Search dyami insights

Date: 26/4/2024 Where: China, Europe, North America, Asia-Pacific Who’s involved: State and non-state Chinese threat actors Various international governments and businesses What happened? Chinese threat actors, both those linked to the government, as well as various criminal entities, have been increasing in activity, with numerous cyber campaigns being exposed since the end of 2023. On April 19th, China formally announced the formation of its Information Support Force, effectively a cyber operations branch of its military. On April 18th, the director of the US Federal Bureau of Investigation issued a warning that Chinese hackers were a major risk to national security. The emphasis of the warning was on the risk to critical infrastructure. The warning claimed to be pointed at both criminal and government threat actors. On April 20th, German media investigations by Der Spiegel and ZDF announced that sensitive data on various intellectual properties and trade secrets had been stolen from Volkswagen via malicious access to the company’s networks between 2010 and 2015. On April 11th, BackBerry Threat Intelligence researchers found evidence of a renewed Chinese deployment of its LightSpy spyware throughout Southern and Southeast Asia, including India and Singapore. On March 26th, New Zealand’s Government Communications Security Bureau announced that it had found a Chinese Advanced Persistent Threat Actor present in parliamentary networks as far back as August 2021. Analysis: The threat to critical infrastructure has escalated, with China positioning its cyber capabilities to potentially disrupt critical systems in geopolitical adversaries, especially the United States. The CISA, along with other U.S. and international cybersecurity bodies, has identified and issued warnings about Chinese state-sponsored actors, such as Volt Typhoon, which have compromised systems across multiple critical infrastructure sectors including communications, energy, and water systems​. Many of these revelations have been coming out in the past several weeks. This correlates with promises of increased cooperation from The Philippines and Japan with the US, as well as a recently decided US aid package to Taiwan. The LightSpy Spyware was prominently used on Hong Kong activists in 2020. The latest version discovered by Blackberry was shown to be capable of stealing files and data from apps broadly considered safe, such as Telegram and the iCloud Keychain, as well as web browser history from Safari and Google Chrome. This data includes contacts, text messages, location data, and sound recordings. In February, a massive data leak from Chinese government and military contractor, I-Soon, showed that the company had been hired to compromise targets within at least 14 different governments. I-Soon was also contracted to spy on Chinese Universities,  political organizations in Hong Kong, and offices of NATO. There is an evident strategic shift in Chinese cyber activities, with a growing focus on positioning for potentially disruptive actions against global targets. This evolution reflects both a response to international cybersecurity defenses and an alignment with China’s broader geopolitical strategies, such as those seen in the South China Sea and Taiwan tensions​ Economic difficulties within China, including impacts from the COVID pandemic and internal financial strains, are likely influencing a ramp-up in cyber espionage activities as a means to quickly gather valuable foreign technologies and intelligence that could bolster domestic industries​. Conclusion: Chinese cyber operations have intensified. The recent formation of China's Information Support Force marks a significant formalization of its cyber capabilities, reflecting a deep commitment to integrating cyber operations within its national defense strategy. Concurrently, global incidents—from the infiltration of Volkswagen’s networks to the targeting of Southeast Asian entities with advanced spyware—demonstrate the operational reach and sophistication of Chinese cyber activities. These developments have not only heightened tensions but have also prompted a stronger international response, with increased cybersecurity cooperation among China's geopolitical rivals and heightened alerts about the threats to critical infrastructure. The revelations from the I-Soon leak further complicate the landscape, exposing the depth and breadth of China's targeting, which includes government, corporate, and even academic spheres. However, it’s important to recognize that the actions taken by China’s neighbors and economic rivals  in response to these revelations may have a spiraling effect. As more campaigns get uncovered, the risk of penalties to China increases, further incentivizing nefarious activities to maintain a competitive edge in the intelligence and economic domains.

Written by Arianna Luca While just a few years ago Ecuador was a regular stop in most tourists’ itineraries and considered to be a “haven for peace and stability in the region”, over the last couple of years an unprecedented wave of gang violence has turned the country into one of the most violent in Latin America. Ecuador’s recent surge of unrest can be traced back to different causes. A series of internal political choices, and the implementation of stricter measures and controls in the bordering countries have indirectly created a fertile ground for the growth of the drug trade, turning Ecuador into a strategic transit hub for cocaine. A critical economic situation, aggravated by the Covid-19 pandemic, has impacted marginalized communities, increasing the levels of poverty, which has brought many young people closer to criminal activities. Stricter controls and measures implemented in other countries brought a shift in criminal routes and found a fertile ground in Ecuador. In addition, the government lacks a long term strategy to control the economic crisis and current social turmoil, beyond the promise to defeat gangs. Ecuador's President Daniel Noboa has focused his approach on empowering the military, which has generated high approval among the Ecuadorian population alarmed by violence and instability, in the short-term. Extreme militarization has been a common response to security threats in the history of Latin America. However, whenever governments have responded to organized crime with violence, they have often generated a cycle of violence and repression. The examples of Mexico, Honduras, and El Salvador have shown that militarization is mostly impacting civilians, leading to violence being used against innocent citizens and for easy arrests, not improving security in the long term. Ecuador is likely to follow this path, too. Crime rates are increasing and gangs are still far from defeated, and public support is slowly going down. While the state of emergency ended last April 8, President Noboa maintained a state of “internal armed conflict”. The security situation of the country is still critical, and Ecuador's armed forces will continue carrying out joint anti-crime operations with the police. President Noboa’s government is going through a critical moment, worsened by the recent raid of the Ecuadorian police to the Mexican embassy in Ecuador, which led to a break of diplomatic ties between the two states. On April 21, 2024 the Ecuadorian population will vote in a referendum on tightening security measures, toughening prison sentences, and enshrining the use of the military for domestic security into law. The outcome will be important to understand the support for and influence of Noboa’s presidency in the country and his fight against gang-related crime and violence. The cocaine market Ecuador’s crisis is inextricably tied to the cocaine market. Historically, the country has managed to be shielded from the region’s crime and drug-related dynamics, despite its proximity to two leading producers and exporters of cocaine, Colombia and Peru. However, over time, the accumulation of different factors, internal and external, has turned Ecuador into an important actor in the drug trade. Internally, a rise of inequality and poverty in 2016, after a strong earthquake, forced the government to cut costs. Several institutions were eliminated, including the Justice Ministry, and the authorities’ control over the country fell drastically. President Correa’s administration (2007-2017) took some crime-reduction initiatives that turned out to have a counterproductive effect, like dismantling an American naval base, leaving ports poorly guarded, and the construction of mega-prisons, the expansion of which is going to be discussed in the coming referendum. This measure led to overcrowding and inmates being housed according to their gang membership, turning prisons into focal points for criminal organizations. Functioning as centers for networking between criminals, they have facilitated gang organization and the forming of alliances with other drug-trafficking organizations, like Mexican cartels and the Albanian mafia. Gang leaders started conducting their businesses from behind bars, and  have infiltrated many organs of the government. Finally, the Covid-19 pandemic left many young people jobless, making them ideal recruits for gangs surging in power and influence. External factors involved a tightening of policies and controls against drug trafficking in neighboring countries which turned transnational criminal groups to Ecuador’s poorly controlled ports. As a result, Ecuador’s precarious social and economic situation, its dollarized economy, strategic location, and poor coastline protection made Ecuador the ideal place to work as a transit point for international drug cartels. Today, 70% of the cocaine that arrives in Europe (with the main destination ports being Rotterdam and Antwerp) departs from Ecuador, capitalizing on the scarcity of port controls after Covid, and the start of conflict between Russia and Ukraine. The current spike of violence Last January, two events caught global attention. Authorities reported the prison escape of one of the most powerful narco bosses and leader of Ecuador’s leading drug-trafficking gang Los Choneros. Shortly after, members of a gang, wearing balaclavas and firing shots, took control of a television station during a live broadcast, helding members of the staff and journalists hostage. After these events Noboa declared Ecuador to be in a state of war. His announced “Phoenix Plan” to allow the government of “new Ecuador” to combat crime and violence focuses on increased power and authority to the military. As part of this plan, the government has given complete immunity to all police forces, and deployed tens of thousands members to combat the “internal armed conflict”. However, the gangs also declared war when the government announced a state of emergency, and the security forces’ aggressive actions have inspired equally aggressive responses by Ecuadorian gangs, which have escalated to kidnappings of law enforcement offices and attacks to police stations. Moreover, police repressive counter measures have been criticized by human rights groups, warning that loosening ties to the police authorization to arrest people is mostly affecting innocent civilians. It is also opening the doors to easy profiling and making arrests based on poor evidence, deteriorating the population’s democratic civil liberties, and weakening state institutions' reliability. Noboa’s strategy resembles the approach of El Salvador’s president Nayib Bukele. The Ecuadorian President’s admiration is addressed particularly at Bukele’s implementation of a massive prison model. Bukele’s campaign of mass arrests have made him domestically popular, but he was heavily criticized for the widespread human rights abuses. However, unlike El Salvador, Ecuador’s gangs exist within a network of international cartels and ex-Colombian guerrillas that are better armed, richer and more powerful than the gangs in El Salvador, and they are connected to the cocaine trade. What’s at stake One of the major long-term consequences of this widespread is the risk of deterioration of the country’s democracy. The raid of the Mexican embassy carried out by the Ecuadorian security forces last April 5 was a first instance. Ecuador’s government forced its way into the facility to arrest former Vice President Jorge Glas, who is wanted for corruption charges, and had sought refuge in the embassy since last year. Mexico has now cut diplomatic ties with Ecuador, and asked for the cancellation of Ecuador’s membership from the UN. The Community of Latin American and Caribbean states (Celac) has expressed support for Mexico, together with the Organization of American States (OAS). Moreover, Venezuela has closed its embassy in Ecuador, and Honduras has recalled its senior diplomat in Ecuador. The Colombian government denounced the actions and filed a suit with the International Commission on Human Rights. Despite the widespread criticism of his actions, President Noboa said he had no regrets over his actions. However, a possible breakdown in relations with key regional partners may have repercussions for Ecuador’s security. Strained ties with Colombia, the source country for the cocaine trade trafficked through Ecuador, could severely hinder Ecuador’s ability to monitor cocaine flows and counter the criminal networks of both countries. In the same way, a rupture with Mexico could have severe repercussions for security cooperation, considering the importance and role of Mexican drug trafficking organizations in Ecuador. For now, Mexican President López Obrador has dismissed Noboa’s invitation to meet for a talk, indicating that a meeting is unlikely going to happen in the near future. Conclusion The recent escalation of violence in Ecuador is the outcome of a crisis caused by different intertwined factors. Ecuador’s government has been fighting back, increasing the militarization of Ecuador’s law enforcement forces. However, this might not be enough to address the systemic issues that have allowed the empowering of gangs. Moreover, Noboa’s recent diplomatic crisis with Mexico has alienated key security partners of the country. There is uncertainty over the outcome of the coming referendum to tighten security measures, and Noboa now has to weigh his political moves and decisions, as they will determine his political support and the security and stability of the country.

