SPY NEWS: 2024 — Week 39

SPY NEWS: 2024 — Week 39

Summary of the espionage-related news stories for the Week 39 (September 22–28) of 2024.

1. Israel: My Time in Mossad is Secret — Except for One Unique Mission

The Times published this article on September 22nd. As per its introduction, “a former commander explains what makes Israel’s intelligence service so feared: long memory, ingenuity and an apparent ability to strike with impunity. Last week’s events concerning Hezbollah terrorists in Lebanon and other Iranian proxies further afield have inevitably raised questions about the possible involvement of Israel’s modern-day spy agency, which was founded in 1949, the year after the state itself. “Astonishing”, “ingenious” and “chutzpah” are among the many terms being used, not just in the West but also in large segments of the Arab world where Hezbollah is loathed, to describe what happened, leading many to speedily conclude it “could only have been the Israelis”. Whether or not it was Israel that caused thousands of communication devices to explode simultaneously, killing dozens and injuring thousands, the psychological impact on Hezbollah — now gripped by paranoia — should give the Israeli intelligence community some satisfaction. After all, it does no harm to the credence of the oft-stated claim that Mossad has “eyes and ears and hands everywhere”. The Hamas attack of October 7 was a catastrophic intelligence failure for Israel, but it had little to do with Mossad, whose activity in Gaza is, and was, minimal. On the other hand, since then Israel’s enemies have suffered a string of setbacks, attributed by analysts to the Mossad, including July’s operation which killed Hamas leader Ismail Haniyeh in Tehran (though Israel has not acknowledged responsibility for that incident.).”

2. China/Southeast Asia: Operation Crimson Palace — Chinese Cyber Espionage in Southeast Asia

Grey Dynamics published this article on September 22nd. As per its introduction, “Chinese state-sponsored hacking and cyber espionage activities targeting governments in Southeast Asia have been ongoing since 2022. But recently they returned with new tools and new targets. Operation Crimson Palace was exposed in 2023 by the Sophos X-Ops Threat Hunting Team. Security researchers exposed a level of coordination previously unseen between multiple threat actor groups. Three teams were identified and are thought to be working under the direction of the Chinese government. These efforts go back as far as 2022. They focus on stealing secrets related to contentious regional conflicts such as control of territory in the South China Sea. Key Judgment 1. It is likely that Chinese espionage operations such as Operation Crimson Palace, will continue to expand their targets within Southeast Asia. Key Judgment 2. It is likely that coordinated cyber espionage operations, such as Operation Crimson Palace, will continue to increase in sophistication. Key Judgment 3. It is likely that China continues to use state-sponsored hacking to gain strategic advantage in regional conflicts.”

3. United States: AFIO — RADM Peg Klein speaks with Everette Jordan about her career at NSA — US Cyber Command and US Navy

The US Association of Former Intelligence Officers (AFIO) published this video on September 22nd. As per its description, “interview of Tuesday, 28 May 2024 with RADM Peg Klein speaking to Everette Jordan about her exceptional career at NSA, the US Cyber Command, and with the US Navy. Host: AFIO President James Hughes, a former senior CIA Operations Officer. The interview runs 25 minutes. RADM MARGARET “PEG” KLEIN, USN (Ret.) graduated from the Naval Academy with the second class of women, served for 36 years as a Naval Flight Officer, was the first woman to serve as the Commandant of Midshipmen and completed her career as Senior Advisor for Military Professionalism on the staff of the Secretary of Defense. Her Navy service career includes being the first woman Chief of Staff, Commander, Carrier Strike Group EIGHT. She was Deputy and Commodore, Strategic Communications Wing ONE, TF-124. RADM Klein served in the White House Military Office, as a legislative fellow for former Senator Olympia Snowe, as a Squadron and Wing Commander, and as an Expeditionary Strike Group and Task Force Commander. In 2011, she became the Chief of Staff for US Cyber Command after serving as the Operations Director for the Navy Network Warfare Command. In 2014, she took on the role of the Secretary of Defense’s Senior Advisor for Military Professionalism. She worked with the Vice Chiefs and Service Under Secretaries to identify and share best practices in ethics, leadership development, and values-based decision-making across all branches of service. After retirement, she served as the Dean, College of Leadership and Ethics, Naval War College, and is on the Board of Directors for the U.S. Naval Institute and the New England Center and Home for Veterans. She chairs the Board for the USNA Women’s Shared Interest Group, chaired the board of Notre Dame Academy, and. Rear Admiral Klein was a USNA Athletic and Scholarship Program trustee, and Naval Academy Leadership Conference keynote speaker. She graduated from the US Naval Academy, holds a master’s in education leadership and earned a doctorate from the Chief Learning Officer program at University of Pennsylvania in 2021. Klein serves on the boards of five non-profit organizations and one publicly traded company. She and her husband of 41 years are the proud parents of two adult children and one grandson. Rear Admiral Margaret “Peg” Klein resides in Davidsonville, MD. EVERETTE JORDAN is a Consultant/Influencer with Basis Technology Corporation. He recently completed a 45-year career in service to the Departments of Defense, The Treasury, and the Army. Part of his service included leadership and staff assignments with IC partners and Capitol Hill. His more recent leadership roles were as the Deputy Assistant of the Treasury for IC Integration and National Intelligence Manager for Economic Security and Threat Finance for the DNI. Jordan earned a B.A. in Russian studies from the University of Maryland; an M.A. in theology from St. Mary’s Seminary University; and a Certified Diversity Executive credential from the Institute for Diversity Certification.”

4. United States/Mexico/Russia: Hidden Dangers of Russia’s Mexican Espionage Activities Directed at the US

RegTech Times reported on September 22nd that “in recent years, Russia has significantly increased its presence in Mexican espionage activities directed at the United States. Despite limited trade ties with Mexico, Russian intelligence services have expanded their influence, adding dozens of personnel to the Russian embassy in Mexico City. According to U.S. officials, this growing presence is believed to be part of Russia’s broader intelligence operations targeting the U.S. The surge in Russian spies in Mexico has become a critical focus for the U.S. intelligence community, particularly after Moscow’s invasion of Ukraine. The increase in Russian intelligence personnel in Mexico is part of a strategic shift by Russia to continue its global espionage activities after many of its operatives were expelled from European countries. U.S. intelligence agencies, including the CIA, are closely monitoring Russia’s activities, with officials stating that Mexico has become a major hub for Russian espionage. Russia’s Federal Security Service (FSB) and its military intelligence arm, the GRU, are believed to have moved some of their operations to Mexico in response to sanctions and diplomatic isolation from the West. Mexico presents an ideal location for Russian espionage due to its proximity to the United States and the relatively less restrictive environment for foreign intelligence activities. Unlike in the U.S., where Russian intelligence is under constant scrutiny by the FBI, Mexico offers a more lenient atmosphere where Russian operatives can move more freely. Mexico has traditionally maintained friendly relations with Russia, which allows Russian intelligence agents to operate with less interference. Former intelligence officers have pointed out that Russian agents often use Mexico as a base to oversee operations targeting the U.S. American spies who work for Russia have been known to travel to Mexico to meet their Russian handlers, making use of the country’s proximity and convenient access to the U.S. This also allows Russian intelligence officers to manage their agents without directly operating within U.S. borders, reducing the risk of detection by U.S. law enforcement.”

5. Finland: Spy Spots Episode 13 — Old, New, and Temporary HQ of Finland’s Spy Agency (Supo) in Helsinki

On September 23rd we published this episode of Spy Spots. As per its description, “in 2023 the Finnish Security and Intelligence Service (Supo) celebrated its 75th anniversary and also announced a historical change. Its first ever move to a new headquarters building. In this Spy Spots episode we briefly present the history of Supo’s old headquarters building, the new which is still under construction, and the one that is the Agency’s temporary home at the time of this publication. All of them are located in the capital of the country, Helsinki.”

6. Italy/Holy See/United Kingdom: Shadow of Espionage Shakes Vatican — Inquiry into Leaks in London Financial Scandal

Zenit reported on September 22nd that “the Vatican is facing yet another media firestorm — this time not due to doctrinal controversies but over the potential breach of its most sensitive documents. At the center of this growing storm is the ongoing fallout from the now-infamous purchase of a luxury apartment in London, a financial scandal that continues to generate ripple effects within the Holy See. The latest twist? Concerns over unauthorized access to confidential information related to the case. The scandal, which first came to light in 2019, culminated in December 2023 when a Vatican court handed down convictions to 10 individuals, including Cardinal Angelo Becciu. However, the conclusion of the trial has sparked new concerns. Vatican officials, led by Promoter of Justice Alessandro Diddi, launched an internal investigation in March 2023 after finding evidence that suggested a possible breach of its classified files during the investigation process. Speculation has grown over whether hackers infiltrated the Vatican’s internal systems, raising alarms about the vulnerability of its data in an increasingly digital world. While Italian media had hinted at the existence of this investigation, it wasn’t until recently that the Vatican officially acknowledged its concerns over potential leaks. This case is not confined within Vatican walls. The broader context involves a significant espionage scandal that has rocked Italy. In 2022, Italian newspaper Domani uncovered an extensive network of illegal surveillance involving prominent public figures. The revelations, which began with reports on Guido Crosetto, Italy’s Defense Minister, exposed a web of unauthorized spying that touched over 800 high-profile individuals, including politicians, entrepreneurs, and even sports stars like Cristiano Ronaldo. At the center of this web of intrigue was Pasquale Striano, an officer in the Italian Guardia di Finanza. He reportedly accessed confidential files from various state agencies, fueling an underground exchange of sensitive data. Italian prosecutors believe that Striano had accomplices, including journalists and even an official from the National Anti-Mafia Directorate. As investigations deepened, the Vatican emerged as a possible target in this sprawling espionage operation.”

7. Ukraine/Russia: SBU Neutralised Russian GRU Group in Odesa

On September 23rd Ukraine’s Security Service (SBU) announced that they “neutralised an operational-combat group of the Russian GRU, which was preparing a violent seizure of power in Odesa. As a result of a special operation in the regional centre, the leader of the enemy cell and his “right-hand man” were detained. They seized more than 70 firearms with optical sights and ammunition, as well as body armour, helmets, ballistic goggles and other tactical equipment. According to the instructions of the Russian intelligence service, even at the beginning of the full-scale invasion of the Russian Federation, the attackers were preparing to forcibly seize state institutions in Odesa. In addition to storming administrative buildings, the participants were supposed to attack the Defence Forces from the rear if the occupiers approached the port city. However, after the failures of the Rashists at the front, this operational combat group was put into standby mode and activated only in the summer of 2024, when it received secret tasks. The Security Service of Ukraine foiled the enemy’s intentions: it documented the subversive activity and neutralised the group immediately after it was “activated” by the enemy. According to the case file, the resident (senior) agent-combat group of the Russian GRU was a 49-year-old resident of the temporarily occupied Crimea. After the capture of the peninsula, he moved to Odessa, where at the beginning of the full-scale war, he began to form operational combat units under the guise of several public organisations. In general, NGOs dealt with issues of military history, ecology and jurisprudence, but in fact they created underground groups: snipers, intelligence, communications, operational support and one of the main ones — an assault group. In the selection of potential candidates, those involved gave preference to citizens with special skills, experience in combat operations or narrow-profile specialists. In the case of the capture of Odesa, the members of the group were promised “positions” in the local occupation administration of the Russian Federation. In general, the participants recruited more than two dozen people to the enemy cell, who were subordinate to their leader according to the principles of military hierarchy. Currently, all of them are under investigation, comprehensive measures are underway to bring them to justice for crimes against Ukraine. During the searches, in addition to weapons and tactical equipment, instructions for subversive activities, cold weapons, in particular with the logo of the Russian special services, and computer equipment with evidence of crimes were seized from the suspects.”

