Search dyami insights

Date: 09/11/2023 Where: Yemen Who’s involved: Houthi rebels (Ansar Allah) backed by the Iranian government, United States government What happened? The U.S. Defense Department released a statement to the press that a MQ-9 Reaper drone was shot down by the Iranian-backed Houthi Rebels while operating over international waters and within international airspace. Yemen is situated between the Gulf of Aden to the south and the Red Sea to the west. Since the outbreak of the Israeli - Hamas war on 07/10/2023 the U.S has expanded their presence in the region to deter a larger-scale conflict. Iran and its allies have issued warnings of potential retaliation if Israel does not cease its attack on Gaza. The U.S. has relocated military resources such as aircraft carriers, Marines, and support vessels to the Middle East. Some of these ships are present in the Red Sea. The MQ-9 Reaper shootdown occurred 3 weeks after the USS Carney intercepted multiple missiles and drone attacks launched by the Houthi rebels as they moved northward over the Red Sea. Together with the IDF, the ship reportedly intercepted 4 cruise missiles and 15 drones targeted at Israel. On 31/10/2023, Israel intercepted a surface-to-surface long-range ballistic missile and two cruise missiles that were fired by the Houthi rebels in Yemen. It was Israel's first-ever (public) operational use of the Arrow (missile family) system for intercepting ballistic missiles. The MQ-9 shootdown took place hours after the U.S. President Biden gave the order to launch F-15E Strike Eagles to conduct an airstrike against a weapon storage facility in Syria that belongs to a different group of Iranian backed rebels. MQ-9 Reaper effect on Civil Aviation in the area It is unclear whether the MQ-9 Reaper was on a surveillance mission or armed for attack/reconnaissance, as the drone can carry a variety of armaments, including missiles and laser-guided bombs. After the recent drone and missile attacks by the Houthi Rebels out of Yemen aimed at Israel, it is highly likely that U.S. forces keep a close look at the developments in Yemen regarding attacks aimed at Israel and U.S. assets in the region. The MQ-9 was most likely shot down by the Yemeni “Fater-1” SAM, which is based on the Soviet SA-6 SAM. The Yemeni “Fater-1” SAM, poses a threat to Civil Aviation and the potential for mis-identification by Houti Rebel forces. However there are no major airways in the vicinity of Yemen airspace that are used nowadays by Civil Aviation. Houthi Rebels ‘Ansar Allah’ The Ansar Allah is an Islamist political and armed organization that emerged from the Yemeni governorate of Saada in the 1990s. The Ansar Allah is a predominantly Zaidi Shia force, whose leadership is drawn largely from the Houthi tribe. They are financially backed and militarily supplied by Iran and North-Korea. The Ansar Allah flag and slogan reads "God is the Greatest, Death to America, Death to Israel, Cursed be the Jews, Victory to Islam". Since 2015, the Houthi have been engaged in a conflict against the Saudi Arabian–led intervention in Yemen, which aims to establish full territorial control by the internationally recognized government within Yemen. Additionally, the Islamic State militant group has targeted various major parties involved in the conflict, including the Houthi, forces loyal to former president Saleh, the Yemeni government, and the Saudi Arabian–led coalition forces. The Houthis seek to govern all of Yemen and align themselves with anti-imperialist movements against the United States, Israel, and Saudi Arabia. They have carried out multiple missile and drone attacks against Saudi cities. The conflict is widely viewed as a proxy war between Saudi Arabia and Iran. Since the onset of the Israel-Hamas war, the Houthis have also initiated drone and missile strikes against Israeli cities.

Written by Mark Bruno In New York, four individuals have been apprehended for their involvement in two conspiracies aimed at illegally exporting controlled, dual-use technologies to Russia. The technology in question, valued at over $7 million, includes semiconductors and integrated circuits. These are crucial for the Russian military's technological capabilities, which have been stifled by sanctions. While the case is ongoing, there are indications that this incident is part of a larger conspiracy by Russia to subvert its technological limitations for its war in Ukraine. This is not the first vector–and certainly won’t be the last–for Russia’s attempts to steal western technology. Exports From New York One of the arrested individuals, Salimdzhon Nasriddinov, is a Russian-Tajik national, while Nikolay Goltsev and Kristina Puzyreva hold dual Russian-Canadian citizenship. They were part of a significant sanctions evasion and export control scheme. In a separate indictment, a Brooklyn resident, Nikolay Grigorev (also of Russian and Tajik citizenship), was arrested, and two Russian nationals, Artem Oloviannikov and Nikita Arkhipov, were charged but remain at large. The indictment reveals an illegal scheme to procure dual-use electronic components for Russian entities involved in drone development and manufacturing for the war in Ukraine. Grigorev and his partners used Quality Life Cue LLC (QLC), a Brooklyn-registered company, as a front to facilitate their illegal operations. This scheme was intended to support companies affiliated with the Russian military, including SMT-iLogic, a sanctioned entity identified as part of the production chain for Russian military drones. Court documents show that QLC accounts received about $273,000 between October 2021 and February 2022, which were used to purchase electronics for export to Russia. A search in June 2023 at Grigorev's residence in Brooklyn led to the seizure of over 11,500 electronic components awaiting illegal export to Russia. There are a number of methods used to circumvent sanctions. One common method is the use of third-party countries to re-export banned goods. EU-sanctioned goods are exported to certain third countries and from there further exported to Russia. This is often done to evade direct export bans from the EU to Russia, as evidenced by foreign trade data. Any entities trying to export to Russia would have to go through countries that haven’t sanctioned them. The two countries regarded as most important for this are Turkey and China. From October 2022 until the following January, imports of chips and processors from China to Russia were at least 50 percent higher than those of the previous year. However, Armenia, Kazakhstan, and Kyrgyzstan fall into this, as well. In 2022, Armenia imported 515 percent more chips and processors from the US and the European Union, with 97 percent of those being re-exported to Russia. In the New York case, Goltsev and Nasriddinov were said to be able to order the items under assumed identities and false pretenses from US manufacturers. They allegedly were then able to ship them to Russia through intermediary companies located in Turkey, Hong Kong, China, India, and the United Arab Emirates. According to the investigation, it was found that US shipments to some of these foreign entities entirely came from Goltsev and Nasriddinov’s front companies. Some sanctions regulations may have loopholes or exemptions that can be exploited. For instance, the Sanctions Regulation adopted by the EU allows for some possibility of continuing exporting under pre-existing, or “grandfathered” contracts, subject to a case-by-case assessment. As well, there are some exceptions for non-military use products. Among the inclusions are products intended for cooperation in space programs, civilian telecommunication, and nuclear and maritime safety among the uses listed. This could potentially be used as a way to continue exporting dual-use goods under certain conditions, though some nations can be more discerning with their export controls. Western Technology In The Eastern Arsenal Russia has a long history of acquiring smuggled military-grade parts from the United States, including costly specialized chips for satellites that can withstand radiation in space. That said, even more mundane products can be used in some of these weapons systems. This latter category is much easier to get past export restrictions. AMD, Intel, and Texas instruments were all able to trace thousands of shipments of such products from the time the war started. Essential elements such as semiconductors, processing units, switching devices, storage units, power control modules, charge storage devices, and signal converters, among others, are included. The products from these 155 firms, found within Russian armaments, constituted critical component transactions amounting to $2.9 billion with Russia in the year 2022. Many of the weapons systems used against Ukraine have a need for these more consumer-grade components. To anyone following the conflict, this would include familiar-sounding systems such as Iskander-K missiles, Orlan and Korsar drones, T-72 tanks, Typhoon-K vehicles, and Tornado-G rockets. As well, components can be cannibalized for use in helicopters, electronic warfare systems, and other small electronic devices. They’re not just making their way into Russian equipment, but even more historically sanctioned arsenals such as those of Iran. New research has revealed that the Iranian drones deployed by Russia in Ukraine are powered by stolen Western technology. According to Conflict Armament Research (CAR), the Shahed-136 drones sold to Russia by Iran are powered by an engine based on German technology, which was illicitly acquired by Iran almost 20 years ago. There's evidence suggesting that US and Israeli components, including American-made microelectronics, are ending up in Iranian-made drones, as well. An investigation by the UK-based organization Conflict Armament Research found that 82% of the components in some of the drones downed in Ukraine were manufactured by companies based in the US. Much of Russia's weapons are running on Western-designed devices, core operating systems, and networking software. Companies such as Microsoft, Google, Oracle, IBM, and others have been named in reports. In a similarly-related situation, Russia's access to Western cloud computing resources and cloud-based data, such as commercial satellite imagery and GIS systems, has been critical in the ongoing conflict. Access to IT service providers such as Microsoft, Google (Cloud and Android), SAP, Oracle, IBM, Cisco and dozens of others, have been instrumental for Russia. Before the war, Russia's plan was to engineer systems well-prepared for future conflicts, with a strong emphasis on the development of artificial intelligence technologies. However, the Ukraine war and subsequent sanctions have hindered this plan. Nonetheless, there are indications suggesting Russian entities have attempted to employ artificial intelligence to bolster their disinformation efforts. Simultaneously, the Russian military is heavily deploying loitering munitions to strike at Ukrainian urban centers and hinder the Ukrainian forces' retaliatory actions. Loitering munitions, while it hasn’t been firmly established, are generally considered a place for AI implementation to grow rapidly within weapons development. Russia has made visible technological progress in hypersonic technology, with the development of hypersonic glide vehicles and cruise missiles. The Avangard intercontinental ballistic missile system, the sea and ground-launched hypersonic cruise missile Tsirkon, and the air-launched ballistic missile Kinzhal are examples of such advancements. Famously before the invasion of Ukraine, Russia had showcased the Kh-47 Kinzhal, which has since been used to strike targets as far from Russian airspace as Lviv, near the Polish border, and is shown to be capable of avoiding early detection. While specifics of the design are naturally considered sensitive data, it’s relatively easy to speculate that such an advanced weapon would require more sophisticated components than what Russia is able to develop domestically. A Challenge To The International Order One of the promises of globalization is its ability to resolve conflict through rational economic interests. Within this framework, sanctions seem like one of the best controls for dealing with states that overextend themselves and commit violations of the international order. However, Russia has seemingly managed to subvert what appear to be massive sanctions, while waging the largest land war in recent history, all while having an economy smaller than most of its military peers. That is not to say it’s weathered the storms without massive costs, but events such as the recent arrests in New York show that there is a long way to go before its supply chains are severed. An additional element in this context is that countries friendly to Russia–including China, Iran, and North Korea–have all demonstrated a willingness to not only share technology and designs with Russia, but also a willingness to steal designs and software from western developers. The New York arrests reveal Russia's persistent attempts to circumvent sanctions and procure dual-use technologies, demonstrating the extent of its efforts to bolster its military capabilities amid ongoing conflicts. As it stands right now, it would seem that sanctions are merely adding an additional step to Russia’s acquisitions. The case underscores the need for ongoing dialogue and cooperation between governments to address the global security challenges posed by sanctions evasion and technology misuse. Edited by Jacob Dickinson About the Author Mark Bruno is a noncommissioned officer in the United States military, where he serves as a Combat Medic and a Public Affairs Representative. He holds a Master’s Certificate in Information Assurance from the University of Maryland, and a Bachelor of Science in Communication from the State University system of New York. All statements made in this article are his own, and do not reflect any policies or positions of the United States Department of Defense.