Date: 19/04/2024 Who’s involved: Convicted terrorists that have been or are going to be released from prisons across Europe; European security services. What happened? In March 2024, the Danish government-appointed Bjelke Gruppen published a report on commission from the Danish Justice Department on the consequences of the release from prison of people who have been convicted of terrorist activities in the past decade. The Bjelke Gruppen gives recommendations in the report on how to monitor those who are released and how to prevent them from recidivism. According to the report, the coming years will see dozens of individuals who have been jailed for terrorist activities being released from several European prisons. There is a concern amongst politicians, security services and the general public that these people will return to a life of terrorism. Research groups across Europe and the United States have shown in the past years that there is little to no need for concern about recidivism by released terrorists. In 2020, the ICCT (International Centre for Counter Terrorism in the Hague) released a report similar to the Bjelke Gruppen warning politicians and security forces to not believe in the “hype” created around released terrorists. One example that has circulated in security circles and is muddying the waters is the Streatham attack in London in 2020, which was done by a released terrorist. Nevertheless, according to scientific research, the likelihood of re-engaging in terrorist activities after being released from prison is remarkably low compared to other criminals. Only between 2 and 5% of former terrorists return to their past life while most of them live quiet lives in Europe or in their country of origin. This differs radically from, for instance, sex-offenders who have a recidivism rate of 80% and higher or “ordinary” criminals who have a recidivism rate of around 40%. Deradicalization and disengagement programs have been set up by several governments in different countries, and often are compulsory or strongly suggested for convicted terrorists. These programs are credited for deradicalizing and reintegrating former terrorists in society. Analysis: Security agencies across Europe have put extra measures in place to monitor former terrorists through different electronic means and/or by deporting them to their home countries. However, beside the fact that such monitoring could be evaded, it can also upset the individual for being unjustly targeted by the government. Human rights groups also question these practices because they may infringe on the ex-convict’s rights. Terrorism is a persistent risk in Europe, and several groups or individuals from different backgrounds have planned or executed attacks in the last two decades. Some of them had been imprisoned before for terrorist activities, but most of them did not. A lot of terrorists do have a criminal record, but those crimes are mainly connected to petty crime, theft or robberies. Especially “Lone Wolf” terrorists are often on some form of watchlist for their radical beliefs but have never acted on them, which makes it hard for security agencies to stop their attacks before they happen. Conclusion: Due to recidivism concerns, security agencies are keen to monitor formerly-convicted and now-released terrorists. However, research proves that the chance of recidivism is low which means that security issues resulting from the release of these prisoners do not pose a threat. Monitoring could disway or further radicalize individuals so its effectiveness is questioned. When social workers, local police, and/or other authorities notice a person moving toward radical ideals, a de-radicalization plan will be more effective in countering future terrorist activities. De-radicalization programs, therefore, may be more effective in curbing the issue, both in prison and outside.

Date: 12/04/2024 Parties involved: Israel, Iran, United States, Iranian Islamic Revolutionary Guards Corps Quds division, Iranian proxy terrorist groups operating in Iraq, Syria, Lebanon and Yemen. Events: The killing by Israel of senior Iranian military commanders who resided in the Iranian consulate in Damascus, Syria, marks an escalation in regional tensions. Iran has vowed to respond, though the exact response remains unclear. After the attack by the terrorist organization Hamas on 07/10/2023 on Israeli soil Israel started a war in Gaza in an attempt to neutralize Hamas. Iran, who has openly backed Hamas and other pro-Palestinian and anti-Israel organizations threatened to intervene if Israel did not stop its attacks in Gaza. From that day on Iran has urged its proxy groups (Hezbollah, Houthi and Iraq-based Shia militants) to attack Israel. Attacks against Israel and Israeli interests have been coordinated by the Islamic Revolutionary Guards Corps Quds Division which is an Iranian special forces group with advisors spread out throughout the region that has the task to arm, train and support groups that serve Iranian interests. Throughout its existence the IRGC has been responsible for dozens of terrorist attacks against Israeli and American interests. Several of its commanders have been assassinated by the US and Israel. The latest bomb attack on the Iranian Consulate in Damascus killed the primary commander of the IRGC responsible for operations concerning Israel. Israel is known for killing Hezbollah and Hamas commanders and bomb makers outside of Israel. The IRGC has also been a main target for Israeli forces. But bombing the Iranian consulate in Damascus is a deviation from normal tactics and raises concerns about the Iranian response to this attack. Alerts of imminent Iranian response: US and Israeli intelligence agencies have released alerts on 12/04/2024 stating that there is a very large likelihood that Iran will execute its plan of retaliation against Israel within the next 48 hours. American government personnel have been told to not leave Tel Aviv in the coming days. Israel has put all its security forces on high alert and civilians have been warned to expect an Iranian attack. There is no clarity on what kind of attack Iran has in mind and what sort of weapons or troops are involved or if an attack is going to be on Israeli soil or somewhere else against Israeli interests. Israel has let it known that if Iran does attack, directly or indirectly, it is ready to retaliate against Iran. The Israeli Air Force (IAF) has trained extensively in how Israel will respond to an Iranian attack and it involves the use of stealth fighters like the F-35 that will circumvent Iranian air-to-air capabilities. There is the added risk of the nuclear option both countries allegedly have. It is an open secret that Israel possesses American made nuclear weapons that can be delivered by F-35 and F-15E fighter jets. Officially Iran does not yet possess nuclear weapons but it is believed it could take them only a matter of days to produce one. It is known that Iran has the delivery capabilities. Aviation alerts: Out of the two European airliners flying to Iran, Lufthansa has suspended all flights to Iran pending another decision on 13/04/2024, citing concerns over an Iranian attack on Israel. Austrian Airlines have adjusted flight times to avoid overnight stops in Iran. Other major carriers with connecting flights in Iran to North America, such Emirates’ Qatar Airways and Turkish Airlines, have so far not made any decisions on suspending flights. Iran’s new agency stated that Iran’s airspace was closed until 14/04/2024 due to military drills, but shortly after removed the message. It then denied that it had made such a claim. The IDF and Iran have picked up GPS spoofing and interference. The IDF has picked up spoofing in an attempt to ward off Iranian guided missiles or airstrikes. This has also disrupted daily operations flying over the Middle East. The foreign ministries of the US, Germany, France, the UK, India and Russia have issued warnings against traveling to Iran or Israel until further notice. Analysis and possible scenarios: It is highly likely that Iran will not be looking to engage Israel in open warfare knowing that it is at a disadvantage militarily. There is also the fact that the United States will help Israel in an open war between the two countries. It is more likely that Iran will encourage its proxies to attack Israel or that Iranian agents will attack an Israeli embassy or consulate somewhere in the world. If Iran does decide to engage in open warfare with Israel there is the likelihood that the entire region will be involved in such a conflict. Iranian proxies, the United States and other Western countries will be sucked into the war and it will force the Arab states to take a stance for or against Iran. Any open warfare will undoubtedly affect oil prices across the globe. The Middle East region is already incredibly unstable, but open warfare will most likely disrupt all forms of cargo and oil shipping in the region. It is more likely that Iran will direct a proxy group to attack Israel. Lebanese based Hezbollah and Yemen based Houthi are the most likely candidates to execute such an attack. But it is unknown how this would evolve and it is expected that Israel will be ready to engage Hezbollah in Lebanon as it will depend on the US and its allies to deter the Houthi in Yemen. Cities like Beirut and Damascus or Aleppo will not be safe from Israeli attacks. There are speculations that Iran will launch hundreds of drones and missiles at Israel in a show of force and retaliation but will refrain from further engagement. It is however unlikely that Israel will not retaliate if such an attack does happen. Conclusion: The coming 48 hours are going to be tense in Israel, the Middle East and around the world. Security forces around the globe are on standby to deal with possible attacks on Israeli embassies and consulates just as security forces in the Middle East will be ready for dealing with an Iranian or Iranian sponsored attack. Countries like the United States and organizations like the EU and the UN are putting pressure on all sides to refrain from engaging each other. It is unknown if these diplomatic discussions will have an effect on the decision making in either Iran or Israel, both countries are seemingly not willing to back down or show any sign of perceived weakness. Open war will very likely impact all forms of aviation in the Middle East as electronic warfare will disrupt avionics and anti-aircraft capabilities are on full alert and misidentification of civilian airliners by such systems could result in tragedy.

