The post Steganography & Sabotage: Inside Pawn Storm’s PRISMEX Offensive Against NATO Logistics appeared first on Daily CyberSecurity.

Latvia’s Ministry of Defence has warned that a Russian information operation is currently targeting the Baltic States, with false claims that Latvia, Lithuania, and Estonia are supporting Ukrainian attacks against Russia. In a statement, the Ministry said the allegations are incorrect and that the Baltic States are not involved in planning or carrying out Ukraine’s counterattacks. Officials reiterated that their support to Ukraine is limited to military equipment, humanitarian aid, and financial assistance, in line with international commitments. The Ministry said the Russian information operation is part of a broader effort to discredit NATO, weaken public trust in state institutions, and reduce support for Ukraine across the region.

Russian Information Operation Targets Baltic Societies

According to Latvian authorities, the campaign involves coordinated disinformation efforts, including the use of social media bots and targeted messaging. The operation is said to focus on Russian-speaking communities and younger audiences. Officials stated that such narratives are being amplified to create confusion and division within Baltic societies. The warning comes amid heightened concerns over hybrid threats in the region, including cyberattacks and influence operations linked to Russia. [caption id="attachment_110822" align="aligncenter" width="737"] Image Source: Ministry of Defence of Latvia[/caption]

Ukrainian Drone Incidents Used to Amplify Claims

The Russian information operation follows recent reports of Ukrainian drones entering Baltic airspace during large-scale attacks on Russian infrastructure. Authorities in Latvia and Estonia confirmed that two drones entered their airspace earlier this week via Russia. One drone reportedly struck a chimney at a power station near the Estonian border, while another crash-landed. Lithuania also reported a separate incident where a drone fell into a frozen lake. Officials said there were no casualties or significant damage from these incidents. The drones are believed to have been part of a broader Ukrainian operation targeting Russian oil facilities, including ports along the Baltic Sea.

No Direct Involvement by Baltic States

Latvian authorities stressed that the Russian information operation is attempting to link these drone incidents to alleged Baltic involvement, which they deny. The Ministry noted that Ukraine has the right to defend itself against Russia’s invasion and that Baltic support does not extend to operational involvement in military actions. Officials also suggested that such claims are intended to divert attention from Russia’s own challenges in countering Ukrainian strikes. [caption id="attachment_110823" align="aligncenter" width="751"] Image Source: Ministry of Defence of Latvia[/caption]

Growing Focus on Hybrid Threats

The latest warning adds to ongoing concerns about hybrid activities in the Baltic region. Earlier this year, Latvian security services reported that cyberattacks and sabotage operations linked to Russia remain a significant threat. Officials have also indicated that Russia’s perception of Latvia is becoming more confrontational, drawing comparisons to its stance toward Ukraine prior to the 2022 invasion. While no immediate military threat has been identified, authorities say information operations remain a key tool being used to influence public opinion and destabilize the region.

Monitoring and Response Ongoing

Latvia’s Ministry of Defence said it continues to monitor the Russian information operation and assess its impact across the Baltic States. The government has urged vigilance against disinformation and reiterated its commitment to supporting Ukraine within the framework of international law. The situation remains under observation as authorities track both the spread of false narratives and related security developments in the region.

Russia uses Vienna as its largest Western spy hub, monitoring NATO and other sensitive communications via diplomatic sites and satellite dishes.

Western intelligence reports that Russia has transformed Vienna into its largest Western spy hub, steadily expanding surveillance over the past two years. Using diplomatic compounds and rooftop satellite clusters, Russia monitors sensitive communications across NATO, the Middle East, and Africa, reviving a major Cold War-era signals intelligence operation, according to the Financial Times.

“This is one of our main concerns,” a senior European diplomat in Vienna told the Financial Times. “They are targeting NATO government and military communications… Vienna is their hub in Europe.”

