10:00 AM ET, Monday, August 28, 2023
The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines, broken down by region of the world:
The Americas
U.S. Commerce Chief Raimondo Arrives in China. U.S. Commerce Secretary Gina Raimondo is visiting China for a trip that U.S. officials say is meant to both protect U.S. economic interests and manage relations with Beijing. Raimondo is the fourth top U.S. official to visit China in recent months, following trips by climate envoy John Kerry, Treasury Secretary Janet Yellen, and Secretary of State Antony Blinken. Raimondo is set to meet Chinese government officials and business executives to discuss areas where the two sides can boost trade ties, as well as raise issues like China’s recent anti-espionage measures, raids on U.S. due diligence firms, and the ban on sales of products from Micron Technology. China is expected to urge for the relaxation of export controls on critical semiconductor technology. U.S. National Security Advisor Jake Sullivan’s previously said Raimondo’s trip will aim to demonstrate precious remarks that Raimondo’s trip aims to show that the U.S. does not seek to decouple from China but will act to protect its national security. Wall Street Journal France 24 South China Morning Post
U.S. Intelligence Shows Russia Using Unwitting Westerners to Promote Propaganda. According to recently declassified U.S. intelligence, Russian intelligence services are operating a systemic program to launder pro-Kremlin propaganda through relationships between Russian operatives and unwitting Western and U.S. targets. The U.S. intelligence community believes that the Russian Federal Security Service (FSB) is trying to influence Western public opinion and policy by directing Russian civilians to build relationships with influential Western individuals to push narratives favorable to the Kremlin. A U.S. official said that “these influence operations are designed to be deliberately small scale, the overall goal being US [and] Western persons presenting these ideas, seemingly organic”. Additionally, they mentioned that “the co-optee influence operations are built primarily on personal relationships … they build trust with them and then they can leverage that to covertly push the FSB’s agenda.” According to the intelligence, these disinformation campaigns have sometimes been effective at planting Russian narratives in the Western press. CNN
Haitian Gang Attacks Displace 9,000. The U.N estimated Saturday that approximately 8,730 people have been displaced around the densely populated neighborhood of Carrefour-Feuilles in the Haitian capital of Port-au-Prince due to a recent outbreak of violence. People began evacuating the area on August 12 when armed gangs mounted attacks in the neighborhood. This comes as the under-resourced Haitian police have struggled to contain armed gangs which now control large areas of the capital. Gang violence has caused a large-scale humanitarian crisis that has displaced around 200,000 people nationwide. Haiti has called for international support. Kenya has expressed interest in leading a multinational security task force to support Haitian authorities. Reuters
Three US Marines Killed in Aircraft Crash During Drills in Northern Australia. A MV-22B Osprey tilt-rotor aircraft crashed in the isolated Tiwi islands in northern Australia on Sunday, killing three U.S. Marines. Moraine Rotation Force-Darwin said the 20 other Marines aboard the aircraft were injured in the crash. Authorities said the accident is being investigated and “recovery efforts are ongoing.” Australian Prime Minister Anthony Albanese described the incident as “tragic” and said Canberra will offer any needed assistance. The latest crash of the Osprey follows two crashes in 2022 that killed a total of nine US service members. The Osprey has had a troubled history since it started service in the US military with 13 reported crashes since 1992. Sunday’s crash came during joint exercises between the U.S., Australia, Indonesia, the Philippines, and East Timor. Reuters Associated Press CNN Al Jazeera
Western Europe
UK Flights Impacted by ‘Technical Issue.’ Britain’s National Air Traffic Service (NATS) said it is experiencing a “technical issue” that has forced it to apply relevant “traffic flow restrictions to maintain safety,” though it maintains that UK airspace remains open. Airlines and airports are warning of significant disruptions. Irish air traffic controller AirNav Ireland said the issue will result in “significant delays for flights across Europe” that are traveling to or through UK airspace. Scottish airline Loganair said network-wide failure of UK air traffic control computer systems caused the issue. Reuters
