10:00 AM ET, Friday, July 28, 2023
The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines, broken down by region of the world:
In the Americas
U.S. to Start Delivering Abrams Tanks to Ukraine in September. U.S. Abrams tanks are expected to start appearing on Ukrainian battlefields by September, according to Politico citing six people familiar with the planning. The tanks, an older M1A1 variant, are expected to undergo final refurbishments in Germany by August before being shipped east to Ukraine. Their arrival is expected to add additional lethal capabilities to the Ukrainian military as it works to break through fortified Russian defenses. Current plans will send 31 tanks to Kyiv, with an initial batch of between six and eight. Separately, the sources say the Biden administration is reportedly likely to begin training Ukrainian pilots on F-16 fighter jets before they are delivered, possibly by the end of this year. Politico
Biden Meets Italian PM at White House. U.S. President Joe Biden met with Italian Prime Minister Giorgia Meloni at the White House on Thursday to discuss the situation in Ukraine, trade, and Italy’s relationship with China. Italy is the only major Western country to take part in China’s Belt and Road Initiative, though its participation is set to expire in March 2024. Washington has attempted to counter Beijing’s Belt and Road initiative with enhanced economic cooperation between Italy and the U.S. Meloni is unlikely to renew with Beijing, stating in May that it is possible to have good relations with Beijing without being part of the agreement. Reuters Washington Post
U.S. Approves Potential Sale of Amphibious Assault Vehicles to Romania. The Pentagon said Thursday that the U.S. State Department approved the proposed sale of 16 Assault Amphibious Vehicles and related equipment to Romania for an estimated price of $120.5 million. The Defense Security Cooperation Agency (DSCA) said that the move would “improve the security of a North Atlantic Treaty Organization (NATO) Ally which is an important force for political and economic stability in Europe.” A principal contractor has not been determined for the potential sale. Reuters US DoD DSCA
U.S. Officials Say New Taiwan Military Package to Be Announced. The U.S. is reportedly preparing to announce a new military package for Taiwan worth more than $300 million. Sources say the package may include up to four unarmed MQ-9A reconnaissance drones. Taiwan had previously agreed to buy four, more advanced, MQ-9B SeaGuardian drones from General Atomics through a U.S. Air Force contract to be delivered by 2025. The White House and the Taipei Economic and Cultural Representative Office in the U.S. did not comment on the potential military aid package. U.S. Defense Secretary Lloyd Austin foreshadowed the new aid for Taiwan in May, saying that the US would announce a package provided by the Presidential Drawdown Authority, which pulls from U.S. stockpiles. Reuters
Head of U.S. Unit that Targets Russian Oligarchs Leaves Justice Department. Andrew Adams, the top prosecutor for the U.S. Justice Department’s “KleptoCapture” task force — a body that enforces sanctions and export controls to keep Russia out of the global markets and confiscates assets that have been unlawfully obtained — announced Thursday that he will be leaving the Justice Department. Under Adams’s tenure, the unit brought indictments against several Russian oligarchs, including aluminum magnate Oleg Deripaska and TV tycoon Konstantin Malofeyev, and seized yachts belonging to sanctioned oligarchs Suleiman Kerimov and Viktor Vekselberg. A spokesperson for the DOJ announced that Adams will be replaced by his deputies Michael Khoo and David Lim. Reuters
Software Glitch Behind F-35 Fighter Jet Crash. Last October, an F-35A Lightning II fighter crashed at Hill Air Force Base Utah when turbulent air confused its avionics which rendered the aircraft uncontrollable. The nonfatal crash marked the second time an F-35A has been destroyed since the jets began flying in 2012. According to an Air Force report, the crash occurred after an “uneventful” training sortie. As the aircraft prepared to land, the pilot felt a “slight rumbling” of turbulence from the aircraft in front of him. The turbulent air caused the avionics systems to register incorrect flight data. The jet then reportedly stopped responding to manual control. Despite the crash, the report also noted that “The F-35 enterprise has over 600,000 flight hours and this is the first known occurrence where wake turbulence had this impact on the air data system.” Additionally, the Air Force has said that the likelihood of a similar incident occurring again is minimal. Defense News
U.S. Orders Government Personnel to Leave Haiti. The U.S. State Department on Thursday issued an order for non-emergency government personnel and their family members to leave Haiti as soon as possible. The department said it issued the order due to increased risks in Haiti from kidnapping, crime, and civil unrest. The department added that any U.S. citizens not working for the government should also leave Haiti as soon as possible by whatever means available. Haiti, the poorest country in the Western Hemisphere, has been beset by political instability, gang violence, and humanitarian crises from natural disasters and disease. Reuters Al Jazeera