Date: 08/11/2023 Where: Panama Who’s involved: Panamanian President Laurentino Cortizo, Panama Supreme Court Canada-based First Quantum Minerals, and Panamanian civil society. What happened? Since 20/10/2023, Panama has been experiencing a growing wave of protests triggered by the signing of a contract granted by Panamanian President Laurentino Cortizo to the Canada-based First Quantum Minerals mining company to operate in Cobre Panama copper mine, the largest in Central America. The contract allows First Quantum Minerals’ local subsidiary company, Minera Panama, to operate for 20 years, with the option to extend for another two decades. Also, the 20-year contract guarantees an annual income of $375 million to the Panamanian government, which represents 4.8% of Panama’s gross domestic product. The first Cobre Panama mine exploitation contract dates back to 1997, later declared unconstitutional in 2017 by the Supreme Court. The mine, in 2013, was acquired by First Quantum Minerals, which has operated there ever since, despite the absence of a contract. The mine was temporarily closed in December 2022. At the announcement of the new contract, thousands of people took to the streets of Panama City to protest against the exploitation of the country’s natural resources and the possible environmental consequences. The mine has, indeed, long been a cause for concern over its environmental impact due to its high water usage. Following the protests, First Quantum Minerals issued a statement announcing its climate change mitigation strategy, using advanced technologies to achieve a 30% reduction of emissions by 2025 and 50% by 2030. The protests are also motivated by discontent against the government and social inequalities. Protesters are concerned about concessions that favor the exploitation of the country's resources by foreign companies rather than prioritizing local enterprises. Moreover, negotiations between the government and the Canadian mining giant have been perceived as non-transparent and with no public input. Key actors, such as indigenous communities, have been excluded from the talks. Also, allegations of corruption against the lawmakers have been made. Since the start of the protests, about 900 protesters, including 117 minors, have been arrested for vandalism and damage to private property and government buildings. In clashes between security forces and protesters, numerous people have been injured, including at least 39 police officers. In response, President Cortizo announced a referendum, to be held on 17 December 2023, on whether to revoke the contract with First Quantum Minerals. On Friday, 03/11/2023, Panama’s Parliament approved an indefinite ban on new contracts for metal exportation and extraction, stopping ongoing proceedings of 103 mining concessions that were under review to be halted and 15 other existing contracts to be renewed. However, the ban will not apply to the already signed agreement with First Quantum Minerals. The constitutionality of the deal with the Canadian company will be assessed by Panama’s Supreme Court. The announcement of the referendum and the uncertainty over the future of mining concessions resulted in wiping out First Quantum Minerals' shares and market value by 40%. Analysis: The Cobre Panama mine is the largest and only active copper mine in Central America. It comprises two open pit mines, two power stations, and a port. At its full capacity, the mine can produce more than 300,000 tons of copper annually. Gold, silver, and molybdenum are also found on-site. The mine production accounts for about 1.5% of the global copper supply. First Quantum Minerals’ procedures appear to comply with environmental protection regulations. The mining company is also responsible for creating about 40,000 jobs in Panama over the years and has invested approximately $10 billion in the country. The Panamanian government’s stance on the matter and the eventuality that the December 17 referendum will result in the annulment of the contract with the Canadian company is putting at risk Panama’s reputation as an investor-friendly haven. Besides a severe devaluation of First Quantum Minerals, the ongoing protests and authorities' hesitations could discourage current and future investors, severely affecting the Panamanian economy. The referendum could lead to more restrictive laws on mining concessions and foreign companies’ access, as occurs in other countries in the region, such as Costa Rica and El Salvador. Environmental concerns underlie attempts to close the Canadian-owned copper mine. Civil society organizations oppose this project, which is considered non-sustainable for a country with such environmental vulnerability and vast biodiversity and water resources as Panama. Protesters also claim that open-pit mining activities negatively affect other pivotal sectors of the Panamanian economy, namely tourism, agriculture, rice production, and livestock farming. The protests suggest a widespread dissatisfaction with the government’s performance and are driven partly by social inequality, deteriorating living conditions, and a high unemployment rate. The social unrest comes at a delicate time for the Panamanian government. The next presidential election is scheduled for May 2024, and former President Martinelli (2009-2014) appears ahead in the polls, albeit being sentenced to 10 years for money laundering. Due to constitutional limitations, President Cortizo is not eligible for a second consecutive term. Civil society representatives announced that the protests would not stop until the termination of the mining contract with the Canadian company or the nationalization of the Cobre Panama mine. For now, the government has not commented on the possibility of nationalizing the mining complex. Even though President Cortizo has called for a referendum, it is still uncertain whether the vote can be considered legal. Indeed, the Electoral Tribunal of Panama has stated that the issue would require the approval of a law by Congress rather than a national vote. The legality and feasibility of the referendum are still under review. The government of Panama allowed the mine to operate while negotiations were ongoing. If the Supreme Court finds the contract unconstitutional and passes a new mining concession law, the contract with First Quantum Minerals could be terminated or renegotiated. Without the Supreme Court’s ruling, any unilateral termination by the government could be a violation of the contract and necessitate international arbitration. Conclusion: Mass protests over the concession of the largest Central America copper mine to Canada-based company First Quantum Minerals pose multiple challenges to the Panamanian government. The protests are unlikely to subside without achieving the termination of the contract with the Vancouver-based mining company and an escalation of the demonstrations could cause further violence in the country. Continued turmoil could also adversely affect the tourism sector. At the same time, however, not only could the cancellation of the contract with First Quantum Minerals have legal repercussions for the Central American country, but it could also damage Panama’s foreign business-friendly reputation. Should the December 2023 referendum cancel the contract with First Quantum Minerals and approve the revision of mining concessions laws in favor of more restrictive measures, it could be a major disincentive to foreign investment, severely damaging Panama’s economy and trade relations.

