A Cyber-Attack on Any Critical Infrastructure could be Serious

Important Takeaways:

  • On the heels of sanctions, threats of cyber-attacks loom
  • Officials have been warning Americans of potential Russian cyber -attacks in retaliation to US imposed sanctions.
  • Cyber-attacks could include the targeting of critical infrastructure, pointing to the 2021 Colonial pipeline hack.
  • Brown said other crucial sectors that could also be targeted are those such as the financial sector, as banks have been preparing for cyber-attacks.
  • Mark Kleene, owner of MVK Financial Planning agreed, saying that having a cash [on hand] position wouldn’t hurt…

Read the original article by clicking here.

North Korea using Cyber-attacks to develop their nuclear weapons

Important Takeaways:

  • Gangster Regime: UN Experts Say North Korea Stealing Millions in Cyber Attacks
  • The panel of experts said that according to an unnamed government, North Korean “cyber-actors stole more than $50 million between 2020 and mid-2021 from at least three cryptocurrency exchanges in North America, Europe, and Asia, probably reflecting a shift to diversify its cybercrime operations.”
  • A year ago, the panel quoted an unidentified country saying North Korea’s “total theft of virtual assets from 2019 to November 2020 is valued at approximately $316.4 million.”
  • The experts noted “a marked acceleration” of North Korean missile launches through January that used a variety of technology and weapons. The experts said North Korea “continued to seek material, technology and know-how for these programs overseas, including through cyber means and joint scientific research.”

Read the original article by clicking here.

‘Keep the defender guessing’: Russia’s military options on Ukraine

By Tom Balmforth

MOSCOW (Reuters) – Russia’s deployment of tens of thousands of troops to the north, east and south of Ukraine is fueling fears in Kyiv and Western capitals that Moscow is planning a new attack. Russia denies any such plans.

Western military analysts have suggested that Russia cannot keep such troops deployed where they are indefinitely due to financial and logistical issues and would need to pull them back by the summer of next year.

Estimates of the numbers of new Russian troops moved closer to Ukraine vary from 60,000-90,000, with a U.S. intelligence document suggesting that number could be ramped up to 175,000.

U.S. officials have warned Russia might launch a new attack against Ukraine as early as the second half of next month when the ground will be harder, making it easier for tanks and other armor to move swiftly.

President Vladimir Putin said on Thursday that Russian and U.S. officials would in January begin discussing Moscow’s proposals for security guarantees it wants from the West in order to defuse the current crisis and that he hoped for a positive outcome.

But what might a Russian attack actually look like and what could it seek to achieve?

“The current deployments are versatile. They keep Russia’s options open and therefore keep the defender guessing,” said Keir Giles, an Associate Fellow at Chatham House.

Here are some possible scenarios.

DONBASS ESCALATION

Heavily armed Russian-backed separatists have controlled a swath of eastern Ukraine since 2014 and continue to exchange fire with Ukrainian government forces on a regular basis despite a 2015 ceasefire that ended major hostilities.

The conflict in Donbass has killed 15,000 people, Kyiv says. Ukraine has long accused Russia of having regular troops in the region, something Moscow denies.

Russia in turn has accused Kyiv of harboring plans to retake the region by force, something Ukraine denies.

In such a febrile atmosphere the risk of a misunderstanding or unplanned escalation is greater, and Russia could use such an incident as a casus belli.

One source familiar with the Russian Defense Ministry’s thinking said this was the most likely scenario if Moscow decided to attack, but said he was unaware of any such decision. Kyiv could also be provoked into attacking by the separatists who could then ask Russia to officially send in troops to help, the same source said.

Russian forces could expand the fighting in Donbass to draw Ukraine into a bloody, conventional conflict, said Neil Melvin, director of International Security Studies at RUSI. Moscow could try to seize new Ukrainian coastal areas on the Sea of Azov, creating a land bridge from the Russian city of Rostov through Donbass to Crimea, he said. “That would put the Ukrainian government under a lot of pressure,” he said.

