Military contractor Erik Prince started a private WhatsApp group for his close associates that includes a menagerie of right-wing government officials, intelligence operatives, arms traffickers, and journalists. We got their messages. from Off Leash: Inside the Secret, Global, Far-Right Group Chat [The New Republic; ungated] [CW: the quiet part, out loud]

Among the group's hottest topics: • The "Biden Regime," which a consensus of Off Leash participants who weighed in view as an ally of Islamic terrorists and other anti-American forces that needs to be crushed along with them and its partners in the deep state, such as former Joint Chiefs of Staff Chairman Mark Milley, who "deserves to burn in hell," Lara Logan shared with the group chat. • The shortcomings of democracy that invariably resulted from extending the franchise to ordinary citizens, who are easily manipulated by Marxists and populists. "The West is at best a beautiful cemetery," lamented Sven von Storch, whose aristocratic German family fled the country after World War II to Chile, where their son was raised before returning to the land of his ancestors, where he married the granddaughter of the Third Reich's last de facto head of state, who was convicted at Nuremberg. • Israel-Palestine, a problem that Michael Yudelson, Prince's business partner at Unplugged, which markets an allegedly supersecure smartphone, said should be handled by napalming Hamas's tunnel network. "I would burn all those bastards, and have everything above ground, everything left of Gaza, collapse into this fiery hell pit and burn!" he wrote. • The Houthi rebels in Yemen, whom Yoav Goldhorn, who was an Israeli intelligence officer until last year and now works for a Tel Aviv–based security contractor headed by former senior national security veterans, thinks should be "dealt with" as soon as possible to ensure they don't grow from "an inconvenience to a festering mess [that] will eventually require an entire limb to be amputated." • And most of all, Iran, which participants agreed, with a few exceptions, also needed to be wiped out. Saghar Erica Kasraie, a former staffer for Republican Representative Trent Franks when he served on the House Armed Services Committee and whom, according to her LinkedIn profile, she advised on Middle East issues, urged that the Islamic Republic's clerical leaders be targeted by weaponized drones that "take them out like flys ."

An injection given just twice a year could herald a breakthrough in protecting the population that has the highest infection rates.

© Aaron Ufumeli/EPA, via Shutterstock

Methods such as hormonal implants and injections are reaching remote areas, providing more discretion and autonomy.

Europol coordinated two separate operations this week to disrupt 13 websites used in spreading terrorist propaganda online. This action followed a year-long operation involving ten law enforcement authorities across Europe. The targeted websites were linked to Islamic State, al-Qaeda and its affiliates, and the Syria-based rebel group Hay’at Tahrir al-Sham.

“The disrupted terrorist operated websites worked as a node and an archive for terrorist propaganda produced by the different IS [Islamic State] media outlets using a multiplatform approach.” - Capt. Alberto Rodríguez Vázquez of Spain's Guardia Civil.

Servers Taken Down in Europe and U.S.

Europol reported that servers were taken down in Germany, the Netherlands, the United States and Iceland under Operation HOPPER II. The authorities in Spain also arrested nine “radicalized individuals” from different nationalities. Spain's Guardia Civil led a separate operation, dubbed ALMUASASA, against media linked to the Islamic State’s I’LAM Foundation. Europol said this organization ran global communication channels, including radio stations, a news agency, and social media content.

“The network was designed to be resilient and low profile and that explains its multi-server hosting strategy. It operated both on the surface web and the dark web.” – Vázquez.

Terrorist Propaganda in 30 Languages

The organization communicated Islamic State directives and slogans in over 30 languages, including Spanish, Arabic, English, French, German, Danish, Turkish, Russian, Indonesian, and Pashto. Investigations revealed several terabytes of information, which will help law enforcement in further investigations into the terror group. The overall terrorist threat to the European Union remains high, with jihadist terrorism being a principal concern. Europol's operations followed the seizure of four computer servers in Romania, Ukraine, and Iceland, as part of ongoing investigations into religious and politically motivated terrorist groups.

“The servers supported multiple media outlets linked to Islamic State. They were used to disseminate worldwide propaganda and messages capable of inciting terrorism.” - Europol

According to Europol, the targeted websites enabled terrorist organizations and violent extremists to bypass the enhanced moderation and content removal efforts of mainstream online service providers. This helped them maintain a persistent online presence. The sites were used for recruitment, fundraising, inciting violence, and spreading propaganda, including manuals for creating explosives and content designed to radicalize and mobilize individuals. [caption id="attachment_77383" align="aligncenter" width="1024"] Jode de la Mata Amaya, national member for Spain, Eurojust (Source: YouTube)[/caption] The investigation has also revealed important details on the financing of the terrorist networks, which will be pivotal in future combat of threats from these networks, said Jode de la Mata Amaya, national member for Spain, Eurojust. All the 13 websites were referred for removal under European Union laws that mandate all hosting service providers remove flagged content within an hour of receiving a removal order or face penalties determined by individual member states.

Ukraine’s Security Service (SBU) detained two individuals accused of aiding Russian intelligence in hacking the phones of Ukrainian soldiers and spreading pro-Kremlin propaganda. The suspects operated bot farms using servers and SIM cards to create fake social media accounts. One bot farm in the Zhytomyr Oblast was hosted in an apartment of a Ukrainian woman. She allegedly registered over 600 virtual mobile numbers and several anonymous Telegram accounts.

