Iran’s Mint Sandstorm, are you a Victim?

So, a senior official in the Trump campaign was the victim of an email phishing trick and it worked….countless emails were hacked/stolen and began to be distributed. Microsoft has confirmed this and several Iranian cyber signatures from previous hack are providing some pretty good attributions to Iran as the hackers. But no worries, the FBI, likely the Pittsburgh office as agreed t investigate.

Just last night after some recent promoting the SPACES event hosted by Donald Trump and Elon Musk was delayed for an estimated 45 minutes due to a DDOS hit. Again, that too had the signature tactics of Iran. Mint Sandstorm Campaign's Targeted Cyber Attacks on Middle Eastern Experts source

Per CSOOnline in part:

The hackers allegedly obtained sensitive data as a result of a successful phishing campaign against Trump officials. Cheung cited the Microsoft report which said in June 2024, Mint Sandstorm, a group run by the Islamic Revolutionary Guards Corp (IRGC) intelligence unit, sent a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.

“On Friday, a new report from Microsoft found that Iranian hackers broke into the account of a ‘high ranking official’ on the US presidential campaign in June 2024, which coincides with the close timing of President Trump’s selection of a vice-presidential nominee,” Cheung added. More here.

In part:

Threat actor Mint Sandstorm, believed to be linked to Iran, has been observed using bespoke phishing lures to attack high-profile targets while leveraging a new custom backdoor called MediaPI.

In a Jan. 17 blog post, Microsoft Threat Intelligence said the attacks were on individuals working at a high level on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States.

The Microsoft researchers said Mint Sandstorm — also known as APT35 and APT42 — used legitimate, yet compromised accounts to send phishing lures. The researchers said Mint Sandstorm continues to improve and modify the tooling used in targets’ environments, activity that might help the group persist in a compromised environment and better evade detection.

“Based on the identities of the targets observed in this campaign and the use of lures related to the Israel-Hamas war, it’s possible this campaign is an attempt to gather perspectives on events related to the war from individuals across the ideological spectrum,” wrote the researchers.

Mint Sandstorm operates as a state-sponsored actor from Iran and, as a result, serves government agency and potential military objectives, explained Balazs Greksza, threat response lead at Ontinue. Greksza said the group employs tactics such as watering hole attacks and phishing emails, to target governments, NGOs, private entities, and academia for espionage. They often pose as journalists, government officials, or academics on social media and their primary objective is to get hold of sensitive information.

“Actors like APT35 have primary goals around geopolitics, national security, counter-intelligence,” said Greksza. “As openly shared by different intelligence agencies in the past, intelligence goals may shift rapidly based on the needs of national interests, current political and military leadership and their decision and intelligence needs.”

Ngoc Bui, cybersecurity expert at Menlo Security, added that the deployment of the custom backdoor MediaPI, along with the use of other tools like MischiefTut, indicates a shift in the operational tactics of Mint Sandstorm, marking an evolution in their cyber espionage capabilities.

***

This all begs the question, just exactly what is being done to not only protect a political campaign and election, but every website or American out there from Iran, Russia, China or North Korea and their team of hackers?

CSOOnline goes on to read –>

Iran, found extremely capable in the past of conducting cyberattacks against its foes in the Middle East, earlier in 2022 had threatened to avenge the killing of General Qassem Soleimani by the United States in a drone strike ordered by the Trump administration.

During this time, among many other efforts, Mandiant reported that the news site EvenPolitics, a Tehran-controlled disinformation site, had published articles covering the 2022 US midterm elections. An inauthentic amplification network promoting the site was taken down by the X platform that same year, yet EvenPolitics continues to operate, releasing approximately ten articles per week.

Microsoft, in its report, added that Iranian cyber-enabled influence operations “have been a consistent feature of at least the last three US election cycles”.

Iran’s mission to the United Nations, in response to inquiries about the Trump campaign’s allegations, denied any involvement. Speaking to The Associated Press, the mission stated, “We dismiss these reports entirely. The Iranian government has neither the capability nor the intention to interfere in the United States presidential election.”

