CVE-2023-27997
Fortinet has rolled out an updated version of FortiOS/FortiProxy, to address a severe SSL-VPN component vulnerability.
Threat Name: CVE-2023-27997
Risk Factor: Critical
Date: June 2023
Get Help Now
Solace Cyber security specialists can secure your estate with patching and conduct forensic analysis
What we know about the Fortigate – SSL VPN vulnerability
The vulnerability, which is tracked as CVE-2023-27997 is a pre-authentication remote code execution vulnerability, which if left unpatched, could lead to critical organisational risk.
The SSL-VPN vulnerability would allow an attacker with zero credentials to execute arbitrary code during the pre-authentication stage. This means, the attacker could circumnavigate MFA.
Which OS versions are affected by the vulnerability?
- FortiOS-6K7K version 7.0.10
- FortiOS-6K7K version 7.0.5
- FortiOS-6K7K version 6.4.12
- FortiOS-6K7K version 6.4.10
- FortiOS-6K7K version 6.4.8
- FortiOS-6K7K version 6.4.6
- FortiOS-6K7K version 6.4.2
- FortiOS-6K7K version 6.2.9 – 6.2.13
- FortiOS-6K7K version 6.2.6 – 6.2.7
- FortiOS-6K7K version 6.2.4
- FortiOS-6K7K version 6.0.12 – 6.0.16
- FortiOS-6K7K version 6.0.10
- FortiProxy version 7.2.0 – 7.2.3
- FortiProxy version 7.0.0 – 7.0.9
- FortiProxy version 2.0.0 – 2.0.12
- FortiProxy 1.2 all versions
- FortiProxy 1.1 all versions
- FortiOS version 7.2.0 – 7.2.4
- FortiOS version 7.0.0 – 7.0.11
- FortiOS version 6.4.0 – 6.4.12
- FortiOS version 6.0.0 – 6.0.16
Solace Cyber recommendations
The disclosure of this vulnerability would likely assist adversaries in leveraging it, so its highly recommended that patches are applied before further exploitation of the vulnerability takes place.
Above all, we strongly advise you to apply updates to the following applications:
- FortiOS-6K7K version 7.0.12 or above
- FortiOS-6K7K version 6.4.13 or above
- FortiOS-6K7K version 6.2.15 or above
- FortiOS-6K7K version 6.0.17 or above
- FortiProxy version 7.2.4 or above
- FortiProxy version 7.0.10 or above
- FortiProxy version 2.0.13 or above
- FortiOS version 7.4.0 or above
- FortiOS version 7.2.5 or above
- FortiOS version 7.0.12 or above
- FortiOS version 6.4.13 or above
- FortiOS version 6.2.14 or above
- FortiOS version 6.0.17 or above
Solace Cyber can support your efforts in upgrading to the latest software versions. Additionally, our cyber security specialists can conduct forensic analysis to detect and determine the cause of a security incident and support recovery plans.
Get help with a VPN vulnerability
Solace Cyber offers expert assistance in managing a VPN exploitation.
The MOVEit transfer application used to transfer files has a zero-day vulnerability in the form of an SQL injection vulnerability.
The impact is still yet to be fully materialised.
Threat Name: CVE-2023-34362
Risk Factor: High
Date: May 2023
Get Help Now
Solace Cyber security specialists can provide technical guidance for assessing a potential supply chain risk
What we know about the MOVEit Transfer vulnerability
The MOVEit transfer application used to transfer files has a zero-day vulnerability in the form of an SQL injection vulnerability. This in turn allows the adversary to drop a web shell on the host inside the MOVEit wwwroot directory. After which time, the attacker could then download any file within MOVEit and install a backdoor.
A known breach involving Zellis, a supplier of IT services for payroll and human resources says a “small number” of organisations have been affected.
The ransomware group “Cl0p” has posted on their ransomware site that they are exploiting the MOVEit vulnerability. Microsoft have also attributed the attack to Cl0p. The recent attacks do not show signs of encryption, although there is potential for this to occur as well as lateral spread.
The group states on their Darknet page that they’ll post the names of the organisations compromised on June 14th 2023 if the targeted organisation hasn’t already contacted them. In the past 24 hours the BBC, Boots and British Airways have confirmed they’ve been impacted.
The UK’s National Cyber Security Centre said it was “monitoring the situation” and urged organisations using the compromised software to carry out security updates. As of today, results from internet reconnaissance show that there are 127 instances in the UK of the MoveIT Transfer application and 1853 in the US.
What’s the impact of the zero-day exploit?
Due to the growing number of compromised organisations and the current supply chain spread the impact is still yet to be fully materialised.
Organisations without the vendor’s latest patch against CVE-2023-34362 should assume breach and conduct investigative and remediation efforts where the service is publicly accessible.
Solace Cyber recommendations
Where applicable we recommend organisations:
- Disconnect MOVEit Transfer servers from the internet
- Search for indicators of compromise
- Rotate credentials for Azure storage keys / Rotate any other SQL credentials
- Perform a forensics investigation of your affected servers
- Restore and rebuild from a backup of the systems last known good state
- Apply the patch
- Continuously monitor all systems
Solace Cyber is here to help with technical guidance to assess a potential supply chain risk or give further support to the recommendations above.
Speak to a cyber security specialist
Solace Cyber offers expert assistance in managing potential supply chain risks.
Apple has released an update relating to two actively exploited vulnerabilities. Microsoft has also released updates addressing 97 vulnerabilities including one 0-day.
Threat Name: CVE-2023-28206,
CVE-2023-28205
Risk Factor: Critical
Date: April 2023
Get Help Now
Solace Cyber security specialists can secure your estate with patching and conduct forensic analysis
What we know about the vulnerabilities
All in-support MacOS and iOS devices are affected by two vulnerabilities that are being actively exploited: CVE-2023-28206 and CVE-2023-28205.
It’s recommended that you update systems ASAP as detailed instructions on how to abuse CVE-2023-28206 are now public.
Microsoft has released a vast number of fixes this month. One vulnerability is a 0-day CVE-2023-28252 where there is known exploitation by Nokoyawa ransomware. Another noteworthy vulnerability is CVE-2023-21554, which is marked as critical and is a remote code execution vulnerability that affects Microsoft Message Queuing.
Microsoft message queuing is commonly installed on exchange servers where automatic role installation is selected during install although this vulnerability is not limited to exchange only.
CVE-2023-28220 and CVE-2023-28219 both affect Windows remote access servers (RAS) and have been marked by Microsoft as “exploitation more likely”. RAS servers are usually directly on the internet to provide remote access to an organisation.
Lastly, a critical DHCP vulnerability was also fixed relating to CVE-2023-28231. This vulnerability would allow an attacker to craft an RPC call to the DHCP server to exploit this flaw. Commonly, DHCP services are installed alongside domain controllers, which is a known bad practice due to these types of DHCP flaws.
What is the Recommended Guidance?
All iOS and MacOS devices must be updated to the latest available versions, as CVE-2023-28206 and CVE-2023-28205 are actively being exploited.
Due to the vast quantity of critical Microsoft vulnerabilities this month and the Microsoft 0-day it would be worth prioritising patches for external systems such as, Exchange and RAS servers first. Then, DHCP services and the rest of your fleet.
It would be worth considering splitting out any known domain controllers with DHCP services going forward. Moving DHCP as a service to another machine.
The Solace Cyber Implementation Plan
Solace recommends:
- Immediately updating all Apple devices to the latest available versions to address CVE-2023-28206 and CVE-2023-28205.
- Prioritising the patching of external-facing systems, such as Exchange and RAS servers, due to the higher likelihood of exploitation.
- Updating all other Microsoft Operating systems.
- As a best practice, move DHCP services away from all domain controllers to another Server or appliance.
- Conducting a thorough vulnerability assessment to identify potential weaknesses and prioritise remediation efforts. Solace can provide additional assistance with vulnerability scanning.
- Due to the active exploitation of this month’s Apple vulnerabilities, Solace can provide a forensic mailbox investigation to look for signs of mailbox compromise.
Speak to a cyber security specialist
Solace Global can conduct forensic audits and patching to secure your estate from Microsoft Outlook zero-day vulnerability
Microsoft Outlook has a critical vulnerability Critical 9.8 (CVSSv3) that requires zero interaction to be successful.
Microsoft has released a patch for Outlook.
Threat Name: CVE-2023-23397
Risk Factor: Critical
Date: April 2023
Get Help Now
Solace Cyber security specialists can secure your estate with patching and conduct forensic analysis
What we know so far about Microsoft Outlook zero day exploit
The vulnerability has been exploited by the threat group APT28, also known as Fancy Bear, Sofacy, and STRONTIUM since April 2022.
It was initially reported to Microsoft by the Ukrainian CERT. According to Microsoft, “a Russia-based threat actor” exploited the vulnerability in targeted attacks against several European organizations in government, transportation, energy, and military sectors.
Currently 15 organisations are believed to have been targeted or breached using CVE-2023-23397.
Solace Cyber Head of Incident Response believes with high certainty that this particular vulnerability will be used by other threat actors – equating to a vast quantity of attacks in the coming days to weeks.
As of 16/03/2023 proof of concept code has been developed by security researchers and it is likely to be used in subsequent attacks by other threat actors.
How Zero Day Exploit CVE-2023-23397 works
The attack involves the attacker sending an Outlook note or task to the victim, triggering the notification sound file mechanism, which sends an NTLM negotiation request to the attacker-controlled SMB share. The threat actors accomplish this using extended MAPI properties that contain UNC paths. The vulnerability can be exploited with a simple, specially crafted email, even if the victim doesn’t open the item.
However, it’s worth noting that this vulnerability cannot be exploited with Outlook for iOS, Mac, or Outlook for Android. Nevertheless, it affects all Windows versions of Outlook that are currently supported.
Who is at risk from the Microsoft Outlook Zero Day Vulnerability
- Organisations that have on-premises domain controllers and use outlook.
- Organisations that only use Azure AD only and have no on-premises domain controllers are protected.
Note: Those at a higher risk include remote workers due to home firewalls that do not block SMB traffic.
Solace Cyber Recommendations to mitigate risk
- Immediately patch all Outlook clients to the latest available version (Microsoft released the required software update this Tuesday).
This can be done by emailing all end users to advise a manual update of Microsoft Office (click-to-run) or updating via alternative methods. If you require assistance with auto-patching solace cyber can assist.
- Launch any office application. Microsoft Outlook, Word, Excel or PowerPoint.
- Select File > Office Account.
- Update Options > Update Now.
- Allow update process to complete (Approximate time to complete: < 15 mins)
- Additionally, organisations are strongly advised to run Microsoft’s script to look for signs of compromise in user’s mailboxes.
Preferably this is run in audit mode only so that forensic data can be reviewed. If the script produces results it is recommended that you review the UNC paths in the outlook items to ensure no exploitation has occurred.
- Ensure SMB outbound connections are blocked on your organisations firewall.
Speak to a cyber security specialist
Solace Global can conduct forensic audits and patching to secure your estate from Microsoft Outlook zero-day vulnerability
Alert Plus: Multiple Large Earthquakes Strike Southern Turkey

