SPY NEWS: 2024 — Week 37

SPY NEWS: 2024 — Week 37

Summary of the espionage-related news stories for the Week 37 (September 8–14) of 2024.

1. United States: AFIO — Covert City: The Cold War and the Making of Miami — by Dr Vince Houghton and Eric Driggs

The United States Association of Former Intelligence Officers (AFIO) published this video recording on September 8th. As per its description, “interview of Monday, 20 May 2024 with Dr Vince Houghton and Eric Driggs on their new book: Covert City: The Cold War and the Making of Miami (PublicAffairs Books, Apr 2024) on the history of how the entire city of Miami was constructed in the image of the US-Cuba rivalry. From the Bay of Pigs invasion to the death of Fidel Castro. Host: AFIO President James Hughes, a former senior CIA Operations Officer. They discuss secret operations, corruption, crime, and a city teeming with spies: why Miami was as crucial to winning the Cold War as Washington DC or Moscow. The interview runs 48 minutes. VINCE HOUGHTON PhD is the Director, National Cryptologic Museum. He is the former Historian and Curator of the International Spy Museum. He has a PhD in Diplomatic and Military History from the University of Maryland, where his research centered on US scientific and technological intelligence (nuclear intelligence) in the Second World War and early Cold War. His Masters, also from the University of Maryland, focused on the relationship between the United States and the Soviet Union. He has taught extensively at the middle school, high school, and university level, most recently at the University of Maryland, where he taught courses on the history of US Intelligence, US Diplomatic History, the Cold War, and the History of Science. Vince is a veteran of the United States Army, and served in the Balkans, where he worked closely with both civilian and military intelligence agencies in several capacities. Author of three books: Covert City: The Cold War and the Making of Miami (2024), Nuking the Moon (Penguin, 2019), and the Nuclear Spies (Cornell UP, 2019).”

2. United States/Italy/Libya: A Forth Triton for Sigonella

ItaMilRadar reported on September 8th that “yesterday morning, we tracked a US Navy Northrop Grumman MQ-4C “Triton” (reg. 169804) arriving at NAS Sigonella after a long flight directly from Florida. This drone joins three others already present at the Sicilian base since March 30, April 19 and July 18. As of today, there are three Tritons in Sicily, 169659, 169660, 169602 and, indeed, 169804. In recent months, we have seen the US Navy Tritons primarily operating over the Mediterranean, conducting surveillance missions off the coast of Libya and in the eastern Mediterranean.”

3. Israel/United Kingdom/Germany: IDF Investigation — Forged Hamas Documents Leaked to Foreign Media to Shape Public Opinion in Israel

YNet reported on September 8th that “at the end of the week, an internal investigation was opened in the IDF to try to find out who is making manipulative use of classified Hamas loot documents seized in Gaza — or those that were only allegedly taken from Hamas — and passing them on to the international media in order to try and influence public opinion in Israel on the subject of the abductees deal. The affair causes great concern and anger in the security establishment, and it is assumed that it will heighten the tension between it and Prime Minister Benjamin Netanyahu and his men, a tension that has reached a new peak anyway following the deep disagreement between the parties surrounding the deal. The anger concerns two publications from the last few days: the first in the British “Jewish Chronicle” , a small and uninfluential newspaper; and the second in the German “Bild” , the largest newspaper in the country and accordingly very influential. In both publications it is claimed to reveal internal and highly secret documents of Hamas, supposedly straight from Columbus or Yahya Sinwar’s computer. In both cases, the mindset, instructions and strategy of the leader of the organisation reflect exactly what Netanyahu claimed in his speech and interviews last week, according to which Sinwar is trying to sow division in the Israeli public, he is not really interested in the deal and plans to smuggle hostages through the tunnels under the Philadelphi corridor to Egypt and from there to Iran.”

4. China/Taiwan: TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign

The Hacker News reported on September 9th that “a previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers in Taiwan as part of a cyber attack campaign that commenced in 2024. Trend Micro is tracking the adversary under the moniker TIDRONE, stating the activity is espionage-driven given the focus on military-related industry chains. The exact initial access vector used to breach targets is presently unknown, with Trend Micro’s analysis uncovering the deployment of custom malware such as CXCLNT and CLNTEND using remote desktop tools like UltraVNC. An interesting commonality observed across different victims is the presence of the same enterprise resource planning (ERP) software, raising the possibility of a supply chain attack. The attack chains subsequently go through three different stages that are designed to facilitate privilege escalation by means of a User Access Control (UAC) bypass, credential dumping, and defense evasion by disabling antivirus products installed on the hosts.”

5. Germany/Russia: German Intelligence Says Russian GRU Group Behind NATO, EU Cyberattacks

Reuters reported on September 9th that “Germany’s domestic intelligence agency has warned against a cyber group belonging to Russian military intelligence (GRU) Unit 29155, saying it has carried out cyberattacks against NATO and EU countries. In a post on social media platform X on Monday, the Bundesverfassungsschutz said it was issuing the warning against the group known as UNC2589 alongside the FBI, U.S. cybersecurity agency CISA, the NSA and further international partners. The warning comes at a time of heightened anxiety in Europe over suspected Russian hackers and spies since Moscow’s invasion of Ukraine in 2022. Earlier this year, Berlin accused Russia of a slew of cyberattacks on Germany’s governing Social Democrats as well as companies in the logistics, defence, aerospace and IT sectors. In its warning, the intelligence agency said the group, also known as Cadet Blizzard or Ember Bear, conducts activities for the purpose of espionage and sabotage that often involve defacing websites and publishing stolen data. The GRU unit to which it belongs is known for its suspected involvement in the poisoning of former Russian double agent Sergei Skripal and his daughter Yulia in Britain in 2018, according to the agency.”

6. Italy/United States: Italian AISE Memorabilia Desk Holder

On September 9th we published this video. As per its description, “AISE is the Foreign Intelligence & Security Agency of Italy since 2007, and this is a rare memorabilia item that some AISE officers received in the early days of this spy agency. In this episode we also briefly present the reform that resulted in the establishment of AISE in 2007 using a leaked US diplomatic cable available on WikiLeaks.”

7. United States/China: Chinese Espionage In America — Influence and Information

Grey Dynamics published this article on September 8th. As per its introduction, “Chinese espionage in America has escalated. This includes attempts to gain information on the US military and also its assets through the purchasing of land near key installations. US infrastructure has also seen attempts by Chinese hackers to disrupt its operations. Additionally, surveillance equipment has been found in Chinese-made cranes in several key US ports. There have also been instances of Chinese espionage agents gaining access to US politics. Resulting in fears that China will attempt to influence American politics, potentially through social media and also direct access to US politicians. Key Judgment 1: It is highly likely that China will escalate attempts to gain information on the US military and associated assets. Key Judgment 2: It is highly likely that Chinese espionage in America will increasingly target critical infrastructure. Key Judgment 3: It is highly likely that China will attempt to infiltrate and influence American politics through espionage.”

8. Yemen/United States: Yemen Hits US MQ-9 Drone over its Territory

Mehr News Agency reported on September 8th that “the Yemeni army shot down the American drone while it was carrying out hostile actions in the airspace of Marib province, Saree said. According to him, this is the eighth MQ-9 drone of its kind that Yemeni forces have shot down.”

9. France/Russia: Military Intelligence Agency Looks to OSINT to Help Track Russian Interception Systems

Intelligence Online reported on September 9th that “monitoring Russia’s new jamming systems, which are ever-evolving on the frontline, is critical for Western military intelligence. To this end, the French services keep track of findings from experts online and try to combine them with their own technical capabilities.”

10. Netherlands/Russia: Netherlands Wants to Ban Free Travel of Russian Diplomats over Espionage Concerns

NL Times reported on September 9th that “the Netherlands and seven other EU countries are lobbying together to restrict travel for Russian diplomats in the European Union. They want to restrict these diplomats’ free travel to the country in which they are accredited instead of allowing them free travel in the Schengen zone. This is due to suspicions that many Russian diplomats are actually secret agents involved in influencing operations, sabotage, and espionage, Trouw reports.”

11. Ukraine/Russia: SBU Detained GRU Agent in Kyiv

On September 9th Ukraine’s Security Service (SBU) announced that they “the SBU detained an agent of the Russian GRU, who set “video traps” for online correction of strikes on Kyiv. The Security Service detained an agent of the Russian military intelligence, better known as GRU, in Kyiv. The perpetrator adjusted missile and drone strikes on the city and committed arson at the facilities of Ukrzaliznytsia. The enemy’s priority targets were thermal power plants, power line supports and power equipment at railway junctions. The detainee turned out to be a resident of Kharkiv. To recruit him, the Russian intelligence service used one of the Telegram channels, on which the man was looking for offers of “easy earnings.” On the instructions of Russian intelligence, the agent arrived in Kyiv, where he rented an apartment in a high-rise building with a view of the local TPP. In the temporary apartment, the person involved installed a video camera with a remote access program, which allowed the occupants to monitor the energy facility in “real time” mode. According to the same instructions, the traitor equipped an “observation point” in another rented apartment near the capital. In addition, the agent installed disguised video recording devices, so-called video traps, to monitor power line strikes. In this way, the aggressor planned to record the consequences of new airstrikes in the Kyiv region and at the same time identify the locations of anti-aircraft defences, tracking the “exits” of missiles on video. After preparing “observation posts”, the agent returned to Kharkiv under the guise of visiting his parents, but in reality to set fire to a relay cabinet on a strategic railway line. The counter-intelligence of the Security Service documented every step of the person involved, and at the final stage of the special operation, detained him in one of the rented apartments in Kyiv. At that time, the attacker was setting up a new video camera for online recording of air attacks on the city. During the searches, phones and video devices with evidence of intelligence and subversive activities in favor of the Russian Federation were seized from the detainee.”

