Search dyami insights

Written by Roos Nijmeijers, Sara Frisan, Mark Bruno, Alessia Cappelletti, Jacob Dickinson Israel-Hamas: - Outbreak of conflict as Hamas attacked the south of Israel from Gaza, prompting a bombing campaign and ground offensive of the Strip three weeks later Russia-Ukraine: Russia attempts a costly offensive against Avdiivka, Ukrainian movement threatens to slow, with an exception towards Robotyne Mali: Hostilities between separatist rebels and government forces intensify in northern Mali, as UN peacekeeping mission begins withdrawal DRC: Clashes intensified in the eastern regions of the DRC causing a record number of internally displaced people and concerns of an impending humanitarian crisis Colombia: Despite advances in the Petro government's “total peace”, levels of violence in Colombia remain high Chile: Tensions with Mapuche indigenous people lead to a state of emergency in the Araucanía region and Arauco and Biobío provinces Russia: Putin announces a withdrawal of Russia’s ratification from the Nuclear-Test-Ban Treaty Guatemala: Post-election protests and civil unrest, following the suspension of President-elect Arévalo, results in an escalation of violence Venezuela-Guyana: Venezuela called for a referendum to determine sovereignty over the oil-rich Esequiba region, a long-standing source of dispute with Guyana China- Philippines: Maritime tensions rising as the Philippines fishing vessels and China Coast Guard ships collide Armenia-Azerbaijan: Tensions are still high in the Nagorno-Karabakh region, peace talks are taking place but so far without results Haiti: Gang-related violence is steadily increasing, and the UN-approved Multinational Security Support has been suspended Serbia-Kosovo: Increase in the number of Serbian troops with military equipment on the Serbia-Kosovo border and little progress in normalizing relations Pakistan: Clashes on the Pakistan-Afghanistan border are rising, announcement of all undocumented immigrants need to leave the country by November 1 Myanmar: Multiple military junta attacks targeting ethnic minorities were reported, including airstrikes on IDP camps Conflicts, October 2023 Israel-Hamas On October 7, 2023, 2500 members from the terrorist group Hamas attacked the south of Israel from Gaza and killed over 1400 Israeli citizens. In response, Israel started a bombing campaign in Gaza trying to eliminate the Hamas leadership and infrastructure. Hamas, and the Palestinian Islamic Jihad, started a rocket-firing campaign aimed at Israeli villages and cities. Since October 7 hundreds of rockets have been fired by the terrorist groups and the Israeli Air Force has dropped hundreds of bombs on Gaza . According to various sources, hundreds of Gaza civilians have died due to the Israeli bombing campaign. The Iranian-backed terrorist group Hezbollah, which operates from Lebanon and Syria, has threatened to get involved in the conflict and thus opening a front in the north of Israel. Hezbollah soldiers have fired rockets and missiles at Israeli Defense Force targets but there is no sign of a full-scale attack. Hezbollah leaders have said they will engage Israel as soon as the IDF starts a ground war in Gaza. Leaders of Iran have made similar statements. The United States have warned Iran and Hezbollah to stay out of the fight or they might be targeted by the US military, which has bolstered its presence in the region by bringing in various aircraft carrier groups and by deploying fighter and bomber aircraft in Jordan. The weekend of October 27-29 saw the beginning of Israel’s invasion into northern Gaza . According to the IDF, air assets bombed 600 targets in the area on Saturday, alone. Russia-Ukraine October has seen an attempt by Russia to split Ukraine’s attention as weather and road conditions threaten to halt momentum for both armies. The city of Avdiivka in Donetsk Oblast has become the site of an extremely violent and costly attempt by Russia to conduct a counteroffensive of their own. Estimates of at least 5000 Russian casualties and documented massive losses of armor and artillery are being published. Despite this, Russia has made small gains around the city, and continues to push. The first documented use by Ukrainian forces of US-supplied ATACMS missiles was on an October 17, 2023, raid of two Russian airfields. The targets were a squadron of Ka-52 helicopters, with Russian losses estimated between 14 and 21 aircraft. Attacks utilizing unmanned weapons and irregular ground forces in Crimea continue. Ukraine did manage to break through Russian blockades of Ukrainian ports meaning Ukraine can transport ships with grain through the Black Sea again. Russian ships were also moved following attacks by Ukraine on Russian-occupied Crimea . Zelensky has announced continued military pressure on occupied Crimea. The eastern front is also slowly moving in a direction that is favorable for the Ukrainian forces. The continuation of the conflict means that there are more and more casualties on both sides, including civilian casualties, without it creating a positive outcome for either party. Berlin has informed Ukraine that it will experience no change in terms of arms supply and economic support despite Berlin's support for the Israel-Hamas conflict. Ukraine is also getting support from a new Siberian Battalion consisting of Russian citizens who have come to Ukraine via third countries and are being readied to help in the war, on Ukraine's side. They disagree with the “terrible crimes” committed by Russia and want to fight against “Russian imperialism”. Mali Throughout October, hostilities resumed in northern Mali between government forces and separatist armed groups united in a coalition, the Permanent Strategic Framework or CSP, which includes groups signatories of the 2015 Algiers accord and groups of former Tuareg. Since October 2, 2023, the government has been deploying significant military personnel and military equipment to the region. It has been reported that on October 7 the Malian Army (FAMa), allegedly supported by the Wagner Group, took control of a stopover town in Kidal. Besides postponing the presidential elections scheduled for September 2023, the Malian government called for the withdrawal of the 10-year MINUSMA UN peacekeeping forces by December 2023. While security concerns have been raised about the termination of the mission, withdrawal operations began in October. On October 22 MINUSMA completed the accelerated withdrawal from the base in Tessalit, in the Kidal region. On October 27 it was reported that four civilians were wounded in an attack on a withdrawing MINUSMA convoy in the Gao region. Democratic Republic of the Congo In October, violence continued in the Democratic Republic of Congo and led to a record number of internally displaced people. On October 30, 2023, the United Nations reported 6.9 million people are currently displaced in the DRC, as the fighting intensified. Together with this record number of IDP, the World Food Program also reported that in the Eastern provinces of North Kivu, South Kivu and Ituri, 5.5 people are in crisis and emergency levels of food insecurity. Kinshasa will have to face a dire humanitarian crisis in the upcoming months. Despite a ceasefire agreement between the Congolese army and the M23 rebel group, clashes between the M23 and militias loyal to the government intensified in the eastern province of North Kivu this month . The East African Community forces declared on October 25 that the M23 breached the ceasefire as it attacked and killed a Kenyan Peacekeeper in Goma. Fights focused especially on the city of Kitshanga, which was re-captured by loyalist militias in mid-October from the M23. However, violent clashes broke out shortly after as the rebels tried to retake the town and managed to regain control for less than 24 hours before handing it over to the army. In October, the conflict also spilled over to Ugandan territory. ADF (Allied Democratic Forces, an IS-affiliated armed group) incursions in Uganda resulted in two attacks , involving a tourist vehicle and a commercial truck and resulting in at least five dead, including two foreigners. Bomb threats and attacks have been thwarted by authorities in Kampala. Officials have increased patrols and increased the checks at the border with DRC. A Ugandan soldier was also killed in an attack in eastern DRC by the ADF. Lastly, on October 23 the DRC authorities reported an incursion of Rwandan forces into the region of North Kivu , reportedly in support of the M23. The international community and the UN expressed a concern about ‘direct confrontation’ between the two countries and a general regional security deterioration as the conflict spills over to neighboring countries. The President of the DRC, Felix Tshisekedi, reiterated his determination to ‘put an end’ to M23 and its allies. Alerts, October 2023 Colombia Despite advances in the Petro government's “total peace” plan through peace talks and ceasefires with armed and criminal groups, including the ELN, the Gulf Clan (AGC), and FARC dissidents (EMC-FARC), levels of violence in Colombia remain extremely high . In conjunction with the election campaigns for local elections on October, 29, 2023, armed groups have increased control and violence in some areas, mainly rural areas, resulting in a sharp increase in kidnapping, extortion, recruitment, and electoral manipulation. The main targets affected by the incidents of violence are ethnic minorities and women. On October 1 Colombia's Special Jurisdiction for Peace announced that since 2016, there have been more than 35 thousand cases of gender, sexual, and reproductive violence related to the conflict. Following President Petro's statements on the Israel-Hamas conflict and in support of Palestine, diplomatic tensions arose between Colombia and Israel . In response, the Israeli government suspended defense and security equipment exports to Colombia. Besides bilateral relations deterioration, this could potentially undermine Colombia's security sector, which relies largely on Israeli supplies. Chile On October 3, 2023, the Chilean Senate approved a 15-day extension of the state of emergency in the Araucanía region and Arauco and Biobío provinces . The exceptional state has already been in force for a year in this area due to unrest and clashes related to the territorial conflict between radicalized groups of the indigenous Mapuche population and the Chilean state. The most critical areas for the conflict are historically Auracania and BioBio. Increasing violent incidents and tensions have recently been reported in the Los Rios region. International observers and representatives of the Mapuche people denounce repression and state violations against Mapuche activists . In October, clashes with security