Zoek naar dyami-inzichten

Executive Summary Following up on the last two months, GPS interference has picked up around the Baltics and Black Sea. This causes aviation risks, where pilots need to be prepared thoroughly. Airport activities in Europe have been disrupted by (climate) protests. Tensions in the Middle East have increased leading to more overflight risks near the Northern and Southern Israeli border. Tensions in Ecuador have increased leading to more drug trafficking via business/private aviation. Global 1.1. Digital Interference Digital interference is possibly the most common threat pilots face at the moment. The methods of interfering have grown way past the simple GPS jamming, and are found in more places in the world. Recently the skies over Eastern Europe and the Baltic have seen a surge in interference, but reports of fictitious ATC commands is a new form of interference which deserves attention as well. 1.2. Drug trafficking Drug trafficking continues to be a relevant risk in any form of aviation, including business/private aviation. This is especially the case in Latin America and India. Whereas India has a strongly booming trafficking activity, in Latin America the established market has shown an increased interest in using business/private style aircraft for their operations. 1.3. Human trafficking Human trafficking is a lingering threat to business aviation, as the privacy over commercial aviation makes the operation easier. Other factors that come with operating business aircraft also count as a benefit to traffickers. 1.4. Wildlife trafficking Due to the increased security in common trafficking hotspots such as South Africa and Tanzania, the wildlife trafficking routes are changing. One of the new hotspots is Addis Ababa Bole Int. airport in Ethiopia. While commercial aviation is the more known method of smuggling animals, business/private aviation could benefit such operations, and should be considered as a potential method. Europe 2.1. Climate activism In Europe climate activists have a strong focus on business/private aviation. With the weather improving, protests and demonstrations are planned for many airports in Europe. Recently some actions in the Netherlands against business/private aviation were prevented by the authorities’ handling of the protestors. 2.2.  Strikes and other protests A rising trend in strikes by airport employees is seen in Europe. These strikes have so far stopped operations at 11 airports, causing the cancellation or delay of 1.100 flights. 2.3.      Digital Interference The skies over Europe have seen a surge in digital interference originating from Russia. The focus of this interference is mostly in Northern and Central Europe. 2.4. Overflight risks Ukraine is trying to work towards the partial reopening of their airspace. As the war in the country is still ongoing, this plan brings a lot of security challenges. Middle East 3.1 .     Digital interference Seemingly the epicenter of digital interference development, the Middle East has produced a collection of methods of interference. For any pilot operating in or near the region, these methods and how to counter them should be known. 3.2. Overflight Risks Together with the ongoing conflicts and unrest in the Middle East, a group of countries present overflight risks. This can range from digital interference to anti-air weapons. 3.3.     Israel - Hamas  war The war between Israel and Hamas has caused several airspace restrictions. However, now that the war is being fought out in the South of Gaza the direct threat to LLBG has reduced. On the other hand, the situation in Northern Israel has increased the risk to civilian traffic. 3.4.     Rising conflict Israel - Hezbollah The tensions between Israel and Hezbollah have been rising since the start of Israel’s war with Hamas. As the situation may escalate, any aviation in, over and near Lebanon may be at risk of accidental targeting. Asia 4.1. Overflight of Myanmar As the situation in Myanmar continues, the chances of rebel forces gaining access to serious anti-air systems through capture increases. Such a situation would instantly provide a threat to any aviation flying over or near Myanmar. 4.2.   Pilot held hostage in West Papua (Indonesia) The situation of the hostage pilot in West Papua is still not resolved. Where at the start of the year developments seemed promising, no results have been achieved yet. 4.3.    Caucasus tensions The situation in the southern caucasus is slowly improving, but tensions linger. For every step in the right direction, there seems to be high-tension moments with the risk of escalation. Africa 5.1. Overflight risks Numerous countries in Africa bring an overflight risk and different mitigating measures. Anyone operating over Africa, especially the Sahel region and parts of the horn of Africa, should be aware which country brings what risk, and how to adequately operate around these risks. 5.2.     Situation Nigeria / Niger, Burkina Faso and Mali Rising political tension between Nigeria and its northern neighbors have resulted in overflight bans being issued. The bans have been lifted, but awareness of the situation is needed for operators to be prepared for possible last minute changes in airspace authorizations. 5.3.    ATC interference near Somalia More incidents of ATC interference have been reported in the northern Mogadishu airspace, potentially caused by Somaliland. False information comes from Hargeisa, Somaliland, VHF frequency 132.5 and HF 11300. North America There were no significant events in North America in the months of February and March. South America 7.1.  Drug trafficking Drug smuggling from Ecuador to North America has picked up, because of the war between the Ecuadorian government and drug cartels. Cartels continue to use private aircraft for drug trafficking throughout the continent. Criminal organizations use old aircraft for these flights because a large number of aircraft are destroyed after only a small number of trafficking flights. Oceania There were no significant events in Oceania in the months of February and March. Forecast GPS interference will likely continue to be deployed as a military strategy by various state actors. The tensions between Israel and Hezbollah are rising, resulting in growing risks to overflights. In case of escalation, measures need to be taken such as avoiding Lebanese and (again) Israeli airspace and possibly the surrounding countries and Eastern Mediterranean. [This is the end of the light version for REBASE, for the full version, feel free to contact us]

Written by Elena De Mitri, Arianna Lucà, Mickey Beckmann, Iris de Boer, Jacob Dickinson, Kevin Heller, Sara Frisan Russia-Ukraine: While Russian forces slowly advance towards Kharkiv, airstrikes debilitate the energy infrastructure on both sides of the conflict. Israel-Hamas: As Netanyahu's government faces internal tensions, Israel claims to be in the process of neutralizing Hamas’ infrastructure. Myanmar: Myanmar’s military continues to lose control over the country, with mass displacement of civilians. Sudan: As the conflict has no end in sight, the humanitarian crisis in Sudan is worsening. China-Philippines: Dangerous collisions between Philippine and Chinese vessels ramp up tensions. Mexico: Ahead of the June elections, growing discontent with the outgoing President is spurring widespread protests across the country. Nigeria: Worsening cost of living, rising inflation, and widespread food insecurity are fuelling violence, protests and instability in Nigeria. Pakistan-Afghanistan: Heightened tensions between Pakistan and Afghanistan as cross-border attacks increase. Haiti: The protracted crisis in Haiti reached a critical point in March 2024 after an upsurge in gang violence forced Prime Minister Henry to resign. North Korea: North Korea’s Missile tests and South Korea-US military exercises persist on both sides of the demilitarized zone. Conflicts, March 2024 Russia-Ukraine After capturing Avdiivka in February, Russian forces managed to gain some small advances while Ukrainian forces focused on slowing their progress as much as possible. While movement on this front is quite slow, Russian troops are also trying to advance towards the village of Kupyansk, likely as a first step in conquering the Kharkiv Oblast. Meanwhile, airstrikes targeted main cities both in eastern and western Ukraine, such as Odesa, Kyiv, and Kharkiv, causing many casualties among civilians. In March, both Ukraine and Russia ramped up attacks on each other's energy infrastructure to hamper each other's war efforts. While previous Ukrainian attacks were focused on Russian oil refineries close to the border with Ukraine, in mid and late March 2024, Ukrainian drones managed to hit areas deep within Russian territory, such as the Samara Oblast close to the border with Kazakhstan. These attacks destabilized the Russian oil industry, the country's biggest export. Russian retaliation hit Ukraine with the most significant attack since the start of the war on the energy infrastructure all around the country. The attack managed to cut off energy supplies for more than one million civilians and forced the implementation of blackout schedules in several regions to reduce the load on the power system during the needed repairs. According to the head of the main energy firms in the country, repairs might take up to 18 months. On March 12, 2024, a coalition of three Ukrainian-backed paramilitary groups launched an incursion in the Russian regions of Kursk and Belgorod. The groups, consisting of Russian nationals opposed to Putin's regime, claimed to be still operating in Russia on March 21. While the three brigades will likely not have a big impact on Russia's stability and on Putin's regime, they managed to bring some troops back to restore Russian control over the territories they took. Israel-Hamas The war between Israel and Hamas is ongoing and is likely to continue for another few months if not more than a year. Israel claims it is close to breaking Hamas's infrastructure and neutralizing its leadership and terrorist capabilities. However, to do so, Israel could also attack the border town of Rafah in southern Gaza. Rafah has been the refuge for millions of Gazans after Israeli attacks on Gaza City, Khan Yunis, and Shifa Hospital. According to the U.N. and several NGOs, the Gazan population is almost 100% on the brink of starving and running out of medical care and medicines. Aid deliveries are ongoing but are inadequate and limited. Meanwhile, tensions between Hezbollah and Israel are growing, and there will likely be a military operation in the spring or early summer to remove Hezbollah's presence from the south of Lebanon to make sure that Israeli citizens can return safely to their homes in the north of Israel. Pressure from the U.N., U.S., and E.U. on Israel does not seem to have much effect. However, internal struggles in the Netanyahu government could collapse the coalition and make way for new elections. Following