Report for Wednesday, March 29, 2023
Wednesday, March 29, 2023
REGISTER NOW for this afternoon's Cyber Initiatives Group virtual 2023 Spring Summit.
The Cipher Brief curates open source information from around the world that impacts national security. Here's a look at today's headlines, broken down by region of the world:
In the Americas
U.S. Halts Sharing of Data on Nuclear Forces With Russia. The U.S. has ceased sharing key data on its strategic nuclear forces with Russia over Moscow’s decision to suspend participation in the New START nuclear arms control treaty. U.S. officials said Washington offered to continue sharing the information – which includes the number of bombers, missiles and nuclear warheads deployed at U.S. bases – but said it would withhold such data after Moscow indicated it also would not provide information on its own forces. The ending of this data exchange is the first reported response by the U.S. to Russia’s decision to step back from the New START treaty. U.S. officials said the action was needed to show Moscow the costs to ending participation in a bid to get it to rejoin, though critics warn it could end up weakening the arms control arrangement. Russia first suspended participation in the accord in February after the U.S. accused Russia of violating the treaty by blocking American inspectors from Russian nuclear sites. Politico Reuters Wall Street Journal
U.S. Boosting Munitions Production, Seeks to Sextuple Output of 155mm Shells in Five Years. U.S. Army Undersecretary Gabe Camarillo said Tuesday that the Pentagon will spend $1.45 billion to improve production facilities in order to double the monthly production of 155mm artillery shells to 24,000 by the end of the year and increase it sixfold within five years. He added that the U.S. will also spend another $349 million to boost the production of Javelin anti-tank missiles and is committing further funds to increase production of Guided Multiple Launch Rocket Systems (GMLRS). The investments are part of a 15-year, $18 billion plan to upgrade and modernize U.S. defense facilities. The planned boost to munitions production is aimed at fulfilling both U.S. defense needs and those of Ukraine amid Russia’s invasion. Defense One
U.S. Air Force Admits Lockheed Hypersonic Missile Test Failure. The U.S. Air Force has admitted that a recent hypersonic missile test by Lockheed Martin failed, marking a setback in U.S. efforts in the global hypersonic arms race. Sources familiar with the test, which was conducted on March 13, said the Lockheed Martin-built prototype of the hypersonic Air-launched Rapid Response System Weapon (ARRW) suffered systems failures in transmitting in-flight performance data. The Air Force initially made no mention of the test’s failure, saying that it had “met several objectives.” However, on Tuesday, Air Force Secretary Frank Kendall confirmed the test “was not a success” and that the service “did not get the data we needed.” He said that the service is still investigating the test failure and will “revisit” the ARRW program next year. He also added that due to these issues with the ARRW, the Air Force is “more committed’ to developing its more mature scramjet-powered Hypersonic Attack Cruise Missile (HACM). The Air Force’s 2024 budget request does not include funds to actually buy any hypersonic missiles and only commits money to further research and development, amounting to $150 million for the ARRW program and $380 million for HACM. DefenseNews Defense One
Elon Musk, Tech Leaders Call for Pause to Advanced AI Development. Elon Musk and artificial intelligence (AI) experts and industry leaders wrote an open letter that calls for a six-month pause to the development of AI-driven systems that are more powerful than OpenAI’s GPT-4 generative AI program. The letter, which was issued by the non-profit Future of Life Institute and signed by over 1,000 people, calls for the pause until shared safety regulations are designed and implemented to manage the development of advanced AI. The letter warns that without such regulations, human-competitive AI will potentially cause grave economic and political disruptions. The letter comes amid mounting concerns over the possible malicious use of AI in disinformation and cybercrime campaigns. Reuters WIRED
