5:30 PM ET, Tuesday, November 21, 2023
The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines:
THE TOP STORIES
North Korea Claims Successful Launch of First Spy Satellite. North Korea on Tuesday claimed that it successfully launched its first spy satellite into orbit and vowed to launch more in the future. North Korean state news agency KCNA said that Kim Jong Un personally observed the launch. Japanese and South Korean officials said they could not independently confirm if the satellite was successfully launched. North Korea recently notified Japan that it would be attempting a satellite launch between Wednesday and December 1, following two failed launches earlier this year. The reported launch attempt is the first since North Korean Leader Kim Jong Un and Russian President Vladimir Putin met in September, when Putin promised to help North Korean satellite development. South Korean officials said that this launch attempt likely included technical assistance from Moscow, which has received artillery shells from Pyongyang. U.S. National Security Council spokesperson Adrienne Watson said that the reported launch “is a brazen violation of multiple U.N. Security Council resolutions, raises tensions, and risks destabilizing the security situation in the region and beyond.” The reported launch comes just a week before South Korea plans to send its first spy satellite into space via a Space X Falcon 9 rocket. Al Jazeera Associated Press Reuters The Hill
Philippines, U.S. Launch Joint Air and Sea Patrols. The Philippines and the U.S. began joint maritime and aerial patrols in the South China Sea on Tuesday. The first joint patrol started near the island of Mavulis, the northernmost Philippine territory in the Bashi Channel south of Taiwan. The patrol will move west into the South China Sea. The Philippine military said it is contributing three naval vessels, two FA-50 light combat aircraft, and an A-29B Super Tunaco light attack plane for the patrols. A U.S. littoral combat ship and P8-A Poseidon maritime patrol and reconnaissance aircraft are also participating. Philippine President Ferdinand Marcos Jr. said the joint patrol is a “significant initiative” that will boost interoperability between American and Philippine military forces. The drill kicked off a day after Marcos told a forum in Hawaii that the situation in the South China Sea, which Manila calls the West Philippine Sea, has become more “dire” due to increased Chinese military assertiveness. The U.S. and the Philippines have significantly expanded defense cooperation this year to counter China. Reuters Financial Times USNI News Stratfor
U.S. Forces at Iraq Airbase Attacked. U.S. forces at the Ain al-Assad airbase west of Baghdad were attacked by a close-range ballistic missile on Tuesday. U.S. officials said the attack injured eight U.S. personnel and caused minor damage to infrastructure at the base. The strike was the first reported by the U.S. in Iraq in over two years. Pentagon spokesperson Sabrina Singh said U.S. forces responded by using an AC-130 aircraft to target an Iranian-backed militia vehicle and militants involved in the attack. Singh noted that this was the first public retaliation against recent militant attacks on U.S. forces in Iraq and there have been previous unannounced responses. Social media accounts of Iran-aligned militias published a statement in the name of the “Islamic Resistance of Iraq” saying one of its members was killed in fighting with U.S. forces. The militant’s death is the first reported casualty in Iraq linked to the Israel-Hamas war. U.S. forces in Syria and Iraq have been attacked by Iran-backed groups over 60 times since the Hamas terrorist attacks on October 7. Reuters
White House says Iran Potentially Considering Sending Ballistic Missiles to Russia. The White House said on Tuesday that Iran may be considering giving ballistic missiles to Russia for use in its invasion of Ukraine. White House National Security Council spokesman John Kirby said that in return for the missiles, Russia is offering Tehran “unprecedented defense cooperation” in areas like missiles, electronics, and air defense. Iran is also reportedly seeking to purchase billions of dollars worth of military equipment from Russia including attack helicopters, radars, and combat trainer aircraft. Kirby noted that Iran has already provided Russia with drones, guided aerial bombs, and artillery munitions for use in Ukraine. Additionally, Kirby said Russia’s Wagner Group mercenaries are planning to provide air defense capabilities to either Lebanon or Iran, at Moscow’s direction. Kirby said the U.S. will monitor the situation and is ready to take appropriate action in response, including using its counterterrorism sanctions authorities against Russian individuals and entities linked to these “destabilizing transfers.” Associated Press CNN Reuters
ISRAEL AND HAMAS WAR
Netanyahu says War Will Continue After Any Temporary Ceasefire. Israeli Prime Minister Benjamin Netanyahu on Tuesday vowed that the Israeli offensive against Hamas in Gaza will resume as soon as any temporary ceasefire with the militant group ends. His remarks came at a meeting of the full Israeli cabinet, which is expected to vote on a plan to observe a ceasefire in Gaza for several days to facilitate the release of hostages held by Hamas. Netanyahu said that supporting the ceasefire was the right thing to do and promised that intelligence will be maintained during the pause to prepare for the next phase of fighting. He said that the war will continue “until we achieve all our goals” and “Gaza will not threaten Israel.” U.S., Israeli, and Hamas officials have said that a hostage release deal is imminent. U.S. State Department spokesman Matthew Miller said that an agreement was close but not final. He added that while the delivery of humanitarian aid to Gaza is not contingent on the deal, the release of hostages will likely facilitate the transfer of more aid. Associated Press The Guardian Reuters