the Israeli bombing of the Iranian Consulate in Damascus on April 1, tensions between Iran and Israel are heightened. In response to the attack, which killed 7 people, including a top commander of the Islamic Revolutionary Guards Corps (IRGC), Iran declared that it will retaliate and there will be consequences for Israel. Adding to the trouble in the region are the Houthi rebels in Yemen, who are continuing to launch attacks against international merchant vessels. Although the U.S. and U.K. are responding promptly against Houthi strongholds, the Houthis do not seem to intend to cease their attacks. In late March, the Houthi managed to launch a missile at Israel that evaded all air defense systems but landed harmlessly in the desert. Myanmar Myanmar’s military government continues to lose territory along multiple fronts as alliances of ethnic minority insurgents and pro-democracy fighters challenge military rule in March. The advance of armed groups has pushed the military back considerably, with the military controlling only half of the country. Following these setbacks, the military government began a mass conscription campaign to build up its forces. Millions of civilians have fled to neighboring countries to escape enlistment. The UN has warned that the military has responded to resistance victories by stepping up attacks against civilians with its aircraft and artillery capabilities. Thailand delivered its first humanitarian aid to Myanmar on March 25 in an effort to help 20,000 displaced people fleeing the fighting. The UN states that 18.6 million people are in need of humanitarian aid. Sudan Fighting between the RSF and the SAF continued during March in Darfur, Kordofan, Khartoum, and al-Jazirah, with the SAF gaining territory in the state of Khartoum. On March 12, the SAF regained control of the state broadcast headquarters in old Omdurman and vowed to rout the RSF. The two warring parties have also carried on exercising retaliatory violence against civilians for their conflict-related allegiances in Darfur, Kordofan, and al-Jazirah. Dialogue between the RSF and the SAF seems inconclusive as they keep a hostile attitude towards each other. Nonetheless, international parties, among whom the US, is looking to reopen talks between the SAF and the RSF to ease the conflict and substantially increase the delivery of humanitarian aid. The SAF rejected calls by the UN Security Council for a truce for the month of Ramadan to let humanitarian aid inside the country, citing the failure of the RSF to comply with their commitment to leave civilian sites. As the humanitarian crisis worsens, the World Food Programme warned that it could suspend operations in Chad, where many Sudanese nationals found refuge, in April due to the severe lack of funds. In late March, the RSF rejected an agreement between the governor of Darfur and UN agencies to deliver humanitarian aid into Darfur, likely the area where the population is most impacted by the conflict. In Sudan, rising prices and food shortages are causing severe food insecurity. Mobile blackouts have also continued throughout March, further exacerbating the everyday difficulties for civilians relying on electronic cash transactions in many parts of the country. Despite recurring warnings by UNICEF and the UN about an imminent famine in Sudan, the delivery of humanitarian aid remains insufficient and often endangered by the ongoing conflict. Alerts, March 2024 China-Philippines The sovereignty dispute between China and the Philippines over the Spratly Islands continued in March 2024. A Philippines vessel based on one of the disputed Spratly Islands since the Second World War has been resupplied by the Philippine military and coast guard. The formidable and well-equipped Chinese Coast Guard (CCG) has attempted to stop Philippine resupply missions. Reports have noted several dangerous encounters, with the CCG ramming a coast guard vessel. Four Philippine Navy personnel also sustained injuries when hit by a water cannon. China’s defense ministry stated that “China has taken control measures in accordance with the law”. Following these clashes, the Chinese foreign ministry said that relations between the two countries are at a turning point, though it’s unclear how long this situation can be maintained. The Philippines has lodged several diplomatic protests against the Chinese embassy, saying that it should uphold the 2016 Court of Arbitration, stating that China’s claims to the entirety of the South China Sea have no basis in international law. US Secretary of State Antony Blinken reiterated the US commitment to defending the Philippine’s access to its territorial claims due to the 1951 mutual defense treaty. The US launched further ‘freedom of navigation’ exercises in the South China Sea, which Beijing says has threatened regional stability. Mexico On March 1, campaigning for the biggest election in Mexico's history began. Mexico is set to make history next June 2, when voters will most likely choose a woman as President. According to recent polls, the front-runner would be former Mexico City mayor and ruling party candidate Claudia Sheinbaum. However, so far, protests and election-related violence raised major concerns ahead of the upcoming elections. Massive demonstrations took place in major cities over the past few weeks after a controversial constitutional reform package advanced by President López Obrador. The reforms include the dissolution and restructuring of the National Electoral Institute (INE), an autonomous body that oversees elections. Protesters denounce this reform as a threat to Mexican democracy and are concerned about rigged and non-transparent upcoming elections. The leading presidential candidate, Sheinbaum, backed by President López Obrador, will likely pursue constitutional reforms upon election. Organized crime attacks on the upcoming elections are a significant concern for Mexico's stability and democracy. Several incidents of election-related violence have been reported since the beginning of the electoral campaign, such as political violence, attacks, and killings by criminal groups targeting local candidates. Further protests are taking place calling for action from the government over the disappearance of 43 students from Ayotzinapa in 2014. López Obrador has received criticism for the lack of success in finding the students despite his promises to do so during the 2018 election. Mexico is experiencing complex challenges which are likely to persist in following months. Rising levels of election-related violence are likely ahead of June elections. Anti-government and pro-democracy protests are expected in coming weeks. Disruption and political unrest are possible. Clashes with law enforcement and escalation of violence cannot be ruled out. Nigeria The persistent economic crisis faced by Nigeria is fuelling instability and violence in the country. Soaring inflation and the dramatic cost-of-living increase are worsening the already precarious food security situation. A large portion of the population is experiencing extreme food insecurity. In a matter of months, the cost of several basic food staples has doubled. Attacks on trucks carrying food supplies, like pasta and rice, and looting of emergency supplies have been reported. Violence over access to resources and food is rampant throughout the country. On March 3, hundreds of people looted a government warehouse in Abuja. Food shortages are spurring widespread popular dissatisfaction with President Bola Tinubu's government. The current protests in Nigeria can be traced largely to the unpopular reforms to remove fuel subsidy, implemented by Bola Tinubu after taking office in May 2023. In the wake of the recent unrest, the government has pledged to stem the deteriorating economic situation by implementing several policies to address the food insecurity crisis and increase food production without backtracking on subsidy cuts. The situation in Nigeria is unlikely to improve in the near future. The persistent crisis and food shortages will likely foment more discontent, protests, and looting in the coming months. Finally, the deepening economic crisis is likely to worsen existing security concerns in Nigeria such as crime, armed groups, and widespread corruption. Pakistan-Afghanistan Ties between Pakistan and Afghanistan strained in March after deadly cross-border attacks. On March 16, a terrorist attack on a security forces post in North Waziristan district in Pakistan resulted in seven Pakistan security personnel and six militants. On March 18, Pakistani airstrikes targeted terrorist groups in Afghanistan, killing at least five people as retaliation to the attack. The Pakistani foreign ministry announced that the attacks were targeting the Tehreek-e-Taliban Pakistan (TPP) based in Afghanistan. The Taliban spokesperson condemned the Pakistani airstrikes. On March 20, Pakistan’s security forces repelled an attack by the Balochistan Liberation Army (BLA) on the port of Gwadar, killing eight fighters. As skirmishes with the Taliban and Taliban-affiliated groups continued, Pakistan security forces decided to close the border with Afghanistan on March 24. However, on March 26, Pakistan was once again targeted by Baloch militants. The attack took place at the Turbat naval base in southwestern Pakistan, killing at least one Pakistani soldier. All five Baloch assailants were killed in retaliatory fire. Relations between Pakistan and Afghanistan have worsened in recent years as Pakistan has accused the Taliban of letting the TPP use Afghan soil to conduct attacks against Pakistan. The Afghan Taliban has denied those allegations. The Pakistani government has also expressed concerns over alleged joint attacks by the TTP and the BLA. As the March attacks by the BLA focussed on Chinese infrastructure projects in the country, it seems that the BLA tries to influence the relationship between Pakistan and China. China is one of Pakistan’s closest allies and has massively invested into the China-Pakistan Economic Corridor (CPEC). The recent cross-border attacks signal heightened tensions between Pakistan and Afghanistan, the TPP, and the BLA, making the current security situation in the border region between Pakistan and Afghanistan extremely unstable. There is a possibility for further escalation with an increase in cross-border attacks in the near future. Updates, March 2024 Haiti The protracted crisis in Haiti reached a critical point in March 2024, forcing the government to declare a state of emergency on March 3. The already precarious security situation in the country was worsened by a series of coordinated attacks by gangs targeting government buildings, police stations, and other sites of interest. Gang members broke into two of the main prisons of Port-au-Prince, freeing over 4000 inmates and seizing the capital’s International Airport. According to Jimmy “Barbecue” Cherizier, leader of the gang coalition G9 controlling over 80% of the capital, the spike