SPY NEWS: 2024 — Week 34

SPY NEWS: 2024 — Week 34

Summary of the espionage-related news stories for the Week 34 (August 18–24) of 2024.

1. Netherlands/Russia: Amsterdam Bans Government Employees from Using Telegram over Espionage Concerns

Bernama reported on August 19th that “the municipality of Amsterdam has banned government employees from using the Telegram messenger on work phones due to espionage concerns, the BNR radio reported on Monday, citing Alexander Scholtes, a city council member responsible for the city’s IT policy. Scholtes confirmed to the radio that the ban had been implemented at the end of April, although it had not been publicly disclosed until now. He cited “criminal activities within the app and the risk of espionage” as the primary reasons for the decision, the report said.
The official also called Telegram “a safe haven for hackers, cybercriminals, and drug traffickers,” BNR reported. Although Telegram was originally created in Russia, its headquarters is now located in Dubai, with the company officially registered in the Virgin Islands. Other municipalities in the Netherlands reportedly have not imposed similar bans on Telegram.”

2. Philippines: Fugitive Ex-mayor Accused of Espionage Reportedly Flees Philippines

Dimsum Daily reported on August 20th that “Alice Guo, the former mayor of Bamban in the Philippines, who is accused of espionage and links to organised crime, is believed to have fled the country, according to the latest Senate disclosures. Senator Risa Hontiveros, leading the investigation, presented evidence suggesting that Guo left for Kuala Lumpur on 18th July, shortly after midnight. Hontiveros, chairing the Senate hearing committee, displayed an immigration entry card as proof of Guo’s travel, further noting that Guo reportedly met family members in Singapore following her departure. This development raises questions about potential governmental collusion in her escape. “Alice Guo would not have been able to leave if there was no government official helping her,” Hontiveros remarked, expressing frustration over the breach. The controversy surrounding Guo escalated after her dismissal and lifetime public office ban by the ombudsman for “grave misconduct” related to her alleged ties with a local gaming firm. Despite the Department of Justice’s denial of her departure, citing no records of her exit, conflicting reports from law enforcement suggest she might still be in the Philippines, potentially having used a private plane to evade immigration checks. Guo’s legal team, led by Stephen David, plans to appeal the ombudsman’s decision, even as she faces mounting evidence of her involvement in criminal activities linked to an offshore gambling operation in Bamban. The raid on this facility in March led to the rescue of nearly 700 workers and uncovered substantial evidence of illicit activities.”

3. China: State Security Ministry Unveils Espionage Disguised as Wind Measurement Tower Construction

Global Times reported on August 18th that “a few individual companies with ties to foreign intelligence agencies have quietly infiltrated areas around China’s important confidential sites under the guise of building anemometer towers for wind measurement, and have illegally collected and secretly transmitted sensitive data overseas, posing a threat to China’s state security, China’s Ministry of State Security (MSS) revealed on Sunday. An anemometer tower is a tall, tower-like structure used to measure wind speed, wind direction, and other meteorological data. Wind speed meters, wind vanes for measurement of the wind’s direction, as well as thermometers and barometers, are installed at various positions on the tower. It can provide reference data for meteorological observation and atmospheric environment monitoring, according to an article published by the MSS on its official WeChat account on Sunday. A resident from a coastal city filed a report through the state security agency’s reporting hotline 12339 that a company had illegally constructed an anemometer tower near a confidential facility, which might be used to illegally collect sensitive data. The state security agency immediately conducted a technical inspection of the tower in accordance with the law upon learning of the situation. They found that in addition to collecting meteorological data, the tower’s various devices also had the capabilities to analyze and transmit the data. If the data were leaked to overseas agents, they could pose risks to China’s state security, the article said. Thus, the state security agency quickly coordinated with relevant departments and promptly prevented the leakage of sensitive information, according to the article. In another case revealed by the state security ministry, a wind measurement tower near a certain scientific research base aroused suspicion among relevant authorities who reported to the local state security agency that the tower might be involved in illegally collecting and transmitting China’s meteorological data to overseas. After a thorough inspection, the state security agency found that the wind measurement tower had not gone through proper legal registrations, and its data transmission routes were complex, posing significant security risks. State security agency promptly collaborated with relevant departments to dismantle the tower in accordance with laws.”

4. United States: Team House — Former Senior CIA Operations Officer | Ed Bogan

On August 20th the Team House published this podcast episode. As per its description, “Ed is a retired CIA Operations Officer with 24 years of experience in national security and intelligence operations in South Asia, the Middle East, Africa, and Europe. He is a two time Chief of Station (COS) and three time Chief of Base (COB). Bogan served five of his seven PCS assignments in three designated war/combat zones, as well as Acting positions in countries in armed conflict.”

5. Ukraine/Russia: Russia-linked Vermin Hackers Target Ukraine with New Malware Strain

The Record reported on August 19th that “a pro-Russian hacker group known as Vermin is using lures related to Ukraine’s offensive across the border to infect devices with malware, according to a new report from Kyiv’s cyber agency. To deceive their victims into clicking on malicious emails, the hackers have been using images of alleged Russian war criminals from the Kursk region, which was recently invaded by Ukraine. Vermin hackers are reportedly controlled by the law enforcement agencies of the so-called Luhansk People’s Republic (LPR), an unrecognized quasi-state in eastern Ukraine annexed by Russia in 2022. The group is believed to be acting on behalf of the Kremlin. On Monday, Ukraine’s computer emergency response team (CERT-UA) said Vermin has deployed two malicious tools in this campaign — the previously known Spectr spyware and a new malware strain called Firmachagent. Spectr can take screenshots of a victim’s screen every 10 seconds, copy files with certain extensions, and steal data from messengers and internet browsers. Vermin has previously used Spectr to spy on Ukraine’s defense enterprises and armed forces. The Firmachagent malware is used to upload stolen data to the hackers’ server, according to CERT-UA. The report doesn’t mention how many computers were infected by Vermin or how successful the attacks have been.”

6. Israel: Cellebrite UFED Forensics Extraction System

On August 19th we published this video. As per its description, “in this series we are covering all the Cellebrite digital intelligence devices, and in this video we present the UFED (Universal Forensics Extraction Device) which was the first product that Cellebrite released specifically for this purpose, and became exceptionally popular among spy agencies conducting CELLEX (Cellular Exploitation) in the early 2010s. In the video we present several different variants of it, in an attempt to shed more light into the history of this spy gadget from Israel.”

7. Germany/China: Pharmaceutical Industry Warns of Possible Drug Shortages from China

EuroNews reported on August 19th that “the German pharmaceutical industry has warning of possible drug shortages after China tightened its espionage laws. Four out of Germany’s 16 states have now cancelled routine quality control trips to China by their inspectors as they’re concerned they could fall foul of the law. The states say they can no longer guarantee the safety of their inspectors on visits to Chinese pharmaceutical factories. “Some active ingredient certificates have already expired or are threatening to expire in the next few months, which will lead to a standstill in the supply chain for various drugs,” the German Pharmaceutical Industry Association warned in an article in Germany’s Pharmaceutical Newspaper. Europe imports a high number of active pharmaceutical ingredients and antibiotics from China, which is one of the world’s largest suppliers. In Germany, almost 90 percent of all antibiotics come from China, according to the German Pharmaceutical Industry Association (BPI). All drugs made in China must meet EU quality control standards, and European inspectors have to issue certificates to confirm that the manufacturing process meets EU standards. “No one can afford additional drug shortages,” BPI spokesman Andreas Aumann told Pharmaceutical Newspaper. The decision to cancel trips by inspectors has been supported by the German pharmaceutical industry. “They go into the companies and look around, they take notes, they collect data and they are simply afraid of reprisals or, in the worst case, of arrests if they travel there and inspect the factories,” Dorothee Brakmann, CEO of the country’s largest pharmaceutical associations Pharma Germany, told German broadcaster Tagesschau. The BPI has appealed to the German government for confirmation that China’s anti-espionage law would not impact the work of German pharmaceutical auditors. But Germany’s Ministry of Health has minimised concerns for inspectors on behalf of the pharmaceutical industry, saying that even before the espionage law was tightened there had always been an element of risk due to the “unpredictable actions” of the Chinese authorities.”

8. United States: Shawn Ryan Show — Joe Kent — Gold Star Husband and Ex-Special Forces/CIA Operative Now Running for Congress

The Shawn Ryan Show published this podcast episode on August 19th. As per its description, “Joe Kent is an Army Special Forces Veteran with two decades of service. Following the tragic death of his wife, Shannon Kent, who served in intelligence operations combatting ISIS in Syria, Joe’s career evolved from Special Operations into Field Operative roles in the CIA. Kent would then focus his career on institutional change, advising President Trump on national security and foreign policy. After his retirement from the military, Kent has committed to a continued life of service as a candidate for office in Washington’s 3rd congressional district.”

9. Russia/Ukraine: St. Petersburg Court Sentences Kharkov Tractor Driver to 10 Years in Maximum Security Prison in Espionage Case

Media Zone reported on August 19th that “judge of the Saint Petersburg City Court Irina Furmanova sentenced tractor driver from Kharkov Viktor Rudenko to 10 years in a maximum security penal colony for espionage (Article 276 of the Criminal Code). This became known to Media Zone. During the announcement of the verdict, it became known that Rudenko was detained on April 24, 2023, and had been held in custody since then. The case was heard behind closed doors. The details of the charges were not announced at the hearing, but Judge Furmanova informed Rudenko that his mobile phone would be confiscated in favour of the state and his SIM card destroyed, since they are “an instrument of crime.” After the verdict was announced, the joint press service of the St. Petersburg courts reported that the court had established “the onset of consequences from Rudenko’s actions, as a result of which a unit of the motorized rifle division was subjected to mortar fire by the Ukrainian Armed Forces in the settlement about which Rudenko provided information.” The press release also revealed that Rudenko did not dispute that he had committed the actions imputed to him, but did not admit guilt and said that he had acted “in the interests of his homeland.” Rudenko’s documents — military ID, residence registration certificate and work ID — will be kept until his release. Rudenko did not comment on the verdict in any way, only saying that he understood the court’s decision and did not need the services of a translator into Ukrainian. The case materials against Rudenko were received by the court on May 3. Before the case file appeared on the website of the St. Petersburg City Court, nothing was reported about Viktor Rudenko and his arrest — the court’s press service was also unable to provide any additional information to Media Zone at that time.”