Have you Met John Mark Dougan, a Former Florida Deputy Sheriff?

I continue to see friends on Facebook and a few other social media sites claiming that Ukraine’s President Zelensky and his wife are using millions if not billions of U.S. aid money to buy fancy cars and mansions….ehhh….c’mon people do that work please and stop getting punked by a former Marine and sheriff deputy from Florida that too fled to Russia….yes…fled and he is loving his deep fake life there and you are helping him win the bot/disinformation/propaganda war…and many members of Congress have bought into all this….but save yourself the humiliation and read on…

***

It is not just here in the United States by the way…Europe is getting pummeled too:

The article looks real enough, though petrolheads may note the misspelling of Tourbillon. It even cites as evidence a video recorded by a dealership employee describing the supposed sale, and a picture of a Bugatti invoice for €4.5 million made out to Mrs. Olena Zelenska. If you were under any doubt, the site’s name should lay your fears to rest: Verite Cachee or, in English, hidden truth.

In fact, the video is a deepfake, the invoice is falsified, and the entire site is part of a Kremlin-linked influence operation, using AI-generated content to deliver a payload of Russian talking points. The false attack on Zelenska was designed, it seems, to hint at corruption.

Veritecachee.fr is one of two sites set up less than two weeks after French president Emmanuel Macron announced a surprise election, the other called France en Colere (Angry France). The Bureau of Investigative Journalism (TBIJ) and the Tow Center have connected both to a network of websites linked to John Dougan, an American former police officer now living in Moscow and known for spreading Kremlin-backed disinformation. This network was first identified by researchers at Clemson University in December last year.

Even as this Dougan-affiliated network has targeted the French election, another Russia-linked disinformation operation, unmasked by French authorities earlier this year, has ramped up its activity in Europe. In June, the “Portal Kombat” network launched ten new sites, mostly aimed at Europe. Another five targeting Eastern Europe were set up in April and May. Read it all here for further context. Zelensky just bought a brand new $4.5 Million Dollar Bugatti for his ...

*** In part below:

It starts with a NewsGuard analyst happening upon what appeared to be a fledgling Washington D.C.-based news site promoting Russian propaganda. Unbeknownst to her, this was six months after her boss and his family had been threatened in a YouTube video that included an aerial shot of his home and calls to his unlisted phone number by a Russian disinformation operative working from a studio in Moscow. It turns out that this D.C. website, those threats to NewsGuard’s co-CEO, and what NewsGuard discovered were dozens of similar hostile information operations — including a “documentary” that the Russians used as an excuse to invade Ukraine — were all orchestrated by the same man — John Mark Dougan, a former Florida deputy sheriff who fled to Moscow after being investigated for computer hacking and extortion.

As of this writing, NewsGuard has discovered 167 Russian disinformation websites that appear to be part of Dougan’s network of websites masquerading as independent local news publishers in the U.S. and 15 films on Dougan’s since-removed YouTube channel. Ranging from Ukrainian President Volodymyr Zelensky siphoning off money meant to aid the war against Russia so he could buy an estate in England owned by King Charles, to a non-existent U.S. bioweapons lab in Ukraine being the reason the Russians had to invade that country, these concocted stories have been amplified on social media accounts to reach a broad global audience of more than 37 million views—including 1,300,000 views of just the narrative about Zelensky buying the king’s estate.

As a journalist based in Washington who scrutinizes the credibility of news outlets as a profession, I was familiar with the landscape of trusted local publications in the area. DCWeekly did not appear to be one of them.

I first noticed the site when it published an article reporting that the Ukrainian Azov Battalion was recruiting in France. It carried the byline “Jessica Devlin,” who was described as a “distinguished and highly acclaimed journalist.” Another scoop: The U.S. had bought a mansion for Ukrainian President Volodymyr Zelensky in Vero Beach, Florida.

