SPY NEWS: 2023 — Week 8

Summary of the espionage-related news stories for the Week 8 (February 19–25) of 2023.

1. Albania to Extradite Russian Photographer Over Espionage Charges

Following 2022 week 33 story #71 and 2022 week 34 stories #16 and #88, on February 20th Euractiv reported that “the Justice Ministry has given the green light for the extradition of Russian citizen and notorious photographer Svetlana Timofeeva who was arrested in Albania on charges of espionage in August 2022, though her lawyer fears she would face human rights violations if she returns to Russia. Timofeeva was caught along with two other individuals, entering closed military facilities dating from the communist era when Albania had a close allegiance with the Soviet Union. She was charged with espionage, while also being wanted in Russia for similar charges. “The Ministry of Justice has administered the request for extradition of the aforementioned subject, in which the General Prosecutor’s Office of the Russian Federation, in the capacity of the central authority, has given guarantees that the extradition request is not aimed at persecuting the person for political reasons, due to race, religion, nationality or political views etc”, the Ministry of Justice told BIRN. Timofeeva told the court at the start of February that she had divorced her husband and left Russia because of her views on Russia’s invasion of Ukraine. She said these views would leave her open to political persecution and she expressed a wish to remain in Albania. She will now undergo the extradition procedure and be sent back to Russia, despite protests from her legal representative. Isuf Shehu, her lawyer, said there are concerns that the claims made by Russia’s General Prosecutor are not true and that she could face human rights violations if she returns. “The Ministry of Justice must necessarily verify whether what the relevant institution of the requesting state, which is the General Prosecutor’s Office, says is true or not,” said Shehu. Concerns were also raised over cooperating with the country amid EU and US sanctions, and the ongoing war. The Albanian Ministry of Justice told BIRN “Cooperation in the field of justice has nothing to do with austerity measures, which are only political and economic.” They added they have followed the appropriate laws regarding extradition “to the letter.” Timofeeva has published two books and amassed a significant social media following as she photographed ex-Soviet sites around the world. She was arrested in Albania after entering a rundown weapons factory south of Tirana where AK-47s were once manufactured. Police found cameras, drones, phones, maps, and cash during the investigation. The authorities became even more suspicious when one of Timofeeva’s associates sprayed pepper spray at two guards once they were discovered. The three suspects remain in custody and deny all charges against them.”

2. Spy Collection: Copyroad KMC-60 Handheld Copy Machine

On February 20th we published this new video. As per its description, “in the late 1980s and early 1990s this Japanese handheld copy machine was produced by Copyroad. Its model was the KMC-60, and as we learned in October 2013 it was being used by at least one intelligence agency. The Turkish National Intelligence Organisation (MİT — Millî İstihbarat Teşkilatı) for espionage purposes.”

3. Pegasus Case: New Report Debunks Espionage Allegations Targeting Morocco

Morocco World News reported on February 19th that “spyware and malware researcher Jonathan Scott has published a new detailed report, debunking allegations and claims targeting Morocco on its alleged use of Pegasus spyware. Published on Saturday, the report concluded that the disregard for legal systems against illicit actions have allowed some organizations to “become their own global judicial system.” The author of the report noted that such systems, allowed these organizations to be exempted from the rules of criminal procedure — a situation that enabled them to point their finger at institutions and government bodies without providing “verifiable evidence for their claims.” “Such departure from the foundations of our collective justice system poses a grave threat to science and geopolitics,” he emphasized. Scott stressed the serious claims presented by NGOs, reaffirming that such accusations have the “potential to jeopardize international relations with other countries.” “The allegations of malicious software installed on the mobile devices of political opponents have been shown to be nothing more than normal iPhone processes that exist in every device,” Scott argued, emphasizing that such “false claims” by NGOs undermine computer and forensics science as a whole.”

4. Pakistani Cyber Espionage Operation Targeting India

On February 20th the RedDrip Team discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as TRANSPARENT TRIBE, previously associated with the government of Pakistan. The operation involved a lure document titled “Industrial Engineering.docm” impersonating a curriculum of the National Institutes of Technology of India which, if opened, it was covertly installing a cyber espionage software implant.

5. United States: Meet the Climate Scientist Helping Guide Biden on Spy Agencies

The Washington Post published this story stating that “the U.S. intelligence community has grappled with global warming for years, but its climate work has expanded and taken on extra urgency as heat waves, drought and disasters exacerbate political tensions around the world. In 2021, spy agencies published their first National Intelligence Estimate focused on climate change — a declassified rundown of many of the issues they’re worried about. That report was a window into how intelligence officials are thinking about climate change, warning among other things that competition over dwindling fresh water could lead to conflicts. Droughts and crop failures, they warned, could lead to large-scale migration and political pressure across borders, and the shift away from fossil fuels will destabilize petrostates. Now President Biden has appointed Brown University’s Kim Cobb as the first-ever climate scientist on the President’s Intelligence Advisory Board, an independent body that helps his office evaluate the quality of the intelligence he receives. Cobb, an expert on climate extremes and coastal flooding, was a lead author on an exhaustive United Nations report released in 2022 that detailed the latest scientific understanding of the dire consequences of climate change.”

6. Ukraine: Italian Journalists Accused of Being Russian Spies

On February 19th Italy 24 reported that “the Ukrainian authorities have banned three Italian journalists from reporting the war: Andrea Sceresini, Alfredo Bosco and Salvatore Garzillo. They are accused of being spies for the Russians. These are reporters who have been following the evolution of the fighting since 2014, well before the Russian invasion of February 24, 2022, and who in these nine years have correctly reported the war events, siding exclusively with the martyred population. Well, despite their proven professionalism, Sceresini and Bosco — who are in Kiev — were refused military accreditation overnight. Salvatore Garzillo, collaborator of Fanpage.it was pushed back to the Polish border instead. Apparently the three were included by the Ukrainian secret services in one blacklist of unwanted people with the serious accusation, never officially formalized, of being supporters of the Russians. In a letter sent to the Association Article 21 the lawyer Alessandra Balleriniwho defends the three reporters, explains: “In fact, this totally unfounded accusation translates into a very serious violation of the right to information and into a concrete risk for the safety of my Clients”.”

7. Israel: ‘Team Jorge’ Revelations Turn Spotlight on Avatar Market’s Technological and Legal Difficulties

Following last week’s stories #19 and #100, on February 20th Intelligence Online reported that “the series of investigations published about the cyber influence industry last week by journalists’ collective Forbidden Stories put the emphasis on the industry’s use of avatars to achieve its ends. Even before this, however, the industry was struggling with a growing number of technical and legal challenges. The same is true for the OSINT sector, which uses the same techniques.”

8. Ukrainian SBU States Former Intelligence Officer Operating as Russian Agent Sentenced to 14.5 Years in Prison

This is likely a follow up from 2022 week 9 story #82. On February 20th Ukraine’s Security Service (SBU) announced that “a “mole” who worked for the Russian intelligence services was sentenced to 14.5 years in prison. It was based on the SBU’s materials that a former employee of the Ukrainian intelligence service, who carried out intelligence and subversive activities for the benefit of the Russian Federation, was sentenced to 14.5 years in prison with confiscation of property. As Vasyl Malyuk, the Head of the SBU, said earlier, cleaning the Service of traitors and destructive elements is one of the key priorities today. “We are continuing the course of self-purification of the Service and are not going to stop. The SBU is not a place for Kremlin agents and people who do not believe in the victory of Ukraine. If someone betrayed the oath and the Ukrainian people, he must answer according to the law,” emphasized Vasyl Malyuk. According to the investigation, the perpetrator was a member of one of the regional bodies of the law enforcement agency. Three months before the start of the full-scale invasion, on his own initiative, he contacted a representative of the Russian intelligence service and offered him cooperation in exchange for money. On the instructions of the aggressor, the traitor secretly collected the identification data of his colleagues and their relatives, and already after February 24, he started scouting the locations of the deployment of units of the Defence Forces in the territory of the Kirovohrad region. First of all, he tried to identify the locations of possible bases of Ukrainian combat aircraft. The enemy agent planned to transfer the collected information to his Russian handler through closed channels of electronic communication in compliance with the measures of the conspiracy. However, SBU employees exposed the “mole”, documented his criminal activities and detained him at the end of February last year in Kropyvnytskyi.”

9. Podcast: Team House: From the Ranger Regiment to Planning the Bin Laden Raid at CIA — Aaron Brown

On February 25th the Team House published this new podcast episode. As per its description, “Aaron has over two decades of experience in law enforcement, Army Special Operations, and national security, including as a senior operations officer and field leader at the Central Intelligence Agency. Aaron is a proven problem solver and innovator, with experience leading complex, dynamic, and multimillion dollar intelligence missions across the globe, in war zones, austere environments, throughout the Near East, Eastern Europe, and Asia. Aaron supported CIA’s response to the Khowst Base bombing, one of the deadliest events in CIA history, and served as a leadership executive assistant during the Usama bin Ladin operation, one of CIA’s greatest successes. Aaron is a recognized expert in the exponential risk of surveillance technology. He has advised numerous intelligence community programs about such risks and developed advanced solutions for this rapidly growing threat–hundreds have attended his sensitive talks on technology, including CIA executives and senior leaders from the Special Operations community. Aaron‘s final role at CIA was as Deputy Chief of Operations for Southeast Asia, where he gained deep regional expertise. He has earned numerous Meritorious Unit Citations, 14 other CIA Awards, and the 2015 CIA Director’s Award for Mission Impact in a Foreign Language (Arabic). Aaron currently works as a senior director at an open source intelligence company he helped found. He helps private industry protect themselves from foreign nation state adversaries like China and Russia. He also helped found a nonprofit working to protect the U.S.’s critical infrastructure and technological edge. He advises DoD, CIA, the National Security Council, Department of Commerce, and numerous big tech companies, and is a guest lecturer at Georgetown’s School of Foreign Service.”