10. Ukraine/Russia: SBU Neutralised FSB/GRU Network in Mykolaiv

On August 19th Ukraine’s Security Service (SBU) announced that they “neutralised a Russian intelligence network, which included current and former law enforcement officers. Criminals spied on the Defence Forces and key assets of critical infrastructure. As a result of a special operation in Mykolaiv, two members of an enemy cell were detained, the activities of which were coordinated by two Russian intelligence services: the FSB and the military intelligence of the aggressor country. One of the detainees is a local law enforcement officer, who since 2015 has been in contact with the resident (head) of the Russian intelligence group, former official of the disbanded militia Andriy Shevchenko. On Shevchenko’s instructions, his agent in Mykolaiv collected data on the locations and movements of the units of the Armed Forces in the region. The person involved also tried to establish the locations of strategic enterprises of the defence-industrial complex and “reported” to the occupiers about personnel decisions in law enforcement agencies of Ukraine. In order to obtain intelligence, the traitor used his own official position, and also asked the information he needed from his work colleagues under the guise of friendly conversations. Also, a resident of the Russian agency involved his father, a resident of Mykolaiv, who previously worked in the disbanded militia, in intelligence and subversive activities. According to his coordinates, the occupiers fired again at one of the energy facilities in Prykarpattia. To adjust the enemy’s fire, the ex-military officer “in the dark” used his acquaintance who lives in the territory of the western region of Ukraine. Another task of this agent was to search for potential candidates for recruitment, in particular among former and active law enforcement officers and military personnel in the Mykolayiv region. The counter-intelligence of the Security Service documented his criminal activities and detained him while trying to flee to Crimea. At the same time, a traitorous law enforcement officer was arrested. It was established that the cell’s handlers were the head of the 161st Specialist Training Centre of the Main Directorate of the General Staff of the Russian Armed Forces (better known as GRU) and two officers of the FSB Directorate in Crimea. Their identities have already been established by the Security Service. During the searches, mobile phones, computer equipment, draft records and documents containing evidence of crimes were seized from the detainees. Russian symbols and rubles were also found.”

11. France: DGSE Spy Agency’s Missing Hoard

Intelligence Online published this two part story on August 20th. The first part titled “ex-boss Bernard Bajolet’s legal woes” saying that “at the end of chaotic proceedings, the former head of the DGSE foreign intelligence agency, Bernard Bajolet, is likely to be referred to a criminal court for the intimidation of a businessman from whom the agency was demanding €15m. This is a judicial first that could have repercussions for French agents’ operations.” The second part is titled “the untold story behind pressure tactic to recover secret funds” stating that “an investigation into the intimidation of a financier accused by France’s DGSE foreign intelligence of having stolen its secret funds, sheds light on how the operation was planned. It also shows the extent to which the probe caused concern within “la Boîte,” as the spy agency is known.”

12. Australia: Government Set to Announce New Top Cyber Spy

Capital Brief reported on August 19th that “the new director-general of the Australian Signals Directorate (ASD) will soon be unveiled after the cyber spy agency’s current boss, Rachel Noble, decided to finish up in the role earlier than expected. Multiple Defence sources, who were not authorised to speak on the record, confirmed to Capital Brief that an announcement on the next director-general of the ASD is “imminent”. Noble, whose five-year term is set to expire in December, did not seek a second term from the Albanese government and has decided to leave the agency sooner than anticipated. The sources said the government has spent months considering who should replace Noble, in recent weeks narrowing the choice to two candidates: Abigail Bradshaw, head of the Australian Cyber Security Centre (ACSC), and Lieutenant General Gavan Reynolds, the inaugural Chief of Defence Intelligence. As the head of the ACSC, which sits within the ASD, Bradshaw has long been considered the logical next boss of the signals directorate, but Defence and Labor sources said Reynolds was also highly regarded by the government.”

13. Yemen/United States/Israel: US-Israel Spy Network Confessions Expose American Role in Destabilising Yemen

Press TV reported on August 18th that “a new report has revealed that the United States has been seeking to fragment Yemen geographically, sow division and create instability in the Arab country, following the release of new confessions from members of a US-Israeli spy network which was dismantled in the capital Sana’a in June. Al Mayadeen, citing an unnamed Yemeni source, reported on Saturday that the confessions exposed “American conspiracies on the political level through reproducing crises and escalating them in Yemen.” The source went on to say that the confessions revealed that Washington turned the previous Yemeni government into “a puppet under its control” and manipulated political affairs to serve US interests. According to the source, the spy network exposed the US conspiratorial role against the 2011 revolution, admitting that Washington aimed to undermine the Yemeni national dialogue to push through its dangerous agenda of restructuring Yemen’s state and constitution. The source further stressed that if it were not for the role of the Ansarullah resistance movement, Yemen would be in a much worse situation today. The confessions also revealed that Washington was behind Saudi Arabia’s aggression against Yemen in March 2015, which killed over 150,000 people, mostly civilians, and created one of the world’s worst humanitarian disasters, the effects of which are still visible and vivid. Back in June, Yemen’s security authorities said they had dismantled an American-Israeli espionage network operating within the Arab country, delivering a significant blow to attempts aimed at undermining the Yemeni government institutions Security authorities said the US-Israeli-led espionage network, active since 2015, had recruited officials within the Yemeni government to influence decision-makers and infiltrate state agencies. The network had provided intelligence to the US and Israeli militaries to help them hit the Yemeni infrastructure used to target Israeli and US-linked ships in regional waters, they added.”

14. Ukraine/Russia: SBU Detained Two Groups of Russian Saboteurs in Kharkiv and Cherkasy

On August 19th Ukraine’s SBU announced that they “detained two groups of arsonists who, on the order of the Russian Federation, acted in Kharkiv and Cherkasy regions. Among the enemy’s priority targets were relay cabinets on railway lines. The occupiers hoped that by setting fire to this equipment, they would disrupt the transportation of weapons and ammunition of the Armed Forces to the front line. To carry out arson, the intelligence service of the Russian Federation for money involved local residents who were looking for “easy money” in Telegram channels. In Kharkiv region: two saboteurs were arrested red-handed who tried to burn the battery box of a railway traffic light at night. According to the investigation, the perpetrators monitored the schedule of trains on the track in advance in order to block their movement as much as possible. Law enforcement officers gradually documented the criminal actions of the saboteurs and detained them for attempting to set fire to railway equipment. In Cherkasy region: a contract deserter of one of the military units of the region, who was hiding in the territory of the region and committed arson “on order” of the Russian Federation, was detained. He involved an acquaintance of his, an unemployed local resident, in subversive activities. It was documented how the attackers tried to destroy eight relay boxes of signal installations on strategically important railway lines.”

15. Russia/Lithuania: Kaliningrad Resident Arrested in Espionage Case; Likely Lithuanian Citizen

Media Zone reported on August 19th that “Kaliningrad resident Aleksandr Polyachkov has been arrested on charges of espionage (Article 276 of the Criminal Code), Media Zone has learned. According to available information, he is a citizen of Lithuania. The Kaliningrad Regional Court arrested Polyachkov on June 21, the court’s press service told Media Zone. After that, in early July, the First Court of Appeal considered the appeal against his arrest, but left the man in custody. Only citizens of foreign countries can be prosecuted under the espionage article. The details of the charges are traditionally unknown due to the secrecy of such cases. “Media Zone” found the social networks of a person with the same name — this is a 46-year-old native of Klaipeda, Lithuania, named Alexander Polyachkov. In his long-unupdated account on Odnoklassniki, he poses in a photo with a Lenin double on Red Square or in front of the Church of the Resurrection of the Word in Moscow and posts photos from a trip to the Diveyevo Monastery near Belgorod. One of Polyachkov’s former classmates confirmed that the man had moved from Lithuania to Kaliningrad. Another of his Lithuanian acquaintances said that he knew Polyachkov 10–12 years ago. According to Mediazona’s source, at that time Polyachkov “played the part of a big businessman,” and his wife owned a furniture store in Kaliningrad. Media Zone was unable to contact his wife. The Rusprofile database lists the company “Amberus”, where Polyachkov holds the position of CEO. The company’s activities include processing of precious stones and manufacturing of jewellery. Media Zone sent inquiries to the Lithuanian Ministry of Foreign Affairs and the republic’s embassy in Russia asking whether Russian authorities had reported the detention of a citizen of the country in Kaliningrad, but has not yet received a response.”

16. Pakistan: Government Alleges Ex-spy Chief Faiz Hameed was Part of Imran Khan-led Conspiracy to Spread Unrest

Deccan Herald reported on August 18th that “Information Minister Attaullah Tarar claimed that the Pakistan Tehreek-e-Insaf founder was spreading unrest across the country and former ISI chief Lt-Gen (retd) Faiz Hameed was part of the conspiracy, the Express Tribune newspaper reported. Hameed, who served as director general of the Inter-Services Intelligence (ISI) from 2019 to 2021 when Khan was the prime minister, was arrested following action in the complaint of a private property developer over alleged misuse of official authority. Later, several others, including three retired military officers, were also arrested in connection with the court martial of Hameed. Speaking at a press conference on Saturday, Tarar hinted that the ambit of the probe against Lt Gen (retd.) Hameed and his other “co-conspirators” would be widened in days to come, Dawn newspaper reported. Tarar said that in the wake of Hameed’s arrest, the army conducted transparent investigations as they have their mechanism of internal accountability. Referring to the arrests, the information minister claimed that Khan had conspired with these people to spread anarchy in the country. “This was a political alliance, led by the PTI founder, which was linked with Gen Faiz and other accomplices,” he said, adding that the ambit of the investigation would widen. “No matter if someone is Saqib or Nisar, things will proceed transparently,” he said, referring to former Chief Justice Saqib Nisar, who the ruling Pakistan Muslim League-Nawaz party accuses of propping up the PTI regime and targeting their political opponents. Tarar alleged that evidence was surfacing, which showed that Khan was “in contact” with these conspirators — at the time of the vote of no-confidence, and even after his incarceration — and his messaging continued back and forth with this “unholy political alliance”. He stressed that other institutions should also practice the same self-accountability that the army had demonstrated. The information minister stressed that other institutions should also practice the same self-accountability that the army had demonstrated.”