12. Iran/United States: Iranian-linked Websites Set Up Targeting US Minority, Veteran Voters

Politico reported on September 9th that “a network of fake news websites with pro-Iranian leanings is spreading disinformation linked to the upcoming U.S. elections, targeting minority and veteran voters among other groups, according to findings from a hawkish think tank made public Friday. The websites are the latest indication of Iranian-linked efforts to interfere in the U.S. election process, and the findings are likely to exacerbate concerns about how widespread Iran’s disinformation efforts are on U.S. websites. Researchers at the Foundation for Defense of Democracies identified a network of at least 19 websites that posed as either news or as analysis sites. These sites, findings on which were shared first with POLITICO, include “Afro Majority,” a website that spreads favorable content on Vice President Kamala Harris and on Black Lives Matter, among other initiatives. Another site is “Not Our War,” which publishes posts critical of both President Joe Biden and former President Donald Trump mostly aimed at U.S. veterans. Five of the websites in the network had been previously identified by other researchers. The FDD findings show that those sites are part of an expansive and coordinated influence operation. All the websites appeared to spread at least a few pro-Iranian fake news or op-ed pieces, such as items praising the Iranian government’s response to recent protests on U.S. college campuses against the war in Gaza. While FDD did not formally link the sites to the Iranian government, five of the websites have been previously linked by other organizations to Tehran. Microsoft exposed two of the websites, billing themselves as “Savannah Time” and “Nio Thinker” last month as having ties to the Iranian government. Savannah Time billed itself as a news outlet for the city of Savannah, Georgia, a swing state region, while Nio Thinker posed as a left-leaning site with content aimed at reducing support for Trump. Many of the websites used artificial intelligence, including OpenAI’s ChatGPT, to generate content for the pages. OpenAI also flagged Savannah Time and Nio Thinker last month, along with three other linked websites, and described them as part of an “Iranian influence operation.” A website titled “Westland Sun” was also found by OpenAI, which appeared to target U.S. voters in Michigan, a key swing state for the November election.”

13. Saudi Arabia: Executed Three Citizens for Inciting Terrorism

Al Arabiya reported on September 8th that “Saudi Arabia executed three citizens for committing acts of treason against the Kingdom, the Ministry of Interior announced Sunday in a statement. According to the ministry, the three nationals were accused of “providing support to terrorist entities, communicating with them, adopting a terrorist approach that permits the shedding of blood, money, and honor, and inciting people to carry out terrorist acts with the aim of undermining the security and stability of society. The death sentence was carried out on Sunday in the Riyadh region. The individuals, Talal bin Ali bin Khanifis Al Hudhli, Majdi bin Muhammad bin Attian Al Kaabi and Rayed bin Amer bin Matar Al Kaabi, were referred to the Public Prosecution where they were charged. They were sentenced to death by the Specialized Criminal Court.”

14. Lebanon/Israel: Islamic Resistance Targets Enemy’s Spy Equipment in Al-Malikiyah, Ruwaisat Al-Alam

The National News Agency of Lebanon reported on September 8th that “the Islamic Resistance issued two communiques on Sunday, indicating that in support of the steadfast Palestinian people in the Gaza Strip, the Resistance fighters targeted at 09:30 a.m. today the enemy’s espionage equipment at the al-Malikiyah post and at 12:15 p.m. its spy equipment at the Ruwaisat al-Alam post in the occupied Lebanese hills of Kfar Shuba with appropriate weapons, directly hit it and leading to its destruction.”

15. Ukraine/Russia: SBU Detained Saboteur in Poltava

On September 9th Ukraine’s SBU announced that they “ detained a Russian agent who set fire to Ukrzaliznytsia facilities in Poltava region. Under the “sight” of the enemy were relay cabinets on the main railway lines of the region. In order to commit sabotage, the occupiers remotely engaged a local resident from the Lubensky district of the region. He came to the attention of the Russian intelligence services when he was looking for “easy money” in Telegram channels. To complete the enemy’s mission, the figurehead tracked the locations of potential targets and then watched them through binoculars, choosing a “convenient time” to fire. At the same time, the attacker purchased auxiliary means — a flammable mixture, protective gloves, a knife and a multi-functional hammer for breaking the doors of power equipment. Having thus prepared, he set fire to the relay cabinet and recorded the fire on his phone camera. According to the investigation, the attacker planned to continue the series of arsons. Law enforcement officers detained the suspect when he was conducting reconnaissance near the new “target”. A mobile phone with evidence of communication with the occupiers, as well as tools for committing arson, were seized from the detainee.”

16. Norway/Russia: Russia’s Espionage War in the Arctic

The New Yorker reported on September 9th that “it was polar winter, one long night. The lakes had frozen in the Far North, and the foxes and the grouse had shed their brown fur and feathers in favor of Arctic white. To survive the months of snow and ice, predators resort to camouflage and deception. But so do their prey. In the small town of Kirkenes — in the northeastern corner of Norway, six miles from the Russian border — the regional counterintelligence chief, Johan Roaldsnes, peered out his office window at the fjord below. There were eight Russian fishing trawlers docked outside, housing at least six hundred Russian sailors. The phone rang. The caller was a government employee who worked at the local port. It was not uncommon for Russian trawlers to stop in Kirkenes, but some of these were not among the usual ships. One of them, a fish-processing vessel named Arka-33, had docked weeks earlier and hadn’t left. “Seems a bit much,” the caller said. “Might be,” Roaldsnes replied. Uncertainty was his profession. He walked out of his office, into the cold, and past the church from which the town had taken its name: Kirkenes, “church on the promontory.” There were two clocks on the spire. They showed different times, neither of which was correct. It was late December, 2022, almost a year since the beginning of Russia’s full-scale invasion of Ukraine. Roaldsnes had not seen the sun in a month; it wouldn’t rise again for another. Locals call these months the mørketid — the dark time. Most of the time, you can’t see what’s around you, even if you know that it’s there. Arka-33 was larger than many buildings in town. Before docking, its captain had given only the required twenty-four hours’ notice to Norwegian port authorities. The ship belongs to a Russian crab-fishing company whose C.E.O., according to the OpenSanctions database, used to run at least two private security companies. His wife — who was previously listed as C.E.O. — is a member of the Russian parliament and appears on various sanctions lists. As Roaldsnes drove through the dock yard, he noted that Arka-33 was moored in a position that is used by the Norwegian military’s primary electronic-intelligence-collection vessel when it stops in Kirkenes. A fishing boat was no longer just a fishing boat, in the eyes of Norwegian authorities. That summer, the Russian government had declared that commercial vessels could be co-opted by the military for any purpose. The fjords of Kirkenes open up to the Barents Sea, just a few miles from where the Russian Navy’s Northern Fleet has engaged in espionage and nuclear-war preparations since the earliest days of the Cold War. Locals in Kirkenes, a town of thirty-five hundred people, noticed that Russian fishermen were younger than those who had come before the war in Ukraine, and that they sometimes did physical-training exercises on the decks of their ships.”

17. United States: Team House — Catching America’s Most Damaging Spy | Eric O’Neill

On September 10th the Team House published this podcast episode. As per its description, “Eric O’Neill’s career began in the FBI’s counterintelligence trenches as an undercover operative. Since then, he has spent decades as a national security attorney, corporate investigator, and national cybersecurity strategist. He speaks to thousands each year across the globe, inspiring audiences to protect themselves and giving them actionable tools to do so.”

18. North Korea/Russia/South Korea: Kimsuky-linked Hackers Use Similar Tactics to Attack Russia and South Korea

The Record reported on September 9th that “the threat actor known as Konni, which has been previously linked to the North Korean state-sponsored group Kimsuky, is intensifying its attacks on South Korea and Russia, according to a recent report. The group employs similar tactics, techniques and procedures in its attacks on both Moscow and Seoul, said researchers at the South Korean cybersecurity company Genians. The primary goal of these attacks is cyber espionage. Since at least 2021, Konni has targeted the Russian Ministry of Foreign Affairs, the Russian Embassy in Indonesia and several unnamed South Korean enterprises, including a tax law firm. For example, in January 2022, Konni targeted Russian embassy diplomats during the winter holidays with emails carrying New Year greetings in an attempt to infect them with malware. According to Genians, the group’s activity dates back to 2014 and continues to this day. The suspected North Korean hackers use phishing emails to gain initial access to targeted systems, often using topics such as taxes, scholarships and finance as lures in the malicious emails. Konni’s custom remote access trojan grants the attackers full control over the infected systems. In attacks on both Russia and South Korea, the group uses similar techniques to connect infected devices to hacker-controlled command servers (C2). In both cases, malicious modules are installed on victims’ devices through executable files, and the process of connecting to the C2 server is carried out through internal commands, according to Genians.”