Western Europe
Greece Wildfires Cause Explosions at Ammunition Depot, Force Relocation of Fighter Jets. Wildfires in Greece are believed to have triggered a series of massive explosions at an air force ammunition depot in central Greece on Thursday. No injuries have been reported from within the depot, but several injuries have been reported in nearby villages that were caused by the explosions. The depot reportedly stored bombs and ammunition for Greek F-16 fighter jets. The explosions at the depot, located 6 kilometers north of a major military air base in Nea Anchialos, prompted the relocation of F-16 fighter jets as a precaution. Associated Press
Central and Eastern Europe
Ukraine Consolidates Progress in Counteroffensive Push. The Ukrainian military says it is consolidating gains along the southern front following the liberation of the village of Staromaiorske in the Donetsk region. The General Staff of the Armed Forces of Ukraine added that Ukrainian defenses repelled Russian attempts to regain lost territory around Rivnopil and Makarivka in Donetsk. Now that Staromaiorske is in Ukrainian control, Russian officials and military bloggers are saying that Ukraine may turn its focus to the neighboring village of Urozhaine, east across the Mokri Yaly river. Along the southern frontline, Ukrainian forces have reportedly reached Russia’s “dragon teeth” fortification, which is part of its main line of defense in the region, for the first time. A video of Ukrainian troops testing positions along the defensive line is circulating on Russian social media. CNN geolocated the video to east of the villages of Nove and Kharkove, near Robotyno and Melitopol in the Zaporizhzhia region. Ukrainian forces also say they are focusing on Bakhmut, where Ukrainian Colonel General Oleksandr Syrskyi, the head of Ukraine’s Land Forces, said Russian troops are “clinging to every centimeter” of territory and “conducting intense artillery and mortar fire.” Other Ukrainian military officials report repelled Russian attacks near the Nadiya village, near Lyman. CNN Institute for the Study of War Reuters
Russia Claims to Be Open to Settlement With Ukraine. Kremlin spokesman Dmitry Peskov on Friday said that Russia “maintains its openness” to reaching a settlement with Ukraine but accused Kyiv of not being open to negotiations. Peskov asserted that Ukraine maintains its “intransigent position” and continues to “reject any possibility of dialogue.” He added that Russian President Vladimir Putin will discuss the Ukraine peace plan proposed by African leaders at the Russia-Africa summit in St. Petersburg. Ukraine has repeatedly said that any deal to end the war must include the withdrawal of Russian forces from Ukrainian territory. CNN
Zelensky Visits Odesa. Ukrainian President Volodymyr Zelensky visited the Black Sea port of Odesa on Thursday. As part of his trip, he visited the Transfiguration Cathedral, a UNESCO world heritage site in Odessa badly damaged in a recent Russian missile attack. Zelensky said he spoke with architecture experts “working to assess the possibility of restoring” the historic church. He also published a video inside the damaged church, saying that Ukraine is seeking “air defense systems to protect Odesa and our entire south.” While Russian drone and missile strikes on the Ukrainian capital of Kyiv have been mostly repelled, Russian attacks on other cities with less robust air defenses have been more destructive. CNN
Russia Claims to Down Ukrainian Drone Close to Moscow. Russia’s defense ministry said Russian air defenses downed a Ukrainian drone near Moscow before it could hit its targets, according to the RIA news agency. The ministry added that there were no casualties or damages caused by what it called an attempted “terrorist attack.” CNN Reuters
Poland says Belarus-EU borders May Close in Event of Wagner Group Incidents. Mariusz Kaminski, Polish Interior Minister, said Thursday that Poland, Lithuania and Latvia may decide to close their borders with Belarus, a close ally of Russia, if there are any severe incidents involving Russia’s Wagner Group. Kaminski asserted that “should there be serious incidents involving the Wagner group on the borders of NATO and EU countries, such as Poland, Lithuania or Latvia, we will undoubtedly take an action together." NATO member Poland has deployed more security forces to its east in response to Wagner mercenaries moving to Belarus and training Belarusian soldiers. Russia has condemned the move in Polish troops. Reuters
Asia and Oceania
TSMC Stresses Commitment to Taiwan Despite Global Expansion. C.C. Wei, chief executive of TSMC, said Friday that the world’s biggest chipmaker is committed to staying in Taiwan in an attempt to ease concerns that the company could leave the self-governed island amid cross-Strait tensions. Wei spoke at the opening of a TSMC research and development facility in Taiwan's tech center, Hsinchu, where he said, "we want to use this opportunity to tell all the people of Taiwan that TSMC is determined to remain rooted in Taiwan." The company has begun the process of establishing other production lines outside of Taiwan, such as in Arizona, Japan, and Germany. These expansions overseas have sparked worries in Taiwan, which produces advanced chips critical to both Taiwan and the global economy, which is seen as a kind of deterrence to conflict with China. Reuters
