United States/Iran/Jordan/Turkey/Israel/Germany – The Iran-backed cyber-espionage group CopyKittens has increased activities, launching attacks on governments, defence companies and academic institutions in support of Tehran’s political agenda, a report said on the 13 Aug 17. An investigative study by Israeli firm ClearSky Cybersecurity and Trend Micro called Operation Wilted Tulip traced CopyKittens’ activities to 2013, shedding light on its work patterns and possible motivations. The report revealed that CopyKittens’ activities mostly centred on espionage of strategic targets, particularly Saudi Arabia, Jordan, Turkey, Israel, Germany and the United States. The group extracted information from government organisations, academic institutions, online news sites and NGOs with the objective of gathering “as much information and data from target organisations as possible,” the report said. CopyKittens used rudimentary techniques, such as phishing, malicious e-mail attachments and, more recently, watering hole attacks to gather information. “It’s more that the methods they are using are efficient. They are getting out the data that they need to,” said Robert McArdle, director of research at Trend Micro, adding that the group’s lack of refinement makes it relatively easy to track CopyKittens’ activities compared to more sophisticated campaigns that could go on for years without being detected. McArdle said CopyKittens’ methods are of the more traditional variety, using exploits to take advantage of out-of-date systems, so if the user is missing updates or patches, an automatic infection is more likely. A lot of the group’s attacks go after the most vulnerable parts of any organisation — humans. “In any computer network security chain, the weakest link in always the human element,” said Iyad Barakat, a London-based digital analyst. “Groups more sophisticated than CopyKittens will try to target the human element in the chain, using techniques like a watering hole attack to simply extract passwords because these methods save them time, effort and usually have a higher success rate than the more sophisticated ones.” McArdle said an effective method to gain the human element’s trust is a social engineering campaign, which uses a number of psychological tricks to get the information needed to access a computer network. “Social engineering is relatively quick and easy to do in terms of setting up fake e-mail accounts or fake Facebook accounts or whichever social networking profile you are going with,” McArdle said, adding that effort is required to manage these resources and accounts. Social engineering can’t be stopped with traditional protection methods, said David Emm, principal security researcher at Kaspersky Lab. “Social engineering works and even if businesses have the right protection, without the right staff education they can fall victim,” Emm said. “Awareness is low in the Middle East as generally Western businesses have had longer to grapple with such issues.” One effective trick that CopyKittens used, McArdle said, is reaching important targets through other compromised accounts. Once CopyKittens gained access to an e-mail account in an organisation, it would not immediately try to take over higher-level targets in the company but log on and wait for a natural conversation to start between the person whose account it controls and the target. It might then reply to an e-mail thread, saying: “You might want to open this link.” During the Gulf Information Security Expo and Conference in May in Dubai, experts urged for more cybersecurity cooperation between countries in the Gulf Cooperation Council. The Middle East cyber-security market is projected to grow to $22.14 billion by 2022, with Saudi Arabia expected to contribute the largest share.
CopyKittens is an espionage group that has been attacking Israeli targets since at least August 2014. Among the targets are high ranking diplomats at Israel’s Ministry of Foreign Affairs and well-known Israeli academic researchers specializing in Middle East Studies. Matryoshka is the name we gave the malware built by CopyKittens. It is a multi-stage framework, with each part integrates into the subsequent one. CopyKittens assembled Matryoshka from code snippets picked from public repositories and online forums, hence their nickname. Matryoshka is spread through spear phishing with a document attached to it. The document has either a malicious macro that the victim is asked to enable, or an embedded executable the victim is asked to open. DNS requests and answers are used for command and control communication and for data exfiltration. Based on the type of targets, delivery, and malware used – we estimate that CopyKittens are a state actor or are endorsed by one. (Read the full report: The CopyKittens attack group.)
