03/09/21

Critical Infrastructure Daily Brief 3rd Sept

Statewide Terrorism & Intelligence Center

Critical Infrastructure Daily Brief

September 3, 2021

**UNCLASSIFIED **

(U) STIC is providing this information to our partner agencies for situational awareness. This document contains information obtained from open source information. While STIC has gone to great lengths to verify the information found in open source documents on the internet, this information may not be accurate.

Situational Awareness

• Pandemic Unemployment Assistance Set to End, Organizations Work to Bridge Employment Gap

Unemployment has been a major issue throughout the pandemic. Stay-at-home orders and supply stresses caused layoffs. Fraudsters took advantage and exploited the system. Those who needed help had trouble accessing it: Hotlines were overburdened, and COVID restrictions meant state unemployment offices remained closed. The Illinois Department of Employment Security kept its offices closed, in part because of security threats from people apparently furious about it all. That’s changing: IDES announced last week that it’s opening three job centers including one in Harvey, and announced Wednesday that another three centers will be open to those who pre-book appointments, including a center in Pilsen. It comes as certain business owners are desperate for employees. The Illinois Retail Merchant Assocation’s Rob Karr said grocery stores have resumed normal operations, but customers now also expect pickup service, which has proven to be more labor intensive than originally assumed. It’s similar for shops and restaurants. “We’re seeing signs everywhere about narrowing hours or closing on certain days,” Karr said. It’s expected that some of those hiring issues will lessen as extended unemployment benefits, pumped up because of the pandemic, will expire Sept. 4. That includes supplemental payments of $300 a week and benefits for gig workers normally not eligible. Other benefits will carry through Sept. 11. There’s debate over whether the benefits are keeping away individuals who’d normally be applying for open positions. A Wall Street Journal analysis found that job-growth is on par for states — Illinois among them — that continued the extended pandemic assistance until Federal Reserve’s September deadline, and those that ended the boosts earlier. Karr said it’s hard to measure, though, because some states had less expansive shutdowns throughout the pandemic, whereas others, like Illinois, instituted tighter pandemic mitigations and restrictions.

• Police in New Zealand Kill ‘Extremist’ Who Stabbed Six in Supermarket

New Zealand police on Friday shot and killed a knife-wielding "extremist" who was known to authorities, Prime Minister Jacinda Ardern said, after he stabbed and wounded at least six people in a supermarket. The attacker, a Sri Lankan national who had been in New Zealand for 10 years, was inspired by the Islamic State militant group and was being monitored constantly, Ardern said. "A violent extremist undertook a terrorist attack on innocent New Zealanders," Ardern told a briefing. "He obviously was a supporter of ISIS ideology," she said, referring to Islamic State. The attacker, who was not identified, had been a "person of interest" for about five years, Ardern said, adding that he had been killed within 60 seconds of beginning his attack in the city of Auckland. Police following the man thought he had gone into the New Lynn supermarket to do some shopping but picked up a knife from a display and started "running around like a lunatic" stabbing people, shopper Michelle Miller told the Stuff online news outlet. A witness told the New Zealand Herald the attacker had shouted "Allahu akbar" (God is greatest). Police Commissioner Andrew Coster told the briefing the man was acting alone and police were confident there was no further threat to the public. "We were doing absolutely everything possible to monitor him and indeed the fact that we were able to intervene so quickly, in roughly 60 seconds, shows just how closely we were watching him," Coster said. Ardern said the reasons the attacker was known to authorities were subject to court suppression orders over legal proceedings. New Zealand has been on alert for attacks since a white supremacist gunman killed 51 people at two mosques in the city of Christchurch on March 15, 2019. Ardern, asked if the Friday attack could have been revenge for the 2019 mosque shootings, said it was not clear. The man alone who was responsible for the violence, not a faith, she said. "It was hateful, it was wrong. It was carried out by an individual, not a faith," Ardern said. "It would be wrong to direct any frustration to anyone beyond this individual."

• New Zealand Police Kill ‘Violent Extremist’ After He Stabs 6 at Auckland Supermarket

• Heavy Clashes Erupt Between Taliban and Anti-Taliban Group in Afghanistan’s Panjshir Province