Japan Releases Annual Security Assessment. Japan released its annual 2023 Defense White Paper on Friday that highlighted regional threats, from China’s military to North Korea’s nuclear weapons programs, as well as instability caused by Russia’s invasion of Ukraine. The report notably welcomes mended relations with South Korea, citing shared security challenges for helping move past historical disputes. The defense paper also identifies the importance of partnerships with India, Australia, and the UK, adding that Tokyo is pursuing closer ties with NATO and members of ASEAN. The defense paper is the first published since Japan announced in December that it is doubling defense spending over the next five years and expanding its military. Reuters
Russian and Chinese Officials Attend North Korean Military Parade. Delegations of Russian and Chinese officials, including Russian Defense Minister Sergei Shoigu and Chinese Communist Party politburo member Li Hongzhong, attended a North Korean military parade with North Korean leader Kim Jong Un on Friday. The parade celebrated the 70th anniversary of the end of the Korean War, which is celebrated as “Victory Day” in Pyongyang. The parade displayed the North’s growing military capabilities, showcasing the country’s latest intercontinental ballistic missiles and new attack and spy drones, according to state media. Experts say the new spy drones could be used to expand Pyongyang’s surveillance and reconnaissance capabilities. Observers add that the attack drones would likely not be as useful in a conflict on the Korean peninsula due to their vulnerability to anti-aircraft defenses, but they could be offered to “external customers.” Deutsche Welle Reuters
Afghans Promised U,S. Resettlement Being Deported from Pakistan. Afghans who were promised resettlement in the U.S. after the nation fell to the Taliban in 2021 say they have waited so long for their applications to be processed that they are now being forcibly deported back to Afghanistan from Pakistan, where they fled originally to wait for a U.S. visa. According to State Department data, almost 90,000 Afghans have been resettled in the U.S. since the Taliban takeover, but thousands more remain trapped in a backlog of applications waiting to be processed. The Afghanistan Immigrants Refugees Council said that this year, 530 Afghans in Pakistan were deported back to Taliban-controlled Afghanistan, whether or not they had pending U.S. visa cases. Pakistan’s Foreign and Interior Ministries have not commented on the situation. The U.S. State Department told CNN that the Biden administration “continues to demonstrate its commitment to the brave Afghans” who aided and worked with the US, and said that its “processing capacity in Pakistan remains limited, but [staff] are actively working to expand it.” CNN
Middle East and Northern Africa
Israel’s Netanyahu Justifies Judicial Reforms, Air Force Chief Warns of Security Threat. Israeli Prime Minister Benjamin Netanyahu on Thursday defended his government’s judicial overhaul plan, saying that the trimming of the Supreme Court’s powers to overrule government decisions would not harm the nation’s democracy. He said that his plan, “described as the end of Israeli democracy,” has been overdramatized. The measure sparked mass protests, including criticism from military officials. Israeli air force chief Tomer Bar cautioned his forces on Friday that “at a time like this,” with the country in crisis, “[Israel’s enemies] will try to test the frontiers, our cohesion and our alertness. We must continue to be vigilant and prepared, as I am sure we will be.” Reuters
U.S. Concerned Over Escalation from Russian Aggression Towards U.S. Aircraft in Syria. Recent Russian attacks on U.S. drones and other aircraft over Syria have sparked concerns of escalation in the region. U.S. officials reported two incidents this week in which Russian fighter jets damaged U.S. MQ-9 Reaper drones. The U.S. Air Force reported earlier that Russian fighters harassed a U.S. turboprop aircraft in mid-July as well. The episodes prompted the Pentagon to publicly complain about the Russian actions as unprofessional and reckless. Moscow has denied wrongdoing in these cases, saying that the U.S. was the side that acted aggressively. The developments have prompted the U.S. to consider responses, including the possibility of a Russian downing of a U.S. aircraft. More confrontations are expected as the U.S. continues operations in the area to root out the Islamic State, while Russia continues support for Syrian President Bashar al-Assad’s regime. The drawdown of the U.S. military’s footprint in the Middle East has also impacted the situation, leaving the U.S. fewer aircraft to counter Russian planes. Wall Street Journal
