Report for Friday, April 7, 2023
Friday, April 7, 2023
The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines, broken down by region of the world:
In the Americas
Pentagon Investigating Leak of Classified Ukraine War Plans On Social Media. Senior U.S. officials said that classified war documents detailing secret US and NATO plans for helping the Ukrainian military ahead of its planned offensive were posted this week on Twitter and Telegram. The Pentagon is investigating who may have been behind the leak of the documents; while pro-Russian government channels have been sharing and circulating the slides. Military analysts have said that there appear to have been modifications to the five-week-old documents, including understating estimates of Russian forces killed and overstating US estimates of Ukrainians killed, which might point to efforts by Moscow to spread disinformation. Regardless, the unauthorized disclosure is a serious breach of U.S. intelligence., Analysts said it could be difficult to understand the effect of the documents’ disclosure as it pertains to the frontline, but they provide potentially valuable information such as the timetables for the delivery of weapons and troops to Ukraine and Ukrainian force numbers. New York Times NPR
White House Justifies 2021 Withdrawal from Afghanistan, Blames Trump. A summary of findings from an administration-wide after-action review, released on Thursday, blames former President Donald Trump for creating conditions that exacerbated the tumultuous withdrawal of U.S. forces from Afghanistan in summer 2021. The review points to decisions like Trump’s entering an agreement with the Taliban that required US troops to leave the country by May 2021 as directly contributing to the chaos, as that agreement lacked implementation planning for the withdrawal as well as for the evacuation of Americans and Afghan allies. The report did not explicitly acknowledge mistakes the Biden administration made during the withdrawal, but did point to changes in policies and procedures that have been made since the operation’s completion. Mr. Trump rejected the findings of the report, redirecting blame at President Biden. Al Jazeera CNN Politico
South Korean President Invited to Address US Congress. U.S. lawmakers invited South Korean President Yoon Suk-yeol to speak in front of Congress April 27 during his U.S. visit. During his visit, set to celebrate the 70th anniversary of the US-South Korea alliance, Yoon is also expected to meet with President Joe Biden. It will be the first state visit to the US by a South Korean president since 2011. CNN NBC Reuters
Canada to Help Carry Out North Korea Sanctions, Sends Aircraft to Japan. Canadian Defense Minister Anita Anand announced that they will deploy a CP-140 Aurora Aircraft to Japan to support the enforcement of UN Security Council sanctions against North Korea. The aircraft will be used to monitor any North Korean maritime efforts to evade the sanctions, such as ship-to-ship transfers of fuel and other banned commodities. Government of Canada Reuters
Chile Signs New Laws, Allocates $1.5 Billion to Combat Rising Crime and Police Killings. Chile’s President Gabriel Boric signed four new laws Thursday, and allocated $1.5 billion to combat the rising crime, a day after the third police officer in a month was killed. In a statement, Boric said that the money will go towards additional security spending, and the new laws will criminalize extortion, increase penalties for kidnapping, firearm possession, and crimes against police. It will also give police more power to use force. Amnesty International and other human rights groups have criticized the measures, saying they will increase police brutality. Reuters
Western Europe
Sweden Says State Actor Involvement in Nord Stream Blasts is ‘Main Scenario’. The Swedish prosecutor investigating the Nord Stream explosions on Thursday said a state actor perpetrating the attack is the “main scenario.” The prosecutor added that analysis of the type of explosion used in the attack has ruled out a number of actors, though he also said that the evidence still points to several possible culprits, meaning it will still be difficult to determine who was ultimately behind the blasts. The U.S., Russia and Ukraine have all refused various competing accusations that they were behind the attacks. Reuters The Guardian NY times