ASSAULT FROM CRIMEA

Russia has brought in new forces to Crimea, which it annexed from Ukraine in 2014, and said this week paratroopers would be holding new drills there.

Moscow could launch a new attack on Ukraine from Crimea and seize territory up to the Dnieper River that could serve as a natural barrier against a potential Ukrainian counter-offensive, said Konrad Muzyka, director of the Poland-based Rochan consultancy.

The operation could begin with massive artillery, missile and air strikes on Ukrainian units in the south. Spetsnaz units might seize bridges and railway junctions, allowing troops and tanks to advance, he said. There are only two roads from Crimea that could be blocked or destroyed, a potential weakness, he said.

Forces would secure control of a Soviet-era canal that provided Crimea with fresh water supplies until Russia annexed the territory and Ukraine stopped the flow.

MULTI-FRONT ATTACK

A U.S. intelligence document made public this month said Russia could stage an invasion as soon as January with up to 100 battalion tactical groups (BTGs) or some 175,000 troops. It said about 50 BTGs were already in place to the north and east of Ukraine and in Crimea to the south, creating the possibility of an attack from three sides.

Seizing southern Ukraine could make military sense for Moscow by cutting Kyiv off from the coast and NATO’s presence in the Black Sea, Melvin said. Politically, it could play well with Russian nationalists who see the area as the historic “Novorossiya” lands or “New Russia”.

A multi-front assault might also involve a move into northeastern Ukraine, with Moscow encircling but perhaps not entering major cities where it could get bogged down in urban fighting. Equally, Russian troops could move into Belarus, opening up a northern front for Ukraine that would put Russian forces closer to Kyiv, Giles said.

“This of course would be the most costly economically, politically and in terms of human lives and that’s probably why it’s least likely,” Melvin said of an all-out invasion.

Analysts said even if it overwhelmed Ukraine’s army, which is half the size of its own, Russia could face guerrilla-type resistance that would make it hard to hold on to captured territory.

MISSILE STRIKES OR CYBER-ATTACK

Giles said some scenarios could involve long-range missile attacks or cyber-attacks targeting critical infrastructure. Missile attacks would take advantage of Ukraine’s weaker anti-missile defenses.

“The different scenarios for how exactly Russia might seek to persuade the West to meet its (security) demands by punishing Kyiv don’t even necessarily include a land incursion,” he said.

(Reporting by Tom Balmforth; editing by Nick Macfie)

U.S., Russia hold nuclear talks in Geneva after summit push

By Stephanie Nebehay and Jonathan Landay

GENEVA/WASHINGTON (Reuters) -Senior U.S. and Russian officials on Wednesday restarted talks on easing tensions between the world’s largest nuclear weapons powers and agreed to reconvene in September after informal consultations, the State Department said.

U.S. Deputy Secretary of State Wendy Sherman and Russian Deputy Foreign Minister Sergei Ryabkov headed their delegations at the meeting at the U.S. diplomatic mission in Geneva.

TASS news agency cited Ryabkov as saying he was satisfied with the consultations and that the United States showed readiness for a constructive dialogue at the talks.

Armed with mandates from their leaders, it was the first time in nearly a year that the sides had held so-called strategic stability talks amid frictions over a range of issues, including arms control.

U.S. President Joe Biden and Russian President Vladimir Putin, whose countries hold 90% of the world’s nuclear weapons, agreed in June to launch a bilateral dialogue on strategic stability to “lay the groundwork for future arms control and risk reduction measures”.

After informal consultations aimed at “determining topics for expert working groups” in the next round, the two sides agreed to reconvene in late September, State Department spokesman Ned Price said in a statement.

Calling the discussions “professional and substantive,” he said the U.S. side discussed its policy priorities, the current international security environment, “the prospects for new nuclear arms control” and the format for further talks.

The decision to meet again showed the sides understand the need to resolve arms control disputes, a senior State Department official said, that have seen an end to several Cold War-era treaties, including one that limited intermediate-range missiles.