17. Iran/United States/United Kingdom: Iran Court Holds First Trial over CIA-plotted 1953 Coup

IRNA reported on August 19th that “the first trial was held at the 55th branch of the court dealing with International Affairs of Tehran Province on Sunday, simultaneously with the 71st anniversary of the coup. According to IRNA’s judicial reporter, the court session presided over by Judge Majid Hosseinzadeh focused on the lawsuit filed by some 402,000 Iranians against six American individuals and legal entities, including the US government, the US Department of State, the US Central Bank, the Central Intelligence Agency (CIA), the US Treasury Department, the US House Representatives, and, the Federal Reserve. The petition has 13 main paragraphs that refer to the damages caused by the coup, including plundering Iran’s oil and the 25-year tyrannical rule of the Pahlavi regime over the Iranian nation. “The present court is competent to deal with this lawsuit based on numerous laws”, the Judge said while initiating the session citing various domestic laws as well as the United Nations Charter. Shami Aghdam, the lawyer for plaintiffs said that documents clearly show the CIA, with the help of the British spy agency MI6, orchestrated the coup by using their internal and external agents against the legitimate Iranian government under Mosaddegh on August 19, 1953. Washington and London violated international principles and rules with the aim of maintaining their influence and power in the government, securing their interests and looting the country’s property, the lawyer highlighted. The 1953 coup set off a series of events, including riots in Tehran, leading to ouster and arrest of Premier Mosaddegh, who had become popular for nationalizing the country’s oil industry and taking it back from British control.”

18. Netherlands/United States/Germany/Ukraine: The Little Spy Agency That Can

SpyTalk published this article on August 19th, stating that “a passing line about Dutch intelligence in an impressive Wall Street Journal story last week on Ukraine’s 2022 plot to blow up the Nord Stream pipelines caught my eye. And not for the first time. Within days of Ukraine greenlighting its clandestine scheme to take out the Russian natural gas pipelines in the Baltic Sea, “the Dutch military intelligence agency MIVD learned of the plot and warned the CIA,” the Journal reported, citing “several people familiar with the Dutch report.” The Americans then tipped off Germany, the major beneficiary of the energy flow. The Washington Post had also noted the key role of Netherland’s military intelligence agency in the probe, reporting last November that U.S. officials told Gen. Valery Zaluzhny, Ukraine’s highest-ranking military officer, that “the United States opposed such an operation.” The Ukrainians went ahead anyway, apparently adopting the hoary adage, “better to apologize than ask permission.” But now the Netherlands will play a key role in any criminal prosecution that arises from the affair. In June, Germany issued an arrest warrant for Volodymyr Zhuravlov, a 44-year-old Ukrainian man suspected of involvement in blowing up three of the four pipelines nearly 300 deep in the sea off Denmark. American intelligence officials who have worked with the foreign intelligence-gathering agencies of tiny Holland aren’t surprised at their reach.”

19. United States/Iran: US Intelligence Officials Say Iran Behind Trump Campaign Hack

The Guardian reported on August 20th that “US intelligence officials have confirmed that Iran was behind a hack of Donald Trump’s presidential campaign, authorities said on Monday. In a joint statement, the FBI, the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency said it attributed “recently reported activities to compromise former President Trump’s campaign” to Iran, and that the intelligence community is “confident that the Iranians have through social engineering and other efforts sought access to individuals with direct access to the presidential campaigns of both political parties”. Iran’s efforts include “thefts and disclosures” and “are intended to influence the US election process”, the statement said. The announcement comes a week after several news organizations, including the New York Times, the Washington Post and Politico, reported that they had received internal campaign records, including a dossier on Ohio senator JD Vance, Trump’s running mate. The former president had blamed the Iranian government in the immediate aftermath, saying Microsoft informed the campaign about the hack. Trump also asserted that “only publicly available information” was taken. Last week, Kamala Harris’s campaign said the FBI had warned that it had been targeted by foreign hackers. Officials with the vice-president’s campaign said its cybersecurity measured had successfully thwarted the hacking attempt. The hacking efforts were part of a broader campaign to impact the US election, the intelligence officials’ statement said: “Iran perceives this year’s elections to be particularly consequential in terms of the impact they could have on its national security interests, increasing Tehran’s inclination to try to shape the outcome. We have observed increasingly aggressive Iranian activity during this election cycle, specifically involving influence operations targeting the American public and cyber operations targeting presidential campaigns.” The FBI has been in contact with victims of the hacking and “will continue to investigate and gather information in order to pursue and disrupt the threat actors responsible”, the statement said, adding: “We will not tolerate foreign efforts to influence or interfere with our elections, including the targeting of American political campaigns.” In 2016, Hillary Clinton’s campaign was hacked, leading to the release of internal emails, which became a major controversy in the presidential campaign. Russian intelligence officers were later indicted for that hack.”

20. North Korea: Windows Driver Zero-day Exploited by Lazarus Hackers to Install Rootkit

Bleeping Computer reported on August 19th that “the notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. Microsoft fixed the flaw, tracked as CVE-2024–38193 during its August 2024 Patch Tuesday, along with seven other zero-day vulnerabilities. CVE-2024–38193 is a Bring Your Own Vulnerable Driver (BYOVD) vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys), which acts as an entry point into the Windows Kernel for the Winsock protocol. The flaw was discovered by Gen Digital researchers, who say that the Lazarus hacking group exploited the AFD.sys flaw as a zero-day to install the FUDModule rootkit, used to evade detection by turning off Windows monitoring features. “In early June, Luigino Camastra and Milanek discovered that the Lazarus group was exploiting a hidden security flaw in a crucial part of Windows called the AFD.sys driver,” warned Gen Digital. “This flaw allowed them to gain unauthorized access to sensitive system areas. We also discovered that they used a special type of malware called Fudmodule to hide their activities from security software.” A Bring Your Own Vulnerable Driver attack is when attackers install drivers with known vulnerabilities on targeted machines, which are then exploited to gain kernel-level privileges. Threat actors often abuse third-party drivers, such as antivirus or hardware drivers, which require high privileges to interact with the kernel. What makes this particular vulnerability more dangerous is that the vulnerability was in AFD.sys, a driver that is installed by default on all Windows devices. This allowed the threat actors to conduct this type of attack without having to install an older, vulnerable driver that may be blocked by Windows and easily detected. The Lazarus group has previously abused the Windows appid.sys and Dell dbutil_2_3.sys kernel drivers in BYOVD attacks to install FUDModule.”

21. Germany/United States: Spycraft 101 — Capturing Lothar Witzke: German Spy, Saboteur, and Assassin with Bill Mills

Spycraft 101 published this podcast episode on August 18th. As per its description, “this week, Justin speaks with Bill Mills. Bill holds a B.A. in History from Framingham State University and has written four nonfiction books about espionage during the First World War. Along the way, he has amassed a significant private collection of original documents, photos, and artifacts related to espionage during that war. Today he shares story of Germany’s highly-coordinated and highly-effective sabotage campaign against the United States during World War I. Ships, warehouses, and factories across the country were damaged or destroyed by brand new types of destructive devices and a skilled team of saboteurs who evaded capture time and time again until they met their match facing a handful of world class agents from the U. S. Army’s Military Intelligence Section.”

22. Saudi Arabia/United Kingdom: Power, Oil and a $450m Painting — Insiders on the Rise of Saudi’s Crown Prince

BBC reported on August 19th that “in January 2015, Abdullah, the 90-year-old king of Saudi Arabia, was dying in hospital. His half-brother, Salman, was about to become king — and Salman’s favourite son, Mohammed bin Salman, was preparing for power. The prince, known simply by his initials MBS and then just 29 years old, had big plans for his kingdom, the biggest plans in its history; but he feared that plotters within his own Saudi royal family could eventually move against him. So at midnight one evening that month, he summoned a senior security official to the palace, determined to win his loyalty. The official, Saad al-Jabri, was told to leave his mobile phone on a table outside. MBS did the same. The two men were now alone. The young prince was so fearful of palace spies that he pulled the socket out of the wall, disconnecting the only landline telephone. According to Jabri, MBS then talked about how he would wake his kingdom up from its deep slumber, allowing it to take its rightful place on the global stage. By selling a stake in the state oil producer Aramco, the world’s most profitable company, he would begin to wean his economy off its dependency on oil. He would invest billions in Silicon Valley tech startups including the taxi firm, Uber. Then, by giving Saudi women the freedom to join the workforce, he would create six million new jobs. Astonished, Jabri asked the prince about the extent of his ambition. “Have you heard of Alexander the Great?” came the simple reply. MBS ended the conversation there. A midnight meeting that was scheduled to last half-an-hour had gone on for three. Jabri left the room to find several missed calls on his mobile from government colleagues worried about his long disappearance. The story of the extraordinary rise to power of the man who runs Saudi Arabia and whose control of oil affects everyone, starting with how he outwitted hundreds of rivals to become crown prince.” Among others, it says that “western spy agencies make it their business to study the Saudi equivalent of Kremlinology — working out who will be the next king. At this stage, MBS was so young and unknown that he wasn’t even on their radar. “He grew up in relative obscurity,” says Sir John Sawers, chief of MI6 until 2014. “He wasn’t earmarked to rise to power.”.”

23. United States/Bosnia and Herzegovina: CIA Chief in Bosnia to Emphasize U.S. Support and ‘Worrying’ Rhetoric of Republika Srpska President

RFERL reported on August 20th that “CIA Director William Burns was in Sarajevo on August 20 to discuss the “worrying secessionist rhetoric and actions” of the pro-Russian president and government of Bosnia-Herzegovina’s Serb entity, a U.S. government official told RFE/RL. Burns, who arrived from a diplomatic mission to Israel as part of the U.S. effort to negotiate a cease-fire in Gaza, held meetings at the Bosnian presidency with colleagues in the intelligence community, members of the presidency, and the foreign minister, the U.S. official said. “They discussed issues of mutual interest, which include the territorial integrity and sovereignty of Bosnia-Herzegovina,” according to the official, who asked not to be named. Republika Srpska President Milorad Dodik, the pro-Russia president of the Serb entity of Bosnia, has raised concerns among Bosnia’s Western allies because of his ties with Russian President Vladimir Putin. Dodik reaffirmed in February after meeting Putin in the Russian republic of Tatarstan that Republika Srpska would not join Western sanctions against Moscow over its full-scale invasion of Ukraine. Dodik’s statements have been one of the main stumbling blocks in Bosnia’s progress toward EU membership since it became a candidate in 2022. Almir Dzuvo, the chief of Bosnia’s Intelligence and Security Agency, confirmed earlier to RFE/RL that Burns was in Sarajevo. Burns “voiced his support for the cooperation of U.S. and Bosnian intelligence agencies” during his meeting with Dzuvo, the Bosnian intelligence chief told RFE/RL. Bosnia’s head of diplomacy Elmedin Konakovic, who also met with Burns, said Bosnia “once again received confirmation of full support for the territorial integrity and sovereignty of Bosnia and condemnation of secessionist messages and moves.” Konakovic told RFE/RL that while he could not comment on some parts of the discussion, a universal message was sent that the American administration is “very clear that Bosnia’s foreign policy partner is still firmly with Bosnia-Herzegovina.” Margarita Assenova, a senior fellow at the Jamestown Foundation in Washington, said Serbia has been stirring up trouble in Bosnia for some time and it’s become “more visible and more dangerous.” Burns’s visit is a “very good message” to Serbia that the United States will not tolerate its actions, Assenova said.”