Written by Jacob Dickinson Gwadar Port Authority, Lowy Institute In March 2024, there was a surge in terrorist attacks in Pakistan against Chinese nationals working on infrastructure projects. As one of China’s closest diplomatic relationships, Pakistan is a substantial recipient of Chinese investment and military collaboration. Yet Pakistan’s persistent instability and insecurity  raises problems for sustaining investment in the country. Beijing has demanded that Pakistan protect Chinese nationals and infrastructure. What are the implications of the increase in attacks and how might they affect China-Pakistan relations? Pakistan in China’s Belt and Road Initiative The Belt and Road Initiative (BRI) was officially launched by Chinese president Xi Jinping in 2013. Intended as a vast infrastructure project to center international trade and finance around China, the scheme initially stretched far beyond the ancient Silk Road to span Latin America, Africa and Europe. By the end of 2023, a report by Griffith Asia Institute found that cumulative BRI engagement breached $1 trillion, with around $634 billion in construction contracts and $419 billion in non-financial investments. Pakistan is one of the largest receivers of BRI investment through the China-Pakistan Economic Corridor (CPEC). This multi-years project is a $62 billion infrastructure investment scheme aiming to modernize Pakistan’s infrastructure, communications and energy networks. This comes with Chinese influence over infrastructure. For instance, the Gwadar Port Authority is operated by the China Overseas Ports Holding Company which Pakistan leased in 2017 to the Chinese government until 2057. The BRI also holds geostrategic implications. According to Germany’s Strategy on China released in 2023, the BRI includes a structured framework for China’s diplomatic and geoeconomic relations. China has a long-term strategic interest in developing Pakistan's Gwadar Port Authority and CPEC. China imports up to 70% of its oil from the Middle East through the narrow Strait of Malacca which could be easily blocked to prevent oil supplies from reaching China in the event of a conflict or sanction enforcement (see Fig.1). The Gwadar Port Authority provides an alternative route for China’s oil imports through the Arabian Sea. At the annual Belt and Road Initiative forum in October 2023, Pakistan’s Prime Minister declared that more than 50 BRI projects have been constructed in Pakistan, worth over $25 billion. Yet the persistent instability in Pakistan has raised questions about the CPEC and Gwadar Port Authority’s future funding. China’s investment funding for Pakistan has slowed in recent years. At a high-level meeting on CPEC projects, China refused some of Pakistan's proposals to fund CPEC projects. Beijing cited Pakistan’s political instability and security concerns for rejecting the proposals. Rise in Terrorist Attacks in Pakistan Pakistan’s security situation has worsened considerably after the US’ chaotic withdrawal from Afghanistan in 2021 and the Taliban’s return to power. In 2023, more than 1,500 people were killed in terrorist attacks in Pakistan, a 50% increase from the previous year. Islamabad accuses the Afghanistan-based Taliban of arming terrorist groups in Pakistan. One of the groups affiliated to the Taliban, the Tehreek-e-Taliban Pakistan (TTP) has claimed responsibility for the rapid increase in suicide and terrorist attacks. This has fuelled the hostility between the Taliban and the Pakistan military, with Pakistan ordering the forced displacement of over 1.7 million Afghan refugees based in Pakistan in October 2023, resulting in widespread human rights abuses. Pakistan also bombed Pakistani Taliban targets in Afghanistan in March 2024, for the same reasons. Reports have emerged that the TTP is attempting to broaden its appeal and reach out to other armed groups. One of those groups is the Balochistan Liberation Army (BLA). Founded as a separatist movement pushing for secession from Pakistan, it has conducted several attacks in Pakistan against Chinese nationals and infrastructure since the beginning of the CPEC project. The BLA demands that China stops the CPEC deals which travel through mineral-rich Baluchistan, stating that jobs do not go to Baluchistan locals, highlighting the environmental degradation in the region. The frequency and boldness of the attacks against Chinese nationals and infrastructure by the BLA has surged since 2021. Given the acute challenges posed by the Taliban, Islamabad and China have expressed concerns over the common security threat. On March 25, Pakistani security forces reportedly killed four BLA insurgents who fired on Chinese citizens near the Gwadar Port Authority. Armed groups also attacked one of Pakistan’s naval bases, claiming that they destroyed several drones. Militants killed five Chinese nationals and a Pakistani driver after claiming responsibility for a suicide attack driving into an explosive-filled vehicle into a convoy in the north Pakistan Khyber Pakhtunkhwa province. China and Pakistan’s ‘Almost’ Alliance With so many terrorist attacks targeting Chinese infrastructure, will China gradually loosen or strengthen ties with Pakistan? The attacks by the BLA seem to be working. China’s contractors paused three hydropower projects in light of the attacks. China started a separate investigation into the terrorist cells to find those responsible for the attacks, suggesting that it does not trust Pakistan’s security services to succeed. Beijing has demanded that Pakistan does more to protect Chinese nationals. Despite the persistent attacks, the surge is unlikely to disrupt Pakistan-China relations. One Chinese diplomat compared the country’s military support to that of US-Israel by stating “Pakistan is our Israel”. China is wary of declaring official alliances, but Pakistan is probably its closest military partner. China is the leading supplier of Pakistan’s conventional weapons and higher-end offensive strikes capabilities. They conduct regular naval and military exercises together and cooperate on intelligence sharing between the Afghanistan-Pakistan border. Their close cooperation is due to their shared rivalry with India, and the emerging naval competition around the Arabian Sea. The Gwadar Port Authority is carefully monitored by regional rival India due to the shared naval cooperation and potential use of the Chinese Navy for the port. While US and India ties warm up to secure military deals, China and Pakistan see a mutually firm military relationship that can counter the emerging axis in the Indo-Pacific. Conclusion The surge in terrorist attacks against Chinese nationals in Pakistan pose challenges to the CPEC deal in the country. Pakistan’s chronic political and economic instability adds to the difficulties of maintaining substantial infrastructure projects in high-risk areas. Yet China’s policy makers have doubled down on their relationship with Pakistan to counter the US and India’s power projection in the Indo-Pacific. While Pakistan faces chronic instability, the strategic significance of CPEC to China’s will likely strengthen their relationship in the future.

Date: 4/4/2024 Where: India, Cambodia Who’s involved: Indian and Cambodian authorities Interpol and United Nations investigators Cybercriminal and scam actors linked to various criminal enterprises What happened? On March 30th, the Indian Embassy in Cambodia released a statement that it had assisted in rescuing and repatriating 250 Indian nationals who were victims of human trafficking. This rescue is part of a broader initiative by the Indian government to rescue over 5000 citizens who were lured to Cambodia for jobs, but forced into cybercrime and fraud operations targeted back at India. The United Nations Office and Drugs and Crime (UNODCS) report specifically mentions that this activity is happening in areas of “special economic zones”, lightly regulated areas where regulation differs from the rest of the country, and are largely administered by private companies from China and Cambodia. This incident is just one major operation that parallels efforts from both Interpol and the UN to combat a massively growing trend within human trafficking that’s being dubbed “cyber-slavery”. Analysis: In September 2023, The United Nations Office and Drugs and Crime (UNODC) released a report on cyber-scam operations in Laos, Myanmar, Cambodia, the Philippines, and Malaysia, highlighting the rise of digital criminality in Southeast Asia in the aftermath of COVID-19. Also in September 2023, Interpol's Operation Storm Makers II led to 281 arrests for human trafficking and other crimes across 27 countries. The investigations by Interpol also showed that victims were lured with job promises and forced into digital fraud schemes. Interpol issued an Orange Notice due to the threat's severity and spread. The UNODC report indicates a significant scale of these operations, with estimated trafficking victims reaching at least 100,000 in Cambodia alone, suggesting one of the largest trafficking operations in history. Cambodia and India’s governments are continuing the repatriation operation. It’s also not clear how many more arrests are forthcoming in Interpol’s investigation. Conclusion: The recent rescue of these 250 Indian citizens from cyber-slavery in Cambodia is only a small sample of a disturbing trend where the burgeoning cybercrime and fraud industries are increasingly supported by human trafficking. The incident, part of a larger pattern identified by UNODC and Interpol, calls for a concerted international response to address the root causes of cyber-slavery and protect vulnerable populations from this new form of exploitation. This milieu of cybercrime and human trafficking networks also indicates that greater oversight and criticism of “special economic zones” may be called for by international bodies.