Italian Drug Cartels Increasingly Relying on Chinese Shadow Banks. Italian judicial and law enforcement authorities claim that drug cartels in Italy are increasingly using unlicensed Chinese shadow networks to conceal cross-border payments, signaling that the cartels have learned from methods employed by Latin American narcotics groups. U.S. authorities say these Chinese “money brokers” represent one of the most worrisome threats in the war on drugs. In an interview conducted by Reuters, experts say the phenomena “undermines the entire international anti-money laundering system”, which to date has been critical for fighting criminal organizations. Decode39 Reuters
Greece Promises Military Assistance for Ukraine. Greek Defense Minister Nikos Panagiotopoulos on Thursday, speaking in a joint appearance with Ukrainian Defense Minister Oleksii Reznikov in Athens, reaffirmed that Greece will continue to provide military assistance to Ukraine, for as long as it takes. Reznikov was in Athens as part of meetings with officials from NATO countries. During the meeting, he was reportedly promised artillery and small arms ammunition, access to Greek hospitals, and Soviet era fighting vehicles. Additionally, Greece pledged to continue to provide trainers to Ukrainian special forces. Panagiotopoulos, however, qualified this support by telling Greece’s parliament that Greece will not provide military assistance that would jeopardize its own defense needs. Associated Press
Central and Eastern Europe
Russia Takes West Bank of Bakhmutka River, UK MoD Says. The U.K. Ministry of Defense on Friday said Russian forces have taken the west bank of the Bakhmutka River, which runs through the city of Bakhmut. The ministry said that with this progress, Russian forces have likely moved into the city’s center and are threatening the key Ukrainian supply route in the west of the town. The ministry added that this advance may signal that Russia’s military and the Wagner Group have at least paused tensions and are better coordinating with each other, although the group’s founder Yevgeny Prigozin said on his Telegram channel that he is still not satisfied with the level of support the Russian military is providing to his group. Prigozin also says that he sees no sign that Ukrainian troops are withdrawing from the city. Reports of this new momentum in the Russian assault on Bakhmut came a day after Ukrainian President Volodymyr Zelenskyy said Kyiv would make “correct decisions” to protect Ukrainian troops in Bakhmut if it is encircled by Russian forces, signaling that Ukraine is preparing for a potential withdrawal from the embattled city. Reuters UK Ministry of Defence Twitter Deutsche Welle
Ukraine Strikes Russian Military Base in Melitopol. The exiled Ukrainian Mayor of Melitopol, a city in Russian-occupied Crimea says Ukraine’s military has struck a Russian military base in the region. Ivan Fedorov says the strike occurred late Thursday and follows recent explosions near a train station and a military airfield. The latest incident comes amid reports that Russia is bolstering its forces in the region. The Russian military seized Melitopol in the early days of the war. The city, which sits on a strip of land in southern Ukraine that connects mainland Russia with the Crimean peninsula is considered strategic by both sides. Wall Street Journal
Russian Court to Hear Appeal from Detained Wall Street Journal Reporter’s Lawyers. A court in Moscow will hear an appeal from the lawyers representing detained Wall Street Journal reporter Evan Gershkovich. Mr. Gershkovich’s attorney’s plan to challenge the charge of espionage, which Gershkovich has consistently denied. Reports say that the court could uphold Gershkovich’s detention in Moscow’s notorious Lefortovo prison, move him to another prison, allow house arrest or grant him bail. It is unclear if Mr. Gershkovich will appear in person or virtually for the appeal hearing. The U.S. is calling for Gershkovich’s immediate release with Secretary of State Antony Blinken saying he has ‘no doubt’ that Gershovich has been wrongly detained. Reuters Wall Street Journal
Putin, Belarus’ Lukashenko Reportedly Did Not Discuss Strategic Nuclear Weapons. Russian President Vladimir Putin and Belarusian President Alexander Lukashenko held talks in Moscow to duchess their countries’ defense and economic ties. The two leaders met under the framework of the so-called Union State, a borderless union between Belarus and Russia. Both Putin and Lukashenko’s comments did not mention the Ukraine war, which Belarus maintains it is not a party to despite Russian using Belarusian territory as a staging ground for its invasion of Ukraine. Kremlin spokesman Dmitry Peskov also reportedly added that the two leaders did not discuss the placement of Russian strategic nuclear weapons in Belarus. Putin has said Russia would deploy tactical nuclear weapons to Belarus in the coming months. Euronews Reuters
