Latest news with #espionage
ABC News
10 hours ago
- General
- ABC News
Russia is expanding its espionage output at a 'staggeringly reckless' rate. Here's why
Since Russia's full-scale invasion of Ukraine in 2022, European countries have expelled at least 750 Russian diplomats accused of espionage. NATO says it has been the largest counterintelligence operation in the West since the Cold War. In early May, six Bulgarian spies were jailed in the United Kingdom for feeding sensitive information to Russia. NATO's deputy assistant secretary-general James Appathurai said Russia had a "higher risk appetite" towards espionage in 2025, and he believed the nation had increased its spying output. Richard Moore, head of MI6, the UK's foreign intelligence agency, said Russia was on a "mission to generate mayhem". Dennis Desmond, a former special agent with the US Defense Intelligence Agency, said the arrests and charges the world saw were just the "tip of the iceberg". He said for every Russian spy caught, there was a much larger, much scarier number still operating. Russia's security and espionage network falls into three branches — the Federal Security Service (FSB), the Foreign Intelligence Service (SVR) and the Main Directorate of the General Staff of the Armed Forces (GRU). In 2022, according to a Royal United Services Institute (RUSI) report, Russia changed how it deployed spy operations "to prepare for destabilisation" in Europe and further afield. It found Russia made changes to its spy program in reaction to "the eventual counterintelligence regime" from Ukraine's allies. The report's primary conclusions were that Russia's special services were actively seeking to expand in order to pose strategic threats to NATO members. A NATO analysis said it was concerned by the "intensifying campaign of activities which Russia continues to carry out across the Euro-Atlantic area", and that Russia poses a "threat to Allied security". The RUSI report says the GRU "is restructuring how it manages the recruitment and training of special forces troops" and is "rebuilding" its apparatus to a higher level than before. A separate report went a step further to say Russia was "conducting an escalating and violent campaign of sabotage and subversion" led by Russian military intelligence (GRU), according to a new CSIS database of Russian activity. A lot of this escalation is happening in two GRU units — Unit 29155 and Unit 54654. Recruitment to Unit 29155 focuses on individuals without military backgrounds, trained within the GRU, reflecting a shift towards generating cleanskins — someone not on the radar of any security services — for operations. Unit 54654 operates differently. It recruits personnel without military contracts and contractors, through front companies to avoid government records. There are other GRU organisations involved in subversive activities — particularly cyber intelligence — such as Unit 26165, also known as Fancy Bear, and Unit 74455, also referred to as Sandworm. Since Russia invaded Ukraine in 2022, the European Union, the UK and the United States have all imposed sanctions on it aimed at cutting oil revenues that are funding the war. The sanctions have led to the rise of a vast "shadow fleet" of tankers helping Moscow keep its crude exports flowing and funding its war plans. Dr Desmond said the sanctions "don't really hurt Russia" as intended. "They've already got so many sanctions against them, and Western nations are going to keep making more sanctions, and really that hurts the population, not the government or politicians," he said. "Russia is going to continue to do what they do through the support of China, North Korea, Iran, Venezuela and other countries who are able to circumvent sanctions and provide support." He said these sympathetic nations were "assisting Russia intelligence collection" to build what he described as a "giant vacuum" of information that no matter the sanctions or restrictions, Russia will continue to operate. "Yes, Australians should be concerned about Russian — and other — spies potentially operating in Australia," Sarah Kendall, an expert in legislative response to espionage said. ASIO director-general Mike Burgess said in February that "it is conceivable Russia could also target Australia for sabotage". "The war in Europe prompted a more aggressive and reckless Russian intelligence apparatus to target Ukraine's supporters, including Australia," he said. Dr Kendall said Russian spies were not only targeting government officials or those with access to classified information. "They are targeting a wide range of people for a wide range of information, including information that may seem innocuous," she said. "Because of this, we all have a role to play in security." We have already seen allegations of Russian spying on Australian soil — Kira and Igor Korolev were charged with spying offences in 2024. But ASIO says it has increased its counterespionage work since then and uses Australia's strong laws against espionage and foreign interference. "ASIO's more aggressive counterespionage posture has made it more difficult and expensive for foreign spies to operate in Australia," Mr Burgess said. Dr Desmond said there could be more spies operating on our shores, and they would be "very difficult to identify". "They eat, sleep, look like, sound like and act like Australians," he said. "They engage in clandestine collection operations, they recruit sources and agents, and they conduct sabotage assassinations. The Western world is well aware of Russia's increased espionage output over recent years but fear of "uncontained escalation" is stopping the West from properly extinguishing the mounting threat, according to the RUSI report. The report highlighted to the West that Russia was expanding its influence to "evade containment, and destabilise and disrupt its adversaries". The report states that spy work is not new in Russia, and no matter how long it takes "they have the patience to keep going". "They will continue to engage in espionage, they will continue to engage in strategic planning and operations in order to be successful at gaining the information intelligence that they absolutely need," Dr Desmond said. He said they do this while "simultaneously influencing decision makers abroad through disinformation campaigns" and "influencing political decisions and elections where they can". In his opinion the West is already at war with Russia — a "cyber espionage war".
Wall Street Journal
12 hours ago
- General
- Wall Street Journal
Intelligence Staffer Critical of Trump Charged With Seeking to Pass Classified Documents to Foreign Government
A Defense Intelligence Agency employee was charged with attempting to pass classified intelligence to a foreign government, offering to spy because he didn't agree 'with the values' of the Trump administration, the Justice Department said. Nathan Vilas Laatsch, a civilian information technology staffer at DIA, was arrested in Northern Virginia Thursday after a three-month Federal Bureau of Investigation investigation during which he allegedly left a thumb drive containing classified documents at a public park for pickup by a 'friendly' foreign government.
