Prisoners and One Danish

Following last week’s (story #69) spy swap between Iran and Belgium, the Tehran Times reported on June 3rd that “Iran’s human rights chief Kazem Qaribabadi confirmed their release on Friday evening. Austria and Denmark had earlier in the day confirmed the release of prisoners and thanked Oman and Belgium for their help in getting them released. Qaribabadi said Massoud Mossaheb and Kamran Ghaderi- the two Iranian-Austrian citizens — had each been sentenced to 10 years in prison on espionage charges. The Iranian Judiciary said Mossaheb, who acted as the secretary general of the Iran-Austria friendship society, was in contact with foreign spy services of Germany and Israel. Mossaheb was giving information about Iran’s military, nuclear, nano and health activities to foreigners and was sentenced to 10 years in jail in 2020, the Judiciary stated. It added Ghaderi had also been sentenced for 10 years. Reportedly, Ghaderi had been spying for the United States who was arrested in 2016. Austrian Foreign Minister Alexander Schallenberg said on Friday that he was “very relieved” that Ghaderi and Mossaheb were being brought home after years of “arduous” detention in Iran, Al Jazeera reported. Denmark’s Foreign Minister, Lars Løkke Rasmussen, said he was “happy and relieved that a Danish citizen is on his way home to his family in Denmark after imprisonment in Iran”. He did not name the person, saying the former prisoner’s identity was “a personal matter” and he couldn’t go into details”. Løkke Rasmussen thanked Belgium and said Oman “played an important role”. Schallenberg thanked the foreign ministers of Belgium and Oman for providing “valuable support” without elaborating on what form it took. An Oman Royal Air Force Gulfstream IV, which had been on the ground in Tehran for several days, took off shortly before the announcement, Al Jazeera reported. After a stop in Oman and medical tests, the three were flown to Belgium’s military airport in Melsbroek, Prime Minister Alexander De Croo said. Oman has good relations with both Iran and Western countries and has acted before as a mediator. The releases come after Omani Sultan Haitham bin Tariq visited Iran on his first trip there since becoming the Arab nation’s ruler in 2020. Last week, a prisoner exchange between Belgium and Iran saw the release of a Belgian national called Olivier Vandecasteele. In exchange, Belgium freed Iranian diplomat Assadollah Assadi, who had been imprisoned in the country since 2018 on charges of trying to bomb an MKO rally outside Paris.” Regarding the Danish national, according to DR from June 3rd, “an involuntary long stay in Iran is over for Danish Thomas Kjems, who set foot on Danish soil for the first time in seven months at 11 o’clock today. At 11.47 he stepped out into the arrivals hall at Copenhagen Airport, where he met the press and told about the time he has been through. The 28-year-old from Aalborg has been incarcerated in the Evin prison for political prisoners in Iran’s capital, Tehran , since November 1 last year , after he was arrested during a demonstration for women’s rights.”

73. Ukraine’s SBU Announced 15 Year Sentence for FSB Agent in Cherkasy

Following week 2 story #13, on June 2nd Ukraine’s SBU announced that “a Russian agent who spied on air defence positions and roadblocks in Cherkasy got 15 years in prison. The Security Service has gathered an exhaustive evidence base on another FSB agent. He handed over the locations of air defence and checkpoints of Ukrainian defenders in Cherkasy region to the occupiers. Counter-intelligence officers of the SBU detained the attacker as a result of a special operation in January 2023. According to the materials of the Ukrainian intelligence service, the court sentenced him to 15 years in prison. As the investigation established, the enemy accomplice is an employee of a local hospital, whom the FSB remotely involved in secret cooperation in November 2022. On the instructions of the aggressor, he photographed the locations of bases and movements of units of the Defence Forces in the region. He paid special attention to the combat positions of Ukrainian air defence. The occupiers were also interested in the exact coordinates of the checkpoints, the number of soldiers present there, their weapons and equipment. Another enemy task was the collection of information regarding the mobilisation, the level of military training and the motivation of the Ukrainian defenders. The agent transmitted the received information through an anonymous chat in the messenger, where he attached labels with the location of sites on the electronic map. The intelligence was needed by the Russian invaders to prepare a series of missile strikes on the region. During the search of the traitor’s residence, a mobile phone and a tablet with evidence of conspiratorial correspondence with the FSB were seized. A passport of the former Soviet Union and pro-Kremlin symbols were also discovered.”

