[rebelmouse-image 60323897 expand=1 dam=1 alt="OSR Full Logo Header 2.0" site_id=26883708 is_animated_gif="false" original_size="500x200" crop_info="%7B%22image%22%3A%20%22https%3A//assets.rbl.ms/60323897/origin.png%22%2C%20%22thumbnails%22%3A%20%7B%22origin%22%3A%20%22https%3A//assets.rbl.ms/60323897/origin.png%22%2C%20%22300x%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D300%22%2C%20%221000x750%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D1000%26height%3D750%26coordinates%3D116%252C0%252C117%252C0%22%2C%20%22600x600%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D600%26height%3D600%26coordinates%3D150%252C0%252C150%252C0%22%2C%20%222000x1500%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D2000%26height%3D1500%26coordinates%3D116%252C0%252C117%252C0%22%2C%20%221200x400%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D1200%26height%3D400%26coordinates%3D0%252C17%252C0%252C17%22%2C%20%22600x200%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D600%26height%3D200%26coordinates%3D0%252C17%252C0%252C17%22%2C%20%22750x1000%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D750%26height%3D1000%26coordinates%3D175%252C0%252C175%252C0%22%2C%20%221500x2000%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D1500%26height%3D2000%26coordinates%3D175%252C0%252C175%252C0%22%2C%20%221245x700%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D1245%26height%3D700%26coordinates%3D72%252C0%252C72%252C0%22%2C%20%22600x400%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D600%26height%3D400%26coordinates%3D100%252C0%252C100%252C0%22%2C%20%221200x800%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D1200%26height%3D800%26coordinates%3D100%252C0%252C100%252C0%22%2C%20%221200x600%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D1200%26height%3D600%26coordinates%3D50%252C0%252C50%252C0%22%2C%20%22700x1245%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D700%26height%3D1245%26coordinates%3D193%252C0%252C194%252C0%22%2C%20%2235x35%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D35%26height%3D35%22%2C%20%22600x%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D600%22%2C%20%22300x300%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D300%26height%3D300%26coordinates%3D150%252C0%252C150%252C0%22%2C%20%22600x300%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D600%26height%3D300%26coordinates%3D50%252C0%252C50%252C0%22%2C%20%22980x%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D980%22%2C%20%22210x%22%3A%20%22https%3A//rebelmouse.thecipherbrief.com/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy82MDMyMzg5Ny9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTc3NjU3MDYxMX0.ArCiKF74VYJw-LAnvo3nzjJsGsjrz-Fcx0h5SaMLFd0/image.png%3Fwidth%3D210%22%7D%2C%20%22manual_image_crops%22%3A%20%7B%229x16%22%3A%20%7B%22sizes%22%3A%20%5B%22700x1245%22%5D%2C%20%22top%22%3A%200%2C%20%22height%22%3A%20200%2C%20%22width%22%3A%20113%2C%20%22left%22%3A%20193%7D%2C%20%22600x300%22%3A%20%7B%22sizes%22%3A%20%5B%22600x300%22%5D%2C%20%22top%22%3A%200%2C%20%22height%22%3A%20200%2C%20%22width%22%3A%20400%2C%20%22left%22%3A%2050%7D%2C%20%223x1%22%3A%20%7B%22sizes%22%3A%20%5B%221200x400%22%2C%20%22600x200%22%5D%2C%20%22top%22%3A%2017%2C%20%22height%22%3A%20166%2C%20%22width%22%3A%20500%2C%20%22left%22%3A%200%7D%2C%20%223x2%22%3A%20%7B%22sizes%22%3A%20%5B%221200x800%22%2C%20%22600x400%22%5D%2C%20%22top%22%3A%200%2C%20%22height%22%3A%20200%2C%20%22width%22%3A%20300%2C%20%22left%22%3A%20100%7D%2C%20%221x1%22%3A%20%7B%22sizes%22%3A%20%5B%22600x600%22%2C%20%22300x300%22%5D%2C%20%22top%22%3A%200%2C%20%22height%22%3A%20200%2C%20%22width%22%3A%20200%2C%20%22left%22%3A%20150%7D%2C%20%223x4%22%3A%20%7B%22sizes%22%3A%20%5B%221500x2000%22%2C%20%22750x1000%22%5D%2C%20%22top%22%3A%200%2C%20%22height%22%3A%20200%2C%20%22width%22%3A%20150%2C%20%22left%22%3A%20175%7D%2C%20%2216x9%22%3A%20%7B%22sizes%22%3A%20%5B%221245x700%22%5D%2C%20%22top%22%3A%200%2C%20%22height%22%3A%20200%2C%20%22width%22%3A%20356%2C%20%22left%22%3A%2072%7D%2C%20%224x3%22%3A%20%7B%22sizes%22%3A%20%5B%222000x1500%22%2C%20%221000x750%22%5D%2C%20%22top%22%3A%200%2C%20%22height%22%3A%20200%2C%20%22width%22%3A%20267%2C%20%22left%22%3A%20116%7D%2C%20%222x1%22%3A%20%7B%22sizes%22%3A%20%5B%221200x600%22%2C%20%22600x300%22%5D%2C%20%22top%22%3A%200%2C%20%22height%22%3A%20200%2C%20%22width%22%3A%20400%2C%20%22left%22%3A%2050%7D%7D%7D" caption="" photo_credit="" title=""]

