Category: Full Text Articles – Audio Posts

Russian attacks on subsea infrastructure in the Baltic region requires a careful blend of factual evidence, historical context, and strategic communication.

Russia is engaging in provocations in the Baltic Sea with the goal of declaring it a Russian internal sea and escalating tensions with NATO.

– Finnish coast guard boarded the Russian ship “Orel S” in connection with alleged Russian under sea sabotage https://t.co/JsiX34OCBJ pic.twitter.com/k1yxdk1xj5

— The_anonymous_wave (@anonymouswave1) December 26, 2024

A Russian ship damaged three underwater communication cables between Estonia and Finland. Two of these cables belong to the telecommunications company Elisa, while the third belongs to CITIC Telecom CPC. According to our assessments, the deliberate damage to subsea communications in the Baltic Sea serves several purposes:

1. Provoking Conflict with NATO Countries: We believe that Russia is seeking to escalate tensions with NATO countries. Although in the event of a conventional conflict, NATO would have a clear advantage, the Kremlin is convinced that it could escalate the threat of nuclear conflict to the highest level, invoking scenarios from the Cuban Missile Crisis, and force the Alliance to capitulate under the threat of mutual destruction. We raised this possibility in early 2022, noting the Kremlin’s intent to rework Cold War-era scenarios in a new context.
2. Increasing Leverage in Upcoming Negotiations: We are also convinced that Moscow wants to raise the stakes ahead of upcoming negotiations with the West and approach them from a position of strength. Earlier, we pointed to the high likelihood of a military conflict between Russia and Estonia.

This narrative underscores Russia’s ongoing strategy of destabilization in the region, aimed at weakening NATO and strengthening its own bargaining position on the international stage.

During the Cold War, the USSR engaged in activities to surveil and potentially sabotage undersea NATO infrastructure, but there are no confirmed instances of direct attacks on subsea infrastructure such as undersea communication cables or pipelines. Instead, Soviet actions were often focused on intelligence-gathering and preparations for potential conflict scenarios.

Known Soviet Activities Related to NATO Subsea Infrastructure:

1. Surveillance and Tapping of Undersea Cables:

1. The Soviet Navy operated specialized submarines and vessels designed for deep-sea operations, such as the Priz class and the Delta IV submarines.
2. These assets were used to map undersea cable routes and sometimes attempt to tap into them for intelligence purposes.
3. A well-known example is the U.S. counterpart’s Operation Ivy Bells, where the U.S. tapped Soviet undersea cables, highlighting the importance of undersea infrastructure during this era.
4. Preparation for Sabotage:
5. Soviet forces developed capabilities to sever or disrupt undersea cables in the event of war. This included the use of mini-submarines and divers trained for underwater demolition.
6. Monitoring NATO Movements:
7. The Soviet Union often used submarines to shadow NATO naval operations, which sometimes included reconnaissance of undersea infrastructure.

While these actions reflect a high level of Cold War tension and competition, no publicly disclosed evidence points to the USSR launching an outright attack on NATO subsea infrastructure during peacetime. Such an act would have risked escalating tensions into open conflict, which both sides were generally keen to avoid.

1. Changing the Status of the Baltic Sea: There is a high likelihood that Russia seeks to revise the international status of the Baltic Sea, following a scenario similar to that of the Sea of Azov, declaring it an internal sea of Russia. To achieve this, the Kremlin needs a conflict that would allow for a localized military operation in the region, asserting that its rights to use the Baltic’s waters for its own interests are being infringed upon.

This shift in strategy would mark a significant escalation, as Russia would seek to reassert control over critical maritime routes and potentially disrupt NATO’s strategic access to the region. The provocation could be framed as a defensive measure to protect Russia’s perceived maritime interests, but the underlying aim would be to further destabilize the region and challenge international norms.

4. Potential Motivations

• Rhetorical Strategy: Russia could use such a declaration as a propaganda tool to rally domestic support or create a narrative of defiance against NATO and the West.
• Negotiation Leverage: A provocative claim could be a bargaining chip in broader geopolitical negotiations.

• Such a move would likely result in severe consequences, including expanded sanctions, increased NATO military presence in the Baltic, and heightened regional tensions.
• International law and global opinion would strongly oppose any such declaration, as it undermines established maritime norms.

1. Development of Sabotage Tactics on NATO Subsea Infrastructure: Since 2020, Russia has been developing tactics for sabotage on NATO’s subsea infrastructure. Initially, this involved the use of forces and assets from the Russian Main Directorate of Deep-Sea Research (GUGI), but starting in 2023, commercial vessels have been increasingly used. We believe the greatest threat comes from joint operations between Russia and its allies and partners. For example, the captain of the Chinese cargo ship Yi Peng 3, which was suspected of damaging underwater telecommunications cables in the Baltic Sea, turned out to be a Russian citizen. The damage caused disruptions to communications, and Germany’s Defense Minister Boris Pistorius suggested it could have been a deliberate act of sabotage.
2. Russian Intelligence Involvement: According to the Wall Street Journal, Yi Peng 3 received instructions from Russian intelligence. The West’s measured response to such acts of sabotage, in our view, encourages Russia to continue these operations. On November 21, the Russian ship Mercury arrived in the Kattegat Strait between Sweden and Denmark, where it conducted electronic surveillance near the Chinese vessel. It is reported that Mercury transmitted encrypted information to a command center in Kaliningrad.

This narrative underscores the evolving nature of Russian tactics in the region, combining both military and commercial assets in an effort to undermine NATO’s subsea infrastructure. The involvement of Chinese vessels and Russian intelligence points to a coordinated effort to disrupt critical communication and energy networks, while the West’s restrained response could embolden further provocations.

Russia’s use of civilian vessels, rather than naval ships, to attack infrastructure in the Baltic Sea is a strategic choice that aligns with its broader approach to hybrid warfare. Here are the key reasons for this tactic:

1. Plausible Deniability

• Civilian vessels provide a cover for covert operations, making it harder to attribute attacks directly to the Russian government or military.
• By using vessels that appear to be engaged in legitimate activities (e.g., fishing, cargo transport), Russia can create uncertainty about responsibility for the attacks.