8. China/France/Israel: Researcher Prevented from Taking Up Post at French Engineering School due to Alleged Chinese Army Links

Intelligence Online reported on September 23rd that “a Chinese teacher-researcher recruited by the Ecole Nationale Supérieure d’Arts et Métiers has been prevented from travelling to France to take up his post. A French administrative court has confirmed his visa refusal after French intelligence indicated he had links with the Chinese military.” Intelligence Online also stated on X that “a Chinese researcher recruited by the French engineering school Ecole Nationale Supérieure d’Arts et Métiers has been prevented from taking up his post as a lecturer in Paris. Employed in Israel, he applied this year for a long-stay “talent” visa of the kind normally granted to researchers at the French consulate general in Jerusalem. But his visa application was declined on 5 June, on account of a note from the French intelligence services indicating the researcher has links with the Chinese military…”

9. United States/China: US Government Wants to Ban Chinese-made Smart Cars over Espionage, Sabotage Fears

Intel News reported on September 23rd that “the United States Department of Commerce is proposing new regulations that seek to ban the sale of Chinese-made cars in the United States, over concerns that they could be used for espionage or sabotage. Several reports on the proposal noted that it was hurriedly introduced last week as a “national security action,” rather than a trade-related dispute between the US and China. American government officials said that the new proposals come out of lengthy investigations into the software and technical specifications of Chinese cars. The investigations raised concern about “(c)ertain technologies originating from the (People’s Republic of China) or Russia” that are often found in Chinese-made cars. Such technologies include vehicle cameras, microphones, tracking devices, and several software packages that connect the cars to the world wide web. Washington is concerned that these devices, and the software that runs them, could be used to collect the personal data of users, or to facilitate espionage activities on a large scale. Concerns have also been raised by US officials that Chinese-made smart cars could be remotely manipulated and used for sabotage during wartime. According to the US Department of Commerce, a central source could potentially “take control of all (the Chinese-made) vehicles operating in the US all at the same time, causing crashes, block(ed) roads, etc.”.”

10. New Zealand: GCSB Completes Audit of Systems, Including Capabilities of Foreign Partners

RNZ reported on September 22nd that “the Government Communications Security Bureau has just finished a full audit of its systems, including of the capabilities of any of its foreign partners. The Inspector-General of Intelligence and Security recommended the audit after revealing an unnamed foreign agency was allowed far too much leeway for years within the GCSB. That report in March pushed for organisational improvements, as well five other moves, such as registers and reviews to reduce the risk of any repeat. “The GCSB accepted all recommendations in my report on its hosting of a foreign capability,” the inspector Brendan Horsley told RNZ in a statement. The agency recently completed the full audit of all systems, which was his third recommendation. “This supports work under way on the other recommendations and I am satisfied with progress so far,” he said in a statement.”

11. China/Philippines/South Korea/Vietnam/Taiwan/Thailand: Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware

Bleeping Computer reported on September 23rd that “a suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools. The intrusion activity, which was detected by Trend Micro in July 2024, has been attributed to a threat actor dubbed Earth Baxia. “Based on the collected phishing emails, decoy documents, and observations from incidents, it appears that the targets are primarily government agencies, telecommunication businesses, and the energy industry in the Philippines, South Korea, Vietnam, Taiwan, and Thailand,” researchers Ted Lee, Cyris Tseng, Pierre Lee, Sunny Lu, and Philip Chen said. The discovery of lure documents in Simplified Chinese points to China being one of the affected countries as well, although the cybersecurity company said it does not have enough information to determine what sectors within the country have been singled out. The multi-stage infection chain process leverages two different techniques, using spear-phishing emails and the exploitation of the GeoServer flaw (CVE-2024–36401, CVSS score: 9.8), to ultimately deliver Cobalt Strike and a previously unknown backdoor codenamed EAGLEDOOR, which allows for information gathering and payload delivery. “The threat actor employs GrimResource and AppDomainManager injection to deploy additional payloads, aiming to lower the victim’s guard,” the researchers noted, adding the former method is used to download next-stage malware via a decoy MSC file dubbed RIPCOY embedded within a ZIP archive attachment.”

12. United Kingdom: ‘Moneypenny with More Power’: Book Celebrates UK’s Forgotten Female Spies

The Guardian reported on September 23rd that “for decades, their work has been hidden from view, their names missing from the history books. Now, a new book is seeking to shine a light on the secret and unacknowledged contributions of female spies who worked for MI6 in the early 20th century, and establish their place in history using previously classified evidence and newly unearthed documents. One of the women, Kathleen Pettigrew, was the most senior secretary in MI6, serving under five MI6 chiefs. There she met Ian Fleming, who — in his first draft of Casino Royale — named Miss Moneypenny “Miss ‘Petty’ Pettaval”. Yet little is known about the work she did and the role she played in some of the biggest spy operations in British history. Dr Claire Hubbard-Hall, author of the forthcoming book, Her Secret Service: The Forgotten Women of British Intelligence, has discovered previously classified evidence that suggests Pettigrew was involved in the transfer of messages to and from Hut 3 at Bletchley Park, including the messages Alan Turing and his team were decoding using the Enigma machine. She also oversaw radio communications between Bletchley Park and MI6 field agents operating overseas in the second world war, accompanying Stewart Menzies, the chief of MI6, to top-secret wartime meetings with Winston Churchill. Pettigrew — who received an MBE in 1946 and an OBE when she retired in 1958 — wielded far more power and authority in her role than the fictional Miss Moneypenny, Hubbard-Hall said. “Being deemed an unassuming woman — a secretary — was the perfect camouflage. She did a lot more,” said Hubbard-Hall, who is giving a talk about her discoveries at the Chelsea history festival on Wednesday. “She was perhaps the only person in Whitehall who knew every single secret. In terms of the secret state, everything would have passed her desk.” Hubbard-Hall was able to trace Pettigrew’s 37-year career in MI6 by figuring out that, for security purposes, Pettigrew typed her initials on the top left corner of the secret documents she wrote, some of which have been declassified and released into the National Archives.”

13. United States: J. Edgar Hoover Coordinated Assassination of Martin Luther King Jr. — And James Earl Ray Was a Patsy

Covert Action magazine published this article on September 23rd stating that “conventional wisdom holds that James Earl Ray was a deranged white supremacist who killed Martin Luther King, Jr., on April 4, 1968. Research carried out by King family attorney William F. Pepper determined, however, that King was really killed in a conspiracy coordinated by FBI Director J. Edgar Hoover. Pepper died in April. He is the focus of a new film by John Barbour, with Len Osanic, A Tribute to William Pepper, that was screened on July 30 at American University at the 12th Annual Whistleblower Summit in Washington, D.C. Barbour is a Canadian-born comedian, actor and TV host who directed two documentary films on Jim Garrison, the New Orleans District Attorney who uncovered a conspiracy to kill John F. Kennedy that involved elements of the CIA. In introducing his film, Barbour said that Pepper and Garrison should be regarded, along with Abraham Lincoln, as among the greatest lawyers in U.S. history.”

14. Pakistan: Lt General Muhammad Asim Malik Appointed as New DG of Pakistan’s Spy Agency ISI

The Print reported on September 23rd that “Lt Gen Muhammad Asim Malik has been appointed as the new Director General of Pakistan’s spy agency — Inter-Services Intelligence (ISI), state-run TV announced on Monday. Lt Gen Malik, currently serving as an adjutant general at the General Headquarters in Rawalpindi, will assume his new role on September 30, replacing the current DG Lt Gen Nadeem Anjum. The ISI chief is appointed by the prime minister but as part of a tradition he executes this power in consultation with the army chief. The post of ISI chief is considered one of the most important in the Pakistan Army, which has ruled the country for more than half of its 77-plus years of existence and has hitherto wielded considerable power in matters of security and foreign policy. Lt Gen Malik previously commanded the Infantry Division in Balochistan and the Infantry Brigade in Waziristan. He has also received a Sword of Honour in his course and served as the chief instructor at National Defence University (NDU), as well as an instructor at Command and Staff College Quetta. He is a graduate of Fort Leavenworth and Royal College of Defence Studies. He brings a wealth of experience and knowledge to his new position, having held various leadership roles in the military over the years.”

15. Russia/Ukraine: A Court in Annexed Crimea Sentenced a Ukrainian Citizen Accused of Espionage to 14 Years in Prison

Media Zone reported on September 23rd that “the Supreme Court of annexed Crimea sentenced a Ukrainian citizen from Zaporozhye to 14 years in a maximum security penal colony for espionage (Article 276 of the Criminal Code). This was reported by TASS with reference to the press service of the FSB Directorate for the Central Military District. The department indicated the initials and surname of the convicted person — M. A. Sukhachev. The case of espionage against a person with such data, Mikhail Sukhachev, was initially considered by the Sverdlovsk Regional Court, Media Zone noted. It was received there on March 6, less than two weeks later the case was sent to the appropriate jurisdiction. The FSB claims that Sukhachev collected and transmitted to Ukraine data on the work of anti-aircraft missile units of the Russian army in the partially occupied Zaporizhia region.”

16. Ukraine/Russia: SBU Detained 3 More Saboteurs in Ternopil and Cherkasy

Ukraine’s SBU announced on September 23rd that they “detained three more arsonists who, on the order of the Russian Federation, acted in Ternopil and Cherkasy. The priority “targets” of the participants were cars undergoing maintenance after completing combat missions on the front lines. In Cherkasy, “on hot pursuit” they detained an 18-year-old local college student who, on the order of the Russian Federation, set fire to a military SUV with the help of a highly flammable mixture. Expecting to receive a monetary “reward”, the young man recorded the fire on his phone’s camera and sent a video report to the Russian handler.” And it continues that “in Ternopil, officers of the SBU and the National Police detained two more arsonists who were part of a criminal group. Local residents turned out to be extras. Both men were looking for quick money in Telegram channels, where they were approached by a representative of the Russian intelligence services. In order to destabilise the socio-political situation in the western region, the enemy promised the Paliam money in exchange for a series of arson attacks. However, they did not wait for the promised money, as the law enforcement officers arrested both criminals “in hot pursuit” after the first arson. Mobile phones were seized from them, which they used in subversive activities for the benefit of the Russian Federation.”