“We know we have a responsibility as the largest nuclear weapons states to find a way to improve strategic stability to deal with a deteriorating arms control architecture,” the official briefed reporters on condition of anonymity.

That includes dealing with threats posed by “new emerging technologies that can upset strategic stability,” the official said.

Such new threats could include artificial intelligence-controlled weapons, possible cyber attacks on existing nuclear weapons systems and more esoteric arms such as highly maneuverable aerial or submerged hypersonic weapons that can evade defenses.

Andrey Baklitskiy, senior research fellow at the Center for Advanced American Studies at Moscow State Institute of International Relations, told reporters in Geneva: “We are starting with a new U.S. administration, starting pretty much from scratch.

“It’s just meet and greet and try to establish some basic understandings,” he said.

Russia and the United States in February extended for five years the bilateral New START nuclear arms control treaty days before it was set to expire.

The treaty limits the numbers of strategic nuclear warheads, missiles and bombers that Russia and the United States can deploy.

The two sides had been expected to discuss which weapons systems and technologies are of greatest concern.

“For example, Russia still has concerns with U.S. modification of heavy bombers and launchers to launch ballistic missiles, and that’s been there for a while now,” Baklitskiy said.

The Biden administration has asserted that Russia has engaged unilaterally in low-yield nuclear testing, in violation of a nuclear testing moratorium, he said.

(Reporting by Stephanie Nebehay. Additional reporting by Jonathan Landay in Washington; Editing by Peter Graff and Alistair Bell)

In ‘frank’ talks, China accuses U.S. of creating ‘imaginary enemy’

By Yew Lun Tian and Tony Munroe

BEIJING (Reuters) -A top Chinese diplomat took a confrontational tone on Monday in rare high-level talks with the United States, accusing it of creating an “imaginary enemy” to divert attention from domestic problems and suppress China.

Amid worsening relations between the world’s two largest economies, Deputy Secretary of State Wendy Sherman, the second-ranking U.S. diplomat, arrived on Sunday for face-to-face meetings in the northern city of Tianjin that the U.S. State Department described as “frank and open.”

No specific outcomes were agreed and the prospect of a meeting between U.S. President Joe Biden and Chinese President Xi Jinping was not discussed, senior U.S. administration officials said following talks that lasted about four hours.

China seized the early narrative, with state media reporting on confrontational remarks by Vice Foreign Minister Xie Feng soon after the session began, in echoes of a similarly combative opening by senior Chinese officials during high-level talks in March in Alaska.

Foreign media were kept at a distance from the site of the talks, held outside of Beijing due to COVID-19 protocols, but Chinese media were permitted on the premises.

“The United States wants to reignite the sense of national purpose by establishing China as an ‘imaginary enemy’,” Xie was quoted as saying while the talks were underway.

The United States had mobilized its government and society to suppress China, he added.

“As if once China’s development is suppressed, U.S. domestic and external problems will be resolved, and America will be great again, and America’s hegemony can be continued.”

Sherman laid out U.S. concerns over China’s actions on issues ranging from Hong Kong and Xinjiang to Tibet and cyber attacks, senior administration officials said, adding that China should not approach areas of global concern, such as climate and Afghanistan, on a transactional basis.

Sherman, who also met with State Councilor and Foreign Minister Wang Yi, raised concerns including over what Washington sees as China’s unwillingness to cooperate with the World Health Organization on a second phase investigation of the origins of COVID-19, and foreign media access in China.

“The Deputy Secretary raised concerns in private – as we have in public – about a range of PRC actions that run counter to our values and interests and those of our allies and partners, and that undermine the international rules-based order,” the State Department said in a statement.

“It is important for the United States and China to discuss areas where we disagree so that we understand one another’s position, and so that we are clear about where each side is coming from,” a senior administration official said.

“Reaching agreement or specific outcomes was not the purpose of today’s conversations,” a senior U.S. official said.

PROTOCOL WRANGLE

Sherman’s China visit was added late to an Asian itinerary that included stops in Japan, South Korea and Mongolia amid wrangling over protocol between Beijing and Washington.