24. Denmark: DDIS — Denmark’s Defence Intelligence Service

Grey Dynamics published this article on August 21st. As per its introduction, “the Danish Defence Intelligence Service (DDIS) also known as the Forsvarets Efterretningstjeneste (FE) is a Danish intelligence agency which is responsible for the foreign intelligence provided to Denmark and also operates as the Danish military intelligence service. Working under the Ministry of Defence it is housed at Kastellet, a preserved citadel in Copenhagen. Responsible for the analysis of and dissemination of intelligence which is important to Denmark’s domestic security and its military activities it works closely with the Danish Security and Intelligence Service (DSIS).”

25. Russia/Ukraine: FSB — A New Case of Treason Has Been Opened Against a Moscow Research Organisation Employee Who was Arrested on Charges of DDoS Attack in Favour of Ukraine

Media Zone reported on August 20th that “the FSB reported on the initiation of a criminal case for treason against “an employee of one of the scientific organisations” in Moscow. The release was published on the website of the intelligence service. The man had previously been detained and arrested in connection with another case. According to the FSB, he “conducted DDoS attacks on critically important facilities of the Russian Federation on the instructions of (Ukrainian intelligence services)” (Article 274.1 of the Criminal Code). The reason for the treason case was that the man, as the FSB claims, “on a regular basis transferred personal funds and cryptocurrency to accounts of funds registered in Ukraine for the purchase of weapons by the Armed Forces of Ukraine” (Article 275 of the Criminal Code). The intelligence service also published footage of the scientist’s arrest. It happened in winter. The Muscovite was first thrown face down in the snow on the street, and then taken to court. His face was blurred. “Beware, News” suggested that the FSB release was about physicist Artem Khoroshilov. His case was first reported by TASS in February 2024. At the same time, according to the Moscow court records, the scientist was arrested back in mid-December 2023. Khoroshilov is a graduate of MIPT. In 2019, he defended his dissertation for the degree of candidate of physical and mathematical sciences at the General Physics Institute of the Russian Academy of Sciences. On the tutoring website Repetit.ru, there is an account of the 33-year-old physicist with a photo.”

26. Yemen/United States: Houthi Shot Down 6th US MQ-9 Reaper Spy Drone in Yemen (May 2024)

On August 21st we published this video in our archived content/footage playlist. As per its description, “on May 29th, 2024 Houthi Forces released this footage showing the interception of a United States General Atomics MQ-9 Reaper UAV conducting ISR mission using a surface-to-air missile. A US defence official, speaking on condition of anonymity to discuss intelligence matters, told the AP that “the US Air Force has not lost any aircraft operating within US Central Command’s area of responsibility.” The official declined to elaborate. The Associated Press alleges that this could imply it was a CIA-operated MQ-9. Quoting: “Noticeably, the drone did not appear to carry any markings on it. Authorities in Marib, which remains held by allies of Yemen’s exiled government, did not acknowledge the drone. A U.S. defense official, speaking on condition of anonymity to discuss intelligence matters, told the AP that “the U.S. Air Force has not lost any aircraft operating within U.S. Central Command’s area of responsibility.” The official declined to elaborate. The CIA also is believed to have flown Reaper drones over Yemen, both to monitor the war and in its campaign against al-Qaida in the Arabian Peninsula, Yemen’s local affiliate of the militant group. The CIA declined to comment when reached by the AP.” This is the sixth MQ-9 that Houthi have shot down since October 2023, and the 3rd they shot down in the month of May 2024.”

27. Holy See: Private Spies in the Vatican

Intelligence Online published this three-part article this week. The first part on August 21st, titled “the untold story of Pope Francis’ anti-graft consultants” and saying that “this summer, as Cardinal Angelo Becciu prepares to appeal his five-and-a-half-year jail sentence for financial crimes, Intelligence Online reveals how Pope Francis relied on private investigators as part of his crackdown on corruption in the Holy See.” And the second part on August 22nd stating that “this summer, Intelligence Online reveals how Pope Francis relied on private investigators as part of his crackdown on corruption in the Holy See. At the heart of the probe, a well-known name in the private intelligence sector.” And the third part was released on August 23rd, stating that “this summer, Intelligence Online reveals how Pope Francis relied on private investigators as part of his crackdown on corruption in the Holy See. Behind the probes is a French banker who has become a vital component of the Vatican’s clean-up operation.”

28. Taiwan: Hackers Deployed New Malware Against University in Taiwan

The Record reported on August 20th that “researchers have uncovered a previously unseen backdoor which was used in an attack on a university in Taiwan. To infect their victims, the malware operators likely exploited a recently patched PHP vulnerability tracked as CVE-2024–4577, according to researchers at the cybersecurity firm Symantec. The vulnerability primarily affects Windows installations using Chinese and Japanese languages. Successful exploitation of the vulnerability can lead to remote code execution, Symantec said. Researchers have observed multiple threat actors scanning for vulnerable systems in recent weeks. “To date, we have found no evidence allowing us to attribute this threat, and the motive behind the attack remains unknown,” they added. What is special about the malware, which they dubbed Msupedge, is that it uses a technique called Domain Name System (DNS) tunneling to communicate with a server controlled by the hacker. Compared to more obvious methods like HTTP or HTTPS tunneling, this technique can be harder to detect because DNS traffic is generally considered benign and is often overlooked by security tools.”

29. China/Japan: Japanese Citizen Indicted on Suspicion of Espionage

Reuters reported on August 22nd that “Chinese prosecutors have indicted a Japanese citizen on suspicion of espionage, China’s foreign ministry said on Thursday, adding that the rights of the people involved in the case would be protected. The individual was indicted recently in line with the law, Mao Ning, a spokesperson at the ministry, said at a regular press conference when asked about the indictment of a Japanese employee of Astellas Pharma Inc. Ties between China and Japan have grown tense in recent years as they contend with issues from territorial claims to Tokyo’s decision to release treated water from the crippled Fukushima nuclear plant into the sea.”

30. Ukraine/Russia: SBU Neutralised an FSB Agent Group of 6 in Dnipropetrovsk

On August 21st Ukraine’s SBU announced that they “neutralised an FSB agent group that “hunted” BpLA factories in Dnipropetrovsk Oblast. The Security Service neutralised another FSB agent group that operated in Dnipropetrovsk Oblast. The perpetrators were preparing coordinates for Russian airstrikes on military and critical infrastructure facilities in the region. Among the priority targets of the enemy were enterprises that produce unmanned aerial vehicles for the Defence Forces. The occupiers were also interested in the locations of repair bases for military equipment of the Armed Forces of Ukraine and key highways used to transport Ukrainian weapons and ammunition to the front line. To correct the fire damage, the FSB remotely recruited six local residents. For this purpose, the Russian intelligence service created a Telegram channel through which it searched for supporters of racism. For the conspiracy, the agents acted separately from each other on the territory of different settlements of the region, but “reported” to a single handler from the FSB. According to his instructions, the participants monitored the directions of movement of the columns and echelons of the Armed Forces, and also paid attention to the accumulation of military equipment that had arrived from the front for maintenance. In order to discover the locations of UAV production companies, the agents used personal connections among local residents, from whom they “darkly” asked for the necessary information. SBU counter-intelligence officers gradually documented all members of the FSB agent group and detained them. During the searches, 16 mobile phones, laptops and tablets with evidence of communication with the Russian intelligence services were found in the possession of the suspects.”

31. China/United States: China’s TP-Link Routers Under Fire — U.S. Lawmakers Demand Investigation into Espionage Threat

RegTech Times reported on August 21st that “U.S. lawmakers are raising alarms over the potential espionage risks posed by TP-Link, a Chinese manufacturer of Wi-Fi routers widely used across the United States. Representatives John Moolenaar (R-Mich.) and Raja Krishnamoorthi (D-Ill.), who lead a House committee focused on countering threats from the Chinese government, have urged the Department of Commerce to investigate whether TP-Link’s products could be exploited for spying purposes. This comes as concerns grow about the security vulnerabilities in TP-Link routers and their compliance with China’s stringent national security laws, which could require the company to hand over sensitive U.S. data to Chinese authorities.”

32. Iran/Israel: Iranian Hackers Targeted Jewish Figure with Malware Attached to Podcast Invite

The Record reported on August 20th that “hackers with suspected ties to Iran’s military targeted a prominent Jewish religious figure in a phishing campaign, researchers said Tuesday. In July, the hackers reportedly used multiple email addresses pretending to belong to the research director for the Institute for the Study of War (ISW), an American-based think tank. Using the spoofed address, the hackers invited the unnamed victim to appear on a podcast hosted by ISW. After an email exchange, the hackers delivered a GoogleDrive URL leading to a ZIP archive named “Podcast Plan-2024.zip,” which contained a malware called BlackSmith that is designed to “enable intelligence gathering and exfiltration.” Researchers at Proofpoint, which released a report on the incident on Tuesday, said it could not link the campaign “directly to individual members of the Islamic Revolutionary Guard Corps (IRGC)” but said the activity was conducted by actors who others have tracked for years. The researchers found at least two links between the campaign and a group with previous links to the IRGC that goes by the names APT42, Mint Sandstorm, Charming Kitten and TA453. APT42 was accused last week by Google of targeting high-profile individuals in the U.S. and Israel, including several people affiliated with both major U.S. presidential campaigns. One of the URL shorteners used in the Proofpoint-tracked campaign was cited by Google Threat Intelligence Group in May 2024 as tied to APT42. Proofpoint said use of the BlackSmith intelligence collection toolkit is a hallmark of Iran-backed attacks. The researchers also found the group’s targeting lined up with the reported priorities of the IRGC Intelligence Organization (IRGC-IO). Joshua Miller, staff APT threat researcher at Proofpoint, said the actors — which they track as TA453 — are part of a consistent pattern of phishing campaigns reflecting “IRGC intelligence priorities.” “This malware deployment attempting to target a prominent Jewish figure likely supports ongoing Iranian cyber efforts against Israeli interests,” he said. “TA453 is doggedly consistent as a persistent threat against politicians, human rights defenders, dissidents, and academics.” IRGC directives have “led to targeting a series of diplomatic and political entities, ranging from embassies in Tehran to US political campaigns,” the report said.”