17. United States/North Korea: Dozens of Fortune 100 Companies Have Unwittingly Hired North Korean IT Workers

The Record reported on September 23rd that “it’s difficult to imagine a bigger hiring blunder. Google said it has been contacted by several major U.S. companies recently who discovered that they unknowingly hired North Koreans using fake identities for remote IT roles. In a report published Monday by the company’s Mandiant unit, researchers describe a common scheme orchestrated by the group it tracks as UNC5267, which has been active since 2018. In most cases, the IT workers “consist of individuals sent by the North Korean government to live primarily in China and Russia, with smaller numbers in Africa and Southeast Asia.” The goal is for workers to earn salaries at multiple companies — generating revenue for the North Korean government — and to gain pivotal access to U.S. tech firms that can be used for further cyberattacks or intrusions. The remote workers “often gain elevated access to modify code and administer network systems,” Mandiant found, warning of the downstream effects of allowing malicious actors into a company’s inner sanctum. Charles Carmakal, CTO of Mandiant, said in a statement that he has spoken to “dozens of Fortune 100 organizations that have accidentally hired North Korean IT workers.” “North Korean IT workers often have multiple jobs with different organizations concurrently, and they often have elevated access to production systems, or the ability to make changes to application source code,” Carmakal said.”

18. United States: Former CIA Intelligence Officer Andrew Bustamante

Mike Ritland published this podcast episode on September 24th. As per its description, “the Central Intelligence Agency is skilled in many covert practices, but being honest isn’t always their strong suit. Just take it from Andrew Bustamante — a former covert officer that spent seven years at The Agency, Andrew was recruited while applying to join the Peace Corps after leaving the U.S. Air Force as a combat veteran. During his tenure at the CIA, he developed a range of valuable skills, growing to master the line between truth and falsehood while also meeting his wife at the Agency, where they quickly grew to learn that the CIA was no place for families. Today, he owns and operates his own company, Everyday Spy, where he trains everybody from casual interests to Fortune 500 CEO’s in the very techniques he learned as a covert operator. But leaving a life that is, to most people, a lie isn’t easy. So where does the line exist between truth and fiction? Does the CIA ever cross that line, and when they do, is it purely in the interest of all American citizens? And if Andrew’s skills at the CIA helped him to accomplish every goal he’s ever set out to achieve, then what possibilities can those same skills unlock in the rest of us? Let’s meet Andrew.”

19. Iran/Lebanon: Iran Halts IRGC Communication Devices over Fears of Espionage

The Medialine reported on September 23rd that “Iran’s elite Islamic Revolutionary Guard Corps (IRGC) has ordered all its members to cease using communication devices after thousands of pagers and walkie-talkies used by Hezbollah in Lebanon exploded last week, killing 39 people and injuring over 3,000, according to two senior Iranian security officials. The coordinated attacks on Hezbollah’s communication systems have sparked major security concerns within Iran. The IRGC has launched a large-scale operation to inspect all devices used by its personnel, not just communication equipment. One senior security official said most of these devices were either homemade or imported from China and Russia. Amid fears of Israeli infiltration, the IRGC has also begun a thorough investigation of its personnel, targeting mid and high-ranking members. The scrutiny includes examining bank accounts in Iran and abroad, as well as reviewing travel histories of IRGC members and their families. “This is about ensuring there are no infiltrations from Israeli agents, including Iranians on Israel’s payroll,” the official said, speaking anonymously due to the sensitivity of the situation.”

20. Canada/China/Hong Kong: Canadian Businessman Michael Kovrig who Spent 1,019 Days in Chinese Prison on Espionage Charges Reveals Why he Never Let Them See Him Cry

Daily Mail reported on September 24th that “a man has detailed how he was kept captive for 1,019 days by the Chinese government. Michael Kovrig, 52, was detained in December 2018 on espionage charges in apparent retaliation for Canada’s arrest of Huawei’s Chief Financial Officer Meng Wanzhou. She was seized on a US extradition request. Kovrig, a former Canadian diplomat, had been working as an adviser and analyst for the International Crisis Group at the time, working out of the group’s headquarters in Hong Kong. He was apprehended in Beijing after having dinner with his then-pregnant wife, who went on to give birth during his first five months in solitary confinement. Three years removed from his release as part of a deal for the release of Wanzhou, he told CTV News: ‘They grabbed me and in front of my pregnant girlfriend, dragged me into a black SUV, stuffed me into the back seat, put a set of handcuffs on me.’ They proceeded to blindfold him, he told Anchor Omar Sachedina — before ‘(driving) off into the night.’ The almost three years of incarceration that ensued was hell, he said — describing how he was first kept in solitude for months in a room with blackout blinds over the windows. ‘You’re never actually alone. They’ve always got guards in there with you, and they’re constantly looking at you,’ Kovrig told Sachedina of that period and the 13 months that followed — all of which happened before he was formally charged. ‘Of course, that sense of confinement combined with constant surveillance really gets into your skull,’ he said of the unsavory situation. ‘It’s psychologically exceedingly difficult to deal with.’ He added: ‘You can imagine what that was like for (my girlfriend). It’s an abrupt shock while she’s pregnant, and she doesn’t know if she’s going to see me ever again.’ He went on to recall how he was sat in an interrogation chair and told by Chinese investigators how he was a suspect in a case surrounding a breach in China’s national security, for which fellow Canadian Michael Spavor was arrested as well.”

21. Canada/China/United States: Foreign interference — Canadian Intelligence Under Fire (again) for Overlooking FBI Cyberattack Note

Intelligence Online reported on September 23rd that “the second round of the public inquiry into foreign interference in Canada has unearthed a new case of Chinese interference, involving the Inter-Parliamentary Alliance on China, the FBI and Canadian MPs. The failures of the Canadian Security Intelligence Service are once again under the spotlight.”

22. Russia/Ukraine: FSB Accuses Rostov Resident of Treason for Transfers to Ukrainian Friend Who Collected Money for Ukrainian Armed Forces

Media Zone reported on September 23rd that “a resident of Rostov-on-Don was detained in connection with a case of treason (Article 275 of the Criminal Code). This was reported to Interfax by the regional FSB department. According to the press release, the intelligence service accused the Rostov resident of transferring money to a Ukrainian citizen with whom she had been corresponding even before the war began. The woman’s interlocutor, according to the FSB, collected money for cars, drones and other military aid for the Ukrainian Armed Forces, and the detainee “knew” about this. The intelligence service did not provide any other details, including names or footage of the arrest. It is unknown when exactly the transfers were made and when the Rostov woman was arrested.”

23. United States/Russia: US Intelligence Agencies Confirm Russia is Pushing Fake Videos of Kamala Harris

The Record reported on September 23rd that “the U.S. intelligence community on Monday said Russia is responsible for recent videos shared on social media that sought to denigrate Vice President Kamala Harris, including one that tried to implicate her in a hit-and-run accident. Spy agencies also assess that Russian influence actors were responsible for altering videos of the vice president’s speeches — behavior consistent with Moscow’s broader efforts to boost former President Donald Trump’s candidacy and disparage Harris and the Democratic Party, an official with the Office of the Director of National Intelligence said during a press briefing. The session did not provide any more details on the incident revealed last week in which Iranian hackers offered materials pilfered from the Trump campaign to the Harris camp. The details about Russia’s videos follows a Microsoft analysis that found Moscow had “pivoted” its focus to Harris, and identified the article and website that triggered the hit-and-run conspiracy as part of a Russia-based disinformation campaign ahead of the upcoming election. However, the ODNI official disagreed with the tech giant that the Kremlin quickly changed its focus once President Joe Biden withdrew from the race. Instead, they said, Russia has taken time to adapt to the new political environment with the vice president atop the Democratic ticket. The disclosure about the fake Harris videos is part of a broader warning by the spy community that foreign actors are increasing their election influence activities as November approaches and could use artificial intelligence to generate and manipulate media. A chorus of national security officials this year have warned foreign adversaries might engage in oftentimes hard-to-detect influence operations designed to shape public opinion. Russia “has generated the most AI content related to the election, and has done so across all four mediums, text, images, audio and video,” the ODNI official said.”

24. United States: John “Shrek” McPhee — The Sheriff of Baghdad

Shawn Ryan Show published this podcast episode on September 23rd. As per its description, “John “Shrek” McPhee is a distinguished former Army Ranger and served as a Sergeant Major in the Army’s elite tier one unit, Delta Force. His military career was marked by intense training and high-stakes operations, earning him a reputation for leadership and effectiveness in counter-terrorism and special reconnaissance. During the Global War on Terror, McPhee became known as “the Sheriff of Baghdad,” where he played a crucial role in stabilizing the region and rebuilding local governance. His hands-on approach and ability to engage with local communities helped foster trust and order in a challenging environment. After retiring from the military, McPhee founded SOB Tactical, a company that provides tactical training and consulting services for military, law enforcement, and civilians. His extensive experience informs the training programs offered, focusing on practical skills and crisis management. Through SOB Tactical, McPhee continues to share his expertise and influence in the field of tactical training and public safety.”

25. China/Taiwan: Beijing Says Anonymous64 ‘Cyber Army’ Targeting Mainland China is Backed by Taiwan

South China Morning Post reported on September 23rd that “Beijing’s top spy agency says it has identified a group of Taiwanese hackers it claims backed by Taipei’s defence ministry and is hacking websites on the mainland, Hong Kong and Macau to “defame” mainland China’s political system. A hacker group called Anonymous64 is “a cyber army raised by the ‘Taiwan independence’ forces”, according to an article published by the Ministry of State Security on its official public WeChat account on Monday morning. The “forces” referred to by Beijing’s top intelligence agency is the Information, Communications and Electronic Force Command (ICEFCOM) under the Ministry of National Defence in Taipei. Beijing accused the command of “waging online ideological and public opinion battles against the mainland”. It comes at a time of significant deterioration in cross-strait relations, particularly after William Lai Ching-te became Taiwan’s new leader in May.”

26. France/United States: Ex-DGSI Boss to Advise on US Sanctions Investigations Firm

Intelligence Online reported on September 23rd that “the former counter-intelligence chief Patrick Calvar is to act as a consultant for Kharon, an American firm that specialises in monitoring compliance with sanctions imposed by the US authorities.”

27. Ukraine/Russia: Russian Hackers Have Shifted Tactics in Third Year of War

The Record reported on September 23rd that “Ukraine’s cyber agency has observed “a significant change” in the use of cyberattacks by Russian hackers in recent months, according to a new report. Whereas in the first two years of the war Russian hacker groups launched opportunistic attacks across an array of targets — for either destructive purposes or cyber-espionage — this year they have shifted their focus to Ukrainian entities directly connected to the war effort. “Hackers are no longer just exploiting vulnerabilities wherever they can but are now targeting areas critical to the success and support of their military operations,” Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) said in the new report. The number of cyber incidents analyzed by Ukraine’s computer emergency response team (CERT-UA) in the first half of 2024 grew by almost 20% — to 1,739 — compared to the second half of the previous year. SSSCIP also observed a significant increase in attacks on government organizations and local authorities. The number of incidents targeting the security and defense sectors, as well as the energy sector, has more than doubled. With most corporate email servers protected by security measures, hackers are increasingly using messaging apps, including Signal and WhatsApp, to access the devices of high-value military and government targets in Ukraine. The objectives of these attacks include stealing passwords, gaining access to email accounts and files, conducting espionage, spreading malware through phishing, and financial exploitation. As a lure, hacker groups such as UAC-0184 and UAC-0006 often use malicious documents related to military awards, combat footage, or military recruitment. To weaken Ukrainian organizations, the hackers also carry out cyberattacks aimed at stealing funds from Ukrainian companies. During one attack, cybercriminals used ransomware to encrypt data on the networks of unnamed businesses, including their backups.”