Executive Summary Following up on the last two months, GPS interference has picked up around the Baltics and Black Sea. This causes aviation risks, where pilots need to be prepared thoroughly. Airport activities in Europe have been disrupted by (climate) protests. Tensions in the Middle East have increased leading to more overflight risks near the Northern and Southern Israeli border. Tensions in Ecuador have increased leading to more drug trafficking via business/private aviation. Global 1.1. Digital Interference Digital interference is possibly the most common threat pilots face at the moment. The methods of interfering have grown way past the simple GPS jamming, and are found in more places in the world. Recently the skies over Eastern Europe and the Baltic have seen a surge in interference, but reports of fictitious ATC commands is a new form of interference which deserves attention as well. 1.2. Drug trafficking Drug trafficking continues to be a relevant risk in any form of aviation, including business/private aviation. This is especially the case in Latin America and India. Whereas India has a strongly booming trafficking activity, in Latin America the established market has shown an increased interest in using business/private style aircraft for their operations. 1.3. Human trafficking Human trafficking is a lingering threat to business aviation, as the privacy over commercial aviation makes the operation easier. Other factors that come with operating business aircraft also count as a benefit to traffickers. 1.4. Wildlife trafficking Due to the increased security in common trafficking hotspots such as South Africa and Tanzania, the wildlife trafficking routes are changing. One of the new hotspots is Addis Ababa Bole Int. airport in Ethiopia. While commercial aviation is the more known method of smuggling animals, business/private aviation could benefit such operations, and should be considered as a potential method. Europe 2.1. Climate activism In Europe climate activists have a strong focus on business/private aviation. With the weather improving, protests and demonstrations are planned for many airports in Europe. Recently some actions in the Netherlands against business/private aviation were prevented by the authorities’ handling of the protestors. 2.2.  Strikes and other protests A rising trend in strikes by airport employees is seen in Europe. These strikes have so far stopped operations at 11 airports, causing the cancellation or delay of 1.100 flights. 2.3.      Digital Interference The skies over Europe have seen a surge in digital interference originating from Russia. The focus of this interference is mostly in Northern and Central Europe. 2.4. Overflight risks Ukraine is trying to work towards the partial reopening of their airspace. As the war in the country is still ongoing, this plan brings a lot of security challenges. Middle East 3.1 .     Digital interference Seemingly the epicenter of digital interference development, the Middle East has produced a collection of methods of interference. For any pilot operating in or near the region, these methods and how to counter them should be known. 3.2. Overflight Risks Together with the ongoing conflicts and unrest in the Middle East, a group of countries present overflight risks. This can range from digital interference to anti-air weapons. 3.3.     Israel - Hamas  war The war between Israel and Hamas has caused several airspace restrictions. However, now that the war is being fought out in the South of Gaza the direct threat to LLBG has reduced. On the other hand, the situation in Northern Israel has increased the risk to civilian traffic. 3.4.     Rising conflict Israel - Hezbollah The tensions between Israel and Hezbollah have been rising since the start of Israel’s war with Hamas. As the situation may escalate, any aviation in, over and near Lebanon may be at risk of accidental targeting. Asia 4.1. Overflight of Myanmar As the situation in Myanmar continues, the chances of rebel forces gaining access to serious anti-air systems through capture increases. Such a situation would instantly provide a threat to any aviation flying over or near Myanmar. 4.2.   Pilot held hostage in West Papua (Indonesia) The situation of the hostage pilot in West Papua is still not resolved. Where at the start of the year developments seemed promising, no results have been achieved yet. 4.3.    Caucasus tensions The situation in the southern caucasus is slowly improving, but tensions linger. For every step in the right direction, there seems to be high-tension moments with the risk of escalation. Africa 5.1. Overflight risks Numerous countries in Africa bring an overflight risk and different mitigating measures. Anyone operating over Africa, especially the Sahel region and parts of the horn of Africa, should be aware which country brings what risk, and how to adequately operate around these risks. 5.2.     Situation Nigeria / Niger, Burkina Faso and Mali Rising political tension between Nigeria and its northern neighbors have resulted in overflight bans being issued. The bans have been lifted, but awareness of the situation is needed for operators to be prepared for possible last minute changes in airspace authorizations. 5.3.    ATC interference near Somalia More incidents of ATC interference have been reported in the northern Mogadishu airspace, potentially caused by Somaliland. False information comes from Hargeisa, Somaliland, VHF frequency 132.5 and HF 11300. North America There were no significant events in North America in the months of February and March. South America 7.1.  Drug trafficking Drug smuggling from Ecuador to North America has picked up, because of the war between the Ecuadorian government and drug cartels. Cartels continue to use private aircraft for drug trafficking throughout the continent. Criminal organizations use old aircraft for these flights because a large number of aircraft are destroyed after only a small number of trafficking flights. Oceania There were no significant events in Oceania in the months of February and March. Forecast GPS interference will likely continue to be deployed as a military strategy by various state actors. The tensions between Israel and Hezbollah are rising, resulting in growing risks to overflights. In case of escalation, measures need to be taken such as avoiding Lebanese and (again) Israeli airspace and possibly the surrounding countries and Eastern Mediterranean. [This is the end of the light version for REBASE, for the full version, feel free to contact us]

Written by Elena De Mitri, Arianna Lucà, Mickey Beckmann, Iris de Boer, Jacob Dickinson, Kevin Heller, Sara Frisan Russia-Ukraine: While Russian forces slowly advance towards Kharkiv, airstrikes debilitate the energy infrastructure on both sides of the conflict. Israel-Hamas: As Netanyahu's government faces internal tensions, Israel claims to be in the process of neutralizing Hamas’ infrastructure. Myanmar: Myanmar’s military continues to lose control over the country, with mass displacement of civilians. Sudan: As the conflict has no end in sight, the humanitarian crisis in Sudan is worsening. China-Philippines: Dangerous collisions between Philippine and Chinese vessels ramp up tensions. Mexico: Ahead of the June elections, growing discontent with the outgoing President is spurring widespread protests across the country. Nigeria: Worsening cost of living, rising inflation, and widespread food insecurity are fuelling violence, protests and instability in Nigeria. Pakistan-Afghanistan: Heightened tensions between Pakistan and Afghanistan as cross-border attacks increase. Haiti: The protracted crisis in Haiti reached a critical point in March 2024 after an upsurge in gang violence forced Prime Minister Henry to resign. North Korea: North Korea’s Missile tests and South Korea-US military exercises persist on both sides of the demilitarized zone. Conflicts, March 2024 Russia-Ukraine After capturing Avdiivka in February, Russian forces managed to gain some small advances while Ukrainian forces focused on slowing their progress as much as possible. While movement on this front is quite slow, Russian troops are also trying to advance towards the village of Kupyansk, likely as a first step in conquering the Kharkiv Oblast. Meanwhile, airstrikes targeted main cities both in eastern and western Ukraine, such as Odesa, Kyiv, and Kharkiv, causing many casualties among civilians. In March, both Ukraine and Russia ramped up attacks on each other's energy infrastructure to hamper each other's war efforts. While previous Ukrainian attacks were focused on Russian oil refineries close to the border with Ukraine, in mid and late March 2024, Ukrainian drones managed to hit areas deep within Russian territory, such as the Samara Oblast close to the border with Kazakhstan. These attacks destabilized the Russian oil industry, the country's biggest export. Russian retaliation hit Ukraine with the most significant attack since the start of the war on the energy infrastructure all around the country. The attack managed to cut off energy supplies for more than one million civilians and forced the implementation of blackout schedules in several regions to reduce the load on the power system during the needed repairs. According to the head of the main energy firms in the country, repairs might take up to 18 months. On March 12, 2024, a coalition of three Ukrainian-backed paramilitary groups launched an incursion in the Russian regions of Kursk and Belgorod. The groups, consisting of Russian nationals opposed to Putin's regime, claimed to be still operating in Russia on March 21. While the three brigades will likely not have a big impact on Russia's stability and on Putin's regime, they managed to bring some troops back to restore Russian control over the territories they took. Israel-Hamas The war between Israel and Hamas is ongoing and is likely to continue for another few months if not more than a year. Israel claims it is close to breaking Hamas's infrastructure and neutralizing its leadership and terrorist capabilities. However, to do so, Israel could also attack the border town of Rafah in southern Gaza. Rafah has been the refuge for millions of Gazans after Israeli attacks on Gaza City, Khan Yunis, and Shifa Hospital. According to the U.N. and several NGOs, the Gazan population is almost 100% on the brink of starving and running out of medical care and medicines. Aid deliveries are ongoing but are inadequate and limited. Meanwhile, tensions between Hezbollah and Israel are growing, and there will likely be a military operation in the spring or early summer to remove Hezbollah's presence from the south of Lebanon to make sure that Israeli citizens can return safely to their homes in the north of Israel. Pressure from the U.N., U.S., and E.U. on Israel does not seem to have much effect. However, internal struggles in the Netanyahu government could collapse the coalition and make way for new elections. Following the Israeli