10:00 AM ET, Wednesday, July 19, 2023
The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines, broken down by region of the world:
In the Americas
Trump Receives ‘Target Letter’ in January 6 Probe. Former U.S. President Donald Trump said on Tuesday that he has received a letter notifying him that he is a target of the Justice Department’s January 6 investigation into efforts to overturn the 2020 presidential election results. The letter is the strongest indication that Trump may face federal criminal charges in the investigation. Trump officials and allies have testified before the January 6th Grand Jury on issues like voter fraud claims and his role in the 2021 Capitol attack as part of the investigation. Trump denies wrongdoing, claiming that the investigations are “election interference” aimed at undermining his 2024 presidential bid. Reuters The Hill
U.S. House Rejects Republican Hardliner Effort to End Sanctions on U.S. Adversaries. The Republican-controlled U.S. House of Representatives overwhelmingly rejected an effort by hardline conservatives to end five presidential emergency declarations that allow sanctions against Syria, Yemen, Iraq, Libya and Democratic Republic of Congo. The House largely agreed that ending the declarations would unfreeze assets of militia leaders, arms dealers, and accused war criminals, and deny compensation to U.S. victims of terrorism. The hardliners argued that the emergency declarations were out-of-date and an example of the “deep state,” asserting that they have remained in place without proper Congressional review. They added that they will bring additional resolutions to all 41 national emergency declarations, including one against Iran from the 1970s. Reuters
Western Europe
Britain’s MI6 Chief Urges Russian to Spy for Britain, Discusses AI in Intelligence. Richard Moore, the head of Britain’s MI6 intelligence agency, on Wednesday called on Russians to spy for Britain. Speaking in a rare public speech — his second since becoming chief of the Secret Intelligence Service in 2020 — Moore said Russia’s failures in Ukraine has offered an opportunity to recruit Russians who have witnessed “the venality, infighting and callous incompetence of their leaders” to work with Western intelligence and help bring an end to the Ukraine war. Moore also noted that the Wagner Group mutiny demonstrated “deep fractures,” though added that despite the focus on Russia, MI6 still devotes more resources to China than to any other nation. He noted that artificial intelligence is becoming more widely used in intelligence work, both by MI6 and other Western agencies using it to augment their work, as well as authoritarian regimes using it to spread disinformation. Moore also said that AI will never replace the “human factor” needed in intelligence work, arguing that human agents will remain essential. Associated Press Reuters
Central and Eastern Europe
Russia Strikes Ukraine's Odesa Port for Second Night. Ukraine accused Russia of attacking the Black Sea port of Odesa on Wednesday for the second consecutive night, following Moscow’s withdrawal from the Black Sea grain deal. Ukrainian officials report that the attack damaged grain terminals and port infrastructure in Odesa and nearby Chornomorsk and injured 10 civilians. Ukraine’s air force said Russia launched 63 missiles and drones across the country on Wednesday, with most being focused on the Odesa region, and that Ukrainian air defenses intercepted 37 of them. A spokesperson for the Odesa military administration described “a hellish night” of attacks. Ukrainian President Volodymyr Zelensky said the attacks “deliberately targeted the infrastructure of the grain deal” and ordered Ukraine’s military to strengthen protection of Ukrainian ports in response. Andriy Yermak, the head of Zelensky’s office, added that Russia targeted Odesa in an effort to create “hunger and problems in the countries of the Global South” to “create a refugee crisis for the West.” Separately, Ukrainian officials noted that Russia also launched drones at Kyiv, though air defenses destroyed all drones launched at the capital. Financial Times New York Times Reuters
Fire Breaks Out at Crimea Military Base. A fire broke out on the military training grounds in the Kirovske district on the Crimean Peninsula on Wednesday. Moscow-backed officials say the fire forced the temporary evacuation of over 2,000 people from four settlements and the partial closure of the major Tavridy Highway. Officials did not report the cause of the fire and Ukraine did not immediately comment on the incident, though Ukrainian media and Russian Telegram channels reported that the fire had come from an ammunition depot that was targeted by Ukrainian air attacks. Unconfirmed reports say the fire lasted for three hours. Reuters