19. Poland/Russia/Belarus: Poland Breaks Up Cyberattack Ring Linked to Russian/Belarusian Intelligence Services

TVP World reported on September 9th that “Poland’s security services have jointly identified and dismantled a ring of ‘cyber-saboteurs’ involved in data theft, blackmail, and “conducting de facto cyberwar,” the minister of digital affairs has said. Speaking at a press conference on Monday, Krzysztof Gawkowski said the group’s activities targeted companies operating in the security domain. He said the group had first targeted the Polish Anti-Doping Agency, which formed part of a wider strategy aimed at entering other state institutions at the level of local authorities and public companies working in the security field. Gawkowski said all the institutions targeted had been informed by cybersecurity agencies. “They are subject to operational procedures, but the operational aims set by the adversaries, i.e., gaining entry, data theft, and later blackmail, have been halted,” Poland’s state news agency, PAP, reported him as saying. He added that the ultimate goal of the cyber-saboteurs had been paralysis of the Polish state politically, economically and militarily.”

20. Sweden: Largest Airport Temporarily Closed Due to Unidentified Drones

United 24 Media reported on September 9th that “Sweden’s largest airport, Arlanda Airport near Stockholm, was temporarily closed for several hours on the night of September 9 due to an incident involving unidentified drones. The closure affected both arrivals and departures. According to SVT, the Swedish Civil Aviation Authority reported that at the beginning of the day, at least four unmanned aerial vehicles (UAVs) of various sizes were detected in the vicinity of the airport. The type of these drones remains undetermined. The airport’s operations were suspended at around 2:00 AM, leading to the diversion of five flights to nearby airports in Nyköping and Gothenburg. Operations resumed at 3:30 AM after the drones had cleared the area. Swedish police have launched an investigation into the disruption, with spokesperson Daniel Vikdahl stating that authorities suspect the incident was intentional but have not disclosed further details due to confidentiality concerns. The Swedish Armed Forces have confirmed their awareness of the situation and are coordinating with the airport administration.”

21. China/Southeast Asia: Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

The Hacker News reported on September 9th that “the China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia. “This threat actor used Visual Studio Code’s embedded reverse shell feature to gain a foothold in target networks,” Palo Alto Networks Unit 42 researcher Tom Fakterman said in a report, describing it as a “relatively new technique” that was first demonstrated in September 2023 by Truvis Thornton. The campaign is assessed to be a continuation of a previously documented attack activity aimed at an unnamed Southeast Asian government entity in late September 2023.”

22. France: Emmanuel Macron, Pavel Durov and the DGSE: The Secret Story of France’s Failed Attempt to Turn Telegram Founder

Intelligence Online reported on September 9th that “Durov’s arrest in France last month caused a frenzy of media and diplomatic activity, but aside from the judicial aspect, the full story had, until now, not been revealed. Intelligence Online spoke to sources who have worked on the case, and they outline a failed operation to get him to switch allegiance.” Intelligence Online also stated on X about it that “the arrest of Pavel Durov in France on 24 August caused a major media and diplomatic frenzy, but apart from the judicial aspect, the secret story has not yet been disclosed. Intelligence Online spoke to a number of sources who have worked on the Durov case, in Paris and elsewhere, in recent years. They disclosed the details of a failed operation to get him to switch allegiance, which was mainly unsuccessful due to a lack of political and administrative support.”

23. Russia: Court of Appeal Upheld the 14-year Sentence for 78-year-old Novosibirsk Scientist Anatoly Maslov in a Treason Case

Media Zone reported on September 9th that “the Second Court of Appeal of St. Petersburg has rejected the appeal against the sentence of 78-year-old physicist Anatoly Maslov, who was sentenced to 14 years in a maximum security penal colony in a case of treason. This was reported by a SotaVision correspondent. The hearing was held behind closed doors. After the court’s decision, Maslov’s lawyer Olga Dinze told journalists that his health was “consistently poor”: the scientist has heart and vascular problems. According to Dinze, Maslov is also morally depressed. The scientist was sentenced to 14 years in a maximum security penal colony in May by the St. Petersburg City Court. Before that, Maslov had been in custody for almost two years. Three months before the sentence, he suffered a heart attack in a pretrial detention centre. Before his arrest , Maslov worked as a chief researcher at the Institute of Theoretical and Applied Mechanics of the Siberian Branch of the Russian Academy of Sciences, located in Novosibirsk. His main area of ​​work was aerogasdynamics.”

24. North Korea: Threat Assessment: North Korean Threat Groups

Palo Alto Unit 42 published this intelligence report on September 9th. As per its executive summary, “Lazarus has been used in public reporting as an umbrella term for threat actors from the Democratic People’s Republic of Korea (DPRK), commonly referred to as North Korea. However, many of these threat actors can be classified into different groups under the Reconnaissance General Bureau (RGB) of the Korean People’s Army. Over the years, the RGB has revealed at least six threat groups that we designate as: Alluring Pisces (Bluenoroff (PDF)), Gleaming Pisces (Citrine Sleet), Jumpy Pisces (Andariel), Selective Pisces (TEMP.Hermit (PDF)), Slow Pisces (TraderTraitor), Sparkling Pisces (Kimsuky). These groups develop their own distinct set of malware that they have used to facilitate diverse types of operations, including: Intelligence gathering missions, Asset recruitment, Destructive attacks, Financial crime. North Korean threat groups are a focus area in the 2024 MITRE ATT&CK enterprise evaluation. This threat assessment reviews the different North Korean threat groups that we track. We’ll also review 10 malware families observed in recent attacks carried out by North Korean threat groups. This includes malware for all three major operating systems: Windows, macOS and Linux.”

25. Bangladesh: Post-revolution Purge Worries Bangladeshi Cyber Intelligence Contractors

Intelligence Online reported on September 10th that “after the fall of prime minister Sheikh Hasina, Bangladesh’s new interim government is seeking to clean up its cyber-intelligence contracts, in particular to find out who was indirectly involved in repressing the protests that led to regime change.”

26. United States/Italy/Libya: Libyan US Missions

ItaMilRadar reported on September 10th that “this morning, a US Navy Northrop Grumman MQ-4C (reg. 169659 — c/s BLACKCAT6) took off from NAS Sigonella for a SIGINT mission off the coast of Libya. The drone focused particularly on western Libya, especially in the area off Misurata. At the same time, a USAF Lockheed C-130J (reg. 15–5831) also took off from Sigonella, heading towards Misurata, where it landed. It is interesting to note the concurrence of the two missions, as it is possible they may be connected.”

27. Ukraine/Russia: SBU Announced 15 Year Prison Term for FSB Agent Detained in April 2022

On September 10th Ukraine’s SBU announced that “an FSB agent who corrected missile strikes on Zaporizhzhia received 15 years in prison. The intruder helped the occupiers prepare new series of missile and drone strikes on the front-line territory of the region. Under the enemy’s sights were the places of the greatest concentration of personnel and military equipment of the Defence Forces, which are involved in combat operations on the southern front. In addition, the agent tried to establish and transfer to the aggressor the locations of strongholds and fortified areas of Ukrainian troops near the front line. SBU officers documented his intelligence activities and detained him in advance while he was carrying out a hostile mission in April 2022. According to the materials of the Security Service, the court sentenced him to 15 years in prison with confiscation of property, namely an apartment in the regional centre and a car. As the investigation established, the enemy accomplice turned out to be a resident of one of the front-line villages of the region, who was remotely recruited by the FSB through the blogger Yuriy Podolyak. To collect intelligence, the agent traveled around the area, where he secretly recorded the locations of units of the Armed Forces, and passed the information he received to Podolyak, who then “reported” to the FSB. During the search, computer equipment and a mobile phone, which he used in criminal activities, were seized from the detainee.”

28. Russia/United Kingdom: Russia Expels Six UK Diplomats over ‘Subversive Activities’ and Espionage Allegations

EuroNews reported on September 13th that “the diplomats’ activities threatened Russia’s security and were aimed at ensuring Moscow’s defeat in its war against Ukraine, according to domestic media. Six British diplomats in Russia have been accused of spying and have had their accreditation revoked, the Kremlin’s security agency FSB said on Friday. Russian state TV quoted an FSB official as saying that they would be expelled. The FSB claimed that it received documents indicating that they were sent to Russia by a division of the UK Foreign Office “whose main task is to inflict a strategic defeat on our country” and that they were involved in “intelligence-gathering and subversive activities”. The move comes two days after the US and UK pledged nearly €1.35 billion in additional aid to Kyiv and as Ukrainian officials renewed their pleas to use Western-provided missiles against targets deeper inside Russia. The FSB warned that “if similar actions are detected among employees of the British diplomatic mission, the FSB will demand early termination of their missions in the Russian Federation.”.”