in gang-related violence and the attacks were triggered by interim PM Ariel Henry’s visit to Kenya. The visit was made to sign a UN-backed multinational security deal (MSS) to help tackle the security situation in Haiti. Henry, appointed as PM after the assassination of President Moise in 2021, repeatedly delayed the elections, leading to widespread popular discontent. Gangs were calling for Henry’s resignation for months, threatening a "civil war" if the international community persisted in supporting an unelected government. Following the escalation of violence, Henry faced strong domestic and international pressure to facilitate a transition and ultimately announced his resignation on March 12. While the transitional council and interim premier's official appointment is pending, Haiti's situation remains highly volatile. On April 1, an armed attack targeting the national palace sparked panic in the capital. At least four people were killed in the clashes.. Following the recent spike in violence, leading to at least 30000 displaced people, the country is facing an unprecedented acute security and humanitarian crisis. Prolonged instability and limited access to international aid are causing food and basic goods shortages. According to the World Food Programme (WFP), over 4.97 million Haitians are currently facing severe food insecurity. The situation is still extremely unstable. Despite Henry's resignation, gang-related violence will likely remain elevated at least until the next election. Polls are expected to take place within the next two years. International community's support will be needed to address the humanitarian crisis and restore the country's stability. Nevertheless, the future of the MSS, halted by the Kenyan government on March 22, remains uncertain, and the international community has not yet agreed on its approach to the crisis in Haiti. North Korea North Korea has conducted several military exercises and ramped up its war rhetoric throughout March. After rejecting a commitment to ‘peaceful reunification’ with South Korea in January, Kim Jong Un has used threats of active warfare and missile tests to intimidate South Korea. On March 7 2024, North Korea again conducted artillery firing drills as a response to US-South Korea military training. North Korean media reported Kim Jong Un next to the artillery, supervising the troops. South Korea’s president has ruled out conciliation with the North as long as the exercises continue. Partially as a response to the threats to South Korea and Japan and to deter North Korea, the United States and South Korea have responded by expanding their combined training and trilateral drills involving Japan and sharpening their deterrence strategies built around strategic U.S. assets. The confrontational rhetoric and military exercises have added to the tensions in the demilitarized zone (DMZ). On April 2, Japan's Defense Ministry said North Korea has launched what could be a ballistic missile, which reached some 600 kilometers in distance. North Korea seems to utilize the world's focus on Russia-Ukraine to further advance its weapons to reach US targets in the Pacific Ocean. About the authors Elena de Mitri Elena is a highly motivated person with a strong interest in international security. She holds a Master's degree in International Studies from the University of Turin, where she focused on regime changes and human rights. Her research during her master's studies delved deeper into the intricacies of human rights violations, with a specific emphasis on the war in Iraq. Her academic journey also includes a Bachelor's degree in Foreign Languages and Cultures, with a focus on the MENA region and muslim societies. Additionally she pursued a Minor in Gender Studies, enhancing her understanding of the intersectionality of various issues in international contexts. During her previous traineeship at the Joint Research Centre of the European Commission she conducted research on terrorist groups, especially on jihadist groups and right-wing extremists. Arianna Lucà Arianna is a new intern at Dyami, covering the role of Research Intelligence Analyst to enrich her background knowledge in International Relations with topics involving security and conflict. She holds an MA in International Relations from Leiden University and an LLM in European Criminal Justice from Utrecht University. During her academic career, she has volunteered for different NGOs, mainly Amnesty International, and Emergency and ActionAid, embracing humanitarian and conflict security causes, and addressing issues like famine and lack of security in different regions of the world. With Dyami, she is contributing to joint publications, writing articles, and keeping up to date with key regional developments. Mickey Beckmann Mickey is currently enrolled in the master’s program Conflict Studies & Human Rights at the University of Utrecht. Motivated to make the world a safer and more accessible place, she completed a bachelor in ‘International Relations in Historical Perspective’ at Utrecht University. Her main topics of interest are radicalization, extremism, terrorism, jihadism and conflict in the Middle East. Eager to broaden her knowledge of geopolitical conflict and security, during her internship at Dyami she will actively participate in writing collaborative publications and authoring articles, with a main focus on the region North and Sub-Saharan Africa. Iris de Boer Iris works as a Global Intelligence Analyst at Dyami, leveraging her background in Human Geography. Additionally, Iris holds an MA degree in Conflict Studies and Human Rights from Utrecht University, specializing in conflict analysis, peace processes, and geopolitics. Her MA thesis delved into the securitization of the war in Ukraine by the Heads of State, Ministers of Foreign Affairs, and Ministers of Defense of the Netherlands and Poland. Within Dyami, Iris is actively involved in security risk management, travel security, and geopolitical analysis. Her enthusiasm for addressing topics in international security extends across a diverse spectrum of countries and regions. Jacob Dickinson Jacob studied Global Political Economy at Leiden University. He is passionate about international development and is looking to expand his expertise in geopolitics and crisis management. Curious about other cultures, he has traveled in Europe and Asia for both academic study and professional purposes. His expertise includes the geopolitics of oil and industrial upgrading in the electronics global value chain. He is particularly interested in the evolving political and economic relationships between China and ASEAN, and the consequences for regional development and security. Kevin Heller Kevin has over a decade of experience in the world of counter-terrorism as a consultant, trainer, and analyst. His background is in military Close Quarter Battle/Combat and Krav Maga for Military and Law Enforcement agencies. As a Global Intelligence Analyst, he writes Intel Briefs on conflict zones and terrorism. He has extensive knowledge of conflicts, politics, and other events happening in the Middle East. Kevin also has a background in Journalism and International Affairs/Conflict Studies. Sara Frisan Sara joined Dyami as a Junior Intelligence/Research Analyst post-graduate intern to deepen her passionate interest in conflict analysis and security. Sara recently completed her MA in Conflict Studies and Human Rights at Utrecht University and held an MA degree in International Sciences and Peace Studies. During her academic career, she conducted research in South America, primarily Colombia, on the dynamics of collaboration and resistance between civilians and non-state armed groups in violent settings. In her previous internship at the investigative think-tank InSight Crime, Sara developed some expertise on transnational organized crime and political-criminal alliances.

Date: 27/3/2024 Where: Peru Who’s involved: INC RANSOM, RansomEXX, Peruvian Ministry of Defense What happened? Since the night of March 24th, the RansomEXX Ransomware gang has claimed to have stolen nearly 800GB of data from the Peruvian Ministry of Defense. The following day, another ransomware group, INC Ransomware, claimed to have also successfully attacked the Ministry, specifically the Army. This claim was that a smaller amount of data (500 GB) was taken. Previews of the leaked information do seem to confirm that both groups have come into possession of personally identifiable information. Both seem to come from the same data. Analysis: If RansomEXX was the threat actor responsible for the initial attack, it would be their first ransom carried out in nearly four months. Their last claimed successful attack was in early December, against Kenya Airways. RansomEXX has been active since at least 2018 and is linked to the cybercriminal group, Gold Dupont. RansomEXX is a very sophisticated threat actor in the ransomware space. Both groups use a ransomware-as-a-service (RaaS) model, which means that the groups sell their tools to other threat actors for a cut of the ransom proceeds. Other large groups such as LockBit operate similarly. The RansomEXX and INC Ransomware groups deploy multi-extortion activities, which include stealing victim data and threatening to leak it online unless their demands are met. Their messages to victims typically involve leveraging the threat to their reputation, which is significant when dealing with a government institution. While ransomware groups primarily target sectors like education, healthcare, and industrial services due to their high dependency on continuous operations and data availability, military departments are not typically the primary focus of most ransomware campaigns. The incident has largely remained out of Peruvian news. The motivation behind targeting sensitive sectors, including potentially military departments, involves a combination of factors such as the perceived ability to pay large ransoms and the critical nature of the services they provide. There is no indication that the incident is connected to any motivation outside of a still undisclosed amount of money from the ransom. Conclusion: The simultaneous ransomware attacks on the Peruvian Ministry of Defense by INC Ransom and RansomEXX mark a notable escalation in the landscape of cyber threats against military institutions. This incident highlights the evolving brazenness of ransomware gangs, who are increasingly targeting high-value and sensitive sectors for substantial financial gains and potential geopolitical leverage. This incident not only reveals that vulnerabilities present in the private sector are also in national defense structures, and suggests a future scenario wherein nationstates can deploy more deniable assets to steal data from adversaries. The overlapping claims by both ransomware groups suggest a possible convergence or competition within the dark web’s criminal ecosystem, complicating the response strategies for affected organizations.