10. United States: Our Best Look Yet At The Chinese Spy Balloon’s Massive Payload

The Warzone published this article on February 22nd stating that “the Pentagon has now confirmed the authenticity of a picture taken from a U-2S Dragon Lady spy plane of the Chinese surveillance balloon that passed over parts of the United States and Canada earlier this month before being shot down. The U.S. military subsequently released a high-resolution copy of the image that gives us the best look to date at the balloon and the massive payload apparatus suspended below it. At a press conference earlier today, Deputy Pentagon spokesperson Sabrina Singh told reporters the picture was legitimate and that an official release would be coming. Chris Pocock, who runs the website Dragon Lady Today, and is a long-time aviation journalist, author, and expert on the U-2, posted a lower-resolution copy of the picture online yesterday. The War Zone was the first to report that at least two U-2Ss had been used to monitor the balloon and gather intelligence about it.”

11. United Kingdom: Metropolitan Police and MI5 Foil 15 Plots by Iran Against British or UK-based ‘Enemies’

Following 2022 week 46 story #59 and 2022 week 47 stories #21 and #53, this week The Guardian reported that “police and the security services have foiled 15 plots by Iran to either kidnap or kill British or UK-based individuals it considers “enemies of the regime”, counter-terrorism police revealed on Saturday. The toll of attempted assassinations and abductions was made public hours after a London-based Iranian broadcaster announced it had moved operations to the US after mounting safety concerns against its journalists from Tehran. Acting on advice from the Metropolitan police, Iran International TV “reluctantly” closed its London studios after state-backed threats meant it was no longer possible to protect the channel’s staff and the surrounding public. Matt Jukes, head of counter-terrorism policing at the Met, said the decision came against a backdrop of mounting threats from hostile states. “Our overall workload in investigating threats from foreign states has quadrupled over the past two years,” he said, adding that a range of protective security measures had been put in place to mitigate threats to other UK-based targets. “Officers from counter-terrorism policing alongside local officers and other specialists from the Met continue to work in response to potential threats projected from Iran against a number of UK-based individuals,” added Jukes.”

12. Video: Spycamerasaurus: The Soviet Union’s Disguised Button Camera — ‘Ajax’

On February 19th the Spycamerasaurus published this new video. As per its description, “the F-21, also known as ‘Ajax’, or variations of it, were made by the Krasnogorsk Mechanical Works (Russian abbreviation- KMZ) just outside Moscow from 1951 until the 1980s. It is a small camera with a spring motor film advance resembling a miniature Robot camera. The button camera is a concealed version of the F-21 in a special housing with remote release attachment to the front of the camera. The camera remains hidden with the lens concealed by a coat button. The centre of the button splits open when the remote is squeezed which simultaneously fires the shutter of the camera. The camera could be worn concealed on the body, under clothing, and operated using the remote control from inside a pocket. There are three distinct types- Type 1: The diaphragm is controlled by a lever in the corner of the cradle. Type 2: The diaphragm setting can be made from the remote release handle. Type 3: The button disguise was modified to allow for metering through a tiny hole near one edge of the button, since later versions of the F-21 had CdS metering. Today, the camera is fairly common. A good quality working version of the button device is rarer to find however.”

13. Fake Russian Diplomats Revealed as Heart of ‘Hive’ Spy Ring in Australia

The Sydney Morning Herald reported on February 24th that “a highly active “hive” of Russian spies posing as diplomats operated in Australia for more than 18 months before it was dismantled as part of a sweeping and aggressive counter-espionage offensive by ASIO. The Australian intelligence agency spent months tracking the Russian spy ring, which comprised purported embassy and consular staff and operatives using other deep cover identities, before ASIO finally moved to force the ring’s key players out of Australia, according to sources with knowledge of its operation. ASIO director-general Mike Burgess described the spying operation in a major speech he delivered in Canberra on Tuesday, but did not name Russia. Sources confirmed ASIO had uncovered the spy ring operating out of a number of locations, including the Russian embassy in Canberra, while the Morrison government was in power. The spy ring’s aim was to recruit Australians with access to classified information and, according to one source with knowledge of the Russians’ activity, use sophisticated technology to steal data and communicate without being intercepted. Rather than press for the expulsion of Russian embassy staff after President Vladimir Putin’s invasion of Ukraine — a move that occurred in other Western nations and which was sought by some within Australia’s intelligence community and Labor in early 2022 — ASIO instead conducted a clandestine counter-espionage probe.”

14. Ukrainian SBU Announced Belarusian KGB Clandestine Officer was Sentenced to 10 Years in Prison

On February 21st the Ukrainian Security Service (SBU) announced that “the SBU “cracked” an officer of the Belarusian KGB: now he will spend 10 years behind bars. The Security Service gathered evidence on a representative of the Belarusian intelligence service, who went to fight against Ukraine as part of the Russian private military company “Redout” (редут). In the ranks of the occupation group, he took an active part in combat operations against the Defence Forces of Ukraine in the Kharkiv and Kramatorsk directions. Among his main tasks was the collection of intelligence on samples of foreign weapons, which are received by the units of the Armed Forces of Ukraine from Western partners. In addition, he tried to find out plans for the possible participation of Russian PMCs in attempts to remove from power the current regime of self-proclaimed President Lukashenka. Ukrainian defenders captured an enemy henchman during one of the battles in Donetsk region last September. The detainee immediately tried to pass himself off as an “ordinary” militant and thus wanted to hide his affiliation with the Belarusian intelligence service. However, SBU military counter-intelligence officers “cracked” the intruder and received information from him about the assigned tasks. Based on the evidence of the Security Service, the court sentenced him to 10 years in prison. According to the investigation materials, the criminal is a resident of the Minsk region, who in December 2020 was enrolled in the 2nd anti-terrorist department of the KGB as a “reconnaissance officer”. After the start of the full-scale invasion, he was tasked with carrying out reconnaissance and subversive activities against Ukraine. According to the legend, he was supposed to act under the guise of a foreign mercenary, and to transmit the collected intelligence to Minsk through a liaison. To do this, last summer he arrived at the training camp of the Russian PMK, where he underwent operational and combat training under the leadership of staff members of the Russian intelligence services. Then he was transferred to the eastern front as part of the occupation group.”

15. Spy Way of Life: Beer Station in Warsaw, Poland

This week’s selection for Intelligence Online’s Spy Way of Life was “Beer Station: the Warsaw pub where the Belarusian dissidence’s plans are brewed.” As per the article, “this week, Intelligence Online heads down to a basement pub in central Warsaw, where exiled Belarusians gather to seek comfort and share critical information about their struggle against the Lukashenko regime over a choice selection of draught beers.”

16. Former US CIA Officer Jason Hanson Publishes New Videos

Throughout this week former United States CIA officer Jason Hanson published the following videos: 1) Ex CIA Reacts to a Man Brandishing a Firearm During an Altercation, 2) The Ranking System of Intelligence Information Explained, 3) Ex-CIA Officer Reacts to a man who attacked a car with a pipe in a road rage incident.

17. New Indian Cyber Espionage Operation Targeting Pakistan

On February 23rd ThreatBook cyber security and intelligence firm discovered and disclosed technical indicators of a new cyber espionage operation attributed to an actor dubbed as SIDEWINDER, previously associated with the government of India. The operation involved two lure documents titled “Overview of Flood Situation in Pakistan” and “Guidelines for Beacon Journal: 2023 Pakistan Navy War College (PNWC)” which, if opened, were covertly installing a cyber espionage software implant.

18. Taiwan: Ex-Army Colonel Who Spied for China Sentenced to 7.5 Years in Prison

Following 2022 week 47 story #23, Focus Taiwan reported on February 24th that “the Taiwan Kaohsiung District Court said Friday it had handed down a seven-and-a-half-year prison sentence to a retired Army colonel found guilty of corruption for taking money to provide information to China. The term given to 49-year-old Hsiang Te-en (向德恩) was less than the 12-year maximum sought by prosecutors. The district court also stripped the former head of the Kaohsiung-based Army Infantry Training Command’s Operations Research and Development Division of his political and civil rights for four years and ordered him to surrender NT$560,000 (US$18,332) obtained through espionage activities. According to the indictment, Hsiang began receiving monthly payments of NT$40,000 in late 2019 from a former news reporter Shao Wei-chiang (邵維強) to provide classified information to Beijing. The indictment stated that the two men first met at Hsiang’s wedding in 2011. Hsiang originally wanted to file for retirement from the military in 2018, but Shao persuaded Hsiang to stay and steal sensitive information for a fixed monthly payment. Between Oct. 31, 2019, and January 2022, Hsiang accepted a total of NT$560,000 from Shao in exchange for information that he had obtained from the military, according to prosecutors. To prove his loyalty to China, Shao asked Hsiang to hold a handwritten note pledging his allegiance to China while wearing his military uniform for a photograph in January 2020, prosecutors said in the indictment. The note stated: “I, Hsiang Te-en, hereby pledge to support cross-strait peaceful unification. I will do my best at my current post to fulfill the glorious task of pushing for peaceful unification for the motherland.” Hsiang’s alleged handler Shao, a former Army lieutenant who served as Taipei-based China Television Company’s Kinmen correspondent between 1993 and July 2019, has been charged with bribery, banking, and national security offenses by prosecutors in Kinmen.”