BRICS Leaders Meet to Discuss Israel-Hamas War. BRICS countries and nations invited to join the bloc held a virtual meeting to discuss the Israel-Hamas conflict. South Africa organized the talks, which were the first between BRICS leaders since the start of the Israel-Hamas war. The group did not agree on a joint declaration. South African President Cyril Ramaphosa said that the group agreed that all parties should “exercise maximum restraint” and affirmed that there should be an immediate cessation of hostilities and that the Israel-Palestine conflict can be resolved “by peaceful means.” Ramaphosa condemned Israel for its military actions in Gaza, calling them “tantamount to genocide” and saying that the “collective punishment of Palestinian civilians… is a war crime.” He also condemned Hamas for its attack against Israeli civilians. In contrast, Argentina’s Foreign Minister Santiago Cafiero said his country recognizes Israel’s right “to legitimate self-defense while strictly respecting humanitarian law.” Chinese President Xi Jinping was more sympathetic to the Palestinians, saying that their right to “statehood, their right to existence, and their right of return have long been ignored.” Russian President Vladimir Putin focused on blaming the conflict on the failure of U.S. policy in the Middle East and said that BRICS states could take a leading role in “finding a political solution.” Al Jazeera Associated Press Reuters
THE UKRAINE UPDATE
U.N. Estimates Over 10,000 Civilians Killed in Ukraine. The U.N. Human Rights Office reported on Tuesday that more than 10,000 civilians have been killed in Ukraine since Russia’s invasion in February 2022. The U.N. said most of the deaths were caused by explosive weapons including shells, missiles, and cluster munitions. U.N. data also showed that almost half of the civilian deaths in the last three months occurred far behind the front lines, likely due to Russia’s use of long-range missiles and the late explosion of abandoned ordinances. Over a third of victims whose ages were confirmed were over 60, supporting data showing that older people who may be unable or unwilling to evacuate to safer areas make up a disproportionate portion of civilian casualties. The U.N. human rights mission in Ukraine asserted that the real civilian death toll is “significantly higher” than the official figure since corroboration work is ongoing, including for events at the start of the invasion, such as the battle for Mariupol. Reuters
New U.S. Tech Could Help Protect Ukrainian Energy Systems in the Winter. Ukraine has received custom-built equipment designed to help protect its energy systems against Russian electronic warfare attacks with the help of U.S. officials. U.S. tech giant Cisco said it developed the equipment, which aims to counter Russian radio-jammers that interfere with the GPS systems that Ukraine’s state-owned grid operator Ukrenergo uses to manage power flows in Ukraine. Russia has also used the GPS jamming to interfere with U.S.-made guided missiles used by Ukraine’s military. Cisco delivered a prototype of the equipment to Ukraine in the spring via a U.S. Air Force plane carrying humanitarian aid for Kyiv. Once Ukrenergo confirmed the equipment worked, Cisco sent dozens of equipment kits worth around $1 million to Ukraine, where they were installed across the country. Sources said several U.S. agencies helped get the equipment to Ukraine, with the Pentagon handling flights, the Department of Energy coordinating deliveries, and the Department of Commerce arranging meetings earlier this year between U.S. tech executives and Ukrenergo. The report on the Cisco equipment comes as Ukraine prepares for Russian attacks against Ukrainian energy infrastructure in the coming winter months. CNN
Ukraine Defense Minister says No Decision Yet on Potential Firing of Top Military Commanders. Ukrainian Defense Minister Rustem Umerov told reporters on Tuesday that no decision has been made yet on whether to remove two of Ukraine’s senior military commanders – Joint Forces Commander Serhiy Nayev and Oleksandr Tarnavskyi, chief of the “Tavria” military command. There have been media reports about the possible firing of the commanders as part of a military leadership shakeup. Umerov said that the Ukrainian military is “doing everything possible to improve efficiency” and that if the commanders are dismissed “we will communicate it very openly.” Tarnavskyi leads the Tavria military command, which spearheaded Ukraine’s southeastern counteroffensive but failed to make significant breakthroughs against Russia’s defensive lies in the region. Reuters
Russia says Co-existence Impossible with ‘Current Regime’ in Ukraine. Russian Ambassador-at-Large Rodion Miroshnik told reporters on Tuesday that Russia cannot co-exist with the “current regime” in Ukraine. Miroshnik called Ukrainian President Volodymyr Zelensky’s government “absolutely toxic” and said that Moscow does not see “any options for co-existence with it at the moment.” Miroshnik’s comments reaffirm Russian President Vladimir Putin’s goals to “demilitarize” Ukraine. Miroshnik added that Russia can continue its war on Ukraine and that the West will eventually lose interest and withdraw its support for Kyiv. Miroshnik is a former official from the Russian-backed self-styled “Luhansk People’s Republic” in eastern Ukraine. His post was created to investigate alleged Ukrainian crimes against civilians in areas Russia has annexed. Kyiv has accused Russia of committing war crimes in its invasion of Ukraine, which Moscow has denied. Reuters