28. United States/Israel: Deep Dive into the Israeli Pager Attack with 2 Former CIA Officers

The Team House’s “Eyes On” published this podcast episode on September 24th. As per its description, “today we’re joined by Mick Mulroy and Marc Polymeropoulos, both former Senior CIA Officers to talk about the Israeli pager attack on over 3000 Hezbollah operatives and what it could mean going forward. Michael “Mick” Patrick Mulroy is the former Deputy Assistant Secretary of Defense for the Middle East. He is a retired CIA Paramilitary Operations Officer in the Special Activities Center and a retired United States Marine. He is currently the President of Fogbow (a company that enables international humanitarian efforts), a Senior Fellow for the Middle East Institute, an ABC News National Security Analyst, a Co-founder of the Lobo Institute, the Co-president of End Child Soldiering, and on the Board of Advisors for Plato’s Academy Centre and the Aurelius Foundation. Marc Polymeropoulos retired from the Senior Intelligence Service ranks in 2019 after serving for 26 years in the Intelligence Community in operational field and leadership assignments. He is an expert in counterterrorism, covert action, and human intelligence collection. Marc is one of IC’s most highly decorated field officers and has honed a unique leadership style based on decision making under pressure, inclusivity, camaraderie, and competition. His book “Clarity in Crisis: Leadership Lessons from the CIA” was published in June 2021 by Harper Collins. Marc’s goal is to pass on this knowledge to the sports and business world who can benefit from his unique experiences serving his country in the hot spots of the world.”

29. United States: SR-71 Pilot Recalls When Blackbird Crew Members Spray Painted RC-135 Silhouettes All over Kadena AB. RC-135 Crew Members Had to Remove All the Painted Planes

The Aviation Geek Club reported on September 22nd that “frags (from the Vietnam War-era term of “fragging,” or “frags” for short, to indicate a practical joke) were part of SR-71 Blackbird crew members (or Habus)’ traditions. Former Blackbird pilot Richard H. Graham recalls a very special frag that took place at Kadena Air Base (AB), Okinawa, Japan, home of Sr-71 Det. 1. He explains in his book Flying the SR-71 Blackbird: in the copckpit on a secret operational mission; ‘There were a lot of unit rivalries on Kadena between the SR-71 crews and the RC-135 reconnaissance crews from the 55th SRW at Offutt AFB, Nebraska. We were all there on a TDY basis with a common mission of gathering intelligence on the enemy. There was plenty of free time to think up pranks to play on each other. ‘One day, the mobile crew* had just launched the SR-71 and went to the Officers Club to grab a bite before they were due back for the landing. They parked and locked the mobile car in front of the club. An RC-135 crew just happened to park right beside the mobile car, and one of them looked inside and saw a kit bag with “CLASSIFIED” labels all over it sitting on the back seat. ‘This was a big no-no! ‘They knew who it belonged to, but thought it would be cute to call the security police and let them know there was classified material in a military vehicle parked in front of the Officers club. Needless to say, this breach of security turned into much more than a practical joke. ‘To get revenge, we made stencils of their RC-135 aircraft and spray painted them all over the base. They thought someone in their own squadron had done the job and were proud to see their plane stenciled on signs, poles, and buildings. The natural assumption was that they did it and their squadron ended up having to remove all the painted planes. Touché!”

30. China/United States: The Time China Shot Down 5 USAF U-2 Dragon Lady Spy Planes

Simple Flying published this article on September 23rd stating that “dear readers, I must confess, this is a profoundly depressing story for me to write. Though the United States of America ultimately did win the Cold War by virtue of the collapse of the Soviet Union in 1991, my country and her allies suffered many a humiliating defeat and setback along the way, from the Vietnam War, to the Soviets beating America into unmanned (Sputnik) and manned space flight (Yuri Gagarin), to the Soviet shootdown of U-2 Dragon spy plane pilot Francis Gary Powers on May 1, 1960. But it turns out that the Soviets weren’t the only Cold War Communist adversary to shoot down an American-made U-2. And to add insult to injury, the enemy nation in question that we’ll be covering in this story did *not* collapse when the Cold War ended and still very much exists as a threat to peace and freedom today. Simple Flying now shares the story of how and when Red China shot down not just one, nor just two, or even three or four…but nay, a mind-boggling FIVE of the precious U-2 Dragon Lady spy planes.”

31. Azerbaijan/France/Russia: Russian Request Complicates French-Azerbaijani Spy Skirmish

Intelligence Online published this article on September 24th saying that “in the battle between the French and Azerbaijani intelligence services, both sides have detained an individual potentially linked to an agency of the opposing side. Russia’s decision to request the extradition of the Azerbaijani individual on attention-grabbing accusations of terrorism has made the situation doubly complicated for the French authorities. While Azerbaijan has again extended the detention of French citizen Martin Ryan, whom it accuses of spying for the French external intelligence agency, the DGSE, a French court is examining the case of an Azerbaijani citizen who took refuge in France and is presented as a former collaborator of the Baku domestic intelligence service, the DTX. More specifically, the French magistrates are examining a request from Russia for his extradition. According to an 11 September Paris court of appeals decree, which Intelligence Online has read, the Russian public prosecutor sent a formal request for extradition of the individual to the French ministry of justice on 21 May. The request was transferred by Interpol’s office in Moscow, then via a diplomatic note from the Russian embassy in Paris on 29 May.”

32. Ukraine/Russia: SBU Detained Serviceman Operating as GRU Agent in Kharkiv

On September 24th Ukraine’s SBU announced that they “detained a traitor in Kharkiv who was pointing Russian missiles at his brigade of the Armed Forces and was preparing to flee to the Russian Federation. The Security Service detained another agent of the Russian Federation in Kharkiv. He turned out to be a recently mobilized 45-year-old resident of the city, who was remotely recruited by the military intelligence of the Russian Federation in August of this year. According to the instructions of the occupiers, the person involved was supposed to adjust the air strike on one of the units of his brigade of the Armed Forces of Ukraine. In exchange for this, the Russian intelligence service promised to “evacuate” the agent to the aggressor country, where he planned to join the enemy army and fight against Ukraine. To direct the fire, the person involved marked the “required” locations on the Google Map and sent the corresponding screenshot to his Russian handler. The agent also conducted preliminary reconnaissance near the combat positions of the Ukrainian Air Defence Forces, which the Russians hoped to “bypass” during the missile attack. According to the instructions of the military intelligence of the Russian Federation, before enemy fire, the traitor was to arrive at a designated place on the front line, and the occupiers were to create a “corridor” for him to cross the front line. However, the SBU officers worked ahead of time and as soon as they documented the criminal actions of the agent, they detained him at the stage of preparation for “evacuation” to Russia. In addition, during the special operation, the SBU carried out comprehensive measures to secure the positions of the Ukrainian troops, which completely disrupted the aggressor’s plans. During the search, mobile phones were seized from the detainee, which he used to communicate with the Russian intelligence service.”

33. Greece/Cyprus/Turkey: Eyes on the Eastern Mediterranean Sea

ItaMilRadar reported on September 24th that “in recent weeks, we have repeatedly tracked a Turkish Navy ATR P-72MPA conducting a mission in the Mediterranean with a particular pattern. The aircraft follows a square route between the Greek islands and Cyprus before returning to its base in Dalaman. The last time such a mission was carried out by an ATR 72MPA (reg. TCB-754) was yesterday. Today, a Hellenic Air Force EMB-145 AEW&C (reg. 729 — c/s OURANOS31) took off from Elefsis AB and conducted a roughly 4-hour mission over the same area of sea. We do not know if the two events are connected, but even in this case, we had recorded similar missions in the past few days.”

34. Israel: Decoding Pegasus Spyware — Peering into the Underbelly of Digital Surveillance

Grey Dynamics published this article on September 24th. As per its introduction, “step into the clandestine realm of Pegasus, an enigmatic spyware developed by NSO Group Technologies, synonymous with covert surveillance of smartphones worldwide. From its inception to its tumultuous journey across borders, this article unravels the intricate web of espionage surrounding Pegasus. Moreover, this article delves into the controversies, geopolitical ramifications, and clandestine operations orchestrated by governments and intelligence agencies. From Poland to the United Arab Emirates, and India to Mexico, explore the key players in this high-stakes game of cyber espionage. Additionally, join us as we uncover the hidden truths behind the headlines and navigate the murky waters of modern surveillance technology.”

35. United States/North Korea: Google Details UNC2970 North Korea-linked Espionage Hackers Targeting US Energy, Aerospace Sectors

Industrial Cyber reported on September 24th that “new research released by Google disclosed that cyber adversaries have targeted energy and aerospace companies in a new espionage campaign, suspected to have a North Korea nexus, tracked by Mandiant under UNC2970. These hackers exploit authentic job description content to target individuals working in critical infrastructure sectors in the U.S. They pose as recruiters from well-known companies, luring victims with fake job openings. Mandiant has noted that UNC2970 customizes and adapts job descriptions to suit their specific targets. “In June 2024, Mandiant Managed Defense identified a cyber espionage group suspected to have a North Korea nexus, tracked by Mandiant under UNC2970,” Marco Galli, Diana Ion, Yash Gupta, Adrian Hernandez, Ana Martinez Gomez, Jon Daniels, and Christopher Gardner, wrote last week in a Google Cloud blog post. “Later that month, Mandiant discovered additional phishing lures masquerading as an energy company and as an entity in the aerospace industry to target victims in these verticals.” UNC2970 is a cyber espionage group tracked by Mandiant since 2021 and suspected to have a North Korean nexus. This threat actor’s activities overlap with those of TEMP(dot)Hermit, a threat actor conducting collections of strategic intelligence aligned with North Korean interests that has been active since at least 2013.”

36. South Korea: Changing South Korea’s Espionage Law is Good for Business

KEI reported on September 24th that “lawmakers from South Korea’s two major political parties have a notoriously difficult time agreeing on much of anything. However, one issue that enjoys bipartisan support is reforming the country’s espionage law, a proposal now under consideration in the National Assembly. The focus is on updating Article 98 of the Criminal Act as the legislation, in its current form, has long hindered the government’s ability to prosecute offenders. While the reform measures have clear national security implications, much of the debate centers on economic security — specifically, South Korea’s capacity to safeguard its commercial trade secrets from industrial espionage. Between 2003 and 2023, South Korea experienced 552 cases of industrial secrets being leaked to foreign countries, and since 2018, these incidents have resulted in financial losses exceeding 25 trillion won, according to the National Intelligence Service (NIS). Yet, despite the large number of cases and their punishing economic impact, South Korea’s legal framework has been slow to address the full scope of the problem, especially when it comes to state-sponsored intellectual property theft.”

37. United States: OSS Body Search WWII Spy Training Film (1942)

On September 25th we published this video in our archived content/footage playlist. As per its description, “declassified training film that OSS produced during WWII to train operatives on how Axis powers are likely to conduct a body search in case of the OSS operatives getting captured behind enemy lines. As per its formal description: This picture you are about to see was made for the purpose of illustrating the technique of the body search. It tells the story of an untrained, native courier who forgot, or perhaps never knew, that the quickest way to fail in your mission is to blow your cover. The well-trained agent never attracts the attention of any persons to the point where their interest culminates in a body search. He protects himself by consistent, appropriate cover and good common sense.”