Date: 01/11/2023 Where: South China Sea, Spratly Islands Who’s involved: People’s Republic of China (PRC), Philippines, United States (US) What happened? Since early August, the Philippines has been supplying equipment to troops stationed on the Second Thomas Shoal, a Philippine military outpost in the disputed South China Sea. Following the 2016 UN Convention Law of the Sea ruling filed by the Philippines, the court found that China’s occupation of several islands in the South China Sea were illegal. Despite the ruling, China’s Coast Guards have remained on the island. On 05/08/2023, another China Coast Guard vessel shot a water cannon at a Philippine supply boat. This follows attacks against Philippine vessels earlier in the year, when China Coast Guard shined military-grade lasers at Philippine sailors. On 26/09/2023, the Philippines Coast Guard cut an underwater rope put into place by Chinese forces to prevent Philippines fishing boats from legally fishing in the region. The Philippines Coast Guard said that the “barrier posed a hazard to navigation, a clear violation of international law”. Manila has condemned the PRC’s aggressive actions in the South China Sea following the PRC’s attempts to block the Philippines from resupplying a military outpost in the Second Thomas Shoal, an island inside the Philippines exclusive economic zone. China has condemned the ‘provocations’ as unnecessary. On 15/10/2023, the Philippines’ House of Representatives and its Senate were allegedly under cyber attack. The online portals of both government bodies were out of service throughout the week. While not all of the details have been made available, there have been overtures of a harsher cybersecurity stance made by the Philippine government. Government sources claim that there was a “spike of attacks” on administrative bodies. On 26/10/2023, US President Biden warned China that the US will defend the Philippines if there is any “attack” in the South China Sea, invoking the Philippines Mutual Defense Pact signed in 1951. Analysis: The Philippines' resupplying missions and confrontation with China’s Coast Guard demonstrates a more forceful assertion of its rights in the South China Sea. While the Philippines won the UNCLOS case in 2016 which rejected China’s territorial claims in the South China Sea, in practice, China’s Coast Guard has stationed vessels in Philippines shoals, developing new oil rigs and actively preventing fishing boats from using the reefs. Under former president Duterte, the Philippines was more friendly toward China and Russia and weakened ties with the United States. For current President Ferdinand Marcos Jr, the government is feeling more confident in its support from the US to confront the PRC’s aggression in the South China Sea. President Ferdinand Marcos Jr. has signed further defense treaties with Japan and the U.S with fears mounting over a potential invasion of Taiwan. The Philippines is 93 miles away from the island and would become involved in some way. After 30 years since US troops left the island, in February 2023, the Philippines announced that the US has access to four new military bases. The dispute is likely to escalate in the near future, given the determination of the Philippines government to reassert its sovereignty over its waters. The Philippines-China relationship is likely to deteriorate. The PRC’s response is to use force to prevent the Philippines from asserting its right to fish in waters, resulting in the deaths of 3 Philippine fishermen. As well as constant collisions, it remains to be seen how China will further respond. The Philippines is highly dependent on trade with China, and could suffer from import bans through China’s economic coercion. China’s economic and cyber pressure on the Philippines could increase as a result. The Philippines Transport Secretary announced that China had “lost interest” in developing two railway lines between Philippine island of Luzon. Senators have indicated that they are looking to Japan and South Korean sources of investment as an alternative. The Philippines is highly dependent on trade with China, however, and is highly vulnerable to China’s economic coercion. In response to the recent cyber attacks, the Philippine Army’s Chief of Staff, General Romeo Brawner Jr., has promised to establish a joint Cyber Command. The General claimed that attacks on the cyber front are occurring “almost every day”. In the same statement, he said that the military would immediately put a halt to construction of telecom towers on military bases. It was pointed out that state-owned mobile carrier, China Telecom, is largely responsible for this infrastructure. Conclusion Tensions between the Philippines and China are likely to continue as the Philippines reasserts its rights to the Spratly Islands and the PRC responds forcefully against Philippine vessels. The concerns over an invasion of Taiwan has made the Philippines reconsider the threats from an assertive China. It will only push the Philippines closer toward the US and regional allies. At the same time, the Philippines is vulnerable to China’s economic and cyber coercion as it is highly dependent on trade with China, even though it is boosting security ties with the US. Given the US mutual defense treaty with the Philippines, there is a chance that the heightened tensions could be a key source of friction in the Indo-Pacific.

Written by Roos Nijmeijers, Sara Frisan, Mark Bruno, Alessia Cappelletti, Jacob Dickinson Israel-Hamas: - Outbreak of conflict as Hamas attacked the south of Israel from Gaza, prompting a bombing campaign and ground offensive of the Strip three weeks later Russia-Ukraine: Russia attempts a costly offensive against Avdiivka, Ukrainian movement threatens to slow, with an exception towards Robotyne Mali: Hostilities between separatist rebels and government forces intensify in northern Mali, as UN peacekeeping mission begins withdrawal DRC: Clashes intensified in the eastern regions of the DRC causing a record number of internally displaced people and concerns of an impending humanitarian crisis Colombia: Despite advances in the Petro government's “total peace”, levels of violence in Colombia remain high Chile: Tensions with Mapuche indigenous people lead to a state of emergency in the Araucanía region and Arauco and Biobío provinces Russia: Putin announces a withdrawal of Russia’s ratification from the Nuclear-Test-Ban Treaty Guatemala: Post-election protests and civil unrest, following the suspension of President-elect Arévalo, results in an escalation of violence Venezuela-Guyana: Venezuela called for a referendum to determine sovereignty over the oil-rich Esequiba region, a long-standing source of dispute with Guyana China- Philippines: Maritime tensions rising as the Philippines fishing vessels and China Coast Guard ships collide Armenia-Azerbaijan: Tensions are still high in the Nagorno-Karabakh region, peace talks are taking place but so far without results Haiti: Gang-related violence is steadily increasing, and the UN-approved Multinational Security Support has been suspended Serbia-Kosovo: Increase in the number of Serbian troops with military equipment on the Serbia-Kosovo border and little progress in normalizing relations Pakistan: Clashes on the Pakistan-Afghanistan border are rising, announcement of all undocumented immigrants need to leave the country by November 1 Myanmar: Multiple military junta attacks targeting ethnic minorities were reported, including airstrikes on IDP camps Conflicts, October 2023 Israel-Hamas On October 7, 2023, 2500 members from the terrorist group Hamas attacked the south of Israel from Gaza and killed over 1400 Israeli citizens. In response, Israel started a bombing campaign in Gaza trying to eliminate the Hamas leadership and infrastructure. Hamas, and the Palestinian Islamic Jihad, started a rocket-firing campaign aimed at Israeli villages and cities. Since October 7 hundreds of rockets have been fired by the terrorist groups and the Israeli Air Force has dropped hundreds of bombs on Gaza . According to various sources, hundreds of Gaza civilians have died due to the Israeli bombing campaign. The Iranian-backed terrorist group Hezbollah, which operates from Lebanon and Syria, has threatened to get involved in the conflict and thus opening a front in the north of Israel. Hezbollah soldiers have fired rockets and missiles at Israeli Defense Force targets but there is no sign of a full-scale attack. Hezbollah leaders have said they will engage Israel as soon as the IDF starts a ground war in Gaza. Leaders of Iran have made similar statements. The United States have warned Iran and Hezbollah to stay out of the fight or they might be targeted by the US military, which has bolstered its presence in the region by bringing in various aircraft carrier groups and by deploying fighter and bomber aircraft in Jordan. The weekend of October 27-29 saw the beginning of Israel’s invasion into northern Gaza . According to the IDF, air assets bombed 600 targets in the area on Saturday, alone. Russia-Ukraine October has seen an attempt by Russia to split Ukraine’s attention as weather and road conditions threaten to halt momentum for both armies. The city of Avdiivka in Donetsk Oblast has become the site of an extremely violent and costly attempt by Russia to conduct a counteroffensive of their own. Estimates of at least 5000 Russian casualties and documented massive losses of armor and artillery are being published. Despite this, Russia has made small gains around the city, and continues to push. The first documented use by Ukrainian forces of US-supplied ATACMS missiles was on an October 17, 2023, raid of two Russian airfields. The targets were a squadron of Ka-52 helicopters, with Russian losses estimated between 14 and 21 aircraft. Attacks utilizing unmanned weapons and irregular ground forces in Crimea continue. Ukraine did manage to break through Russian blockades of Ukrainian ports meaning Ukraine can transport ships with grain through the Black Sea again. Russian ships were also moved following attacks by Ukraine on Russian-occupied Crimea . Zelensky has announced continued military pressure on occupied Crimea. The eastern front is also slowly moving in a direction that is favorable for the Ukrainian forces. The continuation of the conflict means that there are more and more casualties on both sides, including civilian casualties, without it creating a positive outcome for either party. Berlin has informed Ukraine that it will experience no change in terms of arms supply and economic support despite Berlin's support for the Israel-Hamas conflict. Ukraine is also getting support from a new Siberian Battalion consisting of Russian citizens who have come to Ukraine via third countries and are being readied to help in the war, on Ukraine's side. They disagree with the “terrible crimes” committed by Russia and want to fight against “Russian imperialism”. Mali Throughout October, hostilities resumed in northern Mali between government forces and separatist armed groups united in a coalition, the Permanent Strategic Framework or CSP, which includes groups signatories of the 2015 Algiers accord and groups of former Tuareg. Since October 2, 2023, the government has been deploying significant military personnel and military equipment to the region. It has been reported that on October 7 the Malian Army (FAMa), allegedly supported by the Wagner Group, took control of a stopover town in Kidal. Besides postponing the presidential elections scheduled for September 2023, the Malian government called for the withdrawal of the 10-year MINUSMA UN peacekeeping forces by December 2023. While security concerns have been raised about the termination of the mission, withdrawal operations began in October. On October 22 MINUSMA completed the accelerated withdrawal from the base in Tessalit, in the Kidal region. On October 27 it was reported that four civilians were wounded in an attack on a withdrawing MINUSMA convoy in the Gao region. Democratic Republic of the Congo In October, violence continued in the Democratic Republic of Congo and led to a record number of internally displaced people. On October 30, 2023, the United Nations reported 6.9 million people are currently displaced in the DRC, as the fighting intensified. Together with this record number of IDP, the World Food Program also reported that in the Eastern provinces of North Kivu, South Kivu and Ituri, 5.5 people are in crisis and emergency levels of food insecurity. Kinshasa will have to face a dire humanitarian crisis in the upcoming months. Despite a ceasefire agreement between the Congolese army and the M23 rebel group, clashes between the M23 and militias loyal to the government intensified in the eastern province of North Kivu this month . The East African Community forces declared on October 25 that the M23 breached the ceasefire as it attacked and killed a Kenyan Peacekeeper in Goma. Fights focused especially on the city of Kitshanga, which was re-captured by loyalist militias in mid-October from the M23. However, violent clashes broke out shortly after as the rebels tried to retake the town and managed to regain control for less than 24 hours before handing it over to the army. In October, the conflict also spilled over to Ugandan territory. ADF (Allied Democratic Forces, an IS-affiliated armed group) incursions in Uganda resulted in two attacks , involving a tourist vehicle and a commercial truck and resulting