Space X Zuma Launched Failed, or did it?

Could this have been a classified payload to destroy North Korea’s own spy satellite or their next ICBM launch or Iran’s or Russia’s such that the real answers will never be forthcoming, meaning it is a ploy? Maybe even China?

Image result for zuma payload photo and more information here.

Space-Track has cataloged the Zuma payload as USA 280, international designation 2018-001A. Catalog number 43098. No orbit details given. No reentry date given, but for a secret payload it might not be. Implication is Space-Track thinks it completed at least one orbit.

Related reading: Did SpaceX’s secret Zuma mission actually fail?

SpaceX’s latest rocket may have launched successfully – but the mission didn’t end as a win. The Zuma payload it was carrying, a mysterious classified piece of cargo for the U.S. government believed to be a spy satellite, was lost after it failed to separate from the second stage of the rocket after the first stage of the Falcon 9 separated as planned and returned to Earth.

The WSJ reports, and we’ve confirmed separately, that the payload is thought to have fallen back through the Earth’s atmosphere after reaching space, because of the failure to separate. The failure is one that can happen when cargo doesn’t properly detach as planned, since the second stage is designed to fall back to Earth and burn up in re-entry.

SpaceX had launched as planned on January 7 in its target window, and recovered the first stage of the booster with a landing at its Cape Canaveral facility. Because of the nature of the mission, coverage and information regarding the progress of the rocket and its payload from then on was not disclosed.

The payload, codenamed Zuma, was contracted for launch by Northrop Grumman by the U.S. government, and Northrop selected SpaceX as the launch provider. SpaceX had previously launched the U.S. Air Force’s X-37B spacecraft, and was approved for flying U.S. government payloads with national security missions.

The satellite was likely worth billions, according to the WSJ, which makes this the second billion-dollar plus payload that SpaceX has lost in just over two years; the last was Facebook’s internet satellite, which was destroyed when the Falcon 9 it was supposed to launch on exploded during preflight preparations in September 2016.

This could be a significant setback for SpaceX, since these kinds of contracts can be especially lucrative, and it faces fierce competition from existing launch provider ULA, jointly operated by Boeing and Lockheed Martin.

We’ve reached out to SpaceX and will update if they provide additional comment.

Update – SpaceX provided the following statement regarding the mission, which could suggest the fault lies with something provided by launch partner Northrop Grumman or the payload itself:

“We do not comment on missions of this nature; but as of right now reviews of the data indicate Falcon 9 performed nominally.“

How the U.S. will Deal with Iran and the Protests

Image result for iran protests photo

The 2009 protest in Iran, named the Green Revolution launched after the Obama famous Cairo speech was much larger than the current protests in opposition to the Supreme Leader Ayatollah Khamenei.

As an aside, one must ask what is Europe going to do regarding Iran?

According to Fox News, the Under Secretary for Public Diplomacy and Public Affairs Steve Goldstein said the United States will post messages in Farsi on Facebook and Twitter to show Iranians that the United States supports the protests and Iranians in their quest for democracy. Goldstein reportedly said the U.S. is working to enable communication via these two platforms despite the Iranian government’s censorship efforts.

“Even though many social media sites have been blocked, Iranians can reach our State Department FB and Twitter sites, which are in Farsi, through VPN,” Goldstein reportedly said. “We would like Iran to open these legitimate forms of communication.”

Also on Tuesday, Goldstein told the Associated Press that the U.S. wants Iran’s government to “open these sites,” including Instagram and Telegram. “They are legitimate avenues for communication,” Goldstein reportedly said. “People in Iran should be able to access those sites.”

Image result for iran protests  photo

Related reading: What Washington can do to support Iran’s protesters

A leaked report provided to Fox News shows how Iran’s Supreme Leader Ayatollah Ali Khamenei met with political leaders and heads of the country’s security forces to discuss how to tamp down on the deadly nationwide protests.

The report covered several meetings up to December 31 and was provided to the National Council of Resistance of Iran (NCRI) from what it said were high level sources from within the regime.

The meeting notes, which have been translated into English from Farsi, said the unrest has hurt every sector of the country’s economy and “threatens the regime’s security. The first step, therefore, is to find a way out of this situation.”

The report added, “Religious leaders and the leadership must come to the scene as soon as possible and prevent the situation (from) deteriorating further.” It continued, “God help us, this is a very complex situation and is different from previous occasions.”