19. Japanese Man Sentenced to 12 years in Prison in China for Spying

On February 24th NHK World reported that “a Chinese court sentenced a Japanese national to 12 years in prison earlier this month for involvement in espionage. A Japanese government source said the man in his 50s was detained in July 2019 in Changsha in the inland province of Hunan, and was later indicted. But the charges were unknown. He was sentenced on February 8. In China, at least 16 Japanese nationals have been detained on suspicion of involvement in spying and other activities since 2015, a year after Beijing put an anti-espionage law into effect. Of them, 10, including the man, have been given jail terms.”

20. Poland: Indictment Against a Citizen of Russia in the Case of Espionage

Following 2022 week 15 story #24, on February 23rd the Polish National Prosecutor’s Office issued this press statement saying that “the suspect was detained in April 2022. Based on the materials collected by the Military Counterintelligence Service and the material collected in the course of the investigation, it was established that he participated in the activities of the Russian military intelligence by obtaining and collecting information on the Polish Armed Forces, including the location of individual units of the military, their organisational and staff structure, actual staffing, command structure, soldiers’ emoluments, as well as details regarding the armament of individual sub-units, the type of equipment and armament used, operational development, rules of communication and cooperation as well as cooperation of the troops. The information obtained was then passed on to the Russian intelligence service. The suspect had been residing in Poland legally for many years and ran a business. Based on his involvement in the activities of historical reconstruction groups, he established and maintained contacts, including social contacts, with soldiers of the Polish Armed Forces, which he used in his activities for the Russian intelligence. The suspect’s espionage activity was focused on military units located in the north-eastern part of Poland, as part of which he carried out tasks consisting in reconnaissance of important elements of the Polish Armed Forces.”

21. Podcast: Spycraft 101: An Activist Escaping Panama with Kimberly Muse

On February 20th Spycraft 101 released a new podcast episode. As per its description, “American businessman Kurt Muse was arrested in Panama on espionage charges in April 1989. Muse had spent much of his life in Panama. He owned a printing business there, and his wife Annie was a schoolteacher for the Department of Defense. Their children Kimberley and Erik had lived in Panama their entire lives. Kurt became involved in political activism after Manuel Noriega seized power in the early 1980s. He and other Panamanians created a clandestine radio network, broadcasting calls to action and listening in on military and police frequencies. They moved their equipment between a series of safehouses throughout Panama City to avoid detection. Their activities soon attracted attention from both Noriega’s government and the US Central Intelligence Agency. Kurt received funds from a CIA case officer known as “Father Frank” to rent more safehouses for the network. He was arrested on a return trip from Miami, FL after the wife of one of the group members betrayed them to the authorities. Kurt spent nine months in the notorious Carcel Modelo prison as US/Panama relations deteriorated due to this and other incidents, despite the fact that Noriega had previously been on the CIA’s payroll. His family and many members of his network made a harrowing journey to the United States. Then on December 20th, 1989, a rescue operation called Acid Gambit began, spearheaded by Delta Force as part of the larger invasion of Panama. Operators landed on the roof of the Carcel Modelo and freed Muse within six minutes, only for their helicopter to crash under heavy fire moments later. The team defended Muse on the ground until they linked up with ground forces, and he was soon back in the US, reunited with his family. For episode 72 of the Spycraft 101 podcast, I spoke with Kurt’s daughter Kimberley Muse, about her own experiences in Panama and what it was like to see her father arrested by the Panamanian secret police.”

22. Spymaster — Ukraine’s Bodyguard in Chief Sergiy Rud

Intelligence Online published this article on February 24th stating that “Ukraine’s department of state protection, UDO, which is responsible for Vladimir Zelensky’s security and other key interests at the heart of the state, has to meet the considerable challenge of protecting the president’s life under threat since the very first hours of the Russian invasion. Heading this key department is Sergiy Rud, a 45-year-old general and Donbass veteran.”

23. UK Military Intelligence Team Wins Western Europe’s ‘Largest Cyber Warfare Exercise’ Held in Estonia

The Record reported on February 23rd that “a team from British military intelligence placed first at a cyber warfare exercise described as “Western Europe’s largest” hosted at the CR14 cyber range in Estonia, the Ministry of Defence (MoD) announced this week. The exercise, titled Defence Cyber Marvel 2 (DCM2), was organized by the British Army and featured 34 teams from 11 countries, including the United Kingdom, India, Italy, Ghana, Japan, the U.S., Ukraine, Kenya, and Oman. It concluded on February 17th. The specific tasks the teams had to take on were not disclosed, however the MoD described a seven-day competition in which participants responded to “common and complex simulated cyber threats including attacks to networks, industry control systems and unmanned robotic systems.” The challenges were “simulating some of the tactics Russia used to disrupt Ukrainian cyberspace in the early days of the invasion one year ago,” the MoD stated. It took place at the CR14 in Tallinn — the digital equivalent of a traditional military shooting range. The Estonian Ministry of Defence described the range when it opened in 2019 as “a system capable of imitating the functioning of a complex computer network and providing the opportunity to practice various cyber operations without endangering regular computer networks.” Since then, C14 has become the regular host of the annual Locked Shields exercises, organized by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) based in Tallinn. The CCDCOE exercise is not limited to NATO members, and participants have historically included Japan and Ukraine.”

24. Childbirths in Argentina Turned into Suspicion of Espionage for the Russians

The Eastern Herald reported on February 20th that “the increased flow of Russian women coming to Argentina to give birth may serve as a cover for espionage. A similar version is not ruled out in the country’s parliament, MP Jose Manuel Lopez told RTVI. On February 10, the Argentine Migration Service refused to allow six pregnant Russian citizens into the country. The agency took into account false information about the purpose of entry, which they provided. Later the women were allowed to enter the country, but after this incident the Migration Service and the Federal Police of Argentina begin check the reservation, which in their applications for entry was indicated by Russian tourists who arrived on February 9 on a Turkish Airlines flight. As a result, it was found that 3 out of 25 addresses did not really exist. According to the director of Argentina’s Migration Board, Florencia Carignano, on February 9, there were 33 pregnant Russian women on board another Ethiopian Airlines flight. Many of them, as the official explained, come because a child born in Argentina automatically receives citizenship of the country by land law, and parents can apply for a residence permit. In total, according to Carignano, about 21,000 Russians came to Argentina last year, half of them pregnant women. At the same time, 7,000 Russian women LEFT out of the country after giving birth. At the end of January, the head of the consular service of the Russian Embassy in Argentina, Georgy Polin, in an interview with The Guardian saidthat in 2022, up to 2.5 thousand Russians moved to the country, including pregnant women.”

25. When Switzerland was the Location of Choice for Chinese Espionage

Swiss Info published this article on February 21st saying that “talk of spying by the Chinese over North America may be dominating the headlines — yet in the 1960s it was Switzerland that stood at the centre of a global Chinese espionage network. Half a century ago, the world’s newspapers had choice words for the scandal enveloping the Alpine nation. Headlines blared “Bern: the spy centre of Red China in Europe” and “Chinese diplomats train in Switzerland”. Yet the government consistently denied the claims: as late as 1965, the public prosecutor’s office stated that the “fairy tale” about a Chinese spy school in Switzerland had most likely been inspired by the James Bond film Goldfinger. Files from the Federal Archives, however, paint a different picture. Chinese secret agents set up dozens of international spy networks in the 1950s and 1960s — all of them from their base in Switzerland.”

26. United States Treasury Department Hits Russian Disinformation Operators with Sanctions

On February 24th The Record reported that “the Treasury Department announced a swath of sanctions on Russian companies and individuals on Friday, including a handful of entities connected to cybersecurity and disinformation operations with links to Russia’s intelligence services. The move by the Office of Foreign Assets Control especially targets Russia’s mining and minerals sector, but also goes after a range of technology companies and executives, with some having direct links to the sorts of disinformation operations that have targeted U.S. elections. These include 0Day Technologies — which created a powerful botnet and dashboard for running social media disinformation campaigns for the Federal Security Service (FSB) — and the companies Lavina Puls and Inforus, both of which “have provided technical support to malign influence operations conducted by the GRU [Main Intelligence Directorate], including the management of false social media personas,” OFAC said. “Over the past year, we have taken actions with a historic coalition of international partners to degrade Russia’s military-industrial complex and reduce the revenues that it uses to fund its war,” said Treasury Secretary Janet Yellen in a statement accompanying the announcement. The technology entities were sanctioned following an executive order signed by President Joe Biden in April 2021, which sought to punish Russia for interfering in domestic politics and for launching cyberattacks. The sanctions forbid companies and people within the U.S. from doing business with the listed entities and blocks their access to property on U.S. soil. In many cases, the sanctions are largely symbolic, given that companies associated with the Russian government are unlikely to do business in the U.S.”