forces were reported, including the alleged arrest of activists who were arrested for minor crimes. The number of incarcerated activists consider themself political prisoners. The first weeks of October were marked by protests opposing the conservative far-right's attempt to revise the constitution and further tighten already restrictive laws on abortion and other freedoms that primarily affect women and the LGBTQ+ community. The country is also experiencing an upsurge in political violence, corruption, and infiltration of criminal groups from the Latin American region from Colombia, Peru, and Bolivia. Russia On October 25, 2023, Russia enacted a law to revoke the Nuclear-Test-Ban Treaty (CTBT) . On October 5, Vladimir Putin announced the withdrawal of Russia's ratification for the CTBT, as the US has not yet ratified the treaty either. Membership of the treaty has been possible since 1996 and is meant to stop nuclear testing and, with it, further nuclear weapons development. The treaty is not legally in force because it has not been ratified by 44 named countries. The treaty is however having an effect; no country has conducted nuclear tests since the treaty was in place, with the exception of North Korea. The withdrawal of ratification is a step that was followed by Moscow's interruption of Measures for the Further Reduction and Limitation of Strategic Offensive Arms (New START), the nuclear arms treaty with the US which created nuclear restrictions on both sides. Withdrawing ratification can have several meanings. It could be a tactic by Putin to intimidate the EU and the US from further supporting Ukraine. The withdrawal could also indicate that Russia actually wants to conduct tests as Putin has said Russia is working on new nuclear weapons, but the question then is why they did not leave the treaty instead of not ratifying it. Guatemala In October, Guatemala experienced increased civil unrest . The situation is related to post-election tensions following the suspension of President-elect Bernardo Arévalo , the anti-corruption candidate of the center-left Movimiento Semilla party, which won the election last August 20, 2023. The new president is expected to take office in January 2024, yet the presidential transition remains uncertain. On October 2, peaceful protests began with the resumption of the democratic transition process and the resignation of Attorney General María Consuelo Porras. In recent weeks, protests have been causing roadblocks and disruption of transportation and services. On October 16, an escalation of violence led to the death of a protester. President-in-Office Giammattei has declared the ongoing protests illegal, while President-elect Arévalo has expressed his intention to suspend the presidential transition until Attorney General Porras is removed. The US, the EU, and the UN denounced the attempt to overturn and manipulate the electoral process. There are concerns about the humanitarian consequences of a potential escalation of violence from the protests, which are likely to continue in the coming weeks. Venezuela-Guyana New tensions arose in the long territorial dispute on the border between Venezuela and Guyana. The oil-rich Esequiba region has been the source of conflict between the two countries for decades. In 2018, Guyana requested the intervention of the International Court of Justice (ICJ) to confirm the ownership of the territory under the 1899 arbitration between Venezuela and the then-Colony of British Guiana. On April 6, the ICJ voted in favor of Guyana, although the Venezuelan state did not recognize the ruling. After discovering new oil and gas reserves near the maritime border, Venezuela resumed its claims on the area. While Guyana claims sovereignty over the territory and has called for international and U.S. support in the dispute, Venezuela considers that the neighboring state has no rights over the region's resources and that the Venezuelan authorities should authorize all oil activities. After pressing for negotiations to resolve the dispute, the Venezuelan government called a referendum, scheduled for December 3, 2023, to defend its claims on the territories of Guyana Esequiba . On October 25 CARICOM stated that the referendum proposed by Venezuela and its annexion claims have no bearing under international law. China-Philippines Maritime tensions have risen in October between China and the Philippines in the South China Sea. The Philippines Coast Guard cut a Chinese-made rope to prevent Philippines fishing boats from legally using the Scarborough Shoal, a cluster of ring-shaped islands in the South China Sea. China called the Philippine actions “provocations” and has deployed China Coast Guard to the waters, with rival boats attempting to collide with each other. The Chinese Coast Guard has regularly intimidated Philippine fisher vessels. With US commitments in a 1951 mutual defense treaty, the rise in tensions is an acute issue of regional security in one of the world’s busiest seas. Updates, October 2023 Azerbaijan-Armenia After the short-lived conflict in September between Azerbaijan and the ethnic Armenian separatists in the Nagorno-Karabakh region, the tensions are still high in the region. The conflict ended with Nagorno-Karabakh ceasing to exist as of January 1, 2024, and becoming an official part of Azerbaijan. Azerbaijan has been discussing opening a corridor to West-Azerbaijan through Armenia. Such a move could easily lead to all out war between the two countries. There are peace talks taking place but they have not shown any results as of yet. Haiti Gang-related violence is steadily increasing in Haiti , recording alarming numbers of murders, kidnappings, and sexual violence. Moreover, the surge in gang-related violence, especially in the capital, forced the population to flee urban areas, resulting in more than 200,000 displaced people. On October 2, 2023, the U.N. Security Council voted to send a Kenyan-led multinational force, the Multinational Security Support, to assist the Haitian government and security forces in countering armed gang violence. The approval of international assistance comes more than a year after Haiti's Prime Minister Ariel Henry repeatedly called for "robust support" to re-establish order and tackle the humanitarian crisis that started in 2022 in Haiti. This generated a reaction from the G9 leader, a coalition of major gangs in Port-au-Prince, who announced that gangs would resist international forces if they supported Henry's illegitimate government. Despite the approval of the deployment of 1,000 Kenyan-led troops to Haiti, the mission was suspended by the Kenyan government , which will issue a decision on the multinational force in November. In recent weeks, conditions in the country have deteriorated, and gangs have further expanded their control over urban areas where the state is largely absent. On October 18 the secretary general of the High Transitional Council was kidnapped by gang members disguised as policemen. Kosovo-Serbia Milan Radoicic has come forward as responsible for the attack on two policemen in northern Kosovo on September 23 2023 in which a policeman and three Serbs were killed. Subsequently, an increase in the number of Serbian troops with military equipment on the Serbia-Kosovo border was noted. However, Vucic said that it was not something extraordinary and it did not result in an escalation, as Serbia reduced the number of troops on October 2. Increasing troops on the border was probably to provoke a reaction from the international community. Warnings from the US eventually convinced the serb military to withdraw. The EU is facing calls to impose sanctions on Serbia, but whether the attack was coordinated by Vucic is disputed. There are elections in Serbia at the end of the year , Vucic could use the problem with Kosovo to distract people from his unpopularity in Serbia that is seen through weekly protests against mass shootings and growing criticism about authoritarian leadership. On October 27 the leaders of Germany, Italy and France called on Vucic to recognise Kosovo as an independent state and that Kurti should form an association of municipalities where Serbs are in the majority so that they get some self-government in the north. This agreement is necessary for EU membership , the EU reports that if they do not do so, they will miss out on great opportunities. However, they refused to sign this agreement earlier in September. Serbia and Kosovo's position with the EU remains to be seen, as an agreement is not yet in sight and they both blame each other for the incident on September 24. Pakistan Outbreaks of violence are rising on the Pakistan-Afghanistan border . Clashes between insurgents and security forces occur daily. On September 29 2023, two separate bomb attacks left at least 60 people dead in Balochistan and northwestern Khyber Pakhtunkhwa provinces . Although the Tehreek-i-Taliban Pakistan group is allegedly involved in most of the attacks, Pakistani authorities report a significant presence of Islamic groups, including the Islamic State-Khorasan. The escalation of violence is instigating an increase in an anti-Afghan narrative. On October 3 2023, the Pakistani Interior Minister announced that all undocumented immigrants will have to leave the country voluntarily by November 1 2023 , or they will face deportation. Of the undocumented citizens, 1.7 million are Afghan nationals. Pakistan is experiencing numerous protests in October. Besides pro-Palestinian rallies, the first weeks of October saw demonstrations in favor of former PM Imran Khan and his PTI party. On October 23, Pakistan indicted former PM Khan for leaking state secrets. The coming general election, initially scheduled for October 2023, is postponed until at least February 2024 . Myanmar The humanitarian crisis in Myanmar is deteriorating . Ongoing conflict and floods are causing a spike in displaced people. Violent and deadly clashes between military junta forces and resistance fighters persist in several areas of the country, especially in Karen and Mon states and Magwe, Sagaing, Bago, and Tanintharyi regions. Air raids by the military junta were reported in October. On October 9, 2023, an airstrike on an IDP camp in Kachin state killed at least 29 civilians . On October 27, at least 20 security officers were killed during a coordinated attack by rebel groups on 12 towns in Shan state. On October 24, in the wake of the escalating violence and limited access to humanitarian assistance the UN called for joint action to counter violence, bombings, and violations against civilians by the military junta and recalled the Rohingya minority crisis . On October 29, Myanmar's former information minister was arrested and charged with encouraging dissent against the military junta.