in at least five dead, including two foreigners. Bomb threats and attacks have been thwarted by authorities in Kampala. Officials have increased patrols and increased the checks at the border with DRC. A Ugandan soldier was also killed in an attack in eastern DRC by the ADF. Lastly, on October 23 the DRC authorities reported an incursion of Rwandan forces into the region of North Kivu , reportedly in support of the M23. The international community and the UN expressed a concern about ‘direct confrontation’ between the two countries and a general regional security deterioration as the conflict spills over to neighboring countries. The President of the DRC, Felix Tshisekedi, reiterated his determination to ‘put an end’ to M23 and its allies. Alerts, October 2023 Colombia Despite advances in the Petro government's “total peace” plan through peace talks and ceasefires with armed and criminal groups, including the ELN, the Gulf Clan (AGC), and FARC dissidents (EMC-FARC), levels of violence in Colombia remain extremely high . In conjunction with the election campaigns for local elections on October, 29, 2023, armed groups have increased control and violence in some areas, mainly rural areas, resulting in a sharp increase in kidnapping, extortion, recruitment, and electoral manipulation. The main targets affected by the incidents of violence are ethnic minorities and women. On October 1 Colombia's Special Jurisdiction for Peace announced that since 2016, there have been more than 35 thousand cases of gender, sexual, and reproductive violence related to the conflict. Following President Petro's statements on the Israel-Hamas conflict and in support of Palestine, diplomatic tensions arose between Colombia and Israel . In response, the Israeli government suspended defense and security equipment exports to Colombia. Besides bilateral relations deterioration, this could potentially undermine Colombia's security sector, which relies largely on Israeli supplies. Chile On October 3, 2023, the Chilean Senate approved a 15-day extension of the state of emergency in the Araucanía region and Arauco and Biobío provinces . The exceptional state has already been in force for a year in this area due to unrest and clashes related to the territorial conflict between radicalized groups of the indigenous Mapuche population and the Chilean state. The most critical areas for the conflict are historically Auracania and BioBio. Increasing violent incidents and tensions have recently been reported in the Los Rios region. International observers and representatives of the Mapuche people denounce repression and state violations against Mapuche activists . In October, clashes with security forces were reported, including the alleged arrest of activists who were arrested for minor crimes. The number of incarcerated activists consider themself political prisoners. The first weeks of October were marked by protests opposing the conservative far-right's attempt to revise the constitution and further tighten already restrictive laws on abortion and other freedoms that primarily affect women and the LGBTQ+ community. The country is also experiencing an upsurge in political violence, corruption, and infiltration of criminal groups from the Latin American region from Colombia, Peru, and Bolivia. Russia On October 25, 2023, Russia enacted a law to revoke the Nuclear-Test-Ban Treaty (CTBT) . On October 5, Vladimir Putin announced the withdrawal of Russia's ratification for the CTBT, as the US has not yet ratified the treaty either. Membership of the treaty has been possible since 1996 and is meant to stop nuclear testing and, with it, further nuclear weapons development. The treaty is not legally in force because it has not been ratified by 44 named countries. The treaty is however having an effect; no country has conducted nuclear tests since the treaty was in place, with the exception of North Korea. The withdrawal of ratification is a step that was followed by Moscow's interruption of Measures for the Further Reduction and Limitation of Strategic Offensive Arms (New START), the nuclear arms treaty with the US which created nuclear restrictions on both sides. Withdrawing ratification can have several meanings. It could be a tactic by Putin to intimidate the EU and the US from further supporting Ukraine. The withdrawal could also indicate that Russia actually wants to conduct tests as Putin has said Russia is working on new nuclear weapons, but the question then is why they did not leave the treaty instead of not ratifying it. Guatemala In October, Guatemala experienced increased civil unrest . The situation is related to post-election tensions following the suspension of President-elect Bernardo Arévalo , the anti-corruption candidate of the center-left Movimiento Semilla party, which won the election last August 20, 2023. The new president is expected to take office in January 2024, yet the presidential transition remains uncertain. On October 2, peaceful protests began with the resumption of the democratic transition process and the resignation of Attorney General María Consuelo Porras. In recent weeks, protests have been causing roadblocks and disruption of transportation and services. On October 16, an escalation of violence led to the death of a protester. President-in-Office Giammattei has declared the ongoing protests illegal, while President-elect Arévalo has expressed his intention to suspend the presidential transition until Attorney General Porras is removed. The US, the EU, and the UN denounced the attempt to overturn and manipulate the electoral process. There are concerns about the humanitarian consequences of a potential escalation of violence from the protests, which are likely to continue in the coming weeks. Venezuela-Guyana New tensions arose in the long territorial dispute on the border between Venezuela and Guyana. The oil-rich Esequiba region has been the source of conflict between the two countries for decades. In 2018, Guyana requested the intervention of the International Court of Justice (ICJ) to confirm the ownership of the territory under the 1899 arbitration between Venezuela and the then-Colony of British Guiana. On April 6, the ICJ voted in favor of Guyana, although the Venezuelan state did not recognize the ruling. After discovering new oil and gas reserves near the maritime border, Venezuela resumed its claims on the area. While Guyana claims sovereignty over the territory and has called for international and U.S. support in the dispute, Venezuela considers that the neighboring state has no rights over the region's resources and that the Venezuelan authorities should authorize all oil activities. After pressing for negotiations to resolve the dispute, the Venezuelan government called a referendum, scheduled for December 3, 2023, to defend its claims on the territories of Guyana Esequiba . On October 25 CARICOM stated that the referendum proposed by Venezuela and its annexion claims have no bearing under international law. China-Philippines Maritime tensions have risen in October between China and the Philippines in the South China Sea. The Philippines Coast Guard cut a Chinese-made rope to prevent Philippines fishing boats from legally using the Scarborough Shoal, a cluster of ring-shaped islands in the South China Sea. China called the Philippine actions “provocations” and has deployed China Coast Guard to the waters, with rival boats attempting to collide with each other. The Chinese Coast Guard has regularly intimidated Philippine fisher vessels. With US commitments in a 1951 mutual defense treaty, the rise in tensions is an acute issue of regional security in one of the world’s busiest seas. Updates, October 2023 Azerbaijan-Armenia After the short-lived conflict in September between Azerbaijan and the ethnic Armenian separatists in the Nagorno-Karabakh region, the tensions are still high in the region. The conflict ended with Nagorno-Karabakh ceasing to exist as of January 1, 2024, and becoming an official part of Azerbaijan. Azerbaijan has been discussing opening a corridor to West-Azerbaijan through Armenia. Such a move could easily lead to all out war between the two countries. There are peace talks taking place but they have not shown any results as of yet. Haiti Gang-related violence is steadily increasing in Haiti , recording alarming numbers of murders, kidnappings, and sexual violence. Moreover, the surge in gang-related violence, especially in the capital, forced the population to flee urban areas, resulting in more than 200,000 displaced people. On October 2, 2023, the U.N. Security Council voted to send a Kenyan-led multinational force, the Multinational Security Support, to assist the Haitian government and security forces in countering armed gang violence. The approval of international assistance comes more than a year after Haiti's Prime Minister Ariel Henry repeatedly called for "robust support" to re-establish order and tackle the humanitarian crisis that started in 2022 in Haiti. This generated a reaction from the G9 leader, a coalition of major gangs in Port-au-Prince, who announced that gangs would resist international forces if they supported Henry's illegitimate government. Despite the approval of the deployment of 1,000 Kenyan-led troops to Haiti, the mission was suspended by the Kenyan government , which will issue a decision on the multinational force in November. In recent weeks, conditions in the country have deteriorated, and gangs have further expanded their control over urban areas where the state is largely absent. On October 18 the secretary general of the High Transitional Council was kidnapped by gang members disguised as policemen. Kosovo-Serbia Milan Radoicic has come forward as responsible for the attack on two policemen in northern Kosovo on September 23 2023 in which a policeman and three Serbs were killed. Subsequently, an increase in the number of Serbian troops with military equipment on the Serbia-Kosovo border was noted. However, Vucic said that it was not something extraordinary and it did not result in an escalation, as Serbia reduced the number of troops on October 2. Increasing troops on the border was probably to provoke a reaction from the international community. Warnings from the US eventually convinced the serb military to withdraw. The EU is facing calls to impose sanctions on Serbia, but whether the attack was coordinated by Vucic is disputed. There are elections in Serbia at the end of the year , Vucic could use the problem with Kosovo to distract people from his unpopularity in Serbia that is seen through weekly protests against mass shootings and growing criticism about authoritarian leadership. On October 27 the leaders of Germany, Italy and France called on Vucic to recognise Kosovo as an independent state and that Kurti should form an association of municipalities where Serbs are in the majority so that they get some self-government in the north. This agreement is necessary for EU membership , the EU reports that if they do not do so, they will miss out on great opportunities. However, they refused to sign this agreement earlier in September. Serbia and Kosovo's position with the EU remains to be seen, as an agreement is not yet in sight and they both blame each other for the incident on September 24. Pakistan Outbreaks of violence are rising on the Pakistan-Afghanistan border . Clashes between insurgents and security forces occur daily. On September 29 2023, two separate bomb attacks left at least 60 people dead in Balochistan and northwestern Khyber Pakhtunkhwa provinces . Although the Tehreek-i-Taliban Pakistan group is allegedly involved in most of the attacks, Pakistani authorities report a significant presence of Islamic groups, including the Islamic State-Khorasan. The escalation of violence is instigating an increase in an anti-Afghan narrative. On October 3 2023, the Pakistani Interior Minister announced that all undocumented immigrants will have to leave the country voluntarily by November 1 2023 , or they will face deportation. Of the undocumented citizens, 1.7 million are Afghan nationals. Pakistan is experiencing numerous protests in October. Besides pro-Palestinian rallies, the first weeks of October saw demonstrations in favor of former PM Imran Khan and his PTI party. On October 23, Pakistan indicted former PM Khan for leaking state secrets. The coming general election, initially scheduled for October 2023, is postponed until at least February 2024 . Myanmar The humanitarian crisis in Myanmar is deteriorating . Ongoing conflict and floods are causing a spike in displaced people. Violent and deadly clashes between military junta forces and resistance fighters persist in several areas of the country, especially in Karen and Mon states and Magwe, Sagaing, Bago, and Tanintharyi regions. Air raids by the military junta were reported in October. On October 9, 2023, an airstrike on an IDP camp in Kachin state killed at least 29 civilians . On October 27, at least 20 security officers were killed during a coordinated attack by rebel groups on 12 towns in Shan state. On October 24, in the wake of the escalating violence and limited access to humanitarian assistance the UN called for joint action to counter violence, bombings, and violations against civilians by the military junta and recalled the Rohingya minority crisis . On October 29, Myanmar's former information minister was arrested and charged with encouraging dissent against the military junta.