Peruvian Prosecutors Investigating President, Ex-President for Money Laundering. Peruvian prosecutors announced on Tuesday via Twitter that they are investigating current President Dina Boluarte and former president Pedro Castillo for allegedly laundering money as part of a criminal enterprise. The probe is part of an ongoing investigation into alleged finance crimes committed during Peru’s 2021 presidential election. Castillo was removed from office in December after he attempted to dissolve Congress to evade an impeachment vote. Boluarte assumed the presidency in the wake of his removal and arrest. Boluarte is separately under investigation for her alleged role in the deaths of protesters killed by security forces in the months after she took office. Reuters
Western Europe
Sweden Summons Russian Ambassador Over ‘Legitimate Target’ Threat. Sweden’s foreign ministry said it is summoning Russia’s ambassador to Stockholm over his statement that if Nordic countries join NATO, it will make them “a legitimate target for Russian retaliatory measures, including those of a military nature.” The ministry said it is summoning the Russian envoy to protest his “attempt at interference” in Sweden’s NATO membership bid. The Russian ambassador’s statement came after Hungary approved Finland’s NATO application, which brings Helsinki one step closer to joining the alliance. Deutsche Welle Reuters RFE/RL
Greece Foils Attack Targeting Jews and Israelis. Greek authorities revealed that they uncovered an alleged attack on Jewish and Israeli targets in Greece. The Greek police antiterrorist division and Greek intelligence services announced that they had arrested two Pakistani individuals and dismantled a terrorist network connected to the attacks. The exact location of the attacks was not given, but authorities revealed the target was a place of “high symbolism,” with another person familiar saying a Jewish restaurant was a target. Israel’s foreign minister has since blamed the attempted attack on Iran. Wall Street Journal
Central and Eastern Europe
Zelensky Says Bakhmut Loss Would Let Russia Push for Unfavorable Deal. On Wednesday, Ukrainian President Volodymyr Zelensky said Ukrainian forces must hold on to the front-line city of Bakhmut, as a loss would provide Russia’s leader with greater leverage to negotiate a peace deal that is unfavorable to Ukraine. The warning comes after a statement from US Secretary of State Antony Blinken on Tuesday that calls for a cease-fire by Russian and China could be a “very cynical trap”. Blinken said a cease-fire in Ukraine could freeze the conflict where things stand, allowing Russia to consolidate the territory it has illegally seized and “use the time to rest and refit and then reattack.” Zelensky predicted that the pressure from a defeat in Bakhmut would come quickly — both from the international community and within his own country. “Our society will feel tired,” he said. “Our society will push me to compromise with them.” Associated Press Washington Post
Explosions Rock Russian-Occupied Ukrainian City of Melitopol. More explosions hit the Russian-occupied city of Melitopol in southern Ukraine on Wednesday. Local pro-Russian officials report that the latest blasts hit a train depot and part of the power grid of the city, and that there were no casualties in the attacks. The explosions came a day after a similar blast hit a university in the city that has been converted into a military barracks and administrative center. Ukraine has not commented on the blasts, though Melitopol has been a primary target for sabotage attacks in the past. New York Times Reuters
IAEA Chief Visits Zaporizhzhia Nuclear Plant. IAEA director general Rafael Mariano Grossi arrived at the Russian-occupied Zaporizhzhia nuclear power plant in southern Ukraine on Wednesday. Grossi said he is visiting the plant to assess conditions at the facility and discuss the presence of IAEA inspectors at the plant. The plant has been shelled several times since Russian forces seized it last March, and an anticipated Ukrainian counteroffensive in the region in the near future is raising concerns that fighting near the facility will intensify. Ukraine says Russia is refusing to establish a safety zone around the plant since doing so would probably involve their withdrawal. Grossi said he is continuing to work on this matter, including by seeking international support. France 24 New York Times
Russia Begins Major Yars ICBM System Tests. Russia’s defense ministry announced Wednesday that Russia has begun exercises with its Yars intercontinental ballistic missile system. The ministry said over 3,000 military personnel will participate in the drills, which will test the missile system in three unspecified Russian regions. The Yars missile system, which replaced the Topol system, reportedly has a range of 12,000 km (7,500 miles). Analysts and military bloggers add that the Yars system can deliver multiple independently targetable nuclear warheads and can be deployed on truck carriers or in silos. Experts say the tests with the Yars system, which come after Russia said it would deploy tactical nuclear weapons to Belarus, are another bid by Moscow to show nuclear strength amid the Ukraine war. Reuters
