SPY NEWS: 2023 — Week 5
Summary of the espionage-related news stories for the Week 5 (29 January-4 February) of 2023.
1. Slovenia Arrests 2 Suspected Spies for Russia
On January 30th The Moscow Times reported that “Slovenian authorities have arrested two foreign nationals suspected of spying for Russia’s GRU military intelligence agency, the Slovenian newspaper Delo reported Monday. The arrest operation was conducted in December by the Slovene Intelligence and Security Agency (SOVA) in the capital Ljubljana, with suspects reportedly being arrested at a rented office space in the city’s Bežigrad neighborhood. At least one of the suspects holds Argentine citizenship, while both operated in the EU member state under a false identity, according to information obtained by Delo. The two alleged agents, who are believed to be a part of a wider net of GRU sleeper cells operating in the West, face up to eight years in prison on charges of espionage and providing false information. Russian officials have not yet commented on the incident.”
2. The Killer in Cold Case Rewarded by Turkish Military and Intelligence Agency MIT
Nordic Monitor reported on January 30th that “the assassin of Necip Hablemitoğlu, an academic who was killed on December 18, 2002 in front of his apartment building in Ankara, was rewarded by both the Turkish military and Turkish intelligence agency MIT for the hit, a cache of official documents obtained by Nordic Monitor has revealed. Former military officer Ahmet Tarkan Mumcuoğlu (54) gunned down Hablemitoğlu under orders from his commanding officer when he was working as the counterintelligence officer in the intelligence section of the Combat Search and Rescue (MAK), an elite force attached to the Special Forces Command (ÖKK) in Ankara. Mumcuoğlu was a secret contact of the academic and was feeding him information and passing classified documents to him, some of which turned out to be fabricated, as part of a clandestine psychological warfare operation. Based on the documents and information he received, Hablemitoğlu was writing articles and books, making speeches and providing commentary to support the operation sanctioned by the renegade neo-nationalist (ulusalcı) military commanders who wielded influence on the National Security Council (MGK), a top consultative body that was described as a shadow government. His writings were strongly anti-Western and anti-Semitic, with a special focus on German foundations that were accused of operating with malicious intent to harm Turkey.”
3. Spy Collection: The Hollow Coin (1958) — The story of KGB Deep Cover Officer Rudolf Abel (William Fisher)
On January 30th we published this video in our archived content/raw footage playlist. As per its description, “this film was produced for counter-intelligence training purposes by the United States Department of Defence (DoD), Army Pictorial Centre, in 1958 and was declassified in 2011. It was used by several US government agencies for awareness on some of the KGB espionage Tactics, Techniques and Procedures (TTPs). It briefly covers the case and arrest of Soviet Union KGB Colonel Rudolf Ivanovich Abel (also known as William August Fisher) in New York City in 1957, while operating under non-official cover (known as “illegal” in the Soviet Union doctrine, or NOC in the United States one). The FBI managed to uncover Rudolf Abel from, among others, intelligence provided by KGB Lieutenant Colonel Reino Häyhänen (codename “VIC”) who had defected to the US. Rudolf Abel was exchanged in 1962 for the captured CIA U-2 pilot Francis Gary Powers. After his return, he became an instructor at KGB’s Illegals Directorate, part of the First Chief Directorate. He died of lung cancer on November 15th, 1971 at the age of 68.”
4. New Indian Cyber Espionage Operation Targeting Kashmir
On January 28th Qi An Xin Technology’s RedDrip team discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as DONOT, previously associated with the intelligence services of India. The operation involved a lure document titled “Kashmir Solidarity Day Material .exe” which, if opened, was covertly installing a custom cyber espionage software implant.
5. South Korea: Accused Spies for North Korea Likely Face Imminent Arrest
Korea JoonhAng Daily reported on January 30th that “prosecutors will likely file arrest warrants Tuesday against four individuals accused of conducting seditious activities on behalf of North Korea after a court struck down earlier warrant requests. The four individuals were detained by officials from the National Intelligence Service (NIS) and police on Saturday on suspicion of violating the National Security Act, which bans behavior or speech that expresses support for the North Korean regime or communism or advocates the overthrow of the South Korean government. The Seoul Central District Court rejected the prosecution’s initial warrant requests on Sunday after finding that the four people detained by counterintelligence officials were unfairly treated in the process of being taken into custody. The court’s rejection of the prosecution’s arrest warrants gives investigators 48 hours to file another warrant application before the suspects must be released. Investigators believe the four individuals, based in Changwon, South Gyeongsang, established an underground organization called the Self-Reliant People’s Liberation Front in 2016. The four, who are also members of a liberal South Gyeongsang political organization, are accused of organizing anti-U.S. protests and activities in support of North Korean athletes at the behest of orders from North Korean intelligence agents, whom they are suspected of meeting in various Southeast Asian countries, such as Cambodia. Their arrest came as South Korean counterintelligence authorities began an expansive effort to investigate allegations that high-ranking members of several left-leaning South Korean organizations, including the militant Korean Confederation of Trade Unions (KCTU), actively collaborated with North Korean intelligence agents to foment unrest in the South. The country’s spy agency and police carried out numerous raids last week on the KCTU’s headquarters in Jung District, central Seoul, as well the homes of four former and current KCTU executives in South Jeolla and Gyeonggi, the headquarters of the KCTU-affiliated Korean Health and Medical Workers’ Union in Yeongdeungpo District, western Seoul, and a so-called “peace shelter” on Jeju Island — all to investigate allegations that trade union officials violated the National Security Act.”
6. United States: ODNI Suffers Political Fallout from Biden Classified Documents Discovery
Intelligence Online reported on January 31st that “controversy over the mishandling of classified documents by the US leadership has put the Office of the Director of National Intelligence (ODNI) in a tight spot, where it is torn between fighting leaks on the one hand and respecting its responsibility to keep out of politics on the other.”
7. UK Spy Agency Violated Snooper’s Charter with ‘Unlawful’ Data Retention
The Register reported on January 31st that “an independent tribunal has blasted British spy agency MI5 for “serious failings in compliance” and “unlawful” data collection of British subject dating back to 2014. In its January 30 judgment [PDF], the Investigatory Powers Tribunal sided with data privacy advocates Liberty and Privacy International, which sued the intelligence agency over its mass surveillance practices in January 2020. The Investigatory Powers Tribunal is an independent panel of judges that hears complaints against government bodies accused of illegally spying on UK citizens. Liberty and Privacy International have long fought what the watchdog groups describe as “unlawful surveillance warrants” by government security services. This particular lawsuit centers around the Regulation of Investigatory Powers Act (RIPA) 2000 and the Investigatory Powers Act (IPA) 2016, also known as the Snooper’s Charter. While the laws give state agencies including MI5 the legal authority to collect and retain personal information belonging to private citizens, they do put certain restrictions around how the data should be handled. According to the tribunal’s ruling, between 2014 and 2019 MI5 retained personal data longer than it legally should have. “The holding and handling of data in those circumstances was unlawful on the basis that under the relevant provisions of RIPA and IPA satisfactory safeguards related to RRD were not in place,” the judgment stated. Additionally, the UK Home Office failed to exercise adequate oversight despite repeated high “risk register flags” that MI5 was not complying with the data-handling laws, according to the ruling.”
8. Hamas Captures Israeli Spy Drone, Extracts Sensitive Data
Mehr News reported on January 30th that “according to Palestinian media reports on Sunday, the Hamas military wing Ezzedine al-Qassam Brigades seized the multi-rotor aircraft (hexacopter) and extracted “sensitive information.” “Al-Qassam Brigades was able to capture at dawn Friday, January 27, 2023, an Israeli drone that was on a special mission inside the Gaza Strip,” the Brigades said in a statement. “Our engineers were able to deal with the drone and extract important and sensitive information related to the occupation forces from it.” Israel kept the disappearance of its drone secret until Hamas announced it had the UAV at its disposal, Press TV reported. Last week, Israel launched airstrikes on Gaza a day after killing at least 10 Palestinians in the occupied West Bank, prompting the resistance to fire rockets at the occupied territories in retaliation. Israeli warplanes hit areas west and south of Gaza, including posts belonging to resistance, on Thursday night and Friday at dawn.”
9. Podcast: Espionage, Human Intelligence, and the Recruitment of Foreign Spies — James Lawler
On January 30th The JJ Podcast published a new episode. As per its description, “Mr. Lawler served for 25 years as a CIA operations officer in various international posts and as Chief of the Counterproliferation Division’s Special Activities Unit. He had five overseas assignments from 1982 to 1994. He has completed two novels, which were both cleared by the CIA’s publication review board. One of his novels, “Living Lies”, was ranked #38 on Spyscape’s list of fifty best novels ever written. Prior to his career in intelligence, Mr. Lawler practiced law and was the president of a steel components company in Texas. He is a graduate of Rice University, Houston, Texas; and the University of Texas School of Law. He is married to Ellen and has three children and seven grandsons”
10. Russia’s Aggressive Espionage Against Germany has Prompted Calls for a Major Overhaul of the Country’s Intelligence Service
NBC News reported on January 29th that “a widening investigation into alleged Russian spying inside Germany’s state intelligence service, the BND, has set off alarm bells in Western capitals and prompted calls for a major overhaul of the agency to shore up its defenses against Russian espionage. Coming at a crucial moment in the war in Ukraine when the United States and its allies are sharing intelligence with Kyiv, the case has raised questions about how much potential damage may have been inflicted by a senior employee of the German spy service who allegedly passed secrets to Russia. A vital partner in the Western effort to counter the Kremlin in the wake of its invasion of Ukraine, Germany has long proven a soft target for Russian spies, who allegedly orchestrated the 2019 murder of one of Moscow’s opponents in the heart of Berlin. The revelations about a possible Russian mole inside the BND are just the latest in a string of worrisome reports of suspected Russian espionage in Germany and elsewhere in Europe. Intelligence experts say there are likely more Russian agents yet to be uncovered, and German lawmakers say there is a growing consensus that Berlin needs to revamp its security services and take a harder line against Russian spying.”
11. Pakistan: Militant Who Killed ISI Officers in Khanewal Commits Suicide
Daily Pakistan reported on January 30th that “a militant, who was allegedly involved in the killing of two intelligence officials in the Khanewal city of Punjab, shot himself dead when security officials stopped him at a checkpoint. Reports said the militant committed suicide when officials of the Counter Terrorism Department (CTD) were doing snap checking at a check post in an area of Thal. He took his life to evade arrest. The development comes weeks after security officials released photos of two suspects involved in the killing of ISI Director Naveed Sadiq and inspector Nasir Abbas. Banned outfit TTP had reportedly claimed responsibility for the assassination of the two intelligence officials. Earlier this month, Prime Minister Shehbaz Sharif announced conferring gallantry awards posthumously on officials of the country’s top spy agency. The premier made the announcement during his visit to the residence of martyred ISI director in the federal capital. The coveted Hilal-e-Shujaat will conferred upon Naveed Sadiq and Sitara-e-Shujaat upon Abbas.”
12. Saudi Court Battle with Former Top Spy Extends to Cayman
Cayman Compass reported on January 31st that “lawyers for Saudi state-owned companies are seeking to enforce a Canadian freezing order of the assets of Mohammed Aljabri, son of Saad Aljabri, a former Saudi Arabian security official accused of embezzling US$3.47 billion. The originating summons filed in the Cayman Islands Grand Court last week was brought on behalf of Sakab Saudi Holding and eight subsidiaries, which are owned by Saudi Arabia’s sovereign wealth fund.”
13. New Videos by Former CIA Officer Jason Hanson
Former United States CIA officer Jason Hanson published the following new videos this week: 1) Footage Shows Police Shootout on Texas Highway, 2) Survival Tip: Here’s How to Survive in a Stranded Vehicle, 3) Here’s How to Operate in The Black Market.