Central & Eastern Europe
Ukraine Reports Liberation of Southeastern Settlement. A Ukrainian commander fighting on the southern front said that Ukrainian forces believe that they have broken through the most difficult Russian defenses in the area and will now be able to advance more quickly. His remarks came after the Ukrainian military said that they had seized the settlement of Robotyne, which is in the southern Zaporizhzhia region and is 10 km south of the frontline town of Orikhiv. The Ukrainian commander told reporters that “next we have (the town of) Berdiansk, and then more,” adding that “our goal is (the Sea of) Azov.” Robotyne is approximately 100 km from Berdiansk, a port on the Sea of Azov, and 85 km from the critical city of Melitopol. Media reports last week said that some U.S. officials say Ukrainian forces did not appear likely to be able to reach and retake Melitopol in its counteroffensive. Reuters ISW
Expert Perspective: Let Ukraine Direct Its Own Counteroffensive. Cipher Brief Expert General (Ret.) Jack Keane weighs in on the Ukrainian counteroffensive in a new piece in the Wall Street Journal. General Keane lauds the strategy that Ukraine’s military is following as sound and says that they have pinned Russian forces down along multiple areas of the front in such a way as to make it very challenging for Russia’s military to defend, despite having had a year to establish a very thorough defensive network which is particularly strong around Melitopol. General Keane says that much of the criticism by American military officials directed at the way Ukraine is proceeding in the counteroffensive is misguided. Citing numerous historical examples of successful, large-scale mechanized offensive operations that have followed similar approaches as to the one being employed by Ukraine, General Keane says the idea that Ukraine should concentrate its forces along a single axis around Melitopol is not sound, and evidence of the relative lack of experience among contemporary American military officers at planning and conducting large-scale mechanized offensive operations. America should, Keane says, support Ukraine to fight the war the way it wants to fight it, and help Kyiv achieve victory as soon as possible. Wall Street Journal
Russia Says it Downed Drones in Western Border Regions, Moscow. Russia again reported attempted drone attacks across its territory on Saturday. Officials in the western Belgorod region said debris from a downed drone killed at least one person in the region, while separate Ukrainian shelling on the village of Urazovo injured at least six. The Russian defense ministry said air defenses intercepted another drone over the Bryansk region. And Moscow authorities said a Ukraine-launched drone was intercepted over the Istra district of the Moscow region. The drone at the Russian capital was reportedly downed 30 miles west of the Kremlin and forced the temporary closure of three major Moscow airports. Ukraine did not comment on the attacks. Reuters
Ukraine Claims it Struck Russian Military Base in Crimea. Ukraine’s military intelligence agency GUR said Friday that Ukrainian drones targeted and struck a Russian military base in Crimea. The assault reportedly hit Moscow's 126th Coastal Defense Brigade stationed in Perevalnoye, a settlement more than 120 miles from Ukraine-controlled territory. Ukraine’s media outlet Liga.Net cited GUR spokesman Andriy Yusov as saying, "we confirm that there was a hit.” Ukraine's military intelligence head Kyrylo Budanov said that “people - not only on the Ukrainian mainland but also in Crimea - need to remember and believe that our victory and their liberation are not far away." Though Reuters could not verify reports, several Perevalnoye residents claimed there were casualties, and that they could hear blasts from the military base. Reuters Nikkei Asia
Zelensky Pledges to Impose Stricter Anti-Corruption Measures. Ukrainian President Volodymyr Zelensky said in an interview shared on Telegram recently that he would ask parliament to increase penalties for those found guilty of corruption during wartime. Zelensky has previously mentioned how important ending graft is in defeating Russia, and has vocalized its importance in making it easier to garner support from partners for rebuilding efforts, estimated to cost billions. Reuters
