The influx of Palestinian refugees into Lebanon began in 1948, following the Arab-Israeli war and the creation of Israel. An estimated 100,000 to 130,000 Palestinians initially fled to Lebanon, settling primarily in refugee camps in the south. Over the subsequent decades, this population grew, reaching between 300,000 and 400,000 by the mid-1970s.

The presence of armed Palestinian groups, particularly after the PLO's expulsion from Jordan in 1970 during Black September, significantly increased tensions in Lebanon. Palestinian militias used southern Lebanon as a base for operations against Israel, leading to frequent Israeli retaliations and contributing to destabilization. This period saw growing friction between Palestinian factions and local Lebanese groups, exacerbating the volatile political landscape.

Hezbollah emerged in 1982, during Lebanon’s civil war, in response to Israel's invasion of southern Lebanon aimed at expelling the PLO. Backed by Iran’s Revolutionary Guards, Shiite militants formed Hezbollah as an armed resistance to Israeli occupation. Hezbollah's foundation was deeply tied to Iran’s ideological and military support, particularly in Lebanon’s Shiite regions like the Bekaa Valley and southern Lebanon.

In 1985, Hezbollah issued its manifesto outlining core objectives: the expulsion of Western influences from Lebanon, the destruction of Israel, and the establishment of an Islamic state. However, the group has since evolved politically, moving away from openly calling for an Islamic state and focusing more on integrating into Lebanon’s political system while maintaining its armed resistance against Israel.

Hezbollah's Impact on Lebanon

• Political Influence: Hezbollah now holds significant political power in Lebanon. It has representatives in parliament and often exercises veto power in the government. Following the end of Lebanon’s civil war in 1990 and the Taif Agreement, Hezbollah maintained its armed wing, gaining legitimacy as both a political party and a military force.

• Military Power: Hezbollah’s military wing is considered more formidable than Lebanon’s national army. The 2006 war with Israel further bolstered Hezbollah’s reputation as a powerful non-state actor capable of standing up to Israeli military forces.

• Social Services: Hezbollah provides extensive health, education, and welfare services, especially in Shiite-majority areas such as southern Lebanon, the Bekaa Valley, and parts of Beirut. This network has earned the group significant grassroots support.

• Economic Influence: Hezbollah runs a broad network of businesses, financial institutions, and charity organizations, some of which have faced international sanctions due to alleged connections to illicit activities and terrorism.

• Foreign Relations: Hezbollah’s deep ties to Iran and its involvement in regional conflicts, particularly in Syria, where it has supported the Assad regime, have influenced Lebanon’s foreign relations. The group’s role in the Syrian civil war has drawn both praise from its supporters and criticism from opponents, as it deepened Lebanon's entanglement in regional conflicts.

Regional Dynamics and the Syrian Occupation

From 1976 to 2005, Syria maintained a military presence in Lebanon, ostensibly to stabilize the country during and after its civil war. However, Syria’s involvement gave it significant political control over Lebanon, a situation Hezbollah navigated carefully. Hezbollah and Syria maintained a strategic alliance, particularly regarding resistance against Israel. The withdrawal of Syrian forces in 2005, following the Cedar Revolution, shifted the balance of power in Lebanon, further solidifying Hezbollah’s role as a dominant political and military force.

Hezbollah’s involvement in the Syrian civil war (2011–present) on behalf of the Assad regime has had profound implications for Lebanon’s internal and external dynamics. While this intervention reinforced Hezbollah’s ties to Syria and Iran, it also polarized Lebanon’s sectarian divide and complicated the country’s position in the broader Middle Eastern geopolitical landscape.

Conclusion

The arrival of Palestinian refugees and the rise of Hezbollah have profoundly shaped Lebanon’s modern history. While Hezbollah is viewed by its supporters as a legitimate resistance movement and vital service provider, its critics argue that it undermines Lebanese sovereignty and stability. Its continued involvement in regional conflicts and its powerful military presence make Hezbollah a contentious force in Lebanon’s future, with its role in the country’s politics and society remaining a deeply divisive issue.

As Turkey’s digital infrastructure expands, so too does its exposure to cyber threats. Recent insights from top cybersecurity firms have highlighted Advanced Persistent Threat (APT) groups with suspected links to Turkey. In this article, we explore the key players, their methods, and the broader implications for global cybersecurity.

Sea Turtle: A Growing Concern

One of the most significant Turkey-linked APT groups is Sea Turtle, also known as Teal Kurma or Marbled Dust. Active since at least 2017, Sea Turtle has primarily targeted organizations in Europe and the Middle East.

Main Targets:

• Government agencies
• Kurdish political groups
• Telecommunications companies
• Internet Service Providers (ISPs)
• IT service providers
• Non-Governmental Organizations (NGOs)
• Media and entertainment sectors

Tactics and Techniques:

• DNS hijacking (2017-2019)
• Supply chain and island-hopping attacks
• Use of a reverse TCP shell named SnappyTCP for Linux/Unix systems
• Compromising cPanel accounts
• SSH for initial access

Sea Turtle’s operations seem to align with Turkey’s strategic goals, focusing on intelligence gathering related to specific groups and individuals.

StrongPity: A Persistent Threat

Another prominent Turkey-linked APT group is StrongPity, also known as Promethium. Active since at least 2012, StrongPity has largely focused on Turkey and its neighbouring regions.

Main Targets:

• Users in Turkey, Syria, and nearby countries
• Government entities
• Telecommunications sector
• Military and defence organizations
• Individuals interested in encryption tools

Tactics and Techniques:

• Watering hole attacks as a key infection method
• Trojanized versions of legitimate software installers
• Spear-phishing campaigns
• Exploitation of vulnerable web servers
• Deployment of custom backdoors and spyware
• Compromised routers for botnet creation
• Mobile malware campaigns targeting Android users

StrongPity’s operations suggest a focus on surveillance and intelligence gathering, potentially serving Turkey’s geopolitical interests.