14. Israel’s Mossad Behind Drone Attack on Iran’s Military Facility
i24 News reported on January 30th that “Israel’s spy agency Mossad was behind the recent drone attack on Iran’s military facility in the central province of Isfahan, according to a new report citing senior American intelligence officials. The sources told The New York Times that the strike was prompted by Israel’s concerns about the country’s security and not due to potential missile exports to Russia, which is trying to obtain more weapons from Iran for its offensive in Ukraine. The report also said there was a dialogue between Israel and the United States about the incident. Earlier on Sunday, Saudi media reported that the United States and another unnamed country were responsible for Saturday’s overnight attack on Isfahan, which is known as a major center for missile production in Iran. It is also one of four nuclear research facilities, although the strike did not seem to target nuclear-related sites. A Sunday report by the Wall Street Journal citing U.S. officials and “people familiar with the operation” also claimed that Israel was behind the attack. Tehran said that the drones targeted an ammunition manufacturing plant but were shot down and caused little damage. Iran’s foreign minister Hossein Amir Abdollahian condemned a “cowardly drone attack” but vowed that it “will not impede Iran’s progress on its peaceful nuclear program.” American officials on Sunday denied Washington’s involvement in the strike. The statement came shortly after CIA director William Burns visited Israel, but it is unclear whether he discussed Iran with his Israeli counterparts. The strike also coincides with Secretary of State Antony Blinken’s visit to the region, during which he will meet with Israel’s prime minister Benjamin Netanyahu for the first time since his return to the premiership after the November elections.”
15. Ukrainian SBU Detained Russian Agent in Kharkiv
On January 30th Ukraine’s Security Service (SBU) announced that they “detained a Russian agent who was adjusting missile strikes on Kharkiv. The Security Service exposed another accomplice of the Rashists in Kharkiv. The attacker collected intelligence about the locations of bases and routes of movement of units of the Armed Forces in the city. He forwarded the received information to the Russian occupiers in the form of electronic coordinates and marks on the map through the Telegram messenger. Intelligence was needed by the invaders to prepare and carry out targeted missile strikes on the regional centre. SBU officers detained a Russian agent near a city critical infrastructure facility on another attempt to collect closed data for the aggressor. According to the investigation, the enemy’s accomplice turned out to be an unemployed local resident whom the representative of the Russian Federation involved in illegal activities in November of last year. To fulfil the tasks of the enemy, the agent went around the territory of the city and covertly observed the units of the Ukrainian defenders, as well as recorded their locations. During the investigation, a smartphone with evidence of correspondence with the aggressor was found in the perpetrator’s possession.”
16. German Conservatives Tell Ex-Spy Chief to Jump, or Be Pushed
Following last week’s story #19, on January 30th DW reported that “the leadership of Germany’s conservative Christian Democrats (CDU) on Monday urged the former head of Germany’s domestic intelligence service, Hans-Georg Maassen, to leave the party. After repeating a string of extremist conspiracy theories, Maassen has proved to be a source of embarrassment for the German conservatives. The CDU — which could face a lengthy and complicated process to have Maassen removed against his will — has now asked him to leave voluntarily.”
17. Xi Jinping’s Spy Master is China’s Policy Chief on Taiwan
FirstPost reported on January 29th that “China’s President Xi Jinping has tasked Wang Huning, considered to be the Chinese Communist Party’s top spymaster to draft a new policy for Taiwan, a self-declared independent nation which Beijing maintains is its integral part. According to a report by Taiwan News, the Chinese ‘one country, two systems’ policy has now become untenable after Beijing saw the results of imposing it in Hong Kong and the reaction of Taiwanese citizens to its insistence on the island being its indivisible part. Huning, the chief political strategist of the CCP and a member of its seven-man standing committee of the Politburo, is also considered the party’s top propagandist. Xi, with Hunting’s expertise in political theory at his disposal, is soon expected to announce the new policy towards the defiant in the coming months. Now that CCP is past the mass protests in China against its zero-COVID policy and the subsequent outbreak of the virus, it seems poised to take up Taiwan a policy priority. However, Chinese scholars aren’t very optimistic that diplomacy will prevail in relations with Taiwan. Chen Xiancai, the director of the Centre of Taiwan Studies at Xiamen University, said that Beijing can be is expected to step up its efforts to integrate and it will more than likely increase the conflict, Taiwan News reported. He believes that conflict with the US over Taiwan is unavoidable. What Huning’s new Taiwan policy would entail is still unclear. However, reportedly, many believe that it will prioritise communication and cooperation over the aggression Bejing’s displayed so far.”
18. Turkish MIT and its Mercenaries Kidnap Citizen in Occupied Afrin, Syria
As reported by Hawar News Agency on January 29th, “a private source reported that the mercenaries of the Turkmen “Al-Hamza” division had kidnapped the citizen “Tawfiq Hassan (45) years old” from the village of Qara Kul in the Al-Zaydiyah neighborhood in the center of the occupied city of Afrin, on January 22, and handed him over to Turkish intelligence, without knowing his fate. The crimes of the Turkish occupation state and its mercenaries continue against the remaining people of Afrin in their homes, within the framework of genocide, changing the demography of the region, and tightening the screws on the people to displace them from their homes.”
19. Podcast: Grey Dynamics: OSINT, Military Career Transition & Language Skills with Skip Schiphorst
Grey Dynamics published a new podcast episode. As per its description, “welcome back for season two of the Grey Dynamics Podcast! We’re kicking things off by talking to Chinese and Arabic OSINT trainer, Skip Schiphorst. Skip is an ex-Dutch Royal Marine who went onto do Chinese studies and now teaches OSINT skills.”
20. Latvia Confirms Phishing Attack on Ministry of Defence, Linking it to Russian Cyber Actor
On January 28th The Record reported that “the Russian cyber-espionage group known as Gamaredon may have been behind a phishing attack on Latvia’s Ministry of Defense last week, the ministry told The Record on Friday. Hackers sent malicious emails to several employees of the ministry, pretending to be Ukrainian government officials. The attempted cyberattack was unsuccessful, the ministry added. The sample of the malicious email was first shared on Twitter by French cybersecurity company Sekoia.io this week.” The article also states that “Ukraine claims that Gamaredon operates from the city of Sevastopol in Russia-occupied Crimea, but acts on orders from the FSB Center for Information Security in Moscow. The group began operations in June 2013, just months before Russia forcibly annexed the Crimean Peninsula from Ukraine.”
21. Ukrainian SBU Detained OPZZh Member Acting as GRU Agent in Siversk
On January 31st Ukraine’s SBU reported that they “detained a member of the OPZZh (ОПЗЖ), who worked for Russian intelligence in the eastern regions of Ukraine. The attacker turned out to be a eputy of the Siversk City Council from the “OPZZh” party, which is banned in Ukraine. Since October of last year, he has been collecting intelligence on the deployment of units of the Defence Forces in the territory of the Bakhmut district. He also transmitted the coordinates of local critical infrastructure facilities, including energy-generating enterprises. Intelligence was needed by the occupiers to carry out targeted missile strikes on Ukrainian cities. After the enemy shelling, the agent went to the area to record their effects and prepare a “report” to correct repeated strikes. The SBU officers detained the attacker while trying to transfer confidential information to the aggressor. According to the investigation, the deputy was recruited by a representative of Russian military intelligence through “communication” in the chat room of one of the pro-Kremlin Telegram channels. Anonymous messengers were used to communicate with each other.”
22. Russian Deputy Foreign Minister: United States Increasing Espionage Opportunities via Spyware
On January 28th TASS reported that “the US continues to build up spying capabilities through personal communication devices. This was stated in an interview with TASS by Deputy Foreign Minister Oleg Syromolotov. “The Americans continue to build up global surveillance capabilities contrary to their own slogans about protecting human rights,” the deputy minister said. “US intelligence agencies have been caught using Pegasus and Graphite spyware to hack into personal communication devices and computers around the world.” According to Syromolotov, at the fourth session of the UN special committee on the development of a convention on combating information crime in Vienna, which ended on January 20, the Americans and their “comrades” tried to sabotage the negotiation process in order to avoid additional obligations to provide electronic evidence of crimes. “[The United States] did everything possible to be able to evade responsibility for the illegal actions of their intelligence services and companies engaged in espionage, wiretapping, identity theft. Thus, they exposed their criminal intentions. As they say, even a hat burns on a thief,” the deputy head added. Ministry of Foreign Affairs of the Russian Federation.”
23. Video: ComSec LLC: Kestrel TSCM Professional Software Project Setup
On January 31st ComSec LLC published this short video. As per its description, “learn how you can quickly set up a new project using the Kestrel TSCM Professional Software. (Narrated by JD LeaSure, TSCM Expert & President/CEO, ComSec LLC) Kestrel TSCM Professional Software is a powerful and flexible operator centric RF spectrum analysis software application designed for advanced radio frequency spectrum monitoring. The Kestrel TSCM Professional Software leverages the most advanced RF sensor based Software Defined Radio (SDR) hardware technology. And, it provides functionality far beyond that found in typical commercial spectrum analyzers, including the ability to provide unintentional radiator (TEMPEST) detection, identification and evaluation of emissions. Kestrel TSCM Professional Software is ideal for technical surveillance countermeasures (TSCM), intelligence, counter terrorism and managed Remote Spectrum Surveillance and Monitoring (RSSM). This leading TSCM software also has applications in the law enforcement community, government, military, space, and spectrum regulatory agencies. Kestrel TSCM Professional Software also provides unique features and functionality for private sector and corporate security teams conducting TSCM, counter espionage related technical security operations.”
24. No One Knows R&AW Agents Better than Pakistanis — From Pathaan to Mission Majnu
The Print published this article on January 31st saying that “who knows RAW agents better than Pakistanis? After all, those with a single working brain cell are labelled a RAW agent at the drop of a hat. As experts on neighbourhood agents, choosing agent Pathaan over agent Majnu was hardly a difficult choice to make. That is why there are those in Pakistan who want Pathaan aka Shah Rukh Khan to become the next prime minister of India, while there are those ready to fight for the ‘enemy’ agent against attacks from within. So what if these RAW agents — Tiger, Pathaan, Vinod — have a tendency to get honey-trapped, we have got them covered with our own ISI operatives, that too ‘bold and beautiful’. This is the stuff great espionage is made of.”
25. The Dutch National SIGINT Organisation: An Overview
OSINT researcher Niels Groeneveld published this LinkedIn article stating that “the Dutch National SIGINT Organization, also known as the Nationale Sigint Organisatie (NSO), is a government agency responsible for the collection, analysis, and dissemination of signals intelligence (SIGINT) in the Netherlands. The organization plays a crucial role in national security, providing intelligence to the Dutch government and military, as well as to other national and international partners. The NSO was established in 2002, following the merger of the Dutch military and civilian SIGINT agencies. The organization operates under the Ministry of Defense and is overseen by the Dutch Intelligence and Security Board (DISB). The NSO is divided into three main divisions: the Military Intelligence and Security Service (MIVD), the General Intelligence and Security Service (AIVD), and the Joint SIGINT Cyber Unit (JSCU). The NSO’s primary mission is to collect and analyze SIGINT in support of the Dutch government’s national security objectives. This includes gathering information on foreign governments, terrorist organizations, and other potential threats to the Netherlands. The organization also provides support to military operations and assists in the fight against cybercrime. The NSO’s main facility is located in the province of Groningen, in the northern part of the Netherlands. The Groningen facility is the organization’s primary SIGINT collection and analysis center, and is responsible for the majority of the NSO’s SIGINT activities. The facility is equipped with state-of-the-art technology and staffed by highly trained professionals. In addition to the Groningen facility, the NSO also operates a number of other facilities throughout the Netherlands. These facilities are responsible for specific SIGINT activities and are located in various provinces, including North Holland, South Holland, and Limburg.”
26. Counterintelligence Operations in Europe: A 6-Month Outlook
On February 1st Grey Dynamics published this article. As per its introduction, “recent counterintelligence operations in Europe are proving successful as a series of high-profile cases have led to arrests of Russia-linked spies. In the light of Russia’s war in Ukraine, espionage cases will likely continue to increase for at least two reasons. First, history shows that war often produces more spies and increases the incentives for a covert presence in foreign states. Second, in times of geopolitical tension, the activity of countries’ intelligence services increases. Second, recent arrests and suspected Russian activities in Europe follow a pattern of Russian active measures, which bring prospects for future incidents and increasing counterintelligence operations in Europe. Moreover, as some European countries are balancing interests between Western actors and Russia, there are prospects for ever-increasing espionage recruitment and presence. Such development will likely make them hubs of spy activity following patterns back to the Second World War.”