Date: October 2023 - September 2024 Who is involved: Ukraine, Russia, US, EU, Iran, North Korea, China In this report: What has been happening? Expectations Conclusions What has been happening? In order to get an understanding of where the war is likely going, it is important to look at the major events and factors that have happened and influenced the war in the past months. Eastern front Arguably the front that saw the most Russian successes, albeit minor ones. While the  taking of the town of Avdiivka in the Donetsk Oblast was majorly covered and presented as a key event in the war, on the bigger scale it did not make a significant difference. While Russia hoped for a major breakthrough, the Ukrainian army, Zbroini syly Ukrainy (ZSU), has managed to stabilize the lines right behind Avdiivka. Russia now seems to be focused on taking as much ground as possible before the mud season starts again in Ukraine. Russia is now focusing its attention on the Kharkiv Oblast’s town of Kupyansk, to take it and use it as a staging ground for another attempt at taking Kharkiv. Until now, Russia’s attempts have however been unsuccessful. On the other hand, Ukraine has not made any territorial gains for months, and seem to prioritize digging in and damaging their enemy as much as possible, as opposed to performing assaults and taking ground back. Attacks on energy infrastructure As announced, Ukraine has managed to ‘bring the war to Russia’. Ukrainian strikes have reached further into Russia than they have before, striking important industrial and some military targets. The refineries struck so far produce collectively around 30% of Russia’s oil output. However, not all of these refineries were put out of action. Due to these strikes, Russia has stopped its gasoline export for six months to most of its customers, such as Libya, Nigeria and Tunisia, starting in March 2024. Russia has also increased its attacks on Ukrainian energy infrastructure, military factories and ammunition depots, often employing Iranian-made drones. In March, the biggest attack since the start of the war took place and was carried out with approximately 150 drones and missiles targeting the energy infrastructure. It managed to cut off energy supplies for more than a million Ukrainians, with Kharkiv being especially affected. Emergency power outages have been implemented to reduce the load on the energy network. Airstrikes also targeted the western areas of the country, which were previously quieter. The attack temporarily cut off the main power line for the Zaporizhzhia nuclear power plant, although it was restored shortly after. Western slowness in supplying air defense systems has impacted Ukrainian ability to fend off these attacks, while the supply flow of Iranian-produced drones for Russia remains steady. Foreign support for Russia Russia has been seeking support from many countries in an effort to develop new economic and military ties and counter Western support for Ukraine. North Korea has been openly supportive of the Russian offensive in Ukraine and has supplied Russia with more than 10,000 containers of artillery shells and military equipment since the start of the conflict, in exchange for food and other types of aid. North Korean military factories are producing at full capacity to support Russian operations. Russia is also allegedly providing North Korea with fuel and technological knowledge that could expand North Korean satellite and nuclear-powered submarine capabilities. China has maintained a more ambiguous stance on the war, at times posing as a mediator and refusing to supply lethal weapons to Russia. Nonetheless, Russia has strengthened its economic cooperation with China to which it has redirected trade to lessen the impact of Western sanctions. China has benefited from cheap Russian oil and gas and has supported Russia with non-lethal weapons. Iran has been supporting Russia with UAVs and weapon systems, even opening a factory of Iranian drones in the Russian region of Tatarstan and offering newly developed models to its army in January 2024. Reportedly, Iran is also considering transferring ballistic missiles and related technology but the deal is not yet definitive. Foreign support for Ukraine Western support for Ukraine is currently vacillating. The US government has struggled with approving new bills to aid Ukraine as the Republican Party has been opposing government bills both in the Senate and the House of Representatives, of which it retains majority. This has been the case with especially a $60 billion aid bill that has been stuck since August 2023. This has further strained Ukraine’s situation, as military aid has been delivered too late according to Ukrainian needs and has complicated the situation on the battlefield. The European Union has started stepping up its support to Ukraine to try to fill the gap left by the US, with some difficulties. At the beginning of February, the EU managed to approve a €50 billion financial support package for Ukraine after overcoming Hungarian opposition. European countries have also stepped up military aid and agreed on a €5 billion fund for a collective boost to military aid. Moreover, the European Commission is elaborating a plan to use the interests earned by Russian frozen assets to fund the purchase of military equipment to support Ukraine. On the other side, European economic ties with Ukraine have sparked rage among farmers in many countries, especially Poland. Polish farmers, challenged by cheap Ukrainian imports, repeatedly blocked the border with Ukraine to demand a stop to these imports. Crimea The Crimean peninsula has become a hotspot for military activity. The island houses the Russian Black Sea fleet and the Kerch bridge, which connects it to Russia, and it is in range of Ukrainian systems. From Special Forces raids to complex airstrikes, Crimea has seen some of the most successful actions in the past months. These included targeting and destroying ships in port and striking officers quarters and military leadership buildings. Crimea is one of the two supply routes for Russian troops near Kherson and those stationed in Crimea itself. All of these supplies transfer over the Kerch bridge, explaining why it is a priority target. Ukraine hit and damaged the bridge a couple of times during the war, but until now it has not fully destroyed it. If successful in this task, it would force Russia to supply its entire Southern front and Crimea itself through the territories it occupies in Ukraine. As the most effective way for Russia is railroad supply, this would put the continuity of these supplies at great risk. Russian volunteers fighting Russia Reminiscent of last year, another incursion into Russia is (at the time of writing) occurring, performed once again by Russian nationals. The timing of these incursions, which started on 12 March, was likely due to the upcoming elections, in order to contrast the image of domestic order under the control of the Russian government. A key difference this year is that an extra brigade joined the action – the Siberian battalion. This battalion was established to recruit people from the Siberian minority groups, who are unequally affected by the war and are relatively more likely to be sent to and killed in Ukraine. They joined the fighting against the Kremlin alongside the Freedom of Russia Legion, and the Russian Volunteer Corps. The number of people in these groups is relatively small, likely thousands, compared to the Russian military. This means that even though the groups are successful in the Belgorod and Kursk regions, the territorial gains are not significant. However, the group’s activity does force Russia to move troops to these regions and away from Ukraine, helping the latter in their war effort. Black Sea Albeit often overlooked by the media, the Black Sea is where Ukraine arguably has booked its biggest successes in the past year. The Black Sea between Crimea and Odessa used to be a common missile launching site for the Russian Black Sea Fleet. From there, it would target the more western cities of Ukraine such as Odesa and Lviv. These missiles going for Western Ukraine would even overfly or closely pass by Moldovan airspace. Ukraine has sunk over 33% of the Russian Black Sea fleet, severely impacting its capabilities. Ukraine also recaptured or relieved the oil platforms in this section of the Black Sea, destroying or taking Russian Electronic Warfare systems. Robotyne The town of Robotyne, the endpoint of the Ukrainian counteroffensive last year, now sees combat action with Ukraine on the defensive. Russia has tried to take this settlement, presumably to start a collapse in the Southern defenses of Ukraine. To note is the use of over 60 year old T-55 tanks in an assault role, which up until then had only been seen in an improvised artillery role. As of writing, the Russian assaults have not been successful. Krynky Krynky is a small foothold near Kherson held by Ukraine, across the Dnipro river. Even after extensive fighting, the ZSU managed to hold onto the small town. It was first thought that the small town was used as a staging ground for operations on the Russian-held side of the river, but it seems that Ukraine holds on to it as a ‘thorn in the side’ of Russia, as well as to inflict maximum damage to any Russian units sent to reconquer the town. It is unclear how large the cost is for Ukraine to be present in Krynky. Expectations Russian Summer focus It is likely that after the coming mud season, Russia will launch an offensive again. The focus will likely be Kupiansk and Kharkiv. On top of the Ukrainian defenses already in place, a possible successful Ukrainian offensive in the coming summer would help in countering this threat. However, Russia has held the upper hand in the war for the past months and, due to slow western support, it has to be seen whether Ukraine can regain the upper hand in the second half of 2024. In a recent announcement, Russian defense minister Shoigu stated that by the end of the year, Russia is planning on forming two new armies. As announced, these two armies will be made up of 16 new brigades, and 14 new divisions. This will need a total of around 450.000-500.000 men to be recruited or mobilized, and the necessary weapons and vehicles prepared for action. Whether these plans are realistic, especially on the equipment part, remains to be seen. The manpower is likely to come mostly from mobilization of minority groups. The purpose of these new armies is up for speculation; whereas some expect they will be used in an attempt to ‘steamroll’ Ukraine, others worry that Putin is preparing for an offense on NATO. Ukrainian Summer focus Ukraine has announced plans for another attempt at an offensive for the coming summer. After the failure of last year’s offensive, likely due to a shortage of (promised) supplies and leaked battle plans, Ukraine aims for more success this year. The most likely goal would be another attempt at liberating Melitopol. The city is one of the closest major cities near the front line, and serves as a logistical hub for the Russian army. A wildcard attempt at liberating Crimea is a minor possibility, and would be a high risk-high reward scenario. Limiting Ukrainian plans is slow western support, especially US support. While some of the anticipated F-16s might be operational in time for the summer and will certainly be a helping factor, they are not likely to be game changing. Developments in the West Support for Ukraine in the West will likely remain uncertain, as many stakeholders are working against it and will likely continue to do so. Ukraine has already become a central issue in electoral campaigns, most notably in the US with the Republican Party presidential candidate Donald Trump stating he will stop supporting Ukraine if he becomes president. The Republican Party will likely continue to obstruct new aid bills in the US Congress, especially coming closer to the November presidential election. This will make the approval process of new aid for Ukraine long and uncertain, affecting its possibility to advance and retake territories. Tensions will likely remain in the EU as well, as Hungary and possibly Slovakia are taking increasingly pro-Russian stands in the European Council. The stance of Slovakia may be influenced by the results of the March-April 2024 presidential election, which sees a close race between pro-Russian candidate Peter Pellegrini and pro-EU candidate Ivan Korcok. These obstructions will probably impact the European Commission’s plan to use the interests earned by Russian frozen assets to finance the purchase of weapons for Kyiv. While the European Commission is seeking a more proactive role in supporting Ukraine, a new opposition front might arise as Austria, Ireland and Malta, traditionally militarily neutral countries, are increasingly concerned about supplying weapons and munitions to Ukraine. Ukraine trade with European countries will also likely be impacted as European farmers demand a solution to the disruption caused by cheaper Ukrainian tariff free imports. Nevertheless, Ukraine can count on the support of many European countries and they might decide to act separately from the European institutions in order to bypass obstructions by other countries. Conclusions The war in Ukraine is far from over. Russia dictates the direction of the war, without caring for losses, and Ukraine in full defense bringing as much damage as they can to the Russian army. The race seems to be between Russia grinding down the Ukrainian defenses, and Ukraine receiving more help from the West (mainly Europe), as well as being able to effectively start and increase weapon production in its own territory. For now it seems unlikely that NATO will directly join the conflict in any form. The West’s willingness to provide Ukraine with virtually limitless help has drastically reduced and, as a result, Ukraine is preparing to rely on its own production capabilities. Russia and specifically the Kremlin seem to be stuck in a sunken-cost fallacy. Therefore, it is unlikely that it will give up its goals in Ukraine unless it suffers a total defeat on the battlefield.

