Report for Wednesday, March 22, 2023
Wednesday, March 22, 2023
The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines, broken down by region of the world:
In the Americas
U.S. Moving to Accelerate Transfer of Patriot Missile Systems, Abrams Tanks to Ukraine. The U.S. military is refurbishing older models of Abrams tanks to get them to Ukraine more quickly. Defense Secretary Lloyd Austin said that while the original plan was to send 31 of the newer M1A2 Abrams tanks to Kyiv, the Pentagon has elected to send units of the older M1A1 variant from Army inventory and outfit them with stronger cannons and machine guns instead. Austin said it will be easier to deliver these older tanks this year and that Ukrainians will find it easier to use and maintain them. Separately, the Pentagon also said it will send Patriot missile defense systems to Ukraine faster than scheduled since Ukrainian forces have completed training on the systems faster than planned. C4ISRNET
White House Accuses Beijing of ‘Parroting’ Russian Propaganda on Ukraine War. White House National Security Council spokesman John Kirby says that Beijing is not ‘impartial’ when it comes to Ukraine, offering the most direct US criticism of China’s position on the Ukraine war to date and casting doubt on Beijing’s ability to act as a mediator between Ukraine and Russia. Kirby cited Beijing’s refusal to publicly oppose the war, ongoing purchases of Russian oil and what he described as the “parroting” of Russian propaganda that the West and NATO are to blame for Russia’s invasion of Ukraine. Kyiv Post Politico
U.S. Sanctions Target Iranian Military Procurement Network. The U.S. imposed sanctions on entities and individuals in Iran and Turkey on Tuesday for allegedly participating in a procurement network for Iran’s military. The US Treasury Department said the sanctions cover several Iranian companies, an Iranian national and a Turkish citizen who are accused of getting military equipment like European-origin drone engines, fuel cell testing devices, and biological and chemical detection systems to Iran. The sanctions are the latest U.S. efforts to curb Iran’s drone and weapons programs, which serve both the Iranian armed forces and, reportedly, Russian forces invading Ukraine. Associated Press Reuters US Department of the Treasury
U.S. Releases Human Rights Report. The US State Department released its 2022 Country Reports on Human Rights Practices on Monday. The report includes expected details on Iran’s suppression of anti-government protests, China’s crackdown on Uighurs and other Muslim minorities in the Xinjiang region, and attacks on women’s rights in Taliban-ruled Afghanistan. However, the report also takes aim at U.S. allies like Saudi Arabia, the UAE, Egypt, Pakistan, and India for rights abuses, underscoring the report’s aim of promoting democratic practices in all countries. Mexican President Andres Manuel Lopez Obrador, whose government was named in the document for reported abuses and unlawful killings by Mexican security forces, offered the strongest rejection of the study by calling it full of “lies” and written by a country that “believes it’s the government of the world.” Reuters US Department of State Wall Street Journal
Two American Minors Missing in Mexico Border State. Mexican authorities are searching for two American minors who went missing in the northern border state of Nuevo Leon last week. The state attorney general’s office identified the missing Americans – aged 16 and 9 – and warned they could be in imminent danger. The missing persons case comes weeks after two Americans were killed in a kidnapping in the neighboring border state of Tamaulipas. Reuters
Western Europe
UK Sending Ammunition with Depleted Uranium to Ukraine. The UK is sending armor piercing ammunition that contains depleted uranium to Ukraine. The British Ministry of Defense said the depleted uranium has been a “standard component” in the shells for “decades.” Depleted uranium is a byproduct from the enrichment of natural uranium. It is extremely heavy and can be used to harden shells to enhance their armor piercing ability. When a weapon with depleted uranium detonates, the blast eventually settles into a poisonous and weakly radioactive dust. Russia was quick to condemn the planned transfer of such ammunition. President Vladimir Putin said the ammunition contains a “nuclear component” and that Russia “will be forced to react” if it is supplied to Ukraine. The British defense ministry dismissed these comments as deliberate disinformation, saying British assessments show there is a low risk of radiation from the ammunition. Despite this, the UN Environment Programme has raised concerns about potential health and environmental risks from using depleted uranium in Ukraine. Al Jazeera BBC CNN Reuters
Netherlands to Host NATO Innovation Fund. NATO has selected the Netherlands to host the headquarters of the new NATO Innovation Fund (NIF). The initiative will receive 1 billion euros from the alliance to fund European startups to support the development of new military and dual-use technology. The NIF will be formally launched at the NATO summit in July. Government of the Netherlands NATO Reuters
Central and Eastern Europe
Russia Targets Ukraine with Significant Drone Attack Following Xi-Putin Meeting. As Chinese President Xi Jinping returned to Beijing after his visit to Moscow, Russian forces launched a significant drone attack across Ukraine. The Ukrainian military said it shot down 16 of 21 Iranian-made Shahed suicide drones launched at Kyiv. Ukrainian authorities added that other drones struck housing and an educational facility in the city of Rzhyshchiv, killing four people. Russian missiles also hit buildings in Zaporizhzia city shortly after the drone strikes. Ukrainian President Volodymyr Zelenskiy condemned the attacks and appeared to contrast them with Xi’s Russia visit, saying that when “peace” is discussed in Moscow, “another order is given there for such criminal strikes.” While in Moscow, Xi raised China’s peace plan, which the West has dismissed as vague and inadequate. Xi also emphasized Beijing’s “impartial” position on the Ukraine war and reaffirmed bilateral ties with Russia. Associated Press Reuters Kyiv Post