27. Cultural Revolution Within the French Intelligence Services
Following 2022 week 30 story #8 and 2022 week 40 story #77, Le Monde reported on January 31st that “since November 2022, the Directorate General for External Security (DGSE) has undergone an unprecedented internal reorganisation to implement an integrated model, combining analysis, technique and action. It looks like boring administrative sociology, it’s actually a small palace revolution at the heart of the French intelligence services. Entering into force on November 1 , 2022, the reorganisation within the General Directorate for External Security (DGSE) has upset the internal balances and broken the baronies that have structured this institution for nearly forty years. It resulted in a major game of musical chairs in the world of French intelligence and concentrated power in the hands of the general management of the service, currently occupied by the diplomat Bernard Emié. Finally, it shattered the idea of an independent technical intelligence agency, like the American National Security Agency (NSA). This reform, announced in the middle of the summer of 2022, led to the disappearance of the flagship department of the DGSE, that of intelligence (DR). Marc Pimond, appointed at its head in 2016, represented a real internal counter-power. An expert in the Arab world, he has been appointed to other functions outside France. His contested results on the African ground, where Paris failed to anticipate the political crises in Mali and the waves of resentment towards France, particularly in Burkina-Faso, probably did not help him to defend the survival of this bastion.”
28. Ukrainian SBU Detains 2 FSB Agents Who Infiltrated Ukrainian Military
On January 31st Ukraine’s Security Service (SBU) announced that they “detained “infiltration agents” of the FSB of the Russian Federation, who “flushed” the enemy positions of the Armed Forces of Ukraine and recruited new informants. One of them turned out to be a resident of the Kharkiv region, who was recruited by a staff member of the Russian intelligence service at the beginning of the full-scale invasion. Soon, the agent left for Sumy Oblast as an internally displaced person and mobilised to the ranks of the Armed Forces, where he conducted reconnaissance and subversive activities against Ukraine. After the Military Commissariat, he was sent to an educational centre in the Zhytomyr region. While on the territory of the institution, he collected personal data of combat training instructors, and also covertly “studied” the security system of the military facility. Subsequently, the mobilised person was redeployed as part of units of the Ukrainian troops to the territory of the Donetsk region. In the east of Ukraine, he was interested in the bases and routes of movement of combat units of the Armed Forces of Ukraine in the Sloviansk and Kramatorsk districts. He involved his countryman in criminal activities, who after February 24 last year moved with him to Sumy as an internally displaced person, and later to Odesa region. Having agreed to the “offer” of the Russian agent, his henchman received the appropriate briefing and began spying on the bases of units of the Defence Forces in the Black Sea region. First of all, he tried to find warehouses with artillery weapons and ammunition of Ukrainian troops. Both attackers transmitted the collected intelligence to the aggressor through closed communication channels in the form of electronic coordinates with a detailed description of the surrounding area. In the “zone of special attention” were former military men and women who lived in the frontline areas in the south and east of Ukraine. Counter-intelligence officers of the Security Service detained both traitors while trying to once again pass classified information to the invader.”
29. Webinar: International Spy Museum: Operation Underworld with Matthew Black
On February 2nd the International Spy Museum published this video recording. As per its description, “after Pearl Harbor, Americans were traumatized by the event’s sudden widescale death and destruction on US soil. When the second largest ship in the world, the SS Normandie, caught fire on the Hudson River and sank, many suspected sabotage. This fear led to an unusual alliance. In the face of saboteurs, spies, and enemies of the state on the New York shoreline, the US Navy did the unthinkable and empowered the New York Mafia to help them patrol the New York City docks and act as informants. Journalist and crime historian Matthew Black has uncovered this clandestine coalition that brought homefront enemies together and ultimately succeeded in helping the Allies win World War II. Black will discuss his new book Operation Underworld: How the Mafia and US Government Teamed Up to Win World War II and how he came to uncover this hidden history. From Montauk to Sicily, from German garrisons to the halls of power in Washington, DC, with a side trip to Sing Sing, join us for an eye-opening evening and learn why “Lucky” Luciano was rumored to be up for a Congressional Medal of Honor!”
30. United States: Leaders of Self-Driving-Truck Company Face Espionage Concerns Over China Ties
On February 1st the Wall Street Journal reported that “the Justice Department has been urged by representatives of a U.S. national-security panel to consider economic-espionage charges against leaders of TuSimple Holdings Inc., an American self-driving-truck company with ties to China, according to people familiar with the matter. The recommendation for criminal charges, made late last year, stemmed from concerns that two founders and the current chief executive of the San Diego-based company were improperly transferring technology to a Chinese startup, the people said. The concerns were based on material gathered as part of a national-security review of TuSimple launched earlier last year.”
31. Hacking Group Claims to Have Uncovered Massive Russian Domestic Spying Program
Kyiv Post published this article on January 31st stating that “a hacking group has dumped of 128 gigabytes of documents it says are from Convex, a Russian internet service provider, and claimed they reveal the Kremlin is engaged in an extensive domestic monitoring operation of citizens and private corporations in the country. “They are actively transmitting data to Moscow. It’s not just preemptive tapping,” claimed one hacker with knowledge of this specific dump when speaking to Kyiv Post, adding that this “is illegal, as under Russian law, as a search warrant must be issued before surveillance can be done.” In an email sent to Kyiv Post, the hacker collective taking credit for the document dump, CAXXII, stated that the “existence of a project called ‘Green Atom,’ is perhaps the most amazing discovery.” “‘Green Atom’ (TS ORM fsb) refers to the installation and maintenance of wide-ranging surveillance equipment that is used to monitor the online activity of all traffic in and out of Convex. “This can be classified as espionage, unauthorized wiretapping, and surveillance of civilians without a warrant, which circumvents the laws of the Russian Federation and all public statements of the Russian authorities. “Documents confirming the existence of this project, as well as the correspondence of Convex employees with the FSB, are now available not only to us, but also to you.” The group claims the alleged secret eavesdropping operation is operated by the country’s Federal Security Service (FSB). Its existence had not been known before today’s release of information. The data dump also released the information of thousands of Russian citizens who were clients of the Russian corporations whose data was released.”
32. UK Documents: Bush Ordered CIA to Find Replacement for Arafat
Al Jazeera reported on February 1st that “former United States President George W Bush ordered the CIA to search for a replacement for Palestinian leader Yasser Arafat after the escalation of the second Intifada in 2001, the BBC said, quoting recently released British documents. The US effort came after the failure of the Camp David negotiations in 2000 between Arafat and then-Israeli Prime Minister Ehud Barak. The talks followed the escalation of violence in the occupied territories of the West Bank and Gaza Strip. According to the BBC documents, Bush expected early on that Ariel Sharon, who succeeded Barak, would use the Gaza Strip to sow divisions among the Palestinians. The documents deal with discussions that took place between the United Kingdom and the US a few months after Bush and his administration, which was dominated by neoconservatives, entered the White House. When Bush was inaugurated in January 2001, the second Palestinian uprising was at its height. It had erupted in late September 2000 when Sharon entered the courtyards of Al Aqsa Mosque, an act widely seen by Palestinians as a provocation. The Bush administration called on Arafat to stop the uprising to lay the groundwork for the start of security negotiations with Israel. It also vetoed a draft resolution in the United Nations Security Council, which proposed sending a UN observer force to protect Palestinian civilians from Israeli forces in the occupied territories. After the negotiations were aborted, telephone talks were held between Bush and then-British Prime Minister Tony Blair in which they discussed the Palestinian-Israeli conflict at length. According to the minutes of the talks, the prime minister said Arafat was a liability.”
33. Podcast: Spycraft 101: Killing Castro: The Alliance Between the CIA and the Mob with Thomas Maier
On January 29th Spycraft 101 podcast published a new episode. As per its description, “the decomposing body of mobster Johnny Roselli was recovered from the Miami, FL coastline, where it was discovered stuffed inside an oil drum in August 1976, ten days after his disappearance. Roselli was a senior figure in American organized crime who had testified the previous year about his alliance with Sam Giancana, Santo Traficante, and the Central Intelligence Agency. The mobsters had teamed up with the CIA in an effort to kill Fidel Castro in 1960, and Roselli’s testimony before the US Senate’s Church Committee set off bombshells in the news media. A meeting between the two organizations was facilitated by Robert Maheu, a former FBI agent-turned private investigator who had worked for both Howard Hughes and the CIA, and had a number of associates in organized crime. The first, fateful meeting took place at the iconic Fontainebleau Hotel in Miami in September 1960. There they discussed various possible methods for killing Fidel Castro, who had risen to power in Havana less than a year prior. The mobsters were offered $150,000 for their services but declined the money. The leverage they would have over the US government afterwards would be worth significantly more. The plots never came to fruition for various reasons, and Castro continued to successfully evade multiple assassination attempts over the years. Fifteen years later, Giancana and Roselli were both set to testify to the Church Committee. On the night of June 19th, 1975, just days before he was scheduled to appear, Giancana was shot to death at home, allegedly while cooking a meal of sausage and peppers. He was shot in the head with multiple .22LR rounds. A High Standard Model M-101 was recovered nearby just hours later, and subsequently tied to his death. Several suspects have been identified, all close associates of Giancana. But no one was ever charged for his murder. For episode 65 of the Spycraft 101 podcast, I talked with @thomasmaierbooks, author of Mafia Spies: The Inside Story of the CIA, Gangsters, JFK, and Castro. We discussed the tenuous alliance between the CIA and the mob, and the long-term consequences for all involved.”
34. Cyprus: Inside Britain’s Military Dicatorship in the Mediterranean
On January 31st Declassified UK published this article saying that “the UK retains two chunks of Cyprus for military and spying purposes, which are under the control of a Kafkaesque regime. Declassified went to investigate what are, in effect, British colonies.” The mentioned highlights of the article are: 1) UK military controls 3% of Cyprus landmass, 2) Executive power in the UK areas resides wholly in Ministry of Defence-appointed military officer, 3) MoD in London ignores interview request, but press officer in Cyprus apparently knew Declassified was there, 4) UK military sends alert across territory over presence of Declassified journalist, and 5) Turkish soldier greets Declassified at RAF base in Cyprus despite MoD claiming no foreign personnel based there.
35. Chad to Open Embassy in Israel Five Years After Renewing Ties
As reported by Reuters on February 1st, “Chadian President Mahamat Deby said he would inaugurate an embassy in Israel on Thursday that would build on bilateral relations that were established five years ago.” The article concludes that “Chad’s strategic location amid African countries struggling with Islamist insurgencies makes it of special interest to Israel. Signalling that the bilateral ties have covert aspects, Netanyahu’s office issued pictures showing the chief of the Israeli spy agency Mossad welcoming Deby at the airport. The visit is the first to Israel for Deby, who took over after his father died in 2021.”
36. Myanmar-backed Islamist ARSA Terrorists Entering Bharat
Hindu Post reported on February 2nd that “as part of a secret plot of the Myanmar authorities, guerilla trained members of Arakan Rohingya Salvation Army (ARSA) are entering Bharat and joining local jihadist outfits in Jammu & Kashmir, Tamil Nadu, West Bengal and northeastern provinces with the notorious agenda of spreading jihadist terror. According to a credible source, members of ARSA, who are infiltrating inside India are also being guided by Pakistani spy agency Inter-Service Intelligence (ISI), who are trying to use them in executing terrorist plots jointly with militancy groups in Tamil Nadu and West Bengal. Until recently it was perceived by most of the counterterrorism experts and critics of Myanmar authorities that Arakan Rohingya Salvation Army (ARSA) was a pro-Rohingya terrorist entity. But recently it has been exposed that leaders of ARSA, including its founder Ataullah abu Ammar Jununi are under monthly payroll of the Myanmar government. According to media reports, several front-ranking leaders of Arakan Rohingya Salvation Army (ARSA), including its kingpin Ataullah abu Ammar Jununi are in fact paid agents of Myanmar military junta and been on monthly payroll, with the main assignment of sabotaging return of Rohingyas to Myanmar. With this mission, Jununi and other key members of ARSA are targeting and killing pro-repatriation Rohingya leaders inside Rohingya camps in Bangladesh. These lapdogs of Myanmar military junta also are running campaign with the goal of convincing Rohingyas to give up their decades-old demand of getting legal status in Myanmar.”
37. CIA Secrets: Five Quirky Facts about the Spy Agency
On February 1st SpyScape published this article. The five paragraphs of it are titled: 1) The CIA Employs Magicians, 2) Langley Has a Secret Starbucks, 3) CIA Operatives Travel with Spy Gadgets, 4) CIA Officers Use Acronyms Like MICE & SADRAT to Recruit Foreign Spies, and 5) Spies Read Spy Books in Their Spare Time.