Date: 27/10/2023 Where: The Baltic Sea, corridor between Finland and Estonia Who’s involved: the Finnish government, the Estonian government, Sweden, NATO, the European Union, Russia, China What happened? On 10/10/2023, the Finnish government reported damage to a gas pipeline and a telecommunications cable with Estonia. The BalticConnector gas pipeline was shut down after Finland’s Gasgrid recorded an unusual drop in pressure on 08/10/2023. As a result of this damage, the European energy market has suffered from unease, following media reports of the shutdown of the BalticConnector gas link, causing gas prices to soar once again due to concerns over supply for the coming winter. Despite Finland initially suspecting a Russian retaliatory action, the National Bureau of Investigation recently stated the damage is likely a result of an anchor dragging on the seabed. Finnish officials will determine whether the damage was intentional in the next phase of the investigation. NATO announced on 11/10/2023 that it will discuss damage to the gas pipeline and data cable running between member states Finland and Estonia, and will mount a “determined” response if a deliberate attack is proven. Finnish and Estonian authorities formed a joint investigation team on 12/10/2023 in order to determine the cause of the damage. The investigation is ongoing. Progress has been made on identifying vessels operating in the area, and the investigation will continue to focus on the technical examination of the seabed for any visible traces. On 11/10/2023, Finnish officials reported that the damage to the pipeline appears to have been done using mechanical force and not an explosion. The Estonian Geological Service claims that neither Estonian nor Finnish seismic stations registered anything resembling explosions during the time period the BalticConnector registered a loss of pressure. On 16/10/2023 Finland increased security measures to its critical infrastructure, restricting access to parts of the port of Inga which houses one of the country’s two floating Liquefied Natural Gas terminals. In total, the Finnish government has identified 230 sites where it will restrict access over fears of sabotage. On 19/10/2023 NATO boosted its patrols in the Baltic Sea, including additional surveillance and reconnaissance flights, maritime patrol aircraft, NATO AWACS planes, and drones. A fleet of four NATO minehunters is also being dispatched to the area. On 17/10/2023 another Baltic Sea telecommunications cable connecting Sweden and Estonia was discovered to be damaged at roughly the same time as the Finnish-Estonian pipeline and cable were, but remains operational. Estonian authorities believe these events are linked. The Finnish National Investigations Bureau announced on 20/10/2023 that the investigation will now focus on Newnew Polar Bear, a Hong Kong-registered container ship, as its movements coincided with the time and place of the damage. On 25/10/2023 the Chinese Foreign Ministry stated that Beijing is willing to provide all necessary information on the case, in accordance with international law. Analysis: The damage to the BalticConnector gas pipeline has brought back fears concerning the vulnerability of European critical infrastructure to sabotage by hostile actors. Therefore, European energy security is very likely to be high on the policy agenda of both NATO and the European Union especially considering the pressure of the coming colder winter months. The timing and nature of this event is reminiscent of the attack on the Nord Stream pipelines which occurred last year on 26/09/2022. As Europe is heading into its second winter since Russia’s large-scale invasion of Ukraine in February 2022, gas prices are again on the rise and putting further strain on European markets and economy. The risks posed by such disruptions to the European energy supply are likely to create tensions within Europe. Furthermore, the Russian Ministry of Foreign Affairs did say that “the Russian Federation will be forced to take military-technical and other retaliatory measures to counter the threats to our national security arising from Finland’s accession to NATO.” Finland has also been increasingly targeted by cyber-attacks from Russian hacking group NoName057(16) since 03/10/2023. This coinciding with a declaration by the Finnish Foreign Minister, Elina Valtonen, of increased Finnish support to Ukraine and the damage to the pipeline occurring all within the same week could serve as a clear indication of hostility towards Finland and potential sabotage operations. NATO has already threatened to mount a “determined” response if the joint Finnish-Estonian investigation finds sufficient evidence to prove the pipeline was deliberately sabotaged. A potential response that will send a clear message to any hostile actors may be triggering Article 4. By invoking Article 4, Finland and Estonia can push the issue of the security of critical infrastructure onto NATO’s agenda and force the Alliance to have a high-level meeting about it. A likely outcome of such a meeting could be to move more air and naval assets to the Baltic region to ensure the protection of other pipelines. Despite fears of Russian retaliation or other state actors attacks, the joint Finnish-Estonian investigation has not found any conclusive evidence yet in order to attribute the damage to sabotage by a state-actor. Conclusion The damage to the BalticConnector pipeline has increased energy price volatility in Europe and may put further financial pressure on European populations in the coming winter months. Consequently, energy security must be set as a priority for both NATO’s and the EU’s policy agendas. With Finland’s newly acquired NATO membership, hostile actors may be trying to sabotage NATO critical infrastructure to either provoke or intimidate. If the incident is proven to be a deliberate action, NATO is likely to respond.

Date: 26/10/2023 Where: North Korea, International Targets (primarily US Tech firms) Who’s involved: Hackers affiliated with the DPRK, Various US contractors and private companies, law enforcement bodies What happened? Recent reports by the US Government show an increase in North Korean hackers impersonating candidates for IT roles in various industries, posing as IT professionals in English-speaking regions. The impersonation goes the other way, as well, with fake job opportunities being posted to various job search sites. Assistance by AI language learning models, such as ChatGPT make these attacks increasingly effective. Throughout the Summer of 2023, North Korean threat actors were discovered to be targeting foreign software developers via deceptive postings on GitHub. 29/09/2023 Investigators at ESET cybersecurity released a report linking a 2022 data breach from Spanish aerospace companies to social engineering attacks by a North Korean hacker posing as a recruiter for Facebook parent company, Meta. The spear phishing messages were distributed via LinkedIn. 17/10/2023 The US Department of Justice broke up what it called a ‘massive operation’ involving North Korean operatives fronting as seventeen different “legitimate” IT and recruitment firms. 18/10/2023 Microsoft Threat Intelligence released a report of how North Korean infiltrators have managed to install backdoors and other malware throughout the JetBrains’ TeamCity service network. 18/10/2023 The US Federal Bureau of Investigation released a report on the danger these DPRK operations present, and increased guidelines for organizations to handle potential intrusions. Analysis: The goals of these operations are varied, as some of them are intended to draw revenue through wages for North Korea’s missile program. Others are utilized for espionage, and theft of intellectual property. Infiltration of the JetBrains TeamCity services potentially gave access to an unknown number of software development projects of some of the world’s largest corporations. JetBrains claims a user base of nearly 16 million, in 90 of the top 100 richest global firms. Many of the falsified resumes are assembled from publicly available information via LinkedIn and other similar platforms. It’s believed that some of the LinkedIn based attacks are from real accounts that were, themselves, hacked by DPRK operatives. These tactics coincide with a well-established history of high level DPRK operators, particularly the Lazarus Group APT, who the US government claims is sponsored directly by the North Korean state. The lack of international accountability for North Korean threat actors empowers them to conduct operations for not only espionage, but acute ventures in cybercrime. It’s for this reason that DPRK operators are novel in their organized crime efforts. Lazarus Group has been able to steal billions of dollars that allegedly go towards the country’s missile development program and nuclear research. Conclusion North Korean hackers continue to pose a significant threat to organizations globally through exploiting the trust in professional networking platforms. These threat actors use a complex web of proxy servers and VPNs, anonymizing systems for money transactions, cryptocurrency exchanges, and AI assistance to avoid detection until the damage has already been done. As long as these operators continue to receive protection from the DPRK government, they cannot be prevented. The most effective way to combat this threat is through a bottom-up approach. IT candidates on job search sites, freelance software developers, and entrepreneurs in the tech space are urged to follow guidelines against various social engineering efforts, and remain aware of the issue.

Date: 24/10/2023 Where: the Middle East Who’s involved: Hezbollah, Iran, Lebanon, Syria, Ba’athist groups, Hamas, Israel. What happened: On 07/10/2023, Hamas attacked villages in the south of Israel just outside of the Gaza strip and over time killed more than 1400 Israeli citizens. On 08/10/2023, Israel started a war against Hamas by bombing Gaza and calling up 350.000 reservists to prepare for a ground invasion of the strip. On 09/10/2023, the Iranian-backed but Lebanese-based terrorist organization, Hezbollah, stated that it will attack Israel from the north if it carries on its attack on Gaza. From 09/10/2023 and the days and weeks after, Hezbollah militants have conducted small operations and attacks on the north of Israel. The Israeli Defense Forces (IDF) responded to the attacks by shelling Hezbollah positions in the south of Lebanon. Hezbollah’s leader, Hassan Nasrallah, has not yet declared war on Israel but has issued threats to the country and the United States. He stated that the two countries should stop the attacks on Gaza and cease to interfere with Hezbollah operations in Lebanon and Syria. Iran, which has historically backed Hezbollah with money, weapons, and instructors from the Islamic Revolutionary Guard Corps (IRGC), had meetings with the Hezbollah leadership and has openly stated that Hezbollah has the right to attack Israel in defense of the Palestinian cause. Historical context: Hezbollah was founded by Shiite clerics in Lebanon during the Lebanese Civil War (1975-1990) and was directly supported by the Iranian government, then led by Shia cleric Ayatollah Khomeini. Khomeini sent the IRGC (Islamic Revolutionary Guards Corps) instructors to help set up the military wing of Hezbollah. The current leader of Hezbollah, Hassan Nasrallah, has been in charge since 1992. His second in command is Naim Qassem. The third in command is Nasrallah’s cousin, Hashim Safi Al Din, who has been very vocal on the conflict between Hamas and Israel. His son is married to the daughter of the assassinated IRGC commander Soleimani. Hezbollah has been supporting Baathist and Shia governments around the Middle-East since 1979. In that capacity, the group has fought alongside the Syrian Armed Forces against ISIS/L, Kurdish, and Sunni resistance fighters in the Syrian Civil War. Hezbollah has the largest standing army in the world not directly tied to the country they reside. Its exact numbers, however, are unclear. Hezbollah is believed to have a weapon cache that far exceeds that of organizations such as Hamas or the Palestinian Islamic Jihad, including missiles that could reach all of Israel. The organization is in control of large parts of Lebanon and holds political power in the Lebanese parliament. Hezbollah is also reportedly letting Palestinian terrorist organizations operate in Lebanon to attack and infiltrate Israel. Next to receiving weapons, funding and training from Iran, Hezbollah funds its military operations by smuggling drugs to the West and the Gulf region. Analysis: It is likely that Iran will continue to support Hezbollah with weapons, logistical support, and instructors. However, Israel has made it harder for Iran to deploy its cargo aircraft when it bombed the Aleppo and Damascus airports in Syria on 13/10/2023 and 22/10/2023. Beirut International Airport has not been targeted by Israel yet, but if Iran decides to supply Hezbollah through the airport then it may be attacked. Iran is, as of 24/10/2023, supplying Hezbollah with weapons through a Russian military airfield in Syria. Hezbollah will likely continue with relatively small attacks on the northern part of Israel. These attacks seem to be used to test the Israeli defense system and response. The probability of Hezbollah carrying out a campaign against Israel in the short term is small, but if/when Israel starts a ground invasion of Gaza, the group may start a full scale attack from the north to divide the IDF’s attention on two fronts. While not an ideal scenario, Israel has been preparing for a similar event for years and has a large reservists pool. The Israeli government said it will ‘destroy’ Hezbollah and threatened to attack Lebanon if Hezbollah openly joins the fight. This can lead to a humanitarian crisis in Lebanon, as the country could not afford to sustain a war in the current economic conditions. Despite US support to Israel, it is not likely that the large US military presence will deter Hezbollah from engaging in a conflict with Israel. The decision seems to rather depend on Iran and not Hezbollah itself.