bombing of the Iranian Consulate in Damascus on April 1, tensions between Iran and Israel are heightened. In response to the attack, which killed 7 people, including a top commander of the Islamic Revolutionary Guards Corps (IRGC), Iran declared that it will retaliate and there will be consequences for Israel. Adding to the trouble in the region are the Houthi rebels in Yemen, who are continuing to launch attacks against international merchant vessels. Although the U.S. and U.K. are responding promptly against Houthi strongholds, the Houthis do not seem to intend to cease their attacks. In late March, the Houthi managed to launch a missile at Israel that evaded all air defense systems but landed harmlessly in the desert. Myanmar Myanmar’s military government continues to lose territory along multiple fronts as alliances of ethnic minority insurgents and pro-democracy fighters challenge military rule in March. The advance of armed groups has pushed the military back considerably, with the military controlling only half of the country. Following these setbacks, the military government began a mass conscription campaign to build up its forces. Millions of civilians have fled to neighboring countries to escape enlistment. The UN has warned that the military has responded to resistance victories by stepping up attacks against civilians with its aircraft and artillery capabilities. Thailand delivered its first humanitarian aid to Myanmar on March 25 in an effort to help 20,000 displaced people fleeing the fighting. The UN states that 18.6 million people are in need of humanitarian aid. Sudan Fighting between the RSF and the SAF continued during March in Darfur, Kordofan, Khartoum, and al-Jazirah, with the SAF gaining territory in the state of Khartoum. On March 12, the SAF regained control of the state broadcast headquarters in old Omdurman and vowed to rout the RSF. The two warring parties have also carried on exercising retaliatory violence against civilians for their conflict-related allegiances in Darfur, Kordofan, and al-Jazirah. Dialogue between the RSF and the SAF seems inconclusive as they keep a hostile attitude towards each other. Nonetheless, international parties, among whom the US, is looking to reopen talks between the SAF and the RSF to ease the conflict and substantially increase the delivery of humanitarian aid. The SAF rejected calls by the UN Security Council for a truce for the month of Ramadan to let humanitarian aid inside the country, citing the failure of the RSF to comply with their commitment to leave civilian sites. As the humanitarian crisis worsens, the World Food Programme warned that it could suspend operations in Chad, where many Sudanese nationals found refuge, in April due to the severe lack of funds. In late March, the RSF rejected an agreement between the governor of Darfur and UN agencies to deliver humanitarian aid into Darfur, likely the area where the population is most impacted by the conflict. In Sudan, rising prices and food shortages are causing severe food insecurity. Mobile blackouts have also continued throughout March, further exacerbating the everyday difficulties for civilians relying on electronic cash transactions in many parts of the country. Despite recurring warnings by UNICEF and the UN about an imminent famine in Sudan, the delivery of humanitarian aid remains insufficient and often endangered by the ongoing conflict. Alerts, March 2024 China-Philippines The sovereignty dispute between China and the Philippines over the Spratly Islands continued in March 2024. A Philippines vessel based on one of the disputed Spratly Islands since the Second World War has been resupplied by the Philippine military and coast guard. The formidable and well-equipped Chinese Coast Guard (CCG) has attempted to stop Philippine resupply missions. Reports have noted several dangerous encounters, with the CCG ramming a coast guard vessel. Four Philippine Navy personnel also sustained injuries when hit by a water cannon. China’s defense ministry stated that “China has taken control measures in accordance with the law”. Following these clashes, the Chinese foreign ministry said that relations between the two countries are at a turning point, though it’s unclear how long this situation can be maintained. The Philippines has lodged several diplomatic protests against the Chinese embassy, saying that it should uphold the 2016 Court of Arbitration, stating that China’s claims to the entirety of the South China Sea have no basis in international law. US Secretary of State Antony Blinken reiterated the US commitment to defending the Philippine’s access to its territorial claims due to the 1951 mutual defense treaty. The US launched further ‘freedom of navigation’ exercises in the South China Sea, which Beijing says has threatened regional stability. Mexico On March 1, campaigning for the biggest election in Mexico's history began. Mexico is set to make history next June 2, when voters will most likely choose a woman as President. According to recent polls, the front-runner would be former Mexico City mayor and ruling party candidate Claudia Sheinbaum. However, so far, protests and election-related violence raised major concerns ahead of the upcoming elections. Massive demonstrations took place in major cities over the past few weeks after a controversial constitutional reform package advanced by President López Obrador. The reforms include the dissolution and restructuring of the National Electoral Institute (INE), an autonomous body that oversees elections. Protesters denounce this reform as a threat to Mexican democracy and are concerned about rigged and non-transparent upcoming elections. The leading presidential candidate, Sheinbaum, backed by President López Obrador, will likely pursue constitutional reforms upon election. Organized crime attacks on the upcoming elections are a significant concern for Mexico's stability and democracy. Several incidents of election-related violence have been reported since the beginning of the electoral campaign, such as political violence, attacks, and killings by criminal groups targeting local candidates. Further protests are taking place calling for action from the government over the disappearance of 43 students from Ayotzinapa in 2014. López Obrador has received criticism for the lack of success in finding the students despite his promises to do so during the 2018 election. Mexico is experiencing complex challenges which are likely to persist in following months. Rising levels of election-related violence are likely ahead of June elections. Anti-government and pro-democracy protests are expected in coming weeks. Disruption and political unrest are possible. Clashes with law enforcement and escalation of violence cannot be ruled out. Nigeria The persistent economic crisis faced by Nigeria is fuelling instability and violence in the country. Soaring inflation and the dramatic cost-of-living increase are worsening the already precarious food security situation. A large portion of the population is experiencing extreme food insecurity. In a matter of months, the cost of several basic food staples has doubled. Attacks on trucks carrying food supplies, like pasta and rice, and looting of emergency supplies have been reported. Violence over access to resources and food is rampant throughout the country. On March 3, hundreds of people looted a government warehouse in Abuja. Food shortages are spurring widespread popular dissatisfaction with President Bola Tinubu's government. The current protests in Nigeria can be traced largely to the unpopular reforms to remove fuel subsidy, implemented by Bola Tinubu after taking office in May 2023. In the wake of the recent unrest, the government has pledged to stem the deteriorating economic situation by implementing several policies to address the food insecurity crisis and increase food production without backtracking on subsidy cuts. The situation in Nigeria is unlikely to improve in the near future. The persistent crisis and food shortages will likely foment more discontent, protests, and looting in the coming months. Finally, the deepening economic crisis is likely to worsen existing security concerns in Nigeria such as crime, armed groups, and widespread corruption. Pakistan-Afghanistan Ties between Pakistan and Afghanistan strained in March after deadly cross-border attacks. On March 16, a terrorist attack on a security forces post in North Waziristan district in Pakistan resulted in seven Pakistan security personnel and six militants. On March 18, Pakistani airstrikes targeted terrorist groups in Afghanistan, killing at least five people as retaliation to the attack. The Pakistani foreign ministry announced that the attacks were targeting the Tehreek-e-Taliban Pakistan (TPP) based in Afghanistan. The Taliban spokesperson condemned the Pakistani airstrikes. On March 20, Pakistan’s security forces repelled an attack by the Balochistan Liberation Army (BLA) on the port of Gwadar, killing eight fighters. As skirmishes with the Taliban and Taliban-affiliated groups continued, Pakistan security forces decided to close the border with Afghanistan on March 24. However, on March 26, Pakistan was once again targeted by Baloch militants. The attack took place at the Turbat naval base in southwestern Pakistan, killing at least one Pakistani soldier. All five Baloch assailants were killed in retaliatory fire. Relations between Pakistan and Afghanistan have worsened in recent years as Pakistan has accused the Taliban of letting the TPP use Afghan soil to conduct attacks against Pakistan. The Afghan Taliban has denied those allegations. The Pakistani government has also expressed concerns over alleged joint attacks by the TTP and the BLA. As the March attacks by the BLA focussed on Chinese infrastructure projects in the country, it seems that the BLA tries to influence the relationship between Pakistan and China. China is one of Pakistan’s closest allies and has massively invested into the China-Pakistan Economic Corridor (CPEC). The recent cross-border attacks signal heightened tensions between Pakistan and Afghanistan, the TPP, and the BLA, making the current security situation in the border region between Pakistan and Afghanistan extremely unstable. There is a possibility for further escalation with an increase in cross-border attacks in the near future. Updates, March 2024 Haiti The protracted crisis in Haiti reached a critical point in March 2024, forcing the government to declare a state of emergency on March 3. The already precarious security situation in the country was worsened by a series of coordinated attacks by gangs targeting government buildings, police stations, and other sites of interest. Gang members broke into two of the main prisons of Port-au-Prince, freeing over 4000 inmates and seizing the capital’s International Airport. According to Jimmy “Barbecue” Cherizier, leader of the gang coalition G9 controlling over 80% of the capital, the spike in gang-related