Situation Summary: Large Earthquakes in Southern Turkey
At 01:17 (UTC) on 6 February, a magnitude 7.8 earthquake was detected 30km west-northwest of Gaziantep, Turkey (37°10’26.4″N 37°01’55.2″E). The earthquake struck at a depth of 24.1km and it quickly became apparent that a significant amount of casualties and damage had occurred in Turkey and northern Syria. There have been several substantial aftershocks, eight of which recorded a magnitude of at least 5. Tremors have also been felt in Greece, Cyprus and Lebanon.
As of 10:00, at least 1200 fatalities had been confirmed across Turkey and Syria. Images and videos posted to social media and local news outlets indicate considerable damage to infrastructure. In Turkey alone, at least 2818 buildings have collapsed. At 10:24, the region was then struck again by a separate 7.5 magnitude earthquake 4km south-southeast of Ekinozu (37°10’26.4″N 37°01’55.2″E) – roughly 128km north of the earlier epicentre. At the time of writing, it has been reported that the region has experienced at least 100 aftershocks.
According to the United States Geological Survey (USGS), the area in which the quakes have hit is populated predominately by non-earthquake-resistant residential structures. They are often made of masonry, brick, and non-reinforced concrete frames. As a result, many buildings will have been badly damaged or will have collapsed completely. This means that there will be few places in which survivors can shelter safely.
Turkey declared a ‘Level 4 Alarm’ after the initial tremor, which reportedly includes a call for international assistance and support. The European Union has agreed to send rescue teams and is preparing further help for Turkey. US officials are also monitoring the situation and have noted their willingness to help. Rescue teams from India, Russia and Taiwan have also deployed.
President Recep Tayyip Erdogan has described events so far as the nation’s worst disaster since the 1939 Erzincan earthquake, a 7.8 magnitude earthquake that killed over 32,000.
Intelligence Analysis by Solace Global
The earthquakes have struck as Turkey prepares for its May elections, which were already seen as some of the country’s most consequential in decades. These earthquakes further add electoral weight, since previous large earthquakes have led to major political changes in the country. In the wake of Turkey’s last major earthquakes, in 1999, voters turned away the incumbent parties in the 2002 elections. These parties were punished as a result of the poor relief and reconstruction efforts, and for the large-scale corruption the earthquake exposed. Recep Tayyip Erdogan and his newly formed Justice and Development Party (AKP) party were the major beneficiaries of this political shift. As a result, he became Prime Minster in 2003 and ascended to the Presidency in 2014, a post he currently still holds.
The province of Gaziantep, where the epicentre of the earlier earthquake is located, has long been a cradle of support for the AKP and Erdogan. Indeed, support for the AKP and Erdogan has remained high in the province despite the recent economic volatility and uncertainty in the country, and the persistent accusations of corruption levied against the AKP and President Erdogan. Consequently, comprehensive aid and reconstruction efforts are likely to be implemented swiftly. Despite this, contemporary Turkish political history suggests that the AKP, having been the beneficiaries of the 1999 earthquake, may be victims of these ones. This becomes increasingly possible if victims feel that aid is too slow, not sufficient, or that reconstruction efforts are corrupt.
Northern Syria has also been badly affected by the disaster. This part of the country has seen several recent Turkish military incursions; it is also home to some of the last anti-government areas of control. The tremors are almost certain to mean that Turkish offensive military operations in the region are temporarily halted, as the military is redeployed to support disaster relief and search and rescue operations in Turkey. The Syrian government may also seek to fast-track search and rescue and reconstruction efforts in areas in the region it controls in a bid to try and win support across an area which was long a stronghold of anti-Assad movements.
Those with interests in the region are advised to note that there remains considerable potential for large-magnitude aftershocks or follow-on tremors.