38. Podcast: Spycraft 101: The Early Days of FBI Counterintelligence with Raymond Batvinis
On February 1st Spycraft 101 podcast published a new episode. As per its description, “FBI footage filmed from behind a two-way mirror reveals a conspiracy of German spies led by Fritz Duquesne in New York City just prior to the start of World War II. Duquesne was born in South Africa and developed a lifelong hatred of the British during the Boer War. He’s also the subject of episode one of my podcast. While living in the US in the 1930s he built a network of agents and saboteurs working for Germany. Unbeknownst to him, one of his best agents, William Sebold, had in fact been a double agent working for the FBI right from the start. Sebold was approached and recruited by the German Abwehr while visiting his mother in Germany in early 1939. He was recruited under duress and reported the entire situation to American consular officials at the first opportunity. Once he returned to the US, he was met by FBI agents who could scarcely believe his seemingly outlandish story of a large, well-established network of German agents already in place throughout the country. But the microphotographs, cash, and high-tech devices he produced convinced them of his bona fides. Sebold became the lynchpin in the FBI’s first major counterespionage investigation. The mountains of evidence he helped develop led to the arrests of 33 members of the Duquesne spy ring in July 1941; all of whom were convicted on espionage-related charges by the end of that year, just as the US entered the war on the side of the Allies. This hidden camera footage was not only clear evidence of espionage, but an astounding new technological development in the eyes of the juries. FBI Director J. Edgar Hoover’s embrace of new technology and new strategies for combating the foreign intelligence threat helped assure guilty verdicts for all 33 suspects, and effectively ended German espionage inside the United States, just when it was most needed. For episode 66 of the Spycraft 101 podcast, I spoke with retired FBI Special Agent Raymond Batvinis, author of The Origins of FBI Counterintelligence about the early years of counterespionage investigations in the 1930s and 1940s.”
39. Ukrainian SBU Detained Ukroboronprom Employee Acting as GRU Agent
On February 1st Ukraine’s SBU announced that they “detained an employee of Ukroboronprom who worked for Russian military intelligence. As a result of a special operation in Kyiv, a Russian agent was detained, who received a hostile task to work for a Ukrainian defence company to collect intelligence for the aggressor country. SBU officers exposed him at the very beginning of intelligence and subversive activities and gradually documented criminal activities. It was established that the person involved was covertly collecting information about the available Ukrainian weapons, which are supplied to the units of the Armed Forces of Ukraine on the eastern and southern fronts. In addition, the attacker prepared “reports” for the occupiers about the consequences of Russian missile strikes on the capital. To do this, he traveled around the city and recorded the appearance of Ukrainian sites after shelling. The enemy agent transmitted the received information through anonymous messengers to an employee of the Main Directorate of International Military Cooperation of the Ministry of Defence of the Russian Federation. The Russian official informed the representatives of the military intelligence of the aggressor country about the received data. During the search, the detainee was found to have means of communication with materials that confirm his criminal activity.”
40. Australia: ASIO Has Been Warned it’s Encouraging Extremism
SBS News reported on February 2nd that “ASIO is encouraging both Islamist extremists and racists by saying groups such as the self-proclaimed Islamic State group (IS) and al-Qaeda are “religiously motivated”, a peak Muslim body has warned. The Australian Muslim Advocacy Network (AMAN) has also accused the spy body of taking a softer touch to young right-wing extremists than their Muslim equivalents, who it claims are more likely to be tried as adults rather than being rehabilitated. ASIO shifted its definition of extremist groups in early 2021 — categorising them as either “religiously motivated” or “ideologically motivated” — as security agencies warned the threat of far-right extremism in Australia was growing. At the time, ASIO Director-General Mike Burgess said terms such as “Islamic extremism” and “right-wing extremism” were not fit-for-purpose, because ASIO did not pursue targets on the basis of political or religious belief.”
41. Russia: Financial Incentives and Social Perks Aplenty to Attract New Russian intelligence Talent
Intelligence Online reported on February 1st that “a series of measures has been taken since the start of the year in Russia in response to the country’s military and intelligence human resource needs. The plan is to hire more broadly and improve the attractiveness of jobs in the security apparatus.”
42. Pakistani Cyber Espionage Operation Targeting India
On February 1st malware researcher Souiten discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as SIDECOPY, previously associated with the intelligence services of Pakistan. The operation involved a lure document titled “Cyber Advisory 2023.docm” targeting entities in the government of India. If opened, the document was covertly installing a cyber espionage software implant known as ReverseRAT or CetaRAT.
43. Podcast: True Spies: Exodus, Part 2: Passports and Prison Cells
Following last week’s part 1, on January 31st SpyScape’s True Spies series published the second part of this podcast episode. As per its description, “in the late 1970s, the Mossad launched one of history’s most audacious missions: Operation Brothers. Their goal? To rescue thousands of Ethiopian Jews facing violence, and bring them safely to Israel. In this deep three-part retelling of the very first True Spies story, Sophia Di Martino meets Mossad operatives Daniel Limor, Rubi Viterbo and Gad Shimron, who worked undercover to lead the covert evacuations. We also hear from Takele Mekonen, one of the thousands of Jews saved during the operation. In Part Two, Dani Limor and Ferede Aklum press on, despite growing uneasiness back in Israel. But a stroke of misfortune puts the men behind bars — and the mission at fatal risk.”
44. Azerbaijan Reportedly Detains Dozens Suspected of Spying for Iran
RFERL reported on February 1st that “Azerbaijan’s Interior Ministry has detained around 40 people it suspects of being part of an Iranian spy network that used religion to push pro-Iranian propaganda. Local media reported on February 1 that the suspects were arrested in Baku and other regions of the country as a result of the operation conducted by the ministry. Some reports a day earlier put the number of people detained at seven. Law enforcement bodies have neither confirmed nor rejected the reports. Lawmaker Elman Mammadov, a member of the parliamentary Defense, Security, and Anti-Corruption Committee, accused Iran of being “quite active” in defending Iranian Supreme Leader Ayatollah Ali Khamenei for many years. “I can’t say whether it is a network or not, but there are such people. Even in certain media organizations and social networks, there are such people who from time to time speak in favor of Iran and against us express their opinions,” he said. Tehran has not commented on the reports. Azer Qasimli, the director of the Baku-based Political Management Institute, said that while Iranian spies were most likely operating in the country, Russia has a bigger undercover network in the country. Still, he said Azerbaijani authorities had to be careful, as “Iran is a state that has used terrorism in different countries and is characterized by very aggressive actions.” “It can be dangerous from this point of view,” he added.”
45. Risk and Intelligence Firms’ Hunger for ex-CIA China Experts Grows
On February 2nd Intelligence Online reported that “as relations between the US and China grow ever more tense, corporate intelligence firms are keen to have several ex-CIA China experts among their ranks, with traditional investigation firms vying for the same recruits as new AI-based analysis providers.”
46. Cyber Espionage Operation Targeting Philippine Army
On January 31st cyber security researcher Ginkgo discovered and disclosed a document of a cyber espionage operation that took place on September 2022, targeting the Philippine Army. It was a lure document titled “6615 — WC REAS OF TSG ALANO ET AL.iso”, impersonating an official message to Army officers. If opened, it was covertly installing a custom cyber espionage software implant. The operation was attributed to an unidentified actor dubbed as SAAIWC group. That group had also targeted Cambodia and Vietnam in the past.
47. Webinar: OSINT Introduction: What is Open Source Intelligence?
On January 29th the OSINT Dojo published this short video. As per its description, “what is Open Source Intelligence (OSINT)? For one, it is not just searching for information online. This video gives a high level overview on OSINT, the intelligence cycle, and common jobs that leverage these skills in their career.”
48. United States: Mike Huckabee: Hunter Financially Tied to Chinese Espionage, Sent More Classified Emails
The Western Journal published this article on January 31st stating that “as it becomes clearer that Hunter Biden, with his many shady business connections and, shall we say, freewheeling lifestyle, had access to top-secret material in his father’s possession, the question becomes, how did this search for classified documents get started? Kash Patel, who as lead investigator for Devin Nunes’ House Intel Committee and a former deputy director of national intelligence is in a relatively good position to know, examines this in an Op-Ed at the Daily Caller. But first, he dismantles the lip service given by Attorney General Merrick Garland and FBI Director Christopher Wray to “traditions and principles” that in reality have led to a two-tier “justice” system. “As a sitting president and now the target of a criminal investigation,” Patel writes, “Biden has publicly stated ‘there is no there there’ while his personal attorneys are allowed full control of the scene. In what world do we want this to be the traditions and principles of justice, where the accused defines the parameters of the Constitution?” Patel predicts that many more classified documents will be found, along with more people who had access. But did the librarians at the National Archives actually initiate the search? Really? Patel says that to understand how the search got started and why it was undertaken in the first place, we must look to Hunter’s laptop.” The article also says that “for example, Schweizer learned from Hong Kong financial and corporate records that an executive who helped Hunter get into an investment fund that netted him around $20 million was also business partners with the vice minister of state security in China. His responsibility: foreign espionage. No, really! OK, one more example: An executive who wired $5 million to Hunter had taken it out of an account he shared with the daughter of the former minister of state security. This man “ran the entire spy apparatus of China,” Schweizer said. “There’s no discernible business service that Hunter Biden performed for any of that money.” You can’t tell me that the CCP didn’t have its spies all around Joe Biden and his classified files — certainly at the Penn Biden Center, which was funded indirectly by Chinese money, and probably in other locations as well, even at his home.”
49. Ukrainian CERT Uncovers Cyber Espionage Targeting Ukrainian and Polish Governments
On February 1st Ukraine’s Computer Emergency Response Team (CERT-UA) announced that they “detected a web page which mimics the website of the Ministry of Foreign Affairs of Ukraine and lures a user to download software for “scanning infected PCs on viruses”. If a user follows the link, the BAT file “Protector.bat” will be served onto the victim’s PC. Leveraging powershell.exe BAT-file would download and execute several PowerShell scripts, one of which would recursively scan the Desktop folder for files with the following extensions: .edb, .ems, .eme, .emz, .key, .pem, .ovpn, .bat, .cer, .p12, .cfg, .log, .txt, .pdf, .doc, .docx, .xls, .xlsx, .rdg, aft, as well as take screenshots and exfiltrate data using HTTP. Also, Scheduled Tasks would be created for persistence purposes. In cooperation with CERT Polska and CSIRT MON (Republic of Poland), we detected several more phishing websites to mimic web pages of the Security Service of Ukraine and the Polish Police. In addition, it should be noted that a similar fraudulent web page was spotted impersonating the mail portal of the Ministry of Defense of Ukraine back in June 2022. We track mentioned activity under UAC-0114, aka Winter Vivern. The group uses typical TTPs (e.g., the theme of “scanning software” and known PowerShell scripts). It’s highly likely that russian speaking actors are among the group’s members”
50. Austria Expels 4 Russian Diplomats
Politico reported on February 2nd that “Austria has revoked the diplomatic status of four Russian civil servants working in Vienna, the Austrian foreign ministry said in a press release Thursday. The four Russian diplomats “have engaged in acts incompatible with their diplomatic status” and “must leave the territory of the Republic of Austria within one week at the latest, i.e. by the end of 8 February,” the statement reads. Two of the diplomats worked at the Russian embassy in Vienna and the other two were from the permanent mission to the United Nations. The Austrian capital became a spy nest during the Cold War — largely thanks to its proximity to the Iron Curtain — and is still considered a hotspot for international espionage. European security services have cracked down on alleged Russian spies since the Kremlin invaded Ukraine last February.”
51. Podcast: Armada Radioflash: Voices from Space
On February 2nd Armada International published their first ever episode of the new Radioflash podcast. As per its description, “Armada is proud to launch our new Radioflash podcast. Blending our electronic warfare and military communications podcasts Radioflash covers all aspects of military electromagnetic spectrum use. Fittingly, our first guest is Dr. Bleddyn Bowen, associate professor of international relations at the University of Leicester. He is the author of two books on the militarisation of the cosmos: War in Space: Strategy, Spacepower and Geopolitics and the recently published Original Sin: Power, Technology and War in Outer Space. Space has never been more important to the military. The heavens host spy satellites collecting intelligence and communications satellites letting navies, armies and air forces keep in touch. Yet space is competitive. The US and her allies depend on it as do their rivals Russia and the People’s Republic of China. Anti-satellite weapons risk spacecraft safety. Meanwhile the private sector is taking on a host of missions once the preserve of the military. We sit down with Dr. Bowen to talk about these vexing challenges.”