5:30 PM ET, Tuesday, November 28, 2023

The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines:  

THE TOP STORIES

Section 702 Cited as Critical Component in Thwarting Weapons Parts Sales to Iran.  Surveillance authorities granted by Section 702 allowed the U.S. intelligence community to block sales of weapons parts to Iran in recent years, according to intelligence officials speaking to Politico.  The CIA and other intelligence components conducted electronic monitoring of foreign weapons manufacturers’ communications that led to the interruption of several advanced weapons parts shipments to Iran by multiple routes – land, air, and sea.  The operations focused on preventing Tehran from strengthening its ballistic missile program and from expanding its support to insurgent conflicts in the region, including the war between Hamas and Israel.  Regarding the interdiction of weapons parts, one official said “it wasn’t one specific action. It was a number of actions.”  The official added, “in at least one instance, if not more, specific sales were stopped either before they went or while they were en route.”  Section 702 provisions allowed the intelligence agencies to use information acquired from other collection operations to interrogate the 702 database and extract details, including cost, timing, and size, that allowed the weapons sales to be blocked.  Politico

Iran Planning to Receive Russian Jets, Helicopters.  Iran’s deputy Defense Minister Mehdi Farahi said on Tuesday that Tehran has finalized a deal to receive Russian-made Sukhoi Su-35 fighter jets, Mil Mi-28 helicopters, and Yak-130 jet trainers.  The report by Iran’s Tasnim news agency on his comments did not include Russian confirmation of the arrangement.  Iran’s air force only has a few dozen strike aircraft, including Russian jets and aging U.S. jets acquired before the 1979 Islamic Revolution.  Tehran claimed in 2018 that it started production of its locally-designed Kowsar fighter jet, which military experts say is a carbon copy of the U.S. F-5 jet, first made in the 1960s.  Reuters 

Pentagon Funding Strained Amid Renewed Middle East Tensions.  The U.S. military is running low on funds to adequately respond to renewed tensions in the Middle East.  The military, and the rest of the federal government, is operating on a temporary funding measure that freezes spending at the previous year’s levels.  Pentagon spokesperson Chris Sherwood said that since the recent military buildup in the Middle East in response to unrest in the region was not planned, the U.S. military has had to pull money from existing operations and maintenance accounts to pay for it.  Sherwood said this diverting of money means less funding for training, exercises, and deployments that were already planned for the year, as well as potential delays in contractual payments.  Top defense officials say that such disruptions show the impact of temporary funding measures on national security.  Politico

NATO Foreign Ministers Meeting in Brussels.  NATO foreign ministers met in Brussels on Tuesday.  U.S. Secretary of State Antony Blinken said the meeting was aimed at “strongly reaffirming our support for Ukraine” amid Russia’s invasion.  NATO Secretary-General Jens Stoltenberg urged members of the alliance to “stay the course” in backing Ukraine, arguing that it is in all members’ “security interests” to do so.  Stoltenberg highlighted recent pledges from Germany and the Netherlands worth 10 billion euros ($11 billion) for Ukraine as proof of NATO’s commitment to Kyiv.  The meeting comes as the U.S. Congress continues to debate $61 billion in proposed U.S. aid for Ukraine, while Hungary is threatening to block $50 billion in E.U. aid for Kyiv.  Ukraine’s Foreign Minister Dmytro Kuleba is joining his NATO counterparts on Wednesday to appeal for further support and outline a plan for reforms to help Ukraine achieve membership in the alliance.  Beyond Ukraine, NATO foreign ministers are discussing Russia’s broader “destabilizing actions” in the region, including its alleged pushing of asylum seekers to Finland.  The Israel-Hamas war is not on the agenda, but ministers will likely discuss the conflict and the future of Gaza.  On China, Stoltenberg said Beijing “is not an adversary” but that the alliance must be “clear-eyed about the impact of China’s coercive policies on our security.”  Al Jazeera New York Times Reuters 

