Category: Intelligence

People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations


FBI and CISA Warn Against Chinese Targeting of COVID-19 Research Organizations

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are issuing this announcement to raise awareness of the threat to COVID-19-related research.

The FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by PRC-affiliated cyber actors and non-traditional collectors.

These actors have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.

The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.

The FBI and CISA urge all organizations conducting research in these areas to maintain dedicated cybersecurity and insider threat practices to prevent surreptitious review or theft of COVID-19-related material.

FBI is responsible for protecting the U.S. against foreign intelligence, espionage, and cyber operations, among other responsibilities.

CISA is responsible for protecting the nation’s critical infrastructure from physical and cyber threats. CISA is providing services and information to support the cybersecurity of federal and state/local/tribal/territorial entities and private sector entities that play a critical role in COVID-19 research and response.

Recommendations

  • Assume that press attention affiliating your organization with COVID-19-related research will lead to increased interest and cyber activity.
  • Patch all systems for critical vulnerabilities, prioritizing timely patching for known vulnerabilities of internet-connected servers and software processing internet data.
  • Actively scan web applications for unauthorized access, modification, or anomalous activities.
  • Improve credential requirements and require multi-factor authentication.
  • Identify and suspend access of users exhibiting unusual activity.

Victim Reporting and Additional Information

The FBI encourages victims to report information concerning suspicious or criminal activity to their local field office.

For additional assistance and best practices, such as cyber hygiene vulnerability scanning, please visit cisa.gov/coronavirus.

FBI.gov (May 2020) People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations

As Coronavirus Spreads, Authorities Target RFE/RL Journalists In Effort To Control Information


As the coronavirus continues to spread, Radio Free Europe/Radio Liberty (RFE/RL) journalists have increasingly found themselves caught between the needs of citizens for reliable information, and the efforts of authoritarian governments to control the public’s understanding of events.

“People in 22 countries depend on our journalism, which is providing critical information to help them protect themselves and keep their families and communities safe,” said RFE/RL President Jamie Fly. “But at the same time, we are facing restrictions and threats from authorities who see the independent media as an obstacle to their efforts to control information for their own purposes. Despite this growing pressure, our journalists will not be deterred from our mission of providing objective journalism to our audiences at a time when they need it most.”

RFE/RL’s audience numbers surged in March as concerned audiences sought accurate information about the coronavirus pandemic amid government inaction, disinformation, and an information void.

Compared to the previous month, visits to RFE/RL websites and apps increased 48% to 77 million, page views were up by 43% to 128.5 million, and unique visitors increased 50% to 33.5 million.

Spikes were similarly registered on social media platforms, with video views on Facebook rising by 44% to 351 million, and views on YouTube increasing by 18% to 144.5 million. RFE/RL also saw spectacular growth on Instagram — particularly in Persian, Uzbek, and Tajik — with a 46% jump in video views to 67.5 million for the month.

But there has been push back.

On April 5, the Russian State Duma commission on foreign interference announced a review of coronavirus coverage by RFE/RL’s Russian Service and the Current Time network, alleging that the outlets were misreporting the availability of medical equipment, the role of Russian doctors in Italy, and the enforcement of pandemic-related regulations.

A Moscow neurosurgeon who spoke with Current Time about a lack of protective equipment and supplies at his hospital was threatened with dismissal.

Rights monitors have expressed concern that a law passed on April 1 against knowingly misinforming the public about the coronavirus may be used against reporters who publish coverage critical of the government’s response.

The law has already been used to detain a St. Petersburg activist – and to seize her computers and telephone — who had posted concerns on social media about inadequate quarantine measures at medical facilities in a nearby town.

Russian independent newspaper Novaya Gazeta says it has taken down an article about measures introduced to tackle the coronavirus in the North Caucasus region of Chechnya following a request by the country’s media regulator, Roskomnadzor. Chechen leader Ramzan Kadyrov had slammed the article as “absurd” and threatened to harm the author, Yelena Milashina.