Evolving Tactics

Turkish APT groups have increasingly adopted more sophisticated attack methods:

1. Improved Evasion: Groups like Sea Turtle have enhanced their ability to avoid detection, using defence evasion techniques to stay under the radar.
2. Strategic Web Compromises: Employed to passively exploit targets, including intercepting web traffic to victim websites.
3. Phishing Campaigns: Tapping into geopolitical events and themes relevant to Turkey, such as natural disasters or political tensions.
4. Service Provider Exploitation: Gaining access to networks through managed service providers and IT companies.
5. Mobile Malware: Expanding operations to target Android users with trojanized apps, as observed with StrongPity.
6. DNS Hijacking: Sea Turtle was particularly known for this technique between 2017-2019, though they have since broadened their methods.

The Geopolitical Angle

The activities of these APT groups often reflect broader geopolitical tensions:

• Targeting Kurdish websites and political groups aligns with Turkey’s domestic and regional policies.
• Focusing on European political entities, especially during periods of regional strain.
• Surveillance operations in Turkey and Syria suggest priorities in domestic and regional intelligence gathering.
• The groups’ activities often align with Turkey’s strategic interests in the Middle East and Europe.
• Increased cyber activities have coincided with times of diplomatic tension between Turkey and other nations.

Implications for Cybersecurity

The emergence of Turkey-linked APT groups underscores the evolving nature of cyber threats:

1. Expanding Threat Landscape: As more countries develop cyber capabilities, organizations must adapt their defences.
2. Supply Chain Vulnerabilities: Targeting of service providers highlights the need for robust supply chain security measures.
3. Geopolitical Awareness: Understanding regional tensions can help predict and prepare for potential cyber threats.
4. Mobile Security: The expansion into mobile platforms highlights the need for comprehensive mobile device security.

Protective Measures

To counter these and other APT threats, organizations should:

• Implement strong DNS security measures to prevent hijacking
• Regularly update and patch systems to close known vulnerabilities
• Use multi-factor authentication across all critical systems
• Provide ongoing security awareness training, especially about phishing and social engineering
• Monitor for suspicious activities, especially those linked to known APT tactics
• Be cautious when downloading software, especially from untrusted sources
• Implement robust mobile device management and security policies
• Deploy comprehensive endpoint protection solutions that leverage AI and machine learning
• Use network segmentation to limit lateral movement within compromised networks
• Employ continuous network monitoring and threat hunting to detect stealthy intrusions

As Turkey’s cyber capabilities continue to evolve, staying informed about these threat actors and their methods is crucial. By remaining vigilant and adopting comprehensive security measures, organizations can better protect themselves against the growing threat of state-sponsored cyberattacks, including those from emerging actors like Turkey-linked APT groups.

Advanced Persistent Threat (APT) groups linked to Russia remain a significant cybersecurity challenge worldwide. For those of us in cybersecurity leadership, it's essential to understand these actors and the evolving tactics they employ. This article highlights key Russian APT groups, their techniques, and their targets, drawing on research from leading threat intelligence firms.

Key Russian APT Groups

• APT28 (Fancy Bear): Tied to Russia's GRU military intelligence, APT28 has been active since at least 2004. This group is known for targeting government, military, and international organizations, with a high-profile attack being the 2016 Democratic National Committee hack. Their use of sophisticated malware suites like CHOPSTICK and X-Agent demonstrates their advanced capabilities.

• APT29 (Cozy Bear): Linked to Russia's Foreign Intelligence Service (SVR), APT29 focuses on espionage against governments and research institutions. They gained widespread attention following the SolarWinds supply chain attack in 2020, which compromised numerous organizations globally. Their hallmark is stealth, often using custom malware like SUNBURST and TEARDROP.

• Sandworm Team: Another GRU-linked group, Sandworm is notorious for its destructive attacks on critical infrastructure. Their assaults on Ukraine's power grid in 2015 and 2016, and the global NotPetya malware outbreak in 2017, underline their focus on industrial control systems (ICS) and operational technology (OT) environments.

• Turla (Venomous Bear): Active since at least 2004, Turla is known for its sophisticated targeting of government, military, and academic organizations worldwide. They are recognized for their complex malware ecosystems and innovative techniques, such as hijacking satellite internet connections for command and control.

Common Tactics and Techniques

Russian APTs are characterized by their advanced capabilities, including:

• Spear-phishing campaigns with malware-laden attachments: These groups often employ highly targeted emails with malicious documents or links to compromise victims. APT28, for example, has used NATO-themed lures to target defence and government entities.

• Exploitation of zero-day vulnerabilities: Russian APTs are adept at leveraging previously unknown software flaws. APT28 has, on multiple occasions, exploited zero-days in Microsoft Windows and Adobe Flash Player.

• Living-off-the-land techniques to evade detection: Increasingly, these groups use legitimate system tools and processes to blend in with regular activity. Turla’s use of PowerShell scripts and Windows Management Instrumentation (WMI) for persistence and lateral movement is a prime example.

• Custom malware development and deployment: Each group typically maintains its own set of sophisticated malware tools. APT29's modular backdoor, WellMess, showcases their custom development capabilities.

• Supply chain attacks: APT29's SolarWinds campaign highlighted the effectiveness of compromising trusted software providers for widespread infiltration.