Date: 22/03/2024 Who’s involved: Nigerian government, insurgents and gangs, herder and farmer communities What happened? On 03/03/2024, hundreds of people looted a government warehouse in Nigeria’s capital, Abuja, followed by thousands of Nigerians rallying against soaring living costs on 05/03/2024. Nigeria's emergency agency responded by strengthening security at its warehouses. On 27/02/2024, protests broke out following the nationwide demonstrations organized by labor unions to voice their opposition to economic problems. On 23/02/2024, several individuals were fatally trampled outside the Lagos customs office as a result of a stampede occurring because of the sale of discounted bags of rice. The customs agency stated that the disbursement of the rice bags was a strategy of the government "to address the critical problem of food scarcity". On 07/03/2024, at least 287 school children were kidnapped by militant insurgents in Nigeria’s northwestern Kaduna State. Earlier that week, on 03/03/2024, at least 50 people were kidnapped from a camp for internally displaced persons in northeastern Nigeria, followed by another kidnapping of at least 15 pupils from a school on 09/03/2024. In this region, Boko Haram and Islamic State West Africa Province (ISWAP) operate frequently. On 14/03/2024, sixteen Nigerian soldiers were killed in Delta state while on an operation to stop fighting between the Okuama and Okoloba communities over land dispute. There are often violent confrontations over land disputes, fishing rights, or demands for compensation due to oil spills. On 17/03/2024, Nigerian soldiers attacked the Okuoma community after President Tinubu labeled the 14 March attack as “a direct assault on the nation”, prompting a response. While searching for those accountable for the killings of 14 March, the soldiers plundered communities and set fire to houses. Analysis: Over the last couple of weeks, Nigeria has experienced several attacks on grain storage sites, following a spike in living costs and a 30% increase in the food inflation rate. In 2023, President Tinubu made efforts to remodel the economy and removed long-standing fuel subsidies, claiming that this would reduce Nigeria’s debt. This was a widely unpopular move as it caused soaring inflation, especially for food. The deepening economic crisis is likely to worsen existing security concerns in Nigeria as crime, armed groups, and corruption rise in the country. Armed groups have targeted vital sources of income for the country in recent years. Theft and vandalism of pipelines in the Niger Delta have led to insecurity in the region, a drop in oil production, and international underinvestment in the sector. The energy infrastructure in the south remains vulnerable to attacks as long as socio-economic issues persist. Confrontations between nomadic (Muslim) herders and native (Christian) farmers stemming from disputes over land, have resulted in recent clashes with fatal outcomes. Farmers are also regularly forced by gangs to abandon their fields or pay extortion fees to access their own land. These factors impact food production, resulting in food shortages and increasing prices. In the north of Nigeria, Islamist insurgents and criminal gangs regularly stage large-scale kidnappings and frequent attacks on villagers and travelers. In some cases, huge sums of money have been transferred to the criminal parties, enabling them to acquire more weapons and recruit adherents. Kidnappings and attacks will persist and increase, given the lucrative nature of the crime. Conclusion The lack of affordable food is prompting looting in Nigeria’s capital, Abuja, and demonstrates how the country’s deepening economic crisis is having major security implications for its population. The World Bank has declared that Nigeria is experiencing ‘crisis food security’ levels, due to the persistent insecurity and armed conflict. Given that the government is sticking to its policy of cutting fuel subsidies, further raiding of warehouses, protests and discontent is likely to spread to urban centers.

Date: 22/03/2024 Where: Europe, Central Asia, North and South America Who’s involved: IBM “X-Force” (threat intelligence), various cyber threat intelligence groups, APT28 AKA Fancy Bear (Russian State-Sponsored Threat Actor), ITG05 (identified group or campaign) What happened? Since mid-March 2024, IBM’s Threat Intelligence “X-Force” has been releasing findings on a new phishing campaign to steal sensitive information by targeting governments and NGOs across four continents. The campaign, identified as “ITG05”, has significant overlap with APT28, famously identified as “Fancy Bear”. APT28 is connected to the Russian GRU, which means ITG05 is very likely part of a Russian military intelligence operation. Ukraine’s CERT-UA identified the campaign as a threat as early as December, identifying one of the tools that would later be attributed to the ITG05 campaign. As of late February 2024, ITG05 has been conducting phishing operations, both targeting and impersonating organizations from countries including but not limited to Argentina, Ukraine, Georgia, Belarus, Kazakhstan, Poland, Armenia, Azerbaijan, and the United States. Analysis: Reports from X-Force claim that the tools, tactics, and procedures observed in the ITG05 campaign strongly resemble Fancy Bear. The sustained operational intensity and evolving methods of ITG05 indicate that the group will continue to carry out malicious activity against global targets to support Russian state objectives​​. The phishing efforts orchestrated by ITG05 contain a blend of documents: some are sourced from public records while others seem to be crafted by the attackers. The lures used by ITG05 span a wide array of themes and attempt to draw in targets, encompassing areas like finance, essential infrastructure, senior executive meetings, cybersecurity, maritime safety, healthcare, and defense manufacturing. Many of the “lure” documents were designed to appear related to events happening in Israel and Palestine. The backdoor-seeking malware, known as MASEPIE, was found in emails directed towards Polish and Ukrainian government organizations as early as December 2023. APT28 was the Ukrainian government’s chief suspect at the time. APT28 and ITG05’s objectives are typically dedicated to obtaining access to adversarial systems, reconnaissance, and intelligence collection. Conclusion: The ongoing ITG05 campaign shares significant APT28 activities and tactics, and highlights the sophisticated and persistent nature of Russian state-sponsored cyber operations. This campaign's wide geographical scope and targeting of government and non-governmental organizations underline a strategic approach aimed at intelligence gathering, influencing geopolitical landscapes, and advancing Russian state interests. The diverse themes of the phishing lures, ranging from finance and infrastructure to geopolitical events, demonstrate ITG05's adaptability and targeted approach to engaging different victim profiles. The use of the MASEPIE backdoor, in particular, points to a focused effort on maintaining persistent access to high-value targets for long-term espionage and data exfiltration activities.