Advice if Affected by Earthquakes in Turkey
- Individuals with planned travel to Turkey or Syria are advised to reconfirm itineraries and expect considerable localised travel disruption, particularly in the vicinity of the Turkey/Syria international border
- Be aware that flights into and out of regional airports may be disrupted, impacting downstream travel plans
- Travellers are advised to avoid the immediate vicinity of all damaged infrastructure and ongoing emergency services operations
- Be aware that large aftershocks or additional earthquakes have a realistic possibility of occurring in the coming hours
- If caught in an earthquake, it is advisable to ‘Drop, Cover, and Hold On’ to reduce the risk of injuries, ensuring to cover the head and neck
- Following an earthquake, there can be serious hazards, such as damaged buildings, leaking gas and water pipes, and downed power lines
- If caught outside during earthquakes, exit vehicles and remain clear of overhead powerlines, bridges, or large structures
- If earthquakes occur during travel within coastal regions, be alert to the possibility of tsunami and consider heading towards high-ground once the initial tremors have passed
- Anticipate disruption to essential services, including water and electricity, WiFi or GSM/cellular network coverage, in addition to considerable pressure on local healthcare services
- Adhere to all instructions issued by emergency services or local government/security officials
- Monitor the Solace Secure platform and trusted local media for updates
Risk Management for NGO’s in Turkey and Syria
Alert Plus: Paris Stabbing Attack At Gare du Nord Station

Situation Summary
At around 06:45 local time on 11 January 2023, several people were injured after a lone individual attacked commuters at the Gare du Nord train station in Paris, France. Those present during the incident suggested that the attacker was targeting passengers indiscriminately.
Police officers responding to the incident reportedly fired several shots at the attacker, who was arrested at the scene and remains in a critical condition. Unverified reports suggest that the attacker was first interdicted by an off-duty police officer, although this has not been officially confirmed.
The French Interior Minister Gérald Moussa Darmanin has confirmed that six people have been injured in the attack, including one police officer. A security cordon remains in place around the station, with emergency services still on site.
Police and security officials have not commented on a suspected motive for the attack, and a criminal investigation has been launched.
In the immediate aftermath of the incident, rail network TER Hauts-de-France noted that rail traffic had been disrupted both to and from Paris Nord, with some services still delayed. Limited disruption has been reported for the local road network.
Solace Global Intelligence Analysis
Although officials have not commented on the exact motive for the attack, the methodology (bladed weapon) and targeting preferences (busy transport hub during morning commute) indicate that this incident is highly likely to be terror-related.
There have been a considerable number of high-profile terror incidents in France in recent years, with most attacks in the 21st century conducted either by violent Islamist extremists, or by individuals with extreme right-wing or racist ideologies.
The apparently indiscriminate nature of this attack likely suggests that this incident was an act of Islamist terror, since racially- motivated attacks are highly targeted.
The attack at the Gare du Nord comes less than three weeks (23 December) after a racially-motivated shooting attack killed three at a Kurdish cultural centre and nearby café on the Rue d’Enghien, in the 10th arrondissement, less than 2km from the Gare du Nord station. That incident prompted extensive unrest amongst the local Kurdish population and was condemned by the Kurdish Democratic Council of France (CDK-F).
Previous Islamist terror attacks in France have been motivated by perceived or genuine attacks against ethnic minority, immigrant or Islamic communities.
Solace Global Advice
- Individuals with planned travel to Paris are advised to reconfirm itineraries and expect localised travel disruption, particularly at the Gare du Nord station but possibly at other stations with planned services to central Paris
- Travellers are advised to avoid the immediate vicinity of the Gare du Nord station as emergency services remain on the scene to conduct their investigations
- France has a moderate risk of terrorism. Attacks remain realistically possible in the short term, although the presence of additional security force personnel in Paris will very likely mitigate the risk of follow-on attacks in the immediate vicinity of the initial incident
- Terror attacks in France are likely to be indiscriminate, using explosives, bladed weapons, vehicles, and firearms to target crowded areas, government or security force installations and personnel, civilians, transportation networks, and other high-profile locations including sites of religious significance
- In the event of a terrorist attack those in the area are reminded to RUN – HIDE – TELL – FIGHT
- Locations where large groups of residents or tourists are known to gather are at higher risk of attack. You should be particularly vigilant in these areas and follow any specific advice or guidance from the local authorities or security personnel
- Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity or items to security personnel as soon as possible
- If caught in the vicinity of a security incident, seek immediate hard cover from any incoming gunfire or explosions and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey any security cordons in place
- Monitor the Solace Secure platform and trusted local media for updates
Alert Plus: Istanbul Explosion

Situation Summary
On 13 November, at around 16:20 local time, an explosion occurred on Istiklal Caddesi in Istanbul. The street is mostly pedestrianised and is frequented by large numbers of both residents and tourists.
Available footage from the attack indicates that an explosive device was placed in a bag and then left on a bench in proximity to a Mango clothing store. Authorities believe the bag was left by a female suspect, who sat on the bench for around 40 minutes before walking away immediately prior to the explosion. Local authorities have also suggested that a nail bomb was used in the attack, which was designed to inflict mass-casualties.
As of 14 November, six deaths have been confirmed with a further 81 injured in the attack. Of those injured, 50 have been discharged from hospital, whilst the remainder are still being treated. Although Istiklal Caddesi has now reopened, having been closed in the immediate aftermath of the attack, there is an extensive police and security force presence in the area.
Turkish authorities announced on 14 November that a Syrian female suspect and a further 46 other individuals had been arrested following security raids at 21 different locations. Authorities have announced their belief that the perpetrator was a Syrian national, Ahlam Albahsir, who was trained as an intelligence officer by the Kurdistan Workers Party (PKK) and the People Defence Units (YPG). Despite this announcement, the PKK’s military umbrella organization, the People’s Defense Center (HSM) has denied being involved in this attack. Syria’s Kurdish-led and US- backed Syrian Democratic Forces (SDF) have also denied involvement.
Whilst no group has claimed responsibility for the attack, Turkish Interior Minister Suleyman Soylu claims that the attack was planned in Ayn al-Arab, a Kurdish- majority city in northern Syria. Soylu also stated that the attack was planned by the PKK/YPG, without offering evidence to support his claims. Despite the suspect’s alleged links to the PKK, Turkish officials have not ruled out an attack by the Islamic State (IS).
Solace Global Comment
The PKK is classed as a terror group by Turkey, the United States, the European Union, and since 1984 has been engaged in conflict with the Turkish State. Between 2015 and 2017, Turkey witnessed a string of attacks perpetrated by various Kurdish militia groups and IS. The attack on 13 November was the most recent terrorist incident in Istanbul since the January 2017 attack at the Reina nightclub in Ortakoy, which killed 39 people and was claimed by IS.
Istiklal street has also been attacked previously, with a suicide bombing in March 2016 killing five and wounding a further 36. In that instance, authorities initially blamed the PKK for the attack although subsequently confirmed that IS had been responsible.
The accusation by the Turkish authorities that the attack was planned by the PKK/YPG in northern Syria will very likely provide the justification for Turkey to launch a new cross-border operation into northern Syria. Since 2016, Turkish armed forces have been involved in northern Syria, targeting PKK/YPG forces. In May 2022 it was announced that Turkey’s planned fifth offensive in the region had been postponed, with some sources indicating this was due to pressure from other NATO allies. It therefore remains likely that Turkish authorities will seek to leverage anti-Kurdish sentiment in order to conduct limited offensive operations across the Syrian border in the short term.
In June 2023 Turkey will also hold general elections, which will include the election of the President of Turkey and elections to the country’s Grand National Assembly. Previous terror attacks between 2015 and 2017 are widely credited to have brought security issues to the forefront for the elections of 2018. It is highly likely that this attack will result in an increased focus on security in domestic political narratives in the short to medium term.
In the immediate short term, Istanbul and other major Turkish cities are likely to see an increase in the visible presence of police and security officials. Taksim square and Gezi park are the primary locations in Istanbul for civil unrest, protests and demonstrations, with an elevated security force posture in these areas very likely to remain advantageous to the Turkish authorities in the build up to the general elections next year.