On Saturday, Wang had warned that China would not accept the United States taking a “superior” position in the relationship, a day after China unveiled sanctions on former U.S. Commerce Secretary Wilbur Ross and others.

Relations between Beijing and Washington deteriorated sharply under former U.S. President Donald Trump, and the Biden administration has maintained pressure on China in a stance that enjoys bipartisan support but threatens to deepen mistrust.

“When both countries see each other as an enemy, the danger is that it becomes a self-fulfilling prophecy,” said Cheng Xiaohe, a professor of international relations at Renmin University in Beijing.

Monday’s talks came amid frayed relations between Beijing and Washington that have worsened in the months since an initial diplomatic meeting in March in Anchorage, the first under the Biden administration.

At the Alaska meeting, Chinese officials, including Wang, railed against the state of U.S. democracy, while U.S. officials accused the Chinese side of grandstanding.

(Reporting by Yew Lun Tian, Cate Cadell and Tony Munroe; Editing by Lincoln Feast, Clarence Fernandez and Giles Elgood)

Exclusive: Hackers test defenses of Trump campaign websites ahead of U.S. election, security staff warn

By Jack Stubbs

LONDON (Reuters) – Hackers have stepped up efforts to knock Trump campaign and business websites offline ahead of the U.S. election, in what a security firm working for the campaign said could be preparation for a larger digital assault, according to emails seen by Reuters.

The security assessment was prepared by staff at U.S. cybersecurity firm Cloudflare, which has been hired by President Donald Trump to help defend his campaign’s websites in an election contest overshadowed by warnings about hacking, disinformation and foreign interference.

Cloudflare is widely used by businesses and other organizations to help defend against distributed denial-of-service (DDoS) attacks, which aim to take down websites by flooding them with malicious traffic.

Internal Cloudflare emails sent to senior company managers – including CEO Matthew Prince – on July 9 state that the number and severity of attacks on Trump websites increased in the preceding two months and reached record levels in June. The emails did not give the total number of attacks.

“As we get closer to the election, attacks are increasing in both numbers (and) sophistication” and succeeded in disrupting access to the targeted websites for short periods of time between March 15 and June 6, the assessment said.

Cloudflare did not respond directly to questions about the emails or their contents. The company said it was providing security services to both U.S. presidential campaigns and declined to answer further questions about the nature or details of its work.

“We have seen an increase in cyber attacks targeting political candidates. We will continue to work to ensure these attacks do not disrupt free and fair elections,” it said in a statement when asked about the emails.

A spokesman for the Trump campaign did not respond to a request for comment. The Biden campaign declined to comment on its work with Cloudflare or any attacks on its websites.

A spokeswoman for the Trump Organization said no Trump websites had been taken offline by cyber attacks. She did not respond to further questions about the attacks or Trump’s work with Cloudflare.

Cloudflare’s security team did not comment on the identity of the hackers and Reuters was not able to determine who was responsible for the attacks.

DDoS attacks are viewed by cybersecurity experts as a relatively crude form of digital sabotage – easily deployed by anyone from tech-savvy teenagers to top-end cyber criminals.

But seven of the attacks on Trump websites, including donaldjtrump.com and a Trump-owned golf course, were judged to be more serious by the Cloudflare security team, the emails show.

The increasing number and sophistication of attempts suggested the attackers were “probing” the website defenses to establish what would be needed to take them fully offline, the security assessment said.

“We therefore cannot discount the possibility that there are attackers using this as an opportunity to collect information for more sophisticated attacks,” it added.

The Cloudflare team said they would continue to monitor the attacks and carry out “a further round of security hardening” to better protect the websites.

(Additional reporting by Joseph Menn in SAN FRANCISCO; Editing by Jonathan Weber and Edward Tobin)

North Korea accuses U.S. of hurting its image with cyber threat warning

SEOUL (Reuters) – North Korea accused the United States of smear tactics on Friday after Washington renewed accusations last month that Pyongyang was responsible for malicious cyber attacks.