Date: 24/10/2023 Where: Lebanon, Beirut Syria, Aleppo, Damascus FIR Amman OJAC, Cairo HECC, Tel Aviv LLLL, Nicosia LCCC Who’s involved: Israeli government, Hamas, Hezbollah, Iranian government, Russian government Syria The Russian military has granted Iran permission to use the Russian Khmeimim Air Base in Syria according to the The Syrian opposition organization ‘Syrian Observatory for Human Rights’. An Islamic Revolutionary Guards Corp (IRGC) A310 landed from Tehran at Khmeimim Air Base on Oct 19th and one on Oct 24th. The IRGC previously used Damascus International airport (OSDI) and Aleppo International airport (OSAP) for supplying the Lebanese terrorist organization Hezbollah. Both airports were attacked by the IDF destroying the runways on Oct 12th and Oct 22nd. Lebanon Hezbollah possesses rockets and long-range missiles that reach deep inside Israel, an extensive air-defense system. Hezbollah has immensely expanded and upgraded its stockpile of rockets and various weapons systems, with the support of Iran. According to the latest public estimates, Hezbollah has around 150,000 rockets and missiles, most with a range of a few dozen kilometers. Various reports, however, say a substantial number can reach targets located hundreds of kilometers from Lebanon. According to the Israeli newspaper Haaretz, Hezbollah holds a large and diverse reserve of "dumb" rocket artillery alongside ballistic, anti-air, anti-tank, and anti-ship missiles. Hezbollah has placed a large part of its arsenal deep inside Lebanon and parts of Syria, making these and the surrounding area and air bases potential targets for the Israeli Defense forces in the event of Hezbollah and the IDF engaging in a frontal war. This is a major threat to the current civilian airline operation at Beirut International airport (OLBA) and surrounding airports like Hamat / Wujah Al Hajar Air Base in the event of NEO Operations during a clash between Hezbollah and the IDF. Various airlines have postponed their operation to Beirut International airport. We stress again for all western corporations travel providers in the region, seriously consider evacuating your staff and their families and advise all travel parties and provide them options for curtailing their holiday trip. Like most countries the U.S. have issued a DO NOT TRAVEL advice for Lebanon (level 4) and the authorized departure of family members of U.S. government personnel and some non-emergency personnel on a case-by-case basis. NEO (Noncombatant Evacuation Operations) out of Lebanon are being prepared and various countries have set up bases on Cyprus to support possible evacuations. The United States and United Kingdom have also prepared for a possible evacuation by sea like in 2006. GPS Spoofing A story that continues with new leads. On September 22nd ‘the New Arab’ news outlet reported Russian electronic combat devices operating in Syria and the eastern Mediterranean capable of GPS Jamming and Spoofing targeting civilian aircraft landing at Ben Gurion International airport (LLBG) and other Israeli airports. OPSGROUP alerted on September 24 and again on the 28th of a troubling new development in enroute airspace of multiple civilian aircraft being targeted with fake GPS signals, quickly leading to complete loss of navigational capability in multiple FIR’s over a period of 7 days Most crews reporting the nav failures in the vicinity of ORER/Erbil, ORSU/Sulaimaniyah, and ORBI/Baghdad on Airway UM688 over Iraq, close to the Iranian border. In the past couple of days no new incidents have been reported in this area. OPSGROUP reported through their Ops Alert on the 24th of October of a variety of another new GPS spoofing scenario reported by OPSGROUP member crews, all have similar circumstances, where a false or spoofed GPS position is received by the aircraft, incorrectly showing the aircraft position as being over LLBG/Tel Aviv. The reported GPS Spoofing incidents occured in the following FIR’s Amman OJAC, Cairo HECC, Tel Aviv LLLL and Nicosia LCCC. It’s important to highlight that this is not traditional GPS jamming which is often experienced in these areas. We regularly see GPS dropping out in this area. These recent reports are GPS spoofing – and even then, not like anything we’ve seen before. Although GPS jamming can be performed relatively easily by anyone, GPS spoofing has traditionally been the domain of military operations. GPS spoofing refers to attacks where hackers transmit signals resembling GPS data, encoded in a manner that deceives receivers into perceiving a different location. In a spoofing attack, the perpetrator aims to deceive a GPS receiver by broadcasting misleading signals disguised as legitimate ones. Additionally, it is feasible to execute a spoofing attack by transmitting authentic signals with an incorrect timestamp or signals obtained from a different location. The spoofer then manipulates these signals to lead the receiver into believing its position is elsewhere, or that it is in the right place but at the wrong time. Previously, INS (Inertial Navigation System) and IRS (Inertial Reference System) operated as independent units. However, advancements in flight deck technology have led to a much more seamless integration. Many contemporary IRS systems now incorporate GPS data to enhance the precision of the Inertial Reference Unit (IRU) as the flight progresses. Typically, the system is engineered to switch to the most recent Dead Reckoning (DR) solution in case of a signal loss or suspected integrity issue with the GPS-calculated position. Yet, if the system fails to detect a faulty position due to sophisticated spoofing, it may inadvertently update the IRS with inaccurate data. FMS (Flight Management System) and IRS (Inertial Reference System) are primarily engineered to handle instances of GPS signal loss, not deliberate spoofing. The avionics systems of most airliners are equipped to recognize when a significant shift or gross error occurs, as updates from ground-based sources fail to yield the correct position. This typically triggers a navigation or position warning. Nevertheless, it's important to note that in such situations, all primary navigation systems may experience temporary corruption. What you can do against jamming and spoofing Before the flight Check enroute FIR NOTAMs for any GPS spoofing/Jamming advice Perform full IRS alignment if entering known area with GPS spoofing risk Be aware of typical sensor hierarchy for FMS position: GPS, then IRS, DME/DME, VOR/DME, DR. Consider de-selecting GPS sensor input if possible on your aircraft Review differences between GPS Jamming and GPS Spoofing. Perform time check and set correct time on personal device or watch.. When you think you are being targeted; Check for large increase in EPU (eg. 1-2nm to 60nm) Check if the aircraft clock changes – incorrect UTC time Check for incorrect FMS position Monitor for large shift in GPS position displayed, ND/PFD warnings about position error Listen out on 121.5 for other aircraft reporting position errors in your area When you have confirmed that you are the target of a spoofing attack Revert to heading mode De-select GPS inputs as soon as possible (IRS infection is not immediate) Confirm IRS integrity Consider using OFP/CFP computed track between waypoints as guidance Report to ATC so other aircraft are aware, and check position. Remain IRS only until clear of risk area Request ATC for vectors

On October 17, 2023, the Biden administration released new export controls on US advanced semiconductors to the People’s Republic of China (PRC). The US sees China’s growing ability to produce better semiconductors, along with the close relationship between its military and civilian sectors, as a risk to national security. High-end chips could give China a military advantage in missile technology and surveillance equipment. The PRC has condemned the export controls as the latest ‘weaponization of trade’ by the US. For China, US export controls limit China’s abilities to produce a domestic innovation system for chips which the Chinese leadership sees as critical. Xi Jinping has emphasized achieving greater self-sufficiency in high-end semiconductors by plugging $150 billion in subsidies since 2015. However, the loopholes from the US export controls indicate that sanctions are difficult to enforce, posing security risks to US allies. China’s Civil-Military Fusion The Biden administration export controls on AI and semiconductor implemented in 2022 are an attempt to prevent the PRC from developing critical technologies with military applications. The PRC implements a “Civil-Military Fusion Development” doctrine where high-end technologies are coordinated for use between research institutes, private industry and the People’s Liberation Army (PLA). Blurring the line between civil and military application, semiconductors developed by Huawei could be used in advanced technologies on the battlefield, such as advanced missile systems, communication and navigation equipment. The threat posed by the PRC’s growing technological capabilities are acute for US treaty allies in the Indo-Pacific. China’s military modernization raises concerns over its ability to project military force to secure its own interests. For the Philippines, the PRC harasses Philippine fishing boats and has had numerous stand-offs over territorial disputes in the South China Sea. Japan faces disputes over the Diaoyu or the Senkaku islands. While not a US treaty ally, Taiwan faces security threats from the PRC’s gray zone tactics to influence its politics or live under the threat of an invasion. The PRC’s access to sensitive technologies is therefore a concern for US national security and US-led order in East Asia. Dodging Sanctions Strategies U.S. efforts to limit technological exports to the PRC face the problem of enforcement. Since announcing export bans of U.S. machinery to the PRC, there are indications that China can still buy and use U.S. technology. On 5 September 2023, shortly after the release of the iPhone 15, Huawei released its latest smartphone, the Mato 60 Pro. The new phone included an advanced 7 nm chip produced by China’s largest chipmaker Semiconductor Manufacturing International Corporation (SMIC). Given that Taiwan’s Taiwan Semiconductor Manufacturing Company (TSMC) has been producing similar sized chips since 2018, SMIC’s ability to produce these chips at quantity demonstrated an ability to bypass U.S. export controls. The question over how Huawei was able to develop the technology has led to a political debate on Taiwan. According to reports, Taiwan’s Cica-Huntek Chemical Technology Taiwan Co. won contracts to build systems for two Chinese, U.S. blacklisted companies. Current president Tsai Ing-wen, ahead of Taiwan’s presidential election in January 2024, has faced criticism for not taking Taiwan’s defense seriously. Without tighter controls on Taiwanese firms still doing business with Chinese firms, Taiwan’s semiconductors could end up in Chinese missiles aimed at the island. Sanctioned actors also develop strategies to get around U.S. export controls which have been employed for a while. For example, in 2018, reports emerged of Russian and Chinese military-affiliates sanctioned by the U.S. created ‘shell companies’, intended to disguise ownership of Chinese or Russian firms to buy U.S. equipment. While this avoided direct sales from US companies to Chinese military-affiliated companies, it was easily bypassed through third parties created by Chinese military affiliated firms. Blacklisted businesses can also purchase chips from black markets, outside of Chinese and American authorities. In the Huanqiangbei electronics mall in the southern Chinese city of Shenzhen, small scale sellers are filled with electronics components purchased under the radar. Reports have emerged that local sellers, though not advertising them, have bought Nvidia high-end AI chips in other markets and sell them at double the normal price. For smugglers, export controls provide incentives to gain chips via unofficial channels, for the right price. Breaking the Supply Chain? From the outset of the Biden’s administration export controls of US-made technology to China, East Asian electronics firms with a substantial dependence on China have been exempt. Samsung and SK Hynix secured exemptions from U.S. permission to ship U.S.