Date: 27/10/2023 Where: The Baltic Sea, corridor between Finland and Estonia Who’s involved: the Finnish government, the Estonian government, Sweden, NATO, the European Union, Russia, China What happened? On 10/10/2023, the Finnish government reported damage to a gas pipeline and a telecommunications cable with Estonia. The BalticConnector gas pipeline was shut down after Finland’s Gasgrid recorded an unusual drop in pressure on 08/10/2023. As a result of this damage, the European energy market has suffered from unease, following media reports of the shutdown of the BalticConnector gas link, causing gas prices to soar once again due to concerns over supply for the coming winter. Despite Finland initially suspecting a Russian retaliatory action, the National Bureau of Investigation recently stated the damage is likely a result of an anchor dragging on the seabed. Finnish officials will determine whether the damage was intentional in the next phase of the investigation. NATO announced on 11/10/2023 that it will discuss damage to the gas pipeline and data cable running between member states Finland and Estonia, and will mount a “determined” response if a deliberate attack is proven. Finnish and Estonian authorities formed a joint investigation team on 12/10/2023 in order to determine the cause of the damage. The investigation is ongoing. Progress has been made on identifying vessels operating in the area, and the investigation will continue to focus on the technical examination of the seabed for any visible traces. On 11/10/2023, Finnish officials reported that the damage to the pipeline appears to have been done using mechanical force and not an explosion. The Estonian Geological Service claims that neither Estonian nor Finnish seismic stations registered anything resembling explosions during the time period the BalticConnector registered a loss of pressure. On 16/10/2023 Finland increased security measures to its critical infrastructure, restricting access to parts of the port of Inga which houses one of the country’s two floating Liquefied Natural Gas terminals. In total, the Finnish government has identified 230 sites where it will restrict access over fears of sabotage. On 19/10/2023 NATO boosted its patrols in the Baltic Sea, including additional surveillance and reconnaissance flights, maritime patrol aircraft, NATO AWACS planes, and drones. A fleet of four NATO minehunters is also being dispatched to the area. On 17/10/2023 another Baltic Sea telecommunications cable connecting Sweden and Estonia was discovered to be damaged at roughly the same time as the Finnish-Estonian pipeline and cable were, but remains operational. Estonian authorities believe these events are linked. The Finnish National Investigations Bureau announced on 20/10/2023 that the investigation will now focus on Newnew Polar Bear, a Hong Kong-registered container ship, as its movements coincided with the time and place of the damage. On 25/10/2023 the Chinese Foreign Ministry stated that Beijing is willing to provide all necessary information on the case, in accordance with international law. Analysis: The damage to the BalticConnector gas pipeline has brought back fears concerning the vulnerability of European critical infrastructure to sabotage by hostile actors. Therefore, European energy security is very likely to be high on the policy agenda of both NATO and the European Union especially considering the pressure of the coming colder winter months. The timing and nature of this event is reminiscent of the attack on the Nord Stream pipelines which occurred last year on 26/09/2022. As Europe is heading into its second winter since Russia’s large-scale invasion of Ukraine in February 2022, gas prices are again on the rise and putting further strain on European markets and economy. The risks posed by such disruptions to the European energy supply are likely to create tensions within Europe. Furthermore, the Russian Ministry of Foreign Affairs did say that “the Russian Federation will be forced to take military-technical and other retaliatory measures to counter the threats to our national security arising from Finland’s accession to NATO.” Finland has also been increasingly targeted by cyber-attacks from Russian hacking group NoName057(16) since 03/10/2023. This coinciding with a declaration by the Finnish Foreign Minister, Elina Valtonen, of increased Finnish support to Ukraine and the damage to the pipeline occurring all within the same week could serve as a clear indication of hostility towards Finland and potential sabotage operations. NATO has already threatened to mount a “determined” response if the joint Finnish-Estonian investigation finds sufficient evidence to prove the pipeline was deliberately sabotaged. A potential response that will send a clear message to any hostile actors may be triggering Article 4. By invoking Article 4, Finland and Estonia can push the issue of the security of critical infrastructure onto NATO’s agenda and force the Alliance to have a high-level meeting about it. A likely outcome of such a meeting could be to move more air and naval assets to the Baltic region to ensure the protection of other pipelines. Despite fears of Russian retaliation or other state actors attacks, the joint Finnish-Estonian investigation has not found any conclusive evidence yet in order to attribute the damage to sabotage by a state-actor. Conclusion The damage to the BalticConnector pipeline has increased energy price volatility in Europe and may put further financial pressure on European populations in the coming winter months. Consequently, energy security must be set as a priority for both NATO’s and the EU’s policy agendas. With Finland’s newly acquired NATO membership, hostile actors may be trying to sabotage NATO critical infrastructure to either provoke or intimidate. If the incident is proven to be a deliberate action, NATO is likely to respond.

Date: 26/10/2023 Where: North Korea, International Targets (primarily US Tech firms) Who’s involved: Hackers affiliated with the DPRK, Various US contractors and private companies, law enforcement bodies What happened? Recent reports by the US Government show an increase in North Korean hackers impersonating candidates for IT roles in various industries, posing as IT professionals in English-speaking regions. The impersonation goes the other way, as well, with fake job opportunities being posted to various job search sites. Assistance by AI language learning models, such as ChatGPT make these attacks increasingly effective. Throughout the Summer of 2023, North Korean threat actors were discovered to be targeting foreign software developers via deceptive postings on GitHub. 29/09/2023 Investigators at ESET cybersecurity released a report linking a 2022 data breach from Spanish aerospace companies to social engineering attacks by a North Korean hacker posing as a recruiter for Facebook parent company, Meta. The spear phishing messages were distributed via LinkedIn. 17/10/2023 The US Department of Justice broke up what it called a ‘massive operation’ involving North Korean operatives fronting as seventeen different “legitimate” IT and recruitment firms. 18/10/2023 Microsoft Threat Intelligence released a report of how North Korean infiltrators have managed to install backdoors and other malware throughout the JetBrains’ TeamCity service network. 18/10/2023 The US Federal Bureau of Investigation released a report on the danger these DPRK operations present, and increased guidelines for organizations to handle potential intrusions. Analysis: The goals of these operations are varied, as some of them are intended to draw revenue through wages for North Korea’s missile program. Others are utilized for espionage, and theft of intellectual property. Infiltration of the JetBrains TeamCity services potentially gave access to an unknown number of software development projects of some of the world’s largest corporations. JetBrains claims a user base of nearly 16 million, in 90 of the top 100 richest global firms. Many of the falsified resumes are assembled from publicly available information via LinkedIn and other similar platforms. It’s believed that some of the LinkedIn based attacks are from real accounts that were, themselves, hacked by DPRK operatives. These tactics coincide with a well-established history of high level DPRK operators, particularly the Lazarus Group APT, who the US government claims is sponsored directly by the North Korean state. The lack of international accountability for North Korean threat actors empowers them to conduct operations for not only espionage, but acute ventures in cybercrime. It’s for this reason that DPRK operators are novel in their organized crime efforts. Lazarus Group has been able to steal billions of dollars that allegedly go towards the country’s missile development program and nuclear research. Conclusion North Korean hackers continue to pose a significant threat to organizations globally through exploiting the trust in professional networking platforms. These threat actors use a complex web of proxy servers and VPNs, anonymizing systems for money transactions, cryptocurrency exchanges, and AI assistance to avoid detection until the damage has already been done. As long as these operators continue to receive protection from the DPRK government, they cannot be prevented. The most effective way to combat this threat is through a bottom-up approach. IT candidates on job search sites, freelance software developers, and entrepreneurs in the tech space are urged to follow guidelines against various social engineering efforts, and remain aware of the issue.