Asia and Oceania
China Readies for Naval Exercises with Russia. The Chinese Defense Ministry said Wednesday that it has deployed naval vessels in preparation for joint drills with Russia’s naval forces. China’s Xinhua state news agency reports that the exercises will take place in the Sea of Japan in the coming days and involve more than 10 ships and at least 30 aircraft. The Chinese ships reportedly include the guided missile frigates Rizhao and Zaozhuang, the supply ship Taihu, and the guided missile destroyers Guiyang and Qiqihar. The Chinese ships reportedly are also carrying four helicopters, while Russia is sending the frigates Gromkiy and the Otlichnyy. The Russian warships have been hosting visitors for a week in Shanghai. According to Chinese reports, the joint exercises will center on maritime search and rescue, ship-to-ship communications, and maneuvering in formation. Associated Press
North Korea Fires Ballistic Missiles After U.S. Submarine Arrives in South Korea. The Japanese and South Korean militaries reported that North Korea launched two ballistic missiles off its east coast early Wednesday, hours after a U.S. ballistic missile submarine arrived in South Korea. According to the Japanese Defense ministry, both missiles fell outside of Japan’s exclusive economic zones. U.S. Indo-Pacific Command said that the launches did not appear to pose an immediate threat to the United States or its allies but demonstrated the destabilizing impact of North Korea’s illicit weapons program. South Korea’s Joint Chiefs of Staff strongly denounced the launches saying that they were “provocative acts that undermine the peace and stability of the Korean Peninsula as well as the international community and are a clear violation of U.N. Security Council resolutions.” This comes as North Korea tested its latest Hwasong-18 intercontinental ballistic missile nearly a week ago, saying that the launch was a warning to the U.S. and its allies. Reuters
Chinese Defense Minister Meets With Henry Kissinger. Chinese Defense Minister Li Shangfu met with former U.S. diplomat Henry Kissinger in Beijing on Tuesday. The Chinese defense ministry said that Li told Kissinger that the U.S. should use reasonable, strategic discernment when dealing with China, saying that “some people on the U.S. side have failed to move in the same direction as the Chinese side, resulting in China-United States relations hovering at a low point since the establishment of diplomatic relations.” He also emphasized that China has committed itself “to building stable, predictable and constructive Sino-U.S. relations,” blaming Washington for current tensions. Kissinger reportedly said that the U.S. and China should erase “misunderstandings [and] coexist peacefully and avoid confrontation.” U.S. State Department spokesperson Matthew Miller said that Kissinger was traveling as a private citizen on his trip to Beijing, and was not acting on behalf of the U.S. government. Reuters South China Morning Post
Middle East and Northern Africa
Russian Fighter Jet Harasses U.S. Reconnaissance Plane Over Syria. The U.S. military reports that a Russian fighter jet intercepted and harassed a manned U.S. reconnaissance aircraft over Syria on Sunday. Lieutenant General Alex Grynkewich, the commander of US Air Force Central Command, said that a Russian Su-35 fighter jet approached a U.S. MC-12 reconnaissance aircraft flying over Syria, forcing the slower propeller plane to fly through the wake turbulence of the jet, putting the lives of the crew at risk. Grynkewich said that the maneuver was a “new level” of unsafe and unprofessional action by Russian pilots. The incident is at least the fifth incident this month in which the U.S. has said Russian military aircraft interacted with American planes in an unsafe or unprofessional manner. In response to the incident, Chairman of the Joint Chiefs of Staff Gen. Mark Milley said Tuesday that “if at any point in time, any of our troops sense that it’s a hostile act – a hostile intent – they will defend themselves. We have a deconfliction channel that [Central Command] operates on a day-to-day basis in order to prevent any sort of incident or escalation. We’re monitoring it very closely.” CNN
Syria Intercepts Israeli Missiles Launched Towards Damascus. The Syrian state news agency (SANA) reported on Wednesday that an Israeli airstrike near Damascus injured two soldiers and “caused some material damage.” A Syrian military source told SANA that Syrian air defenses confronted missiles launched from the Golan Heights at 12:25 am and “shot down most of them.” Israel has carried out airstrikes in the past against what it describes as Iran-linked targets in Syria. Reuters