Solace Global Advice
- In the event of a terrorist attack those in the area are reminded to RUN – HIDE – TELL – FIGHT
- Turkey has a notable risk of terrorism. Further attacks remain realistically possible, although the presence of additional security force personnel will likely mitigate the risk in the immediate term
- Individuals with planned travel to Istanbul are advised to reconfirm itineraries and expect localised travel disruption, particularly in the immediate vicinity of the incident
- Travellers are advised to avoid Istiklal Caddesi as emergency services remain on the scene to conduct their investigations
- Further terror attacks in Istanbul are likely to be indiscriminate, targeting crowded areas, government or security force installations and personnel, civilians, transportation networks such as metro stations and ferry terminals, and other high-profile locations including sporting infrastructure
- Locations where large groups of residents or tourists are known to gather are at higher risk of attack. You should be particularly vigilant in these areas and follow any specific advice or guidance from the local authorities or security personnel
- Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity or items to security personnel as soon as possible
- If caught in the vicinity of a security incident, seek immediate hard cover from any incoming gunfire or explosions and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey any security cordons in place
- Monitor the Solace Secure platform and trusted local media for updates
Confirmed Zero-Day vulnerabilities in Microsoft Exchange Server

Cyber security update: Confirmed Zero-Day vulnerabilities in Microsoft Exchange Server
As of 4th October 2022, Microsoft have confirmed that two Zero-day vulnerabilities affect Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Microsoft have stated that Exchange Online customers do not need to take any action, however if you have a Hybrid Exchange infrastructure this advice still applies.
Further updates and details on the potential vulnerability can be found here
In addition to Microsoft guidance, Solace Cyber recommend that the mitigation be further tightened by altering the URL block string:
.*autodiscover\.json.*Powershell.*
Solace Cyber are offering an initial consultation to determine if a compromise has already occurred and can action any implementation required to secure your operations.
This update is correct as of 12.23 GMT on 4th October 2022. The situation continues to develop rapidly, so please contact the team for an initial conversation with the latest advice.
Determine if you have been affected by Windows Exchange vulnerability
Receive a free initial consultation to determine if a compromise has already occurred and can action any implementation required to secure your operations.
Military deployed in Ouagadougou

At around 0400 local time, gunfire and explosions were reported from military bases inside Ouagadougou. Eyewitnesses and social media also reported gunfire from the vicinity of the Presidential Palace and Camp Baba Sy, where the current transitional government headquarters are located. Multiple roads inside the capital are reportedly blocked and military personnel have deployed on the streets. Local media claim that the immediate vicinity of the national television offices (RTB) is inaccessible due to military roadblocks. Images posted to social media appear to indicate state TV outages in Burkina Faso, although this has not been confirmed.
Heavily armed personnel are now reportedly present along the “strategic axes” of Ouagadougou, although no further details regarding their exact location are currently available. The current whereabouts of Burkina Faso’s President Paul Henri Damiba, who came to power after a military coup in January 2022, are also unconfirmed, although he reportedly remains inside the capital.
Sporadic gunfire continues several hours after the initial reports of violence. The situation remains highly volatile, with violence ongoing throughout the capital, and the current tactical situation remains unclear due to difficulties obtaining accurate information from the ground. Burkina Faso has rapidly become the epicentre of the violence that began in neighbouring Mali in 2012 but which has since spread across the Sahel region south of the Sahara Desert. The Burkina Faso military has been conducting a series of operations against Islamist militants across the country’s East and Sahel regions in recent months, with military forces claiming to have killed over 100 militants in the past month alone.
Although not yet confirmed, this incident bears all the hallmarks of an attempted military coup. Burkina Faso last experienced a military coup in January 2022 and has been under transitional military rule since then. During the January coup, gunfire was reported from military bases across the capital and soldiers were reported to have seized the Sangoulé Lamizana barracks and surrounded the RTB offices. Soldiers subsequently appeared on national TV to announce the overthrow of former President Roch Kabore. Around eight days later, the military junta restored the constitution and appointed Paul-Henri Sandaogo Damiba as interim president.
Control of state television apparatus appears to be a reliable coup indicator. In 2021, soldiers appeared on national television in Guinea to announce a military coup which deposed longstanding President Alpha Conde. In this way, further reports of soldiers entering the RTB offices in Ouagadougou should be considered likely indicators of a confirmed coup attempt.
Although unclear, ‘strategic axes’ of the capital very likely refer to the Boulevard des Tensoba, the area around the US Embassy and Presidential Palace near Boulevard Muammar Kaddafi, Avenue Kadiogo and Avenue de la Nation.
The situation in the capital comes just 24 hours after protests against President Damiba, blaming him for the deteriorating security situation in the country, and just days after at least ten soldiers were killed and 30 injured in an attack on a military convoy near Gaskindé. These incidents follow a sustained pattern of violence in the north of the country which appears to be spreading to the capital, as security forces battle to contain an expanding Islamist militancy. On 7 August, the government were forced to deny reports that they intended to sign a truce with militant groups until their planned transition to democracy was complete.
It therefore remains likely that elements within the Burkina Faso military have attempted to launch a coup against the current junta. The situation will almost certainly remain delicate and highly volatile in the immediate term.

Solace Global Advice
• Widespread unrest and violence remain possible in the short term. Travellers should avoid all ongoing military activity and any large public gatherings as the security situation may deteriorate quickly and without warning.
• In the event of a significant security development, travellers in Burkina Faso should follow any instructions issued by the government or military authorities.
• If violence escalates inside the capital, consider departing from Ouagadougou whilst commercial options are available.
• Key military and political infrastructure inside the capital are very likely to remain focal points for violence. You should be particularly vigilant in these areas and follow any specific advice from the local
security authorities.
• Expect significant travel disruption and an enhanced security force posture inside Ouagadougou in the short term.
• Always follow all instructions and orders from security forces. Where possible, avoid areas of active conflict and remain inside a secure location away from windows.
• Ensure that you always carry personal identification documents. Consider making photocopies of important documents in case of confiscation, theft or loss.
• Emergency services may be unable to support you in the short term. Be aware of what consular support may be available to you in-country.
• Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
• If caught in the vicinity of a security incident, seek shelter immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey any security cordons in place.
• Monitor the Solace Secure platform and trusted local media for updates.
Election violence in Kenya