As the protests continue to spread, the total number dead rose Monday to at least 13, including a police officer shot and killed with a hunting rifle in the central city of Najafabad.

According to NCRI sources and reports from within Iran, at least 40 cities across Iran witnessed protests Monday, including in the capital city of Tehran. These reports state that slogans heard included “Death to the dictator,” and “the leader lives like God while the people live like beggars.”

The regime’s notes claimed protesters “started chanting the ultimate slogans from day one. In Tehran today, people were chanting slogans against Khamenei and the slogans used yesterday were all against Khamenei.”

The notes added that the intelligence division of the feared Islamic Revolutionary Guard Corps (IRGC) is “monitoring the situation” and “working all in coordination to prevent protests.”

It says that a “red alert” has not yet been declared, which would lead to direct military intervention in the protests. But it then predicted that sending IRGC or the Bassij forces would “backfire” and would further “antagonize the protesters.”

Messages of support for the protesters from President Trump and other administration officials were also mentioned in the report. “The United States officially supported the people on the streets.” The notes continued by saying the U.S. and the West “have all united in support of the Hypocrites,” the regime’s pejorative description of the People’s Mujahedin of Iran (MEK) which is one of the groups making up the NCRI.

The meeting notes that the leader of the NCRI, Maryam Rajavi, and the “Infidels,” which the translation says refers to “the West,” “are united for the first time.” It continued, “Maryam Rajavi is hoping for regime change,” saying the protests are “definitely organized,” and “the security forces report that the MEK is very active and is leading and directing them.”

The notes also warn that all those affiliated with leadership “must be on alert and monitor the situation constantly,” continuing, “the security and intelligence forces must constantly monitor the situation on the scene and conduct surveillance and subsequently report to the office of the leadership.”

Hey NoKo, You can Keep Your Nukes, Need Missiles?

Frontline reported:

Farley Mesko, CEO of Sayari Analytics, a Washington-based financial intelligence firm, said there is somewhere between 100 and 300 Chinese companies that have joint ventures with North Korean companies. Of those, several dozen work specifically with sanctioned North Korean entities.

For example, in September 2016, the Justice Department filed criminal charges against Ma Xiaohong, owner of the Dandong Hongxiang Industrial Development Company (DHID), an industrial machinery and equipment wholesaler in China, and several associates, for working on behalf of a sanctioned North Korean bank, Korea Kwangson Banking Corp, to help them evade U.S. sanctions. More here.

Back in November:

The US has imposed ​​more sanctions on North Korea as well as​ Chinese firms that trade with the regime, as part of its campaign t​​o convince Pyongyang to abandon its missile and nuclear weapons programmes. The Treasury on Tuesday unveiled sanctions on one Chinese individual, 13 entities that included four Chinese trading companies, and 20 shipping vessels that it says are helping North Korea evade UN sanctions. More here.

***

Image result for china aids north korea photo

FB: China’s Communist Party adopted a secret plan in September to bolster the North Korean government with increased aid and military support, including new missiles, if Pyongyang halts further nuclear tests, according to an internal party document.

The document, labeled “top secret” and dated Sept. 15—12 days after North Korea’s latest underground nuclear blast—outlines China’s plan for dealing with the North Korean nuclear issue. It states China will allow North Korea to keep its current arsenal of nuclear weapons, contrary to Beijing’s public stance that it seeks a denuclearized Korean peninsula.

Chinese leaders also agreed to offer new assurances that the North Korean government will not be allowed to collapse, and that Beijing plans to apply sanctions “symbolically” to avoid punishing the regime of leader Kim Jong Un under a recent U.N. resolution requiring a halt to oil and gas shipments into North Korea.

A copy of the four-page Chinese-language document was obtained by the Washington Free Beacon from a person who once had ties to the Chinese intelligence and security communities. An English translation can be found here.

CIA spokesmen had no immediate comment on the document that could not be independently verified.

A Chinese Embassy spokesman did not return emails seeking comment.

Disclosure of the document comes amid reports China is continuing to send oil to North Korea in violation of United Nations sanctions, prompting criticism from President Trump. Trump tweeted last week that China was caught “red handed” allowing oil shipments to North Korea.

“There will never be a friendly solution to the North Korean problem if this continues to happen,” the president stated on Dec. 28.