38. Czech Republic/China: Czech Government Releases Report on Espionage Attempts

European Times reported on September 24th that “the annual report by the Czech Security Information Service, released on September 12, underlines China’s covert activities within the Czech Republic. These efforts include the creation of fake LinkedIn profiles and the use of financial incentives to gather intelligence and build networks of influencers. The report underscores that China poses a significant threat to Euro-Atlantic civilization, including the Czech Republic. It warns that falling under China’s influence could lead to the gradual erosion of technological and strategic knowledge, benefiting a regime based on communist dictatorship. This regime undermines the core values of democracy and the free market, which are the foundations of Western society. The report serves as a stark warning about the potential dangers of China’s covert actions. The agency disclosed that the Chinese Communist Party (CCP) has leveraged its diplomatic mission to conduct intelligence operations on Prague’s political landscape as part of its broader influence efforts in the Czech Republic. Intelligence agents were sent to establish relationships with local influential figures, including academics, to gain access to “non-public information” and to better understand the Czech environment. This initiative is intended to enhance China’s influence and control in the region. A key focus of the report is on Chinese intelligence agents targeting Czech academics via fake LinkedIn profiles. Posing as representatives of fictional consulting or headhunting firms based in Hong Kong or Singapore, these operatives request research or reports on topics of political interest to China, offering financial rewards in exchange. These initial requests often lead to deeper cooperation, eventually involving the transfer of sensitive information. Once foreign scholars agree to produce these reports, Chinese agents often extend invitations for fully-funded trips to China. The aim is to cultivate a network of contacts who feel a sense of obligation and may later support Chinese interests in the Czech Republic. These invitations are not limited to academics but are also extended to former and current political figures, representatives from national and local governments, and influential business leaders. The report stresses that participants in Chinese-sponsored activities could be approached by Chinese intelligence or used for propaganda purposes. The hospitality extended by the Chinese regime creates a sense of obligation, which could later be exploited. This report adds to a growing body of global allegations of Chinese espionage, raising concerns about the CCP’s activities worldwide.”

39. United States/Turkey/Mexico: Jailed US-Turkish National in Pentagon Secrets Case May Implicate Turkey

Nordic Monitor reported on September 25th that “Gökhan Gün, a 50-year-old electrical engineer and dual Turkish-US citizen, has been charged with unauthorized possession of national security materials in violation of US law, with additional charges potentially forthcoming, as the investigation raises speculation that he may have shared, or intended to share, classified information with foreign agents, possibly Turkish handlers, during planned meetings in Mexico. Born in Istanbul, Gün moved to the US in 2001 on a non-immigrant work visa, reportedly facilitated by his late sister, Günay Gün Purdham, who had originally come to the US as an au pair, working as a nanny for a Turkish diplomat. Gün is described as a loner with little regard for family connections. He briefly married in 2014, but the union ended in divorce, with no children. According to DC-based investigative journalist Adem Yavuz Arslan, Gün did not respond to condolences after the death of his sister, who had worked for the Washington Metropolitan Area Transit Authority and passed away two years ago. He became a US citizen in 2021 and started working at the Pentagon’s Joint Warfare Analysis Center (JWAC) in September 2023, holding a top security clearance. JWAC plays a vital role in providing the Pentagon, particularly the US Strategic Command’s (USSTRATCOM) director of global operations, with innovative solutions for targeting critical infrastructure of an adversary and related systems. Gün’s skill set included expertise in wireless communications, computer programming, scripting, virtualization and related technologies. He was involved in numerous JWAC projects, familiar with the center’s methods and capabilities and had connections with many personnel there. The FBI detained Gün on August 9, 2024 as he was preparing to leave for Puerto Vallarta, Mexico, for what he claimed was a fishing trip. In his backpack agents discovered a top-secret document and a printout listing his security clearances. The question of why a man supposedly heading on a fishing trip would carry such sensitive materials raised significant suspicion. Possessing such documents at his home, an unsecured location, violated all his training as well as multiple non-disclosure agreements he had signed with the Pentagon prior to obtaining his security clearance.”

40. United States: NSA — The Cutting Edge of Classified: Research at NSA

NSA published this podcast episode on September 26th. As per its description, “how does NSA stay ahead of its foreign adversaries? Emerging technologies can have significant impacts on national security, further heightening the critical nature of NSA’s foreign signals intelligence and cybersecurity missions. NSA researchers help defend the United States every day by focusing on what’s next. Learn from NSA’s Director of Research, Gil Herrera, about the strategy behind the largest in-house research group in the United States Intelligence Community. Learn about large language models (LLMs) from a leading expert in the field, and how this technology can help enable NSA to more effectively carry out its foreign signals intelligence and cybersecurity missions. Understand how leading researchers, from mathematicians to computer scientists to engineers and beyond, contribute to national security.”

41. Russia/Germany/Baltics: Russian Spy Ships Suspected of Espionage in Baltic and North Seas

Army Recognition News reported on September 25th that “according to information published by Suddeutsche Zeitung on September 24, 2024, alarming activity by Russian ships in the Baltic and North Seas has raised suspicions of espionage and sabotage of critical infrastructure. The investigation, which involved journalists from six countries, revealed that Russian research ships, often equipped with military technology, have been spying on gas pipelines, data cables, wind farms, and military infrastructure in the region. One incident from October 2023 highlights the concern. The containership Newnew Polar Bear abruptly slowed down while crossing the Balticconnector pipeline, causing severe damage to the pipeline with its anchor. This came just months after the Russian seabed survey ship Sibiryakov was observed performing suspicious maneuvers, at least once directly over the pipeline, sparking suspicions that it might have been preparing for sabotage. Ships like the Sibiryakov are part of a broader network of Russian vessels conducting surveillance missions in the area. These research ships are said to be under the control of the Russian Ministry of Defense and are fitted with sophisticated equipment, including military-grade radar systems. The investigation tracked 72 Russian research vessels, which have made 428 voyages since the start of the war in Ukraine. Analysis of over 1,000 Morse code transmissions and AIS (Automatic Identification System) data points indicate that these activities have increased in recent months. Ships have been detected entering the Exclusive Economic Zones (EEZs) of several EU countries at low speeds, often below 5 knots, a tactic experts associate with espionage missions. Many of these incursions were in close proximity to vital infrastructure like gas pipelines and offshore wind farms. In Germany alone, over 2,600 Russia-affiliated vessels have reportedly made “area visits” in German territorial waters since the Ukraine conflict began, with 143 of them flying the Russian flag. This prompted German authorities to increase their surveillance efforts, with government figures confirming that since 2023, 107 escort missions by police and navy frigates have been conducted to monitor suspicious activity in the country’s EEZ.”

42. Germany/China: Germany Sees Spike in Chinese and Russian Espionage

DW reported on September 23rd that “the press office of Germany’s Federal Prosecutor is a hive of activity these days: “Arrest for suspected secret service agent activity” — read the headline of a press release from April 23, 2024. A press release from the day before had exactly the same headline. All four suspects — three men and one woman — are alleged to have spied for China. “We must finally understand that this is a very serious and very real threat to our security,” said Green Party lawmaker Konstantin von Notz who heads the Parliamentary Control Committee for the Intelligence Services in the lower house, the Bundestag. “We must act quickly and decisively both through criminal prosecution and by uncovering the structures and networks,” he added. The latest developments came as no surprise to the head of Germany’s domestic intelligence service. “We initiated these investigations, and once the evidence was clear, we were able to hand this case over to the police and the public prosecutors,” Thomas Haldenwang, president of Germany’s domestic intelligence service, told DW. His agency’s 2023 report stated: “China’s global ambitions are being pursued to get more and more power, and it can be expected to further intensify its espionage activities as well as seek to influence state actors,” it read. China is not in a rush, Haldenwang told DW: “They want to be the number one political, military and economic power in the world by 2049. And they are continually pursuing that goal — by legal means, but also by illegal means,” he said.”

43. Ukraine/Russia: SBU Detained GRU Agent in Pokrovsk

On September 25th Ukraine’s SBU announced that they “detained a Russian agent who helped the Russians advance on Pokrovsk. The Security Service detained another Russian military intelligence agent in Donetsk region. The intruder was spying on the Defence Forces on the hottest front line — Pokrovsky, where fierce fighting is ongoing. The figure turned out to be an employee of a local mining enterprise, who was remotely recruited by the Russian intelligence service in July of this year. Since that time, he has scouted the geolocations of the headquarters and fortified areas of the Ukrainian troops involved in the protection of the district centre. The agent paid special attention to the firing positions of the heavy artillery of the Armed Forces of Ukraine, which keeps under fire control the assault groups of the occupiers. He also tried to identify the base points of the SBU units, which conduct counter-subversive measures in the area and perform other special and combat tasks. During reconnaissance trips, the agent behaved like an average resident of a front-line community who commuted to work at a local mine. But during such trips, he secretly recorded the location of Ukrainian troops and marked the corresponding coordinates on Google Maps. To communicate with the Russian intelligence service, the person involved initially used an anonymous account in a popular messenger. Later, hoping to “confuse his tracks”, he switched to communication with his Russian handler through banned Russian social networks. SBU counter-intelligence officers exposed the agent at the initial stage of his intelligence activity. This made it possible to document the crimes of the person involved, to detain him and to prevent the Russians from “leaking” relevant information about Pokrovsk’s defence. During the searches, a mobile phone and SIM cards were seized from the detainee, which he periodically changed in order to conspire to communicate with the occupiers.”

44. United States/Russia: How Russia’s RT Went from a Cable News Clone to Covert Operator

NPR reported on September 26th that “when Olga Belogolova moved to Washington, DC, in 2010, Russian state-owned broadcaster RT was making a big push in the U.S. “I remember going to bars in this town and seeing RT on televisions, just on,” Belogolova, who is now director of the Emerging Technologies Initiative at the Johns Hopkins School of Advanced International Studies, recalls. RT was long known to be government-funded and a source of Russian propaganda. But it claimed to be independent. It hired American journalists, and featured some big names like former CNN host Larry King. The channel’s aesthetic was sleek, modern, and cable news-like. But over the years, as American relations with Russia cooled, skepticism of RT grew. Now, the U.S. government has accused RT and its parent company, Rossiya Segodnya, of going beyond propaganda, as part of the Kremlin’s efforts to destabilize democracies and erode international support for Ukraine. “They are engaged in covert influence activities aimed at undermining American elections and democracies, functioning like a de facto arm of Russia’s intelligence apparatus,” Secretary of State Antony Blinken said at a press conference this month. That includes a scheme to funnel nearly $10 million to pro-Trump American influencers, over which the Justice Department recently indicted two RT employees. Responding to Blinken’s accusation, an RT statement joked that the organization has been “broadcasting straight out of the KGB headquarters all this time.”.”