52. Israel’s Gallant Speaks with Azeri DM, Border Service Chief After Iran Spy Arrests
Following this week’s story #44, on February 2nd i24 News reported that “Israel’s Defense Minister Yoav Gallant on Wednesday held phone conversations with his Azeri counterpart Zakir Hasanov and head of the country’s Border Service Elchin Gullyev. The calls come after a series of arrests in connection to an Iranian “espionage network” carried out by Azerbaijan security forces on Tuesday. The number of the detained suspects rose from 7 to 39, according to reports. According to an official statement by Azerbaijan’s Defense Ministry, the call was initiated by the Israeli side. Gallant “expressed satisfaction with the current relationships between the countries” and noted that “Azerbaijan-Israel ties are based on friendship and mutual trust.” Azerbaijan’s Defense Minister Colonel General Zakir Hasanov in turn congratulated Gallant on his appointment and “expressed confidence that cooperation between the countries in the military sphere will expand.” The parties also discussed regional security issues and “prospects for military-technical cooperation” between the states. Gallant also spoke on the phone with Azerbaijan’s head of the Border Service, Colonel General Elchin Gullyev, according to the service’s press statement.”
53. NATO Will Fail to Inflict Strategic Defeat on Moscow: Russian Spy Chief
Al Arabiya News reported on February 1st that “one of Russia’s top spies forecast on Wednesday that the NATO military alliance would fail to inflict a “strategic defeat” on Moscow, despite sending billions of dollars worth of weapons and military hardware to Ukraine. Sergei Naryshkin, who heads up Russia’s SVR Foreign Intelligence Service and is a close ally of President Vladimir Putin, accused NATO of upping the ante in the conflict by supplying Kyiv with more advanced weapons. “NATO is raising the stakes because they still have dreams of a strategic defeat over Russia,” Naryshkin said in a televised interview with the state-run RIA news agency released on Wednesday. “But this will not happen.” His comments come as the United States is readying its latest package of military aid for Ukraine, worth some $2 billion. Supplies are expected to include rockets with a range of up to 150 kilometers (94 miles) for the first time.”
54. Turkey Runs Special Covert Operations in Western Europe, US and Canada, Secret Document Reveals
On February 1st Nordic Monitor reported that “the Islamist regime of President Recep Tayyip Erdoğan has sanctioned a covert operation in a number of Western countries in Europe and North America, aiming to locate former police chiefs who had in the past investigated wrongdoing in the government. According to a secret government document obtained by Nordic Monitor, the Erdoğan regime has been running highly classified, intelligence-gathering operations in nine Western countries that were tasked with a specific goal to accomplish. The operations, kept strictly confidential, were launched to locate former police chiefs who had investigated and gathered incriminating evidence in cases involving pervasive corruption in the administration, sophisticated Iran sanctions-busting schemes, the government’s aiding and abetting of armed jihadist groups and its links to organized crime syndicates. The document, dated September 28, 2022 and distributed by the Security General Directorate (Emniyet), Turkey’s main law enforcement agency, shows that 55 police chiefs are located in the US, Canada, Germany, the UK, the Netherlands, Sweden, Switzerland, Belgium and Norway.”
55. Pentagon: Chinese Spy Balloon Spotted over Western US
On February 3rd Reuters reported that “the U.S. is tracking a suspected Chinese surveillance balloon that has been spotted over U.S. airspace for a couple days, but the Pentagon decided not to shoot it down over concerns of hurting people on the ground, officials said Thursday. The discovery of the balloon puts a further strain on U.S.-China relations at a time of heightened tensions. A senior defense official told Pentagon reporters that the U.S. has “very high confidence” it is a Chinese high-altitude balloon and it was flying over sensitive sites to collect information. One of the places the balloon was spotted was Montana, which is home to one of the nation’s three nuclear missile silo fields at Malmstrom Air Force Base. The official spoke on condition of anonymity to discuss sensitive information. Brig. Gen. Patrick Ryder, Pentagon press secretary, provided a brief statement on the issue, saying the government continues to track the balloon. He said it is “currently traveling at an altitude well above commercial air traffic and does not present a military or physical threat to people on the ground.” A senior administration official, who was also not authorized to publicly discuss sensitive information, said President Joe Biden was briefed and asked the military to present options. Defense Secretary Lloyd Austin and Army Gen. Mark Milley, chairman of the Joint Chiefs of Staff, advised against taking “kinetic action” because of risks to the safety of people on the ground. Biden accepted that recommendation. The defense official said the U.S. has “engaged” Chinese officials through multiple channels and communicated the seriousness of the matter.” On the same day, Mike Glover Actual published this video commenting on this story. As per the video’s description, “I am a former Special Forces SGM that started my career as an 11B or basic infantryman, and became a Special Forces 18B weapons specialist and served 9 combat rotations overseas. I served as a Sniper, Assaulter, JTAC, TSE expert, Free Fall jumpmaster and more. I served in 3rd SFG, 10th SFG, USASOC, 19th SFG, and the CIA as a GRS officer protecting Case Officers overseas. I have a Bachelors degree in Homeland Security/Crisis Management and I appreciate you all tuning in! I own Fieldcraft Survival LLC, in Heber City, Utah where we specialize in teaching civilians to be prepared for the worst case scenario. First Aid, Mindset, Fitness, Tactics, Mobility, and so much more.” A former CIA operative of American Kinetix also published his comments about it. Also, S2 Underground published the Emergency Update: Chinese Spy Balloon. Eventually, it was shot down as reported by The Sunday Times, the article says that “an F-22 fighter fired one Aim-9X Sidewinder missile into the inflatable about six nautical miles off the southeastern coast in US airspace, officials said. A recovery operation was under way last night.”
56. Spy Way of Life: J. Gilbert’s Restaurant, McLean, Virginia
This week’s selection for Intelligence Online’s Spy Way of Life was the “J. Gilbert’s restaurant in McLean, a favourite meeting place for CIA agents.” As per the article, “this week, Intelligence Online explores J. Gilbert’s restaurant, conveniently located near the CIA headquarters in McLean. It’s long been a preferred gathering spot for operatives and their guests — and for foreign spies hoping to eavesdrop on them.”
57. United States: NSA Creates Assistant Deputy Director, Other New Entities Focused on China
DefenseScoop reported on January 31st that “the National Security Agency has created a new assistant deputy director position solely dedicated to China, DefenseScoop has learned. David Frederick was appointed the first assistant deputy director for China in November, according to an NSA spokesperson. Frederick was most recently the executive director of U.S. Cyber Command. “This is a new leadership position created to set and direct mission strategy for addressing the People’s Republic of China (PRC), prioritize China mission investments, and posture NSA to achieve greater near-and long-term mission outcomes,” an agency spokesperson told DefenseScoop in an email. “The Assistant Deputy Director for China will determine PRC mission talent and technology requirements as well as assess Agency readiness to support policymakers and the warfighter across multiple domains.” The new role is just one in a series of organizational shifts the agency has made to deal with what the Pentagon refers to as “the pacing challenge.” NSA has also created a China Strategy Center — aimed at developing a strategic plan to counter Beijing with tangible near- and long-term mission goals — as well as the China Outcomes Group, which is a joint Cybercom-NSA entity. The China Outcomes Group was announced by Cybercom commander and NSA Director Gen. Paul Nakasone in congressional testimony last year. “China is our pacing challenge, which I see as both a sprint and a marathon. China’s military modernization over the past several years threatens to erode deterrence in the western Pacific, which requires immediate steps to redress. At the same time, China is an enduring strategic challenge that is now global in scope. Beijing is exerting influence worldwide through its rising diplomatic, informational, military, and economic power,” Nakasone wrote in prepared testimony.”
58. Half of Canadians Say Freedom Convoy was Threat to National Security
TNC reported on February 2nd that “one-in-two Canadians think the protests surrounding the Freedom Convoy were a threat to national security, according to a new poll. The Angus Reid poll released on Thursday shows 51% of Canadian respondents said Convoy protests posed a threat of espionage, sabotage, foreign influence, serious violence, or an overthrow of the Canadian government. Respondents were given these terms so as to match the terms needed by government officials to invoke the Emergencies Act.”
59. Podcast: BRCC: Former CIA and Creator Ares Watches Matt Graham
On January 30th the Black Rifle Coffee (BRCC) podcast published a new podcast episode. As per its description, “Matt Graham is a former police officer and U.S. Air Marshal. He then spent 12 years working with the CIA. When Graham finished his service, he ventured on to design a wristwatch that would be able to weather the types of activities he spent his career taking part in — and thus Ares Watches was born. Matt is now the Owner and founder of Ares Watch Company, an American watch company that’s dedicated to manufacturing some of the best Mission Timers on the market.”
60. Ukrainian SBU Detained FSB Agent in Ternopil
On January 30th Ukraine’s Security Service (SBU) announced that they “detained a Russian agent who was preparing a missile attack on power stations in the west of Ukraine. Security Service officers exposed an FSB agent in the Ternopil region. The henchman of the aggressor collected information about the location of critical infrastructure facilities and the peculiarities of their work in the territory of the western regions. First of all, he was interested in the locations and technical characteristics of local power stations. He planned to pass the information he received to the enemy to prepare and carry out a series of targeted missile strikes on Ukrainian energy facilities. However, SBU officers prevented these plans — they exposed the intruder in a timely manner, documented his criminal actions, and detained him while trying to transmit intelligence from his own smartphone to the occupiers. According to the investigation, the traitor turned out to be a resident of the Kremenets district, who was recruited by the Russian intelligence service after the start of the full-scale invasion. He came into the attention of the aggressor because of his pro-Kremlin views, which he repeatedly made public through social networks. To carry out enemy missions, the agent traveled around the area, established the location of Ukrainian energy facilities and fixed their coordinates. A specially created Telegram channel was used as communication with FSB. During the search, a phone with evidence of his intelligence and subversive activities for the benefit of the aggressor country was seized from the perpetrator.”
61. ESET Publishes Nation-state Cyber Activity Report T3 2022
On January 31st private cyber security and intelligence firm ESET published their APT Activity Report T3 2022. As per its summary, “in the monitored timespan, Russia-aligned APT groups continued to be particularly involved in operations targeting Ukraine, deploying destructive wipers and ransomware. Among many other cases, we detected the infamous Sandworm group using a previously unknown wiper against an energy sector company in Ukraine. APT groups are usually operated by a nation-state or by state-sponsored actors; the described attack happened in October, in the same period as the Russian armed forces started launching missile strikes targeting energy infrastructure, and while we are not able to show those events were coordinated, it suggests that Sandworm and military forces of Russia have related objectives. ESET researchers also detected a MirrorFace spearphishing campaign targeting political entities in Japan and noticed a gradual change in the targeting of some China-aligned groups — Goblin Panda started to duplicate Mustang Panda’s interest in European countries. Iran-aligned groups continued to operate at a high volume — besides Israeli companies, POLONIUM also started targeting foreign subsidiaries of Israeli companies, and MuddyWater probably compromised a managed security provider. In various parts of the world, North Korea-aligned groups used old exploits to compromise cryptocurrency firms and exchanges; interestingly, Konni has expanded the repertoire of languages it uses in its decoy documents to include English, which means it might not be aiming at its usual Russian and Korean targets. Additionally, we discovered a cyberespionage group that targets high-profile government entities in Central Asia; we named it SturgeonPhisher.”
62. Armenian NSS Arrests Armenian Military Officer on Espionage Charges
On January 31st Azatuyun and the Armenian National Security Service (NSS) announced that “it has discovered a case of state treason by an Armenian citizen, the captain of the N military unit of the Defence Ministry. According to the press centre of the NSS, as a result of the operative-intelligence measures of the officers of the counter-intelligence department, it was found that the officer came to the attention of foreign intelligence services from the beginning of 2021 and was recruited by them. Then, having been assigned to serve in another military unit of the Armenian Defence Ministry as the head of one of the services of the military unit, during the service “having received a proposal from foreign intelligence services through messages to continue cooperation and accepting it, he undertook to collect and hand over to foreign intelligence services the sovereignty, territorial integrity and information constituting state and official secrets of the military sphere for use to the detriment of external security”. According to the report, the captain “during the months of April-May 2021, collected and through various mobile applications used by him, handed over to the representative of the foreign intelligence service military information constituting a state and service secret, in particular, the armament, weapons, quantity, combat information about the location of the position and other data, with photographs showing the weapons and the number of weapons, including the military equipment acquired from India.” As a reward, the officer received money and a mobile phone from a representative of a foreign intelligence service 2 times on different days, thus “committing high treason to the detriment of the territorial integrity and external security of the Republic of Armenia”. Searches were carried out within the framework of the criminal proceedings initiated in the investigative department of the National Security Service, the said officer was charged, and according to the court’s decision, he was detained as a preventive measure.”