violence and the attacks were triggered by interim PM Ariel Henry’s visit to Kenya. The visit was made to sign a UN-backed multinational security deal (MSS) to help tackle the security situation in Haiti. Henry, appointed as PM after the assassination of President Moise in 2021, repeatedly delayed the elections, leading to widespread popular discontent. Gangs were calling for Henry’s resignation for months, threatening a "civil war" if the international community persisted in supporting an unelected government. Following the escalation of violence, Henry faced strong domestic and international pressure to facilitate a transition and ultimately announced his resignation on March 12. While the transitional council and interim premier's official appointment is pending, Haiti's situation remains highly volatile. On April 1, an armed attack targeting the national palace sparked panic in the capital. At least four people were killed in the clashes.. Following the recent spike in violence, leading to at least 30000 displaced people, the country is facing an unprecedented acute security and humanitarian crisis. Prolonged instability and limited access to international aid are causing food and basic goods shortages. According to the World Food Programme (WFP), over 4.97 million Haitians are currently facing severe food insecurity. The situation is still extremely unstable. Despite Henry's resignation, gang-related violence will likely remain elevated at least until the next election. Polls are expected to take place within the next two years. International community's support will be needed to address the humanitarian crisis and restore the country's stability. Nevertheless, the future of the MSS, halted by the Kenyan government on March 22, remains uncertain, and the international community has not yet agreed on its approach to the crisis in Haiti. North Korea North Korea has conducted several military exercises and ramped up its war rhetoric throughout March. After rejecting a commitment to ‘peaceful reunification’ with South Korea in January, Kim Jong Un has used threats of active warfare and missile tests to intimidate South Korea. On March 7 2024, North Korea again conducted artillery firing drills as a response to US-South Korea military training. North Korean media reported Kim Jong Un next to the artillery, supervising the troops. South Korea’s president has ruled out conciliation with the North as long as the exercises continue. Partially as a response to the threats to South Korea and Japan and to deter North Korea, the United States and South Korea have responded by expanding their combined training and trilateral drills involving Japan and sharpening their deterrence strategies built around strategic U.S. assets. The confrontational rhetoric and military exercises have added to the tensions in the demilitarized zone (DMZ). On April 2, Japan's Defense Ministry said North Korea has launched what could be a ballistic missile, which reached some 600 kilometers in distance. North Korea seems to utilize the world's focus on Russia-Ukraine to further advance its weapons to reach US targets in the Pacific Ocean. About the authors Elena de Mitri Elena is a highly motivated person with a strong interest in international security. She holds a Master's degree in International Studies from the University of Turin, where she focused on regime changes and human rights. Her research during her master's studies delved deeper into the intricacies of human rights violations, with a specific emphasis on the war in Iraq. Her academic journey also includes a Bachelor's degree in Foreign Languages and Cultures, with a focus on the MENA region and muslim societies. Additionally she pursued a Minor in Gender Studies, enhancing her understanding of the intersectionality of various issues in international contexts. During her previous traineeship at the Joint Research Centre of the European Commission she conducted research on terrorist groups, especially on jihadist groups and right-wing extremists. Arianna Lucà Arianna is a new intern at Dyami, covering the role of Research Intelligence Analyst to enrich her background knowledge in International Relations with topics involving security and conflict. She holds an MA in International Relations from Leiden University and an LLM in European Criminal Justice from Utrecht University. During her academic career, she has volunteered for different NGOs, mainly Amnesty International, and Emergency and ActionAid, embracing humanitarian and conflict security causes, and addressing issues like famine and lack of security in different regions of the world. With Dyami, she is contributing to joint publications, writing articles, and keeping up to date with key regional developments. Mickey Beckmann Mickey is currently enrolled in the master’s program Conflict Studies & Human Rights at the University of Utrecht. Motivated to make the world a safer and more accessible place, she completed a bachelor in ‘International Relations in Historical Perspective’ at Utrecht University. Her main topics of interest are radicalization, extremism, terrorism, jihadism and conflict in the Middle East. Eager to broaden her knowledge of geopolitical conflict and security, during her internship at Dyami she will actively participate in writing collaborative publications and authoring articles, with a main focus on the region North and Sub-Saharan Africa. Iris de Boer Iris works as a Global Intelligence Analyst at Dyami, leveraging her background in Human Geography. Additionally, Iris holds an MA degree in Conflict Studies and Human Rights from Utrecht University, specializing in conflict analysis, peace processes, and geopolitics. Her MA thesis delved into the securitization of the war in Ukraine by the Heads of State, Ministers of Foreign Affairs, and Ministers of Defense of the Netherlands and Poland. Within Dyami, Iris is actively involved in security risk management, travel security, and geopolitical analysis. Her enthusiasm for addressing topics in international security extends across a diverse spectrum of countries and regions. Jacob Dickinson Jacob studied Global Political Economy at Leiden University. He is passionate about international development and is looking to expand his expertise in geopolitics and crisis management. Curious about other cultures, he has traveled in Europe and Asia for both academic study and professional purposes. His expertise includes the geopolitics of oil and industrial upgrading in the electronics global value chain. He is particularly interested in the evolving political and economic relationships between China and ASEAN, and the consequences for regional development and security. Kevin Heller Kevin has over a decade of experience in the world of counter-terrorism as a consultant, trainer, and analyst. His background is in military Close Quarter Battle/Combat and Krav Maga for Military and Law Enforcement agencies. As a Global Intelligence Analyst, he writes Intel Briefs on conflict zones and terrorism. He has extensive knowledge of conflicts, politics, and other events happening in the Middle East. Kevin also has a background in Journalism and International Affairs/Conflict Studies. Sara Frisan Sara joined Dyami as a Junior Intelligence/Research Analyst post-graduate intern to deepen her passionate interest in conflict analysis and security. Sara recently completed her MA in Conflict Studies and Human Rights at Utrecht University and held an MA degree in International Sciences and Peace Studies. During her academic career, she conducted research in South America, primarily Colombia, on the dynamics of collaboration and resistance between civilians and non-state armed groups in violent settings. In her previous internship at the investigative think-tank InSight Crime, Sara developed some expertise on transnational organized crime and political-criminal alliances.

Date: 27/3/2024 Where: Peru Who’s involved: INC RANSOM, RansomEXX, Peruvian Ministry of Defense What happened? Since the night of March 24th, the RansomEXX Ransomware gang has claimed to have stolen nearly 800GB of data from the Peruvian Ministry of Defense. The following day, another ransomware group, INC Ransomware, claimed to have also successfully attacked the Ministry, specifically the Army. This claim was that a smaller amount of data (500 GB) was taken. Previews of the leaked information do seem to confirm that both groups have come into possession of personally identifiable information. Both seem to come from the same data. Analysis: If RansomEXX was the threat actor responsible for the initial attack, it would be their first ransom carried out in nearly four months. Their last claimed successful attack was in early December, against Kenya Airways. RansomEXX has been active since at least 2018 and is linked to the cybercriminal group, Gold Dupont. RansomEXX is a very sophisticated threat actor in the ransomware space. Both groups use a ransomware-as-a-service (RaaS) model, which means that the groups sell their tools to other threat actors for a cut of the ransom proceeds. Other large groups such as LockBit operate similarly. The RansomEXX and INC Ransomware groups deploy multi-extortion activities, which include stealing victim data and threatening to leak it online unless their demands are met. Their messages to victims typically involve leveraging the threat to their reputation, which is significant when dealing with a government institution. While ransomware groups primarily target sectors like education, healthcare, and industrial services due to their high dependency on continuous operations and data availability, military departments are not typically the primary focus of most ransomware campaigns. The incident has largely remained out of Peruvian news. The motivation behind targeting sensitive sectors, including potentially military departments, involves a combination of factors such as the perceived ability to pay large ransoms and the critical nature of the services they provide. There is no indication that the incident is connected to any motivation outside of a still undisclosed amount of money from the ransom. Conclusion: The simultaneous ransomware attacks on the Peruvian Ministry of Defense by INC Ransom and RansomEXX mark a notable escalation in the landscape of cyber threats against military institutions. This incident highlights the evolving brazenness of ransomware gangs, who are increasingly targeting high-value and sensitive sectors for substantial financial gains and potential geopolitical leverage. This incident not only reveals that vulnerabilities present in the private sector are also in national defense structures, and suggests a future scenario wherein nationstates can deploy more deniable assets to steal data from adversaries. The overlapping claims by both ransomware groups suggest a possible convergence or competition within the dark web’s criminal ecosystem, complicating the response strategies for affected organizations.