Primary Targets

While tactics may differ, Russian APTs commonly target:

• Government and military organizations
• Critical infrastructure sectors (e.g., energy, finance, telecommunications)
• Research institutions and universities
• International organizations (e.g., NATO, EU institutions)
• Entities in countries of geopolitical interest to Russia

Motivations and Support

Russian APT groups are generally state-sponsored, with objectives aligned with Russian national interests. Their aims include:

• Intelligence gathering and espionage
• Intellectual property theft
• Disruption of adversary capabilities
• Conducting information operations and disinformation campaigns

State sponsorship provides them with significant resources for developing sophisticated tools and carrying out prolonged campaigns.

The Evolving Threat Landscape

Recent trends observed by researchers indicate:

• Increased collaboration between APT groups and cybercriminals: There's growing evidence of information sharing and tool exchange between state-sponsored groups and cybercrime syndicates. For instance, some APT29 tools have been found in the hands of ransomware groups.

• Adoption of new technologies like AI for more effective social engineering: Russian APTs are leveraging machine learning to enhance their phishing lures, making them more convincing and harder to detect.

• Expansion of supply chain attack methodologies: Following the SolarWinds campaign, other Russian APTs are exploring similar tactics, with an increased focus on compromising managed service providers (MSPs) and software development tools.

• Greater emphasis on operational technology (OT) environments: Groups like Sandworm are increasingly targeting industrial control systems and critical infrastructure, posing risks to physical systems beyond traditional IT networks.

As these threat actors continue to evolve, organizations must stay vigilant and adapt their defences accordingly. Regular threat intelligence updates, robust security controls, and comprehensive incident response planning are essential to defending against these sophisticated adversaries.

In today's rapidly changing cybersecurity landscape, staying ahead of emerging threats is essential for any Chief Information Security Officer (CISO). One area of increasing concern is the rise of Advanced Persistent Threat (APT) groups originating from Southeast Asia. Here's a closer look at these sophisticated threat actors and the challenges they pose.

Historical Background

APT groups have been a global concern for decades, but in recent years, those based in Southeast Asia have become more prominent. The region's rapid digital growth, coupled with geopolitical tensions, has provided fertile ground for cyber espionage and state-sponsored hacking activities.

Key Active Groups

Several APT groups are currently making waves in Southeast Asia, including:

• APT32 (OceanLotus):

  • Believed to be of Vietnamese origin and active since at least 2012.
  • Targets include journalists, dissidents, large private enterprises, and government bodies.
  • Operates mainly in Vietnam, the Philippines, Cambodia, and Laos.
  • Utilizes a mix of custom malware tools and commercially available devices.
  • Focuses on foreign corporations in sectors like manufacturing, hospitality, and consumer products.

• APT40 (Leviathan):

  • Thought to be Chinese-sponsored, targeting Southeast Asian maritime interests.
  • Also known by names such as BRONZE MOHAWK, GADOLINIUM, and Kryptonite Panda.
  • Active since at least 2009, targeting government organizations, companies, and universities involved in biomedical, robotics, and maritime research.
  • Operates under the Hainan State Security Department, a branch of the Chinese Ministry of State Security.

• APT41 (Winnti):

  • A dual-purpose group involved in both espionage and cybercrime, active since at least 2012.
  • Linked to Chinese state-sponsored activities and targets a wide range of industries globally.
  • Noted for its sophisticated supply chain attacks and use of custom malware.

Techniques and Tactics

Southeast Asian APT groups are known for employing a range of sophisticated tactics, including:

1. Spear-phishing with elaborate fake personas:

   • Creating convincing fake identities supported by extensive digital footprints.
   • Utilizing AI-generated content in phishing campaigns, particularly by APT41.

2. Exploitation of VPN vulnerabilities:

   • Quickly exploiting newly discovered VPN flaws, targeting popular solutions such as Fortinet, Palo Alto Networks, and Pulse Secure.

3. Supply chain attacks:

   • Compromising software supply chains to gain widespread access, with APT41 known for inserting malicious code into software updates.

4. Custom malware:

   • Developing and deploying sophisticated tools like CROSSWALK (APT41) and using commercially available tools like Cobalt Strike's Beacon.

5. Cloud environment exploitation:

   • Leveraging misconfigurations in cloud services and using compromised credentials for lateral movement.

6. Living off the land techniques:

   • Using legitimate system tools and processes for malicious purposes, such as PowerShell scripts and Windows Management Instrumentation (WMI).

7. Zero-day vulnerability exploitation:

   • Discovering and exploiting previously unknown vulnerabilities, often chaining multiple zero-days in sophisticated attack sequences.

8. DNS tunnelling:

   • Establishing covert command-and-control channels through DNS queries.

9. Credential harvesting:

   • Conducting large-scale operations targeting specific industries or regions.

10. Use of legitimate cloud services:

    • Leveraging popular platforms for data exfiltration and command-and-control operations.

Primary Targets

These groups focus mainly on:

• Government agencies
• Defence and aerospace sectors
• Maritime and energy industries
• Telecommunications companies
• High-tech firms
• Academic institutions
• Biomedical and robotics research organizations

Motivations

The primary drivers behind these APT groups include:

1. Cyber espionage
2. Intellectual property theft
3. Geopolitical intelligence gathering
4. Financial gain (in some cases)

State Sponsorship

Many of these groups are believed to operate with state backing, providing them with the resources, protection, and strategic direction they need. For example, APT40 is reportedly linked to the Chinese Ministry of State Security. However, attributing specific attacks to nations remains a complex challenge.

Recent Trends

1. Focus on critical infrastructure:

   • Increased targeting of industrial control systems and SCADA networks, with APT41 compromising a European power plant's control systems.

2. Ransomware collaborations:

   • A growing trend of cooperation between APT groups and ransomware operators, blurring the lines between state-sponsored and financially motivated attacks.