2. Avoiding Direct Military Confrontation

• Deploying naval ships in such operations could be seen as an act of war or direct aggression, escalating tensions with NATO and Baltic states.
• Civilian vessels lower the risk of provoking a strong military response from NATO, which would be obligated to defend member states under Article 5. 

3. Economic and Operational Efficiency

• Civilian vessels are cheaper to operate and more abundant than military ships, allowing Russia to conduct operations with less investment.
• They can blend into commercial traffic, making it harder for surveillance systems to detect suspicious activity.

4. Exploiting Gaps in Surveillance

• Civilian vessels are often subject to less scrutiny than military ships, allowing them to operate closer to critical infrastructure without raising alarms.
• This tactic exploits gaps in maritime monitoring systems, particularly in busy shipping lanes like the Baltic Sea.

5. Psychological and Strategic Impact

• The use of civilian vessels blurs the line between military and civilian actions, complicating the response of targeted nations and international organizations.
• It creates fear and uncertainty, which are hallmarks of hybrid warfare, by making it difficult to predict and counteract future attacks.

6. Avoiding Accountability

• Civilian vessels can be operated by private entities or third-party actors, creating layers of separation from the Russian government.

This makes it easier for Russia to deny involvement and muddy the waters in international investigations.

Thus, there is a high likelihood that Russia has agreements with several countries from the “Axis of Evil” to use their commercial fleets for subversive operations against subsea infrastructure, with the goal of weakening the defense and economic potential of Western countries.

Russia’s use of civilian vessels, rather than naval ships, to attack infrastructure in the Baltic Sea is a strategic choice that aligns with its broader approach to hybrid warfare. Here are the key reasons for this tactic:

1. Plausible Deniability

• Civilian vessels provide a cover for covert operations, making it harder to attribute attacks directly to the Russian government or military.
• By using vessels that appear to be engaged in legitimate activities (e.g., fishing, cargo transport), Russia can create uncertainty about responsibility for the attacks.

2. Avoiding Direct Military Confrontation

• Deploying naval ships in such operations could be seen as an act of war or direct aggression, escalating tensions with NATO and Baltic states.
• Civilian vessels lower the risk of provoking a strong military response from NATO, which would be obligated to defend member states under Article 5.

3. Economic and Operational Efficiency

• Civilian vessels are cheaper to operate and more abundant than military ships, allowing Russia to conduct operations with less investment.
• They can blend into commercial traffic, making it harder for surveillance systems to detect suspicious activity.

4. Exploiting Gaps in Surveillance

• Civilian vessels are often subject to less scrutiny than military ships, allowing them to operate closer to critical infrastructure without raising alarms.
• This tactic exploits gaps in maritime monitoring systems, particularly in busy shipping lanes like the Baltic Sea.

5. Psychological and Strategic Impact

• The use of civilian vessels blurs the line between military and civilian actions, complicating the response of targeted nations and international organizations.
• It creates fear and uncertainty, which are hallmarks of hybrid warfare, by making it difficult to predict and counteract future attacks.

6. Avoiding Accountability

• Civilian vessels can be operated by private entities or third-party actors, creating layers of separation from the Russian government.
• This makes it easier for Russia to deny involvement and muddy the waters in international investigations.

Russia’s attacks on subsea infrastructure in the Baltic Sea are often attributed to a mix of strategic, economic, and political motives:

1. Strategic Disruption

• Subsea cables and pipelines are critical for communication and energy flow in Europe. Disrupting these assets can create instability and economic harm to nations reliant on them, particularly EU and NATO members.
• Targeting this infrastructure could also undermine European unity by creating energy shortages or communication blackouts.

2. Energy Weaponization

• The Baltic Sea hosts key pipelines like Nord Stream, which transport natural gas from Russia to Europe. While Russia profits from these pipelines, it has also used energy as a geopolitical tool.
• Damaging infrastructure may signal to Europe that its energy security is at risk, particularly as the EU seeks alternatives to Russian energy.

3. Military and Geopolitical Leverage

• Subsea attacks can test NATO’s response, highlighting vulnerabilities and assessing alliance cohesion.
• These actions may serve as a warning or deterrence, showcasing Russia’s capabilities to target critical infrastructure.

4. Information Warfare

• Even the threat of attacks on subsea infrastructure contributes to psychological and economic pressure. It may also fuel misinformation, creating uncertainty about the source or scale of the damage.

5. Retaliation and Provocation

• Russia might target subsea assets as retaliation for Western sanctions, military aid to Ukraine, or other perceived hostilities.
• Such attacks may provoke NATO into action, which Russia could then exploit for propaganda purposes.

Recent incidents in the Baltic Sea have heightened concerns about the security of undersea infrastructure, with several cases of damaged cables and pipelines raising suspicions of deliberate sabotage.

Notable Incidents:

• Balticconnector Damage (October 2023): The Balticconnector gas pipeline between Finland and Estonia was damaged, leading to disruptions in energy supply. Authorities are investigating the cause, with some suspecting sabotage.
• C-Lion1 Cable Incident (November 2024): The C-Lion1 undersea internet cable, crucial for connectivity between Finland and Germany, was severed, underscoring the vulnerability of critical offshore infrastructure. 
• Estlink-2 Power Cable Damage (December 2024): The Estlink-2 undersea electricity cable connecting Finland and Estonia was damaged on Christmas Day. Finnish authorities detained the Russian-linked tanker Eagle S on suspicions of involvement in the incident. 

Geopolitical Context:

The Baltic Sea region has become a focal point of geopolitical interest and conflict, with increased hybrid activities, including acts of sabotage and the use of unidentified drones. 

Russia’s alleged involvement in these incidents is seen as part of a broader strategy of hybrid warfare, aiming to disrupt critical infrastructure and create instability among NATO and EU member states. Such actions test the resilience and response capabilities of these alliances, potentially undermining their unity and security.

FortiGuard Labs observed increased activity from two botnets, the Mirai variant “FICORA” and the Kaiten variant “CAPSAICIN”.