Release of the classified internal document is unusual since China’s communist system imposes strict secrecy on all party policies. Exposure of the secret Central Committee directive could indicate high-level opposition within the party to current supreme leader Xi Jinping, who has consolidated more power than any leader since Mao Zedong.

China: Pressure on North Korea won’t work

China’s leaders, according to the document, concluded that international pressure will not force North Korea to give up its nuclear weapons, estimated to be at least 20 warheads.

As a result, the Central Committee of the party directed its International Liaison Department, the organ in charge of communicating with foreign political parties, to inform Pyongyang of China’s continued backing.

The head of the Liaison Department, Song Tao, visited Pyongyang Nov. 17 and met with senior North Korean officials. North Korean state media did not provide details of the talks, other than to say issues of mutual concern were discussed.

The directive appears written in response to the United Nations Security Council resolution passed after the Sept. 3 North Korean nuclear test. Included among the resolution’s new sanctions are restrictions on oil and gas transfers, including a ban on transferring oil between ships in open ocean waters.

On the U.N. requirement to shut down oil and gas transfers from China to North Korea, the party document said after North Korean businesses in China will be closed under the terms of the latest U.N. resolution, “our country will not for the moment restrict Korea from entrusting qualified Chinese agencies from trade with Korea or conducting related trade activities via third countries (region).”

A directive ordered the Liaison Department to offer a promised increase in aid for “daily life and infrastructure building” and a one-time increase in funds for North Korea of 15 percent for 2018. Chinese aid will be then be increased annually from 2019 through 2023 by “no less than 10 percent over the previous year.”

The Chinese also promised the North Koreans that in response to calls to suspend all banking business with North Korea that the financial ban will “only apply to state-owned banks controlled by the central government and some regional banks.”

On military support, the document reveals that China is offering North Korean “defensive military construction” and “high level military science and technology.”

The weaponry will include “more advanced mid- and short-range ballistic missiles, cluster munitions, etc.,” the document said.

“Your department should at the same time seriously warn the Korean authority not to overdo things on the nuclear issue,” the document says.

“Currently, there is no issue for our country to forcefully ask Korea to immediately and completely give up its nuclear weapons. Instead, we ask Korea to maintain restraint and after some years when the conditions are ripe, to apply gradual reforms and eventually meet the requirement of denuclearization on the Korean Peninsula.”

Beijing to warn Kim of ‘punitive measures’

The document then directs the Liaison Department to warn that if North Korea insists on acting rashly, further punitive measures will be imposed on senior North Korean leaders and their family members.

The directive lists “requirements” for the Liaison Department to pursue, including informing the North Koreans of China’s “determination to protect the Korean government on behalf of the Central Committee of CPC.”

Liaison officials also were tasked with informing the North Koreans of promises of support and aid in exchange for Pyongyang making “substantial compromises on its nuclear issues.”

“According to the current deployment of world forces and the geographic position of the Korean Peninsula, to prevent the collapse of the Korean government and the possible direct military confrontation with western hostile forces led by the United States on the Korean Peninsula caused by these issues, our country, Russia, and other countries will have to resort to all the effective measures such as diplomatic mediation and military diversion to firmly ensure the peace and stability on the Korean Peninsula and to prevent ‘chaos and war,’ which is also the common position held firmly by our country, Russia, and others,” the report says.

The document states that if the United States “rushes to war” against North Korea, the conflict would have a huge impact on the political and economic state of the region and the world.

“At such a time, the security of Japan and (South) Korea can be hardly taken care of, especially the security of Seoul, the (South) Korean capital,” the document says.

“Also, our country, Russia, and others will absolutely not look on the chaotic situation on the Korean Peninsula without taking any action.”

The document states that China believes that “theoretically” western powers will not use military force to overthrow the Kim Jong Un regime to solve the nuclear issue.

“However, international provocations by Korea via repeatedly conducting nuclear tests has imposed huge international pressure on our country that is continuously accumulating and becoming unbearably heavy,” the document says.

‘Stern warning’ and ‘assurances’

The deal outlined in the document to be communicated to Pyongyang includes a “stern warning” combined with “related assurances to Korea at the same time.”

“That is, currently Korea will not have to immediately give up its nuclear weapons, that so long as Korea promises not to continue conducting new nuclear tests and immediately puts those promises into action, our country will immediately increase economic, trade, and military assistance to Korea, and will add or continue providing the following benefits,” the report states.

The first item then lists greatly increasing trade with North Korea to keep the government operating and to raise the living standard of North Koreans.