It was the latest in a series of exchanges underscoring the friction between the two countries after denuclearization talks launched by U.S. President Donald Trump and North Korean leader Kim Jong Un stalled late last year.

“We want to make it clear that our country has nothing to do with the so-called ‘cyber threat’ that the U.S. is talking about,” North Korea’s Foreign Ministry said in the statement.

It said Washington was trying to use the allegations as leverage, along with the issues of nuclear missiles and human rights as well as accusations of terrorism funding and money laundering. The aim was to “smear our country’s image and create a way to shake us up”, it said.

The U.S. State Department, Treasury, and Department of Homeland Security Issues, along with the FBI, issued a new warning last month about the threat of North Korean hackers, calling particular attention to financial services.

North Korea is alleged to be behind an ambitious, years-long campaign of digital theft, including siphoning cash from ATMs, stealing from major banks, extorting computer users worldwide, and hijacking digital currency exchanges.

Since 2006, the country has been subject to U.N. sanctions that have been strengthened by the Security Council over the years in a bid to cut off funding for Pyongyang’s nuclear and ballistic missile programs.

This week, the U.S. Justice Department accused the country’s state-owned bank of evading U.S. sanctions laws and said it had charged 28 North Korean and five Chinese citizens in its latest crackdown on alleged sanctions violations.

(Reporting by Joyce Lee; editing by Philippa Fletcher)

EU warns of 5G cybersecurity risks, stops short of singling out China

By Foo Yun Chee

BRUSSELS (Reuters) – The European Union warned on Wednesday of the risk of increased cyber attacks by state-backed entities but refrained from singling out China and its telecoms equipment market leader Huawei Technologies as threats.

The comments came in a report prepared by EU member states on cybersecurity risks to next-generation 5G mobile networks seen as crucial to the bloc’s competitiveness in an increasingly networked world.

The authors chose to ignore calls by the United States to ban Huawei’s equipment, drawing a welcome from the Shenzen-based company after it faced U.S. accusations that its gear could be used by China for spying.

“Among the various potential actors, non-EU states or state-backed are considered as the most serious ones and the most likely to target 5G networks,” the European Commission and Finland, which currently holds the rotating EU presidency, said in a joint statement.

“In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country,” they said.

Huawei, which competes with Finland’s Nokia and Sweden’s Ericsson, said it stood ready to work with its European partners on 5G network security. It has always denied its equipment can be used for spying.

“This exercise is an important step toward developing a common approach to cybersecurity and delivering safe networks for the 5G era,” a Huawei spokesman said.

“We are pleased to note that the EU delivered on its commitment to take an evidence-based approach, thoroughly analyzing risks rather than targeting specific countries or actors.”

Tom Ridge, a former U.S. secretary of homeland security, took a different view of the report. He said Huawei’s close ties to the Chinese government meant it would have to comply with legislation requiring it to assist with intelligence gathering.

“If countries needed more reason to implement stricter security measures to protect 5G networks, this comprehensive risk assessment is it,” said Ridge, a member of the advisory board of Global Cyber Policy Watch.

Fifth-generation networks will hook up billions of devices, sensors and cameras in ‘smart’ cities, homes and offices. With that ubiquity, security becomes an even more pressing need than in existing networks.

“5G security requires that networks are built leveraging the most advanced security features, selecting vendors that are trustworthy and transparent,” a Nokia spokesperson said, adding that the company was the only global vendor capable of providing all the building blocks for secure 5G networks.

EU members have differed on how to treat Huawei, with Britain, a close U.S. ally, leaning toward excluding it from critical parts of networks. Germany is meanwhile creating a level playing field in which all 5G vendors should prove they are trustworthy.

OVER-DEPENDENCE

The report warned against over-dependence on one telecoms equipment supplier.

“A major dependency on a single supplier increases the exposure to a potential supply interruption, resulting for instance from a commercial failure, and its consequences,” it said.

European network operators, including Germany’s Deutsche Telekom typically have multi-vendor strategies that they say reduce the security risks that might arise from relying too heavily on a single provider.