THE CYBER AND TECH RUNDOWN
SiegedSec Claims Breach of Personnel Data System at U.S. National Laboratory. The SiegedSec hacking group has claimed a breach of a human resources application on a system operated by the Idaho National Laboratory (INL) that has led to the seizure of detailed personal information of employees of the nuclear research facility. SiegedSec claimed access to “hundreds of thousands” of employee and other data, including names, social security numbers, and bank account information. CyberScoop could not confirm the actual size of the data records the threat group claims to have acquired from the sample posted online. Information in the files posed by SiegedSec dates as recently as October 31, with some screenshots depicting additional data categories beyond what was included in the sample. Lori McNamara, an INL spokesperson, confirmed that a system intrusion had taken place, noting that it impacted “servers supporting its Oracle HCM system, which supports its Human Resources applications.” She went on to say that the lab has taken immediate steps to protect sensitive personal information. INL scientists work on very sensitive national security programs, include defenses for U.S. critical infrastructure. INL is coordinating with the FBI and CISA in the investigation of the breach. CyberScoop Cybernews SC Magazine
Cybersecurity Advisory Warns Thousands of Organizations Open to Citrix Vulnerability. A vulnerability in Citrix products known as “Citrix Bleed” is being exploited by nation-state hackers and cybercriminals, according to an advisory issued Tuesday by CISA, the FBI, and Australian cybersecurity authorities. Specifically, the warning drew attention to the LockBit ransomware gang’s exploitation of Citrix NetScaler products used to manage network traffic. CISA Executive Assistant Director for Cybersecurity Eric Goldstein told reporters that the agency has used its Ransomware Vulnerability Warning Program to alert over 300 organizations, although he said thousand of other entities are still open to intrusion. One of the targeted companies is Boeing, which suffered disruption of its parts and distribution systems after a LockBit hack earlier in November. CISA confirms that other organizations “have observed similar activity impacting their organization.” The Citrix Bleed flaw allows hackers to bypass password and multifactor authentication measures, enabling the hijacking of legitimate user sessions on NetScaler and Gateway appliances. These steps, in turn, allow “malicious actors (to) acquire elevated permissions to harvest credentials, move laterally, and access data and resources,” according to the advisory. The Record BleepingComputer
North Korean IT Workers Use Array of Deceptive Techniques To Gain Western Jobs. North Korean IT workers are employing fake names and LinkedIn profiles, among other tactics, to gain employment in Western tech companies. The motivation for masquerading behind false identities is to earn hard currency for the North Korean regime although it requires sophisticated methods to pass employment hurdles. One form of deception is the use of fake interview scripts, an example of which was uncovered by the Palo Alto cybersecurity firm. Among the documentation exposed by Palo Alto were fraudulent resumes, online profiles, interview notes, and forged identities used byNorth Korean workers seeking jobs in software development. Reuters obtained leaked dark web data exposing the employment tools and techniques used to persuade companies in countries as diverse as Chile, New Zealand, the United States, Uzbekistan and the United Arab Emirates. According to the U.S. Justice Department, remote IT workers can earn more than ten times the typical income of a North Korean laborer working overseas in construction or other manual jobs earn. Reuters
ELSEWHERE IN THE WORLD
Somali President says Al Shabaab Must Be Eliminated in a Year. Somalia’s President Hassan Sheikh Mohamud said on Tuesday that Somalia has one year to expel the al-Qaeda linked al Shabaab militant group from the country. Mohamud set this deadline to correspond with the scheduled withdrawal of remaining African Union peacekeepers next December, which he called “the end game.” He added that the focus now is on eliminating “the residual” al Shabaab, which has been made more difficult by recent flooding in Somalia. Mohamud’s cooperation with clan based militias against al Shabaab last year resulted in major territorial gains against the militant group. However, al Shabaab has continued to carry out deadly attacks in Somalia. Reuters
Ethiopia Talks with OLA Rebels Fail to Reach Deal. The Ethiopian government and Oromo Liberation Army (OLA) rebels said that a second round of peace talks aimed at ending their decades-old conflict has ended without a deal. The negotiations in Tanzania between the government and OLA followed talks that took place in April and May that also ended without an agreement. The OLA is an outlawed splinter group of a formally banned opposition party with its grievances rooted in the alleged marginalization and neglect of the people of Oromiya. Over the past few years, violence in Oromiya has killed hundreds of people. It has become a major security focus since the two year civil war in northern Tigray ended last year. An anonymous source said that there are currently no plans to resume discussions between the two parties. Reuters
The data cutoff for this product was 4:00p.m. E.T.
Ethan Masucol, Ken Hughes, and Leighton Durham contributed to this report.
Read deeply-experienced, expert-driven national security news, analysis and opinion inThe Cipher Brief