Russian Economy Beginning to Unravel Amid Ukraine War. Economic difficulties in Russia, as a result of the conflict in Ukraine, may not be bad enough to pose a short-term threat to its ability to wage war. But yawning state revenue shortfalls may now be putting subsidies and social spending that have helped shield civilians from hardship at risk. Russian billionaire Oleg Deripaska warned this month that Russia is running out of cash. “There will be no money next year, we need foreign investors,” he said, amidst a 20% drop in value of the ruble since November and a shrinkage in the labor pool. The Cipher Brief WSJ
Asia
Defying Beijing, Taiwan President Heads to US for High Level Meetings. Taiwan President Tsai Ing-wen is heading to the US and Central America for a series of engagements that aim to strengthen ties with the West and assert her island’s autonomy, while at the same time trying to avoid moves that might ignite a crisis with China. She is set to stop in New York on her way to Guatemala and Belize, two of Taiwan’s 13 remaining diplomatic allies, and then in Los Angeles on her way back home. Trips by leaders of Taiwan to the U.S. have been fraught affairs due to the One China Policy. American and Taiwanese officials have described Tsai’s U.S. stops — the first will be in New York on Thursday — as transits rather than official visits, a practice reflecting the unofficial relationship between Taipei and Washington. On Wednesday, China threatened to retaliate if Tsai meets with U.S. House Speaker Kevin McCarthy during her stop in California next week. In response to Beijing’s threat of retaliation, the US stated that such transits by Taiwanese presidents are routine and that China should not use Tsai's trip to take any aggressive moves against Taiwan. Reuters New York Times
Myanmar Military Junta Disbands Aung San Suu Kyi’s Political Party. Myanmar’s military-appointed election commission disbanded the political party of Myanmar’s imprisoned opposition leader, Daw Aung San Suu Kyi on Tuesday night, giving another blow to the Southeast Asian country’s democracy and likely setting the stage for an election that will keep the junta in power for years to come. The party, the National League for Democracy (NLD), pledged to continue its activities despite the announcement from the election commission, stating that “The NLD is already in the hearts of the people.” Since the junta assumed power in a coup more than two years ago, it has driven NLD leaders into exile, forcing them to form an opposition government called the National Unity Government. The NUG has reportedly supported armed rebel groups against the military junta. Although the junta initially announced fresh elections would take place in August, it announced a six-month extension of the post-coup state of emergency in February, delaying the vote without providing a new date. New York Times Reuters
Riyadh Joins Shanghai Cooperation Organization, Increases Investment in China. Saudi Arabia’s cabinet approved Riyadh’s decision to join the Shanghai Cooperation Organization (SCO) on Wednesday, in yet another sign of increasing long-term cooperation between Saudi Arabia and China. The SCO is a political and security union of countries spanning much of Eurasia, including China, India and Russia, as well as India and Pakistan. The body seeks to play a counterweight to Western influence in the region. Saudi Arabia’s Dialogue partner status will be a first step within the SCO before granting the kingdom full membership. The decision followed an announcement by Saudi Aramco that it is raising its multi-billion dollar investment in China by finalizing a planned joint venture in northeast China and acquiring a stake in a privately controlled petrochemical group. Reuters
Middle East and Northern Africa