33. Ukraine/Russia: SBU Announced 16 Year Prison Term for FSB Agent Detained in January 2024

On August 21st Ukraine’s SBU announced that “an FSB agent who directed Russian S-300 and X-22 missiles at Kharkiv received 16 years in prison. According to the investigation, she “leaked” information to the occupiers about the consequences of enemy attacks on the regional centre on January 23 of this year. Then the Rashists bombarded the city with S-300 and X-22 missiles. SBU officers detained a Russian agent “red handed” when she was conducting reconnaissance near an apartment building targeted by the occupiers. It was established that after each “arrival” the attacker recorded the coordinates of the hit and the consequences of the fire damage. She transmitted the received information to the FSB through a “liaison” who was in the Belgorod region. The aggressor used this intelligence to prepare new and adjust repeated shelling of Kharkiv. In addition, the Russian agent collected information about the locations and movements of the units of the Armed Forces defending the regional centre. As the investigation established, the accomplice of the enemy turned out to be a 35-year-old woman from Kharkiv, who was previously charged with theft and illegal possession of drugs. In January 2024, she was recruited remotely by the FSB. For this, the Russian intelligence service involved an acquaintance of the woman who lives on the territory of the Russian Federation. During the searches, the traitor’s mobile phone was seized, which she used in intelligence and subversive activities for the benefit of Russia.”

34. United States/China: US Charges Chinese Dissident with Allegedly Spying for Beijing

BBC reported on August 22nd that “US prosecutors have filed criminal charges against a Chinese dissident living in the US, accusing him of being an agent of Beijing’s intelligence service. Yuanjun Tang, 67, was arrested on Wednesday in the New York City, the US department of justice (DOJ) said in a statement. He is alleged to have spied on US-based Chinese democracy activists and dissidents. Mr Tang, now a naturalised US citizen, is also accused of making false statements to the FBI. The BBC could not immediately identify a lawyer for Mr Tang. In Wednesday’s statement, the DOJ said Mr Tang “was charged by criminal complaint with acting and conspiring to act in the United States as an unregistered agent of the People’s Republic of China (PRC) and making materially false statements to the FBI”. It also alleged that between 2018 and 2023 he acted as China’s agent on the orders of the country’s ministry of state security (MSS) — China’s principal civilian intelligence agency. Mr Tang is accused of regularly receiving instructions via email, encrypted chats and other means of communications from the agency. It is also alleged that he “regularly received instructions from and reported to an MSS intelligence officer regarding individuals and groups viewed by the PRC as potentially adverse to the PRC’s interests, including prominent US-based Chinese democracy activists and dissidents.” “He also travelled at least three times for face-to-face meetings with MSS intelligence officers and helped the MSS infiltrate a group chat on an encrypted messaging application used by numerous PRC dissidents and pro-democracy activists to communicate about pro-democracy issues and express criticism of the PRC government,” the DOJ alleges.” Here’s the US Department of Justice press release.

35. New Zealand: SIS Needs to Be More Careful When Looking for Potential Threats — Spy Watchdog

RNZ reported on August 22nd that “the country’s spy watchdog has cautioned the Security Intelligence Service (SIS) to take particular care before singling out fringe movements for attention when scanning for possible threats. Inspector-General of Intelligence and Security Brendon Horsley, in a report released on Thursday, said the SIS had, in general, taken a “carefully constructed approach” to assessing extremism and identifying individuals or groups of concern. He noted, however, two examples where the agency looked into the online activities within fringe political movements but had kept no record of its justification as to why. “I was concerned to find no record of the kind of careful consideration necessary before any such activity. The service could only provide a retrospective explanation.” Horsley said the collection was “relatively limited” and at the low end of intrusiveness, but he still would have expected to see a clear link drawn between the party’s rhetoric or behaviour and a potential risk to national security. “I expect to see the service taking care, when scanning for possible national security threats, to avoid any appearance of singling out groups and people for attention purely because they have expressed strong or unorthodox views. “I think it obvious it should be particularly careful before singling out specific political parties, lobby or campaign groups, or individuals prominent for their advocacy, protest or dissent.” The report recommended that the SIS be required to expressly consider the laws around freedom of expression before embarking on such work.”

36. France/Azerbaijan: Internal Turmoil in French Spy Network — DGSE Awaits Court Verdict

AzerNews reported on August 20th that “DGSE, Direction Generale de la Securite Exterieure or General Directorate for External Security as in its English pronunciation, has been quite famous for its versatile operations in Africa, Europe, Asia, and in particular, the locations that are known as vulnerable regarding French colonialism. For example, today in a number of countries that have been colonized, especially in Africa, it has become a typical phenomenon, although it is somewhat bittersweet to meet the French soldiers and spies. It is no coincidence that France is the only country in West Africa where the largest spy network is currently operating. In fact, one of the other main reasons for the growth of this network is the collapse of the era of colonialism in those countries. DGSE, the main backbone of the French government, collects secret information about the countries it tries to maintain its influence and adjusts the readiness of the country’s military potential accordingly. If it were not so, the French soldiers would not increase their raids on the people of New Caledonia day by day. But the organization’s blunders are more dominant than its “secret operations”. This is clearly confirmed once again, especially by the information spread about the errors made by DGSE recently. After the branch of the organization trying to spread in Azerbaijan was cut off, a number of secrets emerged. The Collectif des Amis d’Alep, a nonprofit organization, was later found to be linked to a spy ring, and three of its members were subsequently arrested. Further to investigations, some secret networks of DGSE in Azerbaijan have been exposed. On December 26 of last year, the summoning of the French ambassador to Azerbaijan, Anne Boillon, to the Ministry of Foreign Affairs of Azerbaijan and the declaration of the two employees of the French Embassy personae non gratae by the Azerbaijani government because of their activities incompatible with their diplomatic status and contrary to the Vienna Convention on Diplomatic Relations of 1961, reflected the illegalities happening inside. At that time, French diplomats were required to leave the country within 48 hours. There was a reason, and this reason was a heavy blow for the “Caucasus Bureau” of the French spy network. Information about the problems within the DGSE, which has not yet been revealed, is gradually being leaked to the press today. As reported on social media, the ex-head of France’s foreign intelligence agency DGSE, Bernard Bajolet, could face criminal charges for intimidating a businessman from whom the agency demanded 15 million euros. The trial could have implications for the activities of French agents.”

37. Ukraine/Russia: Signals Intelligence Centre Targeted in Drone Attack on Moscow — Ukraine’s Intelligence Chief

The Warzone reported on August 21st that “the head of Ukrainian intelligence told The War Zone that his agency carried out drone attacks on a signals intelligence center and airport near Moscow and a Russian airbase in the Rostov region. In addition, video emerged on social media showing an unsuccessful drone strike near the Olenya Air Base in Murmansk, home of Russian strategic bombers in the Arctic Circle about 1,200 miles from Ukraine. “We conducted a couple of drone operations today,” Lt. Gen. Kyrulo Budanov, head of the Ukrainian Defense Intelligence Directorate (GUR), told The War Zone. In addition to the attack on the signals intelligence center, GUR also conducted drone strikes on the Ostafyevo airport in Moscow as well as the Millerovo air base in the Rostov region. In total, about 50 drones were used, Budanov said. The extent of the damage, if any, at the target locations is unclear at the moment. “We are checking now,” Budanov told us. Ostafyevo airport serves multiple purposes for the Russian MoD, but in 2018 a pair of massive circular antenna arrays were constructed there giving the installation an overt strategic signals and/or communications mission. It’s also possible another signals intelligence center at or near the airport, or in the Moscow region overall, was hit instead.”

38. Lebanon/Israel: Watch Hezbollah Destroying Israeli Espionage Equipment

On August 20th Mehr News Agency shared this video stating that “the Lebanese Hezbollah Resistance Movement published footage of destroying an Israeli regime’s espionage equipment in Jal al-Alam.”

39. Ukraine/Russia: SBU Detained Russian Agent in Donetsk

On August 22nd Ukraine’s SBU announced that they “detained a Russian informant who helped the Russians break into Niu-York in Donetsk region. In the zone of special attention of the enemy were the combat positions of the heavy artillery of the Armed Forces of Ukraine, which keeps under fire control the assault groups of the invaders trying to capture the village of Niu-York. In addition, the defendant tried to determine the coordinates of the headquarters, strongholds and movement routes of the Ukrainian troops defending the settlement. Intelligence was needed by the aggressor to prepare new offensive operations aimed at capturing the village, where heavy fighting is currently ongoing. SBU officers detained a Russian informant during counter-subversive measures on the front line, when she tried to evacuate from the village to the front-line area. According to the investigation, the enemy accomplice turned out to be a local resident, an ideological supporter of racism, who was waiting for the invaders to arrive. The woman remotely maintained contact with Russian intelligence through her husband’s mother, who lives in Russia and is in the field of view of the intelligence services of the aggressor country. In order to collect intelligence, the informant regularly went around the front area, where she secretly recorded the locations of the Defence Forces. In addition, the figure “in the dark” used her acquaintances, from whom she asked for the information she needed during everyday conversations. Then she summarised the collected data, dictated them in voice messages and sent them to the “liaison” in Russia. During the detention, a mobile phone was found in the possession of the enemy informant, which she used in criminal activities.”

40. North Korea: MoonPeak Malware from North Korean Actors Unveils New Details on Attacker Infrastructure

Cisco Talos published this technical analysis on August 21st. As per its key highlights, “Cisco Talos is exposing infrastructure we assess with high confidence is being used by a state-sponsored North Korean nexus of threat actors we track as “UAT-5394,” including for staging, command and control (C2) servers, and test machines the threat actors use to test their implants. Our analysis of the threat actor’s infrastructure indicates they pivoted across C2s and staging servers to set up new infrastructure and modify existing servers. This campaign consists of distributing a variant of the open-source XenoRAT malware we’re calling “MoonPeak,” a remote access trojan (RAT) being actively developed by the threat actor. Analysis of XenoRAT against MoonPeak malware samples we’ve discovered so far illustrates the evolution of the malware family after it was forked by the threat actors.”