Everything about the website and these articles was a red flag: The site presented itself as a credible new local news source yet was propagating fabricated narratives that smelled of Russian influence.

It turned out that “DCWeekly” is not actually based in the nation’s capital. Nor is “Jessica Delvin” a real person. As uncovered by researchers at Clemson University, the site operates from Moscow, hosted on an IP address belonging to John Mark Dougan.

His is a name I would come to know well over the coming months.

In further briefings, I learned that Dougan, a former marine, had been an officer in the Sheriff’s Department in Palm Beach County, Florida, until 2016, when he fled to Russia and was granted asylum after being targeted in a computer hacking scheme. Since then, I was told, he had become well known to the FBI and, as they put it, “our sister security agencies” as a Russian operative who specialized in producing some of the Russians’ most elaborate disinformation campaigns and narrating them as if he were an independent American journalist. 

Relatedly, it appeared that the aerial video of my home in Dougan’s video was not a simple Google satellite shot. Instead, it had probably been taken by a drone that someone had hired. [Dougan denies this; see below.] I was also told that those same sister agencies reported that Dougan was still in Russia. “So he poses no imminent threat to you,” the lead agent on the case said.

But he knows where I live and the Russians must have people all over the United States, I said. And he must have followers here on his YouTube channel that could act on their own. The FBI agents agreed. This was more serious than a few random crank emails. In a meeting a few days later with three agents and my wife sitting at our dining room table, we agreed on a multifaceted security plan to be implemented by a private security company.

I now live in a home surrounded by twelve motion-detecting security cameras, monitored remotely by the security service, and filled with dead-bolt window and door locks and other reminders of Dougan’s video—which produced multiple new death threats.

***

Related reading from the BBC 

RUSSIA’S BOT FARM OPERATES ON X, US AND ITS ALLIES WARN

In full disclosure, years ago I did a radio interview with Pierluigi…due to his long validated resume….I continue to trust his work…as a result this is fair warning to validate information at with at least 3 unique sources.

(Officially shut down –> you be the judge)

Russia has officially made one dystopian prediction about artificial intelligence (AI) come true: it used AI to lie better, faster, and more believably. Last week, the U.S. Department of Justice, along with counterparts in Canada and the Netherlands, disrupted a Russian bot farm that was spreading pro-Russian propaganda. The FBI director and deputy attorney general in a press release highlighted the use of AI to create the bot farm as a disturbing new development. What they did not say, however, is that the West is unprepared to defend itself against this new threat.

This capability enables quick reactions on a huge scale to highly divisive world events. For example, the Russian operation could choose to spread divisive messages about the assassination attempt on former president Trump. In the past, this would have been a labor-intensive task of crafting a variety of credible messages designed to outrage both ends of the political spectrum, then iterating until a divisive note hit a nerve. Now, AI can craft the message, alter it for different audiences, and distribute it rapidly. Russia could enter the chat almost immediately.

***Yandex's Russian AI Bot Shows Promise in Rivalry with US-Based ChatGPT .... Additional reading here

The US and its allies disrupted an AI-powered Russia-linked bot farm on the social media platform X relying on the Meliorator AI software.

The U.S. FBI and Cyber National Mission Force, along with Dutch and Canadian intelligence and security agencies, warned social media companies about Russian state-sponsored actors using covert AI software, Meliorator, in disinformation campaigns. Affiliates of Russia’s media organization RT used Meliorator to create fake online personas to spread disinformation on X. The campaigns targeted various countries, including the U.S., Poland, Germany, the Netherlands, Spain, Ukraine, and Israel.

“Although the tool was only identified on X, the authoring organizations’ analysis of Meliorator indicated the developers intended to expand its functionality to other social media platforms.” reads the report. “The authoring organizations’ analysis also indicated the tool is capable of the following:

  • Creating authentic appearing social media personas en masse;
  • Deploying content similar to typical social media users;
  • Mirroring disinformation of other bot personas;
  • Perpetuating the use of pre-existing false narratives to amplify malign foreign influence; and
  • Formulating messages, to include the topic and framing, based on the specific archetype of the bot.”