Japan’s Kishida Visits Ukraine, Offers Further Support. Before Russia’s drone and missile strikes in Ukraine on Wednesday, Japanese Prime Minister Fumio Kishida concluded his surprise visit to Ukraine. Kishida’s trip included a stop in Bucha, a town where Ukraine says Russian forces killed hundreds of civilians, and talks with Ukrainian President Volodymyr Zelenskiy. Kishida told him that Tokyo would continue to support Ukraine amid Russia’s invasion, building on the $7 billion in non-lethal equipment and economic assistance Japan has already sent, as well as its acceptance of 2,000 Ukrainian refugees — both notable figures given Japan’s strict defensive and immigration policies. Kishida also invited Zelenskiy to participate in the upcoming G7 summit in Tokyo virtually. Kishida additionally offered support to Poland for development projects aimed at assisting neighboring Ukraine. Associated Press Kyodo News Reuters Washington Post
Russia Summons Canadian Diplomat Following ‘Regime Change’ Comments. Russia’s foreign ministry announced on Tuesday that it had summoned Canadian charge d’affaires Brian Ebel following comments from Canadian Foreign Minister Melanie Joly about a Russian ‘regime change.’ A Canadian government source confirmed that Ebel had been summoned. During the meeting, Russian officials reportedly told Ebel that the minister’s comments were “unacceptable” and amounted to a “Russophobic attack.” Reuters
Asia
North Korea Fires Cruise Missiles Off East Coast. South Korea’s military reports that North Korea fired several cruise missiles off of its east coast Wednesday morning. Seoul said it is still analyzing the missile launches for more details. The launches are the latest in a series of missile tests by North Korea aimed at protesting the ongoing joint Freedom Shield 23 military exercises between South Korea and the U.S. Associated Press Reuters
Chinese Company Wins Solomon Islands Port Contract. The Solomon Islands awarded the Chinese state company China Civil Engineering Construction Company (CCECC) with a contract to upgrade a port in the Pacific Island nation’s capital of Honiara. The port project comes amid concerns by the U.S. and its Indo-Pacific allies about China’s expanding influence over the Solomon Islands, especially regarding the security pact the two countries signed last year. For the port, Solomon Islands officials have reassured Western governments that there will be “no expansion” beyond commercial infrastructure and it will not be used for dual use or naval purposes. ABC News Reuters
Middle East and Northern Africa
Israeli Parliament Moves to Allow Return of Jewish Settlers to West Bank Settlements. The Israeli Knesset on Tuesday repealed several clauses that would pave the way for Jewish settlers’ to return to four settlements in the West Bank. This decision has been condemned by the Palestinian Authority and the European Union. The decision still must be approved by the Israeli military, but if it is approved it will allow Jewish settlers’ to return to the settlements that they vacated back in 2005. Reuters
Sub Saharan Africa
Ethiopia Condemns US Accusations of War Crimes in Tigray. Ethiopia rejected a US State Department report released earlier this week that determined all sides committed war crimes during the conflict in Tigray. Ethiopia slammed this determination, calling it “inflammatory.” Ethiopia’s foreign affairs ministry added that this undercuts US support for a peace process in Ethiopia, and said it was selective after it found to have exonerated Tigrayan forces of sexual violence accusations. The ministry added that despite the report, they hope to continue restoring the strategic relationship with the US. Reuters
Cyber & Tech
D.C. Health Link Hackers Says Motivated by ‘Russian Patriotism.’ The hacker responsible for the D.C. Health Link breach that exposed the healthcare information of two dozen members of Congress has said that the attack was motivated by his Russian patriotism. The hacker, who goes by the name “Denfur” told Cyberscoop that he and his counterpart, known as “IntelBroker” launched the attack to target US politicians. The hack exposed the names, addresses, social security numbers, and insurance details of impacted lawmakers. There are currently three law enforcement and congressional investigations into the breach. IntelBroker has also claimed responsibility for attacks related to the Department of Defense and Health and Human Services. CyberScoop
US Companies Struggling to Manage Massive Amounts of Data. The Wall Street Journal is out with a new report that examines that challenge that some US companies are facing in their attempts to manage and analyze a massive and growing amount of data. Officials from multiple large companies say that their firms are overwhelmed by the massive amount of commercial data available to them, and they are struggling to effectively analyze and use the information to improve operations and customer experiences. Experts say that companies that fail to generate meaningful insights with the data available now will be at a complete loss when trying to leverage the new wave of data that will come with the expansion of artificial intelligence (AI). Factors contributing to the challenges are the decentralization of data, the migration of data to new platforms and the natural learning curve workers face in using new data technologies. While there is not a strong solution on addressing these problems to better use data, companies and experts agree change needs to happen now as the data deluge only grows bigger each passing day. Wall Street Journal