Ukraine, Poland to Jointly Produce Tank Shells. Ukrainian state arms producer Ukroboronprom and Polish arms producer Polska Grupa Zbrojeniowa announced on Thursday that they would launch a joint production of Soviet-era tank shells. The deal was signed on Wednesday during Ukrainian President Volodymyr Zelenskyy’s visit to Poland. This will make Poland the second NATO state to help Ukraine produce ammunition. Reuters Yahoo
Poland PM Suggests Fast Tracking Moldova Accession Into EU. During a visit to Chisinau, Polish Prime Minister Mateusz Morawiecki said on Thursday that fast tracking Moldova into the European Union could be possible, as the country seeks to join the bloc. Moldova has sought to join the EU as a result of the war in Ukraine, becoming a membership candidate in 2022. Reuters
Asia
Xi Says ‘Wishful Thinking’ that China Would Compromise on Taiwan. Chinese President Xi Jinping on Thursday said that Beijing will “never agree” with anyone who challenges its One China policy, and that it is “wishful thinking” to believe that China will compromise on the Taiwan issue, which he called “the core of China’s core interests.” Xi made these strong remarks on Taiwan in a conversation with European Commission President Ursula von der Leyen, who told Xi that using force to change the status quo in the Taiwan Strait is “unacceptable” and urged him to consider resolving some China-Taiwan tensions through dialogue. Xi’s Taiwan comments came a day after Taiwanese President Tsai Ing-wen met U.S. House Speaker Kevin McCarthy and 17 other U.S. lawmakers in Los Angeles. McCarthy reemphasized U.S. ties with Taipei in that meeting and called for the continued sale of arms to Taiwan. South China Morning Post
Xi Seeks to Shore Up Relations with Macron in Lavish State Visit. Chinese President Xi Jinping has reportedly given French President Emmanuel Macron an ‘unusually lavish’ state visit, a move that analysts say is an attempt by Xi to strengthen China’s relationship with France, a key EU country. Reports say that Xi and Macron visited southern China on Friday where they were scheduled to visit a former home of Xi’s father in the city of Guangzhou. Analysts say such a trip by Xi with a foreign leader is rare, and underscores the importance that Xi puts on attracting EU allies in an attempt to counter western-led dominance and what Xi has called an attempt by the US to contain Beijing. Other media reports say that Macron was met with a warm welcome among the Chinese public. Reuters South China Morning Post France24
China Retaliates for Tsai’s Meeting With Sanctions on U.S. Rep, Several Organizations. China is lobbing sanctions against the United States' Hudson Institute and Reagan Library, which it said facilitated the meetings, as well as the Asian entities Prospect Foundation and the Council of Asian Liberals and Democrats, which China says promote Taiwan’s independence. The sanctions also banned Hsiao Bi-khim, Taiwan’s representative in the U.S., and her family from entering China. Taiwan’s Foreign Ministry criticized the sanctions, saying Beijing cannot “butt in” on Tsai’ strips abroad, while also saying China is “deceiving itself” if it thinks the sanctions will have a real impact. Associated Press Reuters
Japan Military Helicopter Crashes. The Japanese military is searching for ten missing crew members of a Japanese Black Hawk helicopter which crashed at sea on Thursday afternoon during a surveillance mission. Patrolling coast guard ships have found debris believed to have been from the helicopter. The crash comes amid increased tensions between Japan and China and North Korea.. Associated Press Associated Press Japan Times
Azerbaijan Expels Four Iranian Diplomats. Azerbaijan announced the expulsion of four Iranian diplomats, accusing them of “provocative actions,” following a rise in tension between the two countries. The country reportedly summoned the Iranian diplomat, and informed him that four employees of the embassy were “persona non grata” and had 48 hours to leave the country. The foreign ministry did not provide further details to their expulsion, other than that they were responsible for activities “incompatible with diplomatic status.” This announcement came hours after the country arrested six Azerbaijani nationals tied to Iranian secret services. The men were reportedly planning a coup. Al Jazeera
