October 18, 2017

Intelligence has the ability to save lives and prevent disasters with the ultimate purpose of educating the public. This awareness bulletin transmits alerts regarding current and future threats to North America.
Daily Intelligence Report

Russia Reopens Ferry Route to North Korea

Russia Reopens Ferry Route to North Korea – Russia and North Korea

Sea trips between Vladivostok, Russia and isolated North Korea have resumed after a two-month break, with the transport of cargo, the RIA news agency reported on Monday, quoting the head of the company operating the route. The North Korean-flagged Mangyonbong left the Russian port for North Korea’s Rajin on Sunday, RIA said, citing the company’s director general, Vladimir Baranov. The ferry line, the only one between the two countries, was opened in May to carry cargo and passengers, predominantly Chinese tourists. It stopped operating in August, however, because the port in Vladivostok refused to provide services to the vessel after the company failed to pay for them, RIA reported citing a port official. The ferry service was launched in May in spite of calls by the United States for countries to curtail relations with Pyongyang over its nuclear and missile programs.

Read the article More Info Back to Top

Puerto Rico's Streets are Crawling With Heavily Armed, Masked Mercenaries Bearing No Insignia or Nametags

Puerto Rico's Streets are Crawling With Heavily Armed, Masked Mercenaries Bearing No Insignia or Nametags – Puerto Rico

Though Puerto Rican law prohibits ownership and bearing of most long-guns and especially semiautomatic weapons, the streets of the stricken US colony now throng with mercenaries in tactical gear bearing such arms, their faces masked. They wear no insignia or nametags and won't say who they work for, apart from vague statements in broken Spanish: "We work with the government. It’s a humanitarian mission, we’re helping Puerto Rico." Rosa Emilia Rodríguez, head of Puerto Rico's Federal Prosecutor’s Office, initially dismissed reports of the mercenaries, then, after reporters from the Centro de Periodismo Investigativo pressed her she said she'd "check it out." After Hurricane Katrina devastated New Orleans, Erik Prince's Blackwater mercenaries flooded the city again, turning it into an "armed camp", after Brigadier Gen. Gary Jones, commander of the Louisiana National Guard’s Joint Task Force announced "This place is going to look like Little Somalia. We’re going to go out and take this city back. This will be a combat operation to get this city under control." Erik Prince is now reportedly considering a senate run as a Trumpist candidate in Wyoming. His sister, Betsy Devos, has used millions from her husband's pyramid-scheme fortunes to fund efforts to destroy public education, and now serves as Trump's Secretary of Education. Though the mercenaries in Puerto Rico won't identify their employers, there's good evidence that Blackwater (now called Academi) is or will soon be operating there, as well as other notorious mercenary gangs like Ranger America and the Whitestone Group.

Read the article More Info Back to Top

Email Attacks Use Fake VAT Returns to Deliver Malware

Email Attacks Use Fake VAT Returns to Deliver Malware – Global

Domain-based Message Authentication, Reporting and Conformance (DMARC) is designed to stop phishing. One of the most phished domain names in the world is the UK tax office, HMRC. HMRC has implemented DMARC to counter this phishing, and in November 2016 it announced, "We have already managed to reduce phishing emails by 300 million this year through spearheading the use of DMARC. It allows us and email service providers to identify fraudulent emails purporting to be from genuine HMRC domains and prevent their delivery to customers." But DMARC is clearly no silver bullet. On October 13, 2017, Trustwave's SpiderLabs described a very recent, albeit short-lived, HMRC-based phishing campaign. "On 6th September, 2017, scammers launched a phishing attack using spoofed e-mail messages appearing to come from a HMRC support service domain and containing links to the infamous JRAT malware disguised as a VAT return document." On that same day, the scammers registered the HMRC-lookalike domain from the LCN registrar. The phishing messages sent to targets were sent from this domain. They were from 'HMRC Business Help and Support Email' with the subject 'VAT Return Query'. The content says, "Thank you for sending you VAT Return Online but there some queries about your submission. Kindly review the outlined errors in the attached document, correct and resubmit." It contains just two easily missed typographical/grammatical errors. In reality, there is no attachment to the email. "The illusion of the attachment that can be seen in the message body," writes SpiderLabs, "is achieved using an embedded HTML image that is rigged with a URL pointing to the Microsoft OneDrive file sharing service." Attempting to access the non-existent attachment points the user to the OneDrive service and automatically downloads a file labeled 'VAT RETURN QUERY.ZIP'.

Read the article More Info Back to Top


To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!


If you need immediate assistance from G4S Corporate Risk Services or would like to learn more about our services, email G4SIntelligence@usa.g4s.com or call 800.275.8310.