29. United States/China: Former CIA Officer Sentenced to 10 Years in Prison for Conspiracy to Commit Espionage

US Department of Justice issued this press release on September 11th stating that “Alexander Yuk Ching Ma, 71, of Honolulu, a former Central Intelligence Agency (CIA) officer, was sentenced today to conspiring to gather and deliver national defense information to the People’s Republic of China (PRC). Ma was arrested in August 2020, after admitting to an undercover FBI employee that he had facilitated the provision of classified information to intelligence officers employed by the PRC’s Shanghai State Security Bureau (SSSB). According to court documents, Ma worked for the CIA from 1982 until 1989. His blood relative (identified as co-conspirator #1 or CC #1 in court documents), who is deceased, also worked for the CIA from 1967 until 1983. As CIA officers, both men held Top Secret security clearances that granted them access to sensitive and classified CIA information, and both signed nondisclosure agreements. As Ma admitted in the plea agreement, in March 2001, over a decade after he resigned from the CIA, Ma was contacted by SSSB intelligence officers, who asked Ma to arrange a meeting between CC #1 and the SSSB. Ma convinced CC #1 to agree, and both Ma and CC #1 met with SSSB intelligence officers in a Hong Kong hotel room for three days. During the meetings, CC #1 provided the SSSB with a large volume of classified U.S. national defense information in return for $50,000 in cash. Ma and CC #1 also agreed to continue to assist the SSSB. In March 2003, while living in Hawaii, Ma applied for a job as a contract linguist in the FBI’s Honolulu Field Office. The FBI, aware of Ma’s ties to PRC intelligence, hired Ma as part of a ruse to monitor and investigate his activities and contacts with the SSSB. Ma worked part time at an offsite location for the FBI from August 2004 until October 2012. As detailed in the plea agreement, in February 2006, Ma was tasked by the SSSB with asking CC #1 to identify four individuals of interest to the SSSB from photographs. Ma convinced CC #1 to provide the identities of at least two of the individuals, whose identities were and remain classified U.S. national defense information. Ma confessed that he knowingly and willfully conspired with CC #1 and SSSB intelligence officers to communicate and transmit information that he knew would be used to injure the United States or to advantage the PRC. In court documents and at today’s sentencing hearing, the government noted that Ma was convicted of a years-long conspiracy to commit espionage, a serious breach of national security that caused the government to expend substantial investigative resources. The government also noted that Ma’s role in the conspiracy was to facilitate the exchange of information between CC #1 and the SSSB, which consisted of classified CIA information that CC #1 had obtained between 1967 and 1983. Under the terms of the plea agreement, Ma must cooperate with the United States for the rest of his life, including by submitting to debriefings by U.S. government agencies. At the sentencing hearing, government counsel told the court that Ma has been cooperative and has taken part in multiple interview sessions with government agents. Ma has been sentenced to 10 years in prison, followed by five years of supervised release.”

30. China/Southeast Asia: Chinese ‘Crimson Palace’ Espionage Campaign Keeps Hacking Southeast Asian Governments

The Record published this on September 10th, stating that “a high-stakes cat and mouse game between defenders and a sophisticated trio of Chinese cyberespionage groups has continued this year, with the hackers launching a string of attacks on government organizations in Southeast Asia despite attempts to disrupt their activity. Researchers at Sophos published on Tuesday its second report covering what they call Crimson Palace — a Southeast Asia-based espionage campaign run by Chinese state-backed hackers. Sophos examined activities last year by the three groups carrying out the campaign but after a brief hiatus researchers saw renewed activity from two of them in the fall of 2023 and throughout this year. “We’ve been in an ongoing chess match with these adversaries,” said Paul Jaramillo, director of threat hunting and threat intelligence at Sophos. The three groups — which Sophos calls Cluster Alpha, Cluster Bravo and Cluster Charlie — each have ties to Chinese state-backed groups previously identified by other companies and governments, including APT15 and a subgroup of APT41 known by some researchers as “Earth Longzhi.” The groups are still launching attacks and are now expanding their operations, attempting to infiltrate other organizations across Southeast Asia. “Given how frequently Chinese nation-state groups share infrastructure and tools, and the fact that Cluster Bravo and Cluster Charlie are moving beyond the original target, we will likely continue to see this campaign evolve — and in potentially new locations,” Jaramillo said. The report follows up on one released in June about attacks on an unnamed government organization. Even after Sophos incident responders identified the groups and disrupted their operation, the activity continued and expanded to “numerous” other organizations in the region, according to Sophos.”

31. United States: FLETC — Fundamentals of Rural Surveillance Training Film (1993)

On September 11th we published this video in our archived content/footage playlist. As per its description, “this, now publicly available, training film was produced by the United States Federal Law Enforcement Training Center (FLETC) in 1993 to provide federal law enforcement personnel training on the basic concepts of rural surveillance. The fundamentals of rural surveillance course includes how to remain unseen, clandestine information gathering, as well as some of the most common (at the time) tactics, techniques and procedures (TTPs).”

32. Ukraine/Russia: SBU Detained Russian Agent in Kramatorsk

Ukraine’s SBU announced on September 11th that they “detained a Russian informant who was spying on the artillery of the Armed Forces of Ukraine near Chasiv Yar. The attacker was spying on the Ukrainian troops defending the Kramatorsk area. First of all, the agent tried to identify the combat positions of the artillery of the Armed Forces of Ukraine, which is keeping under fire control the assault groups of the invaders trying to seize Chasiv Yar. The enemy was also interested in the locations of the largest concentration of military equipment and ammunition depots of the Defence Forces. To collect intelligence, the occupiers remotely involved a 52-year-old resident of Druzhkivka near the front. To recruit the man, the Russians used an acquaintance of his, who left Ukraine for the Russian Federation in 2014, and later joined the operative assignment brigade of the Russian Guard. Being in the temporarily occupied part of the territory of Donetsk region, the militant performed the function of “liaison” and passed on information to the Russians. The Security Service promptly exposed the Russian agent in Druzhkivka, documented his criminal actions and detained him. During the searches, his mobile phone and SIM cards, which he used to communicate with the aggressor, were seized.”

33. United States: CIA Operative Reveals the Hunt for Deadliest Hezbollah Assassin — The Ghost | Fred Burton

The Reed Morin Show published this podcast episode on September 13th. As per its description, “Fred Burton is a former counterterrorism expert with decades of experience working for the U.S. State Department’s Diplomatic Security Service (DSS). He led high-profile investigations into terrorist attacks and was instrumental in tracking down some of the world’s most dangerous figures, including Hezbollah’s elusive assassin known as The Ghost. With deep expertise in intelligence and counterterrorism, Fred has contributed to numerous covert operations that shaped U.S. foreign policy. Today, he serves as a senior executive at Stratfor, a global intelligence company, where he continues to analyze threats and train the next generation of security professionals.”

34. Albania/Turkey: Bayraktar Patrol Mission

ItaMilRadar reported on September 11th that “for the first time, we have tracked a mission of an Albanian Air Force Bayraktar TB2 (reg. T533), departed from Kuçovë AB, along the coast of Albania, in the Adriatic Sea. The drone operated within Albanian airspace, following a trajectory concentrated west of Vlora, as shown on the map. This mission represents a significant development for military operations in the region, as the Bayraktar TB2 is known for its surveillance and precision strike capabilities. Traditionally used in various conflict scenarios by countries such as Turkey and Ukraine, the deployment of this drone by the Albanian Air Force marks a strengthening of the defense and monitoring capacities of the Balkan nation. The importance of this mission also lies in the regional context. Albania, as a NATO member, may have initiated more frequent and advanced surveillance missions, thanks to the integration of technologically advanced weapon systems like the Bayraktar TB2. This drone, equipped with cutting-edge sensors and long-endurance flight capabilities, can gather real-time intelligence, contributing to national security as well as that of the Atlantic Alliance. This first documented tracking highlights how Albania is enhancing its monitoring and defense capabilities, making it possible to more effectively control its airspace and strategic maritime routes, especially in the context of growing security concerns in the Mediterranean and Adriatic regions.”

35. United States: Spymaster Kamala Harris’s Intelligence Apprenticeship

Intelligence Online reported on September 11th that “even before becoming the unexpected Democratic candidate for the White House, Kamala Harris was already familiar with the players, workings and challenges of intelligence, having sat on the Senate Intelligence Committee, and then serving as vice president.” They also stated on X about this that “if Kamala Harris is elected US president she will find herself in a world of intelligence where she is already at ease. At the White House, the President’s Daily Brief and the vice-president’s leading role in space policy enabled Kamala Harris to familiarise herself with the intricacies and challenges of intelligence. As senator, Kamala Harris had a coveted seat on the intelligence committee, which gave her privileged access to the inner workings of US national security policy. Senator Harris distinguished herself in 2018 by opposing parts of the Foreign Intelligence Surveillance Act. Six years later, the Biden-Harris administration requested and obtained their own renewal of these tools considered vital by intelligence agencies. This U-turn raises questions about Kamala Harris’s real position in the often tense relationship between intelligence agencies and defenders of civil liberties.”