“As for products under international sanctions such as crude oil products (except for the related products clearly defined as related to nuclear tests), under the condition of fully ensuring domestic demand of Korea, we will only make a symbolic handling or punishment,” the Party document said.

Past document leaks have included party documents on decision making related to the 1989 military crackdown on unarmed protesters in Beijing’s Tiananmen Square published in the 2001 book The Tiananmen Paper.

A more recent disclosure in October was the release of an internal Communist Party document authorizing the Ministry of State Security, China’s civilian spy service, to dispatch 27 intelligence officers to the United States to “crush hostile forces.” That document was made public by exiled Chinese businessman-turned-dissident Guo Wengui.

Orville Schell, a China specialist who worked on the Tiananmen Papers, said he could not authenticate the document but said it has “an air of veracity.”

“The language in Chinese is spot on party-speak, and the logic of the argument would appear to be congruent with the current line and what is happening,” said Schell, director of the Center on U.S.-China Relations at the Asia Society in New York.

Columbia University Professor Andrew Nathan also could not authenticate the document but said it looks genuine. “The typeface, layout, header, seal, vocabulary, and diction are all those of an official inner party document,” said Nathan who also worked on the Tiananmen papers.

Nathan said the document appeared to be a directive for International Liaison Department director Song Tao’s mission to Pyongyang two months later, and Beijing’s attempt to press North Korea to halt nuclear tests using a combination of incentives and warnings.

The Chinese language version uses some terms that reveal China’s contempt for North Korea, such as the term “ruling authorities” for the Kim regime, something Nathan said is an “unfriendly” tone.

Former State Department intelligence official John Tkacik, a China affairs specialist, said the document appears genuine and if confirmed as authentic would represent “a bombshell” disclosure.

Tkacik told the Free Beacon the document, may be “evidence that China has no real commitment to pressuring North Korea to give up nuclear weapons, and indeed sees North Korean nuclear arms as an additional strategic threat to the United States, one that China can claim no influence over.”

“Reading between the lines, it is clear that China views North Korea as giving it leverage with the U.S., so long as the U.S. believes that China is doing all it can do,” Tkacik said.

Former U.S. Ambassador to the United Nations John Bolton said if the document is authentic, “it reveals China’s policy to be completely cynical and utterly detached from its publicly stated position.”

“The White House would have to react accordingly,” he added.

Trump criticizes past N. Korea policies

Trump last week tweeted a video showing then-President Bill Clinton praising the 1994 Agreed Framework that Clinton said would freeze and ultimately dismantle the North Korean nuclear program.

The video also included a clip of Trump on NBC’s “Meet the Press” from 1999 urging action then to stop the North Korean nuclear program in its early stages.

Trump told the New York Times after the tweet he was disappointed China is secretly shipping oil to North Korea. “Oil is going into North Korea. So I’m not happy about it,” he said, adding that he has been “soft on China” for its unfair trade practices and technology theft.

“China has a tremendous power over North Korea. Far greater than anyone knows,” Trump said Dec. 28, adding that “China can solve the North Korea problem, and they’re helping us, and they’re even helping us a lot, but they’re not helping us enough.”

“If they don’t help us with North Korea, then I do what I’ve always said I want to do,” the president added. “China can help us much more, and they have to help us much more … We have a nuclear menace out there, which is no good for China, and it’s not good for Russia. It’s no good for anybody.”

The Trump administration has been signaling for months it is prepared to use military force against North Korea to rid the country of nuclear arms and missile delivery systems.

North Korea conducted several long-range missile tests in 2017 that U.S. officials have said indicate rapid progress toward building a missile capable of targeting the United States with a nuclear warhead.

Defense Secretary Jim Mattis said Dec. 29 that he has drawn up military options for operations against North Korea.

“I don’t speculate, as you know, about future operations by our forces,” Mattis told reporters. “But with three U.N. Security Council resolutions in a row, unanimously adopted, each one has put significantly more pressure on the North Korean regime for its provocations, for its outlaw activities. I think you will see increased pressure. What form that pressure takes in terms of physical operations is something that will be determined by the Congress and government.”

Asked if the United States is closer to war with North Korea, Mattis said: “You know, I provide military options right now. This is a clearly a diplomatically led effort with a lot of international diplomatic support. It’s got a lot of economic buttressing, so it’s not like it’s just words. It’s real activities.”