3. Cloud-based attacks:

   • A 75% increase in cloud environment intrusions has been reported, with APT groups successfully compromising major cloud service providers.

4. AI and machine learning integration:

   • Use of AI-generated content in phishing campaigns and leveraging machine learning for automated high-value target identification.

5. Geographic expansion:

   • APT40 has been linked to attacks on government institutions in Africa and the Middle East, with increased activity observed in sectors related to China's Belt and Road Initiative.

6. Disinformation campaigns:

   • Coordinated efforts to amplify divisive content and undermine trust in electoral processes, using social media platforms and fake news sites for influence operations.

7. Supply chain attacks:

   • APT41 compromised popular network management software used by Fortune 500 companies, with increasing sophistication in compromising software development and distribution channels.

8. Zero-day exploitation:

   • APT groups are leveraging previously unknown vulnerabilities in widely-used software, rapidly weaponizing newly disclosed vulnerabilities.

Cybersecurity Implications

To counter these evolving threats, organizations must:

1. Implement robust identity and access management practices.
2. Enhance cloud security measures.
3. Conduct regular security awareness training.
4. Maintain up-to-date patch management.
5. Deploy advanced threat detection and response capabilities.
6. Develop and test comprehensive incident response plans.
7. Implement zero-trust architecture.
8. Engage in threat intelligence sharing.

The sophistication of Southeast Asian APT groups highlights the need for a proactive, intelligence-driven approach to cybersecurity. As these threats continue to evolve, staying informed and adaptable is crucial for maintaining strong defences. Organizations across all sectors must remain vigilant and continuously update their security strategies to effectively combat these persistent and advanced cyber threats.

In today’s rapidly changing cybersecurity landscape, staying on top of emerging threats is essential for any CISO. Among the most concerning are the increasingly sophisticated and far-reaching activities of Iranian state-sponsored Advanced Persistent Threat (APT) groups. Let’s delve into the latest developments and what they mean for global cybersecurity.

The Evolution of Iranian Cyber Capabilities

Iran’s cyber capabilities have come a long way since the early 2000s. The 2009 Green Movement protests and the 2010 Stuxnet attack on Iran’s nuclear facilities were turning points, spurring the rapid development of offensive cyber tools. The creation of the Supreme Council of Cyberspace in 2012 underscored Iran’s commitment to becoming a cyber power.

Key Iranian APT Groups

Several Iranian APT groups are currently active, each with distinct characteristics and focus areas:

• APT33 (Elfin, Refined Kitten):

  • Active since at least 2013
  • Focus: aerospace and energy sectors
  • Known for using DROPSHOT malware (aka Stonedrill)
  • Increasing focus on industrial control systems (ICS) within critical infrastructure
  • Involved in destructive attacks using wiper malware
  • Utilizes custom tools like the TURNEDUP backdoor and NANOCORE RAT

• APT34 (OilRig, Helix Kitten):

  • Primarily targets the Middle East, particularly financial and government sectors
  • Active since at least 2014
  • Uses the HELMINTH backdoor and QUADAGENT malware
  • Often employs DNS tunneling for command and control
  • Targeted critical infrastructure, including ICS
  • Associated with DUSTMAN wiper malware

• APT35 (Charming Kitten, Phosphorus):

  • Focuses on dissidents, academics, and media organizations
  • Noted for sophisticated social engineering techniques
  • Deploys custom malware like PAWLPS and NURASM
  • Has conducted widespread phishing campaigns against politicians and election officials
  • Linked to attempts to interfere in U.S. elections
  • Known for impersonating journalists and academics to gain the trust of targets

• APT39 (Chafer):

  • Specializes in personal information theft, particularly in the telecommunications sector
  • Active since at least 2014
  • Focuses on travel and telecommunications industries
  • Uses custom malware such as SEAWEED and CACHEMONEY
  • Has targeted airline passenger data and telecommunications metadata
  • Conducts operations across the Middle East and North Africa

• APT42 (CHRYSOLITE):

  • A newer group focused on long-term intelligence gathering
  • Targets include foreign policy officials, journalists, and Iranian dissidents
  • Known for the VIBRATE backdoor and use of CHISEL
  • Engages in highly targeted spear-phishing campaigns
  • Deploys mobile malware for surveillance purposes
  • Adapts quickly to Iran’s shifting priorities

The addition of 34 new threat actors to CrowdStrike's tracking list in 2023 highlights the expanding scope of the Iranian cyber threat landscape.

Tactics, Techniques, and Procedures (TTPs)

Iranian APTs employ a variety of advanced tactics and techniques:

1. Spear-phishing with fake personas: Crafting convincing fake identities with detailed digital footprints.
2. Exploiting VPN vulnerabilities: Quickly taking advantage of newly disclosed VPN vulnerabilities.
3. Supply chain attacks: Compromising technology providers to infiltrate multiple organizations simultaneously.
4. Custom malware: Developing and deploying sophisticated tools like NICECURL and TAMECAT.
5. Exploiting cloud environments: Taking advantage of cloud misconfigurations and compromised credentials.
6. Destructive attacks: Using wiper malware designed to erase data and disrupt operations.
7. Living off the land techniques: Utilizing legitimate system tools for malicious purposes to avoid detection.
8. Zero-day exploitation: Discovering and exploiting previously unknown vulnerabilities.
9. DNS tunnelling: Setting up covert command and control channels via DNS queries.
10. Credential harvesting: Running large-scale campaigns to steal login credentials.