FortiGuard Labs researchers observed a surge in activity associated with two botnets, the Mirai variant “FICORA” and the Kaiten variant “CAPSAICIN,” in late 2024. Both botnets target vulnerabilities in D-Link devices, particularly through the HNAP interface, allowing remote command execution. Some of the vulnerabilities exploited by the botnets are CVE-2015-2051,  CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112.

“According to our IPS telemetry, attackers frequently reuse older attacks, which accounts for the continued spread of the “FICORA” and “CAPSAICIN” botnets to victim hosts and infected targets.” reads the report published by Fortinet. “This article looks at their infected traffic and offers insights into these botnets.”

The researchers noticed that the latest “FICORA” campaign targeted many countries worldwide, suggesting it was not employed in targeted attacks.

The “CAPSAICIN” botnet was highly active for only two days, October 21–22, 2024, primarily targeting East Asian countries.

The “FICORA” botnet downloads and executes a shell script called “multi,” which is removed after execution. The script uses various methods like “wget,” “ftpget,” “curl,” and “tftp” to download the malware. It first terminates processes with the same file extension as “FICORA” and then downloads and executes the malware targeting multiple Linux architectures. The malware’s configuration, including its C2 server domain and a unique string, is encrypted using the ChaCha20 algorithm.

The scanner used by the FICORA botnet includes a hard-coded username and password for its brute force attack function.

The malware “FICORA” is a variant of the Mirai malware, it includes DDoS attack capabilities using multiple protocols such as “UDP,” “TCP,” and “DNS.”

The “CAPSAICIN” botnet uses a downloader script (“bins.sh”) with a different IP address (“87.10.220[.]221”) to fetch the bot to target various Linux architectures. The malware kills known botnet processes to ensure it remains the only one running. Then it connects to its C2 server (“192.110.247[.]46”), sending the victim’s OS information and a unique nickname back to the server.

The “CAPSAICIN” malware appears to be a variant of the Keksec group’s botnets, likely developed from version 17.0.0 of their malware, based on hard-coded information found within it.

“Although the weaknesses exploited in this attack had been exposed and patched nearly a decade ago, these attacks have remained continuously active worldwide. FortiGuard Labs discovered that “FICORA” and “CAPSAICIN” spread through this weakness.” concludes the report. “Because of this, it is crucial for every enterprise to regularly update the kernel of their devices and maintain comprehensive monitoring. These steps will help reduce the likelihood of malware being deployed through this vulnerability.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, FICORA botnet)

Palo Alto Networks addressed a high-severity PAN-OS flaw that could trigger denial-of-service (DoS) on vulnerable devices.

Palo Alto Networks addressed a high-severity flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), in PAN-OS software that could cause a denial-of-service (DoS) condition.

An unauthenticated attacker can exploit this vulnerability to reboot the firewall by sending a malicious packet through its data plane. Repeated exploitation forces the firewall into maintenance mode.

“A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.” reads the advisory.

The flaw’s severity is reduced to a CVSS score of 7.1 when access is limited to authenticated end users via Prisma Access.

The vulnerability affects PAN-OS versions 10.X and 11.X, including Prisma Access running these versions. It is fixed in PAN-OS 10.1.14-h8, 10.2.10-h12, 11.1.5, 11.2.3, and all later versions.

The vulnerability can be exploited only if DNS Security logging is enabled.

Palo Alto Networks is aware of customers facing denial of service (DoS) conditions when their firewall blocks malicious DNS packets, which trigger this issue.

The cybersecurity vendor addressed the issue with the releases PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.

The company noted that PAN-OS 11.0 reached the end of life (EOL) on November 17, 2024, for this reason, it will not provide a fix for this release.

To mitigate the issue, customers can set Log Severity to “none” for all DNS Security categories in each Anti-Spyware profile via the DNS Policies settings in Panorama or unmanaged firewalls.

For firewalls managed by Strata Cloud Manager (SCM), users can disable DNS Security logging on each device or across all devices by opening a support case. Prisma Access tenants should also open a support case to disable logging until an upgrade is completed.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, PAN-OS)

A Brazilian citizen faces U.S. charges for allegedly threatening to release data stolen from a company in a March 2020 security breach.

The U.S. government has charged the Brazilian citizen Junior Barros De Oliveira, 29, with allegedly threatening to release data stolen from a company during a March 2020 security breach.

De Oliveira was charged with four counts of extortionate threats involving information obtained from protected computers in violation of Title 18, United States Code, Section 1030(a)(7)(B) and four counts of threatening communications in violation of Title 18, United States Code, Section 875(d) in an indictment unsealed today in Newark federal court.

“A citizen and resident of Brazil was charged with making extortionate threats to publicize data stolen from the Brazilian subsidiary of a New Jersey company, U.S. Attorney Philip R. Sellinger announced.” reads the press release published by the U.S. Department of Justice (DoJ).

In March 2020, the man breached the systems of a Brazilian subsidiary of a New Jersey company and stole data on 300,000 customers. By September 2020, he demanded $3 million worth of Bitcoin from U.S. executives, including the CEO, threatening to leak the stolen data.

“JUNIOR BARROS DE OLIVEIRA gained unauthorized access and exceeded authorized access to protected computers of Victim 1-Brazil and obtained, without authorization, confidential customer information from more than 100,000 customers of Victim 1-Brazil.” reads the indictment.

The four extortion counts carry up to 5 years in prison and a $250,000 fine each, while the four threat counts carry up to 2 years and the same fine, or twice the value of any gain or loss.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Brazilian citizen)

Moo Deng. It’s a name millions around the world have come to know. She’s the most obsessed-over, least controversial celebrity. Her dewy skin, her enviable lifestyle of frolicking and feasting, her eminently meme-able face have all made her an icon of the internet. She’s also … a hippopotamus.

[time-brightcove not-tgx=”true”]

Cute creatures going viral is nothing new. Seven years ago, the Cincinnati Zoo wanted TIME to name Fiona the hippo Person—er, Animal?—of the Year.

But 2024 seems to be on a different level of feral fascination.

The plump pygmy hippo from Thailand—who was born in July and whose name translates approximately to “bouncy pork”—rose to fame perhaps when she was needed most. “Observing animals, whether online or in person, can be therapeutic in many ways,” University of Washington psychology professor emeritus David Barash tells TIME. They can provide a comforting distraction, he says, “when so many people are depressed by the state of the world.”