United States/Afghanistan – The Taliban called on President Donald Trump on the 14 Aug 17 to review the strategy for the war in Afghanistan and to hold peaceful dialogue directly with Afghans instead of engaging "corrupt" politicians. Written in a tone of negotiation, the Taliban asked Trump to study the "historical mistakes" of his predecessors and to withdraw troops from Afghanistan completely. The letter urged the US to interact with Afghans "generously" instead of imposing war. "It seems to be a historical mistake on part of the previous administrations to have dispatched American youth for the slaughter of Afghans. However, as a responsible American president, you need to study the mistakes of your predecessors and prevent death and injury to American forces in Afghanistan," it said. "American youth are not born to be killed in the deserts and mountains of Afghanistan in order to establish the writ of thieves and corrupt officials and neither would their parents approve of them killing civilians in Afghanistan," the letter said. The Taliban also accused Afghan politicians and generals of protracting the war and occupation for personal gain. "A number of warmongering congressmen and generals in Afghanistan are pressing you to protract the war in Afghanistan because they seek to preserve their military privileges, but instead you must act responsibly as the fate of many Americans and Afghans alike is tied to this issue." Afghanistan's interior ministry declined to comment when contacted. In a press conference on the 13 Aug 17 US Defence Secretary James Mattis said all options for Afghanistan remained on the table, and a full withdrawal of troops is one of them. Trump has yet to announce a strategy for Afghanistan, but Mattis said one is "very, very close". Possible plans include sending thousands more troops into the nearly 16-year conflict, or taking the opposite tack and pulling out, leaving private military contractors to help the Afghans oversee the fragile security situation. Erik Prince, founder of the private security company Blackwater, has offered his private military force for Afghanistan, proposing a two-year plan in which American troops - aside from a handful of special forces - would be replaced by his army of about 5,500 contractors who would train Afghan soldiers and join them in the fight against the Taliban. However, the Taliban said privatising the war effort would be a grave mistake. If the war can't be won with "professional US and NATO troops ... you shall never be able to win it with mercenaries, notorious contractor firms, and immoral stooges", the Taliban letter said.
United States/United Kingdom/France/al-Qaeda – Propagandists for al-Qaeda have urged their followers in the West to commit mass murder by derailing 'vulnerable' trains with a homemade tool it was reported on the 15 Aug 17. The Islamist terror group laid out its plan in an article titled 'Train Derail Operations', which was published in the latest issue of its magazine Inspire. Would-be murderers are told: 'It is time we instil fear and make them impose strict security measure to trains as they did with their Air [sic] transportation.' The elaborate 19-page tutorial uses the United States as an example target but stresses that the UK and France also have long stretches of unguarded railways. In the article, the author explains that the motivation for targeting trains is so that Islamist terrorists might 'continue to bleed the American economy to more losses, increase the psychological warfare and make it worry, fear and weaken much more'. An official US body is also cited after it highlighted more than 100,000 miles of vulnerable American railways and worries over hazardous materials being transported along them. Included in the lengthy guide are step-by-step instructions on how to create a 'homemade derail tool' and where best to position it to cause maximum damage. Followers of the group - al-Qaeda in the Arabian Peninsula - are urged to study schedules and time the deployment of their obstacles to match certain trains. They even included a map of US railways and highlighted busy passenger routes. Because it would not require the 'martyrdom' of the attacker, the Inspire article stresses that a single follower could derail several trains in repeated attacks. The magazine also warns Muslims in the West to reject 'the message of solidarity' from political parties or other groups - and even from a 'kind neighbour or a nice co-worker'. It adds: 'The West will eventually turn against its Muslim citizens'. Just hours after the publication of the magazine online, the New York Police Department's counter-terrorism department responded on Twitter. They said they were already aware of the threats from al-Qaeda before they released the issue and stressed that their 'robust' defence apparatus was designed to protect railways. In 2004, terrorists linked with al-Qaeda murdered 191 in Madrid, Spain after planting ten bombs on commuter trains.
United States/Kashmir/Hizbul Mujahideen – The United States has designated Hizbul Mujahideen, the largest armed group in Indian-administered Kashmir, as a "foreign terrorist" organisation, imposing sanctions on it including the freezing of assets it may hold in the US. The US Department of State said in a statement on the 16 Aug 17 that Washington is seeking to deny the group "the resources it needs to carry out terrorist attacks". "Terrorism designations expose and isolate organisations and individuals, and deny them access to the US financial system. Moreover, designations can assist the law enforcement activities of US agencies and other governments." Hizbul Mujahideen is the largest indigenous armed group fighting against Indian rule in the Himalayan territory since an armed rebellion broke out in 1989. In Jun 17 the US had also designated as "terrorist" the group's leader Syed Salahuddin, also known as Mohammad Yusuf Shah. In Jul 16 the killing of Hizbul Mujahideen leader Burwan Wani sparked months of anti-India protests in which scores of people died. Kashmir has been divided between India and Pakistan since the end of British rule in 1947. Both claim the disputed territory in its entirety. Several armed rebel groups are fighting against Indian rule in Kashmir, with tens of thousands of people, most of them civilians, killed in the nearly three decades-old conflict. Anti-India sentiment runs deep in Kashmir's predominantly Muslim population, and most people support the fighters' cause against Indian rule. Nearly 70,000 people have been killed in the uprising and the ensuing Indian military crackdown. In recent years, Kashmiris, mainly young people, have displayed open solidarity with anti-Indian fighters and sought to protect them by engaging troops in street clashes during military operations. The anti-India protests and clashes have persisted despite the Indian army chief warning recently that "tough action" would be taken against stone throwers during counter attacks. India accuses Pakistan of arming and training the fighters, which Pakistan denies.