Targets

These groups have a wide range of targets:

• Government agencies
• Defence and aerospace sectors
• Energy and utilities
• Financial institutions
• Media organizations
• Academic institutions
• Healthcare and pharmaceutical companies
• Activists and dissidents

Motivations

Iranian cyber operations serve various purposes:

1. Gathering intelligence
2. Stealing intellectual property
3. Disrupting critical infrastructure
4. Monitoring regime opponents
5. Gaining financially through ransomware collaborations
6. Projecting geopolitical influence
7. Retaliating against perceived threats

State Sponsorship

Many of these groups operate under the auspices of the Islamic Revolutionary Guard Corps (IRGC) Intelligence Organization, which provides them with resources, protection, and strategic direction.

Recent Developments

1. Focus on critical infrastructure: APT33 recently compromised the control systems of a European power plant.
2. Ransomware collaborations: APT42 provided initial access to a U.S. healthcare provider, which was later exploited by the BlackCat ransomware group.
3. Cloud-based attacks: APT35 breached a major cloud email provider, accessing thousands of user accounts.
4. AI and machine learning: APT42 has been using AI-generated content in phishing campaigns.
5. Geographic expansion: APT39 has been linked to attacks on African government institutions.
6. Disinformation campaigns: Coordinated efforts to undermine trust in the 2024 U.S. electoral process have been observed.
7. Supply chain attacks: APT33 compromised widely-used network management software deployed by Fortune 500 companies.
8. Zero-day exploitation: APT35 exploited a previously unknown VPN vulnerability affecting thousands of organizations.

Implications for Cybersecurity

To counter these evolving threats, organizations must:

1. Implement robust identity and access management protocols
2. Strengthen cloud security measures
3. Conduct regular security awareness training
4. Keep patch management up to date
5. Deploy advanced threat detection and response capabilities
6. Develop and test comprehensive incident response plans
7. Engage in threat intelligence sharing
8. Implement zero trust architecture

The growing sophistication of Iranian APT groups underscores the importance of a proactive, intelligence-driven approach to cybersecurity. As these threats continue to evolve, staying informed and adaptable is key to maintaining strong defences.

Armenia holds a unique position in Christian history as the first nation to officially adopt Christianity as its state religion. This historic event took place in the early 4th century, traditionally dated to 301 CE, during the reign of King Tiridates III. The adoption of Christianity has profoundly influenced Armenian identity and culture for nearly two millennia.

Armenians in Jerusalem: A Centuries-Old Presence

The Armenian presence in Jerusalem dates back to the 4th century CE, shortly after Armenia’s conversion to Christianity. Armenian monks began settling in the Holy City, establishing a community that would grow into one of the oldest and most significant Armenian diaspora populations.

The Armenian Quarter

Today, the Armenian Quarter occupies roughly one-sixth of Jerusalem’s Old City. It is home to St. James Cathedral, the seat of the Armenian Patriarchate of Jerusalem, alongside many other religious and cultural institutions. The Armenian Patriarchate is also one of the custodians of the Church of the Holy Sepulchre, a responsibility shared with the Greek Orthodox and Roman Catholic authorities.

Guardians of Holy Sites

The Armenian Church maintains a strong presence at several of Christianity’s most sacred sites in the region, including:

• The Church of the Nativity in Bethlehem
• The Church of the Holy Sepulchre in Jerusalem
• The Tomb of the Virgin Mary

At these locations, Armenian clergy actively participate in daily rituals and the upkeep of the sites, preserving ancient traditions and ensuring the ongoing Armenian presence.

Preservers of Ancient Texts

One of the most significant contributions of Armenian Christians is their role in preserving ancient texts. After the creation of the Armenian alphabet in 405 CE by Mesrop Mashtots, extensive efforts were made to translate both religious and secular works into Armenian.

Many early Christian writings were translated, and in some instances, the Armenian translations are the only surviving copies of texts whose originals have been lost. These include:

• Biblical commentaries
• Writings of the Church Fathers
• Liturgical texts

The library of the Armenian Patriarchate in Jerusalem houses many of these invaluable manuscripts, safeguarding them for future generations and providing access to scholars.

The Armenian Apostolic Church: A Distinct Christian Tradition

The Armenian Apostolic Church belongs to the family of Oriental Orthodox churches, which includes the Coptic, Ethiopian, and Syriac churches. While sharing many similarities with Eastern Orthodox and Roman Catholic traditions, the Armenian Church has several distinct features:

Christology

The Armenian Church follows miaphysitism, holding that Christ has one unified nature, both divine and human. This differs from the dyophysite doctrine of Catholic, Eastern Orthodox, and Protestant churches, which teaches that Christ has two separate natures: divine and human.

Liturgical Practices

The Armenian Church has unique liturgical practices, including:

• The use of unleavened bread and unmixed wine in the Eucharist
• Celebrating Christmas and Epiphany together on January 6th
• A distinctive Armenian liturgy and musical tradition

Church Leadership

The Armenian Church is led by two Catholicoi: the Supreme Patriarch and Catholicos of All Armenians, based in Etchmiadzin, Armenia, and the Catholicos of the Great House of Cilicia, headquartered in Antelias, Lebanon.

Challenges and Preservation Efforts

Despite its rich history, the Armenian community in Jerusalem faces numerous challenges. The population has declined sharply over the past century, from more than 10,000 during the British Mandate period to fewer than 1,000 today. Economic hardship, political tensions, and issues related to citizenship and housing have all contributed to this decline.

However, efforts to preserve this ancient community and its cultural heritage continue. Digitization projects are underway to safeguard ancient manuscripts, cultural programs aim to maintain Armenian traditions, and advocacy is ongoing to support the rights and needs of the Armenian community in Jerusalem.

1. Communication Skills

Effective communication is at the heart of any successful change management effort. It’s not just about sharing information; it’s about fostering understanding, building trust, and motivating action.