Restrictions accompanying Kyrgyzstan’s state of emergency have sidelined RFE/RL journalists by requiring that persons seeking to access central Bishkek – where RFE/RL’s local bureau is located — obtain special passes. Authorities initially claimed that the media would be exempt from the new measures, but journalists with Current Time’s flagship Asia program have received no permissions, while reporters with state media have been allowed to access their downtown offices to work.

Earlier this month, as the magnitude of the pandemic was unfolding among populations around the world, authorities in Tajikistan issued the latest in a string of rulings refusing to accredit RFE/RL journalists and staff.

The Tajik Service’s YouTube page has recorded an explosive 150% increase among subscribers in the past year, to more than 1 million, with much of the growth registered in recent months because of the absence of alternative reporting about the pandemic and any preventive response from the government.

Indeed, the government has avoided public use of the term “coronavirus,” while keeping mosques open and convening public celebrations of national holidays even as its neighbors enforce wholesale lockdowns. When the Service broke the story of the country’s first coronavirus death on April 5, pro-government publishers and trolls retaliated on Facebook, using obscene hashtags to incite violence against its journalists.

Belarus President Alyaksandr Lukashenka’s campaign of denial similarly puts journalists reporting on the pandemic at risk. He has dismissed concerns about the coronavirus as a “psychosis,” and exhorted the public to attend the matches of Europe’s only still-fielded soccer league. Award-winning RFE/RL Minsk-based journalist Alexandra Dynko says that journalists in her country “have been vaccinated against fear,” since “on a daily basis they dare to report on what they see and what they hear.”

These measures all come as audiences in RFE/RL’s markets have been bombarded with conspiracy theories about the virus and Russian, Iranian, and Chinese disinformation about its origins and those countries’ responses to it.

RFE/RL’s Armenian and Russian Services have reported extensively to debunk these myths and theories, while RFE/RL’s Bulgarian Service has sought to counter a growing anti-EU narrative propagated by the government that misrepresents the role of EU assistance and threatens public health.

RFE/RL’s Central Newsroom has produced video reporting for use throughout RFE/RL’s coverage area on efforts by both China and Russia to target global audiences with COVID-19 propaganda.

RFERL.org (April 2020) As Coronavirus Spreads, Authorities Target RFE/RL Journalists In Effort To Control Information

US Issues an Advisory on North Korean Cyber Threats

On Wednesday, April 15, the U.S. Departments of State, Homeland Security, and Treasury, and the Federal Bureau of Investigation issued an advisory to raise the awareness of the cyber threat posed by North Korea.


On Wednesday, April 15, the U.S. Departments of State, Homeland Security, and Treasury, and the Federal Bureau of Investigation issued an advisory to raise the awareness of the cyber threat posed by North Korea. 

The advisory highlights North Korea’s malicious cyber activities around the world, identifies U.S. government resources that provide technical and threat information, and includes recommended measures to counter the cyber threat.

North Korea’s malicious cyber activities threaten the United States and countries around the world and, in particular, pose a significant threat to the integrity and stability of the international financial system.  The United States works closely with like-minded countries to focus attention on and condemn disruptive, destructive, or otherwise destabilizing behavior in cyberspace.  

It is vital for foreign governments, network defenders, and the public to stay vigilant and to work together to mitigate the cyber threat posed by North Korea.

The DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system. Under the pressure of robust U.S. and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs.

In particular, the United States is deeply concerned about North Korea’s malicious cyber activities, which the U.S. government refers to as HIDDEN COBRA. The DPRK has the capability to conduct disruptive or destructive cyber activities affecting U.S. critical infrastructure. The DPRK also uses cyber capabilities to steal from financial institutions, and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent with the growing international consensus on what constitutes responsible State behavior in cyberspace. 

The United States works closely with like-minded countries to focus attention on and condemn the DPRK’s disruptive, destructive, or otherwise destabilizing behavior in cyberspace. For example, in December 2017, Australia, Canada, New Zealand, the United States, and the United Kingdom publicly attributed the WannaCry 2.0 ransomware attack to the DPRK and denounced the DPRK’s harmful and irresponsible cyber activity. Denmark and Japan issued supporting statements for the joint denunciation of the destructive WannaCry 2.0 ransomware attack, which affected hundreds of thousands of computers around the world in May 2017. 

