4:00 PM ET, Monday, December 11, 2023
The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines:
THE TOP STORIES
Pro-Iranian Hackers Suspected of Disruption of Water System in Remote Irish County. A pro-Iranian hacking group is suspected of launching a cyberattack on a water facility in a remote area on Ireland’s west coast, leaving residents without water for two days. The hackers said the attack was directed at equipment they claimed was manufactured in Israel. A private water scheme in County Mayo was impacted by the hack that led to water outages for about 160 households. According to Ireland’s communications department, the disruption was caused by “exploitation of a vulnerability in a particular type of programmable logic controller.” A spokesperson said the attack appeared part of a global operation “and there is no suggestion that services in Ireland were specifically targeted.” The Cyber Av3ngers group appears to be behind the Irish attack. A message left on the affected network said the disruption was carried out because the water system used an Israeli-made Unitronics tool. TheRecord
Navalny aid says he has disappeared in prison. Russian opposition politician Alexei Navalny has been removed from the penal colony where he had been imprisoned since the middle of last year. His current whereabouts are unknown, his allies said on Monday. Navalny aides have been preparing for his expected transfer to a "special regime" colony, the harshest grade in Russia's prison system, after he was sentenced in August. The process of moving prisoners by rail often takes weeks, leaving lawyers and family unable to obtain information on a prisoner's location. Navalny’s lawyer has said, "We don't know where he is right now. He can be in any colony of a special regime and there are about around 30 of them in Russia, all over Russia," She also added, "We will try to go to every colony there is and look for him". The United States has expressed its concern over the matter. White House national security spokesman John Kirby said, “He should be released immediately”. Navalny's disappearance comes amid the beginning of a campaign period for a presidential election in which Vladimir Putin will run for another six-year term. Reuters Associated Press
ISRAEL AND HAMAS WAR
Iraq struggles to contain fighting between US and Iran. Baghdad has been forced into a balancing act as U.S. military facilities are attacked by Iran-backed factions. Over the past two months since the Israel-Hamas war broke out, there have been multiple attacks on U.S. personnel in the region. A rocket attack on the U.S. Embassy in Baghdad on Friday was another escalatory incident that left officials scrambling to ensure the conflict does not ripple throughout the Middle East. Iran holds a considerable amount of influence in Iraq. There are currently 2,000 U.S. troops stationed in Iraq in order to combat the Islamic State militant group. Baghdad relies on Washington’s sanction waivers to buy electricity from Iran. With Iraq’s foreign currency reserves housed at the U.S. Federal Reserve, the U.S. has significant control of Iraq’s supply of dollars as well. Prime Minister of Iraq, Al-Sudani, has condemned the attacks and U.S. counter-strikes in his country as a violation of Iraqi sovereignty. He has ordered his forces to pursue militants involved in the attacks, which caused no injuries and only minor damages so far. Washington has signaled that their patience is limited. After the embassy attack, the Pentagon said that Defense Secretary Lloyd Austin “made clear that attacks against U.S. forces must stop.” CIA Director William Burns warned al-Sudani of “harsh consequences” if Iraq doesn’t act to stop the attacks, according to an Iraqi official. A Hezbollah spokesperson has said Iran-backed groups in Iraq don’t want the conflict to spread across the region. However, they are prepared to respond with force to any attacks. AP News
Palestinians starve as Gaza war rages amid fears of exodus into Egypt. As international relief agencies said hunger is spreading among the displaced Palestinian population, Israel said Monday that it is not trying to push refugees over the border into Egypt. As the crisis worsens, Hamas fighters and Israeli troops continue to fight across the territory. The Gaza health ministry reported that 18,205 people have been killed and 49,605 injured in Israeli strikes in Gaza, hundreds since the U.S. vetoed a U.N. security council resolution calling for a ceasefire Friday. The majority of the 2.3 million population has been displaced from their homes and residents say it is virtually impossible to find food or refuge. UNRWA, the U.N. body responsible for Palestinian refugees, said that some residents were arriving at health centers carrying their dead children. This comes as U.N. Secretary General Antonio Guterres said he feared the mass displacement of Palestinians into Egypt and the breakdown of social order. Jordan has also accused Israel of attempting to “empty Gaza” of its population. An Israeli spokesperson called this accusation “outrageous and false”. Reuters