“The Commission’s 5G assessment recognizes security isn’t just a supplier issue,” said Alex Sinclair, chief technology officer of the GSMA, a global mobile-industry trade group.

“We all have a role to play – from manufacturers to operators to consumers – and we are taking responsibility for our part in the security chain seriously.”

The EU will now seek to come up with a so-called toolbox of measures by the end of the year to address cyber security risks at national and bloc-wide level.

The European Agency for Cybersecurity is also finalizing a map of specific threats related to 5G networks.

(Additional reporting by Douglas Busvine in Berlin and Anne Kauranen in Helsinki; Editing by Kirsten Donovan and Elaine Hardcastle)

U.S. imposes sanctions on North Korean hacking groups blamed for global attacks

FILE PHOTO: A North Korean flag flies on a mast at the Permanent Mission of North Korea in Geneva October 2, 2014. REUTERS/Denis Balibouse/File Picture

WASHINGTON (Reuters) – The U.S. Treasury on Friday announced sanctions on three North Korean hacking groups it said were involved in the “WannaCry” ransomware attacks and hacking of international banks and customer accounts.

It named the groups as Lazarus Group, Bluenoroff, and Andariel and said they were controlled by the RGB, North Korea’s primary intelligence bureau, which is already subject to U.S. and United Nations sanctions.

The action blocks any U.S.-related assets of the groups and prohibits dealings with them. The Treasury statement said any foreign financial institution that knowingly facilitated significant transactions or services for them could also be subject to sanctions.

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyberattacks to support illicit weapon and missile programs,” said Sigal Mandelker, Treasury undersecretary for Terrorism and Financial Intelligence.

“We will continue to enforce existing U.S. and U.N. sanctions against North Korea and work with the international community to improve the cybersecurity of financial networks.”

The United States has been attempting to restart talks with North Korea, aimed at pressing the country to give up its nuclear weapons. The talks have been stalled over North Korean demands for concessions, including sanctions relief.

Earlier this month, North Korea denied U.N. allegations it had obtained $2 billion through cyberattacks on banks and cryptocurrency exchanges and accused the United States of spreading rumors.

The Treasury statement said Lazarus Group was involved in the WannaCry ransomware attack that the United States, Australia, Canada, New Zealand and the United Kingdom publicly attributed to North Korea in December 2017.

It said WannaCry affected at least 150 countries and shut down about 300,000 computers, including many in Britain’s National Health Service (NHS). The NHS attack led to the cancellation of more than 19,000 appointments and ultimately cost the service over $112 million, the biggest known ransomware attack in history.

The Treasury said Lazarus Group was also directly responsible for 2014 cyber-attacks on Sony Pictures Entertainment.

The statement cited industry and press reporting as saying that by 2018, Bluenoroff had attempted to steal over $1.1 billion from financial institutions and successfully carried out operations against banks in Bangladesh, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey, Chile, and Vietnam.

It said Bluenoroff worked with the Lazarus Group to steal approximately $80 million from the Central Bank of Bangladesh’s New York Federal Reserve account.

Andariel, meanwhile, was observed by cyber security firms attempting to steal bank card information by hacking into ATMs to withdraw cash or steal customer information to later sell on the black market, the statement said.

Andariel was also responsible for developing and creating unique malware to hack into online poker and gambling sites and, according to industry and press reporting, targeted the South Korea government military in an effort to gather intelligence, it said.

(Reporting by David Brunnstrom and Lisa Lambert; Editing by Raissa Kasolowsky and Rosalba O’Brien)

Iran says U.S. cyber attacks failed, hints talks are possible

FILE PHOTO: Iranian President Hassan Rouhani delivers a speech at the Conference on Interaction and Confidence-Building Measures in Asia (CICA) in Dushanbe, Tajikistan June 15, 2019. REUTERS/Mukhtar Kholdorbekov/File Photo

By Stephen Kalin and Bozorgmehr Sharafedin

JEDDAH, Saudi Arabia/LONDON (Reuters) – Iran said on Monday U.S. cyber attacks on its military had failed, while also hinting that it could be willing to discuss new concessions with Washington if the United States were to lift sanctions and offer new incentives.