Key elements of communication in change management:

• Clarity and Consistency: Messages should be clear, concise, and consistent across all platforms.
• Two-Way Communication: Encourage feedback and open dialogue, rather than just top-down messaging.
• Tailored Messaging: Adapt your communication style and content to suit different audiences within the organization.
• Storytelling: Use narratives to illustrate the need for change and to paint a picture of the desired future.
• Transparency: Be honest about challenges and uncertainties, while maintaining a positive outlook.

Practical tips for improving communication:

• Create a comprehensive communication plan outlining key messages, timelines, and channels.
• Use a variety of communication methods (e.g., meetings, emails, intranet, videos) to reach all employees.
• Practise active listening to understand concerns and gather valuable input.
• Provide regular updates on progress and celebrate small wins along the way.

Summary: Effective communication in change management involves delivering clear, consistent, and tailored messages across multiple channels. It should be a two-way process that fosters dialogue and feedback, using storytelling to create emotional connections and transparency to build trust.

2. Leadership Skills

Leadership in change management goes beyond the traditional management roles. It requires inspiring and guiding others through uncertainty and transformation.

Key leadership skills for change management:

• Visionary Thinking: The ability to create and communicate a compelling vision for the future.
• Emotional Intelligence: Understanding and managing your own emotions and those of others during times of change.
• Adaptability: Flexibility to adjust strategies as needed, based on feedback and changing circumstances.
• Resilience: Maintaining composure and perseverance in the face of setbacks.
• Empowerment: Delegating responsibilities and trusting team members to contribute to the change effort.

Developing leadership skills:

• Seek mentorship from experienced change leaders.
• Engage in self-reflection to understand your leadership style and identify areas for improvement.
• Participate in leadership training programs focused on change management.
• Take on challenging projects that push you out of your comfort zone.

Summary: Effective change leadership combines visionary thinking with emotional intelligence, adaptability, and resilience. Leaders must inspire and empower others while remaining flexible and composed throughout the change process.

3. Problem-Solving Skills

Change often brings unexpected challenges, making strong problem-solving skills essential for change managers.

Key components of problem-solving in change management:

• Analytical Thinking: The ability to break down complex issues into manageable parts.
• Creative Thinking: Generating innovative solutions to overcome obstacles.
• Decision-Making: Evaluating options and making timely decisions.
• Risk Assessment: Identifying potential risks and developing strategies to mitigate them.
• Continuous Improvement: Regularly evaluating and refining approaches based on outcomes.

Enhancing problem-solving skills:

• Practise using various problem-solving frameworks (e.g., PDCA cycle, Six Sigma).
• Encourage diverse perspectives when tackling challenges.
• Foster a culture of experimentation and learning from failures.
• Use data and analytics to inform decision-making.

Summary: Effective problem-solving in change management combines analytical and creative thinking with solid decision-making and risk assessment. It involves a continuous improvement mindset and the ability to adapt solutions as needed.

4. Stakeholder Management Skills

Successfully managing diverse stakeholder interests is crucial for implementing change effectively.

Key aspects of stakeholder management:

• Stakeholder Identification: Recognizing all groups and individuals affected by the change.
• Interest Mapping: Understanding the needs, concerns, and influence of each stakeholder group.
• Engagement Strategies: Developing tailored approaches to involve and communicate with different stakeholders.
• Conflict Resolution: Addressing and resolving conflicts between stakeholder groups.
• Building Coalitions: Creating alliances to support and drive the change initiative.

Improving stakeholder management skills:

• Conduct thorough stakeholder analyses at the outset of change initiatives.
• Develop and maintain a stakeholder engagement plan throughout the change process.
• Practise active listening and empathy to understand stakeholder perspectives.
• Regularly reassess stakeholder positions and adjust strategies accordingly.

Summary: Effective stakeholder management involves identifying and understanding all affected parties, developing tailored engagement strategies, and building coalitions to support change. It requires strong interpersonal skills and the ability to balance diverse interests.

5. Organizational Awareness

A deep understanding of organizational dynamics is essential for navigating change successfully.

Key elements of organizational awareness:

• Cultural Understanding: Recognizing the organization’s values, norms, and unwritten rules.
• Power Dynamics: Identifying formal and informal power structures within the organization.
• Historical Context: Understanding past change initiatives and their outcomes.
• Cross-Functional Knowledge: Understanding how different departments and processes interact.
• External Environment: Being aware of industry trends and external factors affecting the organization.

Developing organizational awareness:

• Engage in cross-functional projects to gain broader organizational exposure.
• Study the organization’s history, including past successes and failures.
• Build relationships across different levels and departments of the organization.
• Stay informed about industry trends and the competitive landscape.

Summary: Organizational awareness involves a comprehensive understanding of the company’s culture, power dynamics, history, and external environment. This understanding enables change managers to navigate complex organizational landscapes and tailor change strategies to the specific context.

Saffron Rose, also known as Ajax Security Team, Flying Kitten, or APT35, is an Iranian state-sponsored Advanced Persistent Threat (APT) group. Since at least 2010, Saffron Rose has made its mark with website defacements under the name AjaxTM before transitioning into more sophisticated cyber espionage operations. By 2013-2014, the group had fully evolved into a major player in Iran's growing cyber landscape, conducting complex malware-based attacks aligned with Iranian national interests.

Activities and Targets

Saffron Rose has been involved in numerous cyber espionage campaigns, focusing on a wide array of targets, including:

• U.S. defence contractors and companies within the defence industrial base
• Iranian users of anti-censorship tools
• Military and government entities in the U.S. and Middle Eastern countries
• Media organizations
• Energy and telecommunications sectors
• Iranian dissidents and activists

The group's ability to target diverse sectors highlights its alignment with broader Iranian geopolitical interests and its focus on gathering intelligence related to both domestic and international concerns.