Written by Elena de Mitri With the ongoing war in Ukraine and recent comments by the US presidential candidate Donald Trump signaling a decrease in US military support to European allies, governments have sought to extensively improve their defense capabilities so that they will be able to autonomously defend the continent. Many European countries have announced increased defense spending for 24. The increase will likely include additional military aid to be delivered to struggling Ukraine, in a time where Russian industrial capacity hasn’t faltered despite the sanctions. Some politicians have called for an industrial focus on defense capabilities, dubbing it as a ‘war economy.’ But what would a “war economy” look like? While in 2023 only 9 European countries were meeting the 2% spending target set by NATO, it is expected that this number will increase in 2024. NATO secretary general Jens Stoltenberg has announced that 18 countries will meet the spending target 2024 and it is highly likely that many European countries will be among them. These initiatives point to a possible future change in the continent’s economic and industrial landscape as the defense industrial base is adapting to address the potential security threats posed by Russia’s destabilizing activities in the continent. Financial changes With the start of the Russian invasion of Ukraine, many European countries sought to support Ukraine by supplying military equipment and ammunition. As a consequence, their stockpiles have been severely depleted. Current defense expenses are mainly targeted at replenishing stockpiles and updating outdated equipment. But in order to permanently expand their military capabilities, European countries will have to rethink how they allocate their finances. The increased spending on defense will certainly require additional funding. With tax increases and issuing debt considered by economists as unfeasible options, the additional funding will likely come with cuts from other areas, such as climate transition and social spending. Social spending in particular has benefited from the European reliance on US defense spending to protect European territory. Widespread defense cuts after the end of the Cold War contributed to the establishment of the European welfare states in their current form. In order to enact the necessary cuts governments will need to convince the population of the necessity of more defense spending, especially in the more skeptical western parts of the European Union. Another option might be the establishment of a debt-funded European defense budget similar to the Covid-19 recovery fund. While this option seems quite appealing, it might take a longer time to materialize due to the slow decision making process that characterizes the European Union. The European Commission is seeking to play a role in this matter, with talks of a future Defense Commissioner post being established after the next European elections and an announced defense industrial strategy proposal. A key point of this proposal is an expansion of the joint procurement mechanism already set with the short-term European defense industry reinforcement through common procurement act. Joint procurement will likely be a critical part of this policy shift as it allows European countries to purchase military equipment and ammunition in bulk while keeping prices down. Nevertheless, unless member states decide to grant more powers to it, the European institutions will only be able to play a supporting role, subject to the member states’ desire to cooperate and harmonize on defense matters. Defense still is primarily a matter of national policy and it will likely remain dependent on the will of individual governments, especially considering the differences in threat perceptions among western and eastern Europe. A European defense industry? European countries are still very much dependent on the US defense industry for their military supplies. Nonetheless, European companies are benefiting from current geopolitical events. For example, German company Rheinmetall is currently expanding and opening new factories in European countries to face the increase in demand for its products from 2022. This trend will likely continue, especially considering the European Commission interest in strengthening the local defense industry. Buying from European companies will return the investment and contribute to the growth of the continent’s economy. An expansion of the defense sector will eventually provide new jobs and increased tax revenue. Moreover, in the long haul European security will be even stronger due to the autonomy provided by a strong local defense industry. In order to more effectively reap the benefits of this growth European governments will need to plan cooperatively their purchases, keeping in mind the importance of interoperability and possible future security challenges. While the European defense industry is on average more homogeneous than the US industry, many states still have different priorities when it comes to planning for defense purchases. National armies also retain different rules for equipment and logistics that will likely need to be standardized at a European level to improve interoperability. Cooperation is expected to remain widespread in the field of research and development, which will be fundamental for the future of defense in the continent. Cooperation mechanisms that are already in place, such as the European Defence Fund and the European Defence Agency, will likely be strengthened. Attracting investments will also be important to help the defense sector to expand and support the continent’s defense needs. As Germany has announced an ease on regulatory hurdles for investments in defense companies, it is likely that other governments will follow soon. Even the European Parliament has called for a change in the rules of the European Investment Bank so that it would be able to invest in defense companies. Joint procurement may provide increased predictability and push companies to expand production lines. Nonetheless, the changes affecting the defense sector will be subjected to the desires and objectives of individual governments. European countries have already been arguing about where to buy military supplies, with disagreements over a focus on European companies. But even if European countries agree on buying European weapons, there will likely be lengthy discussions as they need to decide which national companies will be prioritized. The human side of defense A considerable expansion of European military capabilities engenders many questions. But among them, one really makes a difference: if security threats materialize, who will be fighting? Only eight European countries still retain active compulsory military service, with some considerably easing the commitment required from citizens. Other countries are considering reintroducing it in the wake of the war in Ukraine, with lighter formats being tested. However there is a wide skepticism that conscription would still work considering the increasing complexity of the equipment currently employed in European armies and the little time that conscripts spend in training. Moreover, young Europeans tend to be less willing to accept conscription in case of a war compared to previous generations. On the other side, countries that rely on professional armies have seen a decrease in the number of troops for the last few years. Most European armies are currently struggling to meet their recruitment targets. While defense investments are important, governments would also need to increase the appeal for joining the military. The private security sector is competing to attract new recruits with higher salaries, higher living standards and better benefits, making the army increasingly unpopular. An uncertain future With defense being a prerogative of European Union member states, it is very likely that there will be an increase in multilateral cooperation on defense related matters, in line with the recent trend of joint procurements and research financing. Nevertheless, the changes required to push further the European defense industry require political will and public approval to enact them. Getting public approval will be especially complex in Western Europe, as the perceived threat is weaker than in Eastern Europe. While European institutions are seeking to play a more central role in this matter, some countries have perceived it as an unacceptable meddling into private affairs. National governments and politics will likely continue to be the main influence in future defense developments as defense is still considered a key national prerogative.

Written by Britt Verregghen - March 2024 Despite decades of espionage activities by China’s Ministry of State Security (the foreign and domestic intelligence service of the People’s Republic of China), recent cases in Europe show that China’s espionage remains a key concern for European businesses and society. Reports of China’s sophisticated efforts to gather foreign intelligence and influence political opinion in Europe through covert operations have increased. This is due to Europe’s strategic importance for China, with China’s aim to separate it from the influence of the United States and improve its economic ties and improve China’s image in the continent. Intensifying covert operations makes it vital for governments, companies, and individuals to remain proactive in defending against these threats. Covert Operations in Europe There are three main ways in which China’s Ministry of State Security (MSS) conducts its espionage activities and more closely observes threat actors.  The first is to take sensitive or confidential information from assessed targets and use it to benefit the PRC’s interests. This could be done through traditional human intelligence operations, cyber intrusions and hacking, or economic/business espionage and exploitation. The second is attempting to influence debates such as on EU policies through infiltrating parliaments and other strategically important institutions, such as universities or policy institutions (influence operations). The third, particularly used by the MSS, is targeting dissidents abroad and trying to repress them. The following cases are examples of these methods. On the 6th of February 2024, the Dutch Military Intelligence Service (MIVD) revealed that signs of espionage operations were found within their computer networks last year. Officials from the MIVD explained that a state-actor from China used malware to maintain access to Fortinet systems, an organization that provides worldwide cybersecurity. Although it is a sensitive issue, the MIVD still chose to discuss the matter publicly to create awareness around this subject for other Dutch organizations. The Chinese embassy in the Netherlands responded the following day, saying that they are ‘always firmly opposed to cyber attacks in all forms in accordance with the law.’ Still, the MIVD’s disclosure of the Chinese modus operandi is an indication of the level of certainty about China’s motive and liability.  Despite the sensitivity surrounding the breach, the MIVD deemed it necessary to warn all Dutch companies and organizations to improve their systems and infrastructure. China has also performed attacks against other European countries, Belgium for example. In December 2023, a Chinese spy used a far-right Belgian Politician to gather intelligence for over three years and bribed him into making anti-European decisions. The politician was at the end of his career, which made him an appealing target. He had a broad network of contacts, but was no longer a high-threat individual in the eyes of the Belgian Parliament. That way he could intervene in discussions in favor of decisions that would ultimately benefit Chinese interests. A similar event came to surface in the UK House of Commons, where a British parliamentary researcher was arrested on grounds of spying for China in March 2023. In this case, the person concerned was never granted a security clearance, yet he worked closely with several prominent Conservative Members of Parliament who handled sensitive matters and information. He also publicly advocated for the Chinese community in the UK, but his covert goal was to infiltrate British political networks critical to Beijing. The MSS also targets Chinese dissidents abroad, especially within Europe. For example, China has been placing police stations with their own officers in foreign countries to actively monitor Chinese dissidents living abroad. According to the PRC, their goal is to help overseas Chinese with administrative matters, like getting their driver's license. However, these stations do not appear to be registered with the government of the host country. The police officers monitor a variety of groups, including multiple ethnic and religious minorities, political dissidents, human rights activists, journalists, and former insiders accused of corruption. In some cases they track down the individuals and suppress them. In other cases they use social media accounts to harass these dissidents. China’s Espionage Strategy China’s espionage activities are not a new phenomenon. Yet the intensity and sophistication of China’s clandestine operations against European countries has picked up in recent years. This departs from previous Chinese foreign policy which sought to maintain good trading relationships with many countries to improve trade links and promote economic growth. Why does the CCP use covert operations against European targets? President Xi Jinping's increasing focus on covert operations is a part of his emphasis on security. The ‘comprehensive national security’ concept describes a policy where all aspects of China’s society and relations with the outside world are considered issues of national security. This is reflected in the growing importance of the MSS in China’s political system. The MSS collects foreign intelligence, counterintelligence and is responsible for the perceived threats to the CCP. Without this supply of information gathered through espionage operations, the PRC can’t promote its interests in Europe. The MSS is targeting European businesses and governments as part of its geopolitical strategy. Europe is a target for a number of reasons. Access to European critical technologies in artificial intelligence and quantum computing is a key target as China attempts to build its own advanced technologies. Another objective is to influence investment and trading relationships with different EU countries, especially given the confrontational trading relationship from the Biden Administration in the US. Gaining further information about EU geopolitical intentions would allow China to update its own strategy toward the continent. The MSS focus on influencing European parliamentarians, targeting Chinese dissidents abroad, and exploiting existing divisions in European societies demonstrate the strategy used to secure China’s foreign policy goals in Europe. Conclusion China’s increasing espionage operations and political interference pose a threat to European businesses and civil society, as well as political institutions. This is likely to intensify as EU-China relations remain tense. China’s tacit support of Russia in its war against Ukraine, the clampdown on information in China, and the EU’s possible restrictions on China’s electric vehicles may lead to further espionage operations to prevent negative outcomes for the PRC. European countries will have to navigate a delicate balance in their relations with China and remain vigilant against espionage threats to their operations and business activities. Given the close economic ties between Europe and China, it is important to find a balance between improving security against China’s covert operations and further  economic advantages. Businesses and organizations need to implement measures to protect themselves against Chinese espionage and stay aware of the risks present.