27. Czech Counter-intelligence Chief Warns Against China

Radio Prague International reported on February 21st that “China presents a threat to security and stability in Europe, not only through the massive spread of disinformation, but also as the largest producer of medicines, Michal Koudelka, chief of the BIS counter-intelligence service, said at a conference in the Chamber of Deputies on Monday assessing relations with China over the past decade. According to Mr Koudelka, security risks coming from China are more insidious than those from Russia. That’s why it is necessary to counter them effectively and not to underestimate intelligence warnings. One of the main reasons for the current non-availability of certain medicines is the earlier shift of production to China, Mr Koudelka said. Because of the rise of Covid-19 in China, consumption of medicines has increased, while production has decreased.”

28. South Korea: Yoon Tells NIS to Show Capability to ‘Neutralise’ North Korean Provocations

Yonhap News Agency reported on February 24th that “President Yoon Suk Yeol visited the National Intelligence Service (NIS) headquarters Friday and called on the agency to demonstrate its capability to “neutralize” the North Korean regime’s miscalculations and provocations, his office said. Yoon made the remark while receiving a 2023 policy briefing from NIS Director Kim Kyou-hyun and other senior agency officials. The reality of the security situation on the divided Korean Peninsula is grave, and the uncertainty in international affairs is growing,” he was quoted as saying. “I would like you to demonstrate the capability to neutralize the North Korean regime’s miscalculations and provocations, and boldly compete in the global information warfare.” Yoon was briefed on the NIS’ overall work, including on overseas and North Korea intelligence, counterespionage, counterterrorism and cybersecurity operations, and urged the agency to perfectly carry out its role as the state’s top intelligence agency responsible for defending national security and the people’s freedom, his office said. “The reason for existence of the organization called the National Intelligence Service — in other words, its fundamental duty — is to defend our freedom,” he said, adding that its employees must have a different attitude to their work than other public servants. “Just as a large dike collapses from a small ant tunnel, we must not allow the slightest crack in defending national security,” he said. Yoon urged the NIS to work closely with the private and public sectors and the military to strengthen their cyber capabilities, and actively apply advanced technologies to analyzing North Korea, overseas and counterespionage intelligence.”

29. German National Sentenced to Death in Iran — Germany Respond with Expulsions

On February 23rd the Iranian Mehr News Agency reported that “Kazem Gharibabadi, secretary of Iran’s High Council for Human Rights and the Judiciary chief’s deputy for international affairs defended the verdict against Jamshid Sharmahd after German Foreign Minister Annalena Baerbock called the ruling “absolutely unacceptable” and threatened a “strong reaction.” Berlin also expelled two Iranian diplomats over the ruling against the 67-year-old terrorist, who also holds German nationality and US residency. “Jamshid Sharmahd is a terrorist, but being a terrorist did not prevent him from receiving a fair trial,” Gharibabadi said. “Sharmahd stood at a completely fair trial with his legal rights reserved. The sentence was issued according to Iran’s judicial laws and it can be appealed.” The top Iranian rights official also pointed out that the Islamic Republic does not recognize dual citizenship. “Sharmahd, who lived in the US before his arrest, has repeatedly said that he is under the protection of the FBI and that the Islamic Republic cannot reach him,” he added. The ringleader of the Tondar (Thunder) terrorist outfit, Sharmahd was convicted of planning to commit 23 terrorist acts, of which he succeeded in five, including the 2008 bombing of a religious congregation center in the southern Iranian city of Shiraz that left 14 people dead and 300 others wounded. Gharibabadi said, “In just one terrorist act, Sharmahd martyred dozens of innocent people, including women and children, at Shiraz Seyed al-Shohada Hussainiyah. How does Germany allow itself to defend a terrorist and threaten to pursue the sentence against Sharmahd in international forums?” He also said that Iran will pursue the issue through international bodies, adding, “The German and US governments must be held accountable for turning into a safe haven for terrorists and providing them with security, financial, intelligence and political support.” Iran, he went on, has more than 17,000 terror victims who were killed by terrorists living in the US and Europe.” Reuters reported that “Germany said Wednesday that it is expelling two Iranian diplomats over the death sentence imposed in Iran against one of its citizens. Authorities in Iran announced Tuesday that Jamshid Sharmahd, a 67-year-old Iranian-German national and U.S. resident, was sentenced to death after being convicted of terrorist activities. Iran claims Sharmahd is the leader of the armed wing of a group advocating the restoration of the monarchy that was overthrown in the 1979 Islamic Revolution, but his family say he was merely the spokesman for the opposition group and deny he was involved in any attacks. German Foreign Minister Annalena Baerbock said she summoned Iran’s charge d’affaires in Berlin and informed him that “we will not accept this massive breach of a German citizen’s rights.”.”

30. Belarusian Lawmakers Approve Bill On Death Penalty for High Treason

RFERL reported on February 21st that “the Belarusian parliament’s lower chamber, the House of Representatives, approved the second and final reading of a bill on February 21 that envisages the death penalty for high treason for civil servants and members of the military. The bill must still be approved by the parliament’s upper chamber, the Council of the Republic, before authoritarian ruler Alyaksandr Lukashenka signs it into law. Belarus is the only country in Europe that practices capital punishment. Since Lukashenka came to power in 1994, more than 400 executions have been carried out in the country. To read the original story by RFE/RL’s Belarus Service, click here.”

31. Belgium on High Alert as Russian ‘Spy Ship’ Detected in North Sea

Marine Link reported on February 22nd that “Belgium said it is investigating the presence of a Russian “spy ship” in the North Sea, a day after its neighbor the Netherlands reported that Russia was targeting North Sea infrastructure. The ship was detected in the Belgian North Sea around mid-November last year, Vincent Van Quickenborne, the Justice and North Sea minister, said in a statement headlined “Russian spy ship off our coast in November”. While the presence of Russian ships in the North Sea is not forbidden, Belgium said it was monitoring the situation closely, in the context of the war in Ukraine. “We don’t know the exact motives of this Russian ship, but let’s not be naive,” Van Quickenborne said. “Especially if it behaves suspiciously close to our wind farms, undersea gas and data cables and other critical infrastructure.” The Dutch military intelligence agency said on Monday it detected a Russian ship at an offshore wind farm in the North Sea as it tried to map out energy infrastructure. The Dutch navy and coast guard escorted the ship out of the area. Since the start of the year, the Belgian Maritime Security Act has come into force and allows, among other, for camera surveillance at sea, with mobile cameras on drones or ships. The government says it will use this to monitor wind turbines and will take necessary measures. Moscow has not commented on the Dutch and Belgian reports about the ship.”

32. United States: Smuggler Provided Sensitive US Technology to Russian, North Korean Governments, Prosecutors Say

The Record published this story on February 24th stating that “a Russian national has been charged in the U.S. with smuggling devices used in counterintelligence operations out of the U.S. and into Russia. Ilya Balakaev, 47, allegedly provided U.S. equipment to the Russian Federal Security Service (FSB) and the North Korean government, breaking U.S. sanctions against those countries. The Department of Justice said Balakaev is “currently a fugitive.” The indictment against him was unsealed Friday in a New York federal court. If captured and convicted, he faces up to 75 years in prison. Balakaev worked with FSB Center 8’s Military Unit 43753, a part of the Russian intelligence agency responsible for communication security and cryptology, prosecutors said. His company, Radiotester, repaired devices such as those designed to find surveillance bugs or send secret messages. Because certain devices were not readily available in Russia, Balakaev’s company hired people in the U.S. to help him purchase equipment there, prosecutors said. Balakaev also traveled to the U.S. about 14 times since 2017 and purchased around 43 devices for the FSB, the indictment said. The U.S. also alleged that he made a deal with the North Korean Embassy in Moscow to buy dangerous-gas detectors and software in the U.S. and provide those goods to the North Korean government. The indictment “demonstrates the US commitment to vigorously prosecute those who evade sanctions for a profit, both for their wallet and for Russia as they continue their aggression against Ukraine,” said U.S. Attorney Breon Peace in a statement.”

33. United States: Sensitive DoD Emails Exposed by Unsecured Azure Server

On February 23rd The Register reported that “a hole in a US military email server operated by Microsoft left more than a terabyte of sensitive data exposed to the internet less than a month after Office 365 was awarded a higher level of government security accreditation. According to security researcher Anurag Sen, who discovered the blunder and reported it, the openly accessible server was part of an internal mailbox system hosted on Azure Government Cloud and used by the Department of Defense for a variety of purposes — including the processing of security clearance paperwork. Sen reportedly found the exposed public-facing server over the weekend and determined it was sitting there without a password, allowing anyone who had its IP address and a browser to access the data. Documents Sen shared with The Register said to be from the exposed server include a rich amount of data that certainly be valuable to a foreign adversary. It included all the usual PII, as well as blood type, religious affiliation, educational background, military service history and more, all in plain text. Sen told us that close to 3TB of data was available before the Azure server was taken offline on Monday. Per Bloomberg, which said it spoke to individuals at the DoD and Microsoft, both the Pentagon’s Cyber Command and Microsoft are investigating the incident. The server was reportedly accessible to the internet since February 8 before being secured and removed from public access. Thus far in the probe, there’s no sign the data was accessed by miscreants, DoD sources told Bloomberg.”