Western intelligence reports Russia steadily expanding surveillance in Vienna, with moving antennas and rooftop dishes actively tracking satellites, even adjusting them around major events like the Munich Security Conference.

At Vienna’s “Russencity,” a nine-acre Russian compound, satellite dishes track Europe-Africa communications via geostationary satellites, with movable lenses enhancing signal capture. The complex includes residences, a school, and Russia’s UN mission, revealing advanced espionage capabilities.

The most expensive piece of the Cold War that never ended is a building in central Vienna, and it's still on the clock. Russia's "Russencity" compound in Vienna, a nine-acre complex on the Danube, has SIGINT satellite dishes on its rooftops that face West. They reposition… pic.twitter.com/EITk29aaHm

— Lukasz Olejnik (@lukOlejnik) March 17, 2026

“Russencity” houses residences, a school, and the UN mission, topped with satellite dishes mainly pointing west to 18 geostationary satellites. Researchers identified four in use (Eutelsat 3B, 10B, SES-5, and Rascom QAF1) for Europe-Africa communications, with movable lenses allowing wider satellite coverage. Russencity is just one site; others include the embassy, cultural center, a former sanatorium, and upgraded apartments with rooftop equipment. Dating to 1983 under KGB chief Yuri Andropov, the complex was likely built for intelligence work, and Vienna has become a hub for Russian espionage in Europe.

Russia has around 500 diplomats in Vienna, with up to a third likely covert spies; Austria warns that Russian SIGINT stations present a serious security risk.

Austria’s intelligence warns Russian surveillance poses a major risk, but the law limits action to espionage targeting Austria, so authorities avoid expulsions to prevent Moscow retaliation.

“Austria’s intelligence agency (DSN) has warned that Russia’s surveillance capabilities in Vienna pose a “significant security risk.”” concludes Kyiv Post. “But Austrian law limits action – espionage is only prosecutable if it targets Austria directly. Authorities have identified individuals running the operations but have avoided expulsions, fearing retaliation from Moscow.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NATO)

Apple’s iPhone and iPad are now NATO-approved for classified use, listed in the alliance’s Information Assurance Product Catalogue.

Apple announced that its iPhone and iPad have received NATO approval to handle classified information. The devices are now officially listed in the NATO Information Assurance Product Catalogue (NIAPC), allowing military personnel to use them securely for sensitive communications and operations.

Devices listed in the NATO Information Assurance Product Catalogue (NIAPC) are commercial security products built in NATO member states, designed to protect NATO or national classified information. They meet strict information security standards, undergo NATO or national vetting, hold recognized certifications like Common Criteria or INFOSEC approvals, and receive explicit approval for handling classified data, often up to levels such as NATO Restricted or NATO Secret.

iPhone and iPad are the first consumer devices cleared for NATO’s ‘RESTRICTED’ classification.

“iPhone and iPad with indigo configuration provide secure access to Mail, Calendar, and Contacts data using apps built for iPhone and iPad.” reads the announcement. “iOS 26 and iPadOS 26 with indigo configuration is approved for iPhone and iPad up to NATO RESTRICTED. Indigo doesn’t require any special additional software or settings beyond managing and supervising devices using a device management service.”

Apple iNDIGO (iOS Native Devices in Government Operation) is a hardened, government-specific configuration for iOS and iPadOS devices, approved by Germany’s BSI for classified info like VS-NfD (German Secret).

Apple confirmed that the NIAPC “indigo configuration” is just a naming by the German BSI and that standard iPhone and iPad setups received NATO approval.

Apple devices use Touch ID and Face ID for fast, secure access, offer Memory Integrity Enforcement on A19/M5 chips, and support VPNs..

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, iPhone)

iPhone and iPad running iOS 26 can now handle restricted NATO information without special software, though security experts warn consumer devices create new attack surfaces.

Apple announced Thursday that iPhone and iPad became the first consumer mobile devices approved to handle classified NATO information up to the restricted level, following extensive security testing by Germany's Federal Office for Information Security.

