Category Archives: NSA Spying

Iran’s Mint Sandstorm, are you a Victim?

Posted on by

So, a senior official in the Trump campaign was the victim of an email phishing trick and it worked….countless emails were hacked/stolen and began to be distributed. Microsoft has confirmed this and several Iranian cyber signatures from previous hack are providing some pretty good attributions to Iran as the hackers. But no worries, the FBI, likely the Pittsburgh office as agreed t investigate.

Just last night after some recent promoting the SPACES event hosted by Donald Trump and Elon Musk was delayed for an estimated 45 minutes due to a DDOS hit. Again, that too had the signature tactics of Iran. Mint Sandstorm Campaign's Targeted Cyber Attacks on Middle Eastern Experts source

Per CSOOnline in part:

The hackers allegedly obtained sensitive data as a result of a successful phishing campaign against Trump officials. Cheung cited the Microsoft report which said in June 2024, Mint Sandstorm, a group run by the Islamic Revolutionary Guards Corp (IRGC) intelligence unit, sent a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.

“On Friday, a new report from Microsoft found that Iranian hackers broke into the account of a ‘high ranking official’ on the US presidential campaign in June 2024, which coincides with the close timing of President Trump’s selection of a vice-presidential nominee,” Cheung added. More here.

In part:

Threat actor Mint Sandstorm, believed to be linked to Iran, has been observed using bespoke phishing lures to attack high-profile targets while leveraging a new custom backdoor called MediaPI.

In a Jan. 17 blog post, Microsoft Threat Intelligence said the attacks were on individuals working at a high level on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States.

The Microsoft researchers said Mint Sandstorm — also known as APT35 and APT42 — used legitimate, yet compromised accounts to send phishing lures. The researchers said Mint Sandstorm continues to improve and modify the tooling used in targets’ environments, activity that might help the group persist in a compromised environment and better evade detection.

“Based on the identities of the targets observed in this campaign and the use of lures related to the Israel-Hamas war, it’s possible this campaign is an attempt to gather perspectives on events related to the war from individuals across the ideological spectrum,” wrote the researchers.

Mint Sandstorm operates as a state-sponsored actor from Iran and, as a result, serves government agency and potential military objectives, explained Balazs Greksza, threat response lead at Ontinue. Greksza said the group employs tactics such as watering hole attacks and phishing emails, to target governments, NGOs, private entities, and academia for espionage. They often pose as journalists, government officials, or academics on social media and their primary objective is to get hold of sensitive information.

“Actors like APT35 have primary goals around geopolitics, national security, counter-intelligence,” said Greksza. “As openly shared by different intelligence agencies in the past, intelligence goals may shift rapidly based on the needs of national interests, current political and military leadership and their decision and intelligence needs.”

Ngoc Bui, cybersecurity expert at Menlo Security, added that the deployment of the custom backdoor MediaPI, along with the use of other tools like MischiefTut, indicates a shift in the operational tactics of Mint Sandstorm, marking an evolution in their cyber espionage capabilities.

***

This all begs the question, just exactly what is being done to not only protect a political campaign and election, but every website or American out there from Iran, Russia, China or North Korea and their team of hackers?

CSOOnline goes on to read –>

Iran, found extremely capable in the past of conducting cyberattacks against its foes in the Middle East, earlier in 2022 had threatened to avenge the killing of General Qassem Soleimani by the United States in a drone strike ordered by the Trump administration.

During this time, among many other efforts, Mandiant reported that the news site EvenPolitics, a Tehran-controlled disinformation site, had published articles covering the 2022 US midterm elections. An inauthentic amplification network promoting the site was taken down by the X platform that same year, yet EvenPolitics continues to operate, releasing approximately ten articles per week.

Microsoft, in its report, added that Iranian cyber-enabled influence operations “have been a consistent feature of at least the last three US election cycles”.

Iran’s mission to the United Nations, in response to inquiries about the Trump campaign’s allegations, denied any involvement. Speaking to The Associated Press, the mission stated, “We dismiss these reports entirely. The Iranian government has neither the capability nor the intention to interfere in the United States presidential election.”