Middle East and Northern Africa
Israel Strikes Lebanon, Responding To Rocket Attacks. Israeli jets struck south Lebanon and the Gaza Strip earlier today in response to a heavy rocket barrage on Thursday, which the Israeli military blamed on Gaza-based Palestinian militias who also operate in Lebanon. As of early Friday, violence along the Israel-Lebanon had decreased, but the attacks are the most serious clashes on the shared border since Israel’s war against Hezbollah in 2006. Thursday’s rocket attack appeared to be in response to the Israeli police raid at the al-Aqsa mosque on Wednesday, which prompted widespread anger among Palestinians, and are being attributed to branches of Hamas and Palestinian Islamic Jihad, which the Israeli military believes acted with Hezbollah’s knowledge. While Friday’s attacks did not immediately prompt more rocket fire from Lebanon, armed groups in Gaza launched 44 short-range rockets towards Israel, according to the Israeli military, most of which were intercepted by Israeli air defense systems or landed in unoccupied areas. A UN peacekeeping mission on the Israel-Lebanon border said in a statement that it was in touch with authorities in both countries and that neither side wants a war. Associated Press Reuters Wall Street Journal New York Times
Saudi Arabia Pledges $2 Billion in Financial Support to Pakistan. According to Pakistan’s Junior Finance Minister Aisha Ghaus Pasha, Saudi Arabia has informed the International Monetary Fund that they will provide $2 billion in external financing to Pakistan. This is a critical step needed to secure IMF funding needed for Pakistan to avoid defaulting. The IMF has reportedly requested that Pakistan secure external funding to fill their payment gap by the end of the fiscal year ending in June. Reuters
CIA Director Burns Visits Saudi Arabia, Reaffirmed Intelligence Cooperation. CIA Director William Burns reportedly visited Saudi Arabia earlier this week to reaffirm the U.S. commitment to intelligence cooperation with the kingdom. A U.S. official familiar with the visit said the intelligence talks focused on coordinating counterterrorism efforts. Burns’ visit came amid the China-led detente between Saudi Arabia and Iran, which has prompted some experts to say the U.S. is losing influence over Riyadh over tensions on issues like human rights and oil production, as well as Washington’s focus on Ukraine and East Asia. Reuters
Sub Saharan Africa
Ethiopia to Integrate Regional Special Forces, Form More Centralized Army. The Ethiopian government announced its intention to integrate all regional special forces into either the Ethiopian National Defense Force (ENDF) or the federal or regional police, in a move that is widely viewed as an attempt to undercut the historical authority and autonomy of individual regions in the country. Hours before Thursday’s announcement, local media in the Amhara region, the second largest in the country, reported clashes between the ENDF and regional forces due to Amhara Special Forces (ASF) units’ refusal to surrender their weapons as part of the integration process. Addis Ababa blamed the clashes on a misunderstanding of the policy and on “fringe groups” within the ASF. Reuters Al Jazeera
Rebel Attacks Rising In DRC. A local human rights organization relayed on Thursday that more than 30 people in the Democratic Republic of Congo (DRC) had been killed by attacks from the Allied Democratic Forces (ADF), an extremist organization with ties to the Islamic State. Attacks from the ADF, which has existed for several years but did not establish an official relationship with the Islamic State until 2018, have been on the uptick lately. Since April 2022, the ADF has killed more than 370 civilians and abducted several hundred more, including a significant number of children. Attacks from other rebel groups are simultaneously increasing in other parts of DRC, including by M23 in North Kivu. Until a year and a half ago, M23 had been largely dormant, but has since resumed killing civilians and seizing territory, displacing nearly 1 million people. Associated Press US Department of State
Cyber & Tech