U.S., Japan Explore Partnership on Hypersonic Missile Defense Capability. Vice Adm. Jon Hill of the US Missile Defense Agency confirmed that the US and Japan are exploring a partnership to develop the Glide Phase Interceptor (GPI) together. The GPI, which is an interceptor capable of neutralizing hypersonic missiles in the glide phase of flight, is one of the agency’s top priorities, according to the statement. Currently, Raytheon Technologies and Northrop Grumman are competing to develop the GPI. Defense News
Russian Civil Space Program Troubled by Safety Incidents, Underinvestment. Wired is out with a new report that says Russia’s civilian space program is in trouble, citing recent safety incidents with two of its spacecraft as evidence that the program could be suffering from more serious issues that has been publicly admitted so far. An expert from Rand says that we could be witnessing the continued demise of the Russian civilian space program and blames Russia’s prioritizing their military program a decade ago as a contributing factor. WIRED
Google Releases ChatGPT Competitor. Google is diving deeper into the artificial intelligence (AI) craze with the public release of its AI chatbot Bard. Google said the partial release in the US and UK is meant to test and gain feedback on the company’s answer to Microsoft-backed OpenAI’s generative AI ChatGPT. Google says that its soft launch of Bard is meant to allow the company to improve the bot, noting that its current state still suffers from occasional inaccuracy and difficulty in generating computer code. Reuters Washington Post
Google Suspends Pinduoduo App Over Malware Discovery. Google blocked downloads of the Chinese shopping app Pinduoduo from its Play Store after finding malware in versions of the app. Google said this malware is designed to monitor users and is urging those with the Pinduoduo app on their devices to uninstall it. Pinduoduo representatives said the company is communicating with Google on the matter. The company also said it rejects “speculation” and the “non conclusive response” from Google that Pinduoduo’s app is malicious, noting that other apps were also suspended at the same time. The targeting of Pinduoduo comes amid the wider drama regarding security concerns about TikTok. Bloomberg CNN TechCrunch Wall Street Journal
American Meta Employee Allegedly Hacked by Greek Intelligence Agency Predator Spyware.The New York Times reports that Artemis Seaford, a former trust and safety manager in Meta’s Security Team, was placed under surveillance by the Greek national intelligence service for a year. According to the report, Seaford had her phone infected in September 2021 with a commercially available malware known as “Predator.” The spyware was developed by a cyber firm called Cytrox, which is believed to be based in North Macedonia. Seaford became aware that she had been spied on after her name appeared on a list of spyware targets in Greek media. Seaford holds both Greek and US citizenship, and is the first known case of an American being spied on in Europe using this type of spyware. The Greek government has denied using Predator, and have since outlawed its use. Computing New York Times
Mandiant Says China-Linked Hackers Deployed Most “Zero-Days” in 2022. Cybersecurity researchers at Mandiant say that Microsoft, Google and Apple were the three largest targets of hackers looking to exploit zero day attacks and that China based hackers were the largest user group of zero day attacks in 2022. The findings are part of a new report by Mandiant. The report lists Russia and North Korea as second and third behind China for most use of zero-day attacks. Tech Radar CyberScoop
Clop Ransomware Gang Claims Breach of Saks Fifth Avenue Servers. The Clop ransomware gang claimed responsibility for an attack on luxury brand retailer Saks Fifth Avenue. The hack appeared to be the latest in Clop’s ongoing campaign targeting vulnerabilities in GoAnywhere MFT servers. A spokesperson from Saks confirmed that the attack took place and that investigations into the breach are ongoing. While the spokesman did not say if employee data was compromised in the attack, they did confirm that mock customer data, rather than “real” customer information, was stolen. BleepingComputer
New BreachForums Administrator Emerges after Site Owner Arrest. A hacker that goes by “Baphomet” claims he is taking over the cybercriminal platform BreachForums following the arrest of its alleged owner, Conor Brian Fitzpatrick, by the FBI last week. The FBI said Fitzpatrick had admitted to being the owner and administrator of BreachForums. The platform was inaccessible following Fitzpatrick’s arrest, though Baphomet, the supposed new administrator, says BreachForums will come back online after it is migrated to new infrastructure. The Record
New US Navy Project Plans AI-Enabled Analysis of Seized Vessel Data. The US Navy’s Task Force Hopper recently launched a new program to build Artificial Intelligence (AI) and Machine Learning capabilities that can be applied to data collected on Navy vessels. According to the announcement from the program director Capt. Pete Kim, the program which has been dubbed Project OpenShip will help to “integrate datasets to build better decision tools for sailors at sea.” Defense Scoop
Ferrari Discloses Data Breach. Ferrari has disclosed that the company suffered a data breach in which hackers gained access to the company’s IT systems. The company announced the breach following a ransom demand from the hackers. Ferrari said it is investigating the matter with the help of a third party cybersecurity firm. They also added that so far, it does not appear that sensitive customer information such as payment details or bank account information was accessed or stolen. Bleeping Computer
The Cipher Brief curates open source information from around the world that impacts national security and delivers it to your inbox M-F. Don't miss a brief. Get your daily brief by upgrading to aSubscriber+Membership today.