Cuba Agrees to Host Chinese Spy Base

Posted on by

First there was a full-throated denial by Adm. Kirby from the White House Press Room that the story the Wall Street Journal reported was true. Then a couple of days later, Adm. Kirby walked it back and attempted in national security platitudes to explain why he initially denied the story. Then the White House decided to blame the Trump administration stating that China has had a base in Cuba since 2019. If that was true, then why would the Biden administration lift some sanctions on Cuba?

Well….no , under the Trump administration, that is not accurate either. Perhaps China only has had radar surveillance installation since 2018. but you can bet that since Russia has had a spy base in Cuba known as the Lourdes signals intelligence facility, they are not only collaborating but perhaps co-locating especially since Beijing and Moscow have nurtured a a friendly business relationship without limitations. However, no one is putting China and Cambodia in the conversation…that is right, China has a secret base there too, called the Ream Base. .Satellite imagery of Ream Naval Base from 5 February 2023, annotated to show the shape of the pier extension. Original image courtesy of BlackSky

 

Lourdes

Russia 'to reopen Lourdes spy base in Cuba' - BBC News 2014 source

Beyond the Wall Street Journal doing great work, then comes the Miami Herald with more.

The CIA and Office of the Director of National Intelligence declined to comment. The Cuban government also pushed back against the initial WSJ report calling it “totally false and unfounded information” in a statement made by the Vice-minister of Foreign Affairs, Carlos Fernández de Cossío.

Regardless of Cuba’s sovereign rights in defense matters, the official said, Cuba rejects “any foreign military presence in Latin America and the Caribbean, including that of numerous United States military bases and troops, especially the military base that illegally occupies a portion of the national territory in the province of Guantánamo.” While China might be already collecting intelligence on the U.S. from its commercial facilities in the region, having a signals-intelligence facility “adds to China’s capabilities, especially in times of war,” said Evan Ellis, professor at the U.S. Army War College Strategic Studies Institute, which monitors China’s relationship with Latin America and the Caribbean. “I think it telegraphs Chinese willingness in the current difficult environment between our two countries to take some of these bolder steps and their sense, with their growing military power and economic power and the perception of the U.S. democratic disarray, that they can take these steps that maybe a decade ago, they would not have risked,” Ellis said. “It’s not that big of a threshold that they’ve crossed, but it is significant,” he added.

The news follows intense speculation that Russia, not China, was planning to reopen its Soviet-era espionage base in Lourdes, a town near Havana, which it shut down in 2002. High-ranking Russian national security officials and diplomats have been traveling to the island recently and the two governments appear as close as ever, with Cuban leaders offering public support for Russia’s invasion of Ukraine. But when publicly asked about reopening the Lourdes base during his trip to Havana in April, Russian Foreign Minister Sergei Lavrov did not directly address the question. And despite several economic agreements recently announced by Russian and Cuban authorities, including land-lease deals, the news about a Chinese spy base speaks to the realities on the ground: The island is desperate for cash as its economy continues sinking. Russia had limited resources even before embarking on a war against Ukraine — and China can pay. On May 20, Cuba’s Interior Minister, Gen. Lázaro Alberto Álvarez Casas, met with China’s Minister of Public Security, Wang Xiaohong. “China stands ready to work with Cuba to implement the important consensus reached by the leaders of the two countries and deepen pragmatic cooperation in various fields, especially in law enforcement and security,” a Chinese government statement said.

The news about the spy base comes as the Biden administration has been taking steps to improve its strained relationship with China, which is considered the United States’ primary military and economic rival. At the same time, State Department officials and members of Congress have been raising concerns about China’s increased influence in Latin America and the Caribbean. China has become South America’s largest trading partner and has exploited the Biden administration’s reluctance to new trade deals and has inked a free trade agreement with Ecuador, while Uruguay and Panama are in line, U.S. Rep Maria Elvira Salazar, a Miami Republican, said during a congressional hearing she chaired on Wednesday. “That is very troublesome,” Salazar said, blaming the Biden administration for ignoring the pleas of allies in the region with conservative governments “to the benefit of our enemies.”