Situation Summary of Election Violence in Kenya
On 15 August, violence erupted at the Bomas of Kenya in Nairobi, as the Independent Electoral and Boundaries Commission (IEBC) had been scheduled to release the results of the Kenyan general election. Live footage from the venue showed physical altercations breaking out between attendees, with military
personnel intervening to break up the violence.
Earlier on 15 August the IEBC had announced a delay in releasing the results, although did not specify a reason for the delay. Separately, four commissioners of the IEBC held a press conference at the Serena Hotel in Nairobi, in which they stated that they could not “take ownership of the results” due to concerns over their opaqueness. As the violent scenes emerged and news broke of the division within the IEBC, it
was announced that riot police across the country had been placed on standby, with Kenya’s highest bishop calling for calm and peace to prevail.
In the days since the 9 August election, the IEBC has been verifying the vote tallies provided by the country’s polling stations. In this interim period, both main presidential candidates have alluded to voting irregularities and of fighting the result in courts. Meanwhile, the delay between voting and the announcement of a result had only led to further speculation and disinformation around the legitimacy
of the vote.
Around 20 minutes after the initial chaotic scenes at the Bomas of Kenya, and despite four of the seven IEBC commissioners stating they could not back the results, the IEBC announced that William Ruto had won the election with 7,176,141 votes – amounting to 50.49 percent of the total valid votes. The pre-election favourite, Raila Odinga, received 6,942,930 votes – representing 48.85 percent of the votes cast.
Solace Global Comment
In 2007, post election violence resulted in more than 1,500 civilian deaths, whilst in 2017 at least fifty were killed and the election result was seen as so contentious that the country’s Supreme court ruled the vote should be re-run. Odinga has run for president on five occasions and has lost each time he has run.
He has also disputed the final election result following each loss, which set the conditions of suspicion and mistrust, and ultimately precipitated previous outbreaks of post-election violence. Given that Odinga was seen as the favourite to win the Presidency during the 2022 election, the closeness of the declared result and the inconsistency from the IEBC on 15 August, it is highly likely that he will once more
attempt to contest the election results.
Regardless of whether Odinga officially disputes the result, it is highly likely that his supporters will rally against the result. Any such unrest is highly likely to become violent. The city of Kisumu, which is home to a large pro-Odinga voting bloc, has already begun to see protests break out against alleged vote rigging, whilst in the Kibera area of Nairobi there are reports that riots have begun to break out. Further
unrest is likely to remain centred on the political centres of gravity in Nairobi, with the State House, Central Business District, and Serena Hotel all probable areas of unrest in the short term.
It is noteworthy that this was the first election in which there was no candidate from Kenya’s largest tribe, the Kikuyu. As a result, if election violence and unrest begins to spread across the country, there is a realistic possibility that it will avoid the traditional split along ethnic and tribal lines. Consequently, post-election violence may occur more widely across Kenya, as it would not be centred on tribal population centres, although it may be less extreme than levels observed during previous elections in which a Kikuyu candidate was participating.

Solace Global Advice
• Widespread unrest and violence remains possible in the short term. Travellers should avoid all demonstrations and large public gatherings as they may escalate quickly and without warning. Immediately vacate the area if caught in unrest.
• In the event of a significant security development, travellers in Kenya should follow any instructions issued by the Kenyan government or local authorities.
• Areas where political figures are known to gather are likely to be focal points for political activism and unrest, especially sites associated with the Presidential office or known protest hotspots. You should be particularly vigilant in these areas and follow any specific advice from the local security authorities.
• Expect localised travel disruption and an enhanced security force posture in the short-term. Allow for additional time when travelling in-country, as protest action and increased security force presence may result in road closures or blockades.
• Ensure that you always carry personal identification documents. Consider making photocopies of important documents in case of confiscation, theft or loss.
• Make sure you are familiar with contact details for the emergency services in Kenya – dial 999 / 112 / 911 to request police, medical assistance or fire brigade.
• Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
• If caught in the vicinity of a security incident, seek shelter immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey any security cordons in place.
• Report any suspicious items and behaviours to the nearest security or police officials.
• Monitor the Solace Secure platform and local media for updates.
Support for operations in Kenya
Our team of risk management specialists and intelligence analysts, combined with on-the-ground security support from our global partner network can help secure your operations.
Learn more about how we can secure your operations
US speaker Nancy Pelosi visits Taiwan

Situation Summary
A delegation of American politicians, including House Speaker and senior Democratic politician Nancy Pelosi, landed at Taipei Shongshan Airport in the Republic of China (ROC, or Taiwan) on 2 August. The visit to Taiwan comes amidst an ongoing tour of the Asia-Pacific by the high-profile delegation, which has been conducted for the purpose of reaffirming American commitments to the region. Countries such as Singapore, Malaysia, South Korea, and Japan were included on the official itinerary list, but the visit to Taiwan was hidden, likely out of concerns that any official confirmation would prompt a harsh response from the People’s Republic of China (PRC, or China).
Intelligence suggesting that Nancy Pelosi would visit Taiwan prompted a series of warnings from the Chinese government and state media broadcasters. China warned that any visit to Taiwan would be considered as a provocation that would necessitate a diplomatic and, in some communications, military response from Chinese authorities. Speculation of Nancy Pelosi’s visit prompted China to engage in aggressive military maneuvers in the Taiwan Strait during the morning of 2 August, including the positioning of warships and aircraft along the contested Median Line. A Distributed Denial-of-Service (DDoS) attack was later recorded against the website of Taiwan’s presidential office.
Four US Navy warships, including the USS Ronald Reagan aircraft carrier and the USS Tripoli amphibious assault ship, have been operating east of Taiwan. US officials have stressed that their positioning was prompted by a “routine deployment”, but US military authorities remain on high alert due to the increased risk of miscommunication and miscalculation stemming from the elevated number of both US and Chinese military assets in the region.
In response, Chinese authorities announced three-day military drills will commence near Taiwan from 4 August.
Solace Global Comment
Nancy Pelosi’s visit to Taiwan represents the most senior visit by a US official since the visit of House Speaker and Republican politician Newt Gingrich to Taipei in 1997. Newt Gingrich’s visit prompted irritation within China but was tolerated at the time. Since 1997, however, China’s role in the global economy has grown exponentially, and China has begun to exercise a more assertive role in both regional and global diplomacy. There is now an increased willingness within the Chinese government to adopt a more hawkish stance towards Taiwan, which is actively considered to be one of China’s core national interests, alongside increasingly bellicose rhetoric regarding reunification.
Taiwanese self-governance and the perception of Taiwan as an integral territory of China has prompted the Chinese government to enforce a ‘One China’ policy in its global relations; a practice which the US has acknowledged since President Richard Nixon’s decision to thaw relations between the US and China in 1972. Despite this, the incumbent Chinese Foreign Minister Wang Yi has accused US President Joe Biden of conducting a “fake” One China policy, and Chinese President Xi Jinping has warned the US “not to play with fire” over the legal and diplomatic status of Taiwan.
Although an invasion of Taiwan remains highly unlikely in the near-term due to the complexity of an amphibious assault across the Taiwan Strait, geopolitical and economic impact, and the potential for US involvement in the conflict, Nancy Pelosi’s visit is certain to escalate tensions further and will very likely lead to an increased Chinese military presence in the region over the coming weeks. Chinese officials have likely calculated that there is a need to reassert Chinese credibility over their red lines in Taiwan, given the current trajectory of US-Taiwan relations. A further military response remains realistically possible, such as live-fire exercises, significant naval and aerial posturing off Taiwan, or potentially missile tests in the vicinity of the Taiwan Strait. A Taiwanese response should be anticipated, and the potential for miscalculation should not be ruled out. China may also seek to conduct retaliatory actions towards the US through economic levers.