Date: 24/10/2023 Where: the Middle East Who’s involved: Hezbollah, Iran, Lebanon, Syria, Ba’athist groups, Hamas, Israel. What happened: On 07/10/2023, Hamas attacked villages in the south of Israel just outside of the Gaza strip and over time killed more than 1400 Israeli citizens. On 08/10/2023, Israel started a war against Hamas by bombing Gaza and calling up 350.000 reservists to prepare for a ground invasion of the strip. On 09/10/2023, the Iranian-backed but Lebanese-based terrorist organization, Hezbollah, stated that it will attack Israel from the north if it carries on its attack on Gaza. From 09/10/2023 and the days and weeks after, Hezbollah militants have conducted small operations and attacks on the north of Israel. The Israeli Defense Forces (IDF) responded to the attacks by shelling Hezbollah positions in the south of Lebanon. Hezbollah’s leader, Hassan Nasrallah, has not yet declared war on Israel but has issued threats to the country and the United States. He stated that the two countries should stop the attacks on Gaza and cease to interfere with Hezbollah operations in Lebanon and Syria. Iran, which has historically backed Hezbollah with money, weapons, and instructors from the Islamic Revolutionary Guard Corps (IRGC), had meetings with the Hezbollah leadership and has openly stated that Hezbollah has the right to attack Israel in defense of the Palestinian cause. Historical context: Hezbollah was founded by Shiite clerics in Lebanon during the Lebanese Civil War (1975-1990) and was directly supported by the Iranian government, then led by Shia cleric Ayatollah Khomeini. Khomeini sent the IRGC (Islamic Revolutionary Guards Corps) instructors to help set up the military wing of Hezbollah. The current leader of Hezbollah, Hassan Nasrallah, has been in charge since 1992. His second in command is Naim Qassem. The third in command is Nasrallah’s cousin, Hashim Safi Al Din, who has been very vocal on the conflict between Hamas and Israel. His son is married to the daughter of the assassinated IRGC commander Soleimani. Hezbollah has been supporting Baathist and Shia governments around the Middle-East since 1979. In that capacity, the group has fought alongside the Syrian Armed Forces against ISIS/L, Kurdish, and Sunni resistance fighters in the Syrian Civil War. Hezbollah has the largest standing army in the world not directly tied to the country they reside. Its exact numbers, however, are unclear. Hezbollah is believed to have a weapon cache that far exceeds that of organizations such as Hamas or the Palestinian Islamic Jihad, including missiles that could reach all of Israel. The organization is in control of large parts of Lebanon and holds political power in the Lebanese parliament. Hezbollah is also reportedly letting Palestinian terrorist organizations operate in Lebanon to attack and infiltrate Israel. Next to receiving weapons, funding and training from Iran, Hezbollah funds its military operations by smuggling drugs to the West and the Gulf region. Analysis: It is likely that Iran will continue to support Hezbollah with weapons, logistical support, and instructors. However, Israel has made it harder for Iran to deploy its cargo aircraft when it bombed the Aleppo and Damascus airports in Syria on 13/10/2023 and 22/10/2023. Beirut International Airport has not been targeted by Israel yet, but if Iran decides to supply Hezbollah through the airport then it may be attacked. Iran is, as of 24/10/2023, supplying Hezbollah with weapons through a Russian military airfield in Syria. Hezbollah will likely continue with relatively small attacks on the northern part of Israel. These attacks seem to be used to test the Israeli defense system and response. The probability of Hezbollah carrying out a campaign against Israel in the short term is small, but if/when Israel starts a ground invasion of Gaza, the group may start a full scale attack from the north to divide the IDF’s attention on two fronts. While not an ideal scenario, Israel has been preparing for a similar event for years and has a large reservists pool. The Israeli government said it will ‘destroy’ Hezbollah and threatened to attack Lebanon if Hezbollah openly joins the fight. This can lead to a humanitarian crisis in Lebanon, as the country could not afford to sustain a war in the current economic conditions. Despite US support to Israel, it is not likely that the large US military presence will deter Hezbollah from engaging in a conflict with Israel. The decision seems to rather depend on Iran and not Hezbollah itself.

Date: 24/10/2023 Where: Lebanon, Beirut Syria, Aleppo, Damascus FIR Amman OJAC, Cairo HECC, Tel Aviv LLLL, Nicosia LCCC Who’s involved: Israeli government, Hamas, Hezbollah, Iranian government, Russian government Syria The Russian military has granted Iran permission to use the Russian Khmeimim Air Base in Syria according to the The Syrian opposition organization ‘Syrian Observatory for Human Rights’. An Islamic Revolutionary Guards Corp (IRGC) A310 landed from Tehran at Khmeimim Air Base on Oct 19th and one on Oct 24th. The IRGC previously used Damascus International airport (OSDI) and Aleppo International airport (OSAP) for supplying the Lebanese terrorist organization Hezbollah. Both airports were attacked by the IDF destroying the runways on Oct 12th and Oct 22nd. Lebanon Hezbollah possesses rockets and long-range missiles that reach deep inside Israel, an extensive air-defense system. Hezbollah has immensely expanded and upgraded its stockpile of rockets and various weapons systems, with the support of Iran. According to the latest public estimates, Hezbollah has around 150,000 rockets and missiles, most with a range of a few dozen kilometers. Various reports, however, say a substantial number can reach targets located hundreds of kilometers from Lebanon. According to the Israeli newspaper Haaretz, Hezbollah holds a large and diverse reserve of "dumb" rocket artillery alongside ballistic, anti-air, anti-tank, and anti-ship missiles. Hezbollah has placed a large part of its arsenal deep inside Lebanon and parts of Syria, making these and the surrounding area and air bases potential targets for the Israeli Defense forces in the event of Hezbollah and the IDF engaging in a frontal war. This is a major threat to the current civilian airline operation at Beirut International airport (OLBA) and surrounding airports like Hamat / Wujah Al Hajar Air Base in the event of NEO Operations during a clash between Hezbollah and the IDF. Various airlines have postponed their operation to Beirut International airport. We stress again for all western corporations travel providers in the region, seriously consider evacuating your staff and their families and advise all travel parties and provide them options for curtailing their holiday trip. Like most countries the U.S. have issued a DO NOT TRAVEL advice for Lebanon (level 4) and the authorized departure of family members of U.S. government personnel and some non-emergency personnel on a case-by-case basis. NEO (Noncombatant Evacuation Operations) out of Lebanon are being prepared and various countries have set up bases on Cyprus to support possible evacuations. The United States and United Kingdom have also prepared for a possible evacuation by sea like in 2006. GPS Spoofing A story that continues with new leads. On September 22nd ‘the New Arab’ news outlet reported Russian electronic combat devices operating in Syria and the eastern Mediterranean capable of GPS Jamming and Spoofing targeting civilian aircraft landing at Ben Gurion International airport (LLBG) and other Israeli airports. OPSGROUP alerted on September 24 and again on the 28th of a troubling new development in enroute airspace of multiple civilian aircraft being targeted with fake GPS signals, quickly leading to complete loss of navigational capability in multiple FIR’s over a period of 7 days Most crews reporting the nav failures in the vicinity of ORER/Erbil, ORSU/Sulaimaniyah, and ORBI/Baghdad on Airway UM688 over Iraq, close to the Iranian border. In the past couple of days no new incidents have been reported in this area. OPSGROUP reported through their Ops Alert on the 24th of October of a variety of another new GPS spoofing scenario reported by OPSGROUP member crews, all have similar circumstances, where a false or spoofed GPS position is received by the aircraft, incorrectly showing the aircraft position as being over LLBG/Tel Aviv. The reported GPS Spoofing incidents occured in the following FIR’s Amman OJAC, Cairo HECC, Tel Aviv LLLL and Nicosia LCCC. It’s important to highlight that this is not traditional GPS jamming which is often experienced in these areas. We regularly see GPS dropping out in this area. These recent reports are GPS spoofing – and even then, not like anything we’ve seen before. Although GPS jamming can be performed relatively easily by anyone, GPS spoofing has traditionally been the domain of military operations. GPS spoofing refers to attacks where hackers transmit signals resembling GPS data, encoded in a manner that deceives receivers into perceiving a different location. In a spoofing attack, the perpetrator aims to deceive a GPS receiver by broadcasting misleading signals disguised as legitimate ones. Additionally, it is feasible to execute a spoofing attack by transmitting authentic signals with an incorrect timestamp or signals obtained from a different location. The spoofer then manipulates these signals to lead the receiver into believing its position is elsewhere, or that it is in the right place but at the wrong time. Previously, INS (Inertial Navigation System) and IRS (Inertial Reference System) operated as independent units. However, advancements in flight deck technology have led to a much more seamless integration. Many contemporary IRS systems now incorporate GPS data to enhance the precision of the Inertial Reference Unit (IRU) as the flight progresses. Typically, the system is engineered to switch to the most recent Dead Reckoning (DR) solution in case of a signal loss or suspected integrity issue with the GPS-calculated position. Yet, if the system fails to detect a faulty position due to sophisticated spoofing, it may inadvertently update the IRS with inaccurate data. FMS (Flight Management System) and IRS (Inertial Reference System) are primarily engineered to handle instances of GPS signal loss, not deliberate spoofing. The avionics systems of most airliners are equipped to recognize when a significant shift or gross error occurs, as updates from ground-based sources fail to yield the correct position. This typically triggers a navigation or position warning. Nevertheless, it's important to note that in such situations, all primary navigation systems may experience temporary corruption. What you can do against jamming and spoofing Before the flight Check enroute FIR NOTAMs for any GPS spoofing/Jamming advice Perform full IRS alignment if entering known area with GPS spoofing risk Be aware of typical sensor hierarchy for FMS position: GPS, then IRS, DME/DME, VOR/DME, DR. Consider de-selecting GPS sensor input if possible on your aircraft Review differences between GPS Jamming and GPS Spoofing. Perform time check and set correct time on personal device or watch.. When you think you are being targeted; Check for large increase in EPU (eg. 1-2nm to 60nm) Check if the aircraft clock changes – incorrect UTC time Check for incorrect FMS position Monitor for large shift in GPS position displayed, ND/PFD warnings about position error Listen out on 121.5 for other aircraft reporting position errors in your area When you have confirmed that you are the target of a spoofing attack Revert to heading mode De-select GPS inputs as soon as possible (IRS infection is not immediate) Confirm IRS integrity Consider using OFP/CFP computed track between waypoints as guidance Report to ATC so other aircraft are aware, and check position. Remain IRS only until clear of risk area Request ATC for vectors