And distract Moo Deng did.

What started as simply a new subject of photos and videos posted on Khao Kheow Open Zoo’s social media platforms quickly snowballed into the world’s latest It girl. Social media users obsessed over every new documentation of her teething and tumbling and infantile antics, and the followers of the zoo’s TikTok, Facebook, X, and Instagram accounts skyrocketed.

Moo Deng inspired fan art, merchandise, even makeup trends. Foot traffic to the zoo hit record highs, prompting new measures to protect Moo Deng’s safety and limitations on visiting hours. (A 24/7 livestream was set up for her most dedicated fans to get round-the-clock access.)

Jin Lee, a media sociologist at Curtin University in Australia, thinks Moo Deng initially resonated so widely because her relationship with her caretaker seemed genuine rather than staged or manufactured for clicks. “He spent a lot of time with her, and then he just started to post things about her,” says Lee, and people crave such authenticity.

Moo Deng’s reach has since extended far and wide: She made her way into photoshops of movie scenes, became the U.S. Labor Department’s poster girl for staying hydrated, and in September was even parodied on Saturday Night Live. In November, GMM, one of Thailand’s largest music companies, produced an upbeat theme song for Moo Deng in four different languages—Thai, Chinese, Japanese, and English—that have collectively racked up hundreds of thousands of streams on YouTube.

Tony Sampson, a digital-media researcher at the University of Essex, tells TIME he defines digital virality as “affective contagion.” In other words, posts that make you feel something tend to spread better than purely informational posts. “Negative emotions like anger and frustration spread well too,” he adds. “But maybe people need to escape that sometimes.”

“I think this year might be slightly different given that there’s been a lot of depressing news,” Sampson says. “Certainly, on my networks, where there’s been an understandable increase in downbeat posts related to the depressing political situation and the wars, my most popular post was of a small bird peeping through my window.”

It’s no wonder, then, that Moo Deng was not alone this year in attracting the world’s attention. A cohort of adorable animals have joined her in the online spotlight—from Pesto the very large penguin to Nibi the “diva” beaver to Biscuits the seal, Hua Hua the giant panda, and even Haggis, a fellow baby pygmy hippo who was born in Scotland in October. The list goes on, but one thing these social media sensations appear to have in common is that people seem to like to ascribe humanlike traits and emotions to them.

Austrian ethologist Konrad Lorenz coined the concept of Kindchenschema, or baby schema, to describe humans’ affinity to facial and bodily features that make a creature appear cute—big eyes, protruding cheeks, an awkward gait—and that trigger a desire to care for and protect them. The most popular Moo Deng posts often center around likening her to a toddler, from finding her footing to calling for her mom to throwing tantrums. One post even made out that she carried a leaf around on her snout for emotional support.

Anthropomorphism can sometimes misread what animals are actually going through, Barash warns. But the fact that much of Moo Deng’s appeal seems to stem from her perceived relatability isn’t necessarily a bad thing, he suggests—and it isn’t always off base. “Fortunately,” he says, “animal behaviorists are increasingly comfortable recognizing the obvious: that many animals share a wide range of mental states with human beings.”

Maybe we could all do with our own emotional-support leaf. Or maybe Moo Deng is already just that.

(NewsNation) — Incoming Trump administration border czar Tom Homan tells NewsNation’s Ali Bradley there is no “price tag” for the mass deportations planned by the incoming administration, citing “national security” concerns.

“What price do you put on national security? I don’t think it has a price tag,” Homan said. “What price do you put on the thousands of American moms and dads who buried their children? You want to talk about family separation; they buried their children because their children were murdered by illegal aliens that weren’t supposed to be here. I don’t put a price on that. I don’t put a price on national security. I don’t put a price on American lives.”

Homan further defended the mass deportations’ $86 billion price tag, saying it would save American taxpayers money in the future.

“This operation would be expensive,” he acknowledged. “However, it’s going to save taxpayers a lot of money in the long run. Right now, we’re spending billions of dollars on free airline tickets, free hotel rooms, free medical care, free meals, the education system.”

Homan, however, said they will also need help from Congress.

“We need more resources; we need funding. We obviously need to buy more detention beds because everybody we arrest, we have to detain to work on those removal efforts and get travel documents, get flight arrangements. So we need more detention beds,” said Homan.

Homan said the Trump administration doesn’t plan on separating families but rather deporting them together. He said the administration is looking into using halfway houses to hold U.S.-born children of undocumented immigrants.

“As far as U.S. children, that’s going to be a difficult situation because we’re not going to change your U.S. citizenship,” he said. “Which means they’re going to be put in a halfway house or they can stay at home and wait for the officers to get the travel arrangements and come back and get the family. You know the best thing to do for a family is to self-deport themselves.”

Homan also targeted birthright citizenship, saying having a child who is a U.S. citizen does not make undocumented immigrants “immune from our laws.”

“We can’t send that message,” he said. “Because if we do, you’re never going to solve the border crisis.”

Thursday is an official day of mourning in Azerbaijan as an investigation is underway to determine what caused an airplane carrying 67 passengers to crash on Christmas Day in Kazakhstan, killing 38 and leaving at least 29 survivors.

[time-brightcove not-tgx=”true”]

Video posted by CNN shows the plane crash-landing, exploding into a fireball and plumes of black smoke.

Here’s what to know about the devastating accident and the latest on the possible causes.

The victims

Passengers on the Azerbaijan Airlines’ Embraer operated flight 190 included 37 Azerbaijani nationals, 16 Russians, six Kazakh citizens and three Kyrgyz nationals, according to the New York Times. The flight was heading from Azerbaijani capital Baku to the Russian city of Grozny when the crash occurred. The plane crashed while trying to make an emergency landing at the Aktau airport in Kazakhstan.

Among the 29 survivors were two children.

Footage of the rubble published by the Russian state news outlet Ria Novosti shows some passengers lying on the ground and others being able to walk away from the debris. 

Some mobile phone footage shows passengers pulling each other out of the wreckage. 

The cause of the crash

The exact cause of the crash was not immediately known.