When asked by representative Warren Davidson, R-Ohio, why the United States has seemed to become “more passive” and allowed China to increase its influence in the Western Hemisphere, the State Department’s top diplomat for the region acknowledged the administration needs to act with a sense of urgency. “This is the most challenging moment I have seen in 30 years in our hemisphere, and we have to do everything that we can to help our neighbors and our partners around the region to succeed and resist these strategic competitors from outside,” Assistant Secretary for Western Hemisphere affairs Brian Nichols said. The China deal also complicates U.S. policy towards Cuba.

The administration has lifted some restrictions on flights and remittances, resumed the family reunification program for Cubans and reestablished migration and law enforcement talks with the Cuban government. But it stopped short of easing other embargo restrictions and removing Cuba from the list of countries that sponsor terrorism, which the Cuban government had made a condition to improving relations. The cozying up to Russia and China indicates the Cuban government has chosen to seek further support from its longtime political and ideological allies rather than pursuing normalization of relations with the U.S. at a time Cuban authorities perceive their grip on power is at risk. Cuba is facing its worst economic crisis in decades and serious political challenges from a population that has taken to the streets to protest and demand regime change. Ebrahim Raeisi, the president of Iran, another major U.S. adversary, is set to travel to the island after visiting Venezuela and Nicaragua next week. The strategy suggests something else: The Cuban military is calling the shots on the island, not the civilian team led by Cuba’s handpicked president, Miguel Díaz-Canel. If true, the deal with China shows “Cuba’s desperation. It’s the same thing with Russian investors. Cuba is looking for cash where it can get it,” Ellis said. “Cuba also understands the limits of the Biden administration.

With the Republicans in control of the House in Washington, with Biden being more conservative, with a sense of lessons learned that the Obama opening was seen as ‘we gave up too much and receive too little from Cuba,’ there’s an understanding in Cuba that they’re not going to get much more out of Washington.” Latin America’s sharp turn to the left and the consolidation of power by Nicolás Maduro in Venezuela also gives Cuba confidence to do bolder things, Ellis said, while noticing that island has not gone that far as to sign military agreements with Russia or receive Russian weapons. Florida Republicans in Congress quickly reacted to the report on the China espionage base deal to highlight what they said is an increasing national security threat coming from Cuba. “The threat to America from Cuba isn’t just real, it is far worse than this,” Sen. Marco Rubio tweeted. “But to date, not only does the Biden White House not care, they have people who actually want to appease the regime.” “The Cuban regime is auctioning off land to the Russians, hosting the Iranians, and letting the Chinese open a base to spy on the U.S.,” Salazar tweeted. “Just 90 miles from our coast, the dictatorship has opened the door to our greatest enemies!” Later on Thursday, Rubio, who is the Vice Chairman of the Select Committee on Intelligence and the committee’s chairman, Mark R. Warner (D-VA), issued a statement urging the Biden administration “to take steps to prevent this serious threat to our national security and sovereignty.” “We must be clear that it would be unacceptable for China to establish an intelligence facility within 100 miles of Florida and the United States, in an area also populated with key military installations and extensive maritime traffic,” they said.

Read more at: https://www.miamiherald.com/news/nation-world/world/americas/cuba/article276215936.html#storylink=cpy

 

China Warning to America, Prepare to Live off the Land

Posted on by

It is a major cyber attack discovered by Microsoft. It was discovered while we were all watching that ‘silly spy balloon’ as Biden called it. The attack is called Volt Typhoon, so be on notice America. The Biden White House has said nothing….

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.

To achieve their objective, the threat actor puts strong emphasis on stealth in this campaign, relying almost exclusively on living-off-the-land techniques and hands-on-keyboard activity. They issue commands via the command line to (1) collect data, including credentials from local and network systems, (2) put the data into an archive file to stage it for exfiltration, and then (3) use the stolen valid credentials to maintain persistence.

***

Dark Reading in part published the following:

China-sponsored threat actors have managed to establish persistent access within telecom networks and other critical infrastructure targets in the US, with the observed purpose of espionage — and, potentially, the ability down the line to disrupt communications in the event of military conflict in the South China Sea and broader Pacific.

The first signs of compromise emerged in telecom networks in Guam, according to a New York Times report ahead of the findings being released. The National Security Agency discovered those intrusions around the same time that the Chinese spy balloon was making headlines for entering US airspace, according to the report. It then enlisted Microsoft to further investigate, eventually uncovering a widespread web of compromises across multiple sectors, with a particular focus on air, communications, maritime, and land transportation targets.