Heavy clashes erupted Thursday night around Afghanistan's northern Panjshir Valley between Taliban fighters and an anti-Taliban group, according to a source within the group. Panjshir Valley, a mountainous, inaccessible region north of Kabul, is the last major holdout against Taliban rule, and has a long history of resisting the insurgent group. Sporadic fighting between the Taliban and the National Resistance Front (NRF) has continued for two weeks now. The Taliban have been massing forces in and around Panjshir province in recent weeks, and said on Monday they had captured three districts in the valley. The overnight clashes between the Taliban and the National Resistance Front of Afghanistan (NRF) started late Thursday, and were very intense, said the NRF source. Earlier on Thursday, Fahim Dashti, an NRF spokesperson, said in an audio message that the Taliban lost 40 of their forces in their ongoing attempts to enter Panjshir. Ali Nazary, another spokesperson from the group, said Thursday that the Taliban had also lost a number of heavy equipment and weaponry that had been destroyed. CNN has not independently verified the Taliban casualties. Separately, a Taliban source provided videos purportedly of fighting and the aftermath. CNN could not immediately verify the location or when the videos were filmed. On Wednesday, a Taliban leader called on Panjshiris to accept an amnesty and avoid fighting, but acknowledged that negotiations had thus far yielded no result. He said the situation "should be resolved peacefully," but did not directly address the claims of renewed fighting and casualties.  The Panjshir Valley is the epicenter of Afghan guerrilla warfare, and has long withstood foreign occupation, from the British Empire's army to Soviet forces and the Taliban. The rugged, inaccessible landscape plays a part in its defensive success, giving local forces an advantage over would-be invaders. After the USSR, which controlled Kabul and large swaths of the country in the 1980s, withdrew from Afghanistan in 1989, various factions of mujahedeen -- or Islamic holy warriors -- split into groups, fighting for control of the country. The Northern Alliance -- now a main component of the NRF -- was soon formed. Led by Ahmad Shah Massoud, the group managed to keep the Panjshir Valley free of Taliban influence. Massoud led an anti-Taliban offensive until he was assassinated by al Qaeda operatives two days before the September 11, 2001 attacks. The coalition, and the broader NRF, is now led by Massoud's son, Ahmad Massoud, who has vowed to continue the fight against the Taliban in the wake of their near takeover of Afghanistan. Massoud and the NRF are now gathering anti-Taliban forces in the Panjshir Valley, which include local resistance forces as well as remnants of the former Afghan army. People fleeing the Taliban, including the former Afghan Vice President, Amrullah Saleh, have also sought refuge in the Valley. "The Taliban have not changed, and they still are after dominance throughout the country," Massoud told CNN in an interview on Wednesday. "We are resisting dominance, intolerance, and oppression brought by one political force over the majority of the population that do not support them."

• Taliban Co-Founder Baradar to Lead New Afghanistan Government

Cybersecurity

• Hacker, Money Launderer Sentenced to Prison for Scamming Tax Preparers and COVID-19 Relief Programs

A federal judge sentenced two men to prison for a coordinated scheme to hack into tax preparation firms, steal personal information, file fraudulent unemployment claims and income tax returns and then launder the money. The fraudulent unemployment claims aimed to exploit a COVID-19 relief program that netted $280,000 in improper benefits from the state of Washington, the Justice Department announced Thursday. They also included attempts to seek $2.6 million in tax refunds. Bamidele Muraina, a Nigerian national whom DOJ said led the effort to steal identities, received five years and 10 months in prison, as well as three years of supervised release and an order to pay more than $500,000 in restitution. For leading the money laundering leg of the operation, Gabriel Kalembo received four years and two months in prison, along with two years of supervised release and an order to pay nearly $300,000. Starting at least in January of 2018 and continuing through at least April of 2020, Muraina obtained unauthorized access to tax preparation software accounts held by at least three accounting firms, in Brunswick, Georgia; Austin, Texas; and St. Augustine, Fla. Then, one week in May, Muraina submitted fraudulent unemployment claims for approximately 50 Washington residents. The two Atlanta-area men had other unknown accomplices, according to the indictment. “The COVID-19 pandemic has had a devastating effect on us all,” said Special Agent in Charge Steven Baisel, of the U.S. Secret Service Atlanta Field Office. “The enterprise created by these serial criminals further victimized our citizenry by robbing them of financial resources that were intended to help them.” The pandemic crisis opened a whole new hunting ground to hackers, one that persists today. The targets include other attempts to steal COVID-19 aid, conduct espionage on research into the disease and lure victims via phishing schemes with COVID-19 themes. Tax preparation firms also have long made an inviting target, separate from COVID-19.

• Translated Conti Ransomware Playbook Gives Insight into Attacks

Almost a month after a disgruntled Conti affiliate leaked the gang’s attack playbook, security researchers shared a translated variant that clarifies any misinterpretation caused by automated translation. Apart from providing information about the gang’s attack methods and the thoroughness of the instructions, which allow for less-skilled actors to become Conti ransomware affiliates and hit valuable targets.

• Spike in Sextortion Attacks Cost Victims $8 Million this Year

The FBI Internet Crime Complaint Center (IC3) has warned of a massive increase in sextortion complaints since the start of 2021, resulting in total financial losses of more than $8 million until the end of July. The federal agency received over 16,000 sextortion complaints until July 31, almost half of them coming from victims in the 20-39 age group. "Victims over 60 years comprised the third largest reporting age group, while victims under the age of 20 reported the fewest number of complaints," the IC3 said. Sextortion occurs when criminals threaten potential victims in person or via email, dating sites, and online chats that they will leak sensitive or private videos or photos unless a ransom is not paid. As an email scam, sextortion was first seen in July 2018, when fraudsters started emailing targets claiming that they have them recorded on video while browsing adult sites, also including the victims' passwords (leaked in data breaches) to increase credibility. Scammers behind email sextortion campaigns also distribute various strains of malware, ranging from data-stealing Trojans to ransomware. "Most victims report the initial contact with the fraudster is mutual and made using dating websites and apps. Soon after the encounter, the fraudster requests the interaction be moved from the website or app to another messaging platform," the IC3 explained. "The fraudster instigates the exchange of sexually explicit material and then encourages the victim to participate via video chat or send their own explicit photos. Immediately after the victim complies, the fraudster blackmails the victim and demands money to prevent the release of the photos or videos on social media." To make things even scarier for the victims, the crooks also often gain access to their victim's social media or contact info, threatening to send the sexual imagery they got their hands on to the victim's family and friends. Those finding themselves on the receiving end of sextortion threats are advised to immediately stop all interaction with the criminals, contact law enforcement, and file a complaint with the FBI IC3 at www.ic3.gov as soon as possible.

Related Links