74. Japan Demands China Release Citizen Held on Spying Charges

On May 29th Taiwan Plus reported that “Japan is demanding the release of one of its citizens who has been detained in China on spying charges.”

75. United States: Suspected Chinese Spies in Disguises Tried to Enter Alaskan Military Bases

New York Post reported on June 2nd that “suspected Chinese spies disguised as tourists have repeatedly attempted to enter US military bases in Alaska in recent years, service members say. The Chinese citizens have been apprehended trying to gain entry at bases like Fort Wainwright in Fairbanks, where soldiers on one occasion searched a vehicle that had blown past a checkpoint and found a drone, according to troops who spoke with USA Today. Many of the foreign nationals claimed to have gotten lost while driving around and taking in the sights of the Last Frontier, where the US houses sensitive military capabilities at the nation’s closest point to adversaries Russia, North Korea and China. “We take the safety and security of our people in our installations very seriously,” Deputy Defense Secretary Kathleen Hicks said recently when asked about China’s spying during a recent visit to the state. “We always live with the possibility of intrusion on our installations, and so we work very hard to make sure, working alongside state and local authorities and others, that those bases and installations are protected from threats,” she added. “We take a lot of measures to do that. And we’re going to make sure we can continue to protect our installation so our folks can perform their missions.” The news comes at a time of heightened tension between the Pacific powers, as Russia’s invasion of Ukraine and China’s aggression toward Taiwan and ambitions in the South China Sea have chilled relations. Retired Air Force Gen. David Deptula told USA Today that incursions by the alleged spies could lead to American military communications being monitored via sensors left concealed at the bases, which include Joint Base Elmendorf-Richardson in Anchorage and Eielson Air Force Base outside of Fairbanks.”

76. United States: Former Spy Turned Local Author Pens Her First Novel ‘The Peacock and The Sparrow’

WAMU reported on June 1st that “after leaving the business of espionage, former spies often experience uncertainty and paranoia from a life lived in the shadows. During her time with the CIA, spy-turned-local author I.S. Berry served in Baghdad, Iraq. She also lived in Bahrain during the Arab Spring. It’s here where Berry sets the scene for her first spy novel, The Peacock and The Sparrow. The protagonist is an aging CIA agent who finds himself ensnared in the Arab Spring revolution. Berry lives in Northern Virginia and she recently spoke to WAMU’s Esther Ciammachilli about her book. This interview transcript has been lightly edited for brevity and clarity.”

77. United States FBI Opens New Chinese Espionage Case Every 12 Hours

Fox News published this news video clip on June 2nd based on this week’s story #75 as well as the increased espionage activity that the FBI reports originating from China.

78. United States: CIA Adds Exhibit Honouring Laos Hmong to In-house Museum

On June 3rd the Sacramento Bee reported that “Tony Yang watched the U.S. withdrawal from Afghanistan in 2021 as if it were a flashback. Nearly 50 years earlier, after helping the Americans in another war, it was him and his father who were jostling to board a plane for refuge in the United States. Yang’s father had been part of one of the most successful, expansive, and least-known operations in CIA history: America’s “secret war” in Laos. The spy agency’s goal was to keep the Southeast Asian country neutral without the deployment of American troops on the ground as the Cold War consumed neighboring Cambodia and Vietnam. The U.S. effort came to rely on locals like Yang’s father and other members of the Hmong community, viewed by the CIA as a self-reliant people eager to protect their independence from encroaching Communist forces threatening their crops, livestock and families. Their sacrifices for the CIA would eventually lead to opportunities to emigrate to America, with a large number ultimately settling in northern California. But decades on, many Hmong Americans questioned whether their family’s service to the country has been adequately recognized. “Nobody really knows who we are,” said Yang, 56, of Elk Grove, California. Now, marking the agency’s 75th anniversary, the CIA is honoring the Hmong people. The CIA’s museum, located at the heart of its headquarters in Langley, Virginia, is not open to the public but is accessible to all CIA officers and guests of the spy agency. A new renovation of the museum prominently features the Hmong and their service to the United States. “This was one of the largest paramilitary operations in CIA history,” David Robarge, chief historian at the CIA, said in an interview, noting that over 50,000 Hmong were involved in the operation over the course of a decade.”