U.S. National Security Advisor Sullivan Visits Saudi Arabia. The White House announced that U.S. national security advisor Jake Sullivan met with Saudi Crown Prince Mohammad bin Salman in Jeddah on Thursday for high-level security talks. White House Middle East coordinator Brett McGurk and other senior Saudi officials also joined in the meeting. Officials said the talks covered a potential normalization agreement between Israel and Saudi Arabia, as well as Riyadh’s involvement in the war in Yemen. Reuters
Kuwait Executes Five, Including Man Accused of Involvement in 2015 Terrorist Attack, The Kuwaiti government on Thursday said it had executed five men, including Abdulrahman Sabah Idan, who had been accused of involvement in a suicide bombing at the Imam al-Sadiq Mosque in Kuwait City in 2015. Idan was accused of driving an ISIS affiliated suicide bomber to the mosque to conduct the attack, which left 27 dead and more than 220 injured and was the first terrorist attack in Kuwait for more than two decades. All five men were executed at the Central Prison in Kuwait. Associated Press
Sub Saharan Africa
Democratic Republic of Congo Says Rwanda Staged Cross-Border Attack. The Democratic Republic of Congo’s (DRC) army announced that Rwandan Defense Forces crossed the Congolese border on Thursday. The DRC army said the Rwandan troops allegedly attacked Congolese border security forces before retreating back to Rwandan territory. The Rwandan army denied the accusations as “baseless” and part of a “misinformation and propaganda” campaign from the DRC. Congo has repeatedly accused Rwanda of backing the M23 rebel group in eastern Congo, which Rwanda denies. Reuters
Niger Coup Complicates U.S. Security Efforts in West Africa, Offers Russia Opportunity. The Niger coup could potentially disrupt U.S. efforts to counter Islamist militants in Western Africa. The U.S. approach to the region has primarily relied on the deployment of American commandos to train local forces to combat Islamist militants, such as al Qaeda and Islamic State. The U.S. will now be constrained from providing that support to post-coup Niger since American law prohibits giving security aid to military regimes. The withdrawal of U.S. support could provide an opportunity for Russia, and Russian mercenaries in particular, to move in and fill the security partner role. Wagner Group leader Yevgeny Prigozhin reportedly used the Russia-Africa summit to position his mercenary group as a viable partner for Niger, lauding the coup as an act of “gaining independence” and suggesting that a “thousand fighters” from Wagner could help restore order in Niger. U.S. officials say the political instability in Niger may also embolden Islamic militants in the area and further escalate the regional security crisis. Wall Street Journal Institute for the Study of War
French Foreign Minister says Niger Coup Not Definitive, President Must Be Restored. French Foreign Minister Catherine Colonna told journalists on Friday that Niger’s coup was not definitive, saying she will refer to the situation in the West African country as an “attempted” coup d’etat. She also asserted that Niger President Mohamed Bazoum "must be restored to his constitutional functions.” Colonna also said that nations in the West African ECOWAS bloc would possibly meet Sunday to discuss imposing sanctions on Niger to pressure the coup leaders, which France would support. She added that French President Emmanuel Macron has spoken with Bazoum, who was detained by mutinous presidential guards in his palace. Reuters
Niger Coup to have Negative Impact on UN Peacekeeper Withdrawal from Mali. UN Spokesperson Stephanie Dujurric stated on Thursday that the coup in Niger could have a “negative impact” on the withdrawal of UN peacekeepers from neighboring Mali. The UN Security Council ended the peacekeeping mission in Mali last month after the Mali junta asked the peacekeeping force to leave. Chad was the largest contributor to the Mali mission, providing some 1,400 troops to the force. The coup in Niger would make sending the troops back to Chad harder to accomplish. The peacekeeping mission is still scheduled to complete its withdrawal by the end of the year. Reuters
Cyber and Tech
Researchers Flag Persisting Vulnerability in Widely Used Router Device. One of the world’s most popular router manufacturers, MikroTik, this week patched a vulnerability that cybersecurity researchers say still poses a hacking threat. Jacob Baines, VulnCheck’s lead threat researcher, said hundreds of thousands of devices deployed around the world are still vulnerable. The company’s examination of the issue indicates the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces. Among MikroTik’s clients are the U.S. State Department, Los Alamos National Laboratory, Siemens, and NASA. The patch issued by MikroTik addresses a vulnerability that allows threat actors to elevate their access to a network. VulnCheck researchers said MikroTik has been aware of the issue since last October, when they patched the flaw in at least one version of their software – RouterOS stable. However, VulnCheck’s recent discovery of a vulnerability centered on MikroTik’s RouterOS Long-term product, which was patched last Thursday. The issue, according to researchers, carries a “critical” CVSS score of 9.1. They note that the unpatched version was the second most installed RouterOS version. VulnCheck recently reported new exploits for the vulnerability targeting a wider range of MikroTik hardware. Baines speculated that the limited scope of the initial exploit may have prompted a “lackluster” response from MikroTik. "Unfortunately,” Baines said, “detection is nearly impossible. Once an attacker is established on the device, they can easily make themselves invisible to the RouterOS UI." The Record