On October 17, 2023, the Biden administration released new export controls on US advanced semiconductors to the People’s Republic of China (PRC). The US sees China’s growing ability to produce better semiconductors, along with the close relationship between its military and civilian sectors, as a risk to national security. High-end chips could give China a military advantage in missile technology and surveillance equipment. The PRC has condemned the export controls as the latest ‘weaponization of trade’ by the US. For China, US export controls limit China’s abilities to produce a domestic innovation system for chips which the Chinese leadership sees as critical. Xi Jinping has emphasized achieving greater self-sufficiency in high-end semiconductors by plugging $150 billion in subsidies since 2015. However, the loopholes from the US export controls indicate that sanctions are difficult to enforce, posing security risks to US allies. China’s Civil-Military Fusion The Biden administration export controls on AI and semiconductor implemented in 2022 are an attempt to prevent the PRC from developing critical technologies with military applications. The PRC implements a “Civil-Military Fusion Development” doctrine where high-end technologies are coordinated for use between research institutes, private industry and the People’s Liberation Army (PLA). Blurring the line between civil and military application, semiconductors developed by Huawei could be used in advanced technologies on the battlefield, such as advanced missile systems, communication and navigation equipment. The threat posed by the PRC’s growing technological capabilities are acute for US treaty allies in the Indo-Pacific. China’s military modernization raises concerns over its ability to project military force to secure its own interests. For the Philippines, the PRC harasses Philippine fishing boats and has had numerous stand-offs over territorial disputes in the South China Sea. Japan faces disputes over the Diaoyu or the Senkaku islands. While not a US treaty ally, Taiwan faces security threats from the PRC’s gray zone tactics to influence its politics or live under the threat of an invasion. The PRC’s access to sensitive technologies is therefore a concern for US national security and US-led order in East Asia. Dodging Sanctions Strategies U.S. efforts to limit technological exports to the PRC face the problem of enforcement. Since announcing export bans of U.S. machinery to the PRC, there are indications that China can still buy and use U.S. technology. On 5 September 2023, shortly after the release of the iPhone 15, Huawei released its latest smartphone, the Mato 60 Pro. The new phone included an advanced 7 nm chip produced by China’s largest chipmaker Semiconductor Manufacturing International Corporation (SMIC). Given that Taiwan’s Taiwan Semiconductor Manufacturing Company (TSMC) has been producing similar sized chips since 2018, SMIC’s ability to produce these chips at quantity demonstrated an ability to bypass U.S. export controls. The question over how Huawei was able to develop the technology has led to a political debate on Taiwan. According to reports, Taiwan’s Cica-Huntek Chemical Technology Taiwan Co. won contracts to build systems for two Chinese, U.S. blacklisted companies. Current president Tsai Ing-wen, ahead of Taiwan’s presidential election in January 2024, has faced criticism for not taking Taiwan’s defense seriously. Without tighter controls on Taiwanese firms still doing business with Chinese firms, Taiwan’s semiconductors could end up in Chinese missiles aimed at the island. Sanctioned actors also develop strategies to get around U.S. export controls which have been employed for a while. For example, in 2018, reports emerged of Russian and Chinese military-affiliates sanctioned by the U.S. created ‘shell companies’, intended to disguise ownership of Chinese or Russian firms to buy U.S. equipment. While this avoided direct sales from US companies to Chinese military-affiliated companies, it was easily bypassed through third parties created by Chinese military affiliated firms. Blacklisted businesses can also purchase chips from black markets, outside of Chinese and American authorities. In the Huanqiangbei electronics mall in the southern Chinese city of Shenzhen, small scale sellers are filled with electronics components purchased under the radar. Reports have emerged that local sellers, though not advertising them, have bought Nvidia high-end AI chips in other markets and sell them at double the normal price. For smugglers, export controls provide incentives to gain chips via unofficial channels, for the right price. Breaking the Supply Chain? From the outset of the Biden’s administration export controls of US-made technology to China, East Asian electronics firms with a substantial dependence on China have been exempt. Samsung and SK Hynix secured exemptions from U.S. permission to ship U.S.-machinery to China. Samsung and SK Hynix face competitiveness issues in moving their production away from China; they produce 40% and 45% of their NAND memory chips in China respectively. Separating from China and moving to ‘friend-shoring,’ as the US is incentivizing them to do through subsidies, requires a significant reversal of supply chains built over the past 40 years. While this exemption gives East Asian and US companies time to reconfigure their supply chains, the timeline could take years given the billions of dollars involved. US export controls are also imposed in advance. While this may give time to companies facing commercial losses, Chinese firms are able to buy some technologies in advance. For the Netherlands, ASML’s compliance with U.S. export controls will come into effect on January 1, 2024. According to reports, ASML sold 46% of all exports to China in the third quarter of 2023. The strong reliance of semiconductor companies on China indicates the difficulty of moving the semiconductor industry away from China to other countries, especially when its market is substantial for exporting companies. Conclusion The new export controls launched by the US on October 17, 2023 aim to improve enforcement for critical semiconductors. Loopholes and well-established rules on bypassing sanctions are still possible and carried out by shell companies, even for sanctioned companies. Given the threats posed by the PLA’s military modernization and ability to project power overseas, the US latest export controls are an important step in deterring future technological developments. According to the US and its allies, without effective monitoring of export controls, the PRC’s ability to get hold of semiconductors for military purposes poses a significant security risk to the Indo-Pacific.

Date: 23/10/2023 Where: Venezuela Who’s involved: U.S. President Biden, Venezuela President Maduro, Venezuelan opposition leader Machado What happened? On Wednesday, 18/10/2023, the U.S. Treasury Department temporarily eased some sanctions imposed on Venezuela’s oil, gas, and mining sectors. The decision comes after Venezuelan President Maduro and opposition parties reached an agreement on elections scheduled for 2024. Oil sector bans are not the only area that has been the subject of negotiations in recent months between the two countries. On Wednesday, 18/10/2023, deportation flights from the United States to Venezuela resumed, marking a significant concession by President Maduro. The Venezuelan government also stated that it will make resources available to help with deportation operations. U.S. Secretary of State Anthony Blinken stated that President Maduro has until the end of November 2023 to implement established electoral commitments, including lifting restrictions on opposition candidates and releasing political prisoners. Should the Venezuelan government fail to meet its electoral commitments, the United States could decide to resume sanctions. On the other hand, if Maduro complies with the electoral guarantees, the provisional license lifting U.S. sanctions for six months could be extended. After resuming long-suspended negotiations, on Tuesday, 17/10/2023, Nicolas Maduro finalized an agreement with the opposition guaranteeing its participation in elections to be held in the OPEC member country in the second half of 2024. The negotiations took place in Barbados, and the talks were mediated by Norway. However, while the administration agreed to let the opposition choose its candidate for the 2024 presidential election, the agreement does not guarantee the reverse of bans blocking some opposition primary candidates from holding office. Several candidates are technically still barred from taking office, including the primary’s front-runner, Maria Corina Machado. On Sunday, 22/10/2023, Venezuela held primary elections to pick the opposition candidate who will run against Maduro in the first presidential election since 2012. Although vote casting is still in process, it seems that Machado routed the other nine candidates despite the ineligibility, securing 93 percent of the vote and emerging as Maduro's opponent in the 2024 presidential election. Maduro, ruling since 2013, is expected to run again for re-election, although he has not yet officially announced his candidacy. In 2019, his presidency was contested by Juan Guaidó, who was chosen interim president by the Constituent Assembly, causing a presidential crisis. Nevertheless, Maduro remained in power, and in 2022, opposition parties voted to dismiss Guaidó as interim president. Economic and diplomatic tensions between Venezuela and the United States are longstanding. Under Trump's administration, the U.S. adopted an aggressive sanctions policy against Venezuela to foster a political transition by putting financial and economic pressure on the Maduro regime. The first U.S. sanctions against Venezuela date back to 2006, imposed by President Bush on the Chávez regime. However, President Trump implemented the most restrictive sanctions against Venezuela, known as the "maximum pressure" policy. Starting in 2017, Venezuela has been denied access to U.S. financial systems. In 2019, several industry-specific sanctions were implemented, especially for Venezuela's state oil company, PDVSA, such as preventing the export of Venezuelan oil to its chosen markets and freezing bank accounts or banning access to properties in the United States. In 2022, the U.S. granted a temporary six-month license to Chevron, a major private oil company operating in Venezuela, authorizing the production of petroleum products. Analysis: The easing of diplomatic tensions and economic bans between Venezuela and the U.S. can be traced to several factors. First, the U.S. is seeking to boost global oil flows and ease current high prices caused by sanctions on Russia following the Ukraine invasion, and Saudi Arabia and other OPEC+ countries decisions to extend the reduction of production and exports. However, although it is expected for Venezuela’s oil output to gradually increase in 2024, the chances that Venezuelan exports can rapidly recover from the losses of recent years and significantly increase oil production are low without considerable investments. It seems unlikely that state-run PDVSA will be able to quickly boost Venezuela’s severely deteriorated oil production and export crude at fair and affordable prices. Indeed, Venezuela, the world's largest proven oil reserves, used to produce nearly 3 million barrels of oil daily. Partly due to U.S. sanctions, Venezuela's economy, primarily tied to oil production and exports, contracted by about two-thirds between 2014 and 2020. U.S. re-engagement in Venezuelan politics and economy could also help halt rising Chinese influence in Venezuela and the Latin American region. Indeed, since the beginning of U.S. sanctions, China has replaced the United States as the primary purchaser of Venezuelan oil and economic sponsor of the country. As recently as last month, Maduro and Xi Jinping strengthened their cooperation in several areas, including security, aviation, trade, and investment. The lifting of sanctions on Venezuela could also be Biden's response to growing domestic tensions, including regarding the increasing flow of migrants. Under Maduro, more than 7 million people have left Venezuela, with many heading to the U.S. Recently, Venezuelans stood out as the nationality most arrested for illegal entry at the U.S. border, replacing Mexicans. Moreover, although the decision to resume economic and diplomatic relations is drawing controversy and opposition from Republicans, the Biden administration may be seeking to strengthen its position through a strategy to address the energy crisis ahead of the 2024 presidential election. Regarding the democratic concessions granted by Maduro, many international observers and opposition representatives are skeptical that the president will fulfill his pledges, especially the removal of bans preventing opposition members from holding office. While democratic concessions are a necessary prerequisite to the U.S. lifting bans, many believe that the agreement will not lead to real regime change. Instead, renewed relations with the U.S. and easing the regime’s stronghold may represent a strategic propaganda move to lift the country's economy and gain more support ahead of the 2024 elections. Nevertheless, the primary elections held on 22/10/2023, organized independently by the opposition and civil society, registered an unexpected turnout of voters, indicating the population's desire for change and democracy. Conclusion: Venezuela agreed to grant fair and internationally monitored elections in 2024 in exchange for lifting some economic sanctions by the United States. The U.S. is seeking to re-kindle economic ties with the OPEC country to curb the global energy crisis. However, renewed market access for Venezuela's severely disrupted oil sector will not provide economic benefits in the short term. While the international community hailed this agreement as “a step toward Venezuela's democratic transition,” the actual freedom of the upcoming elections remains a question. The sanctions relief may be a political maneuver by the Biden administration to gain domestic support, potentially ameliorate the energy crisis, and challenge Chinese influence in the Latin American region.