63. Canadian Universities Conducting Joint Research with Chinese Military Scientists
On January 30th The Globe & Mail reported that “Canadian universities have for years collaborated with a top Chinese army scientific institution on hundreds of advanced-technology research projects, generating knowledge that can help drive China’s defence sector in cutting-edge, high-tech industries. Researchers at 50 Canadian universities, including the University of Waterloo, University of Toronto, University of British Columbia and McGill University, have conducted and published joint scientific papers from 2005 to 2022 with scientists connected to China’s military, according to research provided to The Globe and Mail by U.S. strategic intelligence company Strider Technologies Inc. Strider found that in the past five years, academics at 10 of Canada’s leading universities published more than 240 joint papers on topics included quantum cryptography, photonics and space science with Chinese military scientists at the National University of Defence Technology (NUDT). Some of these NUDT researchers are experts in missile performance and guidance systems, mobile robotics and automated surveillance. The Canadian Security Intelligence Service (CSIS) has warned that Beijing is increasingly using joint academic research programs to obtain innovative science and technology for economic and military advantage.” The article concludes that “he said the federal and provincial governments need clearer guidelines for academic partnerships and legislative reform to the CSIS Act that enables the spy service to talk more openly about threats that exist. CSIS declined to say whether Canadian universities should halt their collaboration with NUDT when asked by The Globe. But the spy agency left no doubt that it opposes such activities.”
64. Western Media Spoke About US Pressure on Libya During the Visit of the CIA Director
According to the Russian RIA-FAN from February 4th, “the recent visit to Libya by the head of the US Central Intelligence Agency (CIA), William Burns, who held talks with various structures in the west and east of the country, caused a lot of guesswork and comments from the world’s media and experts. The American edition of The Wall Street Journal, in particular, linked him to Washington’s campaign against Russia. The authors of the WSJ article reported that during a meeting with the commander-in-chief of the Libyan National Army (LNA), Field Marshal Khalifa Haftar, Burns demanded that he cut off all alleged ties with the Wagner PMC, which is under US and EU sanctions. According to the publication, the United States fears that Russia, through PMCs, will gain access to the oil resources of the North African state. Referring to representatives of the law enforcement agencies of Libya and the West, WSJ journalists said that William Burns warned the head of the LNA against deploying “Wagner” in the country. According to the sources of the newspaper, about 300 PMC fighters and about 700 Syrian soldiers are currently allegedly staying in the eastern regions. It is noteworthy that so far there is no evidence that the employees of the Wagner PMC were in the territory of the North African state at all. There are a couple of reports from the mission of the UN committee on sanctions against Libya on the Web, which mention the presence of these fighters in the east of the country, but all documents are based only on guesswork, since they could not provide evidence. During his stay in Tripoli, the CIA director also met with the head of the delegitimized Government of National Unity (GNU), Abd al-Hamid Dbeiba. According to the American edition, the meeting was held as part of President Joe Biden’s renewed campaign against Wagner PMCs. Moreover, shortly after that, the US Treasury announced the recognition of the criminal nature of this organisation.”
65. Ukrainian SBU Dismantled FSB Spy Network in Dnipro
On February 3rd Ukraine’s SBU announced that they “exposed the Russian agency, which was spying on the positions of special forces of the Armed Forces of Ukraine and preparing terrorist attacks in the Dnipropetrovsk region. The attackers gathered intelligence about the location and movement of units of the Defence Forces in the front-line areas of eastern Ukraine. First of all, they tried to reveal the locations of the conspiratorial bases of the Special Operations Forces of the Ukrainian Armed Forces, as well as the locations of engineering fortifications and training centres of Ukrainian forces. For this purpose, the enemy’s accomplices constantly tried to expand their own network of informants, including among the Ukrainian military and law enforcement officers. In addition, in the case of the approach of occupying groups to the Dnipropetrovsk region, FSB agents were to provide them with support in the form of sabotage and terrorist attacks in the region. According to the investigation, the agent cell was headed by a former employee of the local unit of the disbanded militia, who was recruited by the Russian intelligence services long before the start of the full-scale invasion. The attacker actually had the status of an enemy resident and was tasked with forming his own agent network to carry out intelligence and subversive activities against Ukraine. After February 24 of last year, the enemy intensified the activities of his residency to collect intelligence. In case of capture of the region, the Russian invaders promised their henchmen leading “positions” in the local occupation administrations. The officers of the SBU gradually documented the facts of the criminal activities of enemy agents. During searches of their places of residence, law enforcement officers found: ️firearms with silencers; grenades; ️cartridges of various calibers; ️means of communication for conspiratorial communication with representatives of the FSB.”
66. Podcast: Grey Dynamics: GEOINT, OSINT & Facing Vicarious Trauma with Benjamin Strick
On February 3rd Grey Dynamics published this new podcast episode. As per its description, “this week I spoke to Benjamin Strick, director of investigations at the Centre for Information Resilience. He leads teams using open-source intelligence to support civil society, media, government and accountability mechanisms. He is also a Bellingcat contributor and previously worked as an investigator at BBC Africa Eye.”
67. DPRK Targeting of Medical Research and Technology Sector
This week the private cyber threat intelligence firm WITH Secure published this intelligence report for DPRK (North Korea). As per its introduction, “during Q4 2022, WithSecure™ responded to a cyber-attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group. Amongst technical indications, the incident observed by WithSecure™ also contained characteristics of recent campaigns attributed to Lazarus Group by other researchers. The campaign targeted public and private sector research organizations, the medical research and energy sector as well as their supply chain. The motivation of the campaign is assessed to be most likely for intelligence benefit. Previous reporting on similar campaigns highlights the targeting of technology with military implementations and WithSecure™ assesses that this type of targeting continued through Q4 2022. WithSecure™ Threat Intelligence has named this report ‘No Pineapple’ due to an error message in a backdoor which will append < No Pineapple! > in the event data exceeds segmented byte size.”
68. Swiss Air Force Receives First Two Hermes 900 UAVs
Janes reported on January 31st that “the Swiss Air Force is flying operational testing sorties on two of its planned six Elbit Hermes 900 unmanned aircraft. The Swiss Air Force has received the first two of six Elbit Systems Hermes 900 Heavy Fuel Engine (HFE) unmanned aerial vehicles (UAVs) that were ordered under the Reconnaissance Drone System 15 (ADS 15) requirement. The Swiss Federal Department of Defence, Civil Protection, and Sport (VBS) announced the milestone on 30 January, approximately nine months after Israel delivered the aircraft to the Swiss Federal Office for Armaments (Armasuisse) for in-country flight trials. “The military aviation authority has issued the necessary certification. This means that the air force can now start building up the operational capabilities for the ADS 15 reconnaissance drone system,” the VBS said.”
69. German Football Coach Unmasked as “Russian Double Agent”
Following 2022 week 51 story #31, 2022 week 52 story #4, 2023 week 1 stories #32 and #40, and 2023 week 2 story #52, on February 3rd The Telegraph published this exclusive story saying that “the alleged Russian spy at the center of the biggest European intelligence scandal in decades can today be identified as volunteer football coach Carsten Linke. The Telegraph can reveal that Mr Linke, a 52-year-old father of two, is the alleged double agent in Germany’s foreign intelligence service (BND) arrested for treason last December. Mr Linke was a rising star of the BND, Germany’s foreign intelligence agency, where he oversaw units tasked with spying on foreign communications and internal security. He is suspected of passing on top-secret intelligence to Moscow, some of which is believed to be related to Ukraine. His arrest has embarrassed Germany’s spy agency and raised major questions for Western allies sharing intelligence at the height of a ground war in Europe. Before his arrest, Mr Linke was thought to be on his way to becoming one of the top officials in the BND and was already privy to highly sensitive intelligence that was being shared among Western spies. With the help of a courier, he was alleged to have used this position to pass intelligence on to Moscow on two separate occasions last autumn. But in his home town of Weilheim in Bavaria, Mr Linke was an engaged member of the community. He was active at the local football club, where he coached several youth teams and told anyone who asked that he was a soldier. The Telegraph can confirm that Mr Linke organised a barbecue at the club where he met a Russian-born German businessman who would become a courier for his espionage. In trips to Moscow, Arthur E, who has not been fully identified because of German privacy laws, is believed to have fed Russia’s FSB agency with classified intelligence relating to the battlefield in Ukraine. Mr E is believed to be co-operating with authorities whom he has told that they took money in exchange for their actions. Mr Linke’s lawyer has so far refused to comment. German authorities are now furiously trying to ascertain whether Mr Linke was part of a larger network inside the BND or whether he acted alone. Locals in the town of Weilheim said that Mr Linke was known around for his commitment to the football club, but was also known to go missing for months at a time. Fellow coaches, meanwhile, have said he was “a father figure” to the youths under his tutelage as well as a disciplinarian. Mr Linke’s identity can be revealed as European leaders on Thursday and Friday visited Volodymyr Zelensky, the Ukrainian president, in Kyiv.”
70. Turkey: Tolga Demirbaş, the Suspect in the Murder of Sinan Ateş, Asked for Help from the Former MIT Officer
As ODA TV4 reported on February 2nd, “it has been discovered that Tolgahan Demirbaş, one of the critical figures arrested in the Sinan Ateş murder investigation, sought help from Çağlar Zorlu, who is stated to be a former MİT officer, to find out where Sinan Ateş went through his phone number. Cumhuriyet newspaper writer Barış Terkoğlu wrote in today’s article that Çağlar Zorlu fulfilled Tolgahan Demirbaş’s request and found the addresses he went to via his phone number and gave them.”
71. United States: CIA Chief Warns Against Underestimating Xi’s Ambitions Toward Taiwan
On February 3rd Reuters reported that “U.S. Central Intelligence Agency Director William Burns said on Thursday that Chinese President Xi Jinping’s ambitions toward Taiwan should not be underestimated, despite him likely being sobered by the performance of Russia’s military in Ukraine. Burns said that the United States knew “as a matter of intelligence” that Xi had ordered his military to be ready to conduct an invasion of self-governed Taiwan by 2027. “Now, that does not mean that he’s decided to conduct an invasion in 2027, or any other year, but it’s a reminder of the seriousness of his focus and his ambition,” Burns told an event at Georgetown University in Washington. “Our assessment at CIA is that I wouldn’t underestimate President Xi’s ambitions with regard to Taiwan,” he said, adding that the Chinese leader was likely “surprised and unsettled” and trying to draw lessons by the “very poor performance” of the Russian military and its weapons systems in Ukraine. Russia and China signed a “no limits” partnership last February shortly before Russian forces invaded Ukraine, and their economic links have boomed as Russia’s connections with the West have shriveled. The Russian invasion had fueled concerns in the West of China possibly making a similar move on Taiwan, a democratic island Beijing says is its territory. China has refrained from condemning Russia’s operation against Ukraine, but it has been careful not to provide the sort of direct material support which could provoke Western sanctions like those imposed on Moscow.”
72. Podcast: SpyCast: “The Lion and the Fox — Civil War Spy vs. Spy” — with Alexander Rose
On January 31st the International Spy Museum’s SpyCast published this new podcast episode. As per its description, “Liverpool. The city of the Beatles. The home of Liverpool F.C., winner of six European Cups. Did you know that there — thousands of miles away from the bloody battlefields of Fredericksburg, Shiloh, and Gettysburg — the U.S. Civil War played out? In fact, it was a key part of the strategies of both the North and the South since at that time it produced more ships than every other dockyard in the world combined. The North wanted to choke off the South, with the help of spies; but the South wanted to build a navy, with the help of spies. Who would prevail? This is the story of spy-vs-spy, North vs South, and Thomas Dudley vs James Bulloch.” The intelligence topics covered are: 1) The secret plot to build a Confederate Navy, 2) Why Liverpool was so important to both the North and the South, 3) How Civil War espionage played out in Great Britain, and 4) The high-level spy the South had in the British Foreign Office.