White House 'concerned' at reports Israel used white phosphorus in Lebanon attack. The United States is concerned about reports Israel used white phosphorus, supplied by the United States, in an October attack in southern Lebanon. White House spokesperson John Kirby said, "We've seen the reports. Certainly concerned about that. We'll be asking questions to try to learn a little bit more," Kirby told reporters on Air Force One. Kirby added that white phosphorus has a "legitimate military utility" for illumination and providing smoke cover to conceal movements. When asked about the report that Israel used white phosphorus in Lebanon, Israeli Defense Minister Yoav Gallant said,” The IDF and the entire security establishment acts according to international law. That is how we have acted and how we will act." Reuters
THE UKRAINE UPDATE
Zelenskyy, in Washington, urges Congress not to play into Putin's hands. Ukrainian President Volodymyr Zelenskiy told a U.S. military audience that he hoped he could still count on the United States. He also urged Congress not to play into Russian President Vladimir Putin's hands. Zelenskyy is in Washington in a last minute urgent bid to shore up security assistance. "We won't give up. We know what to do and you can count on Ukraine. And we hope just as much to be able to count on you," Zelenskyy said in an address to the National Defense University. U.S. President Joe Biden's administration has warned Congress about the consequences of a failure to renew military assistance to Ukraine. He has said it could tip the nearly two-year-old war in Russia's favor. This would create numerous national security threats for the West. Zelenskyy, in an oblique reference to disputes in Congress over allocating aid, said it was "crucial that politics ... not betray the soldiers." Zelenskyy is expected to attend meetings at the White House and Congress where he will address lawmakers. His visit to congress comes as some Republican lawmaker are questioning continued U.S. aid to Ukraine. Reuters
The Russian deputy prime minister visits China this week. Russian Deputy Prime Minister Alexander Novak, President Vladimir Putin's top official on matters relating to oil and gas, will head a Russian delegation to China, the government said on Monday. The group, reportedly up to 20 people, will visit China this week to participate in an inter governmental commission on energy. China has become one of Russia's main trade partners together with India. The two countries buy a bulk of Russian oil exports, which Moscow has redirected from Europe due to sanctions imposed after the start of the war in Ukraine in February 2022. Russia is seeking to boost its natural gas supply to China to around 100 billion cubic meters (bcm) per year by 2030. Moscow has been engaged in talks with China over the Power of Siberia 2 pipeline. The pipeline is designed to carry Russian natural gas from northern Siberia to China via Mongolia. Reuters
THE CYBER AND TECH RUNDOWN
U.S. Officials Share Insights into Chinese Cyber Campaign Against U.S. Infrastructure. Cybersecurity experts are offering undisclosed details of an expansive Chinese cyber campaign aimed at disrupting U.S. critical infrastructure facilities. Hackers aligned with the People’s Liberation Army (PLA) have launched cyberattacks on a wide range of American targets, including a water utility in Hawaii and the operator of the Texas power grid. These and other domestic targets of Chinese cyber operations join infrastructure entities outside the U.S. that also have experienced system breaches. According to unidentified U.S. officials, the intrusions have not impacted industrial control systems (ICS) that operate critical equipment or functions, but the cyber probing indicates a Chinese goal of complicating U.S. efforts to move forces and materiel in the Pacific should a conflict erupt over Taiwan. Brandon Wales, CISA executive director, noted that the Chinese targeting of infrastructure facilities stems from Beijing’s intent “to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict” to hamper the U.S.’ ability to “project power into Asia.” Morgan Adamski, director of the NSA Cybersecurity Collaboration Center, echoed Wales’ view of Chinese intentions, confirming that the recently disclosed Volt Typhoon operation by Chinese hackers “appears to be focused on targets within the Indo-Pacific region, to include Hawaii.” The information shared with the Washington Post by officials reinforces the annual threat assessment issued early this year the Office of the Director of National Intelligence, which warned of China’s cyber warfare capabilities disrupt U.S. critical infrastructure. Washington Post
