4:00 PM ET, Thursday, November 30, 2023
The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines:
THE TOP STORIES
Ukrainian Intelligence Allegedly Targets Rail Lines in Russia’s Far East, Moscow Region. The Security Service of Ukraine (SBU) allegedly detonated four explosive devices on a key railway line in Russia’s far eastern republic of Buryatia overnight, according to a Ukrainian defense source. The source said the explosion occurred on the Baikal-Amur railway — which runs north of the Trans-Siberian railway and is part of a railway network connecting Russia and China. The blast specifically occurred in the Bessolov Severomuyskiy tunnel while a freight train passed through. The Russian Railway reported a fire incident on a train along the route and that rail traffic has been rerouted. Russian authorities said they are investigating the incident. The attack would be a striking demonstration of Ukraine’s ability to conduct operations inside Russia. The SBU has not officially commented on the reports. Separately, Ukraine’s military intelligence agency HUR announced on Thursday that it sabotaged railway infrastructure in the Moscow region in cooperation with local resistance. HUR posted a video allegedly showing a person setting fire to railway relay boxes, which control signals for train operators, as part of the operation. Media outlets could immediately independently confirm the reports. Kyiv Independent CNN Reuters
E.U. to Push China to Stop Specific Chinese Firms from Evading Sanctions on Russia. E.U. leaders will reportedly ask Chinese President Xi Jinping to act against 13 Chinese firms accused of circumventing sanctions on Russia. The leaders will make the request at an E.U.-China summit in Beijing this week. The sanctions are aimed at preventing Russia from acquiring European-made military and dual-use goods. The 13 Chinese companies in question may be sanctioned if they do not comply with the measures. E.U. leaders are expected to push China for evidence on what it has done to enforce sanctions and secure a pledge to counter sanctions circumvention from the highest level of the Chinese government. The E.U. estimates that up to 70 percent of sensitive, high-tech products getting to Russia’s military are being delivered via China. South China Morning Post
Brazil Reportedly to Join OPEC+ in January. Brazil is seeking to join the OPEC+ group of oil-producing countries in January after a full technical analysis, according to the country’s energy minister. Brazilian President Luiz Inacio Lula da Silva’s office confirmed that OPEC+ invited Brazil, South America’s largest oil producer, to join. However, the office said he has yet to formally respond. Sources say that Brazil is not expected to participate in OPEC+ output cuts as a member of the group. Reports about Brazil’s membership in the group came as OPEC+ nations agreed to voluntary output cuts over 2 million barrels per day (bpd) for early next year in a bid to boost prices. Reuters Associated Press
ISRAEL AND HAMAS WAR
Gaza Hostage Releases Continue in Extended Ceasefire. The Israeli military confirmed that Hamas released two more hostages to the International Committee of the Red Cross on Thursday. Eight more Israeli hostages are set to be released later in the day. Israel has released a list of 30 Palestinian prisoners to be freed in exchange. Washington Post
U.S. says Israel to Institute ‘Clear Plan’ Before Starting Southern Gaza Military Actions. Secretary of State Antony Blinken said on Thursday that the Israeli government has agreed to establish a “clear plan” to protect civilians before restarting military actions in southern Gaza after the ceasefire with Hamas. Blinken said the U.S. had “made clear” that Israel should not resume its assault on the Gaza Strip without such a plan. He added that Israeli leaders offered “concrete steps” to ensure the safety of Palestinian civilians. The Biden administration has pushed Israel about concerns over a resumption of Israeli military operations in southern Gaza for days. White House spokesman John Kirby earlier said, “We do not support a move to the south unless or until (Israeli forces) have adequately accounted for the protection of innocent human life,” emphasizing that “there’s a whole heck of a lot more innocent civilians in southern Gaza” since civilians in northern Gaza have evacuated there or the last few days. Israeli Prime Minister Benjamin Netanyahu on Thursday said he has “sworn to eliminate Hamas,” highlighting the shooting in Jerusalem that Hamas claimed responsibility for as another demonstration of why Israel must ensure there will be no such threats from Gaza again. Washington Post Wall Street Journal New York Times
