Thursday, Mar 20, 2025 // (IG): BB // GITHUB // SN R&D
SoftBank Acquires Ampere Computing for $6.5 Billion to Boost AI Infrastructure
Bottom Line Up Front (BLUF): SoftBank has announced a $6.5 billion cash acquisition of Ampere Computing, a U.S.-based semiconductor company specializing in cloud and AI computing. The deal is part of SoftBank's strategy to expand its AI infrastructure and computing power. Ampere will continue operating under its own name as a wholly-owned subsidiary, with the transaction expected to close in the latter half of 2025, pending regulatory approval.
Analyst Comments: As stated by CEO Masayoshi Son, Ampere’s cloud-native and AI computing expertise aligns with SoftBank’s broader vision for Artificial Super Intelligence. This move also reinforces SoftBank’s influence in the U.S. semiconductor market, particularly as geopolitical tensions shape AI and chip supply chains. However, regulatory scrutiny could delay or complicate the deal, given the increasing national security concerns over foreign ownership of key semiconductor assets.
FROM THE MEDIA: Ampere, initially focused on cloud-native processors, has expanded its portfolio to include AI and high-performance computing solutions. The acquisition will see SoftBank buy out stakes from investors Carlyle and Oracle, consolidating Ampere’s technology under its AI-driven strategy. The deal follows SoftBank’s broader push into AI infrastructure investments, with the company stating that advanced computing power is critical for future AI innovation. The acquisition is subject to regulatory approvals and will be finalized in late 2025.
READ THE STORY: WSJ
Lab Dookhtegan Cyberattack Disrupts Iranian Oil Tankers
Bottom Line Up Front (BLUF): Hacktivist group Lab Dookhtegan has claimed responsibility for a large-scale cyberattack that allegedly disrupted communications on 116 Iranian oil tankers. The attack reportedly affected both internal communications on the vessels and ship-to-shore satellite connectivity. While no independent verification of the attack’s impact has emerged, cybersecurity researchers suggest that vulnerabilities in maritime satellite communication systems may have been exploited.
Analyst Comments: If confirmed, this attack highlights the growing risks to maritime cybersecurity, particularly for vessels relying on vulnerable satellite communication (VSAT) systems. The scale and coordination suggest significant pre-planning, reconnaissance, and automation, potentially involving sophisticated actors beyond a typical hacktivist group. The incident also underscores a broader trend of cyber threats targeting maritime infrastructure, reinforcing the need for dedicated cybersecurity solutions that function independently of compromised communication systems.
FROM THE MEDIA: Cybersecurity firm Cydome released an analysis of a cyberattack allegedly conducted by Lab Dookhtegan, a hacktivist group claiming to have disabled communications on 116 Iranian oil tankers. These ships, linked to Iranian government-affiliated companies, were reportedly unable to communicate internally or with shore-based operations. While Lab Dookhtegan has not disclosed its attack methods, researchers suggest they likely exploited weaknesses in the vessels’ VSAT satellite terminals, a known cybersecurity risk. Previous studies have shown that attackers using open-source tools like Shodan can locate and remotely access maritime communication devices using factory-set passwords. The coordinated nature of the attack, affecting dozens of ships simultaneously, indicates a high level of automation and planning, with possible prior reconnaissance of the fleet’s IT and OT infrastructure.
READ THE STORY: Industrial Cyber
China Executes Four Dual Canadian Citizens Despite Diplomatic Pleas
Bottom Line Up Front (BLUF): China has executed four dual Canadian-Chinese citizens convicted of drug-related offenses, despite repeated pleas for clemency from Canada’s Foreign Minister Melanie Joly and former Prime Minister Justin Trudeau. The executions, confirmed by the Chinese embassy in Ottawa, have further strained Sino-Canadian relations, which have been tense since the 2018 Huawei extradition case.