As early as 2022, RT had access to the AI-powered bot farm generation and management software Meliorator. By June 2024, it was operational only on X (formerly Twitter), with plans to expand to other platforms. The software includes an admin panel called “Brigadir” and a seeding tool named “Taras,” and is accessed via a virtual network computing (VNC) connection. Developers managed Meliorator using Redmine software, hosted at dtxt.mlrtr[.]com.

The identities (also called “souls”) of these bots are determined by selecting specific parameters or archetypes. The experts said that any unselected fields are auto-generated. Bot archetypes group ideologically aligned bots through an algorithm that constructs each bot’s persona, including location, political ideologies, and biographical data. Taras creates these identities and the AI software registers them on social media platforms. The identities are stored in a MongoDB, enabling ad hoc queries, indexing, load-balancing, aggregation, and server-side JavaScript execution.

Meliorator manages automated scenarios or actions for a soul or group of souls through the “thoughts” tab. The software can instruct personas to like, share, repost, and comment on others’ posts, including videos or links. It also allows for maintenance tasks, creating new registrations, and logging into existing profiles.

“The creators of the Meliorator tool considered a number of barriers to detection and attempted to mitigate those barriers by coding within the tool the ability to obfuscate their IP, bypass dual factor authentication, and change the user agent string.” continues the joint advisory. “Operators avoid detection by using a backend code designed to auto-assign a proxy IP address to the AI generated persona based on their assumed location.”

The report also provides the infrastructure associated with the bot farm and mitigations.

 

The War has Begun in the S. China Sea, but it is a Quiet One

So quiet…no one domestically is reporting it….Electronic warfare/jamming and cyber are cheap tools of destruction…and then there is space. So, has the Commander in Chief…if there is one…approved real Rules of Engagement….anywhere?

(below is word for word)

***

Over the vast expanse of the South China Sea, a war without gunfire quietly unfolded, its unique impact capturing the world’s attention. On June 30th, a brief yet meaningful tweet from the official Weibo account of China’s Southern Theater Command—“Thick smoke deep in the blue sea, good night”—sparked a massive online reaction, leaving netizens speculating about the secrets behind it.

Recently, there have been widespread rumors online of an intense electronic warfare between China and the United States in the South China Sea, ending with the US deciding to withdraw.

Reports indicate that the skies over northern Philippines recently fell into an unprecedented silence, with all electronic signals cut off. Satellite phones, GPS navigation, television signals—everything reliant on electronic communication seemed to lose its vitality overnight. The twelve-hour “blackout” shocked local residents and global public opinion. This was a direct result of an intense electronic warfare over the South China Sea.

The story begins with a minor conflict between the Philippines and China. Following a fierce confrontation at Ren’ai Reef, the Philippines felt aggrieved by China’s legitimate actions, and the US, as its backer, seized the opportunity. A joint military exercise involving 29 countries was held in the South China Sea, ostensibly to showcase “unity” and “strength,” but with hidden motives—the US military intended to use this opportunity to lay newly developed anti-submarine devices on the seabed, spying on the movements of China’s strategic nuclear submarines and further restricting China’s strategic space.

However, China’s response was swift and decisive. When the US military’s P-8A anti-submarine patrol aircraft quietly dropped high-tech monitoring equipment in the South China Sea, it was promptly detected by the PLA. The Chinese Coast Guard quickly launched a recovery operation. The US military panicked, as losing this equipment would mean wasted effort, and the advanced technology could not fall into PLA hands. This sparked a sensitive reaction, leading to a battle over these critical pieces of equipment.

The US hastily deployed a joint fleet to intercept the Chinese Coast Guard vessels. With the addition of the Shandong carrier strike group, a standoff formed between Chinese and US fleets in the South China Sea. Seeing the unfavorable situation, the US immediately dispatched electronic warfare aircraft to assist the joint fleet in launching severe interference against the Chinese fleet. In response, China rapidly deployed its Y-9 electronic warfare aircraft and 815A electronic reconnaissance ship.