-machinery to China. Samsung and SK Hynix face competitiveness issues in moving their production away from China; they produce 40% and 45% of their NAND memory chips in China respectively. Separating from China and moving to ‘friend-shoring,’ as the US is incentivizing them to do through subsidies, requires a significant reversal of supply chains built over the past 40 years. While this exemption gives East Asian and US companies time to reconfigure their supply chains, the timeline could take years given the billions of dollars involved. US export controls are also imposed in advance. While this may give time to companies facing commercial losses, Chinese firms are able to buy some technologies in advance. For the Netherlands, ASML’s compliance with U.S. export controls will come into effect on January 1, 2024. According to reports, ASML sold 46% of all exports to China in the third quarter of 2023. The strong reliance of semiconductor companies on China indicates the difficulty of moving the semiconductor industry away from China to other countries, especially when its market is substantial for exporting companies. Conclusion The new export controls launched by the US on October 17, 2023 aim to improve enforcement for critical semiconductors. Loopholes and well-established rules on bypassing sanctions are still possible and carried out by shell companies, even for sanctioned companies. Given the threats posed by the PLA’s military modernization and ability to project power overseas, the US latest export controls are an important step in deterring future technological developments. According to the US and its allies, without effective monitoring of export controls, the PRC’s ability to get hold of semiconductors for military purposes poses a significant security risk to the Indo-Pacific.

Date: 23/10/2023 Where: Venezuela Who’s involved: U.S. President Biden, Venezuela President Maduro, Venezuelan opposition leader Machado What happened? On Wednesday, 18/10/2023, the U.S. Treasury Department temporarily eased some sanctions imposed on Venezuela’s oil, gas, and mining sectors. The decision comes after Venezuelan President Maduro and opposition parties reached an agreement on elections scheduled for 2024. Oil sector bans are not the only area that has been the subject of negotiations in recent months between the two countries. On Wednesday, 18/10/2023, deportation flights from the United States to Venezuela resumed, marking a significant concession by President Maduro. The Venezuelan government also stated that it will make resources available to help with deportation operations. U.S. Secretary of State Anthony Blinken stated that President Maduro has until the end of November 2023 to implement established electoral commitments, including lifting restrictions on opposition candidates and releasing political prisoners. Should the Venezuelan government fail to meet its electoral commitments, the United States could decide to resume sanctions. On the other hand, if Maduro complies with the electoral guarantees, the provisional license lifting U.S. sanctions for six months could be extended. After resuming long-suspended negotiations, on Tuesday, 17/10/2023, Nicolas Maduro finalized an agreement with the opposition guaranteeing its participation in elections to be held in the OPEC member country in the second half of 2024. The negotiations took place in Barbados, and the talks were mediated by Norway. However, while the administration agreed to let the opposition choose its candidate for the 2024 presidential election, the agreement does not guarantee the reverse of bans blocking some opposition primary candidates from holding office. Several candidates are technically still barred from taking office, including the primary’s front-runner, Maria Corina Machado. On Sunday, 22/10/2023, Venezuela held primary elections to pick the opposition candidate who will run against Maduro in the first presidential election since 2012. Although vote casting is still in process, it seems that Machado routed the other nine candidates despite the ineligibility, securing 93 percent of the vote and emerging as Maduro's opponent in the 2024 presidential election. Maduro, ruling since 2013, is expected to run again for re-election, although he has not yet officially announced his candidacy. In 2019, his presidency was contested by Juan Guaidó, who was chosen interim president by the Constituent Assembly, causing a presidential crisis. Nevertheless, Maduro remained in power, and in 2022, opposition parties voted to dismiss Guaidó as interim president. Economic and diplomatic tensions between Venezuela and the United States are longstanding. Under Trump's administration, the U.S. adopted an aggressive sanctions policy against Venezuela to foster a political transition by putting financial and economic pressure on the Maduro regime. The first U.S. sanctions against Venezuela date back to 2006, imposed by President Bush on the Chávez regime. However, President Trump implemented the most restrictive sanctions against Venezuela, known as the "maximum pressure" policy. Starting in 2017, Venezuela has been denied access to U.S. financial systems. In 2019, several industry-specific sanctions were implemented, especially for Venezuela's state oil company, PDVSA, such as preventing the export of Venezuelan oil to its chosen markets and freezing bank accounts or banning access to properties in the United States. In 2022, the U.S. granted a temporary six-month license to Chevron, a major private oil company operating in Venezuela, authorizing the production of petroleum products. Analysis: The easing of diplomatic tensions and economic bans between Venezuela and the U.S. can be traced to several factors. First, the U.S. is seeking to boost global oil flows and ease current high prices caused by sanctions on Russia following the Ukraine invasion, and Saudi Arabia and other OPEC+ countries decisions to extend the reduction of production and exports. However, although it is expected for Venezuela’s oil output to gradually increase in 2024, the chances that Venezuelan exports can rapidly recover from the losses of recent years and significantly increase oil production are low without considerable investments. It seems unlikely that state-run PDVSA will be able to quickly boost Venezuela’s severely deteriorated oil production and export crude at fair and affordable prices. Indeed, Venezuela, the world's largest proven oil reserves, used to produce nearly 3 million barrels of oil daily. Partly due to U.S. sanctions, Venezuela's economy, primarily tied to oil production and exports, contracted by about two-thirds between 2014 and 2020. U.S. re-engagement in Venezuelan politics and economy could also help halt rising Chinese influence in Venezuela and the Latin American region. Indeed, since the beginning of U.S. sanctions, China has replaced the United States as the primary purchaser of Venezuelan oil and economic sponsor of the country. As recently as last month, Maduro and Xi Jinping strengthened their cooperation in several areas, including security, aviation, trade, and investment. The lifting of sanctions on Venezuela could also be Biden's response to growing domestic tensions, including regarding the increasing flow of migrants. Under Maduro, more than 7 million people have left Venezuela, with many heading to the U.S. Recently, Venezuelans stood out as the nationality most arrested for illegal entry at the U.S. border, replacing Mexicans. Moreover, although the decision to resume economic and diplomatic relations is drawing controversy and opposition from Republicans, the Biden administration may be seeking to strengthen its position through a strategy to address the energy crisis ahead of the 2024 presidential election. Regarding the democratic concessions granted by Maduro, many international observers and opposition representatives are skeptical that the president will fulfill his pledges, especially the removal of bans preventing opposition members from holding office. While democratic concessions are a necessary prerequisite to the U.S. lifting bans, many believe that the agreement will not lead to real regime change. Instead, renewed relations with the U.S. and easing the regime’s stronghold may represent a strategic propaganda move to lift the country's economy and gain more support ahead of the 2024 elections. Nevertheless, the primary elections held on 22/10/2023, organized independently by the opposition and civil society, registered an unexpected turnout of voters, indicating the population's desire for change and democracy. Conclusion: Venezuela agreed to grant fair and internationally monitored elections in 2024 in exchange for lifting some economic sanctions by the United States. The U.S. is seeking to re-kindle economic ties with the OPEC country to curb the global energy crisis. However, renewed market access for Venezuela's severely disrupted oil sector will not provide economic benefits in the short term. While the international community hailed this agreement as “a step toward Venezuela's democratic transition,” the actual freedom of the upcoming elections remains a question. The sanctions relief may be a political maneuver by the Biden administration to gain domestic support, potentially ameliorate the energy crisis, and challenge Chinese influence in the Latin American region.