79. Ukrainian SBU Exposed 7 Russian Internet Agents

On June 3rd Ukraine’s SBU announced that they “exposed 7 more internet agents of the Russian Federation who were spreading Kremlin propaganda in Ukraine. They took the main part of destructive materials from Russian internet resources and used them to destabilise the social and political situation in various regions of Ukraine. 1) Kyiv: A resident of the city was exposed, who regularly justified armed aggression of the Russian Federation against Ukraine on her own page in the banned Odnoklassniki social network. She also published calls for the seizure of the authorities of our state and the change of the border. Currently, she has been notified of suspicion under three articles of the Criminal Code of Ukraine. 2) Sumy Oblast: The propaganda activity of a resident of the regional centre was blocked. Through his own Facebook account, he posted Kremlin narratives about the alleged “civil war” in Ukraine and glorified the terrorist Zakharchenko. 3) Dnipropetrovsk: Three more enemy accomplices who supported the aggressive war against Ukraine and called for cooperation with the Russian occupiers were detained. In addition, one of the attackers published posts in which he spread fakes about the higher military and political leadership of our country and praised the leaders of the Kremlin. 4) Ternopil: An internet agitator who discredited Ukrainian defenders defending Mariupol was exposed. At the same time, the person involved was a member of a number of public associations and initiatives related to the collaborator Stremousov (Стремоусов) and the leader of the fake “people’s power” Balakhnin (Балахнін). 5) Mykolayiv: The director of a local enterprise was exposed, who in “Odnoklassnyky” actively called for the capture of the territory of Ukraine. According to the investigation, the suspect is a native of Makiivka, Donetsk region. After the temporary occupation of the city, he maintained contact with local collaborators.”

80. US Recon Aircraft Spies on Chinese Aircraft Carrier, Professionally Dealt with by PLA

Global Times reported on May 31st that “the US reconnaissance aircraft that was intercepted by a Chinese fighter jet was spying on and disturbing a routine exercise by the Shandong aircraft carrier group in the South China Sea, and the US’ accusation calling the Chinese interception “unprofessional” is a false countercharge as the US is the one to blame, experts said on Wednesday. In a routine exercise by the Chinese People’s Liberation Army (PLA) Navy Flotilla 17 in the South China Sea on Friday, a US military RC-135 reconnaissance aircraft intentionally intruded into the training area for reconnaissance and disturbance, leading the PLA Southern Theater Command to organize aerial forces to track and monitor it through its entire course, with maneuvers in a professional manner and in accordance with law and regulations, said Senior Colonel Zhang Nandong, a spokesperson at the PLA Southern Theater Command, in a statement. The Flotilla 17 represents the Shandong aircraft carrier group, with the aircraft carrier Shandong carrying the hull number 17. Later on Saturday, the carrier group sailed north from the South China Sea through the Taiwan Straits, according to the defense authority on the island of Taiwan. Zhang’s statement came after the US Indo Pacific Command said in a statement on Tuesday that a Chinese J-16 fighter jet performed an “unnecessarily aggressive” maneuver during the interception of a US Air Force RC-135 aircraft on Friday when the latter was “conducting safe and routine operations over the South China Sea in international airspace.” The US statement didn’t mention details including the location of the incident or the mission of the US spy plane on the PLA Navy flotilla. The US’ move seriously sabotaged regional peace and stability, the related reports disregarded facts and attempted to confuse the international community, Zhang said. “We sternly urge the US to restrict its frontal maritime and aerial forces’ actions and strictly abide by related international laws and relevant agreements, so as to prevent maritime or aerial accidents from happening, or all consequences are for the US to bear,” the spokesperson said.”