Date: 13/03/2024 Who’s involved: Fronte di Liberazione Naziunale Corsu (FLNC), France, Corsica, Corsican nationalist movement. What happened? On 02/03/2024,  violent clashes erupted in Bastia, Corsica between the police and around 200 nationalists during a protest asking for more rights for Corsican freedom activists. The protestors threw rocks and other projectiles at the police, who responded with teargas and baton charges. The protest was held on the second anniversary of the death of a well-known Corsican militant Yvan Colonna, who was serving a prison sentence for his involvement in several terrorist activities throughout the years. He was killed in prison during a fight with an Islamist inmate allegedly over Colonna “disrespecting Mohammed”. On 01/03/2024, Corsican prosecutors announced that they would start an investigation into the possible “apology of terrorism” by the Corsican nationalist youth group Ghjuventu Indipentista (Independent Youths) who are allegedly responsible for distributing leaflets saying that the “struggle for independence should continue and that the FLNC is the organization that will help get Corsica independence”. On 29/02/2024, the French Minister of the Interior Gerald Damanin had talks with Corsican representatives addressing the possibility of more autonomy for Corsica within France in the near future. In September 2023, the French President Macron first proposed granting Corsica some autonomy, overturning previous French policy. On 08/02/2024, the FLNC targeted with an explosive device a house under construction in Santa Lucia di Moriani, Corsica. Since the start of 2024 there have been several bombings targeting primarily tourism related buildings and second houses of French citizens. Analysis: The Corsican nationalist movement is not homogeneous. While many parties and politicians are aiming for a constructive dialogue with the central French authorities to gain more autonomy, other parts of the movement, such as the FLNC, refuse any ties with France and instead advocate for an independent Corsican state. Founded in 1976, the Fronte di Liberazione Naziunale Corsu (FLNC) is a militant independence group that was mainly active in the 1970s and 1980s. They targeted mainly buildings in Corsica and mainland France through bombings, especially government and police buildings and second houses of non-natives. In June 2014 the group announced its retirement but reemerged in 2022 after the death of Yvan Colonna, with spikes of up to twenty attacks in one night to express dissent against the policies of the central government. With Macron’s promise of delivering legislation for Corsican autonomy by March 2024, talks between the French government and Corsican authorities have increased. While the Corsican Assembly retains legislative power in some areas, local politicians have long campaigned for effective autonomy. Discussions will likely be lengthy as some French politicians are reluctant to devolve powers to autonomist movements. Other regional leaders seemed keen on asking for equal treatment after the news of Macron’s promise. Moreover, the changes required by Corsican authorities will involve changes to the Constitution of France and will likely be opposed by members of the Senate and the National Assembly. Corsican autonomy is still a divisive subject in France. A 2022 poll revealed that roughly half of the total population of France is in favor of Corsican autonomy, with right-wing voters being overall opposed to the idea. On the other hand, the FLNC has maintained their request for full independence from France, often stating that Corsica has no common destiny with mainland France. Even if autonomy is granted to Corsica, it is highly likely that they will continue to fight as it does not align with their requests. Bombings continued even after Macron’s promise of full autonomy, showing a spike in activity after he announced that the government was ready to grant autonomy. Violent nationalist independence movements like the FLNC are seemingly in decline across Europe. With more freedom and autonomy given to contested regions and a local population tired of violence, radical independence groups have lost their wider societal base. But with the lack of gaining independence and a tendency of national governments to reject handing autonomy to specific regions, there is a growing unrest and impatience among younger nationalists. In Corsica the nationalist independence movement is now smaller in size and has less societal support, but they do consist of a group of young people who are willing to undertake more illegal actions. Rioting with the police, arson and sabotage and even planting bombs is not seen as counterproductive to the cause. The new generation of independentists have less faith in treaties and governmental promises and want to see more extensive change happening. Movements like the FLNC incorporate anti-capitalist, anti-fascist and radical environmental ideas that speak to the younger generation who are more concerned about the growing wealth gap, climate change and the rise of anti-immigration political parties. The political process is going too slow for them. It is likely that the new generation of FLNC and related groups will gain more traction in the coming months and years. Conclusion: After the riots on the second anniversary of the death of Yvan Colonna, Corsica seems to be headed towards a new chapter of independence movement radicals taking their cause to the streets and away from the parliamentary negotiations. With the FLNC rejecting the talks on autonomy between Corsican authorities and the central government, Corsica will likely see an increase in violent activities by the FLNC as it ultimately strives for independence from France. Violence will target mainly governmental and police buildings but also tourism related areas and non-native second houses. Moreover, it is uncertain whether Corsica will be effectively granted autonomy from the government as it remains a contentious issue and many politicians are opposed to any compromise on the unity of the Republic.

Date: 13/3/2024 Where: US, Russia Who’s involved: Microsoft corporation, APT29 AKA Midnight Blizzard or Cozy Bear (Russian State-Sponsored Threat Actor) What happened? On January 12th, Microsoft found that a threat actor had gained access to a legacy system that was not customer-facing in late November 2023.  The threat actor was identified as having come from Russia. By logging into this system, they gained access to Microsoft corporate email accounts, though this was not disclosed at first. A Microsoft report was issued on January 19th to consumers, claiming that the event was of no major significance and posed no threat to user account information. On January 25th, Microsoft reported that Russian hackers had gained access to source code repositories during the earlier attack. This was more damaging than initially reported, with the threat actor accessing some of the company's internal systems. Microsoft revealed that the volume of some tactics that were used in the attack had increased by as much as 10-fold in February compared to January 2024. This increase was attributed to the group using information initially exfiltrated from Microsoft's corporate email systems On March 11th, an update from Microsoft indicated that the January attack by Russian hackers was more damaging than originally reported, with it now confirmed that the Midnight Blizzard (APT29) group accessed some of the company's internal systems and software source code. Analysis: Midnight Blizzard, once famously known in the media as Cozy Bear, is one of the oldest and most skilled offensive hacking groups affiliated with the Russian state. Active since at least 2008, they achieved fame as the group associated with both the 2016 Democratic National Convention intrusion attempts and the 2020 SolarWinds hack, which caused massive supply chain disruptions. Achieving backdoor access to Microsoft applications, particularly Cloud deployments, presents a mother lode for Advanced Persistent Threats (APTs), as it could empower them to infiltrate thousands of organizations around the world. This would include defense, engineering, and software development firms. As well, a plurality of government departments in North America and Europe are reliant on Microsoft deployments. Microsoft’s findings indicate that Midnight Blizzard had access to its systems for over two months before being detected. The efficacy of brute-force tactics in this situation indicates that the compromised email accounts were not protected with multi-factor authentication (MFA). The tactic that worked in the initial attack is known as “password spraying”, wherein a threat actor will make login attempts in bursts small enough to not trigger maximum login attempt warnings. Conclusion: The recent revelation by Microsoft about the breach conducted by the Russian state-backed group, Midnight Blizzard (APT29), marks another significant episode in the ongoing cyber conflict involving state-sponsored actors. This incident highlights the sophisticated tactics and persistent threats posed by these groups to global cybersecurity infrastructure. On a more actionable level, This incident reinforces the importance of implementing strong security practices, such as multi-factor authentication (MFA), to protect against password spraying and other brute-force tactics. The breach also signifies the interconnected nature of global cybersecurity, where an intrusion into one major entity like Microsoft can have far-reaching implications for countless organizations and governments. As such, collaborative efforts and information sharing between public and private sectors are essential to strengthen defenses and resilience against state-sponsored cyber activities. As geopolitical tensions continue to manifest in the cyber realm, this event serves as a reminder of the evolving landscape of cyber warfare and espionage. Companies, especially those providing critical IT infrastructure like Microsoft, are prime targets and must remain at the forefront of cybersecurity efforts to protect not only their assets but also those of their clients worldwide.