Russia’s Putin Demands Wagner Troops to Sign Oath of Allegiance. Russian President Vladimir Putin on Friday ordered Wagner forces to sign an oath of allegiance to the Russia state, following the presumed death of the mercenary group’s leader Yevgeny Prigozhin in a plane crash on Wednesday. The decree goes beyond Wagner fighters in particular, requiring anyone working on behalf of the Russia military or aiding its "special military operation" in Ukraine to swear an official vow of loyalty to the state. The oath obliges those who sign to obey the orders of senior leaders and commanders and is described in the decree as a stride in creating the moral and spiritual bases of the protection and fortification of Russia. The move to force private military contractors such as the Wagner Group to sign a mandatory oath of allegiance suggests Moscow’s desire to place such organizations under stricter control. Reuters Nikkei Asia
Three Ukrainian Military Pilots Killed in Mid-Air Collision West of Kyiv. The Ukrainian air force said Saturday that three military pilots were killed after two L-39 trainer aircraft collided midair on Friday over an area west of the capital of Kyiv. President Volodymyr Zelensky said one of the three men killed was the well-known pilot Andriy Pilshchykov, "a Ukrainian officer, one of those who greatly helped our state.” Yuriy Ihnat, an air force spokesperson, said that Pilshchykov, who went by the call sign “Juice,” was a “mega-talent” who desperately “wanted to fly an F-16." The Ukrainian prosecutor general's office said a criminal investigation had been opened into whether flight preparation regulations were breached. Zelensky said "it is too early to discuss details” and that investigations are ongoing. Roman Svitan, a former pilot and military analyst, said that the collusion was probably related to formation flying, adding that there was not enough time for the pilots to eject. Reuters Nikkei Asia CNN
Russia Confirms Prigozhin Died in Plane Crash, Cites Genetic Testing. Russia confirmed Sunday that Yevgeny Prigozhin, head of the Wagner mercenary group, was among the 10 people killed in a plane crash northwest of Moscow last Wednesday. Moscow’s Investigative Committee released a statement saying, "as part of the investigation of the plane crash in the Tver region, molecular-genetic examinations have been completed … according to their results, the identities of all 10 dead were established. They correspond to the list stated in the flight sheet.” Officials have not yet said what caused the plane to fall from the sky, and investigations continue. The crash came exactly two months after Prigozhin led a mutiny against Russian military leadership and marched towards Moscow. Reuters CNN Nikkei Asia
UK Defense Ministry Says ‘Highly likely’ Russia Called Off Military Drills Due to Too Few Troops, Equipment. In an intelligence update on Monday, the British Ministry of Defense said it is “highly likely” that Russia canceled its ZAPAD joint military exercises with Belarus “because too few troops and equipment are available.” The drills, a major annual event for Moscow, were to be held in September. The UK’s defense ministry said that since 2010, Russia has held the joint strategic exercises (JSE) every second year as part of efforts to counter the perceived “threat from NATO.” The ministry noted that ZAPAD 2021 — which involved 200,000 personnel, more than 80 aircraft, and 15 navy vessels — marked a “major tactical, operational, and strategic change of pace” from past exercises and may have been “Russia’s first preparation” for its invasion of Ukraine a year later. The ministry added that this year’s drills may have been canceled to avoid “domestic criticism liable from running another slickly presented JSE during wartime." CNN
Asia & Oceania
China Sends Warplanes, Warships Around Taiwan After U.S. Approves Military Sale. Taiwan’s defense ministry reported Saturday that China sent 32 military aircraft and nine naval vessels around Taiwan on Friday. The ministry said that 20 warplanes crossed the unofficial median line in the Taiwan Strait or entered Taiwan’s air defense identification zone. The ministry added that it deployed its own aircraft, ships and missile systems to monitor the Chinese activities. The deployments came days after the U.S. approved the potential $500 million sale of infrared search and track systems for F-16 fighter jets to Taipei, which Beijing called a “gross interference” in China’s internal affairs and a “heinous act” that violated the One China principle. Associated Press