Russia’s aviation authority initially theorized that a collision with a flock of birds could have played a part in the crash. There were also other reports that the plane may have encountered significant fog, and that the flight had changed course midway due to worsening weather conditions but it’s still unclear if this was a major factor in the crash, according to the AP.

“The information provided to me is that the plane changed its course between Baku and Grozny due to worsening weather conditions and headed to Aktau airport, where it crashed upon landing,” Azerbaijani President Ilham Aliyev said on Wednesday.

On Thursday, Reuters reported that investigators are looking into whether the plane was shot down accidentally by Russian air defense systems, based on interviews with four unnamed sources with knowledge of the preliminary findings of Azerbaijan’s investigation into the crash. Nearly three years into the Russia-Ukraine war, Russian air defense systems are regularly triggered by Ukrainian military drones aiming for targets in southern Russia. Russian authorities are not confirming that, but Russian President Vladimir Putin dispatched emergency resources to the crash site.

A spokesman for Putin, Dmitry Peskov, said Thursday that “it would be incorrect to make any hypotheses before the investigation comes to conclusions,” adding that “no one should do it.”

Azerbaijan suspended flights between Baku and Grozney until investigators can determine the official cause of the crash.

NEW YORK — The man accused of lighting a woman on fire on a New York City subway and fanning the flames as she burned to death made his first appearance in court this week, while authorities were yet to publicly identify the victim.

Sebastian Zapeta, 33, was arraigned on murder and arson charges on Tuesday afternoon in a Brooklyn court, where he was remanded back to custody. He did not enter a plea and his lawyer did not speak to reporters assembled inside the courthouse. His next court date is scheduled for Friday.

[time-brightcove not-tgx=”true”]

Authorities allege Zapeta, who federal immigration officials say is a Guatemalan citizen who entered the U.S. illegally, calmly approached the woman aboard a stationary F train at the Coney Island-Stillwell Avenue station in Brooklyn on Sunday morning and set her clothing ablaze.

New York City Police Commissioner Jessica Tisch on Sunday described the case as “one of the most depraved crimes one person could possibly commit against another human being.”

Here’s the latest:

What do we know about the suspect?

Zapeta was taken into custody on Sunday, hours after police disseminated images of a suspect in the woman’s death.

Police said three high schoolers called 911 after recognizing the person in the image, and officers found him on another subway train in the same gray hoodie, wool hat, paint-splattered pants and tan boots.

U.S. Immigration and Customs Enforcement spokesman Jeff Carter said Zapeta is a Guatemalan citizen who entered the U.S. illegally after he had been previously deported to Guatemala in 2018. It is unclear when and where he reentered the U.S., Carter said.

Zapeta was arraigned in Brooklyn criminal court on Tuesday. He appeared before a judge in a white jumpsuit and did not speak.

Assistant District Attorney Ari Rottenberg, during Tuesday’s court hearing, alleged Zapeta lit the woman’s clothing on fire and fanned the flames using a shirt.

Rottenberg added that under interrogation Zapeta claimed he didn’t know what happened, noting that he consumes alcohol. But he alleged that Zapeta identified himself to interrogators in images of the attack.

A Brooklyn address for Zapeta released by police matches a service center for Samaritan Daytop Village, which provides housing and substance abuse support. The organization did not respond to a request for comment.

What do we know about the victim?

The victim had not been publicly identified as of Thursday, an NYPD spokesperson confirmed. Police have described her only as a woman.

Tisch said at a press conference on Sunday that the victim was “in a seated position” at the end of the train car when she was set on fire. Joseph Gulotta, the department’s chief of transit, added that police don’t believe the suspect and the victim knew each other and that they did not interact before or during the incident.

What kind of police presence is there on the subway?

Police patrol the New York City subways, and there is a vast network of cameras in stations and all subway cars.

But the sheer size of the subway system — 472 stations with multiple entry points and millions of riders each day — makes policing it logistically difficult.

On Sunday, officers were at the station but were patrolling a different platform. They responded after seeing and smelling smoke coming from the fire.

New York Gov. Kathy Hochul earlier this year directed members of the state’s National Guard to assist with random bag checks at certain stations.

Is crime up on the subways?

Violent incidents on the subway and in stations often put people on edge, partly because many New Yorkers take the train multiple times a day and often have their own experiences with uncomfortable interactions in the system.

Broadly, crime is down in the city transit system this year compared to the same period in 2023. Data compiled by the Metropolitan Transportation Authority shows a 6% decline in what the agency calls major felonies between January and November of this year and 2023.

At the same time, murders in the transit system are up, with nine killings this year through November compared to five in the same time frame last year.

High-profile incidents on the train often attract national attention and further unnerve passengers. Daniel Penny, a military veteran who placed an agitated subway rider in a chokehold, was acquitted of homicide this month.

“When you have these incidents, it overshadows the success and it plays on the psyche of New Yorkers,” said New York City Mayor Eric Adams in a Monday interview on PIX 11, noting that many high-profile incidents in the transit system involve people with mental health issues.

Akamai researchers discovered a new Mirai botnet variant targeting a vulnerability in DigiEver DS-2105 Pro DVRs.

Akamai researchers spotted a Mirai-based botnet that is exploiting an remote code execution vulnerability in DigiEver DS-2105 Pro NVRs.

The experts pointed out that this Mirai variant has been modified to use improved encryption algorithms. The Mirai variant incorporates ChaCha20 and XOR decryption algorithms. 

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi, linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro.

“Further investigation into this campaign revealed a new botnet that calls itself the “Hail Cock Botnet” that’s been active since at least September 2024.” reads the analysis published by Akamai. “Using a Mirai malware variant that incorporates ChaCha20 and XOR decryption algorithms, it has been seen compromising vulnerable Internet of Things (IoT) devices in the wild, such as the DigiEver DVR, and TP-Link devices through CVE-2023-1389.”

Upon exploiting the vulnerability, the malicious code can inject commands via the ntp parameter, allowing attackers to download Mirai-based malware through HTTP POST requests over port 80, referencing “IP Address:80/cfg_system_time.htm” in the HTTP Referer header.