Methods and Tools

Saffron Rose employs a variety of sophisticated attack vectors, including:

• Social Engineering: The group is adept at using spear-phishing emails, social media messages, and fake login pages to deceive and compromise victims. These methods often lure high-profile individuals into revealing sensitive information.

• Malware: Over time, Saffron Rose has developed a custom suite of malware, including:

  • PowerLess: A sophisticated malware tool designed for long-term espionage.
  • HAVIJ: A custom SQL injection tool.
  • Stealer: Custom malware used for credential theft.

• Ransomware: The group has also been linked to ransomware campaigns, leveraging strains such as Momento and Bitlocker to disrupt and extort their targets.

• Additional Techniques: Saffron Rose uses a variety of other tools and methods to infiltrate and maintain access to targeted systems, including:

  • Defeating two-factor authentication
  • Keylogging
  • Exploiting vulnerabilities in Microsoft Office
  • IP logging
  • Using tools like Mimikatz for credential harvesting

Command-and-Control Infrastructure

Saffron Rose's command-and-control (C2) infrastructure is a sophisticated network of distinct but interconnected clusters. The group has been known to use domains that mimic legitimate services from trusted companies like Google, Facebook, Yahoo, and LinkedIn, further enhancing their phishing operations and enabling them to infiltrate sensitive networks.

Evolution and Significance

The rise of Saffron Rose marks a significant step in the evolution of Iran's cyber capabilities. What began as a relatively unsophisticated website defacement group has evolved into a formidable APT player. The shift towards cyber espionage mirrors Iran's broader response to increased cyber operations targeting the country, such as the infamous Stuxnet attack. This evolution reflects the growing importance of cyber operations as a tool for statecraft in the region.

Attribution and Connections

While definitive proof linking Saffron Rose to the Iranian government remains elusive, the group's operations closely align with the strategic goals of the Iranian state. Saffron Rose is considered part of a larger ecosystem of Iranian APT groups, including APT33, APT34, and APT39. Each of these groups operates in coordination with state interests, targeting different sectors and regions, reflecting a broader, more complex Iranian cyber strategy.

Recent Activities

As of 2022, Saffron Rose remains an active threat, continuously refining its tactics and expanding its reach. The group has shown a particular interest in high-profile individuals and organizations with ties to Middle Eastern geopolitics, indicating an ongoing focus on espionage and intelligence gathering.

The Armenians are an ancient people with a deep cultural heritage that dates back thousands of years. They are indigenous to the Armenian Highlands, a region that includes modern-day Armenia and parts of neighbouring countries. From their language to their traditions, Armenians have made their mark on world history, shaping a distinctive identity that endures to this day.

A Rich History

The history of Armenians stretches back over 4,000 years, tracing its roots to Indo-European tribes who settled in the region. The earliest mention of Armenia in historical records can be found in a Persian inscription from 520 BC. This long and storied past is a testament to the resilience and adaptability of the Armenian people.

Language and Faith

The Armenian language, a branch of the Indo-European family, has its own unique alphabet, created in 405 AD by the scholar Mesrop Mashtots. This innovation played a crucial role in preserving Armenian culture and fostering a strong sense of national identity.

Mongolia 44 (มองโกเลีย๔๔), CC BY-SA 4.0 <https: data-preserve-html-node="true"//creativecommons.org/licenses/by-sa/4.0>, via Wikimedia Commons

Armenia was also the first country in the world to officially adopt Christianity as its state religion in 301 AD. Today, most Armenians belong to the Armenian Apostolic Church, one of the oldest Christian institutions still in existence.

Cultural Treasures

Armenian culture is renowned for its contributions to literature, music, and architecture. Their ancient churches and intricately carved stone crosses, known as khachkars, are iconic symbols of Armenian craftsmanship and spirituality.

The Armenian Genocide of 1915-1917 led to the creation of a widespread diaspora, with Armenian communities now thriving in countries across the globe. While the Republic of Armenia is home to roughly 3 million people, an estimated 8 to 10 million Armenians live abroad, contributing to the global fabric of science, art, and technology.

The Modern Republic

After gaining independence from the Soviet Union in 1991, the Republic of Armenia has faced its share of challenges, including ongoing tensions with neighbouring Azerbaijan. Despite these obstacles, Armenia continues to preserve its cultural heritage while building a modern nation.

From chess masters to technologists, Armenians have made notable contributions to global culture and innovation. Their ability to maintain a unique identity while adapting to the changing world stands as a testament to their resilience.

Armenians remain a culturally rich and vibrant people, playing an essential role on the world stage as they continue to honour their past while looking toward the future.

As security professionals, it's vital to understand the encryption protocols used in widely adopted messaging platforms. With Telegram's growing popularity, it's important to explore the custom encryption protocol it uses—MTProto—to secure communications. Let's take a deep dive into the technical aspects of MTProto and what it means for messaging security.

What is MTProto?

MTProto is Telegram's unique encryption protocol, currently in its 2.0 version. This protocol is designed to secure communications between clients and servers, replacing the industry-standard TLS protocol. However, it's worth noting that end-to-end encryption based on MTProto is optional on Telegram and, by default, isn’t available for group chats.

How MTProto Works

MTProto 2.0 leverages the following cryptographic methods:

• 256-bit symmetric AES encryption
• 2048-bit RSA encryption
• Diffie-Hellman key exchange

Each message sent through MTProto involves a 64-bit key identifier (auth_key_id) and a 128-bit message key (msg_key). These elements, combined with the authorization key, create a 256-bit AES key and an initialization vector, used for encrypting messages in IGE (Infinite Garble Extension) mode.