45. Ukraine/Russia: SBU Uncovered Blogger in Lviv for Leaking Sensitive Information

On September 25th Ukraine’s SBU announced that “a Lviv blogger was suspected of leaking the locations of armed forces. A few months before the start of a full-scale war, the figure incited people to stage mass riots and seize state institutions under the guise of the “anti-vaccination movement.” Being in the status of the accused during the full-scale invasion, the person involved continued his anti-Ukrainian activities. Through his accounts in social networks, the “blogger” distributed destructive content. In particular, he claimed that Russian armed aggression was allegedly caused by “third countries” that “provoked” Moscow to a full-scale invasion of Ukraine. Also, during one of his live broadcasts on social networks, the person involved publicly announced the exact location of one of the units of the Ukrainian defenders, thus exposing them to danger. In addition, he organised online “journalism” courses, where, among other things, he taught his followers to counter the mobilisation in Ukraine. The cost of the courses was UAH 7,000 per student. After completing his studies, the person involved promised his clients an international journalist certificate. However, instead of the promised documents, he gave the “graduates” fictitious certificates of a local newspaper, which lost its accreditation in the spring of this year. Mobile phones and other physical evidence of criminal activity were found during searches of the suspect’s residence.”

46. Russia/Ukraine: Russian FSB Surveillance of Alleged SBU Operative Placing Car Bomb in Zaporizhzhia (Feb. 2024)

On September 27th we published this video in our archived content/footage playlist. As per its description, “Russia’s Federal Security Service (FSB) released this footage on February 19th, 2024 stating that it shows a Ukrainian Security Service (SBU) agent (Russian citizen) named Vitaly Dyatlenko (Виталий Дятленко), disguised as a disabled person, placing an Improvised Explosive Device (IED) under a car to assassinate a “political figure in Zaporizhzhia Oblast” before the 2024 Russian Federation presidential election. While attempting to detain him, they had a gunfight that resulted in the death of the alleged SBU operative. Ukrainian SBU commented on the Ukrainska Pravda newspaper that this was a “staged fabrication”.”

47. Lebanon/Israel: Hezbollah Fires Missile at Mossad HQ Near Israel’s Tel Aviv

Al Jazeera reported on September 25th that “Hezbollah has fired a ballistic missile targeting Mossad’s headquarters near Tel Aviv, the Lebanon-based group said. Warning sirens sounded in Tel Aviv on Wednesday as a surface-to-surface missile was intercepted by Israeli air defence systems after it was detected crossing from Lebanon, the Israeli military said. Hezbollah said that the building targeted was where the Israeli intelligence agency planned the recent attacks using pagers and other wireless devices. The launch came amid Israel’s bombardment of Lebanon, which has killed at least 500 people and forced tens of thousands to flee. It is the first time that the Iran-backed armed group has claimed a ballistic missile strike since October when hostilities with Israel were triggered by the war on Gaza. “The Islamic Resistance launched a ‘Qader 1’ ballistic missile at 6:30am (03:30 GMT) on Wednesday, 25–9–2024, targeting the Mossad headquarters in the outskirts of Tel Aviv,” Hezbollah said in a statement. “This headquarters is responsible for the assassination of leaders and the explosion of pagers and wireless devices.” The group added that the strike was carried out in support of the people of Gaza and “in defence of Lebanon and its people”. The Israeli military said it was the first time a projectile fired from Lebanon had reached central Israel. Hezbollah claimed to have targeted an intelligence base near Tel Aviv last month in an aerial attack, but there was no confirmation from the Israeli side. There were no reports of damage or casualties in Israel and the military said there was no change to civil defence instructions for central Israel. The Israeli Air Force said in a post on X that its planes had struck the launcher from which the missile was fired in the area of Nafakhiyeh in Lebanon.”

48. United States: Life as a CIA Case Officer — Musings from a Career in the Field

Grey Dynamics published this article on September 26th stating that “having spent the better part of the past three decades serving as a case officer for the Central Intelligence Agency (CIA), there are many things no one tells you. In fact, you learn these the hard way. Perhaps it helps create character? Not so sure I buy that. Extreme type A personalities, competitive, sometimes conniving, creative, bold, envelope-pushing, personable, articulate, and daring individuals. We often have to straddle ethical and legal lines. After all, our sole function is to steal secrets and conduct covert action against our adversaries (general illegal activities in the countries we are operating in). We operate between the cracks and turn whatever foreign locale we end up in into our operational playground. We have illegal mindsets that we use for good. A colleague once told me that if the CIA didn’t exist, we would all be in prison. He was probably right. This is a job like no other. You are a: salesman, head-hunter, politician, teacher, lawyer, priest, psychologist, coach, showman, entrepreneur, inventor, actor, artist, academic. All wrapped up in one. For those seeking a career as a case officer, here are some musings from a career in the field and things no one tells you.”

49. France: Confirmed — Former DGSE Director Joins ADIT to Head Défense Conseil International Advisory Board

Intelligence Online reported on September 27th that “diplomat Bernard Emié, who directed the DGSE from 2017 to 2023, will chair the advisory board of Défense Conseil International, the French armed forces’ operator for exporting military knowledge and training. Since DCI is now part of the ADIT group, Emié will join numerous high-ranking civil servants who have moved into consulting.”

50. United States: John Gentry — Unpacking the Information War Against the US

On September 26th the Shawn Ryan Show published this podcast episode. As per its description, “John A. Gentry is a respected figure in the fields of military service, intelligence analysis, and academia. After earning a degree in political science and international affairs, he served in the United States Army, achieving the rank of Lieutenant Colonel (LTC). His military career provided him with a robust understanding of global security dynamics and strategic leadership. Following his military service, Gentry transitioned to a role as a CIA analyst, where he evaluated intelligence data and contributed critical insights to national security decisions. His expertise in geopolitical issues made him a valuable asset within the intelligence community, helping to shape assessments on various international threats and foreign policy challenges. Currently, Gentry is a professor at Missouri State University, where he educates students on national security, intelligence analysis, and military strategy. His commitment to mentoring young professionals and fostering interest in public service underscores his dedication to shaping the next generation of leaders in international relations and security studies. He is also the author of the new book “Neutering the CIA,” which explores the agency’s evolution and future challenges.”

51. Ukraine/Russia: SBU Detained Saboteur in Transcarpathia

On September 26th Ukraine’s SBU announced that they “detained a Russian henchman in Transcarpathia who set fire to a car of the Armed Forces of Ukraine and the Red Cross . According to the plan of the enemy, a series of arsons was supposed to destabilise the socio-political situation in the region. According to the case file, the suspect was a 21-year-old immigrant from the Vinnytsia region who was looking for quick earnings. In Telegram, a representative of the intelligence services of the Russian Federation appeared on him and offered money in exchange for cooperation. At the behest of the policemen, the young man set fire to an official SUV of the Armed Forces of Ukraine and a car of the Red Cross Society of Ukraine within one day. Expecting to receive a monetary “reward”, the suspect recorded the fire on his phone’s camera and sent a video report to the Russian handler. However, the “customer” from Russia refused to pay and promised to “pay off” after performing several more arsons. The law enforcement officers caught the perpetrator red-handed as soon as he set the third car on fire. At the scene of the incident, incendiary devices and a mobile phone with evidence of correspondence with Rashisti were seized from him.”

52. Switzerland/United States: Predator Files — Switzerland as a Hub

WOZ reported on September 26th that “the USA has again imposed sanctions on the spy company Intellexa and persons associated with it — including a Swiss trustee. WOZ knows that the Federal Prosecutor’s Office has also opened a criminal investigation. Andrea Nicola Costantino Hermes Gambazzi has a dazzling name. The career of the 57-year-old trustee from Ticino is also dazzling. In the 1990s he worked as a young business lawyer for UBS, and later for the life insurance company Swiss Life. In the mid-2000s he took over a law firm in Lugano and also worked as a trustee. According to the business information service Moneyhouse, he currently holds 28 active corporate mandates: real estate transactions, trading companies, research and development, legal work — it is a broad and lucrative portfolio. Since last week, his career as a trustee has presumably been in ruins. The name Andrea Nicola Costantino Hermes Gambazzi has been on the US Treasury Department’s sanctions list since September 16. Last week, the Department announced on its website that it would be imposing sanctions on “those behind the commercial Intellexa espionage consortium,” which it includes Gambazzi in black and white. In its letter, the US Department made it unmistakably clear what it thinks of Intellexa’s multi-million dollar surveillance Trojan business: “The United States will not tolerate the reckless spread of disruptive technologies that threaten our national security and undermine the privacy and civil liberties of our citizens.” Since then, Gambazzi has no longer been able to conduct transactions with US companies and financial institutions, his economic scope of action is severely restricted, and the damage to his reputation is enormous.”

53. Russia/Ukraine: Cyberespionage the Gamaredon Way — Analysis of Toolset Used to Spy on Ukraine in 2022 and 2023

ESET Research published this technical analysis on September 26th. As per its introduction, “the war in Ukraine, which started in February 2014 and intensified with Russia’s invasion of the country on February 24th, 2022, exemplifies a multifaceted war, rife with disinformation campaigns and cyberwarfare. Throughout these years, ESET Research has revealed several high-profile cyberattacks conducted by Russia-aligned advanced persistent threat (APT) groups targeting Ukrainian entities and Ukrainian speakers, analyzed various operations, and kept track of multiple APT groups focusing on this region because of the war. In this research, we decided to examine the operations of Gamaredon, the Russia-aligned group that has been active since at least 2013 and is currently the most engaged APT group in Ukraine. The intensity of the physical conflict has noticeably increased since 2022, but it’s worth noting that the level of activity from Gamaredon has remained consistent — the group has been methodically deploying its malicious tools against its targets since well before the invasion began. We have analyzed thousands of samples while conducting a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities in 2022 and 2023; we reveal the results of our analysis in our white paper, which you can read in full here: Read full report. In the white paper, we share details about Gamaredon’s ever-changing obfuscation tricks and numerous techniques used for bypassing domain-based blocking. These tactics pose a significant challenge to tracking efforts, as they make it harder for systems to automatically detect and block the group’s tools. Nevertheless, during our research, we managed to identify and understand these tactics, and keep track of Gamaredon’s activities. We also describe the tools that are most prevalent or interesting in some other way in order to shed more light on the relationships that exist among the tools and to help create a bigger picture of the tools’ ecosystem.”

54. India: Innefu Labs Has Sights Set on Gulf

Intelligence Online reported on September 27th that “the Indian cyber-intelligence company Innefu Labs, founded by two former executives from Appin Security, a firm once favoured by Western private investigators, wants to expand its business in the Gulf and further afield.”

55. Ukraine/Russia: SBU Detained FSB Agent Group of 3 in Kyiv, Kharkiv and Chernihiv

On September 26th Ukraine’s SBU announced that they “detained an FSB agent group that spied on the Defence Forces in three regions of Ukraine at once. The Security Service neutralised an FSB agent group that operated in Kyiv, Kharkiv and Chernihiv. As a result of a multi-stage special operation in different regions of our country, three henchmen of the Russian Federation, who were scouting the locations of the Defence Forces, were detained. The agents acted separately from each other, but focused on one handler from the Russian Federation. One of the persons involved was carrying out hostile tasks, pretending to be a former law enforcement officer. When documents were checked, he showed a fake veteran’s ID. All the detainees were “on the hook” of the Russian intelligence service through Telegram channels, where they were looking for quick money. In exchange for money, the occupiers sent agents to go around the area and covertly photograph the location of Defence Forces personnel and military equipment. So, for example, in Kyiv and Chernihiv, the invaders were most interested in the deployment locations of the border detachments and control points of the Armed Forces. In Kharkiv, one of the participants tracked the coordinates of the Ukrainian troops’ fortified areas, which are involved in the defence of the regional centre. The activities of the enemy group were coordinated by a staff member of the FSB military counter-intelligence. His identity and other personal data have already been established by the Security Service. As a result of the special operation, all three agents were arrested “red handed” when they were conducting reconnaissance near military facilities.”