34. Ukrainian SBU Detained Russian Agent in the Kyiv Region

On February 21st Ukraine’s SBU reported that “SBU detained the headman of one of the villages in the Kyiv region, who provided the Rashist with road routes for the attack on the capital. He turned out to be the headman of the village of Ozera of the Gostomel community, who at the beginning of the full-scale invasion supported the Russian invaders and offered them his help in the war against Ukraine. It was established that on February 24 of last year, he guided the occupation groups of the Russian Federation to the area during their offensive on Kyiv. It was he who provided the Rashists with road routes for the advance of their military columns towards the capital through Gostomel and Moschun. Later, the traitor accompanied the Russian battalion-tactical groups that stormed both Ukrainian villages and tried to break through to Kyiv. Also, during the capture of part of the region, he received from the aggressor an AK-74S machine gun and a white armband, as a distinguishing sign of the Russian occupiers. In this “appearance” he personally participated in patrolling local settlements and “filed” the addresses of Ukrainian patriots’ homes to the headquarters of the invaders. In addition, he organised the “quartering” of personnel from the Soviet Union in the homes of people who left the area, and also handed over utility vehicles to the invaders. After the liberation of the region, the traitor remained in the village, hoping to avoid justice. However, he did not succeed. SBU officers detained the official at his place of residence near Gostomel.”

35. Sri Lanka: Wartime Mullaitivu Tiger Spy Chief Dies in France

The Island Online reported on February 23rd that “wartime LTTE intelligence head in Mullaitivu, Gunasingham Mohanarajan, was killed in a car accident, in France, on Tuesday (21). Mohanarajan fled Sri Lanka during the last phase of the war and was believed to have married a French woman.”

36. Spy Close to Vladimir Putin’s Foreign Intelligence Chief Mysteriously Dies

The Mirror reported on February 23rd that “a well-connected former spy and close to Vladimir Putin’s foreign intelligence chief has died in mysterious circumstances near Moscow. Viatcheslav Rovneiko, 59, was “found unconscious” late at night at his home in an elite gated village. Doctors could not save him and circumstances of his death were unclear. However, there is an investigation underway. The reports on his mysterious death say there are “no signs of a violent death were found on his body”. The mysterious Rovneiko is believed to have been a Cold War era KGB spy working in Belgium with Sergei Naryshkin, now head of the SVR, Russia’s foreign intelligence agency. He is also reported to have been close to billionaire Gennady Timchenko, seen as one of Putin’s most loyal oligarchs. Rovneiko’s former business partner was Leonid Dyachenko, whose then wife Tatiana was the powerful daughter of President Boris Yeltsin, Russia’s first president. The pair founded Urals Energy, one of several major oil players he was involved with. The oil company was later floated in London in 2005. He had business interests linked to Britain, Belgium, Luxembourg and Cyprus, according to reports, and was also reported in 2006 to have held a Belgian passport.”

37. Pakistan’s Defence and Spy Chiefs Discuss Security with Taliban

Al Jazeera reported on February 22nd that “a senior Pakistani delegation has visited Afghanistan’s capital for talks with Taliban officials, days after the closure of their busiest border crossing raised tensions between the two countries. Pakistani Defence Minister Khwaja Asif was joined on Wednesday by other top officials — including Lieutenant General Nadeem Anjum, the director general of Pakistan’s Inter-Services Intelligence agency, or ISI — in their meeting with Mullah Abdul Ghani Baradar, Afghanistan acting deputy prime minister for economic affairs, in Kabul. In a statement, Baradar’s office said the officials discussed economic cooperation, regional connectivity, trade and their countries’ relations. Baradar said in the statement that political and security concerns should not affect business or economic matters.”

38. Podcast: Everyday Espionage: Small Gift, Big Hack

On February 21st former United States CIA clandestine officer Andrew Bustamante released a new podcast episode. As per its description, “we live in a society that gives gifts. Gifts were designed for two original purposes: 1) to show gratitude, or 2) to win favor. Since the dawn of mass marketing and hallmark holidays, however, gift-giving has mutated into something much less enjoyable and much less useful… until today. In this episode, Andrew gives you the 3 gift-giving HACKS that CIA uses to win favor, influence, and power. Whether you want to shortcut your next promotion or win over your lover, you are only 3 steps away from the perfect gift!”

39. United States NSA’s National Security Operations Centre celebrates 50 years of 24/7 operations in service to the Nation

On February 21st the NSA issued this press release stating that “since its ribbon-cutting on February 21, 1973, the National Security Operations Center (NSOC) has served as the National Security Agency’s (NSA) nerve center, responsible for managing its cryptologic posture for time-sensitive actions and crisis response to optimize the agency’s global effectiveness and provide actionable intelligence to decision-makers. NSOC personnel have never left the watch, ensuring that NSA is responsive 24 hours a day, every day. Five rotating teams in NSOC, led by a Senior Operations Officer (SOO), not only have been witness to history, they have made it-delivering valuable SIGINT information to commanders, Special Forces teams, and national-level decision makers when it matters most. “Over the past 50 years, that center has never slept,” said GEN Paul M. Nakasone, Commander, U.S. Cyber Command, Director, NSA/Chief, Central Security Service.”

40. Vienna Protests as Iran Sentences Austrian to 7.5 Years for ‘Spying’

The Times of Israel reported on February 22nd that “an Austrian has been sentenced to seven-and-a-half years in jail in Iran for spying, Vienna said Tuesday, adding it had summoned the Iranian ambassador. The foreign ministry had announced the man’s detention in October and said it is in regular contact with his family. “He was sentenced to 7.5 years in prison for alleged espionage, with two years of probation being waived in the case of good behavior,” the ministry said. It found out about the verdict on Monday and summoned the Iranian ambassador on Tuesday to express “our unequivocal protest.” It added the Austrian ambassador in Iran was able to meet the man during three prison visits since his detention. “We will continue to exhaust all possibilities to give him and all other imprisoned Austrian citizens all over the world the best possible consular support,” the ministry said.”

41. India: Odisha: DRDO Official Arrested on Espionage Charges, Mobile Phone Seized; Probe Underway

News 18 reported on February 25th that “a senior technical officer of the Income Tax regime wing of the Defence Research and Development Organisation (DRDO) was arrested in Odisha’s Baleswar on charges of espionage. According to the police, a senior-ranking employee of the ITR wing of DRDO Chandipur allegedly shared secret and sensitive defence information on a missile test with a foreign agent in Pakistan. This was allegedly done for sexual as well as monetary gratification on WhatsApp. A case under Section 3/4/5 Official Secret Acts, 1923 was registered against him and further investigation is underway. Eastern Range IG Himanshu Lal said, “A senior technical officer of Chandipur ITR has been arrested on charges of passing sensitive information to Pakistan. We have seized a mobile from the accused in this connection. In view of the investigation, the details of the accused will not be disclosed. We are investigating monetary gratification.” Meanwhile, Baleswar SP Sagarika Nath said, “We got information from the communication of the accused that he was transmitting the sensitive information. A case has been registered and investigation is going on.” In another similar case, contractual cameraman Iswar Behera of Chandipur ITR was arrested in 2015 in this connection. Four contractual employees and regular employee of ITR were arrested in September 2021 on charges of espionage.”

42. Israel: In Battle Over Israeli Democracy, Netanyahu is Fighting His Own Former Spy Chiefs

Haaretz reported on Februar 19th that “a jowly man in his late 60s stood behind the stage at the pro-democracy rally outside the Knesset last Monday. Occasionally, one of the organizers or politicians entering or exiting the stage said a few words to him, but he largely kept to himself. He showed no interest in speaking to any of the dozens of journalists present. Former Mossad Chief Tamir Pardo is one those senior spooks who, even seven years after leaving the service, has largely remained in the shadows. But discreetly, he has remained involved in public affairs. He is one of the members of the committee coordinating between dozens of organizations in the protest movement against the government’s plans to weaken the Supreme Court. On Thursday, he gave a rare interview, to Kan public radio. He had agreed to do so, he said, because of “a deep fear that we’re close to the ravine.” Pardo was personally selected by Benjamin Netanyahu to lead the Mossad in 2011, replacing Meir Dagan. The latter had held the post for eight and a half years, and was seen as a loyalist to the previous Sharon and Olmert governments. Pardo wasn’t considered the likeliest candidate within the organization, and many saw his appointment as an attempt by Netanyahu to have “his own” person in the job. Thirty-five years earlier, Pardo, as communications officer in the Sayeret Matkal elite special-ops force, had stood by the side of (Bibi’s older brother) Yoni Netanyahu when he was killed during the raid on Entebbe. For five years as Mossad chief, Pardo worked closely with the prime minister and there was no hint of discord between them. He said in the radio interview that “the greatest threat facing Israel is societal disunity. There’s a split that politicians on either side have not dealt with.” Currently, he said, there were three issues exacerbating that split. The main one was Netanyahu and his former deputy Arye Dery, who are both desperate to hold onto power. “The prime minister wants to cancel [his] trial and remain prime minister,” Pardo said. “I fail to understand how a person who has been prime minister for such a long period, who knows Israeli society, knows the threat, knows the split, doesn’t understand that the only thing he needs to do now is step down and allow his party to appoint someone else in his place.” Pardo argued that any person facing criminal charges, and the possibility that commissions set up to investigate the 2021 Mount Meron disaster and irregularities surrounding the purchase of naval vessels may find against him — as Netanyahu is — could not remain in public office.”

