A SERIES OF LARGE-scale incidents of destruction, which have been occurring across Russia in recent days, are prompting speculation that the county may be experiencing a wave of attacks against its strategic infrastructure. The incidents include enormous fires at power plants, munition depots and state-owned storage facilities. The collapse of at least one railway bridge has also been reported. There are additional reports of massive wildfires raging across Siberia, which are imposing heavy demands on Russia’s emergency response infrastructure. On April 21, a massive blaze engulfed the Central Research Institute for Air and Space Defense of the Russian Defense Ministry in Tver, a city located around 120 miles northwest of Moscow. According to Associated Press, which reported the news about the fire, the institute “was involved in the development of some of the state-of-the-art Russian weapons systems, reportedly including the Iskander missile”. By next morning, at least 17 people were believed to have died as a result of the fire. Late last week, the Sakhalinskaya GRES-2 power station, a vast 120-megawatt coal-fired power plant in Russia’s far-eastern Sakhalin province, went up in flames, giving rise to persistent rumors of sabotage. On May 1, Russian state-owned news agencies reported that a railway bridge in the western province of Kursk, 70 miles from the Ukrainian border, had been destroyed. Analysts at the Washington-based Atlantic Council think tank claimed that the bridge had been used extensively by the Russian military to transport equipment to eastern Ukraine. Later on the same day, a cluster of fuel-oil tanks in Mytishchi, a mid-size city located northeast of Moscow, were completely destroyed by a fast-spreading fire. On May 2, a munitions factory in Perm, a major urban center in western Siberia, was hit by a “powerful” explosion. Ukrainian government officials hinted at sabotage in social media posts, though no proof has been provided, and the Kremlin has not commented on the matter. On the following day, the Prosveshchenie publishing house warehouse in Bogorodskoye, northeast of Moscow, was destroyed by a massive fire. The warehouse belongs to Russia’s state-owned publisher of school textbooks. The fire occurred almost simultaneously as another fire engulfed a polyethylene waste storage facility in the central Siberian city of Krasnoyarsk. Meanwhile, the sprawling forests that surround Krasnoyarsk and other Siberian urban centers are experiencing seasonal wildfires of near-unprecedented scale. Some early reports claimed that the Russian government was finding it difficult to contain these fires, because the country’s emergency response personnel has been sent to the frontlines of the war in Ukraine. But these reports were denied by Russia’s Ministry of Emergency Situations, which claimed earlier this week that the fires were mostly under control. ► Author: Joseph Fitsanakis | Updated: 09 May 2022 | Research credit: M.R. | Permalink

A NEWLY DISCOVERED CYBER-espionage group appears to target the senior leadership of private corporations involved in large-scale financial transactions, but employs skills and methods that are usually associated with state-sponsored threat actors. The group has been termed “UNC3524” by the American cybersecurity firm Mandiant, which says it discovered it in December of 2019. In a detailed blog post published earlier this week, a team of cyber-security researchers at Mandiant say they have been studying the group for over two years, and have been surprised by their findings. Given its targets, as well as the information it goes after, there is little doubt that UNC3524 is interested in financial gain. However, its operational profile differs markedly from those of other financially oriented hacker groups, according to Mandiant. Its sophisticated approach to espionage demonstrates aspects that are typically associated with government-sponsored intelligence operations. Notably, UNC3524 operatives take their time to get to know their targets, and are not in a hurry to exploit the online environments they penetrate. Mandiant reported that UNC3524 attacks can take up to 18 months to conclude. In contrast, the average financially-motivated cyber-espionage attack rarely lasts longer than three weeks. Additionally, UNC3524 operatives make a point of maintaining an extremely stealthy and low-key online profile, and have even developed a series of novel exploitation techniques, which Mandiant has termed “QuietExit”. The latter appear to focus on exploiting Internet of Things (IoT) devices that are typically found in corporate settings, but are not protected by traditional anti-virus systems. Once they penetrate the digital environment of their target, UNC3524 operatives meticulously build sophisticated back-doors into the system, and are known to return sometimes within hours after they are detected and repelled. Interestingly, UNC3524 operatives do not waste time on low-level employees of targeted corporations. Once inside, they go straight for executive-level targets, including those in corporate strategy and development, mergers and acquisitions, and even information security. Mandiant says a few other actors, notably Russian-linked groups like Cozy Bear, Fancy Bear, APT28 or APT29, are also known to operate with such high-level targets in mind. However, there is little other operational overlap between them and UNC3524, the blog post claims. ► Author: Joseph Fitsanakis | Date: 04 May 2022 | Permalink

WEST GERMAN SPIES INFILTRATED the trial of Adolf Eichmann, one of the architects of the Holocaust, in order to limit its damage on the reputation of senior West German politicians who had a Nazi past. Eichmann was the lead author of the system of mass deportation of Jews from ghettos in Nazi-occupied Europe to extermination camps, where millions of them were brutally killed. In 1960, after years of hiding, he was captured in Argentina by agents of the Mossad, Israel’s covert-action agency, and secretly transported to Israel, where he was put to trial and eventually hanged. Since 2011, new files on the West German response to Eichmann’s abduction and trial have been uncovered by the Independent Commission of Historians to Research the History of the Federal Intelligence Service, 1945-1968. The Independent Commission consists of professional historians, who have been granted near-complete access into the archives of Germany’s Federal Intelligence Service (BND). Known as Bundesnachrichtendienst, the BND conducts foreign intelligence, making it Germany’s equivalent of the United States Central Intelligence Agency. The project has been praised as a rare case of openness and transparency in historical research into the activities and operations of a still-functioning intelligence agency. Led by Professor Klaus-Dietmar Henke, the Independent Commission has published 15 volumes of research on the BND. The latest release concerns (among other things) Hans Globke, a senior official in Germany’s Nazi-era Ministry of the Interior, who was eventually appointed to the Office for Jewish Affairs. From that post, Globke helped draft the legislation, known as the Nuremberg Race Laws of 1935. These laws gave legal sanctuary to the exclusion of Germany’s Jewish population from political, commercial and other social activity. The same laws were eventually used to confiscate assets belonging to Jewish German citizens. After the war, Globke closely aligned himself with the British forces and became testified as a witness in the prosecution of senior Nazi war criminals. He rebuilt his political career, initially on the local level, and eventually as Chief of Staff to the Office of the Chancellor of West Germany. He also served as West Germany’s Secretary of State, promoting a pro-Atlanticist foreign policy that closely aligned Western Germany with the United States. According to the latest release by the Independent Commission, Globke tasked the BND with infiltrating Eichmann’s trial, in order to limit the details exposed about the Nazi government during the trial proceedings. The primary goal of the operation, according to the new information, was to prevent even the mention of Globke’s name during Eichmann’s trial. If that was not achieved, the aim was to protect Globke’s reputation and shield the public from details about his Nazi past, especially relating to the Holocaust. When asked about the revelation, a spokesperson for the BND refused to comment on it, saying only that “the draft results of the independent historical commission speak for themselves”. A spokesperson for the German federal government appeared to reject a call to withdraw a number of civilian medals and other honors that Globke was bestowed prior to his death. According to the spokesperson, German law does not have provisions for “posthumous withdrawal” of awards. ► Author: Joseph Fitsanakis | Date: 16 May 2022 | Permalink