United States/Venezuela/Cuba/Russia/Iran/Hezbollah – CIA director Mike Pompeo warned that Iran and Hezbollah’s growing presence in Venezuela poses a serious threat to the United States it was reported on the 18 Aug 17. In an interview with Fox News Sunday, Pompeo observed that the chaos in Venezuela has the potential to negatively impact the U.S.“The Cubans are there; the Russians are there, the Iranians, Hezbollah are there.” He continued, “This is something that has a risk of getting to a very, very bad place, so America needs to take this very seriously.” Hezbollah has used Latin America as a base for its terror-financing network for years, and long benefited from Caracas’s fragile institutions and rampant corruption. Venezuela’s government has facilitated economic and logistical operations for the Iranian terror proxy through money laundering and other illicit activities, making the once-prosperous nation a haven and operating base for Islamic extremist groups. Meanwhile, the Venezuelan regime continues to expand its connections with Hezbollah. Earlier this year, Tareck El Aissami was appointed by President Nicolas Maduro as vice president. American intelligence officials believe that he has close ties with Iran, Syria, and Hezbollah. Venezuela and Iran have developed a strategic partnership and both share anti-American sentiments. For Iran and Hezbollah, maintaining a presence in Latin America is critical for continuing their regional operations. For Maduro, Iran is a key ally that would help in his regime’s survival. According to a 2016 report by The Washington Institute, Iran and Hezbollah continue to be “hyperactive” in the region. While Hezbollah operates terror cells in well-known hotspots such as the Tri-Border Area, its logistics, financing, and planning efforts are also ongoing elsewhere. Last week, Iranian Parliament speaker Ali Larijani announced that an Iran-LatAm joint work group has been formed to enhance economic and political cooperation between Tehran and Latin America. Iranian intelligence has been operating in Latin America since at least the 1980s, soon followed by Hezbollah. The networks these two established helped carry out the 1994 bombing of the AMIA, a Jewish community centre in Buenos Aires.
This article is published courtesy of The Tower
United States/Australia – The US has ordered a review of security on cargo flights amid fears that they could be targeted by terrorists it was reported on the 28 Aug 17. Fears that the flights could be vulnerable were heightened last month after the Australian authorities foiled attempts by the Islamic State to bring down an aircraft. The plot entailed shipping the components for a bomb from Turkey to Australia on a commercial cargo flight before assembling the device and placing it on a passenger aircraft. According to CNN, this has triggered a review of cargo security by the Transportation Security Administration. The review is the latest move to head off potential terrorist threats to aviation by the US authorities. In Mar 17 passengers from 10 Middle Eastern and North African airports were banned from bringing laptops and tablet devices into the cabin. At one point the US was looking to extend the restrictions to European airports, but backed down following resistance from the EU. In Jul 17 the ban portable electronic devices was lifted after the airports involved tightened up security. In November 2010 a bomb was found on a UPS flight at East Midlands Airport by Leicestershire police officers. The device, which was timed to detonate over the US eastern seaboard, was disguised as an ink cartridge, It was discovered following a tip-off from Saudi intelligence. A second device was found in Yemen and both bombs were thought to have been put together by al-Q'aeda. The discoveries led the UK to step up screening of air freight sent to the UK from high-risk countries. Details of the review were not disclosed by the TSA. In a statement, the TSA said it was "raise the baseline on transportation security domestically and internationally and cargo security is a part of that effort." "While there is no specific or credible terrorist threat to the US, we're working closely with our partners in law enforcement and the shipping industry to ensure our nation's ports and cargo facilities are secure," the statement said. "Intelligence is one of our best tools to protect Americans from attacks. Every day, with our colleagues in the intelligence community, we evaluate and re-evaluate intelligence to ensure we're doing everything in our power to address all threats to transportation security."