US Navy Commander says China's 'Aggressive Behavior' in South China Sea Must be Challenged. The chief of the U.S. Navy's Seventh Fleet, Vice Admiral Karl Thomas, said Sunday that China’s “aggressive behavior” in the highly disputed South China Sea must be challenged. Speaking with Reuters, Thomas said, "you have to challenge people … when they're taking a little bit more and more and pushing you, you've got to push back, you have to sail and operate … there's really no better example of aggressive behavior than the activity on 5 August on the shoal.” Thomas was referencing an incident where a Chinese coast guard ship fired a water cannon against a Philippine vessel trying to resupply troops stationed on a grounded warship on the disputed Second Thomas Shoal. Thomas promised Manila that it has U.S. support, asserting, "my forces are out here for a reason." He commands more than 27,000 soldiers, 70 ships, and 150 aircraft. The Chinese embassy in Manila did not respond to requests for comment. Reuters
Foxconn Founder Terry Gou Enters Taiwan Presidential Race. Taiwanese billionaire Terry Gou, the founder of electronics giant Foxconn, announced Monday that he is running in Taiwan’s presidential election next year. Gou said he is running to take the ruling Democratic Progressive Party (DPP) “off the shelf,” arguing that the DPP is corrupt and has dangerously escalated tensions with China. Gou will run as an independent since he failed to win the nomination from the main opposition Kuomintang (KMT) party. The election will now be a four-way race between the DPP’s candidate Vice President William Lai Ching-te and the anti-DPP or “non-green” camp, including Gou, KMT’s candidate New Taipei Mayor Hou Yu-ih, and former Taipei mayor Ko Wen-Je of the Taiwan People’s Party. Analysts say Gou’s entry into the race could divide the opposition and make it easier for DPP to win the election and remain in power. Gou says he has reached out to the other opposition candidates to propose forming a unified ticket. Hou and Ko have declined to comment on the matter. South China Morning Post
Chinese Police Experts Arrive in Vanuatu. China sent police experts and equipment to Vanuatu on Friday after the Pacific nation’s Supreme Court ruled Prime Minister Ishmael Kalsakau lost a no-confidence vote in parliament. Opposition leader Bob Loughman, a former prime minister who favored closer ties with China, lodged the no-confidence petition criticizing Kalsakau for signing a security pact with Australia, which Loughman said compromised Vanuatu’s “neutral” status and jeopardized the delivery of Chinese development aid. The Chinese embassy in Vanuatu said Kalsakau attended the arrival of Chinese police experts and equipment and said they will help the country “maintain social order.” Experts say Kalsakau’s moves underscore the balancing act Pacific nations must do to navigate the U.S.-China competition in the region. Reuters
Middle East & Northern Africa
Al-Qaeda-Linked Group Conducts Attack in Northwestern Syria. Islamist militants attacked an army position in Syria’s northwestern province of Idlib on Saturday. The Britain-based Syrian Observatory for Human Rights said the attack killed 11 soldiers and wounded 20 others and was conducted by the Ansar al-Tawhid group, which is allied with Al-Qaeda. The Syrian government did not immediately comment on the matter. Associated Press
Libya Suspends Foreign Minister. Libya suspended Foreign Minister Najla Mangoush on Sunday following a reported meeting between Mangoush and Israel Foreign Minister Eli Cohen. Libya and Israel do not have formal diplomatic relations. Israel said the meeting focused on discussions about potential cooperation. Reports of the encounter sparked small protests in Libya. The Libyan foreign ministry said it rejected a formal meeting with Israeli representatives, reiterating that Libya does not recognize Israel, and said Mangoush’s meeting with Cohen was an “an unprepared, casual encounter” at the Italian Foreign Ministry. The development comes as Israel normalizes relations with several states in the region, including the UAE and Morocco, under the U.S.-brokered “Abraham Accords.” Reuters
Sub Saharan Africa
Niger Orders Troops on ‘Maximum Alert.’ On Friday the Junta in Niger ordered its military forces to go on its highest alert, citing an increased threat of attack. The message came in a document issued by the Junta’s defense chief and was widely shared online Saturday. The document said that the order to be on maximum alert would allow forces to adequately respond in case of any attack and “avoid general surprise” and that “threats of aggression to the national territory are increasingly being felt”. This comes as the West African economic bloc ECOWAS has been trying to negotiate with the junta government since the July 26 coup, but has said that it is ready to deploy troops to restore constitutional order if diplomatic efforts fail to do so. On Friday, ECOWAS downplayed the threat of military force and said that it was “determined to bend backwards to accommodate diplomatic efforts,” although intervention remained an option available. Also to downplay the likelihood, ECOWAS Commission President Omar Alieu Touray told reporters “For the avoidance of doubt, let me state unequivocally that ECOWAS has neither declared war on the people of Niger, nor is there a plan, as it is being purported, to invade the country”. Reuters Al Jazeera