Date: October 2023 - September 2024 Who is involved: Ukraine, Russia, US, EU, Iran, North Korea, China In this report: What has been happening? Expectations Conclusions What has been happening? In order to get an understanding of where the war is likely going, it is important to look at the major events and factors that have happened and influenced the war in the past months. Eastern front Arguably the front that saw the most Russian successes, albeit minor ones. While the  taking of the town of Avdiivka in the Donetsk Oblast was majorly covered and presented as a key event in the war, on the bigger scale it did not make a significant difference. While Russia hoped for a major breakthrough, the Ukrainian army, Zbroini syly Ukrainy (ZSU), has managed to stabilize the lines right behind Avdiivka. Russia now seems to be focused on taking as much ground as possible before the mud season starts again in Ukraine. Russia is now focusing its attention on the Kharkiv Oblast’s town of Kupyansk, to take it and use it as a staging ground for another attempt at taking Kharkiv. Until now, Russia’s attempts have however been unsuccessful. On the other hand, Ukraine has not made any territorial gains for months, and seem to prioritize digging in and damaging their enemy as much as possible, as opposed to performing assaults and taking ground back. Attacks on energy infrastructure As announced, Ukraine has managed to ‘bring the war to Russia’. Ukrainian strikes have reached further into Russia than they have before, striking important industrial and some military targets. The refineries struck so far produce collectively around 30% of Russia’s oil output. However, not all of these refineries were put out of action. Due to these strikes, Russia has stopped its gasoline export for six months to most of its customers, such as Libya, Nigeria and Tunisia, starting in March 2024. Russia has also increased its attacks on Ukrainian energy infrastructure, military factories and ammunition depots, often employing Iranian-made drones. In March, the biggest attack since the start of the war took place and was carried out with approximately 150 drones and missiles targeting the energy infrastructure. It managed to cut off energy supplies for more than a million Ukrainians, with Kharkiv being especially affected. Emergency power outages have been implemented to reduce the load on the energy network. Airstrikes also targeted the western areas of the country, which were previously quieter. The attack temporarily cut off the main power line for the Zaporizhzhia nuclear power plant, although it was restored shortly after. Western slowness in supplying air defense systems has impacted Ukrainian ability to fend off these attacks, while the supply flow of Iranian-produced drones for Russia remains steady. Foreign support for Russia Russia has been seeking support from many countries in an effort to develop new economic and military ties and counter Western support for Ukraine. North Korea has been openly supportive of the Russian offensive in Ukraine and has supplied Russia with more than 10,000 containers of artillery shells and military equipment since the start of the conflict, in exchange for food and other types of aid. North Korean military factories are producing at full capacity to support Russian operations. Russia is also allegedly providing North Korea with fuel and technological knowledge that could expand North Korean satellite and nuclear-powered submarine capabilities. China has maintained a more ambiguous stance on the war, at times posing as a mediator and refusing to supply lethal weapons to Russia. Nonetheless, Russia has strengthened its economic cooperation with China to which it has redirected trade to lessen the impact of Western sanctions. China has benefited from cheap Russian oil and gas and has supported Russia with non-lethal weapons. Iran has been supporting Russia with UAVs and weapon systems, even opening a factory of Iranian drones in the Russian region of Tatarstan and offering newly developed models to its army in January 2024. Reportedly, Iran is also considering transferring ballistic missiles and related technology but the deal is not yet definitive. Foreign support for Ukraine Western support for Ukraine is currently vacillating. The US government has struggled with approving new bills to aid Ukraine as the Republican Party has been opposing government bills both in the Senate and the House of Representatives, of which it retains majority. This has been the case with especially a $60 billion aid bill that has been stuck since August 2023. This has further strained Ukraine’s situation, as military aid has been delivered too late according to Ukrainian needs and has complicated the situation on the battlefield. The European Union has started stepping up its support to Ukraine to try to fill the gap left by the US, with some difficulties. At the beginning of February, the EU managed to approve a €50 billion financial support package for Ukraine after overcoming Hungarian opposition. European countries have also stepped up military aid and agreed on a €5 billion fund for a collective boost to military aid. Moreover, the European Commission is elaborating a plan to use the interests earned by Russian frozen assets to fund the purchase of military equipment to support Ukraine. On the other side, European economic ties with Ukraine have sparked rage among farmers in many countries, especially Poland. Polish farmers, challenged by cheap Ukrainian imports, repeatedly blocked the border with Ukraine to demand a stop to these imports. Crimea The Crimean peninsula has become a hotspot for military activity. The island houses the Russian Black Sea fleet and the Kerch bridge, which connects it to Russia, and it is in range of Ukrainian systems. From Special Forces raids to complex airstrikes, Crimea has seen some of the most successful actions in the past months. These included targeting and destroying ships in port and striking officers quarters and military leadership buildings. Crimea is one of the two supply routes for Russian troops near Kherson and those stationed in Crimea itself. All of these supplies transfer over the Kerch bridge, explaining why it is a priority target. Ukraine hit and damaged the bridge a couple of times during the war, but until now it has not fully destroyed it. If successful in this task, it would force Russia to supply its entire Southern front and Crimea itself through the territories it occupies in Ukraine. As the most effective way for Russia is railroad supply, this would put the continuity of these supplies at great risk. Russian volunteers fighting Russia Reminiscent of last year, another incursion into Russia is (at the time of writing) occurring, performed once again by Russian nationals. The timing of these incursions, which started on 12 March, was likely due to the upcoming elections, in order to contrast the image of domestic order under the control of the Russian government. A key difference this year is that an extra brigade joined the action – the Siberian battalion. This battalion was established to recruit people from the Siberian minority groups, who are unequally affected by the war and are relatively more likely to be sent to and killed in Ukraine. They joined the fighting against the Kremlin alongside the Freedom of Russia Legion, and the Russian Volunteer Corps. The number of people in these groups is relatively small, likely thousands, compared to the Russian military. This means that even though the groups are successful in the Belgorod and Kursk regions, the territorial gains are not significant. However, the group’s activity does force Russia to move troops to these regions and away from Ukraine, helping the latter in their war effort. Black Sea Albeit often overlooked by the media, the Black Sea is where Ukraine arguably has booked its biggest successes in the past year. The Black Sea between Crimea and Odessa used to be a common missile launching site for the Russian Black Sea Fleet. From there, it would target the more western cities of Ukraine such as Odesa and Lviv. These missiles going for Western Ukraine would even overfly or closely pass by Moldovan airspace. Ukraine has sunk over 33% of the Russian Black Sea fleet, severely impacting its capabilities. Ukraine also recaptured or relieved the oil platforms in this section of the Black Sea, destroying or taking Russian Electronic Warfare systems. Robotyne The town of Robotyne, the endpoint of the Ukrainian counteroffensive last year, now sees combat action with Ukraine on the defensive. Russia has tried to take this settlement, presumably to start a collapse in the Southern defenses of Ukraine. To note is the use of over 60 year old T-55 tanks in an assault role, which up until then had only been seen in an improvised artillery role. As of writing, the Russian assaults have not been successful. Krynky Krynky is a small foothold near Kherson held by Ukraine, across the Dnipro river. Even after extensive fighting, the ZSU managed to hold onto the small town. It was first thought that the small town was used as a staging ground for operations on the Russian-held side of the river, but it seems that Ukraine holds on to it as a ‘thorn in the side’ of Russia, as well as to inflict maximum damage to any Russian units sent to reconquer the town. It is unclear how large the cost is for Ukraine to be present in Krynky. Expectations Russian Summer focus It is likely that after the coming mud season, Russia will launch an offensive again. The focus will likely be Kupiansk and Kharkiv. On top of the Ukrainian defenses already in place, a possible successful Ukrainian offensive in the coming summer would help in countering this threat. However, Russia has held the upper hand in the war for the past months and, due to slow western support, it has to be seen whether Ukraine can regain the upper hand in the second half of 2024. In a recent announcement, Russian defense minister Shoigu stated that by the end of the year, Russia is planning on forming two new armies. As announced, these two armies will be made up of 16 new brigades, and 14 new divisions. This will need a total of around 450.000-500.000 men to be recruited or mobilized, and the necessary weapons and vehicles prepared for action. Whether these plans are realistic, especially on the equipment part, remains to be seen. The manpower is likely to come mostly from mobilization of minority groups. The purpose of these new armies is up for speculation; whereas some expect they will be used in an attempt to ‘steamroll’ Ukraine, others worry that Putin is preparing for an offense on NATO. Ukrainian Summer focus Ukraine