Article written by Mark Bruno - October 2023 The escalation of violence in the physical world has seen a parallel escalation in the digital world with hacktivist groups either claiming to be supporting Palestinian causes or retaliating against these actors. To this day, digital threat actors of all stripes attempt to channel the aesthetic, and tactics of Anonymous from the time of the Arab Spring (2011). However, the cyber battlespace has changed since then, and as states’ abilities to withstand these sorts of attacks have grown, so, too has their influence in the space itself. But given how prepared Israel has become over the past twelve years, how was it seemingly taken by surprise? Was there potential intervention by other nation-state actors? Has the cyber front been more effective as a source of disinformation than as an actual source of disruption? Two Layers Of Cyberwar Conclusions about what’s unfolding in Israeli cyberspace are difficult to pin down, despite the conflict coming up on its third week. In part, this is because the cyberwar between Israel and Hamas is made up of a domain that we can see, and a domain that we cannot. It’s almost identical to the one unfolding in Ukraine in this respect. The first domain consists of the overt actions by hacktivists and more common cyber criminals that are often self aggrandizing but lack the sort of substance that one might expect. This is in large part to the credit of Israel’s own cybersecurity and IT infrastructure. On October 8th, a proclamation went out over Telegram: “Israeli government, you are to blame for this bloodshed. Back in 2022, you supported the terrorist regime of Ukraine. You betrayed Russia… All government systems of Israel will be subjected to our attacks!” The statement was published by KillNet, a Russian group who have been extremely active since the War in Ukraine became a full scale invasion. They mostly perpetrate low-yield Denial of Service and Defacement (also known as DoS or DDoS) attacks on targets of opportunity: dangerous, yes, especially to smaller and less prepared targets, but regarded in the cybersecurity community as a less significant threat than many others that are aligned with Russia. The Lawfare Institute’s Maggie Smith, Erica Lonergan, and Nick Starck write, in a 2022 piece about KillNet, that the role of these groups is, “cognitive, not coercive.” That they exist to shape the framing of a conflict, and generate hype around their own propaganda narratives. KillNet’s large platform provides a communication channel for other organizations to organize similar attacks, amplifying their perceived effectiveness. Some cybersecurity professionals speculate that the group is state-sponsored, and it can be firmly established that they are at the very least, state-aligned with Russian interests. There are a number of higher-powered threat actors that Israel’s Cyber Directorate has on their radar that inhabit the second layer of this space. Many of these are based in Iran and Lebanon, and inhabit a much more threatening categorization: that of the Advanced Persistent Threat. Advanced Persistent Threats (known often as simply ‘APTs’) are a threat actor with less limited resources than most hacktivists or common cyber criminals (often provided through state funding), utilize layered strategies, and tend to have a continuous mission. Some APTs have been active for over a decade. It takes more time to attribute an attack to an APT. In part, it’s because their plans tend to have a clandestine intent, such as exfiltrating data from a government or military source. Even financially-driven APTs such as North Korea’s Lazarus Group will quietly amass money in the hundreds of millions before being stopped. It’s much more of a “long game” in this layer of the conflict. There is no evidence at this point proving that any of the regionally tracked APTs have intervened in the conflict, but this certainly doesn’t rule out that they might have, as they did in the past. Before The Attacks Since the morning of 7/10/2023, there has been a lot of speculation as to whether or not Hamas received aid or intelligence from external organizations, with the most prominent theories being about potential assistance from Iran. Much of this speculation is an understandable response to the seemingly slow reaction from the IDF and the pure shock of the violence that unfolded. That said, there has been a well-established history of attacks on Israel from several Advanced Persistent Threats. There were several notable cybersecurity incidents in the weeks leading up to the attacks on 7/10/2023. On 09/09/2023, fifteen Israeli lawmakers were surprisingly banned from WhatsApp in what may have been a breach that stemmed from their authentication controls being tripped. The report said that they were locked out of their accounts for three hours, which would have been plenty of time for a data exfiltration. This particular incident was reminiscent of a 2019 phone breach of Netanyahu political rival, Benny Gantz. The incident was explained in the Israeli press as an attempt by Iran. Ben Gurion Airport, a major target in the current conflict, had one of its most significant disruptions related to a cyberattack on 20/09/2023. The attack involved extremely sophisticated disruption of GPS systems and impacted the ability of pilots to land on shorter runways. The identity of the threat actor responsible still has yet to be revealed, but this is the sort of behavior more broadly associated with an APT rather than common cyber criminals. On 5/10/2023, there was a report of an attempt via Telegram to hack Israeli president, Isaac Herzog. The findings by Israel’s Shin Bet security security service determined that it was from a low-level group, and likely for the purpose of scamming the president, rather than any “serious” breach. However, in the context of the broader cyberwarfare situation in Israel, it’s difficult to brush this incident off. That same day, Microsoft’s Threat Intelligence department released their 2023 Digital Defense Report. In it, the report outlines the increasing threat posed by Iranian threat actors, though it largely outlines their activities in the capacity of influence in the Global South. After The October 7th Attacks Claims Israel has been under a constant storm of cyberattacks. However, the claims made by the attackers have been of mixed truth value: some outright lies, others exaggerating the effectiveness of their operations, and a few that have been genuinely effective with potentially deadly consequences. Perhaps the most substantial claim that proved fruitless was an alleged series of attempts to shut down Israel’s Iron Dome missile defense system. While some servers associated with Rafael Advanced Defense Systems and Israel Aerospace Industries (the organizations that manage the system) may have been temporarily shut down, there is nothing that substantively suggests that the system’s performance was ever impacted. RedAlert Early in the day on 7/10/2023, Russia-supporting cybercriminals, Anonymous Sudan, posted evidence suggesting that Israel’s RedAlert app, an application that tracks reports of rocket attacks in real time, has had outages via what appears to be a Denial of Service attack. The group that would later seem to be responsible was the hacktivist organization, AnonGhost, who explained that they’d found a vulnerability in the application’s API that allowed them to take it down. The immediate impact of this attack was the safety of civilians fleeing to get out of harm’s way. In the time since, service has been fully restored in the browser version of the application. However, the issues caused by the various Denial of Service attacks have caused the application to be removed from several regions’ app stores for a time. If one needs to download the app again, the way around this would normally be to download the APK file (or IPA file on iOS) and install it directly. In response, some groups have picked up on this workaround, and have created a spyware version of the APK file hosted on a phony version of the developer’s site. Media And Propaganda Several news organization websites, but most prominently, the Jerusalem Post, were taken offline on the morning of 8/10/2023. The recovery back to full functionality took at least fifty hours. While attempts were claimed against Keshet Media Group websites, Times of Israel, and others, the disruptions were not nearly as severe, if they happened at all. Another display of hijacking media was done in at least the city of Holon, and allegedly in Tel Aviv as well. For part of the morning of 12/10/2023, smart billboards were hacked into and played what has been called “pro-Hamas” messages. A number of these groups have also attempted to spread various messages on social media that prominently featured disinformation and carefully selected old footage. Screenshots of a fake BBC article with AI-generated images reportedly from Bellingcat began circulating on 10/10/2023. The article was attempting to mislead readers into believing that US weapons given to Ukraine were ending up with Hamas, lending credibility to a related conspiracy circulating on Facebook. Conclusion It's crucial to differentiate between actual and perceived threats in the cyber realm, especially in the current Israeli scenario. While numerous claims circulate, Israeli services remain adept at identifying and thwarting such attacks. Despite the attention garnered by hacktivist groups like KillNet, their direct harm is mitigated by Israel's robust cybersecurity infrastructure. However, beneath this visible layer lies a more menacing one: the clandestine activities of state-supported Advanced Persistent Threats (APTs). Operating quietly, these entities aim for long-term gains like data exfiltration or system compromise, posing a more significant threat. The dual-layered nature of this cyber conflict necessitates a well-thought-out defense strategy—addressing immediate threats from hacktivist activities while proactively seeking and countering the potentially more dangerous, silent moves by APTs. The unfolding situation underscores a modern warfare paradigm where battles transpire both openly and covertly in the digital domain, carrying real and tangible repercussions for security, civilian safety, and the on-the-ground situation.