81. When Russian Intelligence Sought to Recruit British MPs

On June 1st Declassified UK reported that “the Soviet Union’s KGB enlisted several Labour MPs as intelligence assets but preferred dealing with Conservatives during the Cold War, reveals a new book detailing Russian influence operations in the UK. One evening in the 1960s a secretary who worked for an MP with a special interest in foreign policy attended a smart cocktail party in Mayfair. There she met a handsome, articulate East European who told her he was a diplomat based at the embassy. Despite the Cold War, it was not unusual for the staff of MPs to socialise with officials from the Soviet bloc. The woman — who I shall call Miss Montagu — liked the engaging, intelligent diplomat who spoke excellent English. The feeling was mutual, and they developed a friendship. However, the East European — who I shall call Novotny — had an agenda. He was in fact an intelligence officer and had a secret mission: she was a secretary at the House of Commons and may have access to political and classified documents. While she found the ‘diplomat’ attractive, the secretary knew she had to be careful. During one evening Miss Montagu casually mentioned her MP had gone abroad, leaving her in charge of his affairs. For the communist spy it was his golden opportunity. Novotny remarked that such MPs must be well-informed on political issues. “Surely you must have a chance to see documents which summarise Western views on current affairs”. Miss Montagu was guarded in her reply: “It is almost impossible for me to obtain such documents.” For the intelligence officer, whose country was a dependent ally of the Soviet Union, he was confronted with a dilemma. He was discouraged by Miss Montagu’s response, but his mission was not lost. After all, she had used the word ‘almost’. What is my next move, the spy reflected. He knew the offer of cash would not persuade her. She was not that type. Novotny tried a more subtle approach. He asked Miss Montagu for advice on the choice of a ring to send home as a present to his wife. The secretary was not surprised when she herself received a ring worth £20 from her new friend. She returned the ring, expressing her regrets that it was impossible to accept gifts from someone who represented a hostile nation state. Despite the flattering attentions of the debonair ‘diplomat’, Miss Montagu knew she could be dipping her toe into treacherous waters. From the beginning of his solicitations, she had informed MI5. There the friendship ended. For Novotny, it was the end of a hopeful liaison.”

82. South Korea: Ex-spy Chief At Court

The Yonhap News Agency published this report on June 2nd saying that “former National Intelligence Service head Park Jie-won arrives at the Seoul Central District Court on June 2, 2023, to attend a hearing on the death of a South Korean fisheries official, who was shot to death by North Korean soldiers while drifting in the North’s territorial waters in the West Sea in September 2020. Park was accused of involvement in the then Moon Jae-in government’s allegedly manipulated conclusion that the fisheries official was killed while attempting to defect to the North.”

83. Son of Libya’s Ex-spy Head Found Dead

The Independent Ghana reported on June 1st that “reports have it that the son of a notorious former Libyan intelligence chief was discovered dead in the southern city of Sabha. There are conflicting reports on the cause of Amhammed al-Senussi’s death. His father Abdullah al-Senussi — now in a Libyan jail — was one of the late Colonel Muammar Gaddafi’s most-trusted officials and also his brother-in-law. He was charged with crimes against humanity by the International Criminal Court (ICC), following the brutal suppression of anti-Gaddafi demonstrations in 2011. The former head of intelligence is also wanted for questioning by Scottish and US investigators over the 1988 Lockerbie bombing. 270 people died aboard a Pan Am passenger plane when a bomb in the aircraft exploded as it flew over Scotland.”

84. New Russian Cyber Espionage Operation Uncovered Targeting Ukraine

On May 31st cyber threat intelligence researcher Kimberly discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as GAMAREDON, previously associated with the Russian FSB. The operation involved a series of lure documents impersonating an order from the Commander of Ukrainian Military Unit A020 coming from Ukraine’s Ministry of Defence. If opened, it was covertly installing a cyber espionage software implant.

85. New NATO Member Finland Launches Electronic Warfare Overhaul

Intelligence Online reported on June 1st that “since joining the alliance in April, the Finnish army has embarked on a complete rethink of its technical intelligence technologies strategy. This shift comes as the SIGINT market undergoes significant changes, with Swedish manufacturers being overtaken by their US and Israeli rivals.”