THE UKRAINE UPDATE
Ukrainian Hacker Group, SBU Hack Russia’s Labor Ministry. A hacker group allegedly working with the Security Service of Ukraine (SBU) reportedly hacked into the website of Russia’s Labor ministry and gathered sensitive data about Moscow’s invasion of Ukraine. The group, known as Blackjack, allegedly worked with SBU cyber specialists and successfully downloaded over 100 terabytes of data from the ministry’s servers. The information includes statistics on the performance of Russian military operations and materials, which are used to report to Russian President Vladimir Putin. The data also included personal information on Russian soldiers and figures on the quantities of prosthetic limbs. A separate hack uncovered information about the situation in parts of occupied Ukraine including information on collaborators in leadership positions. Kyiv Independent
Ukraine Accuses Russia for Lack of Prisoner Swaps for Months. Dmytro Lubinets, Ukraine’s human rights commissioner, on Thursday accused Russia of refusing to agree to new exchanges of prisoners of war for the last three months. Since Russia’s invasion of Ukraine in February 2022, Moscow and Kyiv have held several prisoner swaps. The frequency of such exchanges has dropped in 2023, with the last one taking place in early August. Lubinets said that since then, every Ukrainian initiative to exchange prisoners has been met with Russian “unwillingness.” He also noted that Russian prisoners held in Ukraine wanted to be exchanged but that “no one from the Russian side wants them back.” Ukraine said on Tuesday that it has brought back 2,598 people from Russian captivity in 48 different swaps. Reuters
Slovakia PM Calls for Preparation for End of Ukraine War, Normalization of Relations with Russia. Slovak Prime Minister Robert Fico said on Thursday that Slovakia should prepare for “the end of the war in Ukraine and the standardization of Slovak-Russian relations.” In remarks to both the U.S. and Russian ambassadors to Slovakia in Bratislava, Fico said that Slovakia has certain “sovereign positions” that are not always “in line with the policy of one single correct opinion promoted in the E.U.,” adding that Slovakia supports “peace initiatives” and not war in Ukraine. Fico’s SMER party won parliamentary elections in September, promising to immediately halt all military aid to Ukraine. His comments come as Slovakia said it is expanding a ban on Ukrainian agricultural goods as part of an ongoing dispute about the impact of Ukrainian goods on local farmers. Kyiv Independent Kyiv Independent
France Increasing Ammunition Supplies to Ukraine in 2024. Ukraine’s Defense Ministry announced on Thursday that France has pledged to boost ammunition supplies to Ukraine in 2024. A French delegation led by Engineer General Jean-Francois Dock made the pledge in a meeting with Ukraine’s deputy defense ministers Dmytro Klimenkov and Lieutenant-General Ivan Havryliuk in Kyiv. The two sides discussed defense cooperation and military logistics. Havryliuk thanked France for the commitment and highlighted that France has received funds and will make a payment for additional Caesar self-propelled howitzers. Kyiv Independent
Von der Leyen says 480,000 E.U.-Made Shells Sent or to Be Sent to Ukraine. European Commission President Ursula von der Leyen said on Thursday that 480,000 artillery shells for Ukraine “have been either delivered or are on the pipeline.” She added that the E.U. will be able to produce one million ammunition rounds per year starting from 2024. Her remarks expressed confidence in the expansion of the E.U. defense industry to help support Ukraine and refill depleted stockpiles. E.U. and Ukrainian officials have said the bloc needs to improve in its defense production, most clearly demonstrated in the fact that the E.U. is behind schedule to deliver a million artillery shells to Ukraine by next spring. Kyiv Independent
Von der Leyen Urges E.U. Defense Strategy to Include Ukraine. European Commission President Ursula von der Leyen said on Thursday that the E.U. should consider Ukraine’s military needs as it determines the future strategy of Europe’s defense industry. Von der Leyen added that Ukraine should be integrated into the E.U.’s defense programs to help shape them to Ukraine’s needs. To achieve this, von der Leyen said Ukraine should be included in the consultation process of the industrial strategy. The European Commission plans to propose its European Defense Industry Program early next year. Reuters