56. United States: Intelligence Bin Laden Spy on Hunting “The Ghost” — Shawnee Delaney

Julian Dorey published this podcast episode on September 27th. As per its description, “Shawnee Delaney is an Ex-DIA clandestine ops officer, expert on cybersecurity, insider threat program development, surveillance, & investigation. She took part in the hunt for Osama Bin Laden.”

57. Algeria/Morocco/Israel: Algeria Reimposes Visas on Moroccans, Accusing Rabat of ‘Zionist Espionage’

Middle East Eye reported on September 27th that “Algeria announced on Thursday it will reestablish visa requirements for Moroccan nationals effective immediately, accusing its North African neighbour of deploying “Zionist intelligence agents”. In a statement, the Algerian foreign ministry accused Morocco of taking advantage of the visa exemption arrangement to “engage in various actions detrimental to the stability of Algeria and its national security”. The ministry cited: “The large-scale organisation of organised crime networks, drug and human trafficking, smuggling, illegal immigration and acts of espionage, as well as the deployment of Zionist intelligence agents, holders of Moroccan passports, to freely access the national territory.” “These acts constitute a direct threat to the national security of our country and impose firm and strict control of all points of access and stay in the national territory,” the statement added. Algiers’ decision comes after several people, including four Moroccans, were arrested in the city of Tlemcen, in western Algeria, early in September over accusations of being part of “a spy network” aimed at “undermining Algerian security and administrative institutions”. “Always driven by values ​​of solidarity woven by the human and family ties that unite the two brotherly peoples (…), when deciding to sever diplomatic relations with this country in August 2021, (Algeria) had avoided calling into question the freedom and fluidity of the movement of people,” the foreign ministry said on Thursday. The decision puts an end to nearly two decades of free movement between the two countries, even though the borders have been closed since 1994. For Algiers, “the kingdom of Morocco is held solely responsible for the current process of deterioration of bilateral relations through its hostile actions towards Algeria”.”

58. Denmark/China: Warning of Chinese Espionage but Danish Universities are Still Sending Students to China

Uniavisen reported on September 27th that “the Sino-Danish Center (SDC) was set up to strengthen research collaboration between Denmark and China. Now it is at the centre of a complex dilemma between academic freedom and national security. And in the meantime, Danish students and researchers continue to be sent to China. This November, Danish students will be able to go on a one-week study trip to Beijing to learn more about how to study for a master’s degree in nanotechnology in China. The University of Copenhagen’s Nano-Science Center is planning and organizing the trip, where Danish students the country’s universities can get a taste of life as a master’s student in China, participate in lectures, and meet various Chinese collaborators. The trip is part of the Danish-Chinese research and education collaboration Sino-Danish Center (SDC), which has UCPH rector Henrik C. Wegener as the partnership’s Danish board chairman. The collaboration started in 2010 between all eight Danish universities and the Chinese Academy of Sciences. From the outset, the objective was to strengthen research collaboration between Denmark and China. This included master’s degree programmes and PhD scholarships at the SDC centre, which is located north of the Chinese capital, Beijing, where both Danish and Chinese students are based. Danish researchers can furthermore, via SDC, come to China and participate in research projects with some of the leading experts within certain fields. But according to experts which the University Post has spoken to, the research collaboration with China is full of risks.”

59. Poland/Ukraine/Belarus/Russia: In Poland, a Ukrainian and a Belarusian were Convicted of Spying on Russia

Babel reported on September 27th that “the district court in Lublin, Poland sentenced a citizen of Ukraine and a citizen of Belarus to prison terms and a fine for espionage for Russia as part of an organized group. They installed cameras along transport routes to track military aid shipments to Ukraine. This was reported by the Polish broadcaster TVP. For participation in an organized criminal group, espionage in favor of the Russian Federation and possession of marijuana, the Lublin court deprived 23-year-old citizen of Ukraine Maksym L. of his liberty for six years, and also imposed a fine of 15 thousand zlotys (€3.5 thousand). And 30-year-old Belarusian Vladyslava P. received two years and 10 months in prison and a 10 thousand zloty fine (€2.3 thousand). Extras must also pay 5 000 zlotys (€1 100) each to the Victim Assistance Fund. Judge Myroslav Bzhozovsky, commenting on the verdict, said that the participation of the defendants in a criminal group is beyond doubt. “It was an organized crime group led by an unidentified man named Andrii whose purpose was to gather intelligence that was used to determine the type and amount of aid given to Ukraine,” he said. According to the investigation, 23-year-old citizen of Ukraine Maksym L. and 30-year-old citizen of Belarus Vladyslav P. were active in the group from January to March 2023. They installed cameras on strategically important railroads that transport military and humanitarian aid to Ukraine. They also observed the seaports in Gdynia, Gdańsk, the airport in Jasionka and the train station in Rzeszów.”

60. Iran/United States: Iranian Hackers Charged in Trump Campaign Attack — Election Interference Links

The Daily Guardian reported on September 28th that “aU.S. grand jury has indicted three Iranian hackers for cyber espionage and hacking related to Donald Trump’s presidential campaign, highlighting growing concerns over election interference by foreign powers like Iran, China, and Russia. The three individuals are accused of collaborating with other hackers to conduct a “wide-ranging hacking operation” for the Islamic Revolutionary Guard Corps (IRGC), according to U.S. Attorney General Merrick Garland. The hackers allegedly targeted members of Trump’s campaign and stole confidential information, which they reportedly shared with journalists and individuals linked to President Joe Biden’s re-election campaign. Court documents reveal the use of advanced techniques like spear-phishing and social engineering to compromise the accounts of U.S. government officials and individuals associated with political campaigns. A Microsoft report in June 2024 confirmed that “Iranian hackers had sent a spear-phishing email to a high-ranking official on Donald Trump‘s presidential campaign.” Google’s cybersecurity division also reported attempts by Iranian hackers to infiltrate President Joe Biden’s campaign in the same month. While the extent of these breaches remains unclear, Garland emphasized, “The American people, not a foreign power, decide the outcome of our country’s elections.”.”

61. United States/Saudi Arabia: Unveiling Saudi Network Behind 9/11 — Former FBI Agent’s Revelations

Covert Action Magazine published this article on September 27th stating that “the 9/11 attack has been shrouded in secrecy by the U.S. government for 23 years, leading to much speculation and questions among the public. Despite numerous investigations and official reports, the full picture of those tragic events has never been fully revealed. Following another anniversary of this tragedy, we decided to publish a confidential FBI report that can illuminate many aspects that have remained hidden until today. Our step is intended not only to satisfy public curiosity but also contribute to a deeper understanding of how and by whom the preparations for this terrorist attack were conducted. Penned by former FBI employee Bassem Youssef, who was directly involved in the 9/11 investigation, the report details Omar al-Bayoumi’s interactions with officials from Middle East countries, including Saudi Arabia, between 1998 and 2000. The document also offers an unprecedented look into the events leading up to that fateful day. While some of these details have been explored in the media, many of our readers will find value in examining these first-hand insights. The full report is available here. Here is a brief summary of the comprehensive 311-page report.”

62. Russia/Europe: “Make a Molotov Cocktail”: How Europeans Are Recruited via Telegram for Sabotage, Arson, and Murder

OCCRP published this report on September 26th, stating that “similar incidents are increasingly common across Europe. Young people with pro-Russian views are receiving instructions on sabotage via Telegram. Western security officials believe that Russian intelligence services are behind this. To prepare this article and find out how people are recruited, journalists went undercover. “I have a suggestion. Make a Molotov cocktail, go to the forest and practice using it. Send a video. We’ll start with that.” (Here and below, the spelling in the correspondence has been preserved — OCCRP) “And what about the actual money?” “Cryptocurrency money upon completion of missions.” This dialogue, the very beginning of recruitment for sabotage activities, took place on July 10 on Telegram. Valery Ivanov, a 26-year-old Estonian living in Tallinn, asked about payment. He worked part-time as a surveyor and was looking for additional sources of income. His interlocutor was an anonymous recruiter hiding behind a Telegram account called privet bot. Over the past year, the account has been promoted at least eight times to 550,000 subscribers of Grey Zone, the largest pro-Russian Telegram channel associated with the Wagner PMC. The ads, which were also distributed on several smaller Telegram channels, Facebook, VKontakte and even the popular gaming platform Steam, call on residents of European countries to join the fight against Ukraine’s Western allies. “You’ve probably already seen what happened in Romania,” reads a message posted on July 7, accompanied by videos of fires in industrial buildings, allegedly started by pro-Russian saboteurs. “They are afraid that there will be more of you… And there really are more of you. “Just say hi to us.” The footage of the arson is not real — all the recordings show old and unrelated incidents. But Ivanov responded to this message. After a brief dialogue, they began to push him to commit crimes in Estonia. Ivanov’s Russian-speaking interlocutor offered him money for spying on military bases, setting NATO equipment on fire, and even for murders — $10,000 “per head”. His manner of communication was abrupt, sometimes even rude, although inappropriate emoticons slipped into some messages. Fortunately, Ivanov is not real. He is a joint creation of journalists from Delfi, OCCRP, Paper Trail Media, ZDF and Der Standard. In this investigation, the journalists went undercover to find out how Europeans are recruited on social media to carry out sabotage in their home countries. Security experts and intelligence officials say such incidents have become more frequent as Russia’s more sophisticated intelligence and security resources become mired in the Kremlin’s war in Ukraine and used to keep the occupied territories under control.”

63. Ukraine/Russia: SBU DEtained FSB Agent in Vinnytsia

On September 27th Ukraine’s SBU announced that they “detained in Vinnytsia an agent of the Russian Federation, who “sat on the tail” of the columns of the Armed Forces of Ukraine in order to find out their routes and adjust the attack on them. The attacker was spying on the movement of combat equipment of the Defence Forces in the direction of the front line. Under the “sight” of the enemy were units of the Armed Forces moving along the highways of the Vinnytsia and Cherkasy regions. According to the investigation, the Russian special service hoped to monitor the movement routes of Ukrainian military columns in real time in order to adjust the air strike against them. To carry out this task, the FSB remotely recruited a 51-year-old paramedic from one of the medical institutions in Vinnytsia region, who was “elected” because of his pro-Kremlin activity in Telegram channels. According to the instructions of the occupiers, their agent drove his car to interregional highways, where he monitored the movement of units of the Defence Forces. An episode was documented when, having discovered a military convoy, the person involved “sat on its tail” and drove after it for almost 100 km. In this way, he tried to establish the route, as well as the number and types of equipment in the convoy. Counter-intelligence officers of the SBU timely exposed the traitor and detained him near his own residence. Before that, comprehensive measures were taken to secure the locations of Ukrainian troops. At the place of detention, the suspect’s mobile phone was seized, which he used to communicate with the “liaison” of the FSB — Serhiy Lebedev (better known as the blogger “Lokhmaty”) from Donetsk.”