China backs N. Korea as buffer zone

The party directive states that China regards North Korea as a strategic “buffer zone” needed to “fend off hostile western forces.” Ideologically, North Korea also is important to China in promoting its vision of “socialism with Chinese characteristics led by our Party” and identifying North Korea as “irreplaceable.”

According to the document, the Party regards the “continuity of the Korean government,” maintaining peace on the Korean Peninsula and one of its unwavering goals.

“This issue is about the peace and stability of the Korean Peninsula and the fundamental interests of our Party, our country, and all Chinese people,” the document concludes, adding that the department should quickly coordinate with the Foreign and Commerce Ministries and other agencies to develop an operational plan to implement the policy “to ensure the sense of responsibility, to strictly maintain related confidentiality, and to seriously accomplish the heavy tasks entrusted by the Central Committee of CPC.”

The document bears the seal of the General Office of the Communist Party Central Committee, the office in charge of administrative affairs. Copies were sent to the administrative offices of the National People’s Congress, State Council, and Central Military Commission.

The internal document states that the new policy toward the North Korean nuclear issue is based on consultations among key power organs within the ruling party, including the Central Committee and State Council, along with what was termed “the guiding spirit” of meetings held by the National Security Commission, headed by Chinese leader Xi Jinping.

“After research and assessment, the Central Committee of the Communist Party of China decided to authorize your department to lead and organize the communication and coordination work with the Korean administration on its nuclear issues,” the document states.

Remember, Obama Removed Iran/Hezbollah from Terror List

In February of 2015, yup the Obama administration instructed the intelligence community to remove Iran and it’s proxies such as Hezbollah from the terror list mostly due to the Iran nuclear deal and the assistance Iran was providing the Baghdad government in fighting Islamic State…..ahem….sure thing.

“Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF) and Lebanese Hezbollah are instruments of Iran’s foreign policy and its ability to project power in Iraq, Syria, and beyond,” that assessment, also submitted to the Senate of February 26, said in its section on terrorism. “Hezbollah continues to support the Syrian regime, pro-regime militants and Iraqi Shia militants in Syria. Hezbollah trainers and advisors in Iraq assist Iranian and Iraqi Shia militias fighting Sunni extremists there. Select Iraqi Shia militant groups also warned of their willingness to fight US forces returning to Iraq.” More here.

***

But Hezbollah’s more recent moves in Latin America are very much a matter of interest for investigators, too. In October, a joint FBI-NYPD investigation led to the arrest of two individuals who were allegedly acting on behalf of Hezbollah’s terrorist wing, the Islamic Jihad Organization (IJO). At the direction of their Hezbollah handlers, one person allegedly “conducted missions in Panama to locate the U.S. and Israeli Embassies and to assess the vulnerabilities of the Panama Canal and ships in the Canal,” according to a Justice Department press release. The other allegedly “conducted surveillance of potential targets in America, including military and law enforcement facilities in New York City.” In the wake of these arrests, the director of the National Counterterrorism Center warned: “It’s our assessment that Hezbollah is determined to give itself a potential homeland option as a critical component of its terrorism playbook, and that is something that those of us in the counterterrorism community take very, very seriously.” These cases, one official added, are “likely the tip of the iceberg.”

The administration’s counter-Hezbollah campaign is an interagency effort that includes leveraging diplomatic, intelligence, financial and law enforcement tools to expose and disrupt the logistics, fundraising and operational activities of Iran, the Qods Force and the long list of Iranian proxies from Lebanese Hezbollah to other Shia militias in Iraq and elsewhere. But in the words of Ambassador Nathan Sale, the State Department coordinator for counterterrorism, “Countering Hezbollah is a top priority for the Trump administration.” Since it took office, the Trump administration has taken a series of actions against Hezbollah in particular — including indictmentsextraditions, public statements and rewards for information on wanted Hezbollah terrorist leaders — and officials are signaling that more actions are expected, especially in Latin America. Congress has passed a series of bills aimed at Hezbollah as well. The goal, according to an administration official quoted by Politico, is to “expose them for their behavior.” The thinking goes: Hezbollah cannot claim to be a legitimate actor even as it engages in a laundry list of illicit activities that undermine stability at home in Lebanon, across the Middle East region and around the world.