In this battlefield without smoke, electronic warfare took center stage. The US deployed Growler electronic warfare aircraft and RC-135 electronic reconnaissance aircraft in an all-out effort to paralyze the command systems of the Chinese fleet with strong electronic interference. However, the Chinese forces did not retreat; the Y-9 electronic warfare aircraft and 815A electronic reconnaissance ship quickly countered, engaging in fierce electronic offensive and defensive operations over the South China Sea.

The intense electronic warfare near the northern Philippines far exceeded external expectations. Ultimately, the US fleet faced an unprecedented crisis—screens full of static and a total loss of GPS signals. In modern naval warfare, losing communication and navigation capabilities is akin to losing sight and hearing. Confronted with such a scenario, the US had to choose to retreat to avoid greater losses.

The entire electronic warfare lasted a full twelve hours, plunging northern Philippines into complete communication paralysis and sparking widespread global attention and discussion. According to Taichung News, the mysterious battle gained an official tone, with retired generals critiquing the US military’s outdated electronic warfare equipment, asserting it is a full generation behind China’s.

Will the Biden Family Split $200 Million?

As a result of the devastating debate performance of Joe Biden, calls are being made by donors, some Democrat lawmakers and especially donors for Joe to drop out of the race….but c’mon Conservatives…we need him to stay on the ticket and in the race…why you ask? He is the easiest to beat now and there is the matter of $200 million…but I will get to that shortly…so follow along.

Kevin Morris has been Hunter’s sugar-daddy for quite some time as he has paid IRS debts for Hunter along with legal bills. He has even shown up in public and in hearings with Hunter and his lawyer Abbe Lowell. But allegedly, Kevin has stopped the gravy train. It is also a fact that Joe Biden took out a loan by re-financing their Delaware home (35 times per Yahoo News) . So, it is apparent the family needs some money now and certainly in the future.

Just consider that Jill and Hunter and the rest of the world for that matter including White House staffers and the media that Joe has no physical or mental stamina for the job now or for four more years…but the plots begins here…

U.S. President Joe Biden is accompanied by his son, Hunter Biden, and ...

Hunter was with the whole family at Camp David over the weekend plotting and finding blame for his awful job at the debate…furthermore, Hunter is at the White House on a full time basis leading the charge…but what charge? I say…he is so good at creating shell companies that he likely has created several more recently and they are on paper only providing services to the re-election campaign but in reality they are paying themselves through the shell companies from the $200 million in the campaign war chest.

You see, campaign finance law says that money CANNOT be transferred to another candidate…but only to Kamala if she stays on the ticket and only if Kamala becomes the nominee. That is a bug but as no one is calling for her to step up and replace Joe….so that $200 million stays with Joe…and this family could be purposely throwing his re-election for the sake of the money. Sure it is now said that Jill and Hunter are running the operation and in some cases even the White House…but running the presidency or the scheme is the question.

The whole family needs money and lots of it…and could need even more based on continuing investigations by the House into the crime operations…

The Democrat Party is in a real mess and it could get worse when the donors completely bail out from now to the convention, after all it is quite expensive to pay for a convention in Chicago and outside money is required for that in addition to DNC money.

Do we really want the Biden crime family to ride into the sunset splitting $200 million or even $100 million after learning what he have so far about them and then living through hell for the last 3.5 years?

The legal issues for Hunter are not over yet by a long shot and for that matter neither is the investigation into the whole Biden crime family…now including with the Securities and Exchange Commission given the cunning tactics of secret shell companies already, it stands to reason to do it again. The big question here is what state would they register these companies and in what names and who would be the agent of record?

Maybe a deeper dive into that pesky laptop with offer some new things to search for and some new clues…maybe someone can reach out to the James Comer and given him a heads up on something new to look for. The media likely wont do it but given how angry they are perhaps some will….

But dear readers…you all are very good at research…jump in with comments and even trails following that money.