Tesla Workers Accessed Sensitive Recordings from Customers’ Cars. A Reuters report has found that Tesla employees allegedly accessed and privately shared sensitive recordings and images from customers’ Tesla car cameras between 2019 and 2022. According to former Tesla employees interviewed for the report, the recordings included footage of customers in embarrassing situations, crashes and road-rage incidents, as well as more benign things like pets and funny road signs. The former employees added that Tesla company systems could show the location of where the recordings took place, and one ex-employee said some recordings were made when cars were turned off or parked. Reuters did not obtain the alleged recordings, which the interviewed former employees said they did not keep, and also was unable to determine if the alleged sharing of recordings is still ongoing. The former employees note that the recordings were used for data-labeling efforts by humans to help train the cars’ artificial intelligence systems. Despite this, some of the ex-employees as well as experts and rights groups are viewing the internal sharing of recordings as a severe violation of consumers’ privacy. Tesla has not commented on the report. Reuters
Decentralized Finance Services Being Misused for Illicit Transfers. The U.S. Treasury Department issued a warning on Thursday that foreign adversaries, cyber criminals, and scammers are using decentralized finance services to transfer and hold their profits. These platforms allow users to lend, borrow, and save money without using banks. Most of the money used on these platforms is cryptocurrency and stablecoins. Reuters
Proposed EU Chips Act Legislation Slated for Approval April 18. The 43 billion euro European Union Chips Act plan is set to be approved on April 18, according to a source familiar with the move. The bill, which was introduced last year, is designed to boost Europe’s semiconductor industry, following growth in US and Asian semiconductor markets. It will also help reduce EU reliance on outside semiconductor suppliers. The plan will double the EU’s share of global chip market by 20% in the next decade. Reuters
Microsoft Seeks Seizure of Domains Linked to Illicit Use of Security Testing Tool ‘Cobalt Strike’. On Thursday, the Health Information Sharing & Analysis Center, cybersecurity firm Fortra, and Microsoft’s Digital Crimes Unit announced legal action to seize domains connected to criminal activity involving manipulated copies of Cobalt Strike, an adversary emulation tool that is increasingly being leveraged by cybercriminals in their attacks, ranging from financially-motivated cybercrime to high-end state-connected attacks. The court order names a range of groups and entities the companies accused of misusing their technologies, including the LockBit and Conti ransomware groups. The companies also detailed known IP addresses associated with criminal activity and the range of domain names utilized by criminal organizations in their 223-page complaint. Thursday’s attempt to disrupt use of Cobalt Strike is expected to be only the first step in curbing illicit use of the tool; malicious actors are expected to retool their infrastructure as a workaround. CyberScoop
Italy Data Agency Expects Remedies from ChatGPT Maker to Resolve Ban. Italy’s data protection agency said Thursday that OpenAI has promised to take measures to address concerns that prompted the regulator to temporarily ban the company’s chatbot ChatGPT. The watchdog imposed the ban, which is the first restriction on the app from a Western country, to investigate ChatGPT for potential violations of European data privacy and security rules. Both the Italian data regulator and OpenAI have yet to release specifics on the company’s proposals to address these concerns. Other data agencies in Europe are closely watching ChatGPT’s fate in Italy as they consider their own potential measures to regulate the app and artificial intelligence development in general. Associated Press Reuters
OpenAI Statement on Generative AI Combines Apology, Rebuttal. OpenAI on Thursday released a statement aimed at addressing a recent ethical and regulatory backlash that has emerged over potential safety issues. In the statement, OpenAI said it works to “ensure safety is built into our system at all levels” and that it is looking into verification options to enforce its 18+ age requirement. The company also emphasized its willingness to collaborate with AI stakeholders and policymakers “to create a safe AI ecosystem”. OpenAI has faced increased criticism in recent weeks from AI experts and industry leaders like Steve Wozniak and Elon Musk, a ban on ChatGPT in Italy, and the decision by the Center for AI and Digital Policy, an advocacy nonprofit, last week to file a complaint to the Federal Trade Commission that claims ChatGPT poses dangerous misinformation risks, particularly to children. Mashable