Son of Russian Oligarch Pumpyansky Wins Appeal Against E.U. Sanctions. Alexander Pumpyansky, son of Russian oligarch Dimitri Pumpyansky, won an appeal against E.U. sanctions at the E.U. General Court on Wednesday. In its ruling, the court said that the E.U. had admitted that from March 9, 2022, Pumpyansky was no longer president and board member of Russian investment bank Sinara or TMK, which supplies manufactured steel to Russian energy giant Gazprom. Both companies are accused of supporting Russia’s invasion of Ukraine. Pumpyansky was put on the sanctions list for ties to the two firms. The court ruled that Pumpyansky must be taken off of the sanctions list, but rejected his bid for damages. A court official said that the E.U. has two months to appeal the ruling. So far, the E.U. has imposed sanctions on nearly 1,700 people and entities over Russia’s invasion of Ukraine. Kyiv Independent Reuters
THE CYBER AND TECH RUNDOWN
Meta Threat Report Anticipates Chinese-Russian-Iran Info Ops in Election Campaigns. Meta’s latest “adversarial threat report” emphasizes that foreign influence campaigns are intensifying in preparation for multiple democratic elections in 2024, including in the U.S., Britain, and India. Notable elections also will take place in Taiwan and Moldova. Meta’s threat report spotlights three separate influence operation that it played a role in disrupting, two from China and one of Russian origin. The Chinese campaigns focused on India and the Tibet region along with the U.S. The Russia-sponsored operation revolved around criticism of President Joe Biden’s support for Ukraine, and French President Emmanuel Macron for the French role in West Africa. Looking ahead to 2024, the report singles out Russia, Iran and China as the leading sources of “coordinated inauthentic information.” These countries, Meta says, will exploit through covert operations any narratives that become election issues in the U.S. or elsewhere next year. In the event Chinese relations become an election issue in a targeted country, the report states, “it is likely that we’ll see China-based influence operations pivot to attempt to influence those debates.” Similarly, political debates in Europe and North America over support for Ukraine likely will trigger “Russian attempts to interfere in those debates.” The Record CyberScoop
Graphite Becomes Latest Weapon in China’s Response to U.S. Tech Export Controls. As of Friday, China will impose new restrictions on exports of graphite, a key mineral used in electric car batteries, semiconductors, and other advanced technology devices. The new rules requiring exporters of high-grade graphite to obtain government approvals is seen as a possible threat to U.S. efforts to expand its “green economy.” Along with gallium and germanium, two minerals earlier subjected to Chinese export restrictions, graphite is considered by the U.S. to be a “critical” material for economic and national security. China leads the world in graphite production and is the single-largest supplier – at 30 percent of exports — to the U.S. market. South Korea and Japan import more than 90 percent of their graphite supplies from China. The new restrictions do not ban graphite exports outright, but allow the Chinese government to determine which foreign companies will be prevented from importing Chinese graphite. The new rules categorize graphite as a “dual-use” material with both military and civil applications. Consequently, Chinese exporters must obtain special licenses and reveal details on their buyers. Emily Benson, a senior fellow with the Center for Strategic and International Studies, described the new Chinese measure as “a warning shot for a sure.” She went on to say, “will they really bite? Probably not, but it’s a sign that the more tools you use to combat China economically, the greater the risk of retaliation.” Washington Post Nikkei Asia