43. Italy: RCS Lab Attempts to Revive Links with Pakistan

Intelligence Online reported on February 22nd that “according to information gathered by Intelligence Online, the Italian lawful interception company RCS Lab is reviving its business networks in Pakistan in view of selling its interception technology there. The Italian firm has a long-standing presence in the country, as email exchanges with another Italian lawful interception firm Hacking Team — now Memento Labs — leaked by Wikileaks, attested. However, RCS Lab’s relations with Islamabad deteriorated considerably after the operations of its subsidiary Tykelab were exposed. Tykelab’s Hermit spyware was detected by US threat intelligence firm Lookout and by Google, forcing RCS Lab’s parent company Cy4gate, headed by former Carabinieri captain Emanuele Galtieri, to establish a crisis unit. Cy4gate for its part still operates in Pakistan in the field of cybersecurity. Renewed interest from those Italian firms in Pakistan comes as Italy’s justice minister Carlo Nordio is pushing for a reform of interceptions in the Italian Parliament in order to reduce the cost of justice, which would limit the instances in which the authorities are allowed to carry out legal interceptions. The bill does not touch the main drivers of interceptions in Italy which are the fight against the mafia and counter-terrorism. Italy’s spending cuts should spur specialised companies to look for new outlets abroad, as Cy4gate has already done. Other companies in the country, such as Negg, are also looking for new markets outside its borders.”

44. Russia Wanted to Create Another Spy Network in the Netherlands

Insight News reported on February 19th that “the Netherlands decided to reduce the number of diplomats at the Russian embassy because of repeated attempts to employ intelligence officers in the diplomatic mission: “Again and again Russia tries to secretly employ intelligence officers as diplomats in the Netherlands. At the same time, Russia refuses to issue visas to Dutch diplomats to staff the Consulate General in St. Petersburg and the embassy in Moscow. This is unacceptable and has led to an unstable situation” This decision is quite justified if one understands that approximately one-third of the staff of each embassy are members of the security services: the GRU (former Main Intelligence Directorate, now General Directorate of the General Staff of the Armed Forces — military intelligence), the Foreign Intelligence Service (SVR) and the fifth service of the FSB. But ordinary diplomats should also be added to them. The government has therefore decided that the Russian embassy in The Hague cannot have more diplomats than the Dutch embassy in Moscow. “Thus, several Russian diplomats will have to leave the Netherlands. The Dutch Consulate General in St Petersburg will have to close temporarily due to staff shortages. The government has also decided that the Russian trade mission in Amsterdam should be closed,” the statement said. “Despite numerous attempts by the Netherlands to find a solution, Russia continues to try to get intelligence officers in the Netherlands under diplomatic cover. We cannot and will not allow this to happen. At the same time, it is important that embassies remain open as a channel of communication, even now that relations with Russia are more difficult than ever,” said Dutch Foreign Minister Wopke Hoekstra. Russian diplomats who cannot stay must leave the Netherlands within two weeks. The Russian trade mission in Amsterdam is to be closed from 21 February. The Dutch Consulate General in St Petersburg will close on 20 February. This means, among other things, that Dutch citizens and organizations will no longer be assisted from St Petersburg. The Dutch embassy in Moscow will remain open. Negotiations on visas for diplomats have been ongoing for almost a year. Following Russia’s invasion of Ukraine, the Netherlands expelled 17 Russian spies in March 2022. Russia responded by expelling 15 Dutch diplomats. Since then there have been talks about the deployment of new diplomats from both sides.”

45. Going Dark: How the CIA Uses Burn Notices to Keep Their Agents Safe

Former US intelligence officer Robert Mortonpublished this blog post on February 20th stating that “the world of espionage is a dangerous and complex one, where agents risk their lives every day to protect their countries and gather information. One of the most critical aspects of this work is the need to keep the identities of these agents secret, as their exposure can lead to dire consequences. In the world of espionage, a “burn notice” is a term used when a CIA operative’s identity is compromised, and they are forced to abandon their previous life to take on a new identity for protection. The CIA issues a burn notice to protect them and their families.”

46. Ukrainian SBU Detained Russian FSB Agent in Odessa

Ukraine’s Security Service (SBU) announced on February 23rd that they “detained a Russian agent in Odessa who was spying on the positions of the Ukrainian Air Defence Forces near the Black Sea. The perpetrator collected intelligence on the deployment and armament of the Armed Forces units in the southern region. First of all, he tried to identify the combat positions of the Ukrainian air defence near the Black Sea. In addition, the Russian agent recorded the results of enemy missile strikes on critical infrastructure, including the bridge across the Dniester Estuary.
Intelligence was needed by the occupiers to adjust their repeated air attacks on Ukrainian locations. SBU officers detained an enemy henchman for trying to pass classified information on the defence of the sea coast to the aggressor. The attacker turned out to be a local resident with a criminal past, whom the Russian intelligence services engaged in tacit cooperation after the start of a full-scale invasion. Recruitment was carried out remotely through his brother, who is part of the occupation groups of the Russian Federation. In the future, the Russian agent was in direct contact with the case officer of the FSB. It was in front of him that an enemy henchman “reported” on the completed tasks and sent him materials of photo and video recording of Ukrainian sites. During searches of the detainee’s residence, law enforcement officers found mobile phones and computer equipment that he used to communicate with the aggressor.”

47. Netherlands: Russia Covertly Mapping Key Energy Infrastructure for Sabotage

Intel News reported on February 21st that “the Russian intelligence are “covertly mapping” the energy infrastructure of the North Sea, in preparation for acts of disruption and sabotage, according to a new report form the Dutch government. The 32-page report was published this week, ahead of the one-year anniversary of the 2022 Russian invasion of Ukraine. It was authored collaboratively by the two main intelligence agencies of the Netherlands, the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD). The report notes that Russian spy ships, drones, satellites and human agents are engaged in an unprecedented effort to chart the energy and other “vital marine infrastructure” of the North Sea. The purpose of this effort is to understand how the energy and other key infrastructure works in the North Sea. The term North Sea refers to the maritime region that lies between France, Belgium, the Netherlands, Germany, Denmark, Norway and the United Kingdom. It hosts key energy infrastructure, including oil, natural gas, wind and wave power installations, which supply energy to much of northern Europe. According to the report, Russian intelligence and espionage activities in the North Sea “indicate preparatory acts of disruption and sabotage. These appear to be aimed at energy systems, but also other vital infrastructure, such as undersea power and communication cables, and even drinking water facilities. Consequently, physical threats toward any and all of these facilities should be viewed as conceivable, the report warns.”

48. Danish Former Minister Charged with Revealing State Secrets

DailyMail reported on February 21st that “a Danish former defense minister who had publicly claimed that Denmark’s secret service helped U.S. intelligence spy on several European leaders said Tuesday he has been charged with divulging state secrets. Denmark´s prosecution authority said the country’s justice minister has agreed to the recommendation that charges be brought against a former lawmaker, whom it did not name, for “divulging or passing on secrets of importance to the state.” “The case includes highly classified information that cannot be presented openly,” prosecutor Jakob Berger Nielsen said in a statement. “Regardless of the great public interest, in the opinion of the public prosecutor´s office, there is clearly a heavier consideration to be given to the work of the intelligence service.” Danish media named the suspect as Claus Hjort Frederiksen, a 75-year-old former defense minister who retired from politics last year, and he later confirmed that on Facebook. “I have not revealed alleged state secrets. Period,” he wrote on Facebook. “This was not how I had dreamed my retirement would be.” In several interviews in 2020 and 2021, Hjort Frederiksen alleged that the Danish Defense Intelligence Service — which is responsible for overseas activities — had helped the NSA eavesdrop on leaders in Germany, France, Sweden and Norway, including former German chancellor Angela Merkel. He later said he faced preliminary charges for revealing the secret cable cooperation with the U.S.”

49. United States: Letting ‘Secrecy Prevail’: SCOTUS Declines to Hear Challenge to NSA Mass Surveillance

The Raw Story published this article on February 22nd stating that “privacy advocates on Tuesday blasted the U.S. Supreme Court’s refusal to hear the Wikimedia Foundation’s case against a federal program for spying on Americans’ online communications with people abroad. The nonprofit foundation, which operates Wikipedia, took aim at the National Security Agency (NSA) program “Upstream” that — under Section 702 of the Foreign Intelligence Surveillance Act — searches emails, internet messages, and other web communications leaving and entering the United States. “In the course of this surveillance, both U.S. residents and individuals located outside the U.S. are impacted,” the foundation explained in a statement. “The NSA copies and combs through vast amounts of internet traffic, including private data showing what millions of people around the world are browsing online, from communications with friends and family to reading and editing knowledge on Wikipedia and other Wikimedia projects.” “This government surveillance has had a measurable chilling effect on Wikipedia users, with research documenting a drop in traffic to Wikipedia articles on sensitive topics, following public revelations about the NSA’s mass surveillance in 2013,” the group added.”