Solace Global Advice
•In the event of a significant security development, travellers in Taiwan should follow any instructions issued by the Taiwanese government.
•Political tensions may disrupt airspace in both China and Taiwan. It is advised to monitor flight information and check with your travel provider if you are unsure of the status of your flight.
•Instances of civil unrest within Taiwan cannot be ruled out. Travellers should avoid all demonstrations and large public gatherings as they may escalate quickly and without warning.
•Areas where political figures are known to gather are likely to be focal points for political activism and unrest, especially sites due to be attended by Nancy Pelosi or other delegates. You should be particularly vigilant in these areas and follow any specific advice from the local security authorities.
•Expect localised travel disruption and an enhanced security force posture in the short-term as Taiwanese authorities increase measures to protect the US delegation.
• Be aware that China may seek to retaliate for Nancy Pelosi’s visit within the economic, cyber, and diplomatic domains, which could place additional restrictions on business operations and travel within China, Taiwan, and the wider region.
• Make sure you are familiar with contact details for the emergency services (in Taiwan – dial 110 for the police, 119 for medical assistance or the fire brigade).
• Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
• If caught in the vicinity of a security incident, seek shelter immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey the security cordon in place.
• Report any suspicious items and behaviours to the nearest security or police officials.
• Monitor the Solace Secure platform and local media for updates.
Understand the situation with bespoke intelligence
Be in the know with intelligence reports built directly around your operational requirements.
Alert Plus – Ecuador Protests – June 2022

SITUATION SUMMARY: Ecuador Protests
June 2022
On 12 June large scale protests were organised by the powerful Confederation of Indigenous Nationalities of Ecuador (CONAIE). These protests are about Ecuador’s rising cost of living and high inflation, in particular the rising cost of fuel.
The country has seen demonstrators block roads with burning tires and barricades of sands, rocks and tree branches. Routes in and out of the capital city, Quito, have been blocked, whilst in the capital police vehicles have been set alight. The protests have been severe enough to disrupt some public services and the functioning of some economic sectors. For example, state oil company Petroecuador has had to halt operations at its facilities as a result of the unrest.
On 14 June it was reported that the President of CONAIE, Leonidas Iza, had been arrested on charges of “inciting protests” and “sabotage”. His arrest only further inflamed the situation with a spokesperson for CONAIE stating that there would be a “deepening of the struggle” and a “radicalization of the great indigenous and popular uprising”.
The arrest saw hundreds of indigenous activists gather outside a military base in Latacunga where he had been taken. After riot police clashed with protestors, overnight on, it was announced on 15 June that Mr Iza had been released. He will still be charged and will face up to three years in prison. Despite his release, CONAIE are continuing to call for widespread protests across the country to continue. At the time of writing the protests have affected at least 10 of Ecuador’s provinces plus the capital.
SOLACE GLOBAL COMMENT
As stated, the protests were called for by CONAIE, to protest the rising cost of living, and in particular the rising cost of fuel. Recent months have seen Ecuador face mounting economic issues, such as rising inflation, rising unemployment, and rising poverty. In tandem to this, protestors are also aggrieved that the government has yet to address issues with the country’s price controls on agricultural products and have not acted on electoral promises to rollback mining concessions granted in Indigenous territories, create more jobs, and renegotiate farmers’ debts with banks.
Given that over one million people in the country are indigenous peoples, CONAIE can be a powerful political and social force. Indeed, protests organized by CONAIE have directly led to the downfall of three Ecuadorian presidents between 1997 and 2005. In recent years to try and stave of that fate, the current Conservative government led by President Lasso has held several rounds of talks with CONAIE on some the economic and social issues.
These talks have ultimately produced little of substance for either Lasso or CONAIE, and this combined with the mounting economic problems have led to the calls by CONAIE for protests and demonstrations. In at least releasing Mr Iza less than 24 hours after his arrest, the government likely realized that was a course of action which only served to inflame the situation. It is unlikely that the government will be able to swiftly create better economic conditions, and as such discontent is likely to continue into the short to medium term, however the threat of further protest action could be dissipated through good faith offers of talks and negotiations between the government and CONAIE.
SOLACE GLOBAL ADVICE
- Be aware that demonstrations are currently widespread and may lead to a significant deterioration in the security environment.
- Large gatherings can escalate into violence with little or no warning. As such, avoid all gatherings or immediately vacate the area if caught in unrest.
- If currently in the country, especially the capital, minimise all travel and remain indoors in a secure location.
- If carrying out necessary travel, Allow for additional time when conducting journeys, protest action and the increased police presence may result in closed or blocked roads.
- Avoid all political and governmental buildings across the country, but in particular Quito, due to the likelihood of unrest and clashes.
- Follow local news sources to keep abreast of developments
- Ensure that you carry personal identification documents at all times. Consider making photocopies of important documents in case of confiscation, theft or loss.
- If you find yourself in the vicinity of a protest, seek to leave the area immediately and adhere to all instructions issued by authorities.
- Anticipate a heightened military and police presence throughout the country with additional security being reported near all major political and media buildings.
- Exercise vigilance and follow all official directives.
- Monitor the Solace Secure platform and local media for updates.
- If travelling to or currently in Ecuador ensure that you monitor for the latest news for the progress of protests as well as monitoring any political developments.
- Additionally, ensure contingency measures are in place in case of a sustained period of instability occurs or if violence escalates. This includes evacuation plans.
Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.
For further details please contact +44 (0) 1202 308 810 or email us.
Alert Plus – Berlin Vehicle Incident – June 2022