To support this policy, the administration has issued a broad RFI — a request for information — requiring departments and agencies to scour their files and collect new information that could be used to identify targets and help direct and inform the implementation of forthcoming actions. Though it is unclear if it is a result of that RFI, it appears new information is coming in, as evidenced most recently by a little-noticed FBI “Seeking Information” bulletin issued by the Bureau’s Miami Field Office. More here.

***

Image result for iran terror networks photo

All of this has turned quite political on The Hill due in part to recent investigative report published by Politico on how Obama gave Iran, a state sponsor of terror networks worldwide a major pass. In part from Congressional testimony in June of 2017:

Hezbollah has experienced a series of financial setbacks, leading U.S.
officials to describe the group being in the “worst financial shape in decades.”
Indeed, Hezbollah has in recent months resorted to launching an online fundraising crowdsourcing campaign entitled “Equip a Mujahid Campaign” which calls for donations, large or small, payable all at once or in installments, to equip Hezbollah fighters.
Hezbollah has also promoted a fundraising campaign on billboards and posters promoting a program through which supporters whereby supporters can avoid recruitment into Hezbollah’s militia forces for a payment of about $1,000.
These are desperate measures for a group suffering tough financial times.
And yet, Hezbollah continues to collect sufficient funds to deploy a significant militia
at home and next door in Syria, to send smaller groups of operatives to Iraq and Yemen,
and to operate an international terrorist network with deadly effect.
To effectively counter Hezbollah’s financing, the U.S. must lead an international effort to target the group’s illicit financial conduct both at home in Lebanon and around the world. More here.
***
Meanwhile to fully comprehend the full construction of Iranian terror networks globally and the historical facts, go here.
In day 5 of the Iranian people protesting the Iran government, at least a dozen have been killed.

Initially, state TV said that 10 people had been killed overnight, but that figure was later raised to 13 by a regional governor:

  • Six died after shots were fired in the western town of Tuyserkan, 300km (185 miles) south-west of Tehran
  • Later, Hamadan province’s governor told the ISNA agency that another three people had also been killed in the city
  • Two people died in the south-western town of Izeh, an official said
  • Two died in clashes in Dorud in Lorestan province

This has the makings of the conflict seen in Syria as the genesis is the same. Where will this put militant Islamist groups in the mix is an open question. Islamic State did launch a terror attack in June of 2017.

There are other moving parts to the building civil conflicts in Iran and they include Israel, Saudi Arabia, North Korea, Syria, Lebanon, Iraq and the United States.

Image result for protests in iran photo

In part from Reuters: Hundreds have been arrested, according to officials and social media. Online video showed police in the capital Tehran firing water cannon to disperse demonstrators, in footage said to have been filmed on Sunday.

Protests against economic hardships and alleged corruption erupted in Iran’s second city of Mashhad on Thursday and escalated across the country into calls for the religious establishment to step down.

Some of the anger was directed at Ayatollah Ali Khamenei, breaking a taboo surrounding the man who has been supreme leader of Iran since 1989.

Video posted on social media showed crowds of people walking through the streets, some chanting “Death to the dictator!” Reuters was not immediately able to verify the footage. The Fars news agency reported “scattered groups” of protesters in Tehran on Monday and said a ringleader had been arrested.

“The government will show no tolerance for those who damage public property, violate public order and create unrest in society,” Rouhani said in his address on Sunday.

Unsigned statements on social media urged Iranians to continue to demonstrate in 50 towns and cities.

The government said it was temporarily restricting access to the Telegram messaging app and Instagram. There were reports that internet mobile access was blocked in some areas.

 

The Post Obama Iran Report

 

Former Mossad Chief explains, it is all about the Iran threat. Clearly, the Obama administration including is National Security Council and both Secretaries of State focused more on Israel and accusatory ‘occupier’ status than on Iran.

*** Image result for iran kitten hacking photo

Behzad Mesri, the Iranian national the US has accused of hacking HBO this year, is part of an elite Iranian cyber-espionage unit known in infosec circles as Charming Kitten, according to a report released yesterday by Israeli firm ClearSky Cybersecurity.

Known as an APT (Advanced Persistent Threat), this group has been active since 2013 and is believed to be operating under the protection of the local Iranian government.

The group’s activities have been first exposed in March 2014, when US cyber-security firm FireEye published a report entitled “Operation Saffron Rose.”

Charming Kitten —also tracked under various codenames such as Newscaster, NewsBeef, Flying Kitten, and the Ajax Security Team— was one of the most active Iran-based cyber-espionage units at the time, but once the FireEye report went public, the group dismantled its infrastructure and went dormant.

