Iatrogenic

Today in the space between war and peace…

• NATO Presence in Finnish Lapland May Prompt Increased Russian Espionage
• Russia’s Influence on the 2025 German Election
• China’s Wind Turbine Technology Under MI5 Investigation for Espionage Concerns
• Taiwan Turns to Satellites as Backup Amid Cable Sabotage Concerns
• Threat Landscape Report on Taiwan
• Iatrogenic Effects in Information Operations: Insights from the Global War on Terror
• Polish Defense Ministry and Microsoft Announce Cybersecurity Agreement
• Winnti APT41 Launches Cyber Espionage Campaign Against Japanese Companies
• CISA Includes Two New Known Exploited Vulnerabilities in Catalog
• CISA Issues Two Advisories for Industrial Control Systems

NATO Presence in Finnish Lapland May Prompt Increased Russian Espionage

A Finnish Defence Forces (FDF) report indicates that Russia is increasingly focused on monitoring NATO activities in Finland, particularly with the Forward Land Forces (FLF) stationed in Rovaniemi and Sodankylä.

The Finnish Security and Intelligence Service (Supo) has reported heightened interest from Russia and China in NATO’s equipment in Finland. Supo has strengthened security around ports, including the Port of Kemi, which supports NATO drills and is frequented by Chinese shipping.

Colonel Ari Mure confirmed that military areas are closely monitored for espionage, while Brigadier General Pekka Turunen noted regular drone reconnaissance flights near garrisons. The FDF report also highlights diverse Russian intelligence-gathering methods, including the use of social media and operatives posing as journalists.

Despite tourist activity in Lapland, Supo asserts that counterintelligence efforts remain unaffected and are focused on threats related to Ukraine’s defense and evasion of international sanctions.

Russia’s Influence on the 2025 German Election

According to a report by Deutsche Welle, Russia is actively engaging in disinformation campaigns aimed at influencing Germany’s upcoming elections, mainly targeting centrist parties such as the Greens, CDU, and SPD. These efforts often feature fake news and documents, focusing on promoting the far-right Alternative for Germany (AfD), which aligns with Moscow’s interests.

Operations like Storm-1516 and Doppelgänger utilize fake websites and AI-generated content to spread misleading narratives, now complemented by Matryoshka bots to divert attention. In response, Germany is enhancing public awareness and collaborating with other nations to counter these threats, emphasizing the need for better policies to address underlying societal challenges.

China’s Wind Turbine Technology Under MI5 Investigation for Espionage Concerns

MI5 is investigating China’s influence on the UK’s green technology sector, particularly regarding access to sensitive data and strategic assets. The National Protective Security Authority prioritizes supply chain security, specifically citing the Green Volt offshore project involving the Chinese supplier Mingyang.

Developers have yet to confirm their suppliers, raising concerns similar to those seen in the Huawei situation, as the UK’s renewable sector is heavily dependent on Chinese materials.

Taiwan Turns to Satellites as Backup Amid Cable Sabotage Concerns

Taiwan is enhancing its satellite communications to address vulnerabilities in undersea cables and reduce the risk of internet blackouts, particularly following incidents involving Chinese vessels.

After unsuccessful negotiations with SpaceX over ownership issues, Taiwan is pursuing partnerships with multiple satellite providers, including OneWeb and Luxembourg-based SES, while discussions with Amazon’s Project Kuiper are ongoing.

Backup systems will be implemented to ensure the continuity of critical services. The government is investing nearly $10 billion in its space industry, with plans to launch indigenous satellites by 2026 and develop its own launch rockets.

Additionally, temporary solutions like high-altitude communication balloons are being considered, along with increased surveillance of undersea cables.

Threat Landscape Report on Taiwan

Taiwan is facing significant cyber threats driven by geopolitical tensions and its vital role in high-tech manufacturing. Key actors, including China, Russia, and North Korea, are targeting Taiwan’s intellectual property, financial sector, and defense systems. These threats often involve exploiting web vulnerabilities and deploying custom malware for purposes such as espionage, supply chain attacks, and ransomware. The manufacturing, IT, and healthcare sectors are particularly vulnerable to ransomware attacks, where techniques like double extortion are commonly used.

The overall landscape is marked by an increase in state-sponsored espionage, cloud vulnerabilities, and social engineering attacks focused on executives and critical infrastructure, all compounded by ongoing threats from organized groups.

Iatrogenic Effects in Information Operations: Insights from the Global War on Terror

Iatrogenic influence in information operations refers to unintended negative consequences that worsen existing issues instead of resolving them. During the Global War on Terror, U.S. forces struggled with information warfare, often failing to adapt strategies to local cultural contexts.

Key lessons include focusing on specific audiences, ensuring credible messengers, and establishing legitimacy before attempting to influence. Understanding these factors is essential for effective future strategies in information warfare.

Polish Defense Ministry and Microsoft Announce Cybersecurity Agreement

Poland’s Deputy Prime Minister and Microsoft have signed a significant cybersecurity agreement aimed at enhancing national security. The agreement focuses on AI, cloud technology, and quantum computing. Microsoft plans to invest $700 million in Poland by 2026.

Poland’s defense minister highlighted the increasing threat of cyber warfare, particularly noting attacks linked to Russia in response to Poland’s support for Ukraine.

Winnti APT41 Launches Cyber Espionage Campaign Against Japanese Companies

In March 2024, the China-linked group APT17 initiated “RevivalStone,” targeting Japanese sectors, as identified by Japanese cybersecurity company LAC. APT17's tactics involve stealthy, targeted espionage, utilizing custom tools to evade security measures and gather sensitive information, often through compromised digital certificates.

CISA Includes Two New Known Exploited Vulnerabilities in Catalog

CISA has added CVE-2025-0108 and CVE-2024-53704 to its Exploited Vulnerabilities Catalog, highlighting risks for federal enterprises. BOD 22-01 requires FCEB agencies to address these vulnerabilities, and all organizations are encouraged to prioritize timely remediation.

CISA Issues Two Advisories for Industrial Control Systems

CISA issued advisories regarding security vulnerabilities in Delta Electronics CNCSoft-G2 and Rockwell Automation GuardLogix. Users are encouraged to review the advisories for specifics and recommended mitigations.