36. Russia/Ukraine: FSB Has Opened a Case of Treason Against a Resident of the Murmansk Region, He is Suspected of Transmitting Data to the Armed Forces of Ukraine

Media Zone reported on September 12th that “a resident of the Murmansk region born in 1989 is suspected of collaborating with the armed forces of Ukraine. TASS and Murmansky Vestnik write about this with reference to the regional FSB department. A case of treason (Article 275 of the Criminal Code) was opened against the man. According to investigators, the Murmansk resident contacted representatives of the Ukrainian Armed Forces via a messenger and passed on to them “information related to official secrets in the field of defence.” The name of the suspect and other details of the case are not yet known. As the FSB emphasised in a press release, “in the context of an armed conflict,” this data “can be used against the Russian Armed Forces, other troops, military formations and bodies of the Russian Federation.” “The fact that representatives of the Ukrainian special services obtained this information created a real threat to the security of Russia and its armed forces,” TASS quotes the security forces as saying.”

37. Ukraine/Russia: SBU Detained GRU Agent in Zaporizhzhia

On September 12th Ukraine’s SBU announced that they “detained a Russian GRU informant who turned his apartment into an “observation post” for the Defence Forces in Zaporizhzhia. As a result of a special operation in the regional centre, a Russian informant who spied on units of the Armed Forces was detained. The enemy agent turned out to be a local IT specialist who worked for a staff member of the Main Directorate of the General Staff of the Russian Armed Forces (better known as GRU). According to the instructions of the occupier, the suspect set up an “observation post” in his own apartment to covertly monitor the locations of the Defence Forces. For this purpose, the informant purchased and installed tactical binoculars with a high magnification, a rangefinder and a compass in the apartment of a multi-story building. With the help of specialised optics, the person involved hoped to detect the positions of air defence and Ukrainian artillery, in particular the HIMARS reactive artillery systems. The attacker also tracked the routes of military convoys and the location of Defence Forces fortifications. He transmitted the information he received to his Russian handler through an anonymous chat in the messenger. According to the coordinates of the informant, the occupiers planned to carry out a new series of missile and drone strikes on the front-line territory of the region. The Security Service exposed the enemy henchman early and detained him in his own apartment. Prior to that, comprehensive measures were taken to secure the locations of Ukrainian troops. During the search of the detainee’s apartment, optics and a mobile phone, which he used in criminal activities, were seized.”

38. United States/Soviet Union: Declassified Memo from US Codebreaker Sheds Light on Ethel Rosenberg’s Cold War Spy Case

Associated Press published this article on September 11th stating that “a top U.S. government codebreaker who decrypted secret Soviet communications during the Cold War concluded that Ethel Rosenberg knew about her husband’s activities but “did not engage in the work herself,” according to a recently declassified memo that her sons say proves their mother was not a spy and should lead to her exoneration in the sensational 1950s atomic espionage case. The previously unreported assessment written days after Rosenberg’s arrest and shown to The Associated Press adds to the questions about the criminal case against Rosenberg, who along with her husband, Julius, was put to death in 1953 after being convicted of conspiring to steal secrets about the atomic bomb for the Soviet Union. The couple maintained their innocence until the end, and their sons, Robert and Michael Meeropol, have worked for decades to establish that their mother was falsely implicated in spying. The brothers consider the memo a smoking gun and are urging President Joe Biden to issue a formal proclamation saying she was wrongly convicted and executed. Historians have long regarded Julius Rosenberg as a Soviet spy. But questions about Ethel Rosenberg’s role have simmered for years, dividing those who side with the Meeropols and say she had zero role in espionage from some historians who contend there’s evidence she supported her husband’s activities.”

39. United States/China: Chinese Cargo Cranes at US Ports Pose Espionage Risk, Probe Finds

The Wall Street Journal reported on September 12th that “Chinese cargo cranes used at U.S. seaports around the country have embedded technology that could allow Beijing to covertly gain access to the machines, making them vulnerable to espionage and disruption, according to a yearlong congressional investigation. The probe, conducted jointly by the Republican majorities of the House Homeland Security Committee and Select Committee on the Chinese Communist Party, found that the China-based manufacturer of the cranes, ZPMC, had at times pressured port operators to allow the company to maintain remote access. “Some ports insist on securing their assets, but many cave to the pressure,” the report said, adding that ZPMC had shown particular interest in requesting remote access to its cranes located on the West Coast. Pushing back on ZPMC’s requests, it said, is “difficult for customers who are looking to get the lowest price or guarantee a robust warranty policy.” Though ostensibly done for diagnostic and maintenance purposes, the committees said the cellular modems built into the cranes could potentially allow access by the Chinese government due to the country’s national-security laws that mandate companies cooperate with state intelligence agencies. In some cases, the investigation uncovered instances where cranes came with cellular modems installed without the knowledge of port authorities and done so beyond the scope of contracts with ZPMC. The modems, the report said, “created an obscure method to collect information, and bypass firewalls in a manner that could potentially disrupt port operations.” It isn’t unusual for modems to be installed on cranes or manufacturing equipment to capture data and improve operations. But the prospect of a direct conflict with China over Taiwan or other issues heightens the risks posed to the U.S., the committees said.”

40. France/Poland/United States/Ukraine: David Boisseau Takes on Wide Int, Warsaw’s GEOINT Tool, IronFlight.ai Raises Funds

Intelligence Online reported on September 12th that “from SIGINT to GEOINT and OSINT, with a dose of cyber, each week we report on events both big and small that matter in the community of technical intelligence providers.” And also stated on X about it that “from SIGINT to GEOINT and OSINT, with a dose of cyber, each week we report on events both big and small that matter in the community of technical intelligence providers. David Boisseau takes control of forensics specialist Wide Int. Poland tests GEOINT data analysis platforms. Ukrainian-US drone maker IronFlight.ai raises cash to develop tools.”

41. Ukraine/Russia: SBU Detained 5 Saboteurs in Kyiv

On September 12th Ukraine’s SBU announced that they “detained 5 arsonists-provocateurs who carried out the “orders” of the Russian intelligence services in Kyiv. The main “targets” of the participants were SUVs and minibuses of the Armed Forces. At the behest of rioters, the perpetrators set fire to 5 official cars of Ukrainian defenders in three districts of the city. Next to the damaged vehicle, the attackers left provocative leaflets aimed at discrediting the Defence Forces. In this way, the enemy hoped to destabilize the socio-political situation in the capital region, issuing commissioned arsonists for money from the Russian Federation under the guise of “work” of the allegedly anti-Ukrainian underground. As the investigation established, the perpetrators acted in two groups of two, one more “worked” independently. They are residents of Sumy, Poltava, and Mykolaiv regions aged 21 to 29. The persons involved came to Kyiv to earn money. During the search for “easy money” in Telegram channels, representatives of the special services of the Russian Federation came to the youth and offered cooperation. Under the instructions of the occupiers, the perpetrators first found potential targets and sent relevant photos to their Russian handlers for approval. Then they arrived at the parking lots of military vehicles, set them on fire with a flammable mixture and recorded the fires on the cameras of their own phones for “reporting” to the aggressor. After that, they hoped to receive a reward from the occupiers, but they never saw the promised money. Officers of the Security Service of Ukraine and the National Police detained all those involved “on hot pursuit” in various districts of Kyiv. Incendiary devices, homemade anti-Ukrainian leaflets and mobile phones with evidence of crimes were seized from them.”

42. Israel/Palestine: Head of Israeli Spy Agency Unit 8200 Resigns over 7 October Failings

The Guardian reported on September 12th that “the commander of Israel’s military surveillance agency, Unit 8200, has announced his resignation, publicly accepting responsibility for failings that contributed to the deadly 7 October attacks. Yossi Sariel said on Tuesday that he had informed his superiors of his intention to step down after the completion of an initial investigation into Unit 8200’s role in failures surrounding the Hamas-led assault last year. In an emotional four-page letter to staff, Sariel said: “I did not fulfil the task I expected of myself, as expected of me by my subordinates and commanders and as expected of me by the citizens of the country that I love so much.” He added: “The responsibility for 8200’s part in the intelligence and operational failure falls squarely on me.” Sariel is the latest Israeli senior defence and security official to announce their resignation over failures relating to the attacks last year on southern Israel, in which Palestinian militants killed nearly 1,200 people and kidnapped about 240. After the assault, Unit 8200 — and Sariel’s leadership of the once vaunted military unit — came under intense scrutiny over its role in what is widely considered to have been one of the Israeli intelligence community’s biggest failures. Sariel’s identity as the commander of Unit 8200 — which is comparable to the US National Security Agency or GCHQ in the UK — was previously a closely guarded secret in Israel. However, in April the Guardian revealed how the spy chief had left his identity exposed online for several years. The security lapse was linked to a book Sariel published in 2021 using a pen name. The book, which articulated a radical vision for how artificial intelligence could transform intelligence and military operations, left a digital trail to a private Google account created in Sariel’s name.”