The longtime foes have come the closest in years to a direct military confrontation in the past week with the shooting down of a U.S. drone by Iran. U.S. President Donald Trump aborted a retaliatory strike just minutes before impact.

U.S. media have reported that the United States launched cyber attacks even as Trump called off the air strike. The Washington Post said on Saturday that the cyber strikes, which had been planned previously, had disabled Iranian rocket launch systems. U.S. officials have declined to comment.

“They try hard, but have not carried out a successful attack,” Mohammad Javad Azari Jahromi, Iran’s minister for information and communications technology, said on Twitter.

“Media asked if the claimed cyber attacks against Iran are true,” he said. “Last year we neutralized 33 million attacks with the (national) firewall.”

Allies of the United States have been calling for steps to defuse the crisis, saying they fear a small mistake on either side could trigger war.

“We are very concerned. We don’t think either side wants a war, but we are very concerned that we could get into an accidental war and we are doing everything we can to ratchet things down,” British Foreign Secretary Jeremy Hunt said.

U.S. Secretary of State Mike Pompeo jetted to the Middle East to discuss Iran with the leaders of Saudi Arabia and the United Arab Emirates, two Gulf Arab allies that favor a hard line. Pompeo met King Salman as well as the king’s son, de facto ruler Crown Prince Mohammed bin Salman.

The U.S. special representative for Iran, Brian Hook, visited Oman and was headed to Europe to explain U.S. policy to allies. He told European reporters on a phone call ahead of his arrival that Trump was willing to sit down with Iran, but Iran must do a deal before sanctions could be lifted.

CONCESSIONS

U.S.-Iran relations began to deteriorate last year when the United States abandoned a 2015 agreement between Iran and world powers designed to curb Iran’s nuclear program in return for the lifting of sanctions.

They got sharply worse last month when Trump tightened sanctions, ordering all countries to stop buying Iranian oil.

Recent weeks saw a military dimension to the confrontation, with the United States blaming Iran for attacks on vessels at sea, which Iran denies. Iran shot down the drone, saying it was in its air space, which Washington disputes. Washington also blames Iran for attacks by its Yemeni allies on Saudi targets.

Washington argues that the 2015 nuclear agreement known as the JCPOA, negotiated under Trump’s predecessor Barack Obama, did not go far enough, and that new sanctions are needed to force Iran back to the table to make more concessions.

Throughout the escalation, both sides have suggested they are willing to hold talks but the other side must move first. In the latest comment from Tehran, an adviser to President Hassan Rouhani repeated a longstanding demand that Washington lift sanctions in line with the deal.

But the adviser, Hesameddin Ashena, also tweeted a rare suggestion that Iran could be willing to discuss new concessions, if Washington were willing to put new incentives on the table that go beyond those in the deal.

“If they want something beyond the JCPOA, they should offer something beyond the JCPOA; with international guarantees.”

Iran’s foreign ministry spokesman, Abbas Mousavi, was quoted by ISNA news agency as saying on Monday Tehran did not “want a rise of tensions and its consequences”.

U.S. allies in Europe and Asia view Trump’s decision to abandon the nuclear deal as a mistake that strengthens hardliners in Iran and weakens the pragmatic faction of Rouhani.

Trump has suggested that he backed off the military strike against Iran in part because he was not sure the country’s top leadership had intended to shoot down the drone. However, an Iranian commander said Tehran was prepared to do it again.

“Everyone saw the downing of the unmanned drone,” navy commander Rear Admiral Hossein Khanzadi was quoted on Sunday as saying by the Tasnim news agency. “I can assure you that this firm response can be repeated, and the enemy knows it.”

(Reporting by Bozorgmehr Sharafedin in London and Stephen Kalin in Jeddah; Additional reporting by Robin Emmott in Brussels; Writing by Peter Graff; Editing by Jon Boyle)