Subsequent research published by Iran Threats and ClearSky show that parts of the old Charming Kitten infrastructure, such as malware and credential theft resources, have been reused by another Iranian cyber-espionage unit named Rocket Kittens, and possibly more.

Various experts have pointed out that most of these groups are most likely operating under the protection and guidance of Iranian military, hence the reason why some resources are used not by one or two, but multiple APTs.

According to the official indictment, US officials said Mesri worked for the Iranian military, but that he also lived a separate life as a hacker. Evidence shows that Mesri defaced hundreds of websites and most likely carried out the HBO hack outside of his role in the Charming Kittens operations, most of which have targeted Iranian dissidents.

Mesri had connections to other Charming Kitten members

The 59-page ClearSky report released yesterday shows a web of connections between Mesri and other members of the Charming Kitten espionage unit, including connections to a hacktivist group known as the Turk Black Hat Security hacking group, where Mesri operated under the pseudonym of “Skote Vahshat,” together with other persons linked to Iranian APTs.

Besides Charming Kitten and the subsequent Rocket Kitten incarnation, Iran is home to other APT groups such as OilRig [1, 2], CopyKittens, and Magic Hound (Cobalt Gypsy, Timberworm), all very active.

In fact, Iranian actors are some of the most active groups around, albeit far from the most sophisticated. Their usual targets are businesses, human rights groups, individuals, and nearby governments of interest or at odds with the Iranian government — such as Saudi Arabian companies and government agencies, or Israeli military and government targets.

According to multiple reports, the Charming Kittens group of which Mesri is suspected of being a member, operated using mundane spear-phishing and watering hole attacks, and targeted individuals using made-up organizations and people, fake news sites, or by impersonating real companies.

The group was not sophisticated like US, Chinese, or Russian counterparts, but persisted with attacks until they got access to their targets’ email inbox and social media accounts, most likely to gather information on a person’s past or upcoming plans. More details here.

***

Image result for iran kitten hacking photo

Is Iran a cyber threat? Yes and gaining hacking abilities quickly.

Tehran poses an increasing cyber threat to the U.S., in light of the Trump administration’s allegations that Iran is violating United Nations Security Council resolutions tied to the nuclear agreement. Iran-sponsored hackers—dismissively referred to as “kittens” for their original lack of sophistication—are bolstering their cyber warfare capabilities as part of their rivalry with Saudi Arabia. But should President Donald Trump take further steps to scrap the nuclear deal, it could mean an uptick in Iranian state-sponsored cyber intrusions into American and allied systems, with the goals of espionage, subversion, sabotage and possibly coercion.

  • Since 2011, Iran has worked to establish itself as a prominent aggressor in cyberspace, alongside China, Russia and North Korea. Evolving from mere website defacement and crude censorship domestically in the early 2000s, Iran has become a player in sustained cyber espionage campaigns, disruptive denial of service (DDoS) attacks and the probing of networks for critical infrastructure facilities.
  • Iran wasn’t pursuing cyber capabilities with much urgency, experts say, until it was revealed  in 2010 that a joint Israeli-U.S. Stuxnet worm sabotaged nuclear centrifuges at Iran’s facility in Natanz. As the first-known instance of virtual intrusions resulting in physical effects, the operation demonstrated the potential effectiveness of such an attack and has informed much of Iranian cyber operations since.
  • Iran often has conducted disruptive cyber operations loosely in response to actions taken by others. It sees offensive cyber operations as an asymmetric but proportional tool for retaliation. For example, following the Stuxnet attack and the imposition of new sanctions on Iran’s oil and financial sectors in 2011, Tehran was suspected of retaliating in 2012 by releasing the Shamoon disk-wiping malware into the networks of Saudi oil giant Saudi Aramco and Qatar’s natural gas authority, RasGas. It also launched volleys of DDoS attacks against at least 46 major U.S. financial systems.
  • Iran commonly conducts its state-sponsored cyber operations behind a thin veil of hacktivism. From 2011 to 2013, a group calling itself the Qassam Cyber Fighters launched DDoS attacks that flooded the servers of U.S. banks with artificial traffic until they became inaccessible. In March 2016, the Justice Department unsealed indictments of seven individuals—employees of the Iran-based computer companies ITSecTeam and Mersad Company—for conducting the DDoS attacks — and intrusions into a small dam in upstate New York—on behalf of the Islamic Revolutionary Guard Corps (IRGC), the arm of Iran’s military formed in the aftermath of the 1979 Iranian revolution.