73. America’s Secret Military Deployment on British Cyprus
Declassified UK published this article on February 1st stating that “the US Air Force has had a base on British territory on Cyprus for nearly half a century, but its size is kept secret from the public on both sides of the Atlantic. Declassified now reveals the increasing US military presence on the Mediterranean island.” The highlights mentioned in the article are: 1) US Air Force is expanding its deployment on RAF’s Cyprus base to 129 airmen, 2) New 147-room installation is being built by US military across 1.5 acres of British base to house its personnel at cost of $27m, 3) US spy force, 1st Expeditionary Reconnaissance Squadron, is permanently deployed at the British base, 4) UK Ministry of Defence refuses to disclose number of US military personnel on the British territory — or if American bombing missions are flown from it, 5) Pentagon claims it only has one airman on Cyprus — and ignores Declassified’s request for clarification, 6) Top secret GCHQ document notes: “Cyprus hosts a wide range of UK and US intelligence facilities”, and 7) Cypriot working on the UK base area tells Declassified: “There is a big US presence, I don’t know how that works or why”.
74. Poland: Russia’s Hostile Information Operations
The Polish intelligence issued this press release on February 2nd stating that “the Government Plenipotentiary for Information Space Security, Stanisław Żaryn, presented the current activities of Russian propaganda, among which extensive attempts to spread false information were identified that the Polish authorities were preparing for the mobilisation of Ukrainians staying in Poland, and were planning to send refugees living in Poland to Ukraine. To authenticate its message, the Russian disinformation apparatus uses a fabricated letter from the Ministry of Interior and Administration, sends e-mails impersonating one of the Ministry’s departments and distributes posters with a fake QR code of the Office for Foreigners with an appeal to collect data on Ukrainians living in Poland. As the Plenipotentiary pointed out, Russian disinformation activities are aimed at destabilising the situation, fuelling hostility between Poles and Ukrainians, and lowering Ukraine’s trust in its Western allies. The parallel goal of the activities was also to obtain data useful for Russia. The plenipotentiary stressed that the public opinion should be warned against disinformation operations conducted by Russia, because the Russian Federation treats the information space as a strategic area of its activities. What’s more, the incidents recently identified in the infosphere are probably preparations for an international campaign, and similar operations are being carried out in other countries — e.g. In Lithuania.”
75. Report on Russian SVR Cyber Espionage Operation
The private intelligence firm Recorded Future released this intelligence report. As per its executive summary, “BlueBravo is a threat group tracked by Recorded Future’s Insikt Group that overlaps with the Russian advanced persistent threat (APT) activity tracked as APT29 and NOBELIUM. APT29 and NOBELIUM operations have been previously attributed to Russia’s Foreign Intelligence Service (SVR), an organization responsible for foreign espionage, active measures, and electronic surveillance. In October 2022 we identified BlueBravo staging GraphicalNeutrino malware within a malicious ZIP file. The staging and deployment of this ZIP file overlaps with the previously employed dropper EnvyScout, the use of which is linked to APT29 and NOBELIUM. BlueBravo used a compromised website containing the text “Ambassador`s schedule November 2022” as part of a lure operation. Based on the theme of this lure, we suspect that the targets of this campaign are related to embassy staff or an ambassador. This targeting profile aligns with previous reporting from InQuest in early 2022 that describes the group, reported as NOBELIUM, employing a lure document titled “Ambassador_Absense.docx” that displayed content relating to the Embassy of Israel. Following deployment and execution, InQuest reported that the malware, BEATDROP, employed trello[.]com for command-and-control (C2) in an attempt to evade detection and create challenges in attributing the activity. Similar to the use of Trello for data exchange by BEATDROP, we have found that GraphicalNeutrino uses the United States (US)-based, business automation service Notion for its C2. The use of the Notion service by BlueBravo is a continuation of their previous tactics, techniques, and procedures (TTPs), as they have employed multiple online services such as Trello, Firebase, and Dropbox in an attempt to evade detection. The abuse of legitimate services, such as those employed by BlueBravo, presents a complex issue for network defenders due to the difficulty of defending against malicious access to legitimate services. The use of this technique is becoming more common and will continue to pose a problem for network defenders. GraphicalNeutrino acts as a loader with basic C2 functionality and implements numerous anti-analysis techniques including API unhooking, dynamically resolving APIs, string encryption, and sandbox evasion. It leverages Notion’s API for C2 communications and uses Notion’s database feature to store victim information and stage payloads for download. While we are unable to assess the intended targets of this operation based on the data available, it is likely that ambassadorial or embassy-themed lures are particularly effective during periods of heightened geopolitical tensions, such as is the case with the ongoing war in Ukraine. During such periods, Russian APT groups are highly likely to make extensive use of diplomatically themed lures, as the information potentially gathered from the compromise of entities or individuals receiving such communications is likely to have a direct impact on Russia’s foreign policy and broader Russian strategic decision-making processes. Based on historical APT29 and SVR cyber operations and active measures, we assess it is likely that additional countries at the nexus of the conflict are at risk of targeting. This targeting almost certainly represents an ongoing interest from threat actors affiliated with the SVR and aligns with their continued intent to gain access to strategic information from entities and organizations engaged in foreign policy. Any country with a nexus to the Ukraine crisis, particularly those with key geopolitical, economic, or military relationships with Russia or Ukraine, are at increased risk of targeting.”
76. Podcast: State Secrets: The Classified Mess and How to Clean it Up
On February 2nd The Cipher Brief’s State Secrets podcast published a new episode. As per its description, “in this week’s State Secrets, host Suzanne Kelly talks with former Deputy Director of National Intelligence and Presidential Briefer, Beth Sanner about the discovery of classified documents in the homes and offices of former and current political leaders. Beth shares first-hand accounts from her time serving as former President Donald Trump’s briefer and helps pull back the curtain on where the gaps are in securing classified information.”
77. Ukrainian SBU Detained FSB Agent in Odessa
On February 4th Ukraine’s Security Service (SBU) announced that they “exposed a deeply conspiring FSB agent in Odessa. He turned out to be a former military man who had been in contact with the Russian intelligence services since 2010, and since 2020 — began to actively collect intelligence on the combat training activities of the Armed Forces of Ukraine in the territory of the southern region. He paid “special attention” to the course of international military exercises in the waters of the Black Sea and the training of ground units of the Armed Forces of Ukraine on training grounds, in particular combat calculations of Javelin anti-tank missile systems. He also tried to “monitor” the arrival of military products and dual-purpose goods in Ukraine through the sea ports of Odessa, Mariupol, Chornomorsk, Izmail and Skadovsk. SBU officers documented the facts of intelligence and subversive activities of an enemy agent and identified his Russian supervisors. At the final stage of the special operation, counter-intelligence officers of the Security Service detained the henchman of the aggressor. According to the investigation, the traitor turned out to be a local resident, who in 1990 graduated from the Kostroma higher command school with a specialty of “chemist-reconnaissance”. Then, until the mid-90s, he served in the headquarters of the Odessa Military District and retired with the rank of captain. After that, he got into business and opened a store selling sports equipment in the centre of the regional centre. In addition, he engaged in smuggling of relevant products from the Russian Federation. In this way, he came to the attention of the Russian intelligence services. During another stay on the territory of the Russian Federation, he was recruited by a case officer of the FSB department in the Kursk region. It was he who, before the full-scale invasion, worked out for his agent the task of gathering intelligence for the benefit of the aggressor country. Closed electronic communication channels were used for communication. The agent also transmitted intelligence “reports” during personal meetings in the Russian Federation. For the performance of enemy tasks, the traitor hoped to receive help from the occupiers regarding the alienation of real estate worth 200,000 dollars in his favour. in temporarily occupied Crimea.”
78. Court in Moscow, Russia Arrests Espionage Suspect
Media Zone reported on February 2nd that “the investigation sent a petition to the Lefortovsky District Court of Moscow to arrest S. N. Peshkov in the case of treason (Article 275 of the Criminal Code). Media Zone found the relevant information in the database of Moscow courts. Later, the press service of the court told RIA Novosti that the petition had been granted. Details about the identity of the detainee, as well as the details of his criminal case are not known. In November, the same court sent Gleb Verdiyan, a 21-year-old student from Astrakhan, accused of treason, to jail. Verdiyan was a second-year student at the Faculty of Economics of the Astrakhan State University of Architecture and Civil Engineering. What is the reason for his criminal prosecution is not known.”
79. United Kingdom: Julian Lewis, the Combative Conservative Intelligence Overseer Seeking Further Oversight
Intelligence Online published this article on February 3rd saying that “the veteran MP and chair of the Intelligence and Security Committee Julian Lewis was not necessarily destined to become the guardian of the unit’s capabilities. Behind the committee’s complaints of a lack of communication from the intelligence services and government lurks a battle with much higher stakes: who will be in charge of overseeing the new Investment Security Unit and Counter Disinformation Unit.”
80. United States: Burn Bags and Tracking Numbers: How the White House Handles Classified Files
The New York Times published this article on January 30th stating, among others, that “the most highly classified and sensitive materials, like the president’s morning intelligence briefing, are usually created outside of the White House and deep inside the nation’s spy agencies: the Central Intelligence Agency, the Defense Intelligence Agency, the National Security Agency. When they are ready to be delivered to the president, vice president or other senior official at the White House, they are usually sent through the government’s classified email system, to an office inside the N.S.C. called the “intel shop.” That office is in the Eisenhower Executive Office Building next to the White House and run by a handful of former intelligence officers and others with experience guarding the nation’s secrets. Using special printers connected to the classified email system, the intel shop prints out the documents and assembles them into a binder, according to people familiar with the process. Once the binder is ready, the person who intends to brief “the principal” — shorthand for the president or vice president — will come to the intel shop and pick it up. The aide will place the classified material in a briefcase-like bag with a zipper and a lock. The pickup is logged by officials at the intel shop: a description of the material; who picked it up; what time it left; and the name of the person who was getting the documents. After the briefing is completed, the aide is supposed to pack the binder in the locked bag and take it back to the intel shop, where its return would be logged and — in most cases — the documents would be placed into “burn bags” and later destroyed, according to several people familiar with the process. In some cases, however, the principal elects to keep the documents for days or even weeks. In those cases, the intel shop officials are supposed to keep track of what documents are outstanding and remain in touch with the person who picked up the material so it can eventually be returned and disposed of. Two people who worked in previous administrations, who asked for anonymity to discuss classified material, said officials in the intel shop were typically relentless about making sure the most highly classified documents were given back. Some of those documents are even numbered, to make it easier to trace classified information to a particular person. One of the people who handled such documents in a previous administration said that a “sliver” of information is protected by the C.I.A. that is highly compartmentalized and very hard to print, and when it is printed, it is usually tracked. If that kind of information is revealed to be part of the documents found in the homes of Mr. Biden, Mr. Trump or Mr. Pence, the former official said, it would be a breach of the classified information handling rules. It would mean, the official said, that either staff members failed in their duty to keep track of the documents or that someone was trying to willfully keep them in an unauthorized way.”
81. Albanian SHISH Announces Intelligence Chiefs Meeting
This week the Albanian State Intelligence Service (SHISH) issued a press release stating that “All together for the citizens. The State Intelligence Service, on 25.01.2023, welcomed a meeting between the heads of intelligence and law enforcement agencies in the country, such as the State Intelligence Service (SHISH), General Prosecutor’s Office (PP), Special Structure Against Corruption and Organised Crime (SPAK), National Bureau of Investigation (BKH), Directorate of General of the State Police (DPPSH) and the Police Supervision Agency (AMP). The deputy director of SHISH, Mr. Oljan Kanushi, thanked the participants for the meeting at the Central Headquarters of the State Intelligence Service emphasising the role of SHISH as an intelligence body and its primary mission to maintain national security. The discussion between the parties focused on issues of guaranteeing national security and the fight against illegality. The heads of the agencies underlined the need for strengthening cooperation in these areas and to coordinate work in the service of citizens.”