Analyst Comments: The executions also highlight China’s policy of not recognizing dual citizenship, making it difficult for foreign governments to intervene in such cases. Given the ongoing trade disputes and diplomatic rifts, including Canada’s tariffs on Chinese electric vehicles and China’s retaliation on Canadian goods, these executions may signal that Beijing has little interest in mending ties with Ottawa. The case may also intensify Western scrutiny of China’s judicial system and its use of capital punishment.
FROM THE MEDIA: Canada’s Foreign Ministry confirmed the executions of four dual Canadian-Chinese citizens in China, all convicted on drug charges. The Canadian government had repeatedly requested clemency, but China’s embassy in Ottawa stated that the individuals were given fair trials and due process under Chinese law. The executions come amid heightened tensions between the two nations, following China’s retaliatory trade measures against Canada and ongoing diplomatic rifts linked to past espionage accusations and election interference concerns. According to reports, around 100 Canadians remain imprisoned in China, many on drug-related charges. This case has drawn condemnation from human rights groups, including Amnesty International Canada, which called the executions “shocking and inhumane”.
READ THE STORY: Aljazeera
Ukraine’s Electronic Warfare Disrupts Russian Glide Bomb Attacks
Bottom Line Up Front (BLUF): According to a new Forbes report, Ukraine’s electronic warfare capabilities have significantly reduced the accuracy of Russian glide bombs. The Lima jammer, developed by Ukraine’s Night Watch team, is disrupting Russia’s GLONASS satellite navigation, forcing Russian forces to modify their tactics. As a result, Russian bombs frequently miss their targets, sometimes landing in occupied or Russian-controlled territories.
Analyst Comments: The ability to jam, spoof, and launch cyberattacks against Russian guidance systems is forcing tactical adjustments, including deploying more jets per bombing run, which increases risk and resource strain on Russia’s air force. While Russia has attempted to adapt its weapons, Ukraine’s rapid countermeasures suggest a continuing technological cat-and-mouse game. If Lima jammers are scaled up to 300 units per month, Ukraine’s ability to neutralize Russian precision strikes could further tilt the battlefield dynamics.
FROM THE MEDIA: Russian fighter-bombers were launching up to 100 glide bombs per day along the 800-mile front line, mainly targeting cities like Kharkiv and Zaporizhzhia. However, after Ukraine deployed Lima jammers, the accuracy of Russian attacks dropped sharply, forcing Russia to rethink its bombing strategy. Russian military channels on Telegram have acknowledged the challenge, particularly around Pokrovsk, where bombings have become less effective. In response, Russia has modified its bombs and drones to counter Ukrainian jamming, but Ukraine quickly adapted by studying recovered Russian hardware.
READ THE STORY: Euromaid
Newly Released JFK Assassination Files Reveal CIA Secrets
Bottom Line Up Front (BLUF): The Trump administration has declassified over 30,000 pages of documents related to the 1963 assassination of President John F. Kennedy. The files provide new details about CIA operations, including surveillance of Lee Harvey Oswald, covert actions against Fidel Castro, and intelligence relationships with foreign governments. While no definitive evidence of a broader conspiracy was uncovered, the documents shed light on why U.S. intelligence agencies resisted full disclosure for decades.
Analyst Comments: The newly released documents confirm long-held suspicions that the CIA withheld key information from the Warren Commission and later investigations. The agency's surveillance of Oswald in Mexico City, its operations targeting Castro, and its influence over foreign intelligence services all contributed to decades of speculation. While the files do not conclusively prove an internal conspiracy, they highlight intelligence failures and suggest that protecting agency secrets often precedes full transparency. This release may fuel renewed public distrust in intelligence agencies and reinforce calls for more declassification of historical records.
FROM THE MEDIA: POTUS declassified thousands of JFK assassination documents, revealing key CIA operations. A 1995 memo warned that disclosing past intelligence activities, like a station in Tunisia, could harm foreign relations. The files confirm years of CIA-backed sabotage and assassination attempts against Fidel Castro, including a $100,000 Mafia contract, though no proof linked him to Kennedy’s death. They also expose Mexican President Adolfo López Mateos’ secret ties with the CIA and efforts to suppress evidence of Oswald’s Mexico City meetings with Soviet and Cuban officials. Another document reveals a 1963 CIA surveillance operation bugging a Maryland safe house where Attorney General Robert F. Kennedy was likely present. While offering historical insights, the files highlight decades of intelligence secrecy.