Article written by Mark Bruno - October 2023 The escalation of violence in the physical world has seen a parallel escalation in the digital world with hacktivist groups either claiming to be supporting Palestinian causes or retaliating against these actors. To this day, digital threat actors of all stripes attempt to channel the aesthetic, and tactics of Anonymous from the time of the Arab Spring (2011). However, the cyber battlespace has changed since then, and as states’ abilities to withstand these sorts of attacks have grown, so, too has their influence in the space itself. But given how prepared Israel has become over the past twelve years, how was it seemingly taken by surprise? Was there potential intervention by other nation-state actors? Has the cyber front been more effective as a source of disinformation than as an actual source of disruption? Two Layers Of Cyberwar Conclusions about what’s unfolding in Israeli cyberspace are difficult to pin down, despite the conflict coming up on its third week. In part, this is because the cyberwar between Israel and Hamas is made up of a domain that we can see, and a domain that we cannot. It’s almost identical to the one unfolding in Ukraine in this respect. The first domain consists of the overt actions by hacktivists and more common cyber criminals that are often self aggrandizing but lack the sort of substance that one might expect. This is in large part to the credit of Israel’s own cybersecurity and IT infrastructure. On October 8th, a proclamation went out over Telegram: “Israeli government, you are to blame for this bloodshed. Back in 2022, you supported the terrorist regime of Ukraine. You betrayed Russia… All government systems of Israel will be subjected to our attacks!” The statement was published by KillNet, a Russian group who have been extremely active since the War in Ukraine became a full scale invasion. They mostly perpetrate low-yield Denial of Service and Defacement (also known as DoS or DDoS) attacks on targets of opportunity: dangerous, yes, especially to smaller and less prepared targets, but regarded in the cybersecurity community as a less significant threat than many others that are aligned with Russia. The Lawfare Institute’s Maggie Smith, Erica Lonergan, and Nick Starck write, in a 2022 piece about KillNet, that the role of these groups is, “cognitive, not coercive.” That they exist to shape the framing of a conflict, and generate hype around their own propaganda narratives. KillNet’s large platform provides a communication channel for other organizations to organize similar attacks, amplifying their perceived effectiveness. Some cybersecurity professionals speculate that the group is state-sponsored, and it can be firmly established that they are at the very least, state-aligned with Russian interests. There are a number of higher-powered threat actors that Israel’s Cyber Directorate has on their radar that inhabit the second layer of this space. Many of these are based in Iran and Lebanon, and inhabit a much more threatening categorization: that of the Advanced Persistent Threat. Advanced Persistent Threats (known often as simply ‘APTs’) are a threat actor with less limited resources than most hacktivists or common cyber criminals (often provided through state funding), utilize layered strategies, and tend to have a continuous mission. Some APTs have been active for over a decade. It takes more time to attribute an attack to an APT. In part, it’s because their plans tend to have a clandestine intent, such as exfiltrating data from a government or military source. Even financially-driven APTs such as North Korea’s Lazarus Group will quietly amass money in the hundreds of millions before being stopped. It’s much more of a “long game” in this layer of the conflict. There is no evidence at this point proving that any of the regionally tracked APTs have intervened in the conflict, but this certainly doesn’t rule out that they might have, as they did in the past. Before The Attacks Since the morning of 7/10/2023, there has been a lot of speculation as to whether or not Hamas received aid or intelligence from external organizations, with the most prominent theories being about potential assistance from Iran. Much of this speculation is an understandable response to the seemingly slow reaction from the IDF and the pure shock of the violence that unfolded. That said, there has been a well-established history of attacks on Israel from several Advanced Persistent Threats. There were several notable cybersecurity incidents in the weeks leading up to the attacks on 7/10/2023. On 09/09/2023, fifteen Israeli lawmakers were surprisingly banned from WhatsApp in what may have been a breach that stemmed from their authentication controls being tripped. The report said that they were locked out of their accounts for three hours, which would have been plenty of time for a data exfiltration. This particular incident was reminiscent of a 2019 phone breach of Netanyahu political rival, Benny Gantz. The incident was explained in the Israeli press as an attempt by Iran. Ben Gurion Airport, a major target in the current conflict, had one of its most significant disruptions related to a cyberattack on 20/09/2023. The attack involved extremely sophisticated disruption of GPS systems and impacted the ability of pilots to land on shorter runways. The identity of the threat actor responsible still has yet to be revealed, but this is the sort of behavior more broadly associated with an APT rather than common cyber criminals. On 5/10/2023, there was a report of an attempt via Telegram to hack Israeli president, Isaac Herzog. The findings by Israel’s Shin Bet security security service determined that it was from a low-level group, and likely for the purpose of scamming the president, rather than any “serious” breach. However, in the context of the broader cyberwarfare situation in Israel, it’s difficult to brush this incident off. That same day, Microsoft’s Threat Intelligence department released their 2023 Digital Defense Report. In it, the report outlines the increasing threat posed by Iranian threat actors, though it largely outlines their activities in the capacity of influence in the Global South. After The October 7th Attacks Claims Israel has been under a constant storm of cyberattacks. However, the claims made by the attackers have been of mixed truth value: some outright lies, others exaggerating the effectiveness of their operations, and a few that have been genuinely effective with potentially deadly consequences. Perhaps the most substantial claim that proved fruitless was an alleged series of attempts to shut down Israel’s Iron Dome missile defense system. While some servers associated with Rafael Advanced Defense Systems and Israel Aerospace Industries (the organizations that manage the system) may have been temporarily shut down, there is nothing that substantively suggests that the system’s performance was ever impacted. RedAlert Early in the day on 7/10/2023, Russia-supporting cybercriminals, Anonymous Sudan, posted evidence suggesting that Israel’s RedAlert app, an application that tracks reports of rocket attacks in real time, has had outages via what appears to be a Denial of Service attack. The group that would later seem to be responsible was the hacktivist organization, AnonGhost, who explained that they’d found a vulnerability in the application’s API that allowed them to take it down. The immediate impact of this attack was the safety of civilians fleeing to get out of harm’s way. In the time since, service has been fully restored in the browser version of the application. However, the issues caused by the various Denial of Service attacks have caused the application to be removed from several regions’ app stores for a time. If one needs to download the app again, the way around this would normally be to download the APK file (or IPA file on iOS) and install it directly. In response, some groups have picked up on this workaround, and have created a spyware version of the APK file hosted on a phony version of the developer’s site. Media And Propaganda Several news organization websites, but most prominently, the Jerusalem Post, were taken offline on the morning of 8/10/2023. The recovery back to full functionality took at least fifty hours. While attempts were claimed against Keshet Media Group websites, Times of Israel, and others, the disruptions were not nearly as severe, if they happened at all. Another display of hijacking media was done in at least the city of Holon, and allegedly in Tel Aviv as well. For part of the morning of 12/10/2023, smart billboards were hacked into and played what has been called “pro-Hamas” messages. A number of these groups have also attempted to spread various messages on social media that prominently featured disinformation and carefully selected old footage. Screenshots of a fake BBC article with AI-generated images reportedly from Bellingcat began circulating on 10/10/2023. The article was attempting to mislead readers into believing that US weapons given to Ukraine were ending up with Hamas, lending credibility to a related conspiracy circulating on Facebook. Conclusion It's crucial to differentiate between actual and perceived threats in the cyber realm, especially in the current Israeli scenario. While numerous claims circulate, Israeli services remain adept at identifying and thwarting such attacks. Despite the attention garnered by hacktivist groups like KillNet, their direct harm is mitigated by Israel's robust cybersecurity infrastructure. However, beneath this visible layer lies a more menacing one: the clandestine activities of state-supported Advanced Persistent Threats (APTs). Operating quietly, these entities aim for long-term gains like data exfiltration or system compromise, posing a more significant threat. The dual-layered nature of this cyber conflict necessitates a well-thought-out defense strategy—addressing immediate threats from hacktivist activities while proactively seeking and countering the potentially more dangerous, silent moves by APTs. The unfolding situation underscores a modern warfare paradigm where battles transpire both openly and covertly in the digital domain, carrying real and tangible repercussions for security, civilian safety, and the on-the-ground situation.