64. United States/Turkey: ‘A True Friend of Turkey’: Eric Adams Bribery Indictment Reveals Years of Flights and Favours

The Guardian reported on September 26th that “US federal prosecutors have accused members of the Turkish government of pulling off a years-long influence campaign to cultivate and secure favors from Eric Adams, the mayor of New York City. In an indictment unsealed on Thursday morning, the US attorney of New York’s southern district alleged that government officials and business leaders with ties to Recep Tayyip Erdoğan, the Turkish president, showered Adams with thousands in illegal foreign campaign donations and free or heavily discounted luxury hotel stays and flights around the world. In exchange, the indictment claims, Adams executed various favors for the Turkish government, including pressuring a local fire official to bypass safety regulations and greenlight the opening of a consular building, so it could be ready before a visit by Erdoğan. After that alleged intervention, a Turkish government official messaged the soon-to-be mayor calling him “a true friend of Turkey”, according to an exchange cited in the legal filing. Adams allegedly responded by calling the Turkish official “my brother”, Adams, a 64-year-old former police officer and state lawmaker, now faces charges of wire fraud, bribery and soliciting campaign donations from foreign nationals. “The conduct alleged in the indictment, the foreign money, the corporate money, the bribery, the years of concealment, is a grave breach of the public’s trust,” Damian Williams, the US attorney for the southern district of New York, said in a press conference on Thursday. Despite calls from a growing chorus of elected officials, Adams has vowed not to resign. The Democrat, who ran on a law-and-order message, is the first sitting mayor of New York to be indicted on federal corruption charges. “It’s an unfortunate day. And it’s a painful day. But inside all of that is a day when we will finally reveal why, for 10 months, I’ve gone through this. And I look forward to defending myself,” he said on Thursday. Turkey’s ministry of foreign affairs did not respond to requests for comment.”

65. Canada: CSIS Says a Former Parliamentarian May Have Worked on Behalf of a Foreign Government

Delta Optimist reported on September 27th that “a former parliamentarian is suspected of “having worked to influence parliamentary business” on behalf of an unnamed foreign government, Canada’s spy service told a federal inquiry Friday. The Canadian Security Intelligence Service also cited indications that an unspecified foreign government engaged in meddling to reduce the likelihood of a specific Liberal candidate of being elected federally. “It is suspected that the foreign government sought to thwart the candidate’s bid given their support for issues perceived to be contrary to the foreign government’s interests,” says a written summary presented to the inquiry. CSIS described the two cases as previously unknown to the ongoing commission of inquiry. However, the spy service provided no additional details about the countries or people involved in the allegations. The CSIS summary was presented to the inquiry as it heard testimony from interim director Vanessa Lloyd, former director David Vigneault and other current and former spy service officials. The suspicions about a former parliamentarian are the latest suggestion a Canadian politician may have engaged in meddling. The National Security and Intelligence Committee of Parliamentarians raised eyebrows in June with a public version of a classified report that said some parliamentarians were “semi-witting or witting” participants in the efforts of foreign states to meddle in Canadian politics. The stark, yet vague, assertion by NSICOP, an intelligence watchdog made up of MPs and senators who are sworn to secrecy, prompted a flurry of concern that individuals knowingly involved in interference might still be active in politics. The Green Party’s Elizabeth May, who possesses a top secret-level security clearance, has seen the full version of the NSICOP report. She said in June it does not contain a “list of MPs who have shown disloyalty to Canada.” May said one unnamed former MP accused in the report of proactively sharing privileged information with a foreign operative should be fully investigated by authorities. The commission of inquiry’s latest hearings are looking at the ability of federal agencies to identify and counter foreign interference. A final report is due by the end of the year.”

66. United States/Cuba: Ex-diplomat’s Cuban Espionage Case Isn’t the Biggest US “Spyfail”

Covert Action Magazine published this article on September 24th. As per its introduction, “mainstream media outlets reacted with astonishment when they reported earlier this year that a former American diplomat had confessed to being a Cuban spy for more than four decades. It was indeed shocking when Victor Manuel Rocha, U.S. Ambassador to Bolivia under Bill Clinton and George W. Bush, suddenly came clean to FBI investigators that he had been covertly gathering intelligence for the island since the early 1980s. Fewer than six months after his arrest in December, Rocha was sentenced to 15 years in federal prison following a plea deal where he admitted to conspiring to act as an illegal foreign agent to defraud the United States. According to court documents, the Bogotá-born envoy was first recruited by Cuba’s main state intelligence agency, the Intelligence Directorate or Dirección General de Inteligencia (DGI), as a student at Yale University in 1973. Shortly after graduating, Rocha reportedly traveled to Chile around the time the Central Intelligence Agency (CIA) ousted the democratically elected government of Salvador Allende and was radicalized by the experience. Cuba’s KGB-trained intelligence service has long enjoyed an esteemed reputation as one of the best in the world, famously having thwarted hundreds of attempts on the life of Fidel Castro by the CIA. The DGI has also become known for its effective operations abroad, such as the case of double agent Ana Montes who penetrated the U.S. Defense Intelligence Agency (DIA) as an analyst for 17 years. With the Rocha case closed within a few short months, it is unclear precisely what actions he took while in diplomatic service that could have benefited Havana. If true, not only did he have privileged access to classified information but the ability to directly impact U.S. diplomacy with tradecraft. However, many have noted that, while serving as U.S. ambassador to Bolivia, Rocha made a name for himself during the Andean nation’s 2002 election when he publicly threatened the withdrawal of U.S. aid if then-underdog candidate Evo Morales were to win the presidency. In hindsight, what was perceived as a controversial gaffe at the time, which inadvertently increased support for Morales, could have been deliberate if Rocha was truly an infiltrator.”

67. Turkey/Kurdistan: Kurdish Websites Targeted in Turkish Cyber Espionage Campaign, Exposing User Data

Medya News reported on September 28th that “a long-running Turkish cyber espionage campaign has compromised 25 websites linked to the Kurdish community, exposing sensitive user data and tricking visitors into installing malicious Android applications. The campaign, dubbed SilentSelfie, has been active for over a year and a half, according to cybersecurity firm Sekoia, which disclosed the full extent of the breach on 25 September. The attack is believed to have started in December 2022, targeting websites related to Kurdish media, the Kurdish-led Democratic Autonomous Administration of North and East Syria (AANES), and political organisations. The malicious scripts, deployed in four distinct variants, were designed to collect information such as user locations and images from the device’s selfie camera. Some scripts redirected users to download fake Android applications, which could steal contacts, location data and other personal information. “The attack was designed to gather sensitive data from users, with the most complex variant capturing images and redirecting selected users to install malicious APKs,” explained security researchers Felix Aimé and Maxime A. Among the affected websites are major Kurdish news outlets like RojNews, where users were directed to download an app embedded with malicious code. Once installed, the app could secretly collect a range of data, including contact lists, location details and files from the user’s device. The app’s spying features were activated whenever the user opened it, sending information back to a remote server. Although the exact method of compromising these websites remains unclear, the scale of the attack suggests a coordinated effort, potentially involving a state-backed actor. Researchers have raised the possibility of the Kurdistan Regional Government (KRG) of Iraq being involved, particularly in light of the arrest of RojNews journalist Süleyman Ahmet by KRG’s ruling Kurdistan Democratic Party (KDP) forces last year. However, no definitive attribution has been made. The KDP, which has been a long-standing ally of Turkey, has played a key role in assisting Turkish military operations in Iraqi Kurdistan, particularly targeting Kurdistan Workers’ Party (PKK) strongholds. However, this alliance has weakened the KDP’s standing within the Kurdish community, as many see the party as complicit in Turkey’s efforts to suppress Kurdish autonomy. Meanwhile, the rival Patriotic Union of Kurdistan (PUK) has gained increasing support, positioning itself as a defender of Kurdish interests against foreign interference. This dynamic may significantly impact the upcoming elections in the KRG, with the PUK potentially benefiting from growing dissatisfaction with the KDP’s policies.”

68. Poland/Russia/Belarus: Cyber Sabotage in Poland — Russia and Belarus Team Up

Grey Dynamics published this article on September 24th stating that “Russia is targeting Polish government organizations and private entities with state-sponsored cyber attacks and espionage activities for years. Recently Russia and Belarus have been linked to a failed coordinated campaign to sabotage the Polish government and several of its agencies. The regional tension caused by the war in Ukraine eroded relations between Russia and NATO causing an increase in cyber attacks and influence campaigns aimed at Poland and other member nations. Key Judgment 1: It is highly likely that Russian espionage and cyber attacks continue to target NATO countries as regional conflicts increase tension. Key Judgment 2: It is highly likely that coordinated cyber operations will become more common with allied countries and hacking groups sympathetic to Russia. Key Judgment 3: It is highly likely that Russia will continue cyber operations aimed at causing animosity between the Polish government and citizens.”

69. Israel/Lebanon: As Hezbollah Threat Loomed, Israel Built Up Its Spy Agencies

The New York Times published this article on September 28th stating that “in the immediate days after the deadly Oct. 7 Hamas attacks on Israel, Israeli intelligence officials feared a pre-emptive strike was imminent from another longtime enemy, Hezbollah. They frantically prepared to stop it with plans to strike and kill Hassan Nasrallah, the powerful Hezbollah leader who the Israelis knew would be in a bunker in Beirut. But when Israel informed the White House of its plans, alarmed administration officials discounted the imminent Hezbollah strike. President Biden called Prime Minister Benjamin Netanyahu, told him that killing Mr. Nasrallah would set off a regional war and asked him to hold his fire, current and former senior American and Israeli officials said. On Saturday, Israel announced that it had killed Mr. Nasrallah after warplanes dropped more than 80 bombs on four apartment buildings in Lebanon, where the Hezbollah leader of more than three decades had gone to meet his top lieutenants. Mr. Biden was not informed ahead of time, aggravating the White House. But the more salient outcome for both Israel and the United States was how successfully Israeli intelligence had pinpointed Mr. Nasrallah’s location and penetrated Hezbollah’s inner circle. In a matter of weeks, Israel has decimated the senior and midlevel ranks of Hezbollah and left the group reeling. That success is a direct result of the country’s decision to devote far more intelligence resources in targeting Hezbollah after its 2006 war with the Iran-backed terrorist group. It was a defining moment for Israeli intelligence. The Israeli army and the intelligence agencies failed to score a decisive victory in that 34-day conflict, which ended with a U.N.-brokered cease-fire and allowed Hezbollah, despite heavy losses, to regroup and prepare for the next war with Israel. Israel has spent the years since bolstering what was already considered one of the world’s best intelligence gathering operations. Much of the effort has been invested in the Mossad and Israeli military intelligence, which were frustrated after the 2006 war by their shortcomings in collecting vital information about Hezbollah’s leadership and strategy. As a result, Unit 8200, Israel’s signals intelligence agency, built cutting-edge cyber tools to better intercept Hezbollah’s cellphones and other communications, and created new teams within the combat ranks to ensure that valuable information was quickly passed on to soldiers and the air force.”