Washington Post
15 hours ago
- General
- Washington Post
DOD employee tried to leak classified information, prosecutors say
A computer scientist at the Defense Intelligence Agency who monitored insider threats became one himself, prosecutors alleged, attempting to trade classified information for citizenship in a friendly country because of disagreements with the Trump administration. Nathan Vilas Laatsch, 28, was arrested Thursday and charged with gathering defense information to aid a foreign government, an Espionage Act offense. He did not successfully establish contact with the nation, which is not identified in case filings, but court documents say he offered in an email to provide classified records.
Forbes
16 hours ago
- Politics
- Forbes
Brute-Force Router Login Attacks Confirmed — What You Need To Know
AyySSHush campaign targeting thousands of routers confirmed. Thousands of routers worldwide have been targeted by a sophisticated campaign that leverages a two-year-old vulnerability, authentication flaws, and brute-force attacks. The researchers who uncovered the AyySSHush attacks have suggested it is likely the work of a nation-state threat actor. Here's what you need to know. The as-of-yet unidentified threat actors behind the AyySSHush campaign have targeted routers from major manufacturers, with at least 9,000 ASUS router models known to have already been compromised, using a stealthy and persistent backdoor that can survive firmware updates and reboots. State-sponsored hacker groups are known to have been behind everything from Windows password-stealing attacks, targeting presidential political campaigns, and even ransomware attacks against predominantly Western targets. Espionage, however, is one of the primary drivers of these hackers working in tandem with government resources. And what better way to get a data eavesdropping foothold than to compromise a router? Researchers at GreyNoise have reported that just such a sophisticated compromise campaign, that is said to be consistent with such advanced persistent threat actors, although it cannot attribute it to a specific group at this point in time, 'the level of tradecraft suggests a well-resourced and highly capable adversary,' the report stated. Although the GreyNoise research has confirmed that at least 9,000 ASUS routers have been compromised to date, and the number is increasing all the time, it has been reported that other routers from other major vendors such as Cisco, D-Link, and Linksys have also been targeted by AyySSHush. The researchers explained that attackers gain initial access through brute-force login attempts, along with authentication bypass techniques that exploit known vulnerabilities that owners have yet to patch. They then insert a public key that is under their control for remote access. While no malware is installed, the backdoor itself 'is stored in non-volatile memory and is therefore not removed during firmware upgrades or reboots,' GreyNoise warned. I have reached out to ASUS for a statement. "Even something as mundane as a router becomes a strategic asset once it gains long-term identity in a threat actor's infrastructure,' Wade Ellery, field chief technology officer at Radiant Logic, said. Which is why, at the organizational level at least, real-time identity-aware telemetry across all assets, including those routers, is essential. Debbie Gordon, CEO at Cloud Range, meanwhile, wanted that the campaign highlighted a dangerous shift in attacker strategy from quick hits to long-haul persistence. 'AyySSHush's ability to survive factory resets and firmware updates is a wake-up call,' Gordon said, 'edge devices like routers are no longer low-value targets.' With both SoHo and consumer routers targeted by this latest attack, routers can no longer be treated as set-and-forget devices.
Russia Today
21 hours ago
- General
- Russia Today
Pentagon employee arrested for trying to leak secrets over Trump grievances
An IT specialist at the US Defense Intelligence Agency has been arrested for allegedly attempting to provide classified information to a foreign government, citing his opposition to President Donald Trump's policies, according to the Department of Justice. Nathan Vilas Laatsch, 28, of Alexandria, Virginia, was charged on Thursday with trying to share classified information with someone he believed represented a foreign government. He was detained following an FBI sting operation. Laatsch, who has worked as an IT specialist in the DIA's Insider Threat Division since 2019, allegedly expressed intent to share classified materials due to ideological differences with the Trump administration. 'The recent actions of the current administration are extremely disturbing to me,' he said in an email reportedly intercepted by the FBI. 'I do not agree or align with the values of this administration and intend to act to support the values that the United States at one time stood for.' The DOJ said the FBI had initiated an investigation in March after receiving a tip about Laatsch's intentions. Undercover agents, posing as representatives of a foreign government, communicated with Laatsch, who began transcribing classified information onto a notepad at his desk over a three-day period. He then allegedly concealed the notes in his socks and lunchbox to remove them from the facility. On May 1, Laatsch reportedly left a thumb drive containing documents marked 'Secret' and 'Top Secret' at a prearranged drop-off location in a public park in northern Virginia. He later expressed interest in obtaining citizenship from the foreign country, stating he did not expect 'things here to improve in the long term,' the prosecutors said. Laatsch was arrested at a subsequent drop-off location on Thursday. He is scheduled to appear in court in Alexandria. The identity of the foreign government involved has not been disclosed, but the DOJ described it as a US ally. 'This case underscores the persistent risk of insider threats,' FBI Director Kash Patel wrote on X on Friday. 'The FBI remains steadfast in protecting our national security and thanks our law enforcement partners for their critical support.' The arrest of Laatsch adds to a series of high-profile cases involving US intelligence personnel leaking classified information. In August last year, Pentagon employee Gokhan Gun was arrested while trying to travel to Mexico with 'Top Secret' documents. Gun, 50, was charged with unauthorized retention of classified materials. In 2023, Air National Guardsman Jack Teixeira, 21, was sentenced to 15 years in prison after pleading guilty to leaking hundreds of classified Pentagon documents on Discord. The files included intelligence on the Ukraine conflict and other sensitive matters.