Security Aspects to Consider

Formal Verification: In 2020, researchers from the University of Udine formally verified MTProto 2.0 using ProVerif, a symbolic Dolev-Yao model verifier. Their study confirmed the protocol's effectiveness in providing authentication, integrity, confidentiality, and perfect forward secrecy.

Trust in Servers: Despite this formal verification, the researchers advised caution, noting that Telegram servers shouldn’t be fully trusted since they manage both plaintext and ciphertext communications.

Man-in-the-Middle Risk: A potential vulnerability exists if users don’t verify the fingerprints of their shared keys, which could open the door to man-in-the-middle attacks.

Cryptographic Foundation: MTProto relies on cryptographic primitives that require unique security considerations, which haven’t been extensively studied. This sets it apart from more established protocols like TLS.

Implementation Complexities: The complexity of MTProto might lead to errors in third-party clients, potentially compromising security.

Insights from Experts

Cryptography experts have raised concerns about certain aspects of Telegram’s security model, including:

• The default storage of contacts, messages, and media, along with decryption keys, on Telegram servers.
• The absence of default end-to-end encryption for all messages.
• The use of a custom-designed encryption protocol instead of relying on well-established standards.

Conclusion: Choosing Secure Communication Tools

For activists, journalists, and others whose safety relies on secure communications, there are more robust options available than Telegram’s MTProto protocol:

Signal is often considered the gold standard for secure messaging. It uses open-source, end-to-end encryption for all communications by default, collects minimal user data, and has been thoroughly vetted by cryptography experts. Signal is free, easy to use, and available across all major platforms.

Threema offers a high level of security and anonymity. It doesn’t require a phone number or email for registration, uses end-to-end encryption for all communications, and stores minimal data on its servers. While it has a one-time cost, this supports a sustainable business model without relying on user data.

While these tools provide strong security, they should be used alongside other best practices:

• Use a reputable VPN to mask your IP address and location.
• Regularly update all software and apps to ensure you have the latest security patches.
• Use strong, unique passwords and enable two-factor authentication where possible.
• Stay aware of potential physical security risks and practise good operational security.

Finally, staying informed about digital security best practices is essential. Organizations like the Electronic Frontier Foundation (EFF) offer resources and guides to help high-risk users protect themselves online.

Remember, no tool is entirely foolproof, and your choice of communication tool should align with your specific threat model and needs. Regularly reassess your security practices and stay up to date with the latest developments in digital security.

In the complex landscape of cybersecurity, understanding the intricacies of threats is crucial for robust defence. One key concept that can help demystify cyber threats is Tactics, Techniques, and Procedures (TTPs).

What are TTPs?

TTPs stand for Tactics, Techniques, and Procedures, and they represent the behaviour and methods used by cyber adversaries to achieve their objectives. Here's a brief breakdown:

• Tactics: These are the high-level plans or goals that adversaries aim to achieve, such as data exfiltration or system compromise.
• Techniques: These are the general methods or strategies used to accomplish a tactic, such as phishing or credential dumping.
• Procedures: These are the specific steps or actions taken by adversaries to implement a technique, like using a particular phishing email template or a specific malware variant.

Who Identifies TTPs?

TTPs are typically identified by cybersecurity professionals and organizations dedicated to threat intelligence and research. These include:

• Cybersecurity Firms: Companies like Mandiant, CrowdStrike, and Palo Alto Networks analyze cyber threats and document TTPs.
• Government Agencies: Agencies such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Canadian Centre for Cyber Security provide detailed reports on observed TTPs.
• Threat Intelligence Platforms: Platforms like MITRE ATT&CK offer a comprehensive framework for understanding and tracking TTPs across various adversaries.

Where Can You Find TTPs?

TTPs can be found in various resources dedicated to cybersecurity:

• MITRE ATT&CK Framework: A globally accessible knowledge base of adversary tactics and techniques based on real-world observations.
• Threat Intelligence Reports: Publications from cybersecurity firms and government agencies that provide in-depth analysis of specific threats and their associated TTPs.
• Cybersecurity Conferences and Webinars: Events where experts share the latest findings and trends in cyber threats.

What Do You Do with TTPs?

Understanding TTPs is essential for building a proactive cybersecurity strategy. Here’s how you can leverage TTPs:

• Threat Hunting: Use TTPs to search for signs of adversary behaviour within your network. This helps in identifying potential breaches early.
• Incident Response: TTPs guide response teams on what to look for and how to contain and remediate threats effectively.
• Security Awareness Training: Educate your staff about common TTPs used in phishing attacks and other social engineering tactics.
• Security Controls: Implement and adjust security controls based on the TTPs most relevant to your industry and threat landscape.

APT41: An Example of Chinese APT TTPs

APT41, also known as Double Dragon, is a Chinese state-sponsored cyber threat group that conducts both espionage and financially motivated operations. Active since at least 2012, APT41 targets various sectors, including healthcare, telecoms, high-tech, and video game industries.

Techniques Used by APT41

APT41 employs a range of techniques to infiltrate and persist within target networks:

• Spear-Phishing: Often using lures related to healthcare, job postings, and password policies to gain initial access.
• Exploiting Vulnerabilities: Utilizes known vulnerabilities in software to execute their code on victim systems.
• Custom Malware: Deploys sophisticated malware like Cobalt Strike, a popular penetration testing tool, for establishing persistence and conducting lateral movement.
• Credential Dumping: Uses tools to extract and use credentials stored in browsers and system memory.
• Data Exfiltration: Transfers stolen data using standard web protocols and sometimes encrypts data to evade detection.

APT41's extensive toolkit and diverse attack vectors make it a formidable adversary. By studying and understanding their TTPs, organizations can better defend against such sophisticated threats and improve their overall cybersecurity resilience.