Date: 19/10/2023 Where: Atlassian Data Centers (global), China Who’s involved: Atlassian Corporation, Chinese state-sponsored hackers (Storm-0062), other threat actors and cyber security firms What happened? In February 2023, an unidentified threat actor began phishing campaigns, targeting various organizations related to Atlassian products. The group demonstrated a particular focus on Atlassian's enterprise collaboration software, such as Confluence, which suggests that this was the initial planning and reconnaissance phase of the breach. It was found that the group likely came from China. In response to the breach, a statement by Atlassian indicated that network and customer information are secure. On 15/02/2023, Check Point Software warned Atlassian about a data leak that included sensitive facilities information of a third party contractor. Atlassian answered the warning with only a written response, stating that since the contractor was not leaking customer information, that it was not a serious threat. 14/09/2023: The Chinese APT group launched attacks exploiting a zero-day flaw in Atlassian Confluence Data Center and Server instances. These attacks were initiated a week before the bug's disclosure. On 21/09/2023, Atlassian released a patch for four of its main products that allegedly fixed the bugs. On 4/10/2023, the breach was publicly disclosed, through a formal advisory of the Multi-State Information Sharing and Analysis Center. Atlassian advised customers to immediately shut down and disconnect their server from the network if they suspect their Confluence Server/Data Center instance has been compromised. On 11/10/2023, Microsoft identified the group as an Advanced Persistent Threat: Storm-0062, who they connected to the Chinese government. The threat to Atlassian’s servers and data centers was considered to be extremely high by Microsoft. On 16/10/2023, the Cybersecurity and Infrastructure Security Agency (CISA) distributed an advisory based on Microsoft’s findings, indicating that this was considered a serious threat to infrastructure. On 17/10/2023, a joint statement by The Five Eyes countries’ intelligence chiefs accused China of having a protracted history of intellectual property theft that stood as an “unprecedented threat”. Analysis: Storm-0062, also known as DarkShadow or Oro0lxy, is a state-sponsored threat actor linked to China's Ministry of State Security and is known for targeting software, engineering, medical research, government, defense, and tech firms in the U.S., U.K., Australia, and various European countries to collect intelligence. Atlassian’s software is used by nearly a quarter of a million companies worldwide, including 83% of the Fortune 500 as of 2020. The company’s products are mostly focused on business planning and product development, much of which can be considered sensitive or classified. Companies that utilize Atlassian products include IBM, Tesla, Shell, Lufthansa, and more. Microsoft's Threat Intelligence analysts have observed that the group exploited the Atlassian flaw as a zero-day bug for nearly three weeks. It was able to access sensitive information for that time, unimpeded. The group has been involved in stealing terabytes of data by hacking government organizations and companies worldwide. The U.S. Department of Justice accused Li Xiaoyu, a Chinese hacker who created the digital alias Oro0lxy, of infiltrating hundreds of companies in the U.S., Hong Kong, and China, including coronavirus vaccine research developer Moderna. Conclusion: Storm-0062's activities highlight the increasing threat of state-sponsored cyberattacks and the potential for significant damage to companies and governments worldwide. Specifically, it shows the potential ability for a state actor to conduct reconnaissance of sensitive planning and design information as a product is being developed, in real time. With critical technologies perceived as an issue of national security, theft of intellectual property, through the cyber domain, is a part of China’s strategy to gain access to U.S. designs and gain a competitive edge in advanced technologies and defense contractors.

Date: 18/10/2023 Where: Poland Who’s involved: Law and Justice party (PiS), Civic Coalition (KO), the Third way, the New Left What happened? General elections took place in Poland on 15/10/2023. On 17/10/2023, all votes were counted and published. The Law and Justice party (PiS), led by Jaroslaw Kaczynski, received 35.38% of the votes, making it the largest party but no longer the majority. Civic Coalition (KO) led by Donald Tusk, former European Council president, got 30.70% of the votes. The center-right ‘Third Way’ party received 14.40% of the votes, the New Left 8.61% and the far-right Confederation 7.16% according to the Commission. Combining the KO with 157 seats, the Third Way with 65 seats and the New Left with 26 would be enough to form a parliamentary majority with 248 seats. The results of the election were planned to be revealed on 16/10/2023, but because of a turnout of 74.4%, unprecedented since the fall of communism in 1989, the results were delayed to 17/10/2023. Analysis: Since the nationalist conservative United Right (ZP), dominated by PiS, came to power in 2015, Warsaw had problems with the European Union about rule of law, media freedom, migration and LGTBQ+ rights. This caused the EU to freeze billions in subsidies for the country. If the liberal opposition bloc, led by KO, comes to power, it could be a turnaround for Warsaw. Tusk has announced that when KO gets the ruling power, it will mend the relations with Warsaw and Brussels and undo PiS reforms. Among other things, the PiS is accused of politicizing the judiciary, propaganda, and fuelling homophobia. Its critics say that democracy may be significantly eroded the moment PiS is elected for a third time in a row. PiS mainly seeks to preserve Poland's Catholic character to resist Western liberal pressures. The outcome of the elections will not affect Poland alone. Foreign policy with the United States, Europe, and especially Ukraine and Russia will be affected. Since the Russian invasion, Poland has equipped Kyiv with German-made Leopard 2 tanks and Polish MiG-29 fighters, and has also taken millions of Ukrainian refugees. However, in the last months, farmers in Poland suffered from low Ukrainian grain prices and in response the PiS cutted grain imports from Ukraine. After the ban on Ukranian grain importation, Zelensky accused “some” countries of only pretending to support Ukraine. Poland felt accused and responded by ceasing its arms supply to Ukraine. Tusk is likely to reinvigorate ties with Ukraine when/if in office. Poland has the strictest abortion laws in the EU; since 2021 abortion is almost totally forbidden. Kosiniak-Kamysz of the Third Way party would support revisiting the near ban to lighten it. However, despite the KO’s coalition the President of Poland, Andrzej Duda, is a PiS ally and announced before the voting started on 15/10/2023 that the party who has the most votes would be the first party able to form a coalition. However, at this point there is no party that is showing willingness to join PiS. As KO is the second biggest party, President Duda will likely let KO form a coalition. Conclusion: Judging from the outcome of the elections on 15/10/2023, there is a high probability that KO will form a coalition with the Third Way and New Left. Poland will also likely try to improve its ties with the EU and reinforce LGBTQ+ rights. The media regulation will likely be amended as is the abortion law. The outcome of the elections is likely to mean something good for Ukraine as well, such as more supply of weapons to Kyiv and re-allowing Ukraine to export grain abroad through Poland.

Date: 18/10/2023 Where: Israel, Gaza Lebanon, Beirut Who’s involved: Israeli government, Hamas, Hezbollah, Iranian government Lebanon Tens of thousands of protestors swarmed the U.S. Embassy overnight, scaling the walls and setting fires on the U.S Embassy grounds and raising the Palestinian Flag on the embassy’s fence, no injuries have been reported. The US has issued an immediate ‘DO NOT TRAVEL’ advisory for Lebanon to its citizens, and advises all US citizens in Lebanon to leave as soon as possible. Hezbollah has announced a ‘Day of Rage’ for October 18th. Protests have broken out at other US, French and U.K. Embassies across the Middle East. The Black Flag has been raised in Iran. Traditionally this is a symbol of mourning in Shia Islam and it is raised to commemorate the martyrdom of Imam Hussein. However, from past events, it has also been seen as a signal to call for a ‘Day of Rage’ and a precursor for attacks, as was the case in the 2012 Benghazi Attacks in Libya. For all western corporations travel providers in the region, seriously consider evacuating your staff and their families and advise all travel parties and provide them options for curtailing their holiday trip. IDF Chief of Staff Herzi Halev warned Hezbollah on Oct 17, that it will annihilate Hezbollah if the attacks continue. The IDF stated earlier this week it is ready to fight on two fronts. Increasing the tensions on the southern border with Lebanon. Airlines are starting to cancel flights to Beirut International airport (OLBA), Middle East Airlines (MEA) moved 5 aircraft based at OLBA to Istanbul Airport (LTFM), private jet operation has almost stopped at OLBA. A couple of airlines canceled their flight operations at OLBA including Sundair, SAS, Lufthansa, Eurowings, Swiss, Condor, the following have reduced flights Air Arabia, Saudia, other operators like Aegean, Egypt Air, Emirates, Iraqi Airways, Turkish Airlines, Transavia, Qatar, Pegasus, Royal Jordanian, SunExpress continue to operate as scheduled. NEO (Noncombatant Evacuation Operations) out of Lebanon are being prepared by various countries and have set up bases on Cyprus to support possible evacuations. The United States and United Kingdom are also preparing for possible evacuation by Sea like in 2006. The U.K. package includes two Royal Fleet Auxiliary vessels, along with Royal Air Force surveillance aircraft and a company of Royal Marines. The United States Navy has a Carrier Strike group present in the Mediterranean (Southwest of Cyprus) with a second Carrier Strike Group underway as backup. A U.S. Marine Expeditionary force has arrived in the Mediterranean, and is conducting preparations for possible evacuation operations out of Israel and Lebanon when required. IDF has increased the GPS jamming in Northern Israel extending into Southern Lebanon. What has happened in Israel in the past 48 hours. President Joe Biden has arrived at Ben Gurion International airport. By now almost all airlines have postponed their flight operations into Ben Gurion airport. Only carriers still flying at Ben Gurion International airport besides the current ongoing NEO missions are El Al, and Israeli Airlines (Isair), Fly Dubai, Emirates, Sun Express, Turkish Airlines, Air Serbia, Tus Air, Spice Jet, Blue Bird, Ethiopian Airlines, Georgian Airways. Countries currently undertaking or completed NEO (Noncombatant Evacuation Operations) out of Israel: Argentina, Austria, Australia, Brazil, Bulgaria, Canada, Colombia, Chile, Czechia, Germany, Hungaria, Italy, Mexico, Norway, The