Russian Intelligence Installed Spyware in Campaign

The woman sold or rented these accounts in exchange for cryptocurrency on online Russian underground marketplaces. Russian intelligence used these accounts and numbers to hack phones of Ukrainian military personnel by sending phishing emails containing spyware that collected sensitive confidential data. Russian hackers were recently observed using legitimate remote monitoring and management (RMM) software to spy on Ukraine and its allies. [caption id="attachment_77338" align="aligncenter" width="1024"] Source: SBU[/caption] According to the SBU, the accounts hosted on this bot farm were also used to spread pro-Kremlin propaganda purporting as ordinary Ukrainian citizens. Another 30-year-old man from Dnipro allegedly registered nearly 15,000 fake accounts on various social networks and messaging platforms using Ukrainian SIM cards. He sold these accounts to Russian intelligence services on darknet forums. [caption id="attachment_77337" align="aligncenter" width="1024"] Source: SBU[/caption] Both suspects face up to three years in prison or a fine if found guilty. The investigation continues.

Russian Bot Farms Used Since Invasion Started

Russia has used bot farms to disseminate Kremlin propaganda, incite panic and manipulate narratives since the beginning of its Ukrainian invasion. The Ukrainian authorities have busted dozens of bot farms and arrested hundreds of people across the country who operate them. In December 2022, they dismantled more than a dozen bot farms. In September of that year, two bot farms were taken down, while in August a group that operated more than 1 million bots was also dismantled. Bot farm operators typically receive payments in Russian rubles, a prohibited currency in Ukraine. These activities continued in the second year of the war, where the Ukrainian Cyber Police raided 21 locations across the country and seized computer equipment, mobile phones and more than 250 GSM gateways. This included 150,000 SIM cards of different mobile operators used in the illicit activities to create fake social media profiles.

Researchers say the nearly mile-long swim was the longest by big cats ever recorded.

Still, Elon Musk, who owns the platform, and his chief executive Linda Yaccarino, have work to do to grow the business, leaders told employees.

© Jason Andrew for The New York Times

Recent cyber espionage activities have illuminated the pervasive threat posed by the China-linked hacking group Mustang Panda, as it strategically targets Vietnamese entities. Analysis by Cyble Research and Intelligence Labs (CRIL) reveals the sophisticated tactics employed by the Mustang Panda Advanced Persistent Threat (APT) in infiltrating government bodies, nonprofits, and educational institutions, among others. Mustang Panda, with its roots in China, operates with alarming precision, potentially indicating state-affiliated cyberespionage efforts. The group's reach extends beyond Vietnam, targeting organizations across the U.S., Europe, and various Asian regions, including Mongolia, Myanmar, Pakistan, and more.

Researchers Unravel Mustang Panda Campaign

CRIL's scrutiny of recent attacks in Vietnam uncovers a pattern of deception, with Mustang Panda employing lures centered around tax compliance and the education sector. The campaigns exhibit a multi-layered approach, leveraging legitimate tools like forfiles.exe to execute malicious files hosted remotely. Furthermore, the group harnesses PowerShell, VBScript, and batch files to advance its operations, demonstrating a nuanced understanding of cybersecurity evasion tactics. One notable aspect of Mustang Panda's modus operandi is the ingenious embedding of partial lure documents within malicious LNK files, aimed at thwarting detection measures. By blending elements of the lure directly into the files, the hackers increase their payload's size while evading traditional security protocols. The intricacy of Mustang Panda's attacks is exemplified by its use of DLL sideloading techniques to execute malicious code on victim systems. By exploiting vulnerabilities in legitimate executables, the group establishes persistence and opens pathways for further infiltration. Recent findings also shed light on Mustang Panda's persistent activities since at least 2014, with documented engagements ranging from governmental targets to NGOs. Notably, a campaign in April 2017 targeting a U.S.-based think tank revealed distinctive tactics indicative of the group's extensive reach and operational longevity.

Mustang Panda Targets Vietnamese Organizations

In the most recent campaign observed in May 2024, Mustang Panda set its sights on Vietnamese entities with lures related to tax compliance, following a similar approach in April 2024, which targeted the education sector. Both campaigns were initiated with spam emails containing malicious attachments, showcasing the group's adaptability in exploiting topical themes to maximize success rates. Technical analysis of the May 2024 campaign unveils the group's sophisticated maneuvering, including the use of double extensions in malicious files to mask their true nature. This campaign's payload, disguised as a PDF document, conceals a series of PowerShell commands aimed at downloading and executing further malicious scripts from remote servers. DLL sideloading emerges as a recurrent theme, with Mustang Panda leveraging legitimate executables to cloak their malicious activities. By camouflaging their actions within routine system processes, the hackers minimize the risk of detection while maintaining access to compromised systems. The Mustang Panda campaigns highlight the growing threat of cybercriminals, characterized by increasingly sophisticated methodologies. By exploiting vulnerabilities in common software and leveraging social engineering techniques, the group demonstrates a formidable capacity to infiltrate and persist within targeted networks.

A study found that hundreds of sites, many without obvious Kremlin links, copied Russian propaganda and spread it to unsuspecting audiences ahead of the E.U. election.

© Misha Friedman/Getty Images

In Kenya, Revital Healthcare is manufacturing medical products that Africa needs to take charge of routine health care and respond to outbreaks.

© Brian Otieno for The New York Times

The platform will keep state-affiliated media accounts out of users’ feeds if they “attempt to reach communities outside their home country on current global events and affairs.”

© Jon Nazca/Reuters

America’s adversaries have mounted online campaigns to amplify the social and political conflicts over Gaza flaring at universities, researchers say.

© Amir Hamja/The New York Times