France Rejects Niger's Junta’s Demands for Ambassador to Leave. On Friday Paris stated that ruling Junta in Niger did not have the authority to order the French ambassador to leave the country. Niger’s junta gave French ambassador Sylvain Itte 48 hours to leave Niger on Friday after the French ambassador had refused to respond to an invitation from the junta. The rejection comes as military leaders within Niger’s junta accuse Paris of wanting to intervene in Niger in order to reinstate former Nigerien President Mohamed Bazoum. Furthermore, military leaders have also accused the Economic Community of West African States (ECOWAS) of being in cahoots with the French government. France24
Sudanese Paramilitary Force Backs Ceasefire. Sudan’s paramilitary Rapid Support Forces (RSF) stated that it was open to a long-term ceasefire with the army. The RSF has presented its “Sudan Reborn” initiative that could revive efforts to hold direct talks between the two groups. In the statement released on Sunday, RSF leader General Mohamed Hamdan Dagalo stated “Efforts to end the protracted crisis must be directed toward achieving a lasting ceasefire, coupled with comprehensive political solutions that address the root causes of Sudan's wars". Under the “Sudan Reborn” plan, Dagalo has committed the RSF to principles such as federal, multicultural rule, democratic elections, and a single army. Reuters
UN Says Islamic State Doubled Territory in Mali in Under a Year. A new UN report says that Islamic State (IS) militants have almost doubled its territory in Mali in less than a year. In addition to the Islamic State, al-Qaeda linked Jama’a Nusrat ul-Islam wa al-Muslimin (JNIM) has capitalized on the deadlock of other armed groups and has now vied with the Islamic State for control of northern Mali. Militant groups that had signed a 2015 peace agreement, now being perceived as weak, are now being seen as unreliable security providers. As for the Mali government, UN experts believe that Mali officials are watching the conflict between IS and JMIN from afar. Some sources claim that the battles between IS and JMIN would eventually benefit Mali, but others claim that as more time passes, their “military capacities and community penetration grow[ing] each day.” France24
Gabon Imposes Curfew as Voting Wraps up in Major Elections. Gabon’s communication minister, Rodrigue Mboumba Bissawou announced on state television that there will be a nightly curfew between 7 pm until 6 am. In addition to the curfew, Mboumba announced that internet access will be restricted indefinitely due to calls for violence along with alleged disinformation campaigns. The announcement came after voters cast their ballots and is believed to be implemented due to a long-standing issue of violence since the country returned to a multi-party system in 1990. Due to the cycle of political violence, citizens of Gabon have either stockpiled food in preparation or have left the country altogether. Associated Press
Cyber & Tech
China’s Chip Equipment Imports from Netherlands, Japan Surge This Summer. China’s imports of chip manufacturing equipment surged in June and July to reach $5 billion, a 70 percent increase over the same period last year. The majority of imports originated in the Netherlands and Japan, both of which have imposed stricter restrictions on exports of chipmaking tools. Enforcement of Japan’s export controls began on July 23, while the Dutch curbs will be implemented on September 1. The summer jump in Chinese purchases suggests it is trying to avoid disruptions to its stated plans to increase domestic chip production. Lucy Chen, vice-president of Isaiah Research, based in Taiwan, noted “China increased its inventory of semiconductor equipment through advance stockpiling to alleviate potential supply chain bottlenecks.” The Dutch advanced lithography equipment maker, ASML, has seen one of the largest increases in Chinese purchases. From January to July, Chinese imports of Dutch-made lithography machines, nearly all of them from ASML, grew 64.8 percent year to $2.58 billion. ASML’s CEO Peter Wennink explained during a recent earnings call: “Our Chinese customers say: ‘We are happy to take the machines that others don’t want’, because their fabs are ready and they can take the tools that become available.” Financial Times South China Morning Post