North Korean Hackers Continue To Exploit Log4j Software Vulnerability. North Korean hackers are continuing to exploit a vulnerability in a widely-used open source software application used in manufacturing and agricultural systems, according to a report form Cisco’s Talos Intelligence Group. The campaign carried out by a subgroup of the Lazarus cybercrime enterprise used three new malware families and for parts of the operation exploited the Log4j vulnerability. Talos researchers said this particular software flaw was used by a Lazarus affiliate “to deploy a multitude of malware, dual-use tools and conduct extensive hands-on-keyboard activity.” The “Operation Blacksmith” campaign used malware written in DLang, signaling a shift among North Korean hackers toward using more obscure programming languages over the last 18 months. The research report pointed out the campaign between March and September of this year consisted of “opportunistic targeting of enterprises around the world that publicly host and expose their vulnerable infrastructure to n-day vulnerability exploitation such as [Log4j].” Talos said there was overlap between Operation Blacksmith and a hacking operation known as Onyx Sleet that was exposed in October by Microsoft. CyberScoop Talos Intelligence
GAO Report To Spotlight Federal AI Use Cases, Compliance with Requirements. On Tuesday the Government Accountability Office (GAO) will issue an inaugural report on AI inventories maintained across the Federal government, which collectively include more than 1,000 current or planned AI uses cases. The two-part GAO report has been under development for more than a year and will provide a snapshot of Federal agencies’ use of AI and their progress in meeting specific AI requirements. Kevin Walsh, GAO director of IT and cybersecurity, explained that the report is “setting the stage for where AI is in the Federal government.” Walsh added that the report makes clear that AI is already in active use in the government for a variety of applications, with that use only expected to accelerate. He noted the tremendous potential of AI tools, but cautioned as the technology is adopted within government “that we’re thinking it through and making sure that we’re disclosing it properly.” NextGov
European Parliament Report Warns of Cyber Threats to June Election Process. The IT department of the European Parliament has warned in a report to a parliamentary group that cybersecurity preparations for next June’s elections have “not yet met industry standards” and have not met the threat level anticipated from state-sponsored hackers and other threat actors. Even as steps are taken to reinforce the security and integrity of parliamentary elections, European officials are aware of heightened threats from Russia, China and elsewhere to interfere in the process through disinformation and cyberattacks. The IT department report warns that state-sponsored cyberattacks on Parliament have increased in number and sophistication since the last election in 2019. Several officials and legislators involved in preparing for cyberattacks against next year's election warned that the Parliament’s defenses are weak and could falter. A senior threat analyst with Proofpoint noted that which China also represents a cybersecurity risk, the threat level is not the same as Russia. Greg Lesnewich said Chinese operations are motivated by efforts to influence how the country is perceived rather than “typical Russian-style disinformation to sow distrust in whatever target country they’re operating in.” The European parliamentary elections are unique in that 27 voting processes are taking place simultaneously with different infrastructure and defenses. A successful disruption of just one national electoral process could bring into question the integrity of the entire parliament. The parliament IT report includes in its catalog of threats disinformation targeting specific candidates; cyberattacks against national voting systems; and cyber disruptions of major political debates at the EU and national level. Hackers also could launch attacks to compromise vote counts and election process information systems. Politico
ELSEWHERE IN THE WORLD