The new Mirai malware variant also targets the TP-Link flaw CVE-2023-1389 and the vulnerability CVE-2018-17532 affecting Teltonika RUT9XX routers.

The malware maintains persistence using a cron job that downloads a shell script from “hailcocks[.]ru.”

The bot uses curl or wget to download the “wget.sh” file, ensuring compatibility if one is unavailable on the host.

The malware connects to various hosts for Telnet/SSH brute-forcing and uses a single IP linked to “kingstonwikkerink[.]dyn” for C2 communication. Compromised hosts display unique strings during execution, including “you are now apart of hail cock botnet” in older versions and “I just wanna look after my cats, man.” in newer ones.

“One of the easiest methods for threat actors to compromise new hosts is to target outdated firmware or retired hardware.” concludes the report. “The DigiEver DS-2105 Pro, which is approximately 10 years old now, is an example. Hardware manufacturers do not always issue patches for retired devices, and the manufacturer itself may sometimes be defunct. Therefore, in circumstances in which security patches are unavailable and unlikely to come, we recommend upgrading vulnerable devices to a newer model.”

Akamai’s report includes indicators of compromise (IoC) associated with these attacks along with Yara rules for the detection of the threat.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, botnet)

Russia’s economy has been significantly impacted by sanctions, with consequences expected to linger for several years.

The country continues to rely heavily on its energy resources, the backbone of its economy, but these too face severe restrictions under the sanctions regime.

Russia is likely to deepen its economic dependence on China, signaling a readiness to make significant concessions to maintain this partnership. With no viable alternatives to a market of such scale, Moscow appears determined to prioritize its ties with Beijing.

From December 11 to 12, 2024, Dmitry Medvedev, Deputy Chairman of Russia’s Security Council, conducted an unannounced visit to China, where he delivered a letter to Chinese President Xi Jinping. Notably, two years prior, Medvedev made a similar trip to Beijing.

This year’s visit is likely linked to a significant deal between China and Russia, finalized shortly afterward. On December 17, Kazakhstan’s Kazatomprom and Russia’s Uranium One (a subsidiary of Rosatom overseeing Russia’s foreign uranium mining assets) sold a 49.99% stake in their joint venture at the Zarechnoye uranium deposit in Kazakhstan. The buyer was a subsidiary of State Nuclear Power Technology, one of China’s three state-owned nuclear power plant operators.

In addition to the Zarechnoye transaction, Uranium One is expected to sell stakes in two more Kazakh projects to China Uranium Development Company, ultimately controlled by China General Nuclear Power Corporation (CGN). With less than 1% of the world’s uranium reserves, this acquisition represents another step in China’s quest for self-sufficiency in nuclear energy.

The sale of uranium deposits in Kazakhstan by Russian entities to China reflects a mix of strategic, economic, and geopolitical factors:

1. Economic Motivations

• Cash Flow Needs:
  • Russian companies or the state may face financial pressures due to sanctions, declining revenues, or the need to prioritize other strategic projects. Selling uranium assets could provide immediate liquidity.
• Resource Optimization:
  • Russia may focus on developing domestic uranium resources or other strategic assets closer to home, reducing its involvement in Kazakhstan.

2. Strengthening Sino-Russian Ties

• Geopolitical Partnership:
  • Amid increasing isolation from the West, Russia has deepened its relationship with China. Selling uranium deposits could be part of broader cooperation agreements in energy, mining, or infrastructure.
• Trade Dependencies:
  • Russia might see the deal as a way to secure China’s long-term political and economic support, leveraging the sale as a goodwill gesture.

3. China’s Strategic Interest

• Energy Security:
  • China is aggressively expanding its nuclear energy capacity to meet its growing energy demands and reduce carbon emissions. Acquiring uranium deposits aligns with its strategy to secure raw materials for its reactors.
• Control of Supply Chains:
  • By purchasing deposits, China ensures direct control over uranium resources, reducing dependency on global markets and strengthening its position in the nuclear supply chain.

4. Kazakhstan’s Role

• Kazakhstan as a Key Uranium Player:
  • Kazakhstan is the world’s largest producer of uranium, making its resources highly attractive to China, which is keen to dominate critical resource markets.
• Kazakh-Russian Dynamics:
  • Russia may have facilitated the deal with China to maintain influence over Kazakhstan’s resource sector, even indirectly, while accommodating China’s growing presence.

5. Shifting Global Uranium Markets

• Rising Demand for Nuclear Energy:
  • With nuclear energy gaining prominence as a low-carbon energy source, global competition for uranium resources is intensifying. Russia may have capitalized on high demand to sell at a premium.
• Reduced Strategic Value:
  • If Russia has alternative sources or less reliance on Kazakh uranium, it might view the sale as less strategically detrimental.

6. Sanctions and Geopolitical Pressures

• Limited Access to Western Markets:
  • Western sanctions may have restricted Russia’s ability to effectively utilize or monetize uranium resources, prompting it to turn to China as a buyer.
• Avoiding Overextension:
  • Given the strain of ongoing conflicts and economic challenges, Russia may prioritize domestic resource management over international ventures.

v

7. Strategic Calculations in Central Asia

• Balancing Influence:
  • Russia may be allowing China to increase its stake in Kazakhstan’s resources as part of a tacit understanding to share influence in Central Asia.
• Countering Western Interests:
  • Facilitating China’s acquisition of uranium could be a way to counterbalance Western influence in the global nuclear market.

Conclusion

The sale likely represents a convergence of Russia’s economic needs, strategic alignment with China, and shifting dynamics in global resource markets. For China, the acquisition is a strategic win in securing critical resources, while Russia leverages the deal to maintain strong ties with its eastern ally amidst geopolitical challenges.

The uranium deal between Russia and China involving Kazakhstan’s deposits has several implications for the global energy market, particularly in the nuclear energy sector:

1. Strengthening China’s Position in the Nuclear Energy Market

• Increased Uranium Supply Security:
  • By acquiring control over Kazakhstan’s uranium deposits, China ensures a steady supply of raw material for its expanding nuclear energy program, reducing dependency on global suppliers.
• Accelerating Nuclear Expansion:
  • This deal supports China’s ambitions to expand its nuclear energy capacity as part of its clean energy strategy, potentially driving global demand for advanced nuclear technologies.