Beijing Authorities Increase Controls Over Tech Sector Using 2016 Anti-Terror Law. Beijing’s city government has announced new regulations that expand municipal officials’ authority over the technology sector using provisions of a 2016 anti-terrorism law. Other cities have adapted the 2016 anti-terrorism law but Beijing is the first to invoke the technology elements, which require tech companies to cooperate with security agencies to counter terrorist acts. The new Beijing city rules underscore that Internet companies must remove and maintain records of content that is terrorism or extremist related. The regulations also stipulate that city officials will strengthen “risk monitoring” of new technologies and industries. New industries, according to an earlier draft of the regulations not appearing in the final version, include AI, blockchain technologies, and autonomous vehicles. Raffaello Pantucci, a senior fellow at the S. Rajaratnam School of International Studies in Singapore, said the emphasis on new industries and technology “expands public security organs’ ability to prosecute and demand information from citizens by invoking this set of rules.” Under the new regulations, Beijing and state security components will create a “grass-roots intelligence network” in which residents will be trained to identify “suspicious situations.” Beijing’s counterterrorism division and Beijing-based state ministries and enterprises will establish a coordination mechanism along with the People’s Liberation Army. South China Morning Post
Lazarus Deploys New Malware Against U.S., European Healthcare, Internet Sectors. The North Korea-linked hacking gang, Lazarus, is deploying a new malware strain against U.S. and European health facilities and Internet infrastructure, according to Cisco Talos security researchers. The attacks involve exploitation of a vulnerability in the ManageEngine ServiceDesk suite, which is used by hundreds of organizations for IT infrastructure, networks, and servers. Cisco reported that the most recent incidents are “the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.” Specific targets of the attacks have not been identified. Lazarus began operations to exploit the vulnerability in February by using a new, complex malware tracked as QuiteRAT, which is similar to other strains used by Lazarus but has proved more difficult to detect and seize. Cisco says QuiteRAT allows hackers to gather data about the infected device and can stay dormant for predetermined amounts of time. In addition to QuiteRAT, Cisco researchers identified a new Lazarus remote access trojan software, CollectionRAT, which they have linked to a Lazarus unit called Andariel. Cisco says there are multiple indications Lazarus continues to evolve its tactics, including more frequent use of open-source tools. The Record
Three Malware Loaders Linked to Vast Majority of System Intrusions. A trio of malware loaders, which deliver and execute other malware tools, are responsible for 80 percent of system intrusions, according to ReliaQuest threat researchers. The three — QakBot, SocGholish, and Raspberry Robin – have been detected in the vast majority of cyberattack environments delivering ransomware, viruses, trojans, worms, and other malicious software to target systems. Cybersecurity staff face added complications since one mitigation strategy may not be effective against a different type of loader, even if the follow-on malware is the same. However, the ReliaQuest researchers noticed that “in the majority of cases we observed, the malware loader was detected and stopped early in the kill chain.” Based on recent trends, these loaders are very likely to continue to be used in system attacks. ReliaQuest described characteristics of the loaders, with QakBot initially designed as a banking trojan, but later modified with new capabilities to become a versatile malware. It has been associated with the Black Basta ransomware group. SocGholish takes on the guise of authentic software updates and has been linked to the Russia-based Evil Corp cybercrime group specializing in financial attacks. Raspberry Robin has been employed by multiple threat actors, including Evil Corp and Silence, and operates as a worm-turned-loader deployed against Microsoft Windows environments. This year Raspberry Robin has been used in cyberattacks on financial, telecommunications, government, and manufacturing organizations. Cybernews
Read deeply-experienced, expert-driven national security news, analysis and opinion inThe Cipher Brief