U.S. F-16 jet crashes in South Korea, pilot rescued after ejecting. A U.S. Air Force unit stationed in South Korea said that a U.S. F-16 jet crashed in South Korea Monday after experiencing an “in-flight” emergency during a routine training flight. The pilot safely ejected and was rescued by a South Korean Coast Guard vessel in the Yellow Sea and later returned to the Kunsan Air base according to the Air Force’s 8th Fighter Wing. The unit added that the cause of the emergency was being investigated. Colonel Matthew Gaetke, commander of the unit said he was grateful for the pilot’s recovery and added that he was in good condition. Reuters
US imposes visa restrictions on nearly 300 Guatemalans over 'anti-democratic actions'. The United States issued visa restrictions on nearly 300 Guatemalan nationals including 100 members of congress Monday, accusing them of undermining democracy in the country. A State Department Spokesperson added that the action also targets private sector representatives and their family members. This comes as Guatemala’s President-elect Bernardo Arevalo forcefully rejected a legal maneuver from prosecutors to invalidate his election, calling the move “perverse” and an “attempted coup”. The State Department official highlighted that Washington strongly condemned the actions of Guatemala’s Public Ministry and others requests to annul electoral results and remove immunity from Arevalo. “These brazen measures follow a long list of other anti-democratic actions” he added. Reuters
Polish PM loses confidence vote. The Polish parliament voted in favor of Donald Tusk Monday, setting the stage for warmer relations with the EU and ending the eight year long rule of the country’s nationalist party. Tusk, a former European Council president has vowed to enhance relations with the EU and unblock tens of billions of frozen euros due to a dispute over the democratic standards of the country. 248 parliamentary members voted in favor with 201 voting against. Earlier Monday, the former Prime Minister Mateusz Morawiecki lost a vote of confidence. Critics of the nationalist party (PiS) say that the party undermined the independence of the country’s judiciary, turned state-owned media into propaganda, and encouraged prejudice against minorities. PiS in turn says that it defended Poland from foreign interference and improved the living standards of millions of Poles by raising the minimum wage and introducing social programs. Reuters
Polish tribunal rules against reform required to access EU cash. Poland’s Constitutional Tribunal ruled Monday that the judicial reform legislation the country needed to pass to access billions of frozen euros was unconstitutional, complicating the new pro-EU Polish government’s plan to mend relations with the economic bloc. Brussels has held COVID-19 recovery funds from Poland and required reform on issues such as judicial independence and green energy before releasing them. The European Commission previously said that it doubts the impartiality of the tribunal. The commission sued Poland in the EU’s top court over violations of EU law by Poland’s Constitutional Tribunal. This comes as Poland’s nationalist party (PiS) lost its parliamentary majority on October 15. The party’s prime minister candidate also lost a vote of confidence Monday, with a pro-European party aiming to establish a new government. Reuters
Leaders of Guyana and Venezuela meet as regional tensions rise. The leaders of Guyana and Venezuela are preparing to meet this week to discuss the inflamed tensions between the two countries regarding the oil-rich Esequibo region. Guyana’s president told reporters that he is coming to the table with “goodwill” but insisted that Guyana be respected and the dispute be heard in front of the International Court of Justice. Tensions escalated earlier this month after Venezuela held a referendum on whether to claim sovereignty over the region. Venezuela maintains that the region was within its boundaries during Spanish colonialism and rejects the borders drawn by international arbitrators in 1899 while Guyana was under British rule. Guyana’s President Irfaan Ali is scheduled to meet Venezuelan President Nicolas Maduro Thursday on the Caribbean island of St. Vincent. Other leaders were also invited to the talks including Brazilian President Inacio Lula da Silva. When asked about U.S. military aid, Ali reiterated that he signed an advanced defense agreement with the United States to ensure that “major training programs and exercises” would continue. Reuters
The data cutoff for this product was 3:00p.m. E.T.
Brad Christian, Leighton Durham and Ryan Simons contributed to this report.
Read deeply-experienced, expert-driven national security news, analysis and opinion inThe Cipher Brief