2. Impact on Global Uranium Prices

• Potential Price Stability or Decline:
  • China’s direct control over uranium resources could stabilize prices by reducing reliance on the open market.
• Market Disruption Risks:
  • Conversely, increased Chinese control might lead to market imbalances if other nations perceive the deal as consolidating too much influence over supply, potentially triggering price volatility.

3. Strategic Shift in Energy Geopolitics

• China-Russia Energy Nexus:
  • The deal underscores the deepening energy partnership between Russia and China, which may challenge Western influence in global energy markets.
• Reduced Western Leverage:
  • Western nations could face challenges in accessing or negotiating uranium supplies as China secures more control over key deposits, particularly in resource-rich Kazakhstan.

4. Kazakhstan’s Role as a Global Uranium Supplier

• Shift in Export Dynamics:
  • Kazakhstan, the world’s largest uranium producer, may see a portion of its exports directed primarily toward China, reducing availability for other buyers.
• Increased Regional Influence:
  • China’s involvement in Kazakhstan’s uranium sector strengthens its influence in Central Asia, potentially reshaping regional energy politics.

5. Pressure on Competing Uranium Suppliers

• Challenge to Western Suppliers:
  • With China securing resources, Western uranium producers may face increased competition, potentially prompting investments in alternative mining projects or technologies.
• Incentive for Diversification:
  • Other countries reliant on uranium imports may seek to diversify suppliers or develop domestic reserves to reduce dependence on China-influenced supply chains.

6. Impact on Nuclear Energy Development

• Boost for Global Nuclear Ambitions:
  • With greater access to uranium, China could offer more competitive nuclear technology exports, promoting nuclear energy adoption in developing countries.
• Pressure on Renewable Energy:
  • Enhanced focus on nuclear energy by major players like China could shift some investments away from renewables, affecting the broader clean energy transition.

7. Potential Risks of Market Concentration

• Supply Chain Control:
  • Increased Chinese control over uranium resources may raise concerns about market monopolization, potentially leading to strategic stockpiling by other nations.
• Energy Security Concerns:
  • Countries heavily reliant on uranium imports might view the deal as a risk to their energy security, prompting geopolitical tensions.

8. Environmental and Regulatory Impacts

• Increased Mining Activity:
  • Expanded uranium mining in Kazakhstan under Chinese oversight could have environmental implications, raising questions about regulatory standards.
• Influence on Global Standards:
  • The deal may push for changes in how uranium production and trade are regulated globally, with China playing a larger role in shaping industry norms.

The deal between Russia, China, and Kazakhstan could significantly influence the global energy market by consolidating Chinese control over uranium supplies, reshaping nuclear energy dynamics, and challenging Western energy strategies. It highlights the growing strategic importance of nuclear energy in global energy transitions and underscores the geopolitical stakes involved in securing critical resources.

Dmitry Medvedev’s involvement in leading the uranium deal with China could be attributed to several strategic, political, and economic reasons tied to his role within the Russian government and his positioning in international relations:

1. Medvedev’s Position in Russian Leadership

• Influence in Energy and Economic Policy:
  • Medvedev, as a senior Russian political figure and former president, has significant influence over Russia’s energy and economic strategies. His experience and authority make him a key player in brokering high-profile deals.
• Trusted Negotiator:
  • Medvedev is seen as a pragmatic statesman with experience in international diplomacy. His involvement signals Moscow’s intent to handle the deal at the highest level to ensure its success.

2. Strengthening Sino-Russian Relations

• Strategic Partnership:
  • Medvedev has long been involved in fostering closer ties with China. His leadership in this deal underscores the Kremlin’s commitment to deepening economic and geopolitical cooperation with Beijing.
• Signaling Stability:
  • Medvedev’s involvement provides assurance to China that Russia is serious about maintaining a stable and mutually beneficial partnership, particularly amid global geopolitical tensions.

3. Economic and Political Symbolism

• Showcasing Russian-China Cooperation:
  • The deal reflects Russia’s pivot towards China as a critical ally and trading partner, especially as relations with the West remain strained. Medvedev’s leadership amplifies the importance of this partnership.
• Highlighting Russia’s Global Role:
  • By positioning a high-profile figure like Medvedev in the negotiations, Russia underscores its influence in global resource markets and its role as a key player in China’s energy security strategy.

4. Medvedev’s Role in Energy Diplomacy

• Experience with Energy Agreements:
  • Medvedev has historically been involved in major energy deals, including those concerning oil, gas, and nuclear energy. His expertise makes him a logical choice for leading complex negotiations like this uranium deal.
• Focus on Strategic Resources:
  • Uranium is a critical resource for nuclear energy, and Medvedev’s leadership reflects Russia’s strategic prioritization of resource diplomacy.

5. Geopolitical Calculations

• Managing Central Asian Dynamics:
  • Kazakhstan, where the uranium deposits are located, is a critical part of the Russian sphere of influence. Medvedev’s involvement signals Moscow’s intent to maintain oversight of the transaction while balancing its partnership with China.
• Countering Western Pressure:
  • By leading this deal, Medvedev demonstrates Russia’s ability to forge significant economic partnerships despite Western sanctions and geopolitical isolation.

6. Domestic Political Implications

• Consolidating Medvedev’s Role:
  • Medvedev’s involvement in such a high-stakes deal could be a move to bolster his standing within the Russian political elite, positioning him as a key figure in Russia’s long-term strategic planning.
• Showcasing Competence:
  • Successful leadership in international deals enhances Medvedev’s reputation as a capable and effective leader within the Kremlin hierarchy.

Conclusion

Dmitry Medvedev’s leadership in the uranium deal with China likely reflects a blend of his expertise, political influence, and the Kremlin’s strategic priorities. His involvement ensures the deal aligns with Russia’s broader goals of economic resilience, geopolitical partnership with China, and maintaining influence in critical regions like Central Asia.