The certification enables NATO personnel across all member nations to use standard iOS 26 and iPadOS 26 devices for restricted data without requiring specialized software, containerization or additional security layers—a milestone no other consumer device manufacturer has achieved.

Germany's BSI conducted exhaustive technical assessments, comprehensive testing and deep security analysis to verify Apple's built-in platform security capabilities met NATO nations' operational and assurance requirements. The devices now appear on NATO's Information Assurance Product Catalogue, formally recognizing that Apple's hardware-software integration provides adequate protections for restricted classified information.

Also read: NATO Faces Escalating Cyberthreats: From Espionage to Disinformation

"Secure digital transformation is only successful if information security is considered from the beginning in the development of mobile products," said Claudia Plattner, BSI's president. The certification builds on Apple's previous approval to handle classified German government data using native iOS and iPadOS security measures without third-party modifications.

Apple stressed that its security architecture differs fundamentally from traditional approaches requiring bespoke solutions. "Prior to iPhone, secure devices were only available to sophisticated government and enterprise organizations after a massive investment in bespoke security solutions," said Ivan Krstić, Apple's vice president of Security Engineering and Architecture. "Instead, Apple has built the most secure devices in the world for all its users, and those same protections are now uniquely certified under assurance requirements for NATO nations."

The certification relies on Apple's integrated security features including hardware-based encryption through the Secure Enclave processor, biometric authentication via Face ID, Memory Integrity Enforcement preventing code injection attacks, and comprehensive device encryption that protects data at rest and in transit. These capabilities operate across Apple's custom silicon, operating system and applications without requiring users to enable special modes or install government-specific software.

NATO's "restricted" classification represents the alliance's lowest tier for classified information, covering data requiring protection but not meeting thresholds for confidential, secret or top secret designations. Restricted information typically includes operational planning details, logistics coordination and administrative documents that could aid adversaries if disclosed but would not directly compromise critical security operations.

The approval marks a pragmatic shift in how governments balance security requirements against operational flexibility. NATO personnel can now use familiar consumer devices rather than specialized hardened phones that typically cost thousands of dollars per unit, offer limited functionality and create friction in daily workflows. The consumer device approval potentially saves member nations substantial procurement costs while improving user adoption.

However, security experts note that consumer devices certified for government use introduce considerations absent from purpose-built secure communications platforms. Unlike specialized government phones designed exclusively for classified communications, iPhones and iPads run consumer applications, connect to public networks and integrate with cloud services creating expanded attack surfaces.

A cryptography professor at a known U.S. University, told The Cyber Express that he would still want to be cautious on this since in the past few years, Apple's security architecture has been proven to have consumer threats, including nation-state adversaries targeting NATO countries. "The question isn't whether Apple has good security—they do. It's whether consumer devices designed for billions of users can adequately protect against targeted attacks by adversaries specifically hunting for NATO intelligence," he said.

Also read: Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update

The certification also raises questions about long-term support and update requirements. Consumer devices receive operating system updates for limited periods before Apple designates them obsolete. Government security requirements typically demand decades-long support commitments that conflict with consumer product lifecycles where devices become outdated within five years.

Apple has not disclosed whether NATO members negotiated extended support agreements, how the company will handle security vulnerabilities discovered in iOS 26 after consumer support ends, or whether classified data handling requires organizations to prevent users from installing consumer applications that could introduce risks.

The announcement follows Apple's decade-long effort to gain U.S. government security clearances. The U.S. Department of War (formerly know as Department of Defense) approved iPhones for handling certain classified information in 2013-14, though those implementations required mobile device management software and container applications separating classified data from personal use—requirements NATO's certification explicitly eliminates.

Despite concerns, the NATO approval represents validation that Apple's security-by-design approach can meet rigorous government standards for protecting sensitive information, potentially encouraging other consumer technology manufacturers to prioritize security architecture capable of government certification rather than relying on post-hoc security layers.