ISRAEL AND HAMAS WAR

CIA Director Burns in Qatar for Talks on Hostage Releases.  CIA Director William Burns reportedly held a meeting with the head of Israel’s Mossad intelligence service, David Barnea, and Qatari Prime Minister Mohammed bin Abdulrahman bin Jassim Al Thani in Doha on Tuesday.  It is reportedly the second meeting between the three officials since the Hamas attacks against Israel on October 7.  A source said that Abbas Kamel, director of Egypt’s intelligence service, also participated in the latest meeting.  Sources say Burns pushed for a potential further extension of the ceasefire between Israel and Hamas, an expansion of Hamas hostage releases to include men and military personnel, and the immediate release of the estimated seven to nine American hostages still held by Hamas.  Coordination between all sides has been critical amid the ongoing pause in fighting.  Israeli officials said Burns and his staff have been in constant communication with the joint Israeli-Qatari “situation room” at Mossad’s headquarters in Tel Aviv about the hostage releases.  Officials also said that Burns worked closely with Kamel when a delay in Hamas’s release of hostages on Saturday raised concerns about a collapse in the initial ceasefire.  The CIA did not comment on Burns’s trip.  The Qatari and Israeli governments also declined to comment.  CNN Axios New York Times Washington Post 

Hamas Frees Israeli Hostages, Israel Releases Palestinian Detainees in Extended Ceasefire.  Israel and Qatar confirmed that Hamas released 12 hostages to the International Committee of the Red Cross (ICRC) on Tuesday, in line with the extended ceasefire deal.  The Israeli prime minister’s office said the 12 released hostages include ten Israelis and two Thai nationals, and a Qatari foreign ministry spokesperson said the Israelis included nine women and one child.  The ICRC said the freed hostages were with Israeli special forces on Israeli territory.  Israel said it freed 30 Palestinian detainees from Ofer and a detention center in Jerusalem in exchange.  The semi-official Palestinian Prisoner’s Club said the released Palestinians included 15 women and 15 teenagers.  Al Jazeera said the Palestinians were in the West Bank city of Ramallah and Jerusalem.  Reuters Washington Post

U.S. Military Delivers Aid for Gaza for First Time in Israel-Hamas Conflict.  The U.S. military delivered humanitarian aid for Palestinians in Gaza impacted by the Israel-Hamas conflict for the first time on Tuesday.  Pentagon spokesman Brigadier General Patrick Ryder said that the aid includes food, warm clothing, and other items organized by the U.S. Agency for International Development.  The aid was delivered by a C-17 aircraft to Egypt and will be delivered into Gaza by U.N.-affiliated trucks.  Ryder added that more aid will be delivered by the Air Force in the coming days.  Washington Post

THE UKRAINE UPDATE

Zelensky Signs 2024 Ukrainian State Budget.  Ukrainian President Volodymyr Zelensky signed the 2024 Ukrainian state budget into law on Tuesday.  State budget revenues are set at Hr 1.78 trillion ($49 billion) with expenditures almost double, at Hr 3.35 trillion ($93 billion).  Defense spending is set at Hr 1.69 trillion ($46.4 billion), or around 22% Ukraine’s GDP.  Hr 43 billion ($1.1 billion) of that military spending is allocated to drone production, an equal amount will go to domestic manufacturing of arms and ammunition, and Hr 15 billion ($413 million) will go to veterans’ services, including Hr 1 billion ($27.5 million) for prosthetics.  Expenditures beyond revenues will fall within the deficit, which is set at Hr 1.57 trillion ($44 billion).  The budget also sets Hr 2 trillion ($55 billion) in external borrowing and internal government bonds.  Kyiv Independent

E.U. Council Approves Additional Funding to Training Mission for Ukrainian Forces.  The Council of the European Union on Tuesday approved an additional 194 million euros ($213 million) in funding for its training mission for Ukrainian soldiers.  The funds will be provided through the European Peace Facility and will be used for military equipment and services needed for the European Union Military Assistance Mission in support of Ukraine (EUMAM Ukraine).  The new funds bring total funding for the mission to $280 million.  The mission has trained over 34,000 Ukrainian soldiers since October 17, 2022.  Kyiv Independent

THE CYBER AND TECH RUNDOWN

Daixin Ransomware Gang Claims Breach of North Texas Water Utility Network.  A north Texas water utility has reported a cyberattack that impacted the firm’s business computer network and phone system.  The communications director for the North Texas Municipal Water District said that most computer system operations have been restored with no impact on core water, wastewater, and solid waste services.  Alex Johnson added that the utility “has engaged third-party forensic specialists who are actively investigating the extent of any unauthorized activity.”  The Daixin Team ransomware group claimed responsibility for the attack and added the water district to its web site victim list.  The gang said it extracted more than 33,000 customer files during the intrusion. In September 2022, the ransomware group caused significant damage to Oakbend Medical Center in Richmond, Texas.  Johnson confirmed the utility has notified law enforcement, but did not respond to requests for comment on whether the water district is dealing with ransomware.  The Record