86. United States: Former U.S. Air Force Intelligence Officer Sentenced to 36 Months’ Imprisonment For Willfully Retaining Top Secret National Defense Information

Following week 20 story #26, on June 1st the United States FBI Counterintelligence Division (CD) announced that “U.S. District Judge Kathryn Kimball Mizelle today sentenced Robert L. Birchum (55, Tampa) to three years in federal prison for unlawfully possessing and retaining classified documents relating to the national defense of the United States. The court also ordered Birchum to pay a fine of $25,000. Birchum pleaded guilty to unlawfully possessing and retaining classified documents relating to the national defense of the United States on February. 21, 2023. According to the plea agreement, Birchum previously served as a Lieutenant Colonel in the U.S. Air Force. During his 29-year career, Birchum served in various positions in intelligence, including those requiring him to work with classified intelligence information for the Joint Special Operations Command, the Special Operations Command, and the Office of the Director of National Intelligence. While on active duty, Birchum entered into several agreements with the United States regarding the protection and proper handling of classified information. In 2017, however, law enforcement officers discovered that Birchum knowingly removed more than 300 classified files or documents, including more than 30 items marked Top Secret, from authorized locations. Birchum kept these classified materials in his home, his overseas officer’s quarters, and a storage pod in his driveway. None of these locations were authorized for storage of classified national defense information. In particular, the criminal information charges that Birchum possessed two documents on a thumb drive found in his home that contained information relating to the National Security Agency’s capabilities and methods of collection and targets’ vulnerabilities. Both of these documents were classified as Top Secret/SCI, and their unauthorized release could be expected to cause exceptionally grave damage to the national security of the United States.”

87. Podcast: Grey Dynamics: Canadian Intelligence, the ICC and Career Development with Kelly Wong

On June 2nd Grey Dynamics published a new podcast episode. As per its description, “today I spoke to Kelly Wong, a security analyst in the Canadian Senate. She has previously worked for multiple private intelligence firms and has interned at the International Criminal Courts. We discussed the challenges and rewards of working in intelligence, the obstacles ethnic minorities face in the application process, and Kelly’s advice for young professionals. Apologies for the mic quality in this episode.”

88. Ukraine Conflict: Ukraine Orders 300 UAVs

Janes reported on June 2nd that “Ukraine has ordered 300 additional reconnaissance unmanned aerial vehicles (UAVs) from German-based Quantum-Systems. An announcement by the company on 31 May stated the order would be the third placed by Ukraine for the Vector electric vertical take-off and landing (eVTOL) UAV since August 2022. A Quantum-Systems spokesperson confirmed to Janes the order was funded by the German government. Overall, Ukraine has received 438 Vector UAVs, with 105 ordered in January 2023 and 33 in August 2022 — funded by the German government. The company is also in the process of opening a facility in Ukraine to offer user training and maintenance support. The Vector eVTOL UAV is suitable for intelligence, surveillance, and reconnaissance (ISR) operations, including border patrol, search-and-rescue, and battlefield surveillance. The system has a wingspan of 2.8 m, a maximum take-off weight of 7.4 kg, an endurance of up to two hours, and can be fitted with either a NextVision Nighthawk2-UZ or Trillium Engineering’s HD40-LV electro-optical payload.”

89. US Treasury Sanctions Iranian Cloud Provider ‘Facilitating’ Tehran Censorship

The Record reported on June 2nd that “the U.S. government issued sanctions on Friday against an Iranian cloud technology provider accused of “facilitating” Tehran’s internet censorship, as well as an affiliated company and two employees. The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned ArvanCloud, which it called “a key partner” in the Iranian regime’s effort to set up the National Information Network, a parallel intranet within the country that allows the government to more easily control access to online information. The sanctions come on the heels of nationwide protests at the end of last year and into the spring of 2023 against the death of Mahsa Amini in the custody of the so-called morality police. In response to the protests that followed, Iran restricted access to the internet and especially to social media. “Arvan Cloud has a close relationship with Iran’s intelligence services, including the Ministry of Intelligence and Security (MOIS), and Arvan Cloud executives have extensive ties to senior Iranian government officials,” a statement from OFAC said. “The Iranian government has regularly used Internet restrictions and the throttling of Internet speeds to suppress dissent, surveil and punish Iranians for exercising their freedom of expression and assembly both online and offline, and limit the dissemination to the international community of credible information about egregious human rights violations.” The action also targets the company’s co-founders, Farhad Fatemi and Pouya Pirhosseinloo, as well as an affiliated Dubai-based company, Arvancloud Global Technologies LLC.”