41. Germany/Russia: German Prosecutors Open Probe into Drone Flights over Critical Infrastructure

Reuters reported on August 22nd that “German prosecutors have opened an investigation into repeated drone flights over critical infrastructure in northern Germany on suspicion of espionage activity, a prosecutor said on Thursday. The Flensburg public prosecutor’s office has initiated a preliminary investigation on suspicion of “agent activity for sabotage purposes in connection with repeated drone flights,” according to senior public prosecutor Bernd Winterfeldt. Winterfeldt said that he could not give further details on the investigation due to matters of state security. The Bild newspaper, which first reported the investigation, cited an internal police report that said a no-fly zone over a nuclear power plant had been violated several times this month. According to Bild, authorities with the Schleswig-Holstein state criminal police agency assume that the so-far unidentified drones are Russian Orlan-10s, which have a range of 500 to 600 kilometres and can fly over 100 kilometres an hour. A state criminal police agency spokesperson declined to comment on the report and referred questions to prosecutors.”

42. Ukraine/Russia: Drone Strike in Lukoil-Nizhegorodnefteorgsintez Oil Refinery in Russia (Mar. 2024)

On August 23rd we published this video in our archived content/footage playlist. As per its description, “coordinates: 56°06’44.1”N 44°07’46.5″E // 56.112241, 44.129574. Ukraine’s Main Directorate of Intelligence (GUR) announced that they executed a covert/sabotage operation inside Russia, targeting the oil refinery infrastructure of the Kstovo region of Russia using drones. According to Reuters, “AVT-6 unit which was shut down accounted for about 53 per cent of the refinery’s output. Lukoil representatives declined comment.” Nizhny Novgorod Governor, Gleb Nikitin, confirmed the drone attack. LB reported that “a fire caused by a drone strike has shut down the largest primary oil refining unit at Lukoil’s refinery in Russia’s Nizhny Novgorod Region” also stating that “the explosions in Russia on 12 March affected at least nine regions: Moscow, Leningrad, Tula, Bryansk, Belgorod, Kursk, Voronezh, Orel and Nizhny Novgorod.” In April 2024 Bloomberg reported that: “Defense Secretary Lloyd Austin warned that Ukraine’s recent attacks on Russian oil refineries risk impacting global energy markets and urged the country to focus on military targets instead. As Ukraine’s battlefield situation has steadily deteriorated in recent weeks, the country has increasingly turned to strikes deep within Russian territory, including infrastructure. The strikes are part of a bid to reduce fuel supplies to the Russian military, as well as to cut revenues from exports that Moscow uses to fund the war. “Those attacks could have a knock-on effect in terms of the global energy situation,” Austin told the Senate Armed Services committee Tuesday. “Ukraine is better served in going after tactical and operational targets that can directly influence the current fight.” The US has struggled to balance cutting President Vladimir Putin’s war-fueling revenue from petroleum exports with keeping global energy markets supplied to cool inflation and ease a soft-landing for the global economy.”.”

43. Taiwan/China: Eight Convicted in Espionage Case

Taipei Times reported on August 23rd that “the High Court yesterday convicted eight current and retired military officers for developing a spy network for China, including a failed plot to fly a CH-47 Chinook attack helicopter to a Chinese aircraft carrier in the Taiwan Strait. The defendants received sentences ranging from 18 months to 13 years for contravening the National Security Act (國家安全法), the Criminal Code of the Armed Forces (陸海空軍刑法) and taking bribes. The defendants were with key military sites, including the 601st Brigade of Aviation and Special Forces Command and the Huadong Defense Command. The initial investigation was conducted by the High Prosecutors’ Office, which received reports about two Taiwanese businessmen working in China, Chen Yu-hsin (陳裕炘) and Hsieh Ping-cheng (謝秉成), both retired army officers who were recruited by Chinese intelligence officers with promises of financial rewards to form a spy network in Taiwan among their friends and former colleagues in active service. Beginning in 2021, Chen and Hsieh recruited several officers, including a trio serving at the Aviation and Special Forces Command — Lieutenant Colonel Hsieh Meng-shu (謝孟書), and junior officers Kang Yi-pin (康奕彬) and Ho Hsin-ju (何信儒) — as well as army Major Hsiao Hsiang-yun (蕭翔云) and junior officer Hung Jui-yang (洪睿洋). Hsiao received NT$620,000 (US$19,396) from Chinese agents, while Kang received NT$700,000 and Ho NT$600,000 for obtaining and handing over classified military material, investigators said. The Chinese agents sought classified material on troop deployments and Han Kuang drills, investigators said, adding that the most audacious plot was a reward of US$15 million promised to Hsieh Meng-shu, a military helicopter pilot and a special forces wing commander, to defect. Hsieh Meng-shu agreed to fly a Chinook helicopter using the cover of a military exercise in June last year, they said. The estimated 15-minute flight was to have ended on the Shandong aircraft carrier on the western side of the Taiwan Strait, they said. However, a tip-off led to the arrest of Hsieh Meng-shu and his coconspirators before the plan could be carried out, investigators said. Two junior officers in the spy network, Lu Chun-fang (陸駿方) and Wu Chih-peng (吳志鵬), received money from Chinese agents for filming themselves saying: “In time of war, I agree to surrender to the Chinese People’s Liberation Army,” the prosecutors’ office said. The High Court judges sentenced Hsiao to 13 years in prison, Hsieh Meng-shu to nine years, Hsieh Ping-cheng and Hung to eight years, Ho to seven years and four months, Kang to seven years and two months and Lu to five years and six months, while an active service soldier surnamed Liu (劉) was handed an 18-month sentence. Wu was found not guilty. Chen, a retired military officer who was recruited while working in China, could not be located and had likely fled to China, prosecutors said, adding that an arrest bulletin had been issued for him. The Ministry of National Defense said in a statement that China has targeted Taiwan’s military and personnel for infiltration and espionage, so all units must enhance national security education and training to safeguard information.”

44. Russia/Ukraine/Moldova: FSB Detains Three Ukrainian Agents Involved in Sabotage, Espionage in Crimea

TASS reported on August 22nd that “Russia’s Federal Security Service (FSB) has apprehended three agents from the Ukrainian Defense Ministry Main Intelligence Directorate (GUR) in Crimea who were plotting sabotage and conducting espionage, the FSB Public Relations Center said. “A GUR agent, a citizen of Russia born in 1965, was detained in Sevastopol. He was trained in Ukraine in mines and explosives, marksmanship, as well as in the detection of external surveillance and clandestine means of communication. It was established that he produced a home-made explosive device used in July 2024 to rig a gas pipeline in the Republic of Crimea. During his apprehension, a similar explosive device was found in his private vehicle,” the press service said. In Kerch, a Moldovan citizen born in 1992, who had a prior criminal record in Ukraine, was also detained. In April 2024, via the Internet, he initiated clandestine collaboration with a representative of Ukraine’s special services. On his orders, he collected and transmitted information, including photo and video materials of the locations of military hardware and Russian air defense positions, Crimea’s transport and energy infrastructure facilities as well as of the aftermath of enemy projectile strikes. During the interrogation, he told of a cache with a home-made explosive device intended to blow up a water-pumping plant supplying water to Kerch. In addition, a Sevastopol resident, a Russian citizen born in 1973, recruited by the GUR, was apprehended for providing the Ukrainian special services with information on the location of military facilities on the peninsula, home addresses of high-ranking Russian military officials and vehicles used by them.”

45. China: Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control

The Hacker News reported on August 22nd that “details have emerged about a China-nexus threat group’s exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliances and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024–20399 (CVSS score: 6.0) to deliver bespoke malware and gain extensive control over the compromised system, facilitating both data exfiltration and persistent access. “The zero-day exploit allows an attacker with valid administrator credentials to the Switch management console to escape the NX-OS command line interface (CLI) and execute arbitrary commands on the Linux underlying operating system,” cybersecurity company Sygnia said in a report shared with The Hacker News. Velvet Ant first caught the attention of researchers at the Israeli cybersecurity company in connection with a multi-year campaign that targeted an unnamed organization located in East Asia by leveraging legacy F5 BIG-IP appliances as a vantage point for setting up persistence on the compromised environment. The threat actor’s stealthy exploitation of CVE-2024–20399 came to light early last month, prompting Cisco to issue security updates to release the flaw.”

46. Pakistan: Air Force Officer Detained for ‘Espionage’

Khaleej Times reported on August 22nd that “the Pakistan Air Force (PAF) has informed the Islamabad High Court (IHC) that it had detained Squadron Leader Hassan Akhtar on espionage charges. The revelation was made in a written reply submitted to the IHC during the hearing of a petition filed by the spouse of SL Akhtar seeking the release of her husband. According to the petition filed by Dr Faiza Hassan, the PAF authorities detained her husband in November last year. She contended that on December 19 Air Commodore Asim, the director air intelligence, informed the petitioner that her husband was in their custody and would be released after the completion of a probe.”

47. Israel/Iran: Haifa Port Strike Thwarts Iranian Espionage Operations

Elder of Ziyon published this post on August 22nd stating that “labor unrest at Israel’s busiest port has rendered useless an intelligence-gathering effort by the regime in Tehran to identify and exploit vulnerabilities in the facility, an operative acknowledged today. Three undercover Iranian spies found their espionage work impossible to accomplish over the last five weeks since gaining access to the port, the leader of the group disclosed Thursday, because the place remains perpetually on strike. “I don’t know how any imports end up in the country,” admitted Mohsen Najad, 40. “We’ve seen some office personnel and a couple of emergency maintenance folks come through, but no one’s done a lick of actual work in all the time I’ve been here. I can’t find out a scrap of the information I’m supposed to collect on capacities, security, inspections, technology, or logistics. My contact in Beirut is getting annoyed.” His comrades, who, under mission orders, must not be seen to come in contact with him, shared similar concerns. “I’ve been having a wonderful time off from work, since the union decided no one sets foot there,” he conceded. “But at a certain point a guy’s gotta do his job, and I can’t do my job without doing my other job. It’s going to look suspicious, eventually, when I haven’t been paid but can still afford to live.” The man appeared unaware that union power in Israel has guaranteed wages for port workers far in excess of basic expenses, and that regardless, Israelis tend not to pay much attention to whether their checking account balances are in the black or in the red, and would therefore not notice him living beyond his means. The third member of the operations team noted that he had to warn the other two, via their indirect communication methods, not to work too hard, exhibit punctuality, or volunteer for any duties beyond the absolute minimum required of their job descriptions. He further cautioned them that performing up to requirement, and not coasting on union protection to maintain job security, would be a surefire way to blow their cover. He cited for them the case of Israeli counterintelligence catching a mole because the foreign agent used correct Hebrew grammar. “That last bit was an important point, because otherwise we’d have worked hard on mastering proper Hebrew not just for nothing, but it would have compromised everything,” acknowledged the team leader. In the absence of their designated espionage work, the three men have made daily, hours-long trips to various recreational and sensual facilities in Israel and marked the outings as “for research purposes” in the reports to their handlers.”