50. Russia: Local Resident in Khanty-Mansiysk Sentenced to 12.5 Years in Prison for Espionage

Mediazone reported on February 21st that “the court of the Khanty-Mansiysk Autonomous Okrug — Yugra sentenced a local resident to 12 years and six months in a strict regime colony in a case of high treason (Article 275 of the Criminal Code). This was reported on the website of the court. Details about the identity of the convict and the details of his criminal case were not given in the press service. The process took place behind closed doors.”

51. Ukrainian SBU Neutralised Russian FSB Network of 6 Agents

On February 24th Ukraine’s SBU announced that they “neutralised the FSB agents who were “pointing” Russian missiles at hospitals in the southern regions of Ukraine. Six Russian agents were detained during the operation. They gathered intelligence about the deployment locations of units of the Armed Forces of Ukraine and law enforcement agencies of Ukraine in the southern regions of our country. One of the attackers disguised his criminal activity as a volunteer. Under the pretext of delivering aid to the front, he arrived at the positions of Ukrainian defenders, where he gathered intelligence in favour of the aggressor country. In addition, the agents traveled around the frontline area and gave the coordinates of critical infrastructure facilities and social institutions, including local hospitals, to the enemy. The occupiers used the received information to prepare and carry out targeted missile strikes on Ukrainian sites. It was established that the invaders carried out a series of attacks on medical facilities in the south of Ukraine on the “tip-off” of Russian agents. For each successfully completed enemy task, the henchmen of the aggressor received a monetary reward from their handlers. The amount depended on the importance of the site and the difficulty of gathering information about it. SBU officers detained the attackers while trying to determine the precise geolocations of several Ukrainian hospitals and energy facilities. According to the investigation, the traitors turned out to be six local residents who were recruited by a case officer of the FSB of the Russian Federation after the start of the full-scale invasion. In the case of capturing the southern regions of Ukraine, the invaders “guaranteed” their henchmen “positions” in the occupation administrations of the Russian Federation. During searches of the places of residence of the accused, law enforcement officers found phones with evidence of criminal acts and bank cards that received the “reward” from the aggressor.”

52. Corrupt Mexican Drug Czar “Had a Very Close Relationship for Many Years with U.S. Intelligence,” Says Mexican Security Analyst

The Covert Action Magazine published this article on February 22nd stating that “former Mexican drug czar Genaro García Luna, the highest ranking Mexican official ever to be tried in the U.S., was found guilty in a Brooklyn federal court on Tuesday of drug trafficking and could spend the rest of his life in prison. García Luna took millions of dollars in bribes from the Sinaloa drug cartel, headed for years by Joaquín “El Chapo” Guzmán Loera, who was convicted and given a life sentence in 2019 by the same U.S. District Court Judge, Brian M. Cogan, who presided over García Luna’s case. According to Mexican security analyst Alejandro Hope, “[García Luna] had a very close relationship for many years with U.S. intelligence. If he did what they say he did, that is a harsh sentence on all the verification mechanisms of U.S. intelligence.” The Intercept reported that, when García Luna set up a security consulting company called GL & Associates Consulting, or GLAC, in 2012, José Rodriguez, the former CIA Station Chief in Mexico, was appointed to its board of directors. A 31-year Agency veteran born in Puerto Rico, Rodriguez had been questioned by the FBI about his role in the Iran-Contra affair in the 1980s and in the 2000s ordered the destruction of CIA torture tapes, prompting The New York Times editorial board and Human Rights Watch to call for his prosecution “for conspiracy to torture as well as other crimes.” Raúl Roldán, the FBI’s chief representative at the U.S. Embassy in Mexico when García Luna led Mexico’s national police, was also on the Board of Directors of GLAC Consulting. García Luna won an award from the CIA, which thanked him for helping them. Robert “Tosh” Plumlee, an 85-year-old former CIA pilot who wrote a book entitled I Ran Drugs for Uncle Sam about his exploits in the Contra War, said in an exclusive interview with CovertAction Magazine that he was told that “the CIA has a file on García Luna — amounting to over 5,000 documents, 15k-20k pages — that is classified. The CIA has that information classified at the highest. SAC Special Access Communication and to be read only at a designated SCIF: a ‘Secured Compartmentalized Information Facility.’ Some of those SCIF/SAC documents were found at Trump’s Mar-a-Lago compound.”.”

53. News Corp Says State Hackers Were on its Network for Two Years

Bleeping Computer reported on February 24th that “mass media and publishing giant News Corporation (News Corp) says that attackers behind a breach disclosed in 2022 first gained access to its systems two years before, in February 2020. This was revealed in data breach notification letters sent to employees affected by the data breach, who had some of their personal and health information accessed, while the threat actors had access to an email and document storage system used by several News Corp businesses. The incident affected multiple news arms of the publishing conglomerate, including The Wall Street Journal, the New York Post, and its U.K. news operations. “Based on the investigation, News Corp understands that, between February 2020 and January 2022, an unauthorized party gained access to certain business documents and emails from a limited number of its personnel’s accounts in the affected system, some of which contained personal information,” the company said.” The article continues that “the media giant said last year, when it first disclosed this security breach, that the attackers are associated with a “foreign government,” and they exfiltrated some data during the time they had access to its systems. “Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” David Wong, VP of incident response at Mandiant, told BleepingComputer at the time. News Corp’s properties include New York Post, The Wall Street Journal, Dow Jones, MarketWatch, Fox News, Barron’s, The Sun, and the News UK British newspaper publisher, among others.”

54. Podcast: Janes World of Intelligence: OSINT — What we Learnt in 2022

On February 23rd the Janes World of Intelligence released a new podcast episode. As per its description, “in this podcast Harry Kemsley and Sean Corbett revisit some of the key themes they covered in 2022 and discuss what they have learnt about the power of open source intelligence.”

55. New Cyber Operations Actor Targeting Materials Research

On February 23rd Symantec Threat Intelligence firm published this technical analysis stating that “a hitherto unknown attack group has been observed targeting a materials research organization in Asia. The group, which Symantec calls Clasiopa, is characterized by a distinct toolset, which includes one piece of custom malware (Backdoor.Atharvan).” The article concludes that “there is currently no firm evidence on where Clasiopa is based or what its motivation is” and that “while these details could suggest that the group is based in India, it is also quite likely that the information was planted as false flags, with the password in particular seeming to be an overly obvious clue.”

56. Russian SVR: On the Loss of Military Equipment of NATO Countries During the Aggression Against Russia in the Ukrainian Theatre of Operations

On February 20th the Russian Foreign Intelligence Service (SVR) published this announcement stating that “according to the Press Bureau of the Russian Foreign Intelligence Service, the Foreign Intelligence Service of the Russian Federation has information that during the period of aggression against Russia since December 2021, NATO countries transferred 1,170 air defence systems, 440 tanks, 1,510 infantry fighting vehicles, 655 artillery systems to the Armed Forces of Ukraine. In addition, the Kiev regime received from the NATO states 9,800 missiles for MLRS, 609,000 anti-tank rounds and 1 million 206 thousand shells. Most of the military equipment provided by the West was destroyed by Russian troops.”

57. Ukrainian SBU Detained Russian GRU Informant in Donetsk

On February 25th Ukraine’s SBU announced that they “detained another informant of the Russian Federation in Donetsk region, who was “pointing” enemy artillery at the combat positions of the Armed Forces of Ukraine. The perpetrator collected intelligence on the deployment and movement of the Defence Forces in the territory of Donetsk region. Among the main tasks of the enemy’s henchmen was reconnaissance of the bases of the units of the Armed Forces in the Avdiiv direction. It was according to his coordinates that the occupiers carried out artillery fire on the fighting positions of the Ukrainian defenders. Counter-intelligence officers of the SBU detained the intruder during another communication session with the “handler”. According to the investigation, the enemy accomplice turned out to be a resident of Myrnograd, who had previously served in artillery units and had relevant skills and knowledge. He came to the attention of Russian military intelligence because of his destructive activity in banned social networks, where he spread pro-Kremlin posts. After the start of the full-scale invasion, a representative of the intelligence unit of the occupying forces through Odnoklassniki involved the offender in collecting information of a military nature for the benefit of Moscow. In addition to adjusting enemy fire, the person on his own initiative collected additional data on the movement of troops, the location of civilian and infrastructure facilities near the enemy’s targets, and also recommended where it is desirable to aim. During the search of the suspect’s place of residence, law enforcement officers found mobile phones with evidence of correspondence with the aggressor.”

58. United States CIA: Remembering the Life and Legacy of CIA Trailblazer Don Cryer

On February 21st the United States Central Intelligence Agency (CIA) published this story stating that “nearly five years ago, CIA lost one of its greatest champions of diversity and inclusion, Donald R. Cryer. He was a CIA Trailblazer — an individual whose leadership, achievements, and dedication to mission had a significant and lasting impact on the Agency’s history — and a lifelong Washingtonian. Don passed away at the age of 75.”

59. Podcast: SpyCast: “The Espionage News Cycle” — A Conversation with SPY’s Aliza Bran

On February 21st the International Spy Museum’s SpyCast podcast released a new episode. As per its description, “Aliza Bran’s passion and excitement for the world of SPY is contagious. Around the office of the International Spy Museum, Aliza is known for her cheerful demeanor, quick wit, and intensely creative mind. She’s been working at SPY for six years now, four of those years as our Media Relations Manager. How does Aliza navigate the ever-changing media landscape and represent the International Spy Museum on this worldwide stage? What are Aliza’s favorite memories, artifacts, and exhibits from SPY? What makes her love this work so much, and what skills do you need to build a career in media relations? Tune in to find out. And… Aliza has been particularly busy these past few weeks covering the news surrounding the Chinese Spy Balloon. For a taste of Aliza’s work, find articles and video on the subject that she orchestrated here, here, here, and here.”