A Shadow Goal? Laying Groundwork for Disruption

The discovery of the activity is playing out against the backdrop of the US’ frosty relations with Beijing; the two superpowers have stalled in their diplomacy since the shooting down of the balloon, and has worsened amidst fears that Russia’s invasion of Ukraine could spur China to do the same in Taiwan.

In the event of a military crisis, a destructive cyberattack on US critical infrastructure could disrupt communications and hamper the country’s ability to come to Taiwan’s aid, the Times report pointed out. Or, according to John Hultquist, chief analyst at Mandiant Intelligence – Google Cloud, a disruptive attack could be used as a proxy for kinetic action.

“These operations are aggressive and potentially dangerous, but they don’t necessarily indicate attacks are looming,” he said in an emailed statement. “A far more reliable indicator for [a] destructive and disruptive cyberattack is a deteriorating geopolitical situation. A destructive and disruptive cyberattack is not just a wartime scenario either. This capability may be used by states looking for alternatives to armed conflict.”

Andersen Air Force Base in Yigo, Guam Anderson Air Foce Base/source

Dubbing such preparations “contingency intrusions,” he added that China is certainly not alone in conducting them — although notably, China-backed APTs are typically far more focused on cyber espionage than destruction.

“Over the last decade, Russia has targeted a variety of critical infrastructure sectors in operations that we do not believe were designed for immediate effect,” Hultquist noted. “Chinese cyber threat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyberattacks. As a result, their capability is quite opaque.”

An Observed Focus on Stealth & Spying

To achieve initial access, Volt Typhoon compromises Internet-facing Fortinet FortiGuard devices, a popular target for cyberattackers of all stripes (Microsoft is still examining how they’re being breached in this case). Once inside the box, the APT uses the device’s privileges to extract credentials from Active Directory account and authenticate to other devices on the network. Read more here. 

Meet Zhe Wu and His Low Orbit Balloon Program

Posted on by

It went with almost zero attention that between our US Commerce Department added a handful of companies to a so-called Entity List last week, restricting them from obtaining US technologies in a move blasted by Beijing on Monday as “illegal unilateral sanctions”, almost as soon as the first balloon was shot out of the sky off the coast of South Carolina. Now, just exactly how did our officials know to do that so fast? Now we have to wonder why Treasury has not done the same.

At least someone was paying attention and knew of Zhe Wu and his work…yet no other part of any Federal agency or any part of the military was on their game for the last several years?

Okay…sounds about right.

Beijing Nanjiang Aerospace Technology

Established in 2015, Beijing Nanjiang is controlled by a subsidiary of Shanghai-listed real estate company Deluxe Family Co Ltd, which also invests in materials and robotics projects.

The state-run Science and Technology Daily in 2015 hailed the firm’s development of a large silver helium airship as the country’s first “new near-space platform with capabilities for both military and surveillance use”.

State media said the company’s steerable, reusable and continuously powered airship was equipped with broadband communications and “high-definition observation” gear.

China Electronics Technology Group Corporation 48th Research Institute

Part of a state-owned IT giant, the research institute specialises in building power systems and solar energy components, as well as semiconductor equipment.

The institute has worked to develop flexible solar power cells suitable for both military and civilian aircraft, the China National Space Administration said in a document in 2017.

Parent company China Electronics Technology Group Corporation also funds Hikvision, a surveillance camera maker that has been implicated in intensified monitoring of the Uyghur minority in Xinjiang.

Eagles Men Aviation Science and Technology Group Co

Founded by military aircraft expert Wu Zhe, the group specialises in research and development of stealth aircraft technologies.

Eagles Men is “devoted to becoming a benchmark business for China’s (strategy of) military-civil fusion”, according to the company’s profile page on the official Chinese Society of Aeronautics and Astronautics website.

The company in 2013 filed a patent for making airship skins stronger.

Wu told state media in 2019 that his team had developed a stratospheric airship able to “fly around the globe”.