has announced plans for another attempt at an offensive for the coming summer. After the failure of last year’s offensive, likely due to a shortage of (promised) supplies and leaked battle plans, Ukraine aims for more success this year. The most likely goal would be another attempt at liberating Melitopol. The city is one of the closest major cities near the front line, and serves as a logistical hub for the Russian army. A wildcard attempt at liberating Crimea is a minor possibility, and would be a high risk-high reward scenario. Limiting Ukrainian plans is slow western support, especially US support. While some of the anticipated F-16s might be operational in time for the summer and will certainly be a helping factor, they are not likely to be game changing. Developments in the West Support for Ukraine in the West will likely remain uncertain, as many stakeholders are working against it and will likely continue to do so. Ukraine has already become a central issue in electoral campaigns, most notably in the US with the Republican Party presidential candidate Donald Trump stating he will stop supporting Ukraine if he becomes president. The Republican Party will likely continue to obstruct new aid bills in the US Congress, especially coming closer to the November presidential election. This will make the approval process of new aid for Ukraine long and uncertain, affecting its possibility to advance and retake territories. Tensions will likely remain in the EU as well, as Hungary and possibly Slovakia are taking increasingly pro-Russian stands in the European Council. The stance of Slovakia may be influenced by the results of the March-April 2024 presidential election, which sees a close race between pro-Russian candidate Peter Pellegrini and pro-EU candidate Ivan Korcok. These obstructions will probably impact the European Commission’s plan to use the interests earned by Russian frozen assets to finance the purchase of weapons for Kyiv. While the European Commission is seeking a more proactive role in supporting Ukraine, a new opposition front might arise as Austria, Ireland and Malta, traditionally militarily neutral countries, are increasingly concerned about supplying weapons and munitions to Ukraine. Ukraine trade with European countries will also likely be impacted as European farmers demand a solution to the disruption caused by cheaper Ukrainian tariff free imports. Nevertheless, Ukraine can count on the support of many European countries and they might decide to act separately from the European institutions in order to bypass obstructions by other countries. Conclusions The war in Ukraine is far from over. Russia dictates the direction of the war, without caring for losses, and Ukraine in full defense bringing as much damage as they can to the Russian army. The race seems to be between Russia grinding down the Ukrainian defenses, and Ukraine receiving more help from the West (mainly Europe), as well as being able to effectively start and increase weapon production in its own territory. For now it seems unlikely that NATO will directly join the conflict in any form. The West’s willingness to provide Ukraine with virtually limitless help has drastically reduced and, as a result, Ukraine is preparing to rely on its own production capabilities. Russia and specifically the Kremlin seem to be stuck in a sunken-cost fallacy. Therefore, it is unlikely that it will give up its goals in Ukraine unless it suffers a total defeat on the battlefield.

Date: 22/03/2024 Who’s involved: Nigerian government, insurgents and gangs, herder and farmer communities What happened? On 03/03/2024, hundreds of people looted a government warehouse in Nigeria’s capital, Abuja, followed by thousands of Nigerians rallying against soaring living costs on 05/03/2024. Nigeria's emergency agency responded by strengthening security at its warehouses. On 27/02/2024, protests broke out following the nationwide demonstrations organized by labor unions to voice their opposition to economic problems. On 23/02/2024, several individuals were fatally trampled outside the Lagos customs office as a result of a stampede occurring because of the sale of discounted bags of rice. The customs agency stated that the disbursement of the rice bags was a strategy of the government "to address the critical problem of food scarcity". On 07/03/2024, at least 287 school children were kidnapped by militant insurgents in Nigeria’s northwestern Kaduna State. Earlier that week, on 03/03/2024, at least 50 people were kidnapped from a camp for internally displaced persons in northeastern Nigeria, followed by another kidnapping of at least 15 pupils from a school on 09/03/2024. In this region, Boko Haram and Islamic State West Africa Province (ISWAP) operate frequently. On 14/03/2024, sixteen Nigerian soldiers were killed in Delta state while on an operation to stop fighting between the Okuama and Okoloba communities over land dispute. There are often violent confrontations over land disputes, fishing rights, or demands for compensation due to oil spills. On 17/03/2024, Nigerian soldiers attacked the Okuoma community after President Tinubu labeled the 14 March attack as “a direct assault on the nation”, prompting a response. While searching for those accountable for the killings of 14 March, the soldiers plundered communities and set fire to houses. Analysis: Over the last couple of weeks, Nigeria has experienced several attacks on grain storage sites, following a spike in living costs and a 30% increase in the food inflation rate. In 2023, President Tinubu made efforts to remodel the economy and removed long-standing fuel subsidies, claiming that this would reduce Nigeria’s debt. This was a widely unpopular move as it caused soaring inflation, especially for food. The deepening economic crisis is likely to worsen existing security concerns in Nigeria as crime, armed groups, and corruption rise in the country. Armed groups have targeted vital sources of income for the country in recent years. Theft and vandalism of pipelines in the Niger Delta have led to insecurity in the region, a drop in oil production, and international underinvestment in the sector. The energy infrastructure in the south remains vulnerable to attacks as long as socio-economic issues persist. Confrontations between nomadic (Muslim) herders and native (Christian) farmers stemming from disputes over land, have resulted in recent clashes with fatal outcomes. Farmers are also regularly forced by gangs to abandon their fields or pay extortion fees to access their own land. These factors impact food production, resulting in food shortages and increasing prices. In the north of Nigeria, Islamist insurgents and criminal gangs regularly stage large-scale kidnappings and frequent attacks on villagers and travelers. In some cases, huge sums of money have been transferred to the criminal parties, enabling them to acquire more weapons and recruit adherents. Kidnappings and attacks will persist and increase, given the lucrative nature of the crime. Conclusion The lack of affordable food is prompting looting in Nigeria’s capital, Abuja, and demonstrates how the country’s deepening economic crisis is having major security implications for its population. The World Bank has declared that Nigeria is experiencing ‘crisis food security’ levels, due to the persistent insecurity and armed conflict. Given that the government is sticking to its policy of cutting fuel subsidies, further raiding of warehouses, protests and discontent is likely to spread to urban centers.

Date: 22/03/2024 Where: Europe, Central Asia, North and South America Who’s involved: IBM “X-Force” (threat intelligence), various cyber threat intelligence groups, APT28 AKA Fancy Bear (Russian State-Sponsored Threat Actor), ITG05 (identified group or campaign) What happened? Since mid-March 2024, IBM’s Threat Intelligence “X-Force” has been releasing findings on a new phishing campaign to steal sensitive information by targeting governments and NGOs across four continents. The campaign, identified as “ITG05”, has significant overlap with APT28, famously identified as “Fancy Bear”. APT28 is connected to the Russian GRU, which means ITG05 is very likely part of a Russian military intelligence operation. Ukraine’s CERT-UA identified the campaign as a threat as early as December, identifying one of the tools that would later be attributed to the ITG05 campaign. As of late February 2024, ITG05 has been conducting phishing operations, both targeting and impersonating organizations from countries including but not limited to Argentina, Ukraine, Georgia, Belarus, Kazakhstan, Poland, Armenia, Azerbaijan, and the United States. Analysis: Reports from X-Force claim that the tools, tactics, and procedures observed in the ITG05 campaign strongly resemble Fancy Bear. The sustained operational intensity and evolving methods of ITG05 indicate that the group will continue to carry out malicious activity against global targets to support Russian state objectives​​. The phishing efforts orchestrated by ITG05 contain a blend of documents: some are sourced from public records while others seem to be crafted by the attackers. The lures used by ITG05 span a wide array of themes and attempt to draw in targets, encompassing areas like finance, essential infrastructure, senior executive meetings, cybersecurity, maritime safety, healthcare, and defense manufacturing. Many of the “lure” documents were designed to appear related to events happening in Israel and Palestine. The backdoor-seeking malware, known as MASEPIE, was found in emails directed towards Polish and Ukrainian government organizations as early as December 2023. APT28 was the Ukrainian government’s chief suspect at the time. APT28 and ITG05’s objectives are typically dedicated to obtaining access to adversarial systems, reconnaissance, and intelligence collection. Conclusion: The ongoing ITG05 campaign shares significant APT28 activities and tactics, and highlights the sophisticated and persistent nature of Russian state-sponsored cyber operations. This campaign's wide geographical scope and targeting of government and non-governmental organizations underline a strategic approach aimed at intelligence gathering, influencing geopolitical landscapes, and advancing Russian state interests. The diverse themes of the phishing lures, ranging from finance and infrastructure to geopolitical events, demonstrate ITG05's adaptability and targeted approach to engaging different victim profiles. The use of the MASEPIE backdoor, in particular, points to a focused effort on maintaining persistent access to high-value targets for long-term espionage and data exfiltration activities.