It is vital for the international community, network defenders, and the public to stay vigilant and to work together to mitigate the cyber threat posed by North Korea. 

The North Korean Cyber Threat Advisory can be viewed at: https://www.us-cert.gov/ncas/alerts/aa20-106a.

State.gov (April 2020) The United States Issues an Advisory on North Korean Cyber Threats

Chinese Pastor Charged with Subversion of State Power


House Church Pastor Arrested for Refusing to Join State-Vetted Church

International Christian Concern (ICC) has learned that a house church pastor in China’s Hunan province was arrested on April 2, after being criminally detained since March 14 for “inciting subversion of state power.”

On April 11, Bethel Church sent out an urgent prayer request for its pastor, Zhao Huaiguo, asking for nationwide prayers for its pastor who was arrested on April 2 on subversion charges.

Automotive Best Sellers

Zhao, the founder of Bethel Church in Cili county, has served at his church for 13 years, cultivating many leaders among the several hundred members. The church refused to join the state-vetted Three-Self church and was banned last year by the government.

According to China Aid, a local Christian shared that the authorities have been hostile toward Pastor Zhao since his church refused to join the state-sanctioned church and rejected government officials’ intervention. “He was accused of proselytizing and distributing Gospel tracts, which were considered illegal acts. After Lunar New Year last year, the religious bureau forced the church to disperse, to which it refused. The official ban arrived last April,” said the local Christian.

On April 10, 2019, nearly 50 people from the local authorities raided Bethel Church, damaging church property and confiscating Bibles, a piano, and hymn books. Pastor Zhao and other members were questioned and warned.

A Bethel Church member told China Aid that from March to December 2019, the public security police have repeatedly harassed the church, taking its preachers in for investigation and forcing them to sign an agreement that they would not preach or hold any more religious activities.

Following Zhao’s arrest, the authorities have been investigating the church’s offering and its sources, in an effort to find proof to accuse Pastor Zhao. Yet, since the church members refused to provide information, the police have made little progress thus far.

Gina Goh, ICC’s Regional Manager for Southeast Asia, said“For the Chinese Communist Party (CCP) to slap the charge of ‘inciting subversion of state power’ on Pastor Zhao, typically used against human rights lawyers and activists, it shows how the regime is fearful of anybody who is disobedient to the CCP. The laws in China now have become tools for the government to silence and weaken its citizens’ influence, even in a religious setting. The lack of rule of law in China should gravely concern the international community.”

Persecution.org (April 2020) Chinese Pastor Charged with Subversion of State Power

Defense Department Linguist Charged with Espionage

Mariam Taha Thompson, 61, formerly of Rochester, Minnesota, was charged today in the District of Columbia with transmitting highly sensitive classified national defense information to a foreign national with apparent connections to Hizballah, a foreign terrorist organization that has been so designated by the Secretary of State.


Mariam Taha Thompson, 61, formerly of Rochester, Minnesota, was charged on Wednesday in the District of Columbia with transmitting highly sensitive classified national defense information to a foreign national with apparent connections to Hizballah, a foreign terrorist organization that has been so designated by the Secretary of State.

According to the affidavit filed in support of a criminal complaint, the information Thompson gathered and transmitted included classified national defense information regarding active human assets, including their true names.  By compromising the identities of these human assets, Thompson placed the lives of the human assets and U.S. military personnel in grave danger.

The announcement was made by John C. Demers, the Assistant Attorney General for National Security; Timothy J. Shea, the United States Attorney for the District of Columbia; Robert Wells, Acting Assistant Director of the FBI’s Counterintelligence Division; and Timothy R. Slater, the Assistant Director in Charge of the Washington Field Office.

“While in a war zone, the defendant allegedly gave sensitive national defense information, including the names of individuals helping the United States, to a Lebanese national located overseas,” said Assistant Attorney General for National Security John C. Demers. “If true, this conduct is a disgrace, especially for someone serving as a contractor with the United States military. This betrayal of country and colleagues will be punished.”