Russia Providing Iran with Advanced Surveillance Software as Military Cooperation Increases. Moscow is helping Tehran gain advanced digital-surveillance capabilities as Iran seeks deeper cooperation on cyberwarfare, further developing their long-standing cooperation. Although both Russia and Iran both have sophisticated cyber capabilities and have long collaborated with each other, that cooperation has, until now, focused mostly on cyber-defense networks. Moscow has reportedly resisted sharing digital-offensive capabilities with Iran in the past due to fears that they would end up being sold on the dark web. But since the start of the war in Ukraine, Russia has reportedly provided Tehran with communication-surveillance capabilities as well as eavesdropping devices, advanced photography devices, and lie detectors. Experts also suspect that Moscow has likely already shared more advanced software with Iran that would allow it to hack the phones and systems of dissidents and adversaries. The cooperation also extends beyond direct military relationships. According to Citizen Lab, a University of Toronto-based research center, Russia’s PROTEI Ltd, which has contracts with the Russian Ministry of Defense, has also begun providing internet-censorship software to Iranian mobile-services provider Ariantel. Wall Street Journal
Israel Launches Spy Satellite, Overseen by Sacked Defense Minister. Israel launched a new version of its Ofek spy satellite into orbit on Wednesday. The Israeli defense ministry said the domestically-produced satellite will provide around-the-clock regional monitoring, likely referring to surveillance of Iranian activities. In a surprise development, Israeli Defense Minister Yoav Gallant oversaw the satellite launch. His participation signals that he will be staying in his position despite being dismissed by Israeli Prime Minister Benjamin Netanyahu after voicing opposition to his planned judicial reforms. Reuters
Sub Saharan Africa
Anti-Government Protests Hit Kenya for Second Week. On Monday, thousands of anti-government protesters marched in the streets of Nairobi for the second week, defying police declarations that the protests are illegal. Opposition leader and former Prime Minister Raila Odinga, who lost to President William Ruto in last August’s elections, has called for rallies every Monday and Thursday to pressure the government to take action against the high cost of basic staples. Odinga and his party, Azimio la Umoja–One Kenya Coalition, are also calling for President Ruto’s resignation, saying he was not validly elected in the election. Tensions between the security services and civil society are increasing; civil society groups have expressed concern over police declaring Monday’s protests illegal and have urged authorities to uphold people’s constitutional right to peaceful demonstrations. Reuters Washington Post
Cyber & Tech
Mandiant Exposes New North Korean Hacking Group APT43. Google’s Mandiant has identified a new North Korean hacking group, which it is calling APT43. According to Mandiant’s report on the group, APT43 is behind phishing attacks that fake journalist personas and LinkedIn accounts to steal credentials for espionage and cybercrime campaigns. Mandiant adds that it has high confidence that APT43 is backed by North Korea’s foreign intelligence service and has been gathering information, based on Pyongyang’s priorities, on various targets from the U.S., Europe, Japan and South Korea over the past five years. The report also highlights that APT43 has developed a unique set of malware. It also says the group is financially self-sufficient, relying on cryptocurrency theft, as well as the novel renting of cloud-based power for crypto mining. BleepingComputer CyberScoop
NSA Cyber Chief Describes TikTok as Chinese ‘Trojan Horse.’ NSA head Rob Joyce called TikTok China’s “Trojan horse,” which poses a long-term, strategic cybersecurity concern. The video sharing app presented a long-term threat, rather than an imminent, “tactical” threat. “Why would you bring the Trojan horse inside the fortress?” Joyce said at the Silverado Accelerator Conference in Napa, California. “Why would you bring that capability into the US when the Chinese could manipulate the data we see to either include the things they want to present to our population — divisive material — or remove the things that paint them in a bad light, which they would not like to be exposed to the American people?” US lawmakers grilled the app’s CEO last week amidst concerns of surveillance and influence from Beijing, as well as talk about banning the app in the US. Bloomberg
Russian Facial Recognitions Systems Suppress Domestic Dissent. A Reuters review of more than 2,000 court cases in Moscow reveals that cameras, using facial recognition technology, have played a principal role in the arrests of hundreds of protesters. Most of those reported cases stem from anti-government demonstrations in 2021 but have raised questions about the extent of their current use. The city, in 2017, launched one of the largest facial recognition video surveillance networks in the world, deploying some 160,000 cameras across the city, with thousands connected to a facial recognition system. Reuters