Replicator Initiative To Be Briefed to UK During Deputy Defense Secretary Visit.  The Pentagon’s Replicator drone program will be on the agenda this week as Deputy Defense Secretary Kathleen Hicks prepares to brief senior British officials in the first international meeting the Replicator team has conducted.  A DoD spokesperson said Hicks will hear from her UK counterparts about their technology successes in addition to sharing updates on the Replicator initiative.  Last week, Hicks announced that the Pentagon is finalizing selections of the specific programs and systems to be accelerated through Replicator.  A Pentagon spokesperson declined to comment on the possibility of the U.S. involving close allies like Britain in the drone program.  Hicks’ itinerary during her UK visit includes participating in the biannual U.S.-UK defense dialogue as well as observing U.S. capability demonstrations at Royal Air Force Lakenheath.  DefenseScoop

Multinational AI Guidance Event Focuses on Risks Linked to Large Model Outputs.  In the course of releasing cybersecurity guidance to AI developers on Monday, U.S. and allied cyber experts underscored the risks posed by “prompt injection attacks” in large language models (LLM), a fundamental flaw in which LLM’s do not distinguish between an instruction and data provided to complete an instruction.  The expert panel drew special attention to threats like model inversion attacks, where attackers seek to reconstruct original training data or sensitive information from model outputs.  Simon Whelan, a director at the Canadian Centre for Cybersecurity, said in his conversations with security professionals, he urges them to “secure the inputs, secure the model, secure the data, secure the outputs.”  He is concerned that for the public, it is “becoming increasingly difficult for the common consumer out there to recognize when they’re potential getting spear-phished.”  The guidance issued Monday at a multinational gathering of cybersecurity agencies describes for AI developers how to consider cybersecurity risks specific to the technologies that make up AI, which includes safeguards for the outputs these models generate.  The Record

AlphV/Black Cat Gang Claims Disruptive Attack on Leading U.S. Real Estate Services Firm.  The AlphV/Black Cat ransomware gang in a posting to its dark web site has claimed responsibility for a cyberattack on one of the nation’s largest title insurance providers, Fidelity National Financial, just before Thanksgiving.  Fidelity acknowledged the attack in a filing to the Securities and Exchange Commission (SEC).  In responding to the attack, the company noted it took multiple systems offline, causing disruptions to title insurance, escrow and other title-related services, and mortgage transaction services.  Fidelity confirmed that hackers “acquired certain credentials” while accessing targeted systems, but did not elaborate.  Several real estate-focused media described the attack as having significant repercussions, including halting many scheduled home-sale closings.  The Record TechCrunch CyberSecurityDive

Multiple Law Enforcement Agencies Take Down Ukraine-Based Ransomware Gang.  The Ukraine-based ringleader of a ransomware operation that conducted attacks in 71 countries was arrested as the result of an operation carried out by law enforcement representatives from seven countries.  Searches of over 30 properties in four Ukrainian regions resulted in the arrests of the gang leader and four accomplices; their names have not been released.  According to Ukrainian police, the gang has encrypted over 1,000 large enterprise servers worldwide since 2018, causing at least $82 million in damages.  The hackers demanded ransom payments in cryptocurrency.   In a statement, Europol noted the gang focused on large corporations and deployed “LockerGoga, MegaCortex, HIVE, and Dharma ransomware, among others, to carry out their attacks.” Over 20 investigators from Norway, France, Germany, Switzerland, and the U.S. joined Ukrainian authorities in the operation.  The Record Cybernews BleepingComputer

ELSEWHERE IN THE WORLD

Asia and Oceania

China Warns Australia Over Naval Presence in South China Sea.  China has warned Australia to notify Beijing of its naval movements in the South China Sea and East China Sea to prevent future incidents.  The warning came after Australian Prime Minister Anthony Albanese said last week that a Chinese warship acted dangerously by using sonar that injured Australian navy divers in Japanese waters. The same Australian vessel began joint patrols with the Philippines in the South China Sea on Saturday. The head of the international department of the Chinese Communist Party, Liu Jianchao, said in Sydney on Tuesday that the sonar incident took place in waters disputed by Japan and China and questioned why the Australian navy was present.  Liu called for “any kind of pre-consultations or notification” of Australian navy activities to prevent future misunderstandings, which he warned could lead to escalations in tensions.  The incident came shortly after Albanese made the first visit by an Australian leader to China in seven years as part of efforts by both nations to stabilize relations.  Reuters