Major Swedish Aid Group in Afghanistan Halts Some Operations After Taliban Restriction. The Swedish Committee for Afghanistan (SCA), a large humanitarian program, has paused some of its Afghan operations following the Taliban’s orders halting Swedish activities in the country. The restriction on Swedish activities came in the wake of a recent protest in Stockholm that included the burning of a Koran, which the Taliban administration condemned. The SCA, which treated 2.5 million patients in health clinics last year and employed thousands of Afghan staff members in education, health, and rural development projects, said it is working for consent to continue work in Afghanistan. The Afghan Taliban administration has not responded to requests for comment on the matter. Reuters
U.S. Issues 120 Day Waiver Allowing Iraq to Purchase Electricity from Iran. U.S. Secretary of State Antony Blinken signed a 120-day national security waiver allowing Iraq to pay Iran for electricity in an effort to avoid unpopular power cuts as temperatures soar this summer. Under U.S. sanctions, Iraqi payments for Iranian electricity can only be released from restricted Iraqi bank accounts with U.S. permission for Iran to purchase humanitarian supplies. The new waiver allows Iraq to deposit payments into restricted third-party accounts outside of Iraq but still requires U.S. permission to access the funds. The U.S. official said, “we have to help the Iraqis with this perennial pressure from the Iranians to access the money,” and that the waiver was expanded at Baghdad’s request. Reuters
Sub Saharan Africa
Putin Will Not Attend BRICS Summit in South Africa. South Africa’s presidency announced on Wednesday that Russian President Vladimir Putin will not attend the upcoming BRICS summit in Johannesburg. Russia will instead be represented by Foreign Minister Sergei Lavrov. South Africa faced pressure to not allow Putin to attend the meeting after the International Criminal Court issued an arrest warrant for Putin in March, accusing him of the war crime of illegally deporting children from Ukraine. As a member of the ICC, South Africa would have theoretically been required to arrest Putin for the charges if he traveled to the summit. According to a local court submission, South African President Cyril Ramaphosa previously asked the ICC for permission to not arrest Putin, arguing that doing so would amount to a declaration of war on Russia. BBC Reuters New York Times
Cyber and Tech
Global Governance Tops Agenda of UN Security Council’s First AI Meeting. British Foreign Secretary James Cleverly, chairing the UN Security Council under the UK’s month-long presidency, opened the council’s first discussion of artificial intelligence with an urgent call “to shape the global governance of transformative technologies because AI knows no borders.” He acknowledged AI’s potential benefits for climate change and economics but cautioned that the technology can be used to spread disinformation, among other potential harms. Citing the vast influence of the technology, Cleverly said AI will "fundamentally alter every aspect of human life." Several briefings on AI were presented to the council, including by UN Secretary General Antonio Guterres, who noted "both military and non-military applications of AI could have very serious consequences for global peace and security." Guterres supports proposals from some nations to create a UN agency modeled after the IAEA “to govern this extraordinary technology.” Jack Clark, co-founder of the AI startup Anthropic, and Professor Zeng Yi, co-director of the China-UK Research Center for AI Ethics and Governance, also briefed the council. The Chinese UN Ambassador, Zhang Jun, said AI is a “double-edged sword” and reiterated Beijing’s support for the UN to have a coordinating role in establishing ground rules for the technology. U.S. Deputy Ambassador Jeffrey DeLaurentis raised the human rights issues posed by AI, adding "no member states should use AI to censor, constrain, repress or disempower people." Reuters
European Centre Urges EU To Make Up Gap in Quantum-Era Preparations. A recently released discussion paper from the European Policy Centre has outlined measures the EU should take to shield member states from quantum-enabled cyberattacks. In anticipation of “Q-Day” — the still unknown date at which quantum computers will be able to break current cryptographic algorithms — the paper advocates a coordinated EU action plan to develop and deploy quantum-secured technologies in advance of that breakthrough. Quantum researchers project that Q-Day will arrive in 5-10 years, at which point data encrypted by current methods could be vulnerable to exposure. The paper argues that to date the implications of quantum computing have been “left out of the conversation” by EU policymakers. Consequently, there is no unified strategy to deal with the prospect of "harvest attacks” in which cybercriminals will be able to use quantum capabilities to decrypt currently protected data they already are stockpiling. The paper recognizes the U.S. lead in preparing for post-quantum cybersecurity through NIST’s work on a post-quantum cryptographic standard and quantum-resistant encryption tools. Among other recommendations, the paper urges the EU to establish a new expert group to develop best practices related to the transition to quantum, facilitate political coordination among EU bodies and member state authorities, and coordinate EU-wide coordination of research efforts and gaps. InfosecurityMagazine
Google Accidental Upload Exposes Defense, Intelligence Names, Email Addresses. The names and email addresses of hundreds of defense and intelligence agency employees around the world were accidentally exposed when they were uploaded to the VirusTotal scanning platform operated by Google. The online service provides checks and anti-virus tools for suspected malware uploaded by client organizations, which creates a library of malware signatures for use by cybersecurity personnel. In this incident, a file containing the identities of 5,600 customers was uploaded, including personnel from the U.S. Cyber Command, National Security Agency, Pentagon, FBI, and U.S. military service branches. In addition, names of personnel from Britain’s Ministry of Defence and emails belonging to staff at the CERT-UK function of the National Cyber Security Centre, were uploaded. The leak also includes emails for ministries in Germany, Japan, the United Arab Emirates, Qatar, Lithuania, Israel, Turkey, France, Estonia, Poland, Saudi Arabia, Colombia, the Czech Republic, Egypt, Slovakia and Ukraine. A Google spokesperson told RecordedFuture that the personnel data was removed “from the platform within an hour of its posting and are looking at our internal processes and technical controls to improve our operations in the future.” The Record
Ukraine Police Close Bot Farm Disseminating Pro-Russian Propaganda. Ukrainian cyber police closed a bot farm spreading disinformation on the Ukraine conflict through various social media platforms. Following a similar bust last month, the bot farm involved more than 100 participants from various locations across Ukraine. The content circulated by the bots included justifications of Russian troop actions in Ukraine and other false information. The bot farm administrators also are charged with Internet fraud, including illegal distribution of Ukrainian citizens’ personal data. Ukrainian authorities seized computer equipment, mobile phones, and SIM cards in the course of the investigation. Bot farm operators reportedly receive payment in Russian rubles and use outlawed payment systems to transfer funds into cryptocurrency. The Record
CISA Issues Warning on Adobe, Microsoft, Citrix Product Vulnerabilities. CISA has issued advisories to cybersecurity administrators warning that products from Adobe, Microsoft, and Citrix are being exploited by hackers. CISA urged users of the products to install patches quickly in light of confirmed vulnerabilities in several applications, including Adobe’s ColdFusion, a web application development platform. CISA warned that hackers could “take control of an affected system” if patches made available by Adobe are not applied. Adobe has acknowledged that the patch does not offer complete protection and developers are currently working on “a more comprehensive resolution. Our team will release an update as soon as it is available,” a company spokesperson said. Vulnerabilities in Microsoft Office applications involving infected files have been exploited by Russia-linked RomCom hackers, triggering widespread concern. The vulnerability does not yet have a patch, but Microsoft has offered several mitigations that provide some protection against attacks. Immersive Labs’ security specialist Kev Breen has warned that the mitigations provided by Microsoft are “no substitute for patching, as attackers can find ways to bypass AV detections.” The cloud computing company, Citrix, issued an urgent advisory Tuesday detailing three vulnerabilities in its networking products, NetScaler ADC and NetScaler Gateway. A serious vulnerability already has been exploited and carries a CVSS score of 9.8. Citrix has confirmed that exploits of the vulnerability “on unmitigated appliances have been observed.” The company urged affected NetScaler ADC and NetScaler Gateway users to install updated versions “as soon as possible.” The Record
Read deeply-experienced, expert-driven national security news, analysis and opinion inThe Cipher Brief