60. Ukraine Says Russian Hackers Backdoored Government Websites in 2021

The Bleeping Computer reported on February 23rd that “the Computer Emergency Response Team of Ukraine (CERT-UA) says Russian state hackers have breached multiple government websites this week using backdoors planted as far back as December 2021. CERT-UA spotted the attacks after discovering a web shell on Thursday morning on one of the hacked websites that the threat actors (tracked as UAC-0056, Ember Bear, or Lorec53) used to install additional malware. This web shell was created in December 2021 and was used to deploy CredPump, HoaxPen, and HoaxApe backdoors one year ago, in February 2022, according to CERT-UA. The threat actors also used the GOST (Go Simple Tunnel) and the Ngrok tools during the early stages of their attack to deploy the HoaxPen backdoor. “Today, on February 23, an attack was detected on a number of websites of Ukrainian central and local authorities, resulting in a modification of the content of some of their webpages,” Ukraine’s cybersecurity defense and security agency SSSCIP said on Thursday. “Presently, in the framework of the United Response Team under the National Cybersecurity Coordination Center, experts from the SSSCIP, the Security Service of Ukraine and the Cyber Police are working together to isolate and investigate the cyber incident. SSSCIP added that the incident had not caused “essential system failures or disruptions” that would affect the operation of Ukrainian public authorities.”

61. Australia: ASIO: Director-General’s Annual Threat Assessment

On February 21st the Australian Security Intelligence Organisation (ASIO) published the Director-General’s Annual Threat Assessment for 2023 in a video recording and as a transcript of the speech.

62. Finland Supo: Chief’s Column: Russia Complicated its Intelligence in the West by Starting a War in Ukraine

The Finnish Security Intelligence Service (Supo) issued this press release on February 24th stating that “the Russian war of aggression that started a year ago changed the security situation in Europe for a long time. In the new situation, the importance of intelligence is emphasised, when diplomatic and other everyday interactions have decreased. It has been a year since Russia expanded the war in Ukraine by attacking Ukraine with massive forces at several points. Even in the first days of the Russian invasion, many estimated that the war might be over quickly. It quickly became clear that the Ukrainians are ready to make great sacrifices for their country and that the war can continue for a long time. Russia’s attack has changed Europe’s security environment for a long time. Security threats are easily thought of as military, but in practice they are more diverse in nature. The task of the protection police is to acquire information and combat state influence and espionage. The importance of intelligence grows even more in the tightened security political environment. When diplomatic and other everyday interactions have decreased significantly, the importance of intelligence as a means of obtaining information is emphasized. Both sides need more and more information about future intentions and decisions.”

63. United States: Intelligence Suggests China is Considering Sending Drones and Ammunition to Russia

CNN reported on February 24th that “the US has intelligence that the Chinese government is considering providing Russia with drones and ammunition for use in the war in Ukraine, three sources familiar with the intelligence told CNN. It does not appear that Beijing has made a final decision yet, the sources said, but negotiations between Russia and China about the price and scope of the equipment are ongoing. Since invading Ukraine, Russia has repeatedly requested drones and ammunition from China, the sources familiar with the intelligence said, and Chinese leadership has been actively debating over the last several months whether or not to send the lethal aid, the sources added. US intelligence officials have collected information in recent weeks, however, that suggests China is now leaning towards providing the equipment. The US and its allies last week began publicly warning about China’s potential military support to Russia in an effort to deter Beijing from moving ahead with it and crossing a point of no return in terms of being seen as a pariah on the world stage, US officials said. US officials would not describe in detail what intelligence the US has seen suggesting the recent shift in China’s posture, but senior officials have been concerned enough that they have been actively sharing the intelligence with allies and partners over the last week. The National Security Council and State Department declined to comment and CNN has asked the Chinese and Russian embassies in Washington for comment.”

64. Was Malcolm X Betrayed by an African American CIA Agent Posing as a Mozambican Freedom Fighter?

The Covert Action Magazine published this story on February 21st saying that “new revelations breed suspicion that a campaign of CIA surveillance and attempted assassination of Malcolm during his travels in Africa was orchestrated by a member of the Liberation Front of Mozambique (FRELIMO) named Leo Milas.”

65. Sweden: SÄPO: An Uneasy Environment Increases the Threat to Sweden’s Security

On February 22nd the Swedish Security Service (SÄPO) announced that “Russia poses a serious threat to Sweden’s security and acts together with other authoritarian states such as China and Iran increasingly offensively. The development with an increased spread of conspiracy theories and anti-state messages contributes to a wider threat to the constitution as well as an increased threat of attacks.”

66. New Cyber Espionage Operation Targeting Medical and Shipping Organisations in Asia

Symantec Threat Intelligence published this technical analysis on February 22nd stating that “shipping companies and medical laboratories in Asia are being targeted in a likely intelligence-gathering campaign that relies exclusively on publicly available and living-off-the-land tools. Hydrochasma, the threat actor behind this campaign, has not been linked to any previously identified group, but appears to have a possible interest in industries that may be involved in COVID-19-related treatments or vaccines. This activity has been ongoing since at least October 2022. While Symantec, by Broadcom Software, did not see any data being exfiltrated in this campaign, the targets, as well as some of the tools used, indicate that the most likely motivation in this campaign is intelligence gathering.”

67. Canada: Why Chinese Diplomats Must Face Consequences for Alleged Election Interference

On February 19th the CBS News released this video with its description stating that “former Canadian diplomat to China Charles Burton reacts to the Globe and Mail report that secret and top-secret documents from the Canadian Security Intelligence Service (CSIS) revealed Beijing sought to ensure a Liberal minority government and the defeat of several Conservative candidates in the 2021 federal election. ‘If there are no consequences for the agents of the Chinese state, it would embolden them to do much more because they are able to fully get away with it,’ Burton said.”

68. India: My Hunch is Modi Will Bail Out Pakistan at Some Stage Later This Year, Says Former RAW Chief Dulat

Tribune India reported on February 25th that “former Research and Analysis Wing (RAW) chief AS Dulat feels that Prime Minister Narendra Modi may at some stage later this year hold out the olive branch to Pakistan and even “bail out” the neighbouring state which has been experiencing a political and economic crisis for the last few months. Dulat also warned of a “formidable” Iran-Russia-China axis coming into being while stating that India’s newfound ally US “is far away, our neighbours are nearer”. In an interview to PTI video, the former RAW director said, “Every time is the best time to talk to Pakistan. We need to keep our neighbours engaged.” He added that it was imperative to keep talks open with “a little more public engagement”. “In this year, my hunch is Modiji will bail out Pakistan. No inside information, but it is my hunch,” Dulat, who in his days as Research and Analysis Wing chief is believed to have run many deep penetration intelligence operations into the neighbouring country, said.”

69. Ex-ASML Employee Accused of Data Theft Is Being Probed for Ties to China

Bloomberg reported on February 24th that “investigators are looking at potential ties between the Chinese government and an ex-employee accused of stealing data from ASML Holding NV — a company critical to producing the world’s most advanced computer chips. The former employee, who was based in China, was identified as having potential ties to a Chinese state-sponsored entity and stealing the data on its behalf, according to two people familiar with the company’s probe, who asked not to be identified because the information isn’t public. The entity was one that has previously been linked to intellectual property theft, said the people, who didn’t provide the name of the group itself.”

70. Russia: Resident of Saratov Faces Espionage Charges for Acting as SBU Agent

Pugachevskoevremya from February 22nd, “a 20-year-old Saratov native living in Yaroslavl spied for the SBU. the day before, 20-year-old Irina was detained in Yaroslavl (hereinafter, the name has been changed. — Note ed.), who is suspected of preparing a terrorist attack. According to her, she worked for Ukraine and spied on the mobilised. After the arrest, the girl admitted that she gave information about what was happening on the territory of the Russian Federation: “I photographed the buildings where the collection of points of the mobilised … They wanted to blow it up. Gave information about the location, coordinates. For photos 7 thousand rubles. Today she was detained for … we wanted to set fire to a building in Karabikha … They collect parcels for mobilised people, — the girl in the video admits.”.”

71. Court Orders to Close International Good Neighbourhood Forum as Unlawful Organisation that Acted Against Lithuania

The Lithuanian Delfi reported on February 20th that “on 20 February, Vilnius Regional Court satisfied the request of the Prosecutor General’s Office in a civil case to liquidate the association the International Good Neighbourhood Forum, which was illegally established by Algirdas Paleckis in 2022 while in prison for spying for Russia.”

72. Cyber Espionage Operation Targeting Ukrainian City Councils

On February 23rd cyber threat intelligence analyst Arda Büyükkaya discovered and disclosed technical indicators of an active cyber espionage operation targeting Ukrainian City Councils (Pechersk and Khmelnytskyi). The campaign used emails impersonating notifications from the Pecherskyi District Court of Kyiv which contained a malicious attachment with a cyber espionage software implant.