90. Poland: The Role of the State in Times of Information War

The Polish government issued this article on June 2nd saying that ““we have to tell ourselves that we are not information secure and will never be secure again. Information threats require us to constantly counteract, identify threats, and build social awareness in Poland and among our allies,” emphasised Stanisław Żaryn, Government Plenipotentiary for Information Space Security, during the conference “Disinformation of tomorrow. The future of information warfare. The panel devoted to the role of the state in times of information war was also attended by Deputy Minister of Foreign Affairs Paweł Jabłoński, Head of the International Policy Office of the KPRP Marcin Przydacz, Director of the Ossolineum Łukasz Kamiński and President of the Polish Press Agency Wojciech Surmacz. The participants of the discussion discussed the current methods of conducting the information war by the Russian Federation and other countries hostile to the West. The discussion focused on possible steps that state institutions can take to combat or prevent such threats. As the speakers emphasised, disinformation is targeted at recipients from different parts of the world, and is based primarily on lack of knowledge and manipulation of the truth.”

91. Private Eyes: China’s Embrace of Open-Source Military Intelligence

On June 1st Recorded Future published a new intelligence report. As per its summary, “the People’s Liberation Army (PLA) is using new collection, processing, and analysis technologies to exploit the massive amount of open-source information available from the internet and other sources for military intelligence purposes. A growing ecosystem of private companies, state-owned enterprises, state-run research organizations, and universities is supporting the PLA’s push to leverage open-source intelligence (OSINT) by providing research services, platforms, and data. The PLA almost certainly views OSINT as an increasingly valuable source of military intelligence that can support decision-making and necessitates the use of new collection, processing, and analysis technologies, which the PLA and China’s defense industry are actively developing. The PLA and China’s defense industry almost certainly take advantage of other countries’ open information environments to extract OSINT from foreign governments, militaries, universities, defense industry companies, scientific research organizations, think tanks, news media outlets, social media platforms, forums, individuals, commercial data providers, print media, radio broadcasts, satellites, and other sources. This OSINT almost certainly provides the PLA insight into foreign military capabilities, facilities, doctrine, decision-making, weapons, equipment, science and technology, exercises, training, intelligence, and deployments, providing a clear intelligence advantage. In addition to supporting decision-making, Chinese observers have suggested more specific uses for military OSINT as well, such as carrying out long-range maritime target tracking, enabling early warning of crises, supporting precision strikes, countering enemy propaganda, facilitating domestic science and technology innovation, and supporting training and talent development. This report profiles 5 private Chinese OSINT providers that serve the PLA, including providers that mainly sell platform and database products, providers that primarily offer research and analysis services, and providers that specialize in remote sensing data. The PLA very likely uses this data to support decision-making and better understand potential foreign adversaries in preparation for future conflicts. Given that China is very unlikely to open up its information environment, and that Western countries are very unlikely to close off their information environments, the PLA will very likely maintain its advantage over Western militaries in OSINT.”

92. United States: Former Engineer Sentenced for Possessing Stolen Semiconductor Trade Secret

The US FBI Counterintelligence Division (CD) announced on June 1st that “a Lexington, Mass. man was sentenced today in Boston federal court for possessing the stolen prototype design of a microchip, known as the HMC1022A, which was owned and developed by his former employer, Analog Devices, Inc. (ADI), a semiconductor company headquartered in Wilmington, Mass. This chip is used in both aerospace and defense applications. Haoyang Yu, 45, was sentenced by U.S. Senior District Court Judge William G. Young to six months in prison to be followed by three years of supervised release, during which he may not work in the microchip industry. Yu was also ordered to pay a fine of $55,000 and restitution to be determined at a later date. In May 2022, following a month-long trial, a federal jury convicted Yu of possessing ADI’s stolen trade secret. The jury acquitted Yu of alleging possession of other stolen trade secrets, wire fraud, immigration fraud, and the illegal export of controlled technology. “This prosecution demonstrates the Department of Justice’s commitment to protecting the integrity of the semiconductor market, as this technology plays a critical role in both our country’s industrial policy and geopolitical strategy. Mr. Yu stole intellectual property from his employer, plain and simple, and used that pilfered information to line his own pocket. I commend the work of the Department of Commerce, the Department of Homeland Security, the FBI, and the Naval Criminal Investigation Service in their dedicated work to the investigation and prosecution of this matter,” said Acting United States Attorney Joshua S. Levy.”