Dongguan Lingkong Remote Sensing Technology Co

Set up in 2019, the company counts among its investors a branch of the state-run Beihang University, as well as Eagles Men Aviation.

Public records show Dongguan Lingkong has received licences from local market supervisors to conduct research on remote sensing technology, which allows aircraft to detect conditions on the ground from a high altitude.

Guangzhou Tian-Hai-Xiang Aviation Technology Co

The company was originally established by the Chinese military to develop “vehicle-mounted unmanned reconnaissance aircraft”, according to its official website.

Specialising in surveillance drones, the company was reorganised in 2006 with its current name and under the control of military veteran Li Yuzhuang.

Tian-Hai-Xiang says it has received multiple defence science awards, with its website boasting that the company was “the first unit in the domestic drone industry to equip our military’s first digitalised troops”.

Shanxi Eagles Men Aviation Science and Technology Group Co

A wholly owned subsidiary of Eagles Men Aviation, the company was set up in 2012 with a focus on chemical products, according to Chinese business database Tianyancha.

As report in part from The Wire:

On an October morning in 2007, Wu Zhe, an aircraft design expert at Beihang University, gave a lecture about the “military value of balloons.” He described why it was an area of key scientific research for China and explained different solutions for powering these unique aircraft. When he concluded, according to a university press release, his “erudite knowledge and brilliant speech” received multiple rounds of applause.

balloon program
Credit: U.S. Commerce Department

Nearly two decades later, Wu and his business partner, a tech investor and executive named Wang Dong, are at the center of a military-linked program that has sent balloons over the U.S. and other nations, setting off a diplomatic crisis in Washington. After days of intense media coverage, on February 4, the U.S. shot down one Chinese balloon off the coast of South Carolina, and has since shot down three more unidentified objects floating in American and Canadian airspace.

On Friday, the Commerce Department announced that they were leveling sanctions against six Chinese companies involved in the balloon program — which U.S. officials say aims to intercept communications and surveil the ground below, including sensitive military sites.

Records show that Wu and Wang are linked to four of the six sanctioned firms. The two men, according to data from WireScreen, have a complex network of companies involved in balloon and aerospace technologies, some of which are closely affiliated with the Chinese military but are not sanctioned by the U.S. government.

In a statement on Friday about the sanctions, Alan F. Estevez, the under secretary of commerce for industry and security, said that “today’s action makes clear that entities that seek to harm U.S. national security and sovereignty will be cut off from accessing U.S. technologies.” Neither of the two Chinese men, through their companies, responded to requests for comment.

Zhe Wu has published at least 23 scholarly papers of his work and they are found here..quite chilling actually. For instance: (note the date)

Hovering control for a stratospheric airship in unknown wind

A novel hovering control methodology for a stratospheric airship is presented by using path following approach in the presence of unknown wind by expressing the wind field in the state equation, which avoids the difficulty of guaranteeing system stability in strong wind for other stabilization methods.

In late 2022,
noted –>

Mystery airship spotted over Philippines near South China Sea

  • Images of an unidentified craft near Subic Bay have sparked speculation it could have been collecting military intelligence
  • There is no evidence the airship was from China, though its design appears similar to types on display at the Zhuhai air show

Images of the stratospheric airship – allegedly taken in Pangasinan province, about 100km (62 miles) from Subic Bay in the northern Philippine island of Luzon – were first posted on Facebook last weekend. The pictures were deleted, but not before they were also shared on Twitter.

There is no evidence that the airship was from China, although its design appears to be similar to several unmanned types developed by the state-owned Aviation Industry Corporation of China’s Special Aircraft Research Institute and other scientific academies.

Images of a stratospheric, long-endurance airship, said to have been taken near Subic Bay in the northern Philippines, were shared on social media. Photo: Facebook
The we hear that the objects in the airspace of North America were cylindrical.
Could it be? Below reported from Poland in reference to the same object.
Philippines. A stratospheric airship over the disputed South China Sea - Polish News
I have asked several out there smarter than me about the connection of the objects with clustered ground hubs..or if ground hubs were dropped by the balloon or objects….I did not need an answer.. Seems there are several that have the answers and we are collaborating AGAIN with China?
An Observation Scheduling Approach Based on Task Clustering for High-Altitude Airship
by Jiawei  Chen, Oizhang Luo and Guohua Wu.