43. United States: New CIA Workplace Assault Case Emerges as Spy Agency Shields Extent of Sexual Misconduct in Ranks

Associated Press reported on September 11th that “at an impromptu party in the office to celebrate his 50th birthday, a veteran CIA officer got drunk, reached up a colleague’s skirt and forcibly kissed her in front of stunned co-workers, prosecutors alleged in the latest case of sexual misconduct to spill from the spy agency into a public court. An Associated Press investigation found Donald Asquith’s alleged assault last year happened just days after the CIA promised to crack down on sexual misconduct in its ranks — even as the agency has refused to disclose details on the extent of the problem. A recent 648-page internal watchdog report that found systemic shortcomings in the CIA’s handling of such complaints was classified as “secret,” shielded as a potential threat to national security. “It is inconceivable that sexual misconduct could be considered a state secret,” said Kevin Carroll, an attorney who represents several women in the agency who have made complaints. The watchdog report followed an earlier AP investigation that found at least two dozen women in the CIA came forward to authorities and Congress with accounts of sexual assaults, unwanted touching and what they described as a campaign to silence them. Many were emboldened by a CIA officer trainee who went to police in 2022 after the agency failed to take action against a colleague she accused of assaulting her with a scarf in a stairwell at CIA headquarters. Some of those women now say they have faced retaliation, including the victim of the stairwell attack, who was terminated less than six months after suing the agency. “I believed in the institution implicitly and I also believed all of the things the agency said it was doing to rectify what I saw as an epidemic,” said one of those women, who was not named because the AP does not typically identify people who say they are victims of sexual assault. “I realize now that was just lip service.” Asquith’s case could prove even more embarrassing to the CIA given his lengthy clandestine service overseas and the brazenness of the alleged conduct. It also happened in June 2023, less than a month after CIA Director William Burns announced sweeping reforms intended to keep women safe, streamline claims and more quickly discipline offenders. “We must get this right,” he said.”

44. Russia/United States/Georgia/Poland: Russian Spy Agency Accuses US of Plotting Election Unrest in Georgia

The Moscow Times reported on September 12th that “Russia’s Foreign Intelligence Service (SVR) accused the United States of weaponizing European election observers to discredit next month’s elections in Georgia and spark pro-Western street demonstrations. “The U.S. State Department intends to use a new tool to interfere in Georgia’s parliamentary elections on Oct. 26 in order to prevent the victory of Georgian Dream,” the SVR said in a statement published Wednesday, referring to the South Caucasus nation’s ruling party, which has been accused of cozying up to Moscow in recent years. The Russian spy agency claimed that U.S. authorities were conspiring with the Organization for Security and Cooperation in Europe’s (OSCE) democratic institutions division ODIHR to declare Georgia’s upcoming elections unfree and unfair. “Washington’s intention is obvious and no longer surprising: give an excuse to Georgia’s pro-Western opposition to launch mass protests with the aim of seizing power in the country by force,” the SVR’s statement said. “This demonstrates the final transformation of the ODIHR into a mouthpiece for the U.S. authorities’ dishonest games.” ODIHR, which is headquartered in Warsaw, Poland, announced Thursday that its observers will hold a press conference to open their mission to Georgia’s parliamentary elections. Georgian Dream has faced growing criticism from both the domestic opposition and the country’s Western allies over what they describe as a pivot toward Russia. In May, Georgia’s parliament passed a controversial “foreign influence” law that critics compared to similar legislation passed in Russia more than a decade ago. The ruling party insists that it remains committed to joining the European Union, which is enshrined in the country’s constitution. Meanwhile, Georgia’s opposition has vowed to revoke the “foreign influence” law if they win enough seats in the upcoming parliamentary elections. Russia’s SVR in July accused the U.S. of plotting “regime change” in Georgia after its elections in October, but it did not provide any evidence for the claims. State Department spokesman Matthew Miller at the time called the allegations “completely false.”.”

45. United States: NSA — AI and the Future of National Security

NSA published a new podcast episode on September 12th. As per its description, “Artificial intelligence (AI) is here, and it’s not going away. What threats does it pose to United States national security? What opportunities does it present as we seek to maintain an advantage over our foreign adversaries? Two of NSA’s leading AI experts join No Such Podcast to break down NSA’s approach to AI security, responsible AI, and AI governance. NSA’s Chief Responsible AI Officer, Vinh Nguyen, explains how NSA has been researching AI and what uses we’ve found for it already. Chief of the AI Security Center, Tahira Mammen, shares what NSA is doing to help secure AI deployment. Learn how these experts tackle the unknown dimension of AI and how they’re making sure NSA is helping the United States stay a step ahead through our foreign signals intelligence and cybersecurity missions.”

46. Ukraine/Russia: SBU Detained GRU Agent in Lyman

Ukraine’s SBU announced on September 12th that they “exposed another enemy accomplice, who was passing on the locations of the armed forces strongholds in Donetsk region to the occupiers. The Security Service detained another Russian military intelligence informant in Donetsk region. He spied on the locations of Ukrainian troops defending the Lyman direction. The perpetrator turned out to be a 44-year-old local resident who was remotely recruited by the Russian intelligence services through his acquaintance who lives in the territory of the aggressor country. In the future, the woman performed the functions of a “liaison” and transmitted intelligence from the informant to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (better known as GRU). First of all, the occupiers tried to identify the geolocations of the platoon strongholds of the Armed Forces in the Lyman area. To carry out this task, the person involved went around the area near the front line, where he secretly recorded the base points of Ukrainian troops. The attacker transmitted the received information to the “liaison” in the form of text messages. The occupiers needed the intelligence to prepare new offensive operations aimed at breaking through the defences of the Ukrainian defenders. SBU officers exposed the informant in advance, documented his criminal actions and detained him in his own apartment. During the search of the detainee’s residence, a mobile phone with evidence of his subversive activities in favour of the Russian Federation was seized.”

47. Russia/Ukraine: “I Recorded Everything on a Disk and Went to the FSB” — Witness Who Reported on Polina Yevtushenko Accused of Treason Questioned in Court

Media Zone reported on September 13th that “the Central Military District Court in Samara has questioned 36-year-old Nikolai Komarov, a key witness in the criminal case against Tolyatti resident Polina Yevtushenko, Kommersant reports. Security forces detained 24-year-old Yevtushenko in July 2023. According to investigators, she “persuaded” Komarov to join the “Freedom of Russia” legion. In addition to the case of preparation for treason , Yevtushenko was charged in the spring under five more articles. According to “First Department”, she faces up to 22.5 years in prison. Yevtushenko has a daughter who recently turned six. During questioning in court, Komarov said that he met Yevtushenko on VKontakte, when she appeared among his “possible friends.” A prosecution witness said that she “attracted him as a girl.” According to the witness, Yevtushenko published on social networks “instructions for Russian soldiers on how to surrender,” and in personal conversations with him “expressed her admiration for the Ukrainian Armed Forces, saying that she did not like the current president of Russia.” “Partly, this attracted me because I myself was an opponent of the current political system,” Komarov said. The first to report that a provocateur from Samara became a witness in the Yevtushenko case was reported by Kholod. The publication found out that Komarov was a volunteer for Alexei Navalny’s Samara headquarters, and then recorded “exposing” videos about the work of oppositionists. In court, Komarov said that after his second meeting with Yevtushenko, he decided to record all conversations with her: “I looked on the Internet and saw that the Supreme Court had declared this organisation (the “Freedom of Russia” legion — MZ) a terrorist organisation. It didn’t exactly alarm me, but I saw that there had been a lot of arrests. And for my own safety, I decided to take a voice recorder with me. You never know, maybe she wants to provoke me. So that I would have evidence later.” “I had a conversation with her, I don’t remember at what meeting. We went to eat shashlyndos, by the way, she ordered a lyulashka for herself. I asked: are you aware that this organization is recognized as terrorist? She answered: yes. I asked: what will happen to me if I get caught? She answered that in principle nothing will happen, but it would be better to consult a lawyer,” the witness continued.”

48. China: Lieutenant-General Bi Yi, Xi Jinping’s Cyber Force Weapon of Control

Intelligence Online reported on September 13th that “by choosing trusted officer Bi Yi to command the army’s new Information Support Force (ISF), Xi Jinping aims to improve the quality and control of intelligence and information gathered, while also providing a way to keep checks on senior officers’ integrity.”