Latitude Financial Data Breach Estimate Surges to 14 Million Customers. The Australian consumer credit business announced that it believes that data from 14 million customers was stolen in a cyberattack earlier this month. Originally, the company estimated that only around 330,000 customers had been impacted by the data theft. Latitude did not reveal who was responsible for the attack, but did say that they were contacting all current and former customers who have been impacted. The Record
Huawei Claims Building Chip Design Tools to Replace U.S. Technology. Chinese technology giant Huawei says it has developed electronic design automation (EDA) software and chip design tools required to make semiconductors at 14 nanometers and above. Huawei’s rotating chairman Eric Xu said the company jointly developed the tools with other Chinese firms and hopes to verify them. If true, China has succeeded in building vital indigenous chip design tools needed to lessen dependence on U.S. technology and lessen the impact of U.S. sanctions targeting the Chinese semiconductor industry. Bloomberg CNBC
Commercial Spyware Targeted 50 U.S. Government Employees Overseas. Top U.S. administration officials report that at least 50 U.S. government employees across 10 countries have had their mobile devices hacked by commercial spyware. The figure, which officials say is higher than expected, is likely to increase as investigations into surveillance of U.S. government employees continues. The revelation of the number of targeted personnel follows President Joe Biden’s move to sign an executive order that bans U.S. federal agencies from using commercial spyware deemed a threat to national security and human rights. CNN Washington Post
French National Assembly Website Targeted by Russian Hackers. The pro-Russian hacker group NoName057(16) has claimed responsibility for a cyberattack that brought down the website of France’s National Assembly on Monday. According to the group, the hack was in response to Macron’s continued support of “Ukrainian neo-nazis” while ignoring his own people. The group has also been linked to attacks on Polish airport and government websites, as well as Denmark, the Czech Republic, and Lithuania. Politico
Digital Security Leaders Urge “Cyber Branch” for U.S. Military. The Military Cyber Professional Association, a national association of current and former military digital security leaders, released a statement earlier this week urging US lawmakers to establish a US Cyber Force as part of this year’s defense policy bill. This comes as digital threats from foreign adversaries continue to grow, and allies also establish cyber wings of their militaries. The Record
Air Force Preparing for CCA Drone Operations. The United States Air Force announced the upcoming R&D of an unmanned “collaborative combat aircraft” that will be able to operate with manned fighter jets, as well as independently when needed. The Air Force is expected to spend more than $6 billion on researching and developing the product and other related products over the next five years. Defense Scoop
CISA Seeing Early Success in Pre-Ransomware Alert Program. CISA’s Joint Cyber Defense Collaborative says it is seeing promising results from early tests of its pre-ransomware alert initiative. The JCDC said the program – which pulls from tips from cybersecurity experts, infrastructure providers and threat intelligence firms to flag early-stage ransomware activity – has successfully notified 60 critical infrastructure entities of potential ransomware intrusions since the beginning of the year, allowing many of them to address potential breaches. CISA hopes to build out the program into a wider ransomware and cyber threat alert system to preempt full-on cyberattacks. Cybersecurity Drive
Louisiana Colleges Restoring Systems after Compromise Indicators. Five Louisiana colleges are restoring their network systems after state police found evidence that they had been compromised. The Louisiana State Police Cyber Crime Unit discovered the breach, and notified the universities who are now working with the Governor’s Office of Homeland Security and Emergency Preparedness in addition to the state police to resolve the issue. This comes a few weeks after Southeastern Louisiana University experienced a cyberattack that forced closure of its network. The extent of the damage and the identity of who was behind the attacks are currently unknown. The Record
Read deeply-experienced, expert-driven national security news, analysis and opinion inThe Cipher Brief