1
School of Computational Science and Engineering, Georgia Institute of Technology, Atlanta, GA 30332, USA
2
School of Traffic & Transportation Engineering, Central South University, Changsha 410075, China
3
Department of Electrical & Computer Engineering, National University of Singapore, Singapore 119260, Singapore
Sensors 22 02050 g001 550

You but the judge….

 

Does the FBI List Perkins Coie as an Official Office Location?

Posted on by

Republican Reps. Jim Jordan and Matt Gaetz have sent a letter demanding answers from the Federal Bureau of Investigation (FBI) regarding a “Secure Work Environment” the bureau has apparently been operating for years in the Washington, D.C., office of the Democratic law firm Perkins Coie.

Gaetz told Tucker Carlson on Fox News Tuesday night that he received a letter from Perkins Coie lawyers confirming that the FBI has been maintaining a “Secure Work Environment” within Perkins Coie office for more than a decade, dating back to 2012, and that it is still in operation today.

“Perkins Coie is responsible to the FBI for maintaining the Secure Work Environment,” the letter reportedly said.

Gaetz said he’s spoken with multiple former federal prosecutors who have described the arrangement as unusual. He and Jordan, ranking member of the House Judiciary Committee, sent a letter Wednesday to FBI Director Christopher Wray demanding an explanation.

“We have learned that since March 2012, the FBI approved and facilitated a Secure Work Environment at Perkins Coie’s Washington, D.C. office, which continues to be operational,” the letter states. “In a letter dated May 25, 2022, the law firm confirmed and acknowledged the arrangement.” source

***

Who worked in that ‘secure workspace’ exactly…well the now acquitted Michael Sussman. To read the full background and details on the charges against Sussman, go here.

The Florida congressman explained that he had learned from a whistleblower that Perkins Coie, “the law firm that received 42 million dollars from the Democrat party,” had been sharing a workspace with the FBI.

“Why in the world would that be the case?” Gaetz asked. “Why would [FBI Director] Christopher Wray allow it to continue?”

Gaetz told Carlson incredulously that a person operating out of that work space for the past 12 months was none other than Michael Sussmann himself.

Gaetz said that it was his hope that the facility will be shut down.

“The Democrat party shouldn’t have this special access, this special portal to the FBI, especially knowing what we do now—that they were often trying to take this opposition research, and use that for law enforcement counterintelligence purposes,” he said.

Carlson agreed, saying, “you can’t politicize the country’s biggest law enforcement agency. That’s completely third world.”

What is not being mentioned is the extent of the computer portal the law firm has into the FBI databases. That means that the DNC and the whole Hillary Clinton operation, including her legal team HAS FBI database access. That could and likely means that Perkins Coie, the DNC and the entire Clinton operation has access to query any American citizen, putting a new definition into opposition research. Anyone remember 702 abuses going back to perhaps 2012?

Non-compliant queries since 2012.

85% of the FBI and contractor searches are unlawful.

Many of those searches involved the use of the “same identifiers over different data ranges.”  Put in plain terms, the same people were continually being tracked, searched and surveilled by querying the FBI database over time.

The non-compliant searches go back to 2012.  The same date mentioned for the FBI portal to begin operating inside the Perkins Coie office.

This specific footnote is a key.  Note the phrase: “([redacted] access to FBI systems was the subject of an interagency memorandum of understanding entered into [redacted])”, this sentence has the potential to expose an internal decision; withheld from congress and the FISA court by the Obama administration; that outlines a process for access and distribution of surveillance data.

Note: “no notice of this practice was given to the FISC until 2016“, that is important.

Summary: The FISA court identified and quantified tens-of-thousands of search queries of the NSA/FBI database using the FISA-702(16)(17) system. The database was repeatedly used by persons with contractor access who unlawfully searched and extracted the raw results without redacting the information and shared it with an unknown number of entities.

The outlined process certainly points toward a political spying and surveillance operation.  When the DOJ use of the IRS for political information on their opposition became problematic, the Obama administration needed another tool.  It was in 2012 when they switched to using the FBI databases for targeted search queries. hat tip to CTH