Netherlands, Poland, Portugal, Romania, Sweden, United Kingdom, United States. We haven’t received any laser attack reports since October 11th around Ben Gurion International airport, most were reported earlier during the approach phase and a couple during departure. The Red Alert app, warning for missile attacks, cyber attacks seem to have been resolved and working correctly. However, the app has been removed from several app stores. It can be found outside the official stores, but so can spyware versions. On Thursday Oct 12th the Israeli Air Force conducted combat operations in Syria, successfully targeting Aleppo International Airport (ALP) and Damascus International Airport (DAM) destroying the runways at both airports to prevent military supply missions. Like the previous days, multiple rocket attacks were undertaken by Hamas aimed at Tel Aviv and a few at Ben Gurion airport, non penetrated successfully. During one of the attacks Flight Operations was halted but resumed quickly. Since the start of the current conflict no missile was successful at hitting the airport or any of the structures. The Israeli Defense force has taken additional mitigation measures on the ground and in the air to minimize the potential threat of Surface to Air Missiles attacks against Flight Operations at Ben Gurion airport. With the current measures in place around Ben Gurion International Airport and the arrival and departure routes, the potential threat of this being used against the current flight operations at Ben Gurion airport is minimal. As of Sunday Oct 8 th there are no more General Aviation(business) flights possible to and from LLBG Ben Gurion International Airport as per NOTAM is still in effect: A1089/23 NOTAMR A1059/23 Q) LLLL/QFALT/IV/NBO/A /000/999/3201N03453E005 A) LLBG B) 2310081328 C) 2310191600 E) ARR OF GA ACFT PROHIBITED FM OCT 08 0500UTC (0800LMT). DEP OF GA ACFT PROHIBITED FM OCT 08 1700UTC (2000LMT). CAA (Civil Aviation Authority) Israel informs that Eilat-Ramon International airport (LLER-ETM) is available, both as a preferable alternate airport and as a possible destination within Israel, outside the present zone of conflict. Israair Airlines is operating flights from Ramon Airport to Ben Gurion Airport and the following destinations: Athens, Vienna, Oslo, Paris and London. EASA (European Union Aviation Safety Agency) brought out a CZIB (Conflict Zone Information Bulletin) for the Tel Aviv FIR (Flight Information Region) FIR Tel Aviv (LLLL) Oct 8th, 2023 remains unchanged. Analysis: Status Quo, For the current situation we don’t expect the Israeli Air Force to conduct a similar operation against Beirut International Airport (BEY) as conducted in Syria due to the high number of International flights. Beirut International airport conducts around 500 flights per week. Escalation; In the event of Hezbollah openly entering the war when Israel starts the ground war, military action from the Israeli Air Force aimed at destroying the runway of Beirut International airport and other airports in Lebanon is highly likely. If flying to Ben Gurion international airport (LLBG) and Beirut International Airport (OLBA) , contingency fuel is needed in case of (temporary) airport closure. The ground war has been postponed, Hamas continues to target Tel Aviv and Ben Gurion airport with daily rocket attacks. On occasion flight operations were temporarily postponed. a day-to-day assessment should be made on the security of the airspace and the country. Air operators should closely monitor airspace developments in the region and follow all available aeronautical publications issued by Israeli State authorities, alongside available guidance or direction from their national authorities, including information shared through the European Information Sharing and Cooperation Platform on Conflict Zones. Air Operations who will have crew staying overnight provide their crew with proper security training and information for the ground situation, like location to the nearest bomb shelter, etc this information is being provided by the Israel authorities. It should be ensured that a robust risk assessment is in place together with a high level of contingency planning for operations and be ready for short notice instructions from the Israeli authorities.

Date: 17/10/2023 Where: Ecuador Who’s involved: Newly elected President of Ecuador Daniel Noboa, former President Guillermo Lasso, Ecuador gangs and transnational criminal networks What happened? On Sunday, October 15, 2023, the second round of presidential elections was held in Ecuador between leftist candidate Luisa González of the Citizen Revolution Movement - protégé of Rafael Correa, President from 2007 to 2017 - and Daniel Noboa, candidate of the center-right National Democratic Action party. Noboa ultimately won the ballot with 52% of the votes. The 35-year-old newly elected President is the youngest in Ecuador's modern history and is the son of the most prominent banana tycoon and former presidential candidate, Alvaro Noboa. Since 2021, Noboa has been a designated member of the National Assembly and chaired the Economic Development Commission. Noboa will take office in December 2023. However, his mandate will last only until May 2025, to complete the term of former President Guillermo Lasso, who, on May 17, 2023, invoked the so-called “muerte cruzada” which means dissolving the National Assembly, and called for early elections to avoid an impeachment trial for alleged corruption. Noboa will be guaranteed a chance to run again in the 2025 elections. Ecuador's elections took place in a climate of gang-related and political violence. A few days before the primary election, on August 9, 2023, anti-corruption and anti-gangs presidential candidate Fernando Villavicencio was assassinated. Subsequently, six suspects were assassinated in Quito on October 6, in the country's largest penitentiary institute, while a seventh was found dead the day after. Given the climate of violence, exacerbated further by Villavicencio's assassination, the political agendas of the presidential candidates, regardless of their political stance, have focused on increasing security and stability in the country. Both candidates proposed a "mano dura" approach inspired by the model implemented by Bukele in El Salvador. The term mano dura, in English 'firm hand,' entailed a set of crime policies usually adopted against gangs. According to pre-election polls, most voters strongly supported more restrictive and militarized anti-crime policies. Most of Ecuador's young population, the part of society mostly affected by gang and drug-related violence, stood in favor of tightening measures against organized crime. Noboa's policy agenda revolves around overcoming youth unemployment through socio-economic reforms and addressing the security crisis and growing violence in the country. His security plan, known as "Phoenix," calls for significant reforms of the security sector and judicial system, high-security prison boats to mitigate prison overcrowding and massacres, and the expansion of military authority, reminiscent of "mano dura" security measures. Noboa plans to create a new intelligence unit to tackle gangs and organized crime, equipped with technologies such as drones and access to images and military equipment. Analysis: In the past five years, especially since the pandemic, security in Ecuador has deteriorated drastically. The country has shifted from being the most peaceful in the region to now registering the fourth-highest homicide rate in Latin America. Between 2016 and 2022, Ecuador's homicide rate spiked by nearly 500%. The security crisis has been triggered by the rise of gangs and criminal groups taking advantage of Ecuador's increasingly key role in the cocaine trafficking chain to Europe. Colombian, Mexican, Venezuelan, and Albanian drug trafficking networks compete to control Ecuador ports to exploit banana trade routes, of which the country is the world's largest exporter, to smuggle drugs, mainly to Europe. Meanwhile, once fragmented and not very influential, local organized crime has gained much power through drug trafficking. In recent years, Ecuadorian gangs have undergone a process of sophistication, becoming more structured and violent. The country records numerous prison gangs, which control most detention facilities from which they orchestrate criminal activities and forge relationships with international drug trafficking networks. The most prominent local gang in Ecuador is Los Choneros. Ecuador, for decades, despite its proximity to Colombia and Peru, leading producers and exporters of cocaine, has managed to be relatively shielded from the region's violent and criminal dynamics. Several factors facilitated the recent escalation of violence. First, tightening policies and controls against drug trafficking in neighboring countries has caused transnational criminal groups to turn to Ecuador's poorly controlled ports. Moreover, the demobilization of the Colombian guerrilla FARC in 2016 has influenced the violent shift in the country. The Ecuadorian government had stable relations with the group to ensure a relatively peaceful and non-involvement of narco-traffic. Finally, regarding domestic policies, President Correa's 2007-2017 administration's crime reduction initiatives based on the construction of mega-prisons led to the counterproductive effect of increasing the prison population and facilitating gang organization. Noboa proposes more restrictive anti-crime policies to curb rising violence in Ecuador. "Mano dura" policies, based on militarization and mass incarceration of gangs and criminals, have significantly decreased violence and homicides in El Salvador. Nevertheless, this approach could be highly counterproductive in the long run. Conservative policies foster human rights violations, impose restrictions on freedoms, grant forceful authority to the military, erode the rule of law, and reinforce the power of elites. Moreover, mass incarcerations lead to prison overcrowding and facilitate the reorganization and strengthening of criminal groups and gangs. Ecuador is not the only state unfolding its gaze toward restrictive policies against crime. Many countries in the region have adopted Bukele-like hard-line measures, including Honduras, Guatemala, Nicaragua, Mexico, Bolivia, Colombia, and Argentina. Conclusion: Ecuador's new President, Daniel Noboa, will face multiple challenges during his temporary tenure to meet the expectations and address the frustrations of citizens. The top priority will be addressing the security crisis, reversing the trend of escalating violence, and eradicating rising crime and drug trafficking by local gangs and transnational organized criminal groups. Yet Noboa's policy agenda, which includes the creation of prison boats to isolate the most dangerous and powerful criminals, is still poorly articulated and ambitious for the available time. The likely shift toward hard-line and restrictive security strategies, while effectively reducing crime and gang-related violence in the short term, could result in increased militarization, state of violence, and potential socio-political and democratic deterioration in the country.