NATO Cyber Defense Exercise Under Way in Estonia with Focus on Infrastructure. A NATO cyber defense exercise is under way this week in Estonia to simulate cyberattacks on critical infrastructure with a focus on electrical stations and energy grids as well as water-treatment plants. Commander Charles Elliott, director of the exercise, said the volume of attacks against such critical targets “has greatly increased and not just in Ukraine, but across NATO nations.” Elliott noted that the current cyber exercise is designed to test member states’ ability to thwart hacks on electric-vehicle charging infrastructure as well as cyberattacks that use infected USB drives to spread malware. Around 1,300 participants from NATO members and partner countries – which includes Ukraine, South Korea and Japan – are involved in the exercise, with some on-site in Tallinn and others working remotely. Several businesses also are involved, with Airbus, the Italian defense company Leonardo, and Spanish defense systems firm Indra providing a platform to test future cyber defense technology alongside the exercise. David van Weel, NATO’s assistant secretary general for emerging security challenges, welcomed the participation of the private sector since most critical infrastructure is operated by commercial firms. Heli Tiirmaa-Klaar, director of the Digital Society Institute at the European School of Management and Technology in Berlin, added, “military-civilian cooperation in addressing those cyber threats and the involvement of industry in those exercises is key.” In anticipation of an updated NATO AI strategy in 2024, van Weel noted that “the most acute change we will see in the cyber domain will be the use of AI both in attacking but also in defending our networks.” Wall Street Journal
China Reports ‘Initial Set-Up’ of High-Orbit Satellite Communications Network. China says it has completed the initial set-up of a high-orbit satellite communication network, which a Chinese communications export described as an eventual alternative to SpaceX’s Starlink constellation. The China Aerospace Science and Technology Corporation (CASTC) said the network will provide high-speed satellite Internet service to domestic customers and several Belt & Road nations. The network anticipates services to industrial clients in aviation and navigation as well as emergency services and the energy sector. High-throughput satellites in the ChinaSat 16, 19, and 26 series are part of the network and service China and parts of Russia, Southeast Asia, Mongolia, and the Indian and Pacific oceans. By 2025, the total capacity of the high-throughput satellites is expected to exceed 500 Gpbs. Sun Yaohua, associate professor at the Beijing University of Posts and Telecommunications, compared the Chinese satellite network to Starlink’s low-orbit constellation, describing the former as requiring far fewer satellites for coverage and offering higher stability. Sun added the cost of a single low-orbit satellite is much lower while noting that “the coordination of high- and low-orbit satellites will be a general global trend in the future, with the former for basic coverage and the latter for regional or operational enhancement.” South China Morning Post
DARPA Delays AI Cybersecurity Challenge Opening Until Dec. 11. The first-ever AI Cyber Challenge sponsored by the Defense Advanced Research Projects Agency (DARPA) is being delayed until December 11. Registration for the competition originally was scheduled to open on December 1. The Challenge program manager, Perri Adams, posted to X that “we’re delaying this release until the week of December 11th in order to package together even more technical challenge details and additional AIxCC updates — a gift to you all just in time for the holidays.” The two-year long AIxCC competition expects participation of top world computer scientists, AI experts, software developers, and others. The competition’s goal is to devise and build next-generation AI-enabled cybersecurity tools to defend critical infrastructure. Anthropic, Google, Microsoft, and OpenAI are expected to offer the use of their cutting-edge technology to challenge competitors. Two tiers make up the competition, a sponsored one where up to seven participants from small businesses will be paid to work on the challenge, and an open track in which it will be possible for participants to earn the bulk of the prize money. The top 20 combined competitors will qualify for the semi-finals where five teams will be awarded a $2 million each. The final top three winners will receive prizes worth $1.5 and $3 million and $4 million, respectively. Cybernews NextGov