While much of Iran’s cyber operations have been attempts at asymmetric disruption against its Gulf rivals, Israel and the United States, it has recalculated since the 2015 negotiation of the Joint Comprehensive Plan of Action (JCPOA), the Iran nuclear deal.

  • Under scrutiny by the international community, Iran has largely reined in disruptive attacks against the U.S., with some operations still deployed against Saudi Arabia. In November 2016, a variant of the disk-wiping malware Shamoon was deployed against Saudi aviation and transportation authorities.

Rather than relying on disruptive attacks against the West, Iran has pursued cyber-enabled information warfare against its regional competitors, namely Saudi Arabia. By utilizing cyber proxies to access and weaponize privileged information, Iran has subtly sought to undermine Saudi Arabia’s political standing in the region and in the eyes of international allies. This kind of grey-zone offensive—an act short of war—is a page right out of the Russian intelligence playbook of active measures in Europe and the U.S.

  • In April 2015, the pro-Saudi newspaper Al Hayat was hacked by a group calling itself the Yemen Cyber Army, which experts say has loose ties to Iran. The attack replaced the media outlet’s front page with threatening messages aimed at dissuading the Saudis from getting involved in the civil unrest bubbling across their southern border. The hack was followed quickly by stories on Iran’s state-run FARS news agency and Russia’s RT network, citing the Yemen Cyber Army for breaching the Saudi foreign ministry and its threats to release personal information on Saudi officials and expose diplomatic correspondence that allegedly suggested Saudi support of Islamist groups in the region. One month later, WikiLeaks published material likely taken from the trove of stolen correspondence.
  • In another example, an Iran-linked Hezbollah hacktivist group known as the Islamic Cyber Resistance leaked sensitive material related to the Saudi army, the Saudi Binladin Group and the Israeli Defense Forces, following the December 2013 assassination of Hezbollah leader Hassan al-Laqis, according to Matthew McInniss, an AEI scholar now working on Iran in the Trump State Department. Ties also have been detected between Iran and the Syrian Electronic Army, the hacking wing of the regime of Bashar al-Assad, according to Cipher Brief expert and former CIA and NSA chief Michael Hayden.
  • The link between Iranian government support and the cyber proxy actors is difficult to prove. But it would follow the pattern of Iranian military assistance given to other types of proxy forces in Lebanon, Syria and Yemen.
  • The governmental structure in Iran that oversees cyber-related activities is the Supreme Council of Cyberspace, established by Ayatollah Ali Khamenei in March 2012. It consists of representatives from various Iranian intelligence and security services. However, the direct command-and-control structure for engaging in cyber operations remains a mystery, particularly when it comes to cyber proxies. While it could be the responsibility of Iran’s Quds Force, the external wing of the IRGC, the lack of a clear command-and-control system could be intentional. Similar to Iran’s “mosaic defense” military structure, cyber operations appear more decentralized and fluid than other countries with advanced cyber capabilities—Russia and China, for example—complicating the tracking and attribution of attacks.

The Iranian nuclear deal may have had some cyber-deterrent value, in that it reined in Iranian disruptive attacks against the West, but this could be short-lived. Rhetoric from the Trump administration is stoking the fire, including recent statements by U.S. Ambassador to the United Nations Nikki Haley that Iran is violating the nuclear agreement.

  • Iran, as a result, is likely to engage in broad-spectrum cyber espionage to alleviate that uncertainty. For example, Operation Cleaver in 2012-14 hit U.S. military targets, as well as systems in critical industries such as energy and utilities, oil and gas, chemicals, airlines and transportation hubs, global telecommunications, healthcare, aerospace, education and the defense industrial base. Earlier this month, reports surfaced of a new Iranian state-sponsored actor—referred to as APT 34—conducting reconnaissance of critical infrastructure in the Middle East.
  • While the probing of such essential systems is alarming, it is expected as a contingency plan, should relations with adversaries escalate. The New York Times reported that the U.S. had similar plans – known as Operation Nitro Zeus – to disrupt Iranian critical services should the nuclear negotiations have gone sideways during the Obama administration. It is likely the Trump administration is devising similar contingency plans. Learn more about the contributors here.