The uranium deal between Russia and China, involving Kazakhstan’s deposits, has implications for China’s overall nuclear capabilities, including its potential for nuclear weapons production. However, there are significant nuances to consider:

1. Enriched Uranium vs. Raw Uranium

• Civilian vs. Military Use:
  • The uranium deposits in Kazakhstan provide raw uranium ore, which must undergo enrichment to be used in either nuclear power plants or nuclear weapons.
  • The deal primarily supports China’s civilian nuclear energy program. Transitioning uranium for military purposes would require significant processing and a strategic decision to shift focus.
• Existing Military Stockpiles:
  • China already has sufficient stockpiles and enrichment capacity to sustain its nuclear weapons program, meaning the deal is unlikely to directly boost military production.

2. Strategic Benefits for China’s Nuclear Arsenal

• Diversified Supply Chain:
  • Securing uranium resources ensures a reliable supply for all nuclear activities, reducing vulnerabilities to external disruptions.
• Dual-Use Potential:
  • While the deal is framed as civilian-oriented, increased control over uranium could indirectly benefit military programs by freeing up domestic resources for weapons production.

3. China’s Nuclear Modernization

• Expanding Arsenal:
  • Reports suggest that China is modernizing and expanding its nuclear arsenal. While this requires advanced technology and enriched uranium, having a secure supply chain strengthens its ability to scale production if desired.
• Advanced Weaponry:
  • China’s focus on modernizing its nuclear triad (land, sea, and air-based delivery systems) may be supported by an enhanced uranium supply chain.

4. International Oversight and Compliance

• IAEA Safeguards:
  • Kazakhstan is a signatory to the Nuclear Non-Proliferation Treaty (NPT), and uranium mining and export are typically subject to International Atomic Energy Agency (IAEA) safeguards. These measures aim to prevent diversion to military use.
• China’s NPT Obligations:
  • As a nuclear-armed state under the NPT, China is permitted to maintain its nuclear arsenal but is bound by international norms to prevent proliferation.

5. Geopolitical Implications

• Increased Global Scrutiny:
  • The deal may raise concerns among rival nations, such as the United States and India, about China’s long-term nuclear ambitions.
• Strengthened Bargaining Power:
  • A secure uranium supply enhances China’s geopolitical leverage, allowing it to pursue nuclear strategies with greater confidence.

6. Potential for Strategic Ambiguity

• Civil-Military Overlap:
  • China’s tightly integrated civilian and military nuclear sectors create the potential for overlap in resource allocation, though this would require a deliberate policy shift.
• Perception vs. Reality:
  • While the deal may not directly bolster China’s weapons program, the perception of increased capability could influence global power dynamics and arms race calculations.

F

7. Broader Implications for Regional Stability

• Arms Race Concerns:
  • If rivals perceive the deal as enhancing China’s nuclear weapons potential, it could exacerbate regional tensions and fuel arms races in Asia.
• Strategic Partnerships:
  • The deal strengthens Sino-Russian ties, indirectly affecting global nuclear strategy and counterbalancing Western influence.

Conclusion

While the uranium deal is primarily civilian-focused, it enhances China’s overall nuclear capabilities by securing a stable supply chain. Any direct impact on nuclear weapons production would depend on strategic decisions within China’s leadership. However, the deal indirectly strengthens China’s nuclear posture and could influence global perceptions, fueling concerns about its broader strategic ambitions.

Kazakhstan, as the world’s largest uranium producer, stands to gain both opportunities and challenges from the uranium deal with China. Here’s a breakdown of the potential benefits and risks:

Potential Benefits for Kazakhstan

1. Economic Gains

• Increased Revenue:
  • The deal could provide significant financial inflows from the sale of uranium and long-term supply agreements with China.
• Investment in Mining Sector:
  • China’s involvement may lead to increased investments in Kazakhstan’s mining infrastructure, creating jobs and boosting local economies.
• Diversification of Markets:
  • Strengthening ties with China reduces reliance on Western buyers and ensures a stable demand for Kazakhstan’s uranium.

2. Enhanced Regional Influence

• Strategic Importance:
  • By partnering with a global power like China, Kazakhstan reinforces its position as a critical player in the global uranium market.
• Geopolitical Leverage:
  • The deal may allow Kazakhstan to balance relationships between Russia, China, and Western nations, enhancing its diplomatic standing.

3. Long-Term Stability

• Secure Partnership:
  • A long-term agreement with China provides predictable revenue streams and stability in the face of fluctuating global uranium prices.
• Technological Transfers:
  • Collaboration with China could bring advanced mining and processing technologies to Kazakhstan, improving efficiency and sustainability.

Potential Risks for Kazakhstan

1. Overdependence on China

• Economic Reliance:
  • Heavy reliance on China for uranium exports could reduce Kazakhstan’s bargaining power and expose it to economic risks if relations with China sour.
• Market Concentration:
  • Focusing on one major buyer limits diversification and leaves Kazakhstan vulnerable to shifts in China’s energy policies.

2. Environmental Concerns

• Mining Impact:
  • Increased uranium extraction to meet Chinese demand could lead to environmental degradation, raising concerns among local communities.
• Regulatory Challenges:
  • Managing sustainable mining practices while meeting high demand may strain Kazakhstan’s regulatory framework.

3. Political Implications

• Balancing Power Dynamics:
  • Close ties with China might strain Kazakhstan’s relationships with Russia or Western countries, especially if they perceive the deal as tilting too heavily towards Beijing.
• Sovereignty Concerns:
  • Heavy Chinese involvement in Kazakhstan’s uranium sector could raise domestic concerns about foreign influence over critical resources.

4. Risk of Resource Exploitation

• Unequal Agreements:
  • There’s a risk that the terms of the deal may favor China disproportionately, leading to limited long-term benefits for Kazakhstan.
• Revenue Transparency:
  • Corruption or mismanagement of revenues could undermine the deal’s potential benefits for the broader Kazakh population.

Kazakhstan benefits from the uranium deal through economic gains, enhanced regional influence, and technological advancements. However, these advantages come with risks of overdependence, environmental impact, and geopolitical complications. The ultimate outcome will depend on Kazakhstan’s ability to negotiate equitable terms, manage environmental concerns, and maintain a balanced foreign policy while leveraging its role as a key player in the global uranium market.