READ THE STORY: WSJ
China’s ‘Dark Factory’ Revolution: AI-Driven Manufacturing Raises Workforce Concerns
Bottom Line Up Front (BLUF): China is advancing fully autonomous manufacturing with AI-powered "dark factories" that operate without human workers. Xiaomi's new facility in Changping produces one smartphone per second, running 24/7 in total darkness. While this represents a major leap in efficiency, concerns over job displacement and economic shifts continue to grow.
Analyst Comments: The emergence of dark factories signifies a turning point in industrial automation, eliminating the need for human labor in many manufacturing processes. This shift could lead to massive job losses in traditional industries, especially in countries that rely on low-cost labor. The trend also raises ethical concerns about workforce displacement and economic inequality. Governments and businesses must proactively address the socio-economic impact of AI-driven manufacturing through policies focused on retraining workers and developing new job opportunities.
FROM THE MEDIA: China is leading a new wave of automation with fully AI-powered “dark factories” that require no human intervention. Xiaomi has unveiled an 81,000-square-meter facility in Changping capable of producing 10 million smartphones annually, relying entirely on AI and robotics. The $330 million factory operates 24/7 in complete darkness, eliminating the need for human labor, lighting, or traditional workplace regulations. While automation has been part of manufacturing for decades, the scale and efficiency of Xiaomi’s factory mark a significant step forward. However, concerns about widespread job displacement are rising. A World Economic Forum report predicts that 23% of global jobs will be affected by AI automation in the next five years, with 42% of business tasks expected to be automated by 2027. As more companies adopt AI-driven production, policymakers and labor experts warn that society may not be prepared for the rapid shift toward fully autonomous industries.
READ THE STORY: The 420
Douglas Edelman: The $7 Billion Defense Contractor Accused of Massive Tax Fraud
Bottom Line Up Front (BLUF): Douglas Edelman, a former U.S. defense contractor, has been charged with one of America’s largest alleged tax fraud cases. He is accused of hiding $350 million in income through offshore accounts, fraudulent ownership claims, and evading at least $129 million in taxes. Arrested in Ibiza and later extradited to the U.S., Edelman now faces trial, while his wife, Delphine Le Dain, remains a fugitive in France.
Analyst Comments: Edelman’s case highlights long-standing issues with tax evasion by wealthy expatriates and contractors benefiting from U.S. government deals. The indictment sheds light on the ease with which high-net-worth individuals exploit offshore accounts and complex legal structures to shield their wealth. As scrutiny over international tax compliance intensifies, this case may lead to more vigorous enforcement measures and renewed efforts to reform tax laws for Americans living abroad. The legal outcome could also influence future government contracting policies, particularly regarding transparency and foreign business affiliations.
FROM THE MEDIA: A former military contractor who amassed a fortune from U.S. defense contracts in Afghanistan, has been charged with tax fraud after allegedly concealing millions through offshore accounts and fraudulent filings. Prosecutors claim that Edelman falsely listed his French wife as the owner of his companies to avoid U.S. taxes while living a lavish lifestyle across Europe. A whistleblower tipped off the IRS, leading to his arrest in Ibiza in July 2024. Edelman was extradited to the U.S., where he initially received house arrest in Virginia but was jailed again after contacting potential witnesses. His wife, Delphine Le Dain, fled to France and has not entered a plea. Prosecutors estimate that Edelman’s tax evasion cost the U.S. government at least $129 million, excluding interest and penalties. His trial is set for October 2025, and plea negotiations are ongoing.
READ THE STORY: WSJ
Chinese APT Group MirrorFace Expands to Europe, Revives ANEL