49. Turkey/Palestine: Turkey Spy Chief Meets Delegation of Hamas Political Bureau, Discusses Ceasefire in Gaza

FirstPost reported on September 14th that “Turkey’s spy chief has met a delegation from the Palestinian terrorist group Hamas in Ankara and discussed the negotiations for a ceasefire in Gaza, state broadcaster TRT said on Friday. Ibrahim Kalin, head of Turkey’s National Intelligence Agency, had met the delegation from the Hamas political bureau leadership, TRT Haber said citing Turkish security sources, without saying who the members of the delegation were. Turkey has denounced Israel’s assault on Gaza. The war was triggered on Oct. 7 when Hamas attacked Israel, killing 1,200 people and taking about 250 hostages, according to Israeli tallies. Israel’s subsequent assault on Gaza has killed more than 41,000 Palestinians, according to the enclave’s health ministry.”

50. Poland/Israel: Court in Poland Blocks Inquiry into Previous Government’s Spyware Abuses

The Record reported on September 12th that “three judges appointed to Poland’s Constitutional Tribunal by the country’s ousted Law and Justice (PiS) party have blocked an inquiry into that party’s alleged abuse of Pegasus spyware to target political opponents. In a ruling on Tuesday, the court — whose decisions cannot be appealed — threw out a claim initiated by the Sejm, the lower house of parliament in Poland, to examine the use of the hacking tool by government authorities during the years PiS was in power, from 2015 to 2023. The unanimous decision to block the inquiry has been criticized as “political” by officials opposed to the PiS. Magdalena Sroka, a member of parliament, claimed the judgment was “dictated by the fear of liability.” Launching the inquiry had been a major pledge by the governing Civic Coalition during Poland’s 2023 parliamentary elections. Earlier this year, the new prime minister Donald Tusk said he could prove that state authorities used the powerful spyware to track a “very long” list of targets. In April, Poland’s national prosecutor said that nearly 578 citizens were targeted by Pegasus — a commercial surveillance tool sold to governments worldwide by Israel-based NSO Group — between 2017 and 2022. Prosecutors began building a case against current and former government officials earlier this year. Dozens of victims asked to share their experiences of being targeted by the spyware during the PiS years, and seizures of Pegasus equipment have occurred from government agency premises.”

51. Czech Republic/Russia: Attempted Arson (sabotage) in Prague, Czechia (June 2024)

On September 13th we published this video in our archived content/footage playlist. As per its description, “Czech authorities detained a 26-year-old Colombian national who was, reportedly, recruited by Russia’s GRU over Telegram to commit arson attacks on a large bus depot in Prague. He arrived to Prague on June 4th and the next day started buying material to commit the attack. The suspect was arrested on June 8th facing terrorism charges. As Reuters reported, quoting Czech Prime Minister Petr Fiala, “”there is suspicion that the attack was organised and financed probably from Russia,” Fiala told a news conference. “It is part of a hybrid war waged against us by Russia against which we have to defend ourselves and which we must stop. Russia is repeatedly trying to sow unrest, undermine citizens’ trust in our state.”” According to Czech BIS Director Michal Koudelka, “the fact that the traces of this attack lead to Russia is not, of course, just an assumption, there is intelligence behind it. Although — in general — the attacker himself, in similar cases, may not even know that he was recruited by the Russian side.”.”

52. United Kingdom/Russia: British ‘Spy’ Tried to Pass ‘Sensitive Information’ on MP to Russia’s Intelligence Services in Return for ‘a Quick Payday’, Court Hears

Daily Mail reported on September 13th that “an alleged spy appeared in court today after being accused of trying to disclose information about an MP to Russian intelligence services. Howard Phillips, 65, from Essex, held ‘sensitive information’ about the politician which he tried to pass on spymasters, it is claimed. Phillips, of Harlow, Essex, appeared at the Old Bailey today via video-link from Wormwood Scrubs and spoke to confirm his name. He is due to enter his pleas at the Old Bailey on October 25 while his trial was fixed for February 10 at Winchester Crown Court. Prosecutor Mark Luckett earlier said Phillips made contact with someone ‘who he believed were foreign powers.’ Mr Luckett said: ‘He boasted at his ability, because of his character, that he was an individual who would be able to remain totally hidden, completely secret on the inside, able to move inside society. ‘One of the significant motivations the prosecution say as to why Mr Phillips engaged in this contact was because he was motivated by financial gain. ‘The prosecution say that is a motivation that is still ongoing. ‘This was all about financial gain for him he wanted a quick payday in order to provide logistics and sensitive information to a foreign state.’ The prosecutor said Phillips held ‘sensitive information in regards to an MP’ which was disclosed to a foreign intelligence service. The MP has not been identified. He is said to have ‘applied for employment within the Home Office at the Border Force Agency and applied for security clearance.’ Phillips, is also said to have offered to provide support to a foreign intelligence service, booked a hotel on behalf of a foreign intelligence service and purchased a mobile phone to be used by a foreign intelligence service. Phillips was arrested in central London on May 16.”

53. Ukraine/Russia: SBU Detained FSB Agent in Chernihiv

Ukraine’s SBU announced on September 13th that they “detained an FSB agent who set fire to Ukrzaliznytsia facilities and pointed Russian missiles at Chernihiv. The Security Service detained an FSB agent who was operating in Chernihiv Oblast. The perpetrator adjusted rocket attacks on the regional centre and prepared a series of arson attacks on Ukrzaliznytsia facilities. The priority targets of the enemy shelling were the base points of the Ukrainian troops, which are involved in the defence of the northern borders of Ukraine. According to available data, the occupiers planned to use Kh-59 air missiles to carry out fire damage. Also, the Russian intelligence service tried to find out the locations of enterprises that fulfill a state defence order. To perform these tasks, the FSB remotely recruited a 44-year-old employee of a local plant. The man came to the attention of the Russian intelligence services because of his anti-Ukrainian comments in Telegram channels. According to the instructions of the occupiers, the figure went around the area, where he secretly recorded the location of the Defence Forces. He forwarded the received information to his Russian handler via a specially created chatbot administered by the FSB. In addition, the agent “hunted” for the relay cabinets of the railway connection in the region. It is documented that the person involved set fire to the technological equipment near the main track with the help of a highly flammable mixture. SBU officers detained a Russian agent on “hot leads” when he was preparing to commit new arsons on the railway. During the search of the apartment of the detainee and his relatives, 8 combat grenades, cartridges of various calibers and a phone with evidence of subversive activities in favour of the Russian Federation were seized.”

54. United States/Israel: Apple Seeks Dismissal of its NSO Group Lawsuit, Citing Risk of Exposing ‘Vital Security Information’

The Record reported on September 13th that “Apple on Thursday filed a motion to dismiss its lawsuit against NSO Group, a developer of powerful spyware, saying that moving forward in the case would expose critical security information it uses to combat the expanding proliferation of commercial surveillance tools in general. Its efforts have “substantially weakened” the NSO Group, Apple said in its court filing, but added that new spyware companies have sprung up, meaning a judgment against the NSO Group would have a limited effect on the industry. The NSO Group’s powerful zero-click Pegasus spyware is considered one of the world’s most advanced and pervasive commercial surveillance tools. “While Apple continues to believe in the merits of its claims, it has also determined that proceeding further with this case has the potential to put vital security information at risk,” the court filing said. The lawsuit, which was filed nearly three years ago, sought to hold NSO Group accountable for how Pegasus has compromised the privacy and security of Apple users. Apple said in the filing that it realized it could expose security information when it first sued but that “developments since the filing of this lawsuit have reshaped the risk landscape of sharing such information.” It added that while it trusts the court’s dedication to protect sensitive information on its security practices, “predator spyware companies, including those not before this court, will use any means to obtain this information.” The company cited July reports that Israel has interfered in the WhatsApp lawsuit against the NSO Group, which has alleged that Pegasus infected phones belonging to 1,400 of its users. The NSO Group allegedly obtained “highly controlled materials” through a hack of Israel’s ministry of justice, Apple said, citing news reports.”

55. United States/China: Ex-Hochul, Cuomo Aide Accused of Being Chinese Spy Went on White House Tour — While Under Fed Investigation

New York Post reported on September 13th that “it’s Ms. Sun goes to Washington. The alleged Chinese spy who infiltrated the New York governor’s office was able to get into the White House — while under federal investigation, The Post has learned. Linda Sun’s tour of the Executive Mansion came just two months before the FBI raided her gaudy $3.5 million Long Island home as they wrapped up their case into her alleged work for Beijing. The May visit was facilitated by Sun’s former boss Queens Rep. Grace Meng (D-NY), the congresswoman’s office confirmed Friday. Sun — a former high-ranking aide for Gov. Kathy Hochul and former Gov. Andrew Cuomo — gushed about the jaunt to Washington DC in an emoji-filled Facebook post several days later. “Tour of the White House (check emoji), See our favorite Congresswoman (check emoji), Tour of the Capitol with our favorite Congresswoman (check emoji),” Sun wrote in the May 10, 2024 missive, obtained by The Post. Her trip to the nation’s capital also included one other notable stop — a visit to the International Spy museum, the post said. One of the photos included in the post shows a card from the museum labeled “undercover mission.” But at the time of the visit, Sun’s purported cover was about to be blown. A source confirmed that the former political operative was actively under investigation at the time. Last week, Sun, 41, and her husband, Christopher Hu, 40, were slapped with sprawling charges of violating and conspiring to violate the Foreign Agents Registration Act, visa fraud, alien smuggling and money laundering conspiracy. They have pleaded not guilty. Brooklyn federal prosecutors allege Sun used her position under Hochul and Cuomo to turn the governor’s office into a virtual mouthpiece for the People’s Republic of China and Chinese Community Party. In exchange, she allegedly received gifts and millions of dollars in bribes — which she and her hubby used to buy real estate, including their Manhasset mansion, and luxury cars like a 2024 Ferrari Roma.”