SITUATION SUMMARY: Berlin Vehicle Incident
June 2022
On 8 June at approximately 10:15 local time, a silver Renault Clio vehicle left the road at the corner of Kurfürstendamm and Rankestraße, mounting the pavement and striking pedestrians. The vehicle stopped as it crashed into a Douglas store on Tauentzienstrasse, Berlin, where it remains at the time of writing.
Berlin police have not yet confirmed whether the incident was caused by traffic accident or is being treated as a terrorist attack. The driver however has been arrested.
Eyewitnesses have reported several casualties, with the fire department establishing a patient treatment area on the corner of Kurfürstendamm and Rankestraße. Local media are reporting at least one killed and up to 30 injured.
Armed police and emergency services remain at the scene, with many roads nearby cordoned off.
SOLACE GLOBAL COMMENT
At time of publishing, there has been no confirmation from authorities that this is a terrorist incident, although it certainly bears all the hallmarks of one. Similarly, no group has yet claimed responsibility for the attack.
Vehicle ramming attacks are relatively unsophisticated and do not require a great deal of pre-planning. As such, they have become an increasingly valuable tactic for terrorist organisations operating in Europe – where access to firearms is severely limited and armed police are able to interdict attacks with bladed weapons. Indeed, the Islamic State (IS) group released an audio message in April 2022 announcing a renewed campaign of attacks in response to the killings of the group’s leader and spokesman. The message encouraged IS supporters to carry out knife and vehicle ramming attacks specifically, across both the United States and Europe.
It therefore remains likely that this represents a lone actor terrorist attack. Recent terrorist attacks in Europe have been conducted by individuals with violent Islamic ideology, extreme right-wing views or by individuals with probable mental health issues. It is noteworthy that this incident has occurred outside of a protestant chapel (Kapelle der Kaiser-Wilhelm), near to the site of the 2016 Christmas Market terror attack – in which an Islamist terrorist drove a truck into a crowded Christmas market.
There remains considerable potential for subsequent attacks in the greater Berlin area. The city is a particularly target-rich environment given the abundance of high-value infrastructure and the high population density. Individuals are highly advised to avoid the area and to follow all instructions issued by the police and emergency services at the scene. Be aware of the potential for follow-on attacks.
SOLACE GLOBAL ADVICE
- In the event of a terrorist attack those in the area are reminded to RUN – HIDE – TELL – FIGHT.
- Terrorists are highly likely to try to carry out attacks across Europe. The possibility of further attacks in the immediate term cannot be ruled out.
- Attacks are likely to be indiscriminate, including in crowded areas, government, military and police installations and against personnel, civilians, transportation networks, and high-profile locations.
- Areas where large groupings of residents or tourists are known to gather may be at higher risk of attack. You should be particularly vigilant in these areas and follow any specific advice of the local security authorities.
- Make sure you are familiar with contact details for the emergency services (in the EU – dial 112).
- Travellers are advised to avoid the immediate area of any incident as emergency services remain on the scene to conduct their investigations.
- Expect localised travel disruption and an enhanced security force posture in the short term.
- Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
- If caught in the vicinity of a shooting, seek cover from fire immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey the security cordon in place.
- Report any suspicious items to the nearest security or police officials.
- Monitor the Solace Secure platform and local media for updates.
Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.
For further details please contact +44 (0) 1202 308 810 or email us.
Crescent Yamaha WorldSBK join forces with Solace Global

Solace Global have become official risk and security management partners of Crescent Yamaha for the WorldSBK series, and will be reducing the risk of disruption to races from cyber attacks, along with ongoing travel risk management to keep the team safe. Advanced risk management technology will be integrated into defending 2021 FIM Superbike World Champions, Yamaha, and their official operations, with technical ownership undertaken by Solace Global’s 24/7/365 Security Operations Centre. Solace Global’s team of highly trained security specialists, including ex-military personnel and cyber security experts, will be actively preventing potential security disruptions throughout the season. Crescent Yamaha will be safeguarded against organisational risks by Solace Global, as well as adopting an advanced technological ecosystem to protect against the latest cyber threats.
Protecting Yamaha’s racing team with cyber security services

In addition to managing the risk and security landscape, Solace Global will provide an external data repository that is immune to data loss, corruption and cyber attacks. This means that if a successful cyber attack were to take place, Crescent Yamaha would experience minimal disruption to operations while the team travels to 12 different WorldSBK race venues in 2022, as Solace Global would initiate a full managed recovery while business operations are restored. This mitigates the risk from cyber threats, hackers and ransomware, and ensures the team’s future is secure. Some of the biggest organisations in motorsport trust Solace Global to manage all business-impacting risks. All operations are supported by a solid foundation of security, privacy and compliance with ISO 27001:2013, ISO 9001, ISO 45001 and ISO 14001 accreditations.
“Each year, digital and real-world threats to global racing events have become more problematic. It’s never been in our nature to watch and wait, so we are honoured to be working with an incredible team in Crescent Yamaha to help build a greater culture for security in racing. The goal is to make security technology easier to use and accessible for every race team and organisation. We believe it’s now more important than ever to ensure racing championships are unhindered by external risk, so events can thrive and continue for years to come. We look forward to supporting Paul and the Crescent Yamaha WorldSBK Team off track, so that they can continue to win races around the world. It is a pleasure to welcome Solace Global to our championship-winning Yamaha WorldSBK Team with Crescent.”
“We work in a fast-paced environment that requires military-level precision to be able to fight for race wins and championships, and we require protection from outside threats as well as those posed by our competitors on track” said Paul Denning, Team Principal of Crescent Yamaha WorldSBK Team. “By partnership with Solace Global, it gives me both peace of mind and security that our operations are protected against the risk of cyber threats and data corruption so that we can focus on our main goal at circuits around the world – defending our WorldSBK Championship title in 2022.”
To celebrate the partnership, you can win 2 tickets for the 2022 Donington round of WorldSBK series when you book a free cyber risk assessment. Terms and conditions apply. Applies to risk assessments booked until June 10th 2022. Non-transferrable for cash value.
Alert Plus – Brooklyn Subway Incident – April 2022

SITUATION SUMMARY: Brooklyn Subway Incident
April 2022
On April 12 at around 08:30 am ET, gunfire and explosions were reported at the 36 th Street subway station in Sunset Park, Brooklyn. Either an explosive or smoke/incendiary device reportedly detonated before an individual opened fire, although it is currently unclear if the attack commenced on a train or at the platform. At least six individuals with gunshot wounds have been reported, with several other casualties being treated for smoke inhalation and panic related injuries. Several unexploded devices were also reportedly left at the scene, although the NYPD has since claimed that there are currently no active devices at the station.
Armed police and emergency services are currently at the station, with NYPD reportedly in pursuit of at least one suspect. Explosive Ordnance Disposal units also remain at the scene.
Imagery from social media shows multiple casualties and smoke visible in the air, amid unconfirmed reports that the perpetrator was wearing a construction outfit or high vis jacket and wearing a gas mask.
Police have now closed roads and subway stations in the vicinity of 36th Street station, whilst the R, D and N train services have been suspended in both directions in Brooklyn and at some Manhattan stations. Local schools are in shelter in place mode.
SOLACE GLOBAL COMMENT
At time of publishing, there has been no confirmation from authorities that this is a terrorist incident, although it certainly bears all the hallmarks of one. Similarly, no group has yet claimed responsibility for the attack.
Combinations of explosive devices, weapons and attempts at clothing concealment almost certainly indicate a considerable amount of pre planning for this attack, which appears to be more sophisticated than a typical mass shooting incident. The attack has been deliberately timed and targeted to inflict large numbers of casualties at a peak time in a busy subway station with large numbers of commuters. Similarly, the ensuing chaos would provide an excellent opportunity for perpetrator(s) to extract from the scene.
It therefore remains realistically possible that this represents a lone actor terrorist attack. Recent terrorist attacks in the US have been conducted by individuals with violent Islamic ideology, extreme right wing views or by individuals with probable mental health issues. It is noteworthy that this incident has occurred during the holy month of Ramadan and in the days immediately preceding the Easter holidays.
Given that the perpetrator(s) have not yet been detained, there remains considerable potential for subsequent attacks in the greater New York area. New York City is a particularly target rich environment given the abundance of high value infrastructure and the high population density.
Individuals are highly advised to avoid the area and to follow all instructions issued by the police and emergency services at the scene. Be aware of the potential for follow on attacks.
SOLACE GLOBAL ADVICE
- In the event of a shooting or explosive incident those in the area are reminded to RUN – HIDE – TELL – FIGHT.
- Terrorists are highly likely to try to carry out attacks in the US. The possibility of further attacks in the immediate term cannot be ruled out.
- Attacks are likely to be indiscriminate, including in crowded areas, government, military and police installations and against personnel , civilians, transportation networks, and high profile locations.
- Areas where large groupings of residents or tourists are known to gather may be at higher risk of attack. You should be particularly vigilant in these areas and follow any specific advice of the local security authorities.
- Make sure you are familiar with contact details for the emergency services (in the US dial 911).
- Travellers are advised to avoid the immediate area of any incident as emergency services remain on the scene to conduct their investigations.
- Expect localised travel disruption and an enhanced security force posture in the short term.
- Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
- If caught in the vicinity of a shooting, seek cover from fire immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey the security cordon in place.
- Report any suspicious items to the nearest security or police officials.
- Monitor the Solace Secure platform and local media for updates.
Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.
For further details please contact +44 (0) 1202 308 810 or email us.
Alert Plus – Escalating violence in Israel – March 2022