Date: 08/03/2024 Who is involved: Haitian gangs (mainly G9), Haiti interim Prime Minister Ariel Henry, Kenyan government, the UN What happened? On 29/02/2023, Haiti witnessed an escalation of violence which caused 15,000 displaced people and at least 12 victims, including police officers. The unrest was triggered by Haiti de facto Prime Minister Ariel Henry's visit to Kenya, to sign a  reciprocal deal with Kenyan President Ruto for the deployment of Kenyan police officers to support the Haitian government in combating gangs. On 03/03/2024 gangs launched a coordinated attack targeting two of the main prisons of Port-au-Prince, freeing over 4,700 inmates, at least 9 police stations and other public buildings and critical infrastructure. In response to these, Haiti's government declared a state of emergency and imposed a nighttime curfew which were extended respectively until 03/04/2024 and 10/03/2024, after an escalation of violence saw gangs setting fire to police stations in Port-au-Prince, and breaking into a major port terminal and looting containers. Haiti’s main port terminal is now suspending operations, and The World Food Programme has suspended its maritime transport services to Port-au-Prince from distributing aid to Haiti, due to instability. Many health centers have been forced to reduce their operations too, due to violence and the lack of medicine and personnel. On 04/03/2024, gunmen tried to seize control of a police academy and the Toussaint Louverture International Airport. Some aircrafts have been damaged by gunfire. Prime Minister Henry is currently not in the country. On 05/03/2024, he landed in Puerto Rico, after he was denied entry to Haiti. Gangs, which are currently controlling 80% of capital Port-au-Prince, are calling for Henry’s resignation. Jimmy “Barbecue” Cheriezier, leader of the powerful gang federation G9 in control of most of Port-au-Prince, announced on 05/03/2024 that gangs will prevent the return of Henry in the country. He called for a “civil war”, if the interim PM does not resign and claimed responsibility for the coordinated attacks of the last few days. Amid the mounting pressure to step down, and for safety, especially after the seizure at the airport, Prime Minister Henry has not been able to return to Haiti. His whereabouts were unknown for a few days after the attacks on the prisons and the airport, until 05/03/2024, when he landed in  Puerto Rico, after being denied permission to land in the neighboring Dominican Republic. Following the spike of violence, on 07/03/2024, the U.S. urged Haiti PM to expedite the political transition to prevent a further deterioration of the security and humanitarian crisis. On 06/03/2023, Guyanese President Ali, the Caribbean Community (CARICOM) chairman, of which Haiti is a member, stressed the need for international community support. On the same day, the U.N. The Security Council held a closed door meeting on Haiti, after the UN Secretary General António Guterres called for all political actors to see “urgent action, particularly in providing financial support for the multinational security support mission” in Haiti. Caribbean officials stated that the leaders of CARICOM spoke with Henry and presented several alternatives to end the deepening crisis, including his resignation, but they were not able to reach any form of consensus. All international airlines have suspended flights to Haiti. The airport is being actively targeted, and it is now effectively closed. The Dominican Republic civil aviation authorities have closed all flights to and from Haiti, and increased security at the border with Haiti. In 2023, due to the large flow of migrants and displaced persons, the Dominican Republic had already closed its border, and refused access to Haitian refugees. Nearby nations have secured their borders, too. A maritime blockade was established in the southeastern Bahamas, amid fears of mass migration from Haiti. Analysis: Gang violence has been going on for years in Haiti, the humanitarian and security situation has been unstable for decades, and the escalated violence has caused Haiti’s democratic crisis to deteriorate even further. The power of gangs has increased through smuggled firearms, which made them achieve a high degree of military capacity and financial capital. In 2023, over 5000 killings were reported and more than 310,000 people were internally displaced in Haiti, mostly from the capital. Currently, aid groups estimate that more than 15,000 people have fled their homes in the past week. The latest escalation of events is worsening the already dramatic humanitarian situation, and the UN humanitarian affairs agency has warned that the country’s health system is “nearing collapse”. International observers and humanitarian organizations are urging for emergency aid and support for the population in Haiti. The recent seizure and looting to the main port of Haiti are affecting the distribution of essential supplies by aid organizations. Maritime routes are the only way to transport aid from Port-au-Prince to the rest of the country, which poses a serious problem to the delivery of food and medical supplies. According to the UN Office for the Coordination of Humanitarian Affairs, currently there are a dozen trucks of aid, filled with food, medical supplies and equipment stuck in the port of Port-au-Prince. The recent attacks to the police stations further curbed the capacity of police forces to respond adequately to the gang attacks. Nine police stations have been torched and the National Police Academy has been destroyed. Gangs have also set fire and looted more than twenty other buildings, including the peace court in Croix-des-Bouquets. Since he visited Kenya to conclude the deal for the Kenyan police forces to lead a multi-national force to help restore Haiti, Prime Minister Henry has not given any public statements. Many Haitians consider Henry accountable for the escalation of violence and inability to curb gang-violence. His government is perceived by many as corrupt, as he was supposed to step back after the President Jovenel Moïse assassination in 2021, and ensure parliamentary and presidential elections by 07/02/2024. Currently, there are no elected officials in Haiti’s government. The Security Deal between Kenya and Haiti is a bilateral agreement that came as part of the "Multinational Security Support" (MSS), a year-long international force mission led by Kenya, approved by the United Nations on 2/10/2023, but halted in January 2024 by a Nairobi court. Kenya committed to deploy 1000 police officers to help combat gang violence. However, after the recent events, Kenyan police officers who had volunteered for the deployment have opted out for their safety. Reservations about the MSS also originate from Haiti’s troubled history with international interventions. The last international intervention, the U.N.’s 2004-2017 MINUSTAH mission, resulted in a massive sexual abuse scandal and a cholera epidemic, killing some 10,000 people. Moreover, some states have been reluctant to openly support Ariel Henry’s contested government. Conclusion: The situation in Haiti is highly unstable and volatile, and the violence is likely to continue. The recent escalation of violence threatens to make the humanitarian and security crisis in the country irreparably worse, exacerbating even further the migrant crisis in the Caribbean. Without international intervention, and humanitarian assistance, it is unlikely that Haitian authorities and law enforcement will be able to curb gang violence. Yet, the international community would likely have a hard time supporting such a contested government deemed illegitimate by the local population. The attacks on law enforcement and state institutions of the past week are pushing for Henry’s removal, and gangs including the G9, will continue to oppose Prime Minister Henry until elections are granted. With the current situation and the gang's active threat to government institutions, it may be impossible for interim PM Henry to re-enter the country and establish control over the current situation.

Date: 08/03/2024 Who’s involved: Moldova, Gagauzia, Transnistria, Russian Federation, Turkey, France, Romania What happened? On 07/03/2024 Moldova signed a cooperation agreement with France on defense matters among reports of increasing destabilization  efforts, such as disinformation and cyber attacks, by Russia against the country. On 05/03/2024 Moldovan authorities denounced plans by the Russian Federation to increase destabilizing activities in the country in 2024 to push the country away from its pro-EU path and closer to Russia ahead of the planned November elections. In February 2023 Moldova accused Russia of plotting a coup to overthrow the current pro-EU government. Situated in the south of Moldova, Gagauzia is an autonomous territorial unit populated by a Turkic ethnic minority. Under the Soviet Union, Gagauzia already sought independence from Moldova. In 1995, Gagauzia was awarded autonomy by the government of the newly independent Moldova, with guarantees enshrined in the Moldovan Constitution. The population and the government of Gagauzia have always taken a pro-Russian stance as they retain cultural, linguistic and economic ties with the Russian Federation. On 06/03/2024 Evghenia Gutul, the leader of Gagauzia, met with Putin in Moscow and asked for support and described the central Moldovan government as economically and politically oppressive towards the Gagauz people. Moldova’s prosecutor general announced legal action against Gutul for her involvement in unspecified illegal actions. In 2014 Gagauzia held a referendum on its international stance. The referendum was considered illegitimate by Moldovan authorities. Voters overwhelmingly rejected closer political integration with the European Union in favor of joining the Russia-led CIS Customs Union. They also supported the region’s right to declare independence if Moldova loses its independence, likely referring to talks of a possible Romania-Moldova reunification. Transnistria, a region de facto independent, has also shown pro-Russian views. The majority of the citizens are in favor of joining the Russian Federation, which has a strong influence on the local economy. Since the 1990s Transnistria has hosted 1,500 Russian troops and arms depots dating back to the Soviet Union. Russia is also involved in the management of the local army and secret services. Leaders of Transnistria asked Russia for protection, as did Gagauzia, in late February 2024. Half of the population of Transnistria has Russian nationality or a Russian passport and is allowed to vote in the Russian elections. Moldova is however trying to stop the Russian embassy from handing out ballots. In recent years Russia and Turkey have been in competition with each other over who has more control in Gagauzia. With the inhabitants being of Turkic origin, even though they are Christians, Turkey feels that it has cultural ties with the region. By investing in schools where the Gagauzian language is spoken and by investing in cultural heritage institutions Turkey has increased its role in Gagauzia. In the meantime Turkey has been complaining about Russia trying to turn Gagauzia into a Russian speaking enclave. Analysis: With the invasion of Ukraine advancing only slightly Russia seems to want to divert attention away from Ukraine and is starting to entice other “Russian break-away” regions to be more vocal about their desires to join the Russian Federation. Not only is Russia openly supporting the Moldovan region of Transnistria, but it has also supported the Gagauzian pro-Russian groups more openly. This in combination with the announcement of the opening of a new naval base in the break-away republic of Abkhazia in Georgia seems to be part of a strategy from President Putin to advance his “Greater Russia” plans. A military confrontation between Russia and Moldova could mean that Romania and the rest of the EU and NATO may be involved. This will stretch EU and NATO resources across a long dividing line through Eastern and South-Eastern Europe. There is a chance that Russia will take advantage of this situation by getting the West to agree on more autonomy for Transnistria and Gagauzia in an attempt to prevent a military confrontation. France and Romania have openly stated that they will help Moldova reinforce its military, but it seems that the focus lies more on a defense basis than on offensive capabilities. Moldova is not equipped to fight Russian and pro-Russian forces in Transnistria and Gagauzia and it is not likely that France and Romania will militarily intervene if the break-away regions announce total autonomy or even claim membership of the Russian Federation. It is likely that Russia will increase its pressure on Moldova by more openly supporting Transnistria and Gagauzia through means of propaganda, cyber attacks, election tampering and, not unlikely, violent action through various means like sabotage, terrorism or even sending Russian troops into the regions to “protect” the pro-Russian population from Moldovan “repression”. Any such action will be taken as an act of aggression by Moldova and the EU/NATO, but without an actual physical confrontation it is not likely that Russian plans will be thwarted. The EU and NATO will put pressure on Moldova to not intervene militarily as this will endanger the very fragile peace between Russia and the West. Conclusion: Recent Russian statements expressing support for Transnistria and Gagauzia can be interpreted as part of a wider regional strategy seeking to destabilize pro-EU countries in Eastern Europe. Even though a military confrontation is unlikely to happen, Moldova will be under increasing pressure from Russian disruptive activities to compromise the country’s ties to the European Union. The “Greater Russia” plan of President Putin has strong support in Russian and pro-Russian populations, where it is felt that all people who consider themselves to be of Russian descent have the right to join the Russian Federation and deserve military protection against perceived repression. This point of view will undoubtedly cause further unrest in the coming future as long as Putin stays in power.