Russia-Linked Black Basta Gang Ransom Haul Exceeds $100 Million. The Russia-linked Black Basta ransomware gang has extorted over $100 million in Bitcoin ransom payments since early 2022. Researchers from Elliptic and Corvus Insurance analyzed Black Basta crypto ransom payments involving more than 90 victims, with an average ransom of $1.2 million. Even these estimates are conservative as it is possible other ransoms remain undetected by researchers. Ransomware groups do not rely on a single crypto wallet for payments, and victims rarely share details about ransom transfers. The analysis of Black Basta’s leak site reveals that “at least 35 percent of known Black Basta victims paid a ransom,” which the researchers described as “consistent with reports that 41 percent of all ransomware victims paid a ransom in 2022.” The researchers also concluded that Black Basta’s crypto transactions reinforce its links to the Conti Group, with several million dollars in Bitcoin from Conti-linked wallets deposited in wallets linked to Black Basta. Elliptic said “this further strengthens the theory that Black Basta is an offshoot or rebrand of Conti.” Included among Black Basta’s victims list are Capita, a UK technology outsourcing firm with substantial UK government contracts, and ABB, an industrial automation company and contractor for the U.S. government. Neither firm has publicly disclosed if they paid Black Basta ransoms. CybernewsBleepingComputer
ELSEWHERE IN THE WORLD
China Confirms Efforts to Restore Military Communication Channels with U.S. The Chinese defense ministry said on Thursday that Beijing and Washington are in talks to restore military communication channels based on the agreement between Chinese President Xi Jinping and President Joe Biden earlier this month. Ministry spokesman Senior Col. Wu Qian said defense officials from both sides are coordinating to resume the communication channels “on the basis of equality and respect.” It is the first time China’s defense ministry has confirmed that it is working to restore military communications with the U.S. Separately, Wu added that China is willing to collaborate on the regulation of military use of artificial intelligence. Despite the comments on cooperation, Wu also warned the U.S. against military support of Taiwan. He highlighted reports that Taiwan is seeking to buy six retired U.S. military combat ships and build missile sites as signs that Taipei is seeking independence, which will push the island “into the abyss of disaster.” South China Morning Post
OPINION – China Needs to Pick Up the Phone as Trust Deficit Still Looms Large. Cipher Brief Expert Ambassador Joseph Detrani argues that while the meeting between President Joe Biden and Chinese President Xi Jinping earlier this month made progress on military communications and cooperation on countering fentanyl trafficking, a major trust deficit remains between Beijing and Washington. There are major persisting issues causing tension, including China’s attempted intimidation of Taiwan; tensions in the South China Sea; Beijing’s ties with Russia and Iran; China’s nuclear and military buildup; Hong Kong’s declining autonomy; and human rights issues in Tibet and Xinjiang. Detrani says both sides must build trust to address these problems. Leader-to-leader and military-to-military communications are especially crucial to prevent accidents that could lead to escalations, namely in the South and East China Seas and the Taiwan Strait. The Cipher Brief
Indonesia Approves 20% Increase to 2024 Defense Budget. Indonesia’s finance minister Sri Mulyani Indrawati said on Wednesday that the outgoing Indonesian president Joko Widodo approved a 20% increase in defense spending through the end of next year to upgrade the Indonesian military’s hardware. Sri Mulyani said that the defense budget would increase from $20.75 billion to $25 billion. She added that despite the “significant increase,” the budget for the three five-year periods from 2020 to 2034 would remain at $55 billion. Parabowo Subianto, Indonesia’s Defense Minister and leading candidate in upcoming presidential elections in February, has pushed for the modernization of Indonesia’s military in recent years. For the past decade, Indonesia’s defense spending per capita has been the lowest of the region’s emerging-market economies, according to the Stockholm International Peace Research Institute. In recent years, Parabowo has signed deals including the purchase of 42 Dassault Rafale fighter jets for $8.1 billion, 12 drones from Turkish Aerospace worth $300 million, and 12 Mirage 2000-5 jets for $800 million. Additionally, he has signed agreements to buy aircraft from Boeing and Lockheed Martin. The country also signed a deal to purchase a $100 million submarine rescue vessel from Britain after one of the country’s submarines sank in 2021 during a drill. Reuters
The data cutoff for this product was 3:30p.m. E.T.
Ethan Masucol, Ken Hughes, and Leighton Durham contributed to this report.
Read deeply-experienced, expert-driven national security news, analysis and opinion in The Cipher Brief