“The conduct alleged in this complaint is a grave threat to national security, placed lives at risk, and represents a betrayal of our armed forces.  The charges we’ve filed today should serve as a warning to anyone who would consider disclosing classified national defense information to a terrorist organization,” said U.S. Attorney Timothy J. Shea for the District of Columbia.

“This case shows the value of cooperation across the U.S. Government. Working closely with the Department of Defense, the FBI was able to investigate this willful disregard for keeping national defense information safe and partnered to bring the defendant to the United States to face justice,” said Acting Assistant Director of the FBI’s Counterintelligence Division Robert Wells.

“Today’s announcement is a testament to the U.S. government’s commitment to protecting the U.S. from the unauthorized disclosure of classified information that can put our country at serious risk of damage – damage to people and damage to our country’s capabilities,”  said Timothy R. Slater, Assistant Director in Charge of the FBI’s Washington Field Office.  “Human assets are the core of the U.S. government’s intelligence, and they have our assurance that we will go above and beyond to protect them.  I want to thank the men and women at the FBI and our partners here and abroad who answered the call to assist on this fast-moving investigation.  The FBI is charged with protecting our nation’s security and information for a safe and secure tomorrow for all Americans – we take this duty seriously and will not stand by while supposedly trusted individuals violate that trust in such an egregious way.”

Help a veteran in need by donating here.

Thompson was arrested by FBI Special Agents on February 27, 2020, at an overseas U.S. military facility, where she worked as a contract linguist and held a Top Secret government security clearance.   

The investigation leading to this arrest revealed that starting on or about December 30, 2019, a day after U.S. airstrikes against Iranian-backed forces in Iraq, and the same day protesters stormed the U.S. embassy in Iraq to protest those strikes, audit logs show a notable shift in Thompson’s network activity on United States Department of Defense classified systems, including repeated access to classified information she had no need to access. 

Specifically, during a six-week period between December 30, 2019, and February 10, 2020, Thompson accessed dozens of files concerning human intelligence sources, including true names, personal identification data, background information, and photographs of the human assets, as well as operational cables detailing information the assets provided to the United States government.

A court-authorized search of Thompson’s living quarters on February 19, 2020, led to the discovery of a handwritten note in Arabic concealed under Thompson’s mattress.  The note contained classified information from Department of Defense computer systems, identifying human assets by name, and warning a Department of Defense target who is affiliated with a designated foreign terrorist organization with ties to Hizballah.  The note also instructed that the human assets’ phones should be monitored.

Thompson transmitted the classified information in the handwritten note to a co-conspirator, in whom she had a romantic interest. The FBI’s investigation revealed that Thompson knew the co-conspirator was a foreign national whose relative worked for the Lebanese government. The investigation also revealed that the co-conspirator has apparent connections to Hizballah.

Further investigation revealed that, in a separate communication, Thompson also provided information to her co-conspirator identifying another human asset and the information the asset had provided to the United States, as well as providing information regarding the techniques the human assets were using to gather information on behalf of the United States.

In today’s Criminal Complaint, Thompson was charged with Delivering Defense Information to Aid a Foreign Government in violation of 18 U.S.C. § 794(a) and conspiring to do so in violation of 18 U.S.C. § 794(c).

Thompson made her initial appearance before United States Magistrate Judge Robin M. Meriweather on Wednesday afternoon. A Criminal Complaint is a formal accusation of criminal conduct for purposes of establishing probable cause, not evidence of guilt. The defendant is presumed innocent unless proven guilty.

If convicted, Thompson faces a maximum sentence of life in prison for violating § 794. The maximum statutory sentence is prescribed by Congress and is provided here for informational purposes only. If convicted of any offense, the sentencing of a defendant will be determined by the court based on the advisory Sentencing Guidelines and other statutory factors.

Trial Attorneys Jennifer Kennedy Gellie of the National Security Division’s Counterintelligence and Export Control Section, Jennifer Levy of the Counterterrorism Section, and Assistant United States Attorney for the District of Columbia John Cummings are prosecuting the case.

Justice.gov (March, 2020) Defense Department Linguist Charged with Espionage