Chinese Naval Ships Visit Myanmar Amid Tensions.  Three Chinese naval vessels arrived in Myanmar on Monday on a goodwill visit amid Chinese concern about a surge of fighting between Myanmar’s junta forces and insurgents near the Chinese border. The Zibo guided missile destroyer, Jingzhou guided missile frigate, and Qiandaohu resupply ship were escorted by a Myanmar frigate in Myanmar’s main city of Yangon. The Global New Light of Myanmar newspaper reported that the ships and their 700 crew members would “conduct naval security exercises” with Myanmar. The Chinese ships are part of the People’s Liberation Army’s Navy’s 44th Fleet, which has conducted anti-piracy missions off the coast of Somalia since 2008. Chinese troops have also been conducting live-fire drills on the Chinese side of the border with Myanmar since Saturday in response to the fighting. The ground drills are expected to end Tuesday, though the PLA Daily said that the conflict in Myanmar was “complicating the security situation,” without elaborating.  Reuters

Europe

Finland to Close Russian Border for Two Weeks.  Finland is closing its border with Russia to travelers for the next two weeks to stop a surge of asylum seekers seeking to enter the Nordic nation from Russia.  Finland closed all but its northernmost border crossing with Russia, but now this crossing will also be shut until December 13.  Only cargo trains will be allowed to travel between the two countries for the next two weeks.  The Finnish Border Guard says around 900 asylum seekers have entered Finland from Russia in November, marking a significant increase from the previous average of less than one per day.  Finland has accused Russia of creating an artificial migrant crisis by funneling asylum seekers to their border in apparent retaliation for Helsinki’s defense cooperation with the U.S. and NATO.  Moscow has denied this.  Associated Press BBC Kyiv Independent Politico Reuters

Baltic Foreign Ministers Boycotting OSCE Meeting Over Russian Participation.  The foreign ministers of Estonia, Latvia, and Lithuania released a joint statement on Tuesday saying that they are boycotting the upcoming meeting of the Organization for Security and Cooperation (OSCE) in North Macedonia because of the planned attendance of a Russian delegation.  Russian Foreign Minister Sergei Lavrov will lead the delegation.  The ministers’ statement emphasized how Russia’s invasion of Ukraine constitutes an “attack” on the OSCE’s principles and that Moscow is obstructing the OSCE’s activities, asserting that “today Europe needs security from and against Russia, rather than together with it.”  Ukraine is also boycotting the meeting and has highlighted that Russia has been illegally holding three Ukrainian OSCE officials who were captured at the start of the war.  E.U. foreign policy chief Josep Borrell will attend the meeting but will not meet with Lavrov.  Al Jazeera Associated Press Kyiv Independent

Lithuania says China Easing ‘Economic Pressure.’  Lithuanian Foreign Minister Gabrielius Landsbergis said on Tuesday that China has lifted some “economic pressure” on Lithuania.  Relations between both sides have deteriorated since Lithuania permitted the opening of a de facto Taiwanese embassy in Vilnius in 2021.  China blocked Lithuanian exporters from its customs system in response.  Landsbergis said that while trade has not been fully restored, most “economic pressure measures” imposed by China have been lifted amid “ongoing” talks to ease tensions.  He also said that Lithuania’s shift in trade with other Indo-Pacific countries has “more than compensated for” loss of trade with China.  South China Morning Post

Spain Arrests Two Brazilians Suspected of Being Linked to ISIS.  Spanish police arrested two Brazilian brothers in the southern city of Estepona over alleged links to Islamic State (IS).  Spain’s Civil Guard police force said the two had been radicalized and distributed IS propaganda on the internet.  The Civil Guard also said it identified “significant international links” between the brothers and individuals arrested or under investigation in Europe for ties to “the jihadist threat.”  The Civil Guard added that it was assisted by the FBI and Brazilian police in the arrests.  The Brazilian Federal Police had been tracking the brothers for a while, according to a source.  The brothers are being held in jail as the investigation continues.  The brothers’ legal representatives could not immediately be reached for comment.  The arrests came days after the Brazilian Federal Police cooperated with Israel’s Mossad to take down an alleged Hezbollah cell in Brazil.  Reuters 

The data cutoff for this product was 4:00p.m. E.T.

Brad Christian, Ethan Masucol, Ken Hughes, and Leighton Durham contributed to this report. 

Read deeply-experienced, expert-driven national security news, analysis and opinion in The Cipher Brief