Studies Upend Assumptions About Social Media Shaping of Political Opinions. Research looking into the impact of the algorithms used by social media platforms to shape user experiences indicates that while the social media outlets funnel users to information agreeing with their opinions, steps by online companies to discourage “virality” would have “very little impact” on people’s attitudes and political participation. Four studies released Thursday emerge from a partnership between university researchers and Meta analysts studying the impact of social media on political polarization and public views of government and democracy. Part of the research involved altering the feeds of thousands of people using Facebook and Instagram in the fall of 2020 to determine what impact the changed content would have on political beliefs or polarization through exposure to information they normally would not receive. The researchers generally concluded that the altered feeds had little impact. Additional studies in the project will examine data gathered after the Jan. 6 assault on the U.S. Capitol. The initial findings may bolster social media companies’ arguments that algorithms do not cause political polarization and social turmoil. Meta has maintained that political polarization and support for civic institutions began to erode well before the rise of social media. Washington Post Politico
North Korea’s Lazarus Gang Linked to $60 Million Cryptocurrency Theft. A recent hack of the Alphapo crypto payment processing platform resulted in a theft of $60 million by Lazarus, a North Korean cybercrime gang. In an initial attack on July 23, $23 million was stolen from the platform, which handles crypto payments for gambling sites, e-commerce, and other online businesses. “ZackXBT,” described as a well-known crypto chain investigator, warned on Wednesday that the attackers drained an additional $37 million of TRON and BTC, raising the total amount stolen from Alphapo to $60 million. ZackXBT reported that the attack carries characteristics of a Lazarus operation, with "a very distinct fingerprint on-chain." Lazarus tactics feature fake job offers to lure crypto firm employees to open infected files, compromising their computers and exposing account credentials. Dave Schwed, COO of the Halborn blockchain security company, told BleepingComputer that the attackers likely stole private keys, allowing access to the wallets. BleepingComputer
Government Services Contractor MOVEit Breach Exposes Millions of Personal Records. A data breach at Maximus, a U.S. government services contractor, resulted in the theft of personal data of 8-11 million people during the campaign targeting the MOVEit file transfer tool. Maximus provides management services for Federal and local healthcare programs and student loan processing. The company reported that files containing “social security numbers, protected health information and/or other personal information, of at least 8 to 11 million individuals” were compromised during the attack. A Maximus investigation into the attack showed no evidence the hackers intruded further than the MOVEit environment, which it said was immediately isolated from the corporate network. The company estimates that investigation and remediation costs will total $15 million. Affected individuals will be offered free credit monitoring and identity restoration services. Meanwhile, Maximus was added to the Clop leak site on Wednesday, part of a batch of 70 new victims of the MOVEit zero-day flaw. BleepingComputer The Record
Pentagon Seeks North American Sources of Gallium Mineral Supplies. By the end of the year, the Pentagon plans to offer a contract to U.S. or Canadian companies for gallium recovery, the first time the Pentagon has used Defense Production Act (DPA) funding for minerals recovery. Gallium is the mineral used in semiconductor and radar system manufacturing, and recently was the target of Chinese export restrictions on gallium and germanium. The Pentagon will use DPA authorities to “prioritize awards” for the recovery of gallium from “existing waste streams of other products.” According to the Pentagon, “recovery, not mining, is the fastest way to make the materials more available in the U.S.” The proposed projects “are similar to any effort that reprocesses mine tailings or waste streams from refinement to recover other minerals or additional amounts of the primary mineral. Defense Department officials declined to say how much money would be placed on contract or how many companies might be tapped. Alexander Holderness, a defense analyst with the Center for Strategic and International Studies, described the Pentagon’s plan as “a perfectly reasonable strategy.” Bloomberg
Read deeply-experienced, expert-driven national security news, analysis and opinion inThe Cipher Brief