82. Watch for These Key Espionage Trends in 2023
On January 29th Clearance Jobs published this article saying that “a lot of espionage activities took place within the United States and abroad in 2022. Indeed, a quick review of the top five of 2022 showed a healthy presence of Russia and China. Not surprisingly, we predict 2023 will be more of the same. China and Russia will continue to invest in their espionage operations targeting the United States and its allies. In addition, criminal entities will continue to target both government and private sector actors for their information (PII and intellectual property). We can also expect to see the odd country decide it is in their national interest to obtain specific information or attempt to influence economic or political policy in the United States. In sum, 2023 is going to be a busy year for the counterintelligence and counterespionage teams in government and the private sector, both those who operate within the NISPOM/DCID, and those who have no government engagement. Information/data has always been the goal of the nation’s adversaries in their espionage operations, nothing changes for 2023, and our information/data remains a target. Let’s dig in and expand. On January 19, acting director of the National Counterintelligence Security Center (NCSC), Michael Orlando, speaking at the Clearance Jobs hosted the webinar “2023 The Year Ahead in Counterintelligence and Security” which highlighted areas worthy of approbation.” The topics emphasised by the article are: 1) China, 2) Critical Infrastructure — Supply Chains, 3) Russia, and 4) Counter-intelligence Programmes.
83. Switzerland: Countering Espionage and Proliferation: Targeting Academia
On January 30th the Swiss intelligence (FIS) issued this publication. As per its introduction, “as part of its Prophylax prevention programme, the Federal Intelligence Service (FIS) has been running the Technopol programme since 2013, which is specifically aimed at universities, colleges and research institutes. The FIS has now published a brochure describing Technopol’s instruments for combating espionage and proliferation in the academic environment. The Federal Intelligence Service (FIS) has been running the Prophylax awareness programme since 2004, which draws the attention of companies, business organisations and research institutions to the threats posed by proliferation and espionage. Prophylax fulfills the statutory mandate of the FIS to run information and awareness-raising programmes about threats to internal and external security (Art. 6 Para. 6 of the Federal Law on the Intelligence Service). As part of Prophylax, Technopol serves to raise awareness at universities, colleges and research institutes in Switzerland and Liechtenstein. Technopol is aimed at members of universities, colleges and research institutes and shows why they can be an interesting research target for foreign intelligence services. At the same time, awareness of the threat of espionage and the potential for misuse of the knowledge and know-how imparted in teaching, research and administration at the institutions mentioned should be sharpened. In addition to raising awareness, Technopol offers the target audience concrete security measures for better protection against illegal knowledge and technology transfer and unwanted information and data leakage.”
84. Head of Russia’s SVR Presented Prizes in Literature and Art
On January 31st the Foreign Intelligence Service (SVR) of Russia made this announcement that “the team of the Loktev Children’s Song and Dance Ensemble became one of the winners of the Yevgeny Primakov Prize of the Foreign Intelligence Service of Russia in the field of literature and art for 2022. The solemn award ceremony was held on Tuesday at the site of the international media group “Russia Today” in Moscow. The director of the Foreign Intelligence Service Sergey Naryshkin presented the awards to the laureates. Despite the secrecy, the intelligence profession is so bright and so heroic that it serves as a source of inspiration for cultural figures, writers, cinematographers, screenwriters, journalists, said Dmitry Kiselev, General Director of the Rossiya Segodnya International News Agency, opening the ceremony. “And as the secrecy is sometimes lifted, the bright works appear,” he added. According to Naryshkin, three SVR awards are usually awarded, but 2022 marked the centenary of domestic illegal intelligence, and many talented and bright works were submitted for the award. Therefore, the leadership of the SVR decided to award the 2022 prize for five works.”
85. United States: Beyond Pixels: How NGA is Integrating Commercial Analytic Services into Agency Workflows
The US National Geospatial-intelligence Agency (NGA) issued this press release no January 30th saying that “NGA’s Economic Indicator Monitoring contract may not be one of the agency’s best-known or biggest contracts. But its innovative approach and initial achievements are drawing attention both inside and outside the agency since the contract was awarded 17 months ago. Why? The Economic Indicator Monitoring contract, known as EIM, is a model for NGA’s integration of commercial solutions into agency processes to further national security capabilities and mission. It also is providing a preview of how the agency and the entire GEOINT enterprise might better harness the power of commercial GEOINT, which includes cutting-edge support stretching well beyond imagery. “EIM demonstrates how we can strengthen our national security and global partnerships when we harmonize our government capabilities with those of the commercial sector,” said Shelby Pierson, deputy director of NGA’s Source Management and Operations component. “This type of holistic approach, which was jointly developed by Source and Analysis, uses the full spectrum of tools and diverse sources available to us as a GEOINT community … helping ensure we get the right data to the right users at the right time,’’ Pierson said.”
86. Congo Expels Rwandan Troops Who Were Spying on FARDC & EACRF
The African Insider reported on February 1st that “the Congolese military intelligence have caught some FARDC defence soldiers who had infiltrated, or embedded themselves, inside the EACRF. The East African Community Regional Force, that is headed by the Kenyan troops in Goma, to spy on the Congolese government and pass information to the M23.”
87. Poland: ABW Announcement of the Death of Officer Michał M.
On February 2nd the Polish Internal Security Agency (ABW) issued this announcement saying that “this judgment unequivocally confirmed the untrueness of the information provided in this case by “Gazeta Wyborcza” in the article of May 26, 2021 (a copy of the judgment is below). Referring to the untrue statements contained in the article of “Gazeta Wyborcza”, we would like to inform you: It is not true that Michał M. was a subordinate of Col. Radosław Żebrowski, the men mentioned never worked in one ABW organisational unit. Contrary to the claims of W. Czuchnowski, the meeting described in the article never took place, moreover, Michał M. was never in the office of Col. Radoslaw Żebrowski. Colonel R. Żebrowski left the service at his own request in connection with the acquisition of full retirement rights. The personnel order to dismiss from service was issued on April 16, 2021, i.e. more than a month before the described tragic event. Daniel Obajtek has a security clearance authorising access to classified information marked with the “Confidential” marking, issued on September 16, 2019 on the basis of the vetting procedure, i.e. almost two years before the tragic death of Michał M. Therefore, there are no actual grounds for linking the tragic death of Michał M. with the person of Daniel Obajtek. The article by Gazeta Wyborcza, which allegedly links the death of an ABW officer with information about Daniel Obajtek, is a deliberate, yet another manipulation based on imaginary theses that disinform and mislead the public. The journalist of “Gazeta Wyborcza” shamefully uses the fact of the tragic death of Michał M., de facto desecrating his memory, and at the same time violates the good name of the Internal Security Agency and its officers. In connection with the above, the Head of the Internal Security Agency will once again submit a request for an order to publish the correction of false information provided by “Gazeta Wyborcza”.”
88. Iranian Cyber Espionage Operation Targeting Middle East
On February 2nd private cyber security and intelligence firm TrendMicro issued this technical analysis for a new operation of an actor dubbed as APT34, previously associated with the intelligence services of Iran. As per the article, “on December 2022, we identified a suspicious executable (detected by Trend Micro as Trojan.MSIL.REDCAP.AD) that was dropped and executed on multiple machines. Our investigation led us to link this attack to advanced persistent threat (APT) group APT34, and the main goal is to steal users’ credentials. Even in case of a password reset or change, the malware is capable of sending the new credentials to the threat actors. Moreover, after analyzing the backdoor variant deployed, we found the malware capable of new exfilteration techniques — the abuse of compromised mailbox accounts to send stolen data from the internal mail boxes to external mail accounts controlled by the attackers. While not new as a technique, this is the first instance that APT34 used this for their campaign deployment. Following this analysis, it is highly likely that this campaign’s routine is only a small part of a bigger chain of deployments. Users and organizations are strongly advised to reinforce their current security measures and to be vigilant of the possible vectors abused for compromise.”
89. United States: DNI Haines Delivers Keynote Address on Overclassification at PIDB Meeting, and Much More
On February 2nd Unredacted published this article with its introduction saying that “the Public Interest Declassification Board (PIDB) recently held a two-day conference at the LBJ presidential library to discuss classification issues and reforming the current executive order on classified national security information, EO 13526. The event was in-person but the keynote address from Director of National Intelligence, Avril Haines, as well as a series of panels, were taped and are available online. Highlights from the conference include: An Evening with Director of National Intelligence Avril Haines; LBJ Library Discussion on Presidential Records and the National Archives; Government Historians on Working with Classified Information; Classified Information and the Media”
90. New North Korean Cyber Espionage Operation Targeting South Korea
On February 3rd cyber threat intelligence researcher Kimberly discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as KIMSUKY, previously associated with the government of North Korea. The operation involved a lure document impersonating the South Korean Institute of International Economic Policy (KIEP) titled “[KBS 일요진단]질문지.docx” (translated: [KBS Sunday Diagnosis] Questionnaire.docx) which, if opened, was covertly installing a custom cyber espionage software implant.
91. Russian FSB Declassifies 1942 Battle of Stalingrad Documents for its 80th Anniversary
On January 31st the Russian FSB issued this press release stating that “on the eve of the celebration of the 80th anniversary of the defeat of the Nazi troops by the Soviet troops in the Battle of Stalingrad, the Centre for Public Relations of the FSB of Russia publishes on the official website of the department in the heading “Archival materials” of the section “History” an explanatory article and digital copies of the declassified documents stored in the Directorate of the FSB of Russia for the Volgograd Region documents on the activities of employees of the territorial Directorate of the NKVD.” You can find the declassified content in the FSB’s website here.
92. Podcast: Spycraft 101: TRIGON: The Hero Who Betrayed the Soviet Union with Alejandra Suarez Ogorodnik
On February 4th Spycraft 101 published a new podcast episode. As per its description, “born in 1975, Alejandra Suarez Barcala grew up without her father. For years her mother told her that he’d been a German mathematician, killed in an automobile accident when she was a baby. It wasn’t until she was 13 years old that Alejandra learned who her father really was. Aleksandr Ogorodnik was a Soviet diplomat in Bogota, Colombia when he was recruited by the Central Intelligence Agency. Ogorodnik had fallen in love with a Spanish woman he met in Bogota in 1973. Their two-year clandestine love affair resulted in Alejandra’s birth after her mother returned to Madrid. The CIA learned of the affair from signal intercepts and leveraged it into their recruitment pitch. Aleksandr accepted their offer and began providing incredibly valuable intelligence to his new handlers. When he was recalled to Moscow in October 1974, the risk to him increased exponentially; but so did his access to valuable information. He was soon able to photograph a Soviet policy paper regarding China which Secretary of State Henry Kissinger later referred to as “the most important piece of intelligence that he had read as Secretary of State.” Assigned the cryptonym TRIGON, Ogorodnik continued his espionage until 1977, when he was arrested by Soviet counterintelligence. He is believed to have been betrayed by Karel Koecher, a Czech mole who infiltrated the CIA, working as a translator. During his arrest, Ogorodnik bit down on a suicide pill concealed in a Montblanc ink pen issued to him by the CIA. He died on the spot, before he could be brought to trial. Marti Peterson, the case officer assigned to him and the first female case officer in Moscow, was arrested the following month when she serviced a dead drop location, unaware that the KGB lay in wait for her. Two competing narratives of Ogorodnik’s life and death emerged in the ensuing years: one American, one Soviet. After learning of her true father’s name and fate in 1988, Alejandra has sought the truth of how her father lived, and died.”
93. Unknown Actor Conducting Cyber Espionage in Libya
The Malware Hunter Team discovered and disclosed technical indicators of an active cyber espionage operation targeting Libya, not attributing it to any known cyber actor. The operation involved a lure archive titled “projects in Libya.zip” which contained a file titled “Pipelines Profile (Elfeel- Sharara-Mellitah + Wafa — Mellitah).lnk” and, if opened, was covertly installing a custom cyber espionage software implant.
94. Turkey’s Foreign Ministry Turns into Erdoğan’s Intelligence Arm with Neo-Ottoman Ambitions
Nordic Monitor reported on February 2nd that “a political operative who comes from a family that runs a secret slush fund on behalf of Turkish President Recep Tayyip Erdoğan landed in the number-two position at the Turkish Foreign Ministry, which has already become a focal point for clandestine operations conducted abroad by the Islamist ruling Justice and Development Party (AKP). Yasin Ekrem Serim, a 37-year-old man who has never really served in any diplomatic post, was appointed as a deputy foreign minister by President Erdoğan on October 16, 2022 after he had served in various advisory positions in the government thanks to his father, Maksut Serim, who is a chief advisor to the Turkish president. Maksut, dubbed Erdoğan’s “secret keeper,” had managed a secret discretionary fund available for Erdoğan’s personal use for years. The fund, earmarked in the general budget, is a tightly held secret and used to finance clandestine operations in Turkey and abroad under Erdoğan’s orders. There is no auditing or accounting of how the money is spent, and the paper trail for the expenditures is destroyed after review by a three-person committee headed by Maksut.”