93. Russian SVR: About the Destructive Line of the West in the Post-Soviet Space

The Russian Foreign Intelligence Service (SVR) published this article on June 2nd saying that it is a “speech by the Director of the Foreign Intelligence Service of Russia S. E. Naryshkin at the 52nd meeting of the Council of Heads of Security Agencies and Special Services of the CIS Member States in Minsk on June 1, 2023.”

94. United States CIA: A Naturalised Citizen CIA Officer Follows in the Footsteps of His Father

On May 31st the CIA published this article. As per its summary, “CIA’s naturalized citizen officers work in every directorate and hold a wide range of positions within the Agency. We interviewed a Directorate of Digital Innovation officer from East Asia, who taps into his native language skills to support CIA’s global mission. He shared his path to America and, ultimately, CIA.”

95. Pakistan: In Secret Meeting, Pakistani Military Ordered Press to Stop Covering Imran Khan

The Intercept published this story on June 2nd saying that “the Pakistani military invited the owners of the country’s major media organizations to Islamabad this week for a secret meeting to discuss coverage of the ongoing political and constitutional crisis, Pakistani journalists familiar with the gathering told The Intercept. The invitation was not one that could be refused, and the message was equally direct: Cease all coverage of former Prime Minister Imran Khan amid his ongoing clash with the military. Following the meeting, which has not been previously reported, top editors at news organizations across Pakistan issued directives to their journalists to pause coverage of Khan, said the Pakistani journalists, who requested anonymity for fear of their safety. An inspection of Pakistani media sites reveals a stark change. Earlier this week and every day for years before, Khan was a leading subject of coverage. He has effectively vanished from the news. The ban was confirmed by more than a half-dozen Pakistani journalists. Khan is at the center of a political crisis that has paralyzed Pakistani cities, prompted clashes and riots targeting the all-powerful military, and seen tens of thousands of his political supporters sent to prison. You wouldn’t know that from reading the Pakistani press today, even as he continues a campaign against an attempt by the military to exclude him and his party from contesting upcoming elections. The recent crisis began when Khan was hit with corruption charges, which he and supporters of his political party, the Pakistan Tehreek-e-Insaf, or PTI, claim to be a political exercise aimed at excluding him from politics.”

96. United Kingdom RC-135 Surveillance Jet Flies Unprecedented Mission Over Moldova

On June 1st the Warzone reported that “a U.K. Royal Air Force RC-135W Rivet Joint today conducted a very unusual sortie inside Moldovan airspace, while other surveillance aircraft patrolled on the Romanian side of the border. These flights are very likely connected with the European Political Community (EPC) Summit in Moldova, which involves 47 heads of state and government, and comes as the country becomes one of the latest to receive European Union candidate status. At the same time, Moldova, a small nation located between Romania and Ukraine, has found itself increasingly trapped in a war of words between Moscow and Kyiv since Russia launched its full-scale invasion of Ukraine. Online flight-tracking websites caught the RC-135W, which has the serial number ZZ664 and was using the callsign RRR7201 at the time, departing RAF Waddington in the United Kingdom earlier today. The aircraft then flew east over the English Channel, the Netherlands, Germany, and Poland, before continuing over Slovakia, Hungary, and Romania, thereafter finally crossing the border into Moldova. Once there, it began to fly racetrack patterns along the Moldovan side of the border, with the capital, Chisinau, falling roughly in the middle of this pattern, albeit further to the east. The EPC Summit is taking place at Mimi Castle, southeast of Chisinau.”

97. Video: ABC Documentary Delves Into Secrets of Australian Spy Organisations

On June 3rd ABC News released this documentary. As per its description, “with unprecedented access to Australia’s intelligence agencies, Andrew Probyn looks at the key role they play in secret battles.”