56. United Kingdom/Israel/Palestine: RAF Spy Flights over Gaza Risk Complicity in Israeli Torture

Declassified UK reported on September 12th that “Israel’s torture of Palestinian prisoners should have serious consequences for UK intelligence cooperation with Tel Aviv, human rights groups have warned. It comes as Keir Starmer suspended some arms exports to Israel last week, which the government said was partly due to “credible claims of the mistreatment of detainees”. However Royal Air Force (RAF) surveillance flights continue almost daily over Gaza to help Israel locate hostages held by Hamas. Campaigners fear the flight paths may be informed by intelligence Israel obtained through torture. Declassified has seen testimony from three Palestinian civilians who allege Israeli troops interrogated them about the location of hostages and tunnels while under extreme torture. Sharing such intelligence with Britain would breach rules designed to prevent a repeat of the extraordinary rendition scandal, which saw MI6 collude with CIA abuses after 9/11. Charlotte Andrews-Briscoe is a lawyer at the Global Legal Action Network. She also represents Palestinian rights group Al-Haq in its lawsuit to stop UK arms exports to Israel. She told Declassified: “In our view it is possible, if not probable, that information and assurances Israel gives to the UK are founded on information derived from torture”. Freedom from Torture, a British medical charity, also expressed concern, commenting: “The UK must take all steps in its power to ensure that it does not take receipt of or make use of intelligence provided by any authorities where there is a real risk that it has been obtained by torture or other ill-treatment.” When contacted by Declassified, Britain’s Ministry of Defence (MoD) avoided our questions about whether RAF surveillance of Gaza was informed by Israeli intelligence that may have been derived from torture. A government spokesperson would only say: “Our focus remains on securing an immediate ceasefire, the release of all hostages, a rapid increase in humanitarian aid to Gaza, and compliance with international humanitarian law.” Israel’s Ministry of Defence said it was unable to comment when asked about intelligence sharing with the RAF.”

57. Nigeria: Detained Spy Policeman Apologises to IGP for Political Rants

Punch NG reported on September 13th that “a Supernumerary Chief Superintendent of Police, Blessing Agbomhere, who was arrested on Wednesday for inciting Edo State residents against the Peoples Democratic Party’s governorship candidate, Asue Ighodalo, while dressed in uniform, has apologised to the Inspector General of Police, Kayode Egbetokun, for abusing his office. Agbomhere is also the South-South Zonal Organising Secretary of the All Progressives Congress. In a statement released after his time in custody, Agbomhere pleaded with police authorities for forgiveness, stating that his actions were provoked by what he described as the ‘abuse of power and misgovernance’ by Obaseki and Ighodalo in the state. His apology comes just eight days before the Edo governorship election, scheduled for September 21. The spy policeman was featured in a viral video accusing Governor Godwin Obaseki of embezzlement and undermining democracy in the state. Among other things, Agbomhere accused Obaseki and his political ally of being reckless with Edo’s finances, further suggesting that Ighodalo’s refusal to sign Thursday’s peace accord was a sign of their intentions for the upcoming poll. He said, “I write to tender an unreserved apology to the Nigeria Police and the Inspector General of Police over my inappropriate conduct in addressing the press on the forthcoming September 21 Edo Governorship election while dressed in the police uniform, which allegedly embarrassed the high command of the Force. “Whilst the alleged embarrassment is unintended and deeply regretted, I maintain that the views expressed in the media interview were not those of the Nigeria Police, but my personal opinion, justified within the context of my constitutionally guaranteed right to freedom of speech and association.”

58. Kazakhstan/Kyrgyzstan/Tajikistan/Uzbekistan: New Android Malware Targets Bank Customers in Central Asia

The Record reported on September 13th that “a new Android malware is being used to steal information from bank customers in Central Asia, researchers have found. First spotted in May by Singapore-based cyber firm Group-IB, the Ajina Banker malware is delivered through malicious files disguised as legitimate financial applications, government service portals, or everyday utility tools. These files have been spread via the messaging app Telegram since at least last November, and the campaign is still ongoing. In a report released on Thursday, researchers said they had found nearly 1,400 unique samples of Ajina Banker malware. The threat actor behind it, who wasn’t identified, works with a network of affiliates targeting ordinary users for financial gain. Although the malware wasn’t attributed to a specific hacker group, the file names, distribution methods, and other activities of the attackers suggest “a cultural familiarity with the region in which they operate,” Group-IB said. The countries targeted by Ajina Banker include Kazakhstan, Kyrgyzstan, Tajikistan, and Uzbekistan. Most of the malware samples were specifically designed to target users in Uzbekistan.”

59. Ukraine/Russia: SBU Detained 4 Saboteurs in Odesa

On September 13th Ukraine’s SBU announced that they “detained 4 more henchmen of the Russian Federation who set fire to military cars in Odesa. Under the “sight” of the enemy were service minibuses and SUVs of the Defence Forces. This time, the occupiers remotely involved two Odesa residents, an immigrant from Luhansk region and a resident of Izmail district, before committing arson. Among them are three minors. All of them were looking for “easy money” in Telegram channels, where they came into the field of view of the intelligence services of the Russian Federation. In order to carry out enemy tasks, the figures at different times found potential “targets”, and then agreed on them with their Russian supervisors. After the arsons, the attackers recorded the fire on the cameras of their own phones and sent a “video report” to representatives of the Russian intelligence services. According to this algorithm, the perpetrators destroyed 6 official cars of Ukrainian defenders, but never received the promised money from the occupiers. The SBU officers arrested the perpetrators “on hot pursuit” in various districts of Odesa. During the searches of the homes of the detainees, incendiary devices and mobile phones with evidence of subversive activities in favour of the Russian Federation were seized.”

60. United States: Operation Mongoose — Inside CIA’s Failed Mafia Conspiracy to Kill Castro | Tom Maier

Julian Dorey published this podcast episode on September 14th. As per its description, “Tom Maier is an award-winning author, investigative journalist and television producer, with two hit TV premium shows in recent years from his highly-acclaimed books.”

61. United States/Russia: Russia’s RT News Agency Has ‘Cyber Operational Capabilities,’ Assists in Military Procurement, State Department Says

The Record reported on September 13th that “a Russian media outlet accused of running a covert influence operation in the U.S. is conducting similar activities elsewhere around the world — with the help of a cyber unit tied to Russian intelligence services, the Department of State said Friday. In a statement to reporters, Secretary of State Antony Blinken said that the Russian government embedded “a unit with cyber operational capabilities” within the news agency RT in the spring of 2023, with the full knowledge of the organization’s leadership. RT also secretly assists in military procurement for Russia’s war on Ukraine, Blinken said. Information produced through the cyber unit “flows to Russian intelligence services, Russian media outlets, Russian mercenary groups, and other state and proxy arms of the Russian government,” Blinken said. The unit is a “cyber-intelligence gatherer — so it’s using cyber tools to gather information, and then use that information in some form,” potentially through activities like damaging information leaks, said James P. Rubin, special envoy and coordinator for the department’s Global Engagement Center, at the same briefing. Rubin declined to answer a question about whether the unit is still active. One of the unit’s projects is a “large online crowdfunding program, in Russia, operating within RT and through social media channels, to provide support and military equipment — supplies, weaponry — to Russian military units in Ukraine,” Blinken said, including body armor, night-vision gear and drones. The crowdfunding program is out in the open, he said, but RT’s support has been hidden. The U.S. indicted two RT employees last week on charges of helping run a $10 million operation to covertly spread pro-Russian narratives to U.S. audiences. Friday’s announcement “is about the rest of the world,” said Assistant Secretary of State James O’Brien, when asked by reporters about how the latest revelations differed from last week’s actions.”

62. United Kingdom: Special Forces PSYOPS Operator Tells All — Former PSYOPS Tim Heale

Force Radio published this podcast episode on September 12th. As per its description, “in this ‘EDIT’ episode of The Debrief, Phil Campion talks with Tim Heale, whose journey from boy soldier to seasoned military operator took unexpected turns. Starting with the Royal Anglians, Tim’s military career spanned a punchy tour in Northern Ireland, time with the Army Handgliding Centre, and a stint in 21 SAS. He later found his calling in the newly-formed 15 Psychological Operations (PSYOPS) Unit, mastering the art of propaganda, deception, and influence. Now, Tim is a podcaster, tackling topics like Veterans’ Mental Health and sharing stories from his varied career.”