48. Israel/Egypt: Israeli Intelligence Chiefs Attend Talks in Cairo as Gaza Bombing Continues

France 24 reported on August 22nd that “Israeli negotiators were taking part Thursday in talks on Gaza in Cairo, a government spokesman said, as fighting raged on the ground despite US pressure on Israel and Hamas to reach an agreement. Hopes for a deal have dwindled though as Israel and Palestinian militant group Hamas have traded blame for failing to reach a deal after more than 10 months of war in the Gaza Strip. A main sticking point remains Hamas’s longstanding demand for a “complete” Israeli withdrawal from Gaza, which Prime Minister Benjamin Netanyahu has opposed. Netanyahu’s spokesman Omer Dostri told AFP that Mossad spy agency chief David Barnea and Ronen Bar, head of Israel’s Shin Bet domestic security service, were in the Egyptian capital and “negotiating to advance a hostage (release) agreement”.”

49. Canada/India: Intelligence Chief Made Unannounced Visits to India Twice this Year

Press Trust of India reported on August 22nd that “Canada’s intelligence agency chief David Vigneault paid two quiet visits to India in February and March to apprise Indian officials of the case relating to the killing of Khalistani extremist Hardeep Singh Nijjar, people familiar with the matter said. Vigneault, the director of the Canadian Security Intelligence Service (CSIS), is learnt to have shared information that emerged during Ottawa’s investigation into the killing. The ties between India and Canada came under severe strain following Canadian Prime Minister Justin Trudeau’s allegations in September last year of the “potential” involvement of Indian agents in the killing of Nijjar.”

50. India/Pakistan: The ISI Operative Inside the Gandhi Dynasty

Blitz reported on August 23rd that “in the shadowy world of espionage and political intrigue, where power and deception intertwine, a startling tale unfolds — one that has been hidden for decades. This is the story of Hedvige Antonia Albina Maino, a woman born in the midst of Nazi Germany’s chaos, who rose from obscurity to become a key figure within one of the most influential political dynasties in India. But beneath the surface of her carefully crafted public persona lies a shocking reality: she was not just a political figure, but an agent of Pakistan’s ISI, planted deep within the heart of India’s political landscape. As this revelation comes to light, it challenges everything we thought we knew about the Gandhi dynasty, exposing a web of lies, espionage, and international intrigue that has remained concealed for far too long. Welcome to the untold secrets of a waitress, mistress, and escort turned agent of the Pakistani spy agency Inter-Services Intelligence (ISI), who was planted decades ago within India’s powerful political dynasty. Since we began exposing the dark secrets of the enigmatic members of the Gandhi dynasty on August 17, 2024, the online edition of this newspaper has faced repeated sabotage attempts, including DDoS attacks. These incidents indicate that certain notorious elements are desperately trying to bury the truth with their nefarious acts. Additionally, various YouTube channels and mainstream media outlets — referred to as “samestream media” in this age of modern technology — are facing shadow bans, likely orchestrated by the same nexus of culprits who want to suppress the truth.”

51. Ukraine/Russia: SBU Announced 14 Year Prison Term for FSB Agent Detained in 2023

On August 22nd Ukraine’s SBU announced that “a lawyer-collaborator who spied behind checkpoints in Kramatorsk and planned to escape to the Russian Federation was sentenced to 14 years in prison. According to the indisputable evidence base of the Security Service, another FSB informant who operated in Donetsk region received a prison term. The intruder “drained” the bases of the Ukrainian troops defending Kramatorsk. The enemy was most interested in the coordinates of roadblocks and fortified areas on the territory of the city and its surroundings. In order to obtain the relevant coordinates, the FSB involved its informant — a local lawyer who had lived in Russia for a long time, where he came into the field of view of the intelligence services of the Russian Federation. The lawyer returned to Kramatorsk before the full-scale invasion, and in the spring of 2023 he received his first assignment from his Russian handler. For its implementation, the attacker went around the area, secretly recording the locations he needed, and then transferred them to a Google Map for the FSB “report”. For each completed task, the occupiers promised their informant a monetary reward, which was supposed to go to his bank card. In addition, in the future, the occupiers promised to “evacuate” the collaborator to Russia. However, SBU officers prevented the implementation of the occupiers’ plans and detained an enemy henchman in the summer of 2023, when he was preparing to flee to the territory of the Russian Federation. During the search, 2 mobile phones and replaceable SIM cards were seized from him, on which he specially registered messengers for communication with the FSB.”

52. United States/Iran: Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts

FBI announced on August 19th that “today, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released the following statement: As each of us has indicated in prior public statements, Iran seeks to stoke discord and undermine confidence in our democratic institutions. Iran has furthermore demonstrated a longstanding interest in exploiting societal tensions through various means, including through the use of cyber operations to attempt to gain access to sensitive information related to U.S. elections. In addition to these sustained efforts to complicate the ability of any U.S. administration to pursue a foreign policy at odds with Iran’s interests, the Intelligence Community (IC) has previously reported that Iran perceives this year’s elections to be particularly consequential in terms of the impact they could have on its national security interests, increasing Tehran’s inclination to try to shape the outcome. We have observed increasingly aggressive Iranian activity during this election cycle, specifically involving influence operations targeting the American public and cyber operations targeting presidential campaigns. This includes the recently reported activities to compromise former President Trump’s campaign, which the IC attributes to Iran. The IC is confident that the Iranians have through social engineering and other efforts sought access to individuals with direct access to the presidential campaigns of both political parties. Such activity, including thefts and disclosures, are intended to influence the U.S. election process. It is important to note that this approach is not new. Iran and Russia have employed these tactics not only in the United States during this and prior federal election cycles but also in other countries around the world. Protecting the integrity of our elections from foreign influence or interference is our priority. As the lead for threat response, the FBI has been tracking this activity, has been in contact with the victims, and will continue to investigate and gather information in order to pursue and disrupt the threat actors responsible. We will not tolerate foreign efforts to influence or interfere with our elections, including the targeting of American political campaigns. As an interagency, we are working closely with our public and private sector partners to share information, bolster security, and identify and disrupt any threats. Just as this activity demonstrates the Iranians’ increased intent to exploit our online platforms in support of their objectives, it also demonstrates the need to increase the resilience of those platforms. Using strong passwords and only official email accounts for official business, updating software, avoiding clicking on links or opening attachments from suspicious emails before confirming their authenticity with the sender, and turning on multi-factor authentication will drastically improve online security and safety.”

53. United States: Army Speeds Information Warfare Detachments Creation

AFCEA’s Signal reported on August 22nd that “the U.S. Army is making final preparations to create information warfare detachments at the theater level. “Army Cyber will take the civilian TDA (tables of distribution and allowance) and that will form the basis of a digital protection and reconnaissance center that will conduct targeting support and digital force protection tasks for the TIADs (theater information advantage detachments) when they stand up,” said Lt. Gen. Maria B. Barrett, commanding general, U.S. Army Cyber Command. The creation of these units was scheduled for 2026, but the Army seems to be moving ahead of schedule. “This really reflects the commitment of the Army to bring together an integrated team of cyber, EW (electronic warfare), signals, data systems engineers, io (information operations), intel and psyops,” Gen. Barrett told the audience at an event in Augusta, Georgia, on Thursday. Gen. Barrett highlighted the growing significance of information warfare and cybersecurity in modern military strategy during the closing keynote of the TechNet Augusta conference. She emphasized the accessibility of advanced technologies like deep neural networks and AI, which can be exploited by adversaries to create deepfakes and manipulate public opinion, posing threats to national security. The discussion covered the need for the military to adapt to these evolving threats, with a focus on enhancing cyber and EW capabilities. The Army’s initiatives include restructuring its cyber forces, developing new capabilities for information operations and integrating artificial intelligence (AI) to improve situational awareness and decision-making on the battlefield. The urgency stems from the pivot from counterinsurgency operations in the past to dealing with peer adversaries employing a variety of means to disrupt defense. “We realized that there were some holes in our swing, and that really began with the Army starting to build towards the capabilities that we need to face the threats that we’re seeing today, and that was a really concerted effort to strengthen the EW enterprise that began with the approval of growth over the next 10 years of what would be 2,800 EW professionals across the Army,” Gen. Barrett said. Gen. Barrett stressed that EW ties in with cyber, including operations at the edge. A new doctrine, published in mid-2023, involves the creation of several units including active, National Guard and Reserve for multidomain information operations. It is updating operations at all levels, including Army Network Enterprise Technology Command, according to Gen. Barrett.”

54. United States: The Langley Files — CIA Cyber Safety 101

On August 22nd the CIA’s “The Langley Files” podcast released this episode. As per its description, “CIA’s digital systems need to process some of the most sensitive data in the world — intelligence that is vital to keeping Americans safe and must be kept from falling into the wrong hands. But who is responsible for ensuring the security of those systems? And do they have any best practices that you could incorporate into your own tech life? On this episode of The Langley Files, you’ll find out. Dee and Walter are sitting down with Jennifer Link, CIA’s Chief Information Security Officer, to discuss her background and responsibilities, and how she goes about keeping herself cyber-safe in everyday life. So, from mystery phone calls and online pop ups to the increasing world of cyber-enabled home appliances — this is an episode chock full of CIA cyber safety news you can use.”

55. United States/China: Former Verizon Employee Pleads Guilty to Conspiring to Aid Chinese Spy Agency

CyberScoop reported on August 23rd that “a former Verizon employee pleaded guilty Friday to conspiring to serve as an agent of the People’s Republic of China, namely by using his job to send information about Chinese enemies to a spy agency there, as well as details related to cyber incidents. Ping Li faces up to five years in prison for his contacts with the Ministry of State Security. He provided information on Chinese dissidents, pro-democracy advocates and members of the Falun Gong religious movement, as well as U.S.-based nonprofit organizations. The Chinese-born, Florida-dwelling Li worked for Verizon for more than 20 years, according to his attorney, Daniel Fernandez. Li exploited his position with the telecommunications company to provide the information via anonymous online accounts, but also traveled to China, according to the Justice Department. He sent details like the name and biographical information of a Falun Gong member and materials related to cybersecurity training upon request of the Chinese ministry. “In May 2021, an MSS officer requested information from Li concerning hacking events targeting United States companies, including a widely publicized hacking of a major United States company by the Chinese government,” according to the Justice Department. He delivered that information within four days. When arrested, Li was charged with both acting as an unregistered agent of a foreign government and conspiring to do so. If convicted on both charges, he would have served up to 15 years in prison. Fernandez said the reduction to a single count indicates a “realization that this was not an egregious violation.” At the same time, Fernandez said, it “sends a message the government intended to send — you cannot provide information to foreign governments without getting authorization.”.”