SITUATION SUMMARY: Escalating violence in Israel
March 2022
At least five people were killed in a mass shooting in a Tel Aviv, Israel suburb on 29 March. The attack occurred in the ultra Orthodox Jewish area of Bnei Brak and began shortly before 20:00 local time. The perpetrator, identified as a 26 year old Palestinian man from Ya’bad in the West Bank, was shot dead by Israeli police several minutes after the attack began.
Footage of the incident was posted on social media and showed the gunman firing indiscriminately at apartment balconies and passers by in the vicinity of Bialik, Hertsel and Ha Shnayim streets. Among the victims were local residents , including a rabbi, as well as a responding police officer and two Ukrainian nationals. The death toll would almost certainly have been greater had the assailant’s rifle not malfunctioned on at least two occasions, as reported by eyewitnesses and survivors of the attack.
The attack was quickly declared an act of terrorism and triggered a large scale response from emergency service personnel and Israeli security forces. A heightened Israeli police and military presence was deployed to the scene amid concerns the shooter may have had accomplices.
According to Israeli media reports, the assailant was believed to have been working illegally at a construction site in Bnei Brak and had previously served a short prison sentence for security offences. At the time of publishing, it appears the gunman acted alone and was not affiliated to any terrorist group.
The killings were swiftly condemned by Israeli Prime Minister Naftali Bennett, other political figures and the international community. In a statement published shortly after the attack, PM Bennett said the country was “dealing with a new wave of terrorism.” He also reassured the population that Israeli security forces are “up to the task” and would prevail, despite the “great and complex challenge” posed by terrorism and violence.
Meanwhile, Palestinian terrorist organisations hailed the killings, with a Hamas official reportedly claiming the ‘Tel Aviv operation’ emphasised the unity of the Palestinian people. Moreover, the Palestinian Islamic Jihad group (PIJ), a US designated terrorist organisation , warned the attack was a “harbinger of our people’s operations to come”.
The attack in Bnei Brak marked the third fatal attack in Israel in the past week and caps one of the deadliest in recent years. Indeed, attacks were carried out in Hadera and Beersheva , on 27 and 22 March, respectively. Both attacks were indiscriminate in nature and carried out by Israeli Arabs armed with bladed weapons and/or firearms.
The assailants in the Hadera and Beersheva attacks were alleged to have links to the so called Islamic State (IS) terrorist group, raising concerns the group may be planning further violence to coincide with Muslim holy month of Ramadan, which begins on 2 April.
SOLACE GLOBAL COMMENT
The fact that this attack comes so soon after a spate of similar attacks will only fuel concerns that Israel may well be in the middle of another wave of violence. What is likely to be most concerning, however, is the fact that the majority of these recent attacks were carried out not by Palestinians, but by Arab or Bedouin Israeli citizens who have expressed an allegiance to the Islamic State group and were previously known to Israeli security services.
This recent shift in the demographics of attackers in Israel if it is seen to continue will spark fears that the country could see a wave of violence and terrorism emanating not from Gaza or the West Bank but from within Israeli borders from Arab and Bedouin majority towns. Such violence was seen in 2021 when towns such as Lod, Acre, Tiberius, and Haifa saw widespread unrest and sectarian violence between Arab and Jewish Israelis.
This spate of terror attacks comes at what is often a tense time within both Israel and the Palestinian territories. Ramadan begins on 2 April and is typically associated with an uptick in violence across the entirety of the Middle East, with night prayers drawing worshippers to al Aqsa in Jerusalem and many opting to remain within the vicinity of the mosque for the remainder of the month.
Nakba Day also occurs on 15 May, which marks the Palestinian commemoration of the “catastrophe” of the formation of the State of Israel, and often results in protests and clashes between the Israeli Defence Forces and Palestinians. Last year saw at least 29 injured on Nakba day as a result of protests and unrest. Furthermore, there are several events in Jerusalem specifically during the next month, including mass visits to the Western Wall, the Temple Mount, and the city of Jerusalem for the conclusion of Passover.
The wider geopolitical context for the uptick in violence is complex and multifactorial. It includes increasing official recognition for the state of Israel. At a summit in the Negev between the US, Israel and assembled Arab leaders , cooperation on several issues was agreed including broadening the nations who have signed the “Abraham Accords”. Alongside this, a meeting of the PLO central committee saw them agree to rescind its recognition of Israel and security cooperation across the West Bank.
Recognition or cooperation with Israel from other Arab states is often seen as zero sum game by Palestinians, in which they do not emerge victorious. As a result, such announcements often spark protests and a backlash. Further to this, Iranian influence on Hamas, who often call for protests and civil unrest in the Gaza strip, cannot be discounted especially when negotiations around the JCPOA are still ongoing.
In summary the tense geopolitical situation in the region, combined with the forthcoming key dates within Arab and Islamic culture means that more attacks are likely to occur in the short term. If these attacks continue to emanate from within Arab/Bedouin communities within Israel, then this will likely contribute to wider sectarian violence across the country. Attacks emanating from Israeli citizens are also harder for Israeli security services to counteract, as much of their counter terror operations are currently focuses on Palestinian nationals.
Key targets for attack are likely to include Israeli governmental and defence buildings, national transportation hubs. Meanwhile key areas for protests tend to be found around points of religious significance such as those around the old town of Jerusalem.
SOLACE GLOBAL ADVICE
- Terrorists are highly likely to try to carry out further attacks in Israel and the Occupied Palestinian Territories. The possibility of further attacks in the immediate term cannot be ruled out.
- Heightened tensions, brought about by rocket attacks from Gaza into Israel, Israeli airstrikes on Gaza, use of force by Israeli authorities, and regional political developments, increase the risk of retaliatory terrorist attacks in Israel.
- Attacks are likely to be indiscriminate, including in crowded areas, government, military and police installations and against personnel, transportation networks, businesses with Western interests.
- Areas where foreign nationals and tourists are known to gather may be at higher risk of attack. You should be particularly vigilant in these areas and follow any specific advice of the local security authorities.
- Make sure you are familiar with contact details for the emergency services (in Israel dial 100; in the West Bank and Gaza dial 101).
- Travellers are advised to avoid the immediate area of any incident as emergency services remain on the scene to conduct their investigations.
- Expect localised travel disruption and an enhanced security force posture in the short term.
- Exercise increased caution and situational awareness and report any suspicious activity to security personnel as soon as possible.
- If caught in the vicinity of a shooting, seek cover from fire immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey the security cordon in place.
- Monitor the Solace Secure platform and local media for updates.
Want more information on the risk landscape in Israel?
Enquire using the form below for more information on bespoke intelligence services from our in-house analysts.