Google Search to Include “Conversational” AI Chatbot; Spending Cuts Elsewhere To Continue. Google CEO Sundar Pichai said in a Wall Street Journal interview earlier this week that Google is planning to add conversational AI features to Google Search, as the company deals with pressure from chatbots like ChatGPT as well as wider business issues. Mr. Pichai dismissed assessments that chatbots pose a direct threat to Google’s search business, which makes up a substantial share of the larger Alphabet company’s revenue. However, Microsoft’s infusion of ChatGPT into its search engine, Bing, is probably driving this new push for infusing AI into Google Search. Separately, Mr. Pichai revealed that the company has yet to achieve his target of becoming 20% more productive, but would not directly address the potential for another round of layoffs. Last week, Google’s Chief Financial Officer told employees to expect more spending cuts in areas ranging from office dining facilities to computing infrastructure, which is critical for both developing and running AI algorithms. Wall Street Journal
“Most Dangerous” Spanish Hacker in Police Custody. On Tuesday, Spanish police announced that they arrested 19-year old Jose Luis Huertas, known online as “Alcasec”, who is suspected of carrying out high-profile cyber attacks, calling him a “serious threat to national security”. Huertas is accused of a cyber attack on Spain's national council of the judiciary, which affected several other public institutions, including the State Tax Administration Agency, and exposed personal data, account numbers, bank balances, and other sensitive information. Huertas is also accused of stealing hundreds of thousands of euros through impersonation attacks, and for running a platform called Udyat, which sold stolen data. He is considered a flight risk, and is in a provisional prison until his trial. Bleeping Computer The Record
Former DoD AI Chiefs Encourage Cautious Testing of ChatGPT Technologies. Breaking Defense is out with a piece referring to two former directors of the Pentagon’s Joint Artificial Intelligence Center – Cipher Brief Expert Lieutenant General Michael Groen (US Marine Corps, Ret.) and Lt. Gen. Jack Shanahan – about the possibilities and current shortcomings of artificial intelligence for military application. Both Groen and Shanahan spoke highly of the potential of using AI, but noted that current generative AI is not robust enough to provide accurate, actionable intelligence. To demonstrate this, Breaking Defense asked AI models to produce bios on the Groen and Shanahan, with the results having some deep flaws, showing that current AI does not have adequate memory and is not sophisticated enough for more advanced applications like military intelligence. While Groen and Shanahan recognized this and expressed skepticism about adopting AI in the near-term, the two said the Pentagon and government should start looking ahead and building foundations for data systems and practices that will lead to the integration of AI down the road. (Editor's Note: Listen here for more from Lt. Gen. Groen about the need for U.S. innovation to meet national security challenges.) Breaking Defense
India Does Not Plan Regulation of AI Sector in South Asian Market. India’s Ministry of Electronics and IT said it will not pass policies to regulate artificial intelligence development in South Asia. The ministry said the expansion of AI will have a “kinetic effect” on business in the region. This move by India, which has had relatively fewer AI startups, counters growing global scrutiny and skepticism over potential data and privacy risks with the AI boom. TechCrunch
Oakland Ransomware Group Posts Second, Bigger Data Dump. A ransomware group tied to a cyber strike against the City of Oakland, California back on February 8th, has published a second batch of pilfered data, including roughly 600 gigabytes of files. The move likely exposes sensitive information on thousands of the city’s workers. It follows a second, far smaller release of data last month, which included about 10 gigabytes worth of information. Those releases have fueled legal fallout, including from a city police union calling for a $25,000 payout to each officer affected by the breach. StateScoop The Record
Read deeply-experienced, expert-driven national security news, analysis and opinion inThe Cipher Brief