56. United States: Spy Agencies Lag Civilian Workforce in Diversity

Reuters reported on August 23rd that “minorities, women and disabled persons are still underrepresented in U.S. spy agencies compared with the U.S. civilian workforce, said a report released on Friday by the Office of the Director of National Intelligence. The findings come as U.S. conservatives attack public and private initiatives aimed at closing gaps in employment and promotions and amid vows by Republican presidential candidateDonald Trump to eliminate diversity, equity and inclusion (DEI) programs “across the entire federal government.” The annual congressionally mandated report on the demographics of the 18 U.S. spy agencies showed the proportion of minority employees slipping from 27% in 2020 to 26.7% for fiscal year 2023, versus 39.8% for the country’s civilian labor force of 167 million people during the latter period. Diversifying the intelligence community — long seen as a field dominated by white men from elite universities — has been a priority since the Republican administration of President George W. Bush began rebuilding the spy agencies following the Sept. 11, 2001, attacks. Ending DEI programs in the U.S. intelligence community could harm national security by slowing the recruitment and promotion of people with the backgrounds needed for spying and analyzing intelligence on foreign threats, said Mark Warner, the Democratic chairman of the Senate Intelligence Committee. “The argument for diversity is probably stronger for the IC (intelligence community) than many other federal agencies because the nature of spying is you are spying on other countries,” he said. A U.S. intelligence official, who requested anonymity to discuss the issue, stressed that qualifications and experience are given as much consideration in recruitment and promotions as candidates’ ethnic, linguistic and cultural backgrounds. “If you were to run the data on the qualifications of any minority group in the United States intelligence community and compare them to their majority counterparts, you will find that they are on a par, and in some instances, exceeding the experience and education levels of some of their counterparts,” the official said. The new report showed that gaps persist.”

57. United States: Inside the CIA’s Secretive Plan to Infiltrate Al Qaeda

Smart Encyclopedia published this podcast episode on August 23rd. As per its description, “in the wake of the September 11, 2001 attacks, the United States launched an aggressive and far-reaching campaign against terrorism, fundamentally reshaping its intelligence and counterterrorism strategies. Among the many changes was a dramatic shift in the focus of the Central Intelligence Agency (CIA), which moved away from its traditional espionage roots toward a new mission: the assassination of key figures and the hunting of non-state actors. As part of this broader transformation, an audacious plan was conceived — one that sought to infiltrate the very heart of Al-Qaeda, the organization responsible for the 9/11 attacks. The idea was as bold as it was perilous: to conscript a white American man who could pass as a sympathizer and penetrate the inner workings of the terrorist group. Journalist Zach Dorfman spent years investigating this clandestine operation, uncovering the details of a deep-cover mission that would reach the desk of then-President George W. Bush and ultimately shape the future of the CIA. According to Dorfman’s extensive research, the operation was born out of the urgency and fear that gripped the U.S. intelligence community in the immediate aftermath of 9/11. Traditional espionage methods were deemed insufficient for the new reality, where enemies were not state actors but shadowy terrorist networks with no fixed address. The CIA, which had long been adept at gathering intelligence and conducting covert operations, found itself in uncharted territory. In this climate, the idea of embedding an American operative within Al-Qaeda began to take shape. The mission’s objective was to gather critical intelligence from within the organization, identify key leaders, and ultimately disrupt future terrorist plots. The plan was fraught with risk — both for the operative and the agency — but the potential rewards were seen as justifying the gamble. Dorfman’s investigation reveals that the proposal was developed by senior CIA officials and presented to President Bush as part of a broader strategy to neutralize Al-Qaeda. The President, who had vowed to bring the perpetrators of 9/11 to justice, reportedly gave the plan his support, marking a significant shift in how the U.S. would conduct its war on terror. The implications of this operation, as Dorfman discovered, went far beyond its immediate goals. The decision to focus on direct action — hunting and eliminating terrorists — rather than traditional intelligence gathering, would set the CIA on a new path. This approach would define the agency’s activities for years to come, leading to the expansion of drone strikes, targeted killings, and other aggressive counterterrorism tactics. Dorfman’s reporting sheds light on the secretive and often controversial measures adopted by the CIA in the post-9/11 era. While the operation to infiltrate Al-Qaeda represents just one chapter in the agency’s long history, it is emblematic of the broader changes that have since come to define U.S. intelligence efforts in the 21st century. As the CIA continues to adapt to the evolving threats posed by global terrorism, the legacy of this deep-cover operation serves as a reminder of the lengths to which the agency has gone in its pursuit of national security. Dorfman’s investigation not only uncovers the details of a daring mission but also prompts broader questions about the ethics and effectiveness of such covert operations in the ongoing war on terror.”

58. Ukraine/Russia: SBU Detained FSB Agent in Odesa

On August 23rd Ukraine’s SBU announced that they “detained an FSB agent who corrected the double strike by “Iskander” on Odesa. Military counter-intelligence of the Security Service detained another FSB agent in Odesa. He turned out to be a local realtor who was spying on the Defence Forces and correcting air attacks on the city. On March 15 of this year, he “reported” to the Russian intelligence service about the consequences of a double strike on the regional centre. Then the occupiers attacked the civilian infrastructure of the port city with Iskander-M ballistic missiles. When rescuers, National Police officers and medics arrived at the scene of the “arrival”, the rioters hit them with a second rocket. Immediately after that, an FSB agent arrived at the scene, conducted a preliminary investigation there and gave the occupiers information about the affected objects and the estimated number of dead and wounded. The figure was in contact with the Russian intelligence services through an acquaintance of his, a member of the occupation groups of the Russian Federation, who participated in the capture of Mariupol and Bakhmut. Then the militant passed intelligence to his brother, who is part of the FSB unit stationed in the temporarily occupied part of the territory of Donetsk region. After the “pour” of information about the consequences of a double missile attack on Odesa, the traitor continued to perform the task of adjusting enemy fire. Among the priority targets of the enemy were the temporary bases of the Defence Forces in the territory of the regional centre. In order to collect intelligence, the “dark” realtor used connections among his clients. In the course of the special operation, the SBU officers gradually documented the crimes of the person involved and detained him when he was preparing to transfer new intelligence to the aggressor. In addition, during the investigation, the Security Service established the facts of the FSB agent’s information-subversive activity. We are talking about his provocative comments on YouTube video hosting, where he spread fakes about Ukrainian defenders and justified the war crimes of the Rashists.”

59. Netherlands: Dutch Cabinet Bans Phones in Meetings Over Espionage Fears

Politico reported on August 23rd that “the Netherlands’ new team of ministers are forced to keep their phones and smartwatches in a vault when meeting to discuss state affairs, its prime minister and former spy Dick Schoof said Friday. Smartphones, tablets and other connected devices like smartwatches have to be put in a vault during official meetings including the weekly Council of Ministers, Schoof told public broadcaster NOS. The measure has been in place since Schoof took office early July. “The threat of espionage is of all times. Electronic devices, smartphones, iPads … those all are microphones,” Schoof said. Foreign powers are interested in learning more about Dutch affairs “and you want to prevent that,” he said. The prime minister added he does allow for breaks so ministers can go check their phones. In the previous Dutch government, smartphones were only banned when specific security topics were discussed, the Dutch daily AD that broke the news wrote on Thursday. Schoof’s sensitivity to security and espionage risks is no surprise. Before he took the reins of the Dutch government, he was the top civil servant of the Dutch Justice and Security Ministry. Between 2018 and 2020, he also ran the Dutch intelligence services. Before that he was the country’s national coordinator in the fight against terrorism.”

60. Israel: Settler Raids on al-Aqsa Causing ‘Indescribable Damage’ to Israel

Press TV reported on August 24th that “the head of Israel’s internal spy agency, known as Shin Bet, has rebuked violent incursions into the al-Aqsa Mosque compound by Israeli minister Itamar Ben-Gvir and settlers as an issue that causes “indescribable damage” to the occupying entity. Ronen Bar made the comment in a letter on Friday to Israeli prime minister Benjamin Netanyahu and minister of military affairs Yoav Gallant, expressing deep concern that the storming of the holy site, which was conducted by the radical Jewish settler gangs of Hilltop Youths, is backed by the Israeli regime and the group has “long ago become a hotbed of violence against Palestinians.” Bar stressed that the settlers are emboldened by lenient treatment and “a secret sense of backing” from the police under the leadership of Ben-Gvir. “The loss of fear of administrative detention due to the conditions they get in prison and the money given to them upon their release, together with legitimization and praise, alongside delegitimization of security forces, contributes to the phenomenon’s continuation,” the head of Israel’s internal spy agency said. He emphasized that the solution does not lie with the Shin Bet but rather requires action from the occupying regime’s leaders.”

61. Nigeria: Intelligence Agency DG, Rufai Abubakar Tenders Resignation To Tinubu

Sahara Reporters stated on August 24th that “the Director General of the National Intelligence Agency (NIA), Ahmed Rufai Abubakar, on Saturday tendered his resignation to President Bola Tinubu. The reason for his resignation is not yet known. It would be recalled that under Abubakar’s watch in October 2022 that operatives of the agency stormed the head office of Peoples Gazette in Abuja. The newspaper had published in a series of three articles — a memo that spy chiefs at the foreign intelligence office had written to former President Muhammadu Buhari, warning him against retaining Rufai Abubakar as the director-general on the grounds that he lacked intellectual and physiological rigour for the position. Nearly three weeks after the articles, four officers arrived in a white Toyota Hilux truck and intimidated security personnel at the gate and forced their way into the offices on the second floor.”

62. New Zealand/United States: Waihopai is a Secret U.S. Spy Base in New Zealand Designed for War-fighting

Covert Action Magazine published this article on August 24th stating that “the news that the Waihopai spy base was going to be built led to the birth of the Anti-Bases Campaign (ABC) in 1987. ABC has campaigned for the closure of Waihopai ever since (our most recent protest there was in 2023). We have consistently said that it is a U.S. spy base in all but name, i.e., that the New Zealand Government Communications Security Bureau (GCSB, NZ’s spy agency in the Five Eyes international spy alliance) works as directed by the U.S. National Security Agency (NSA). We have also consistently said that it is a war-fighting base, not just a spy base. The powers that be in New Zealand’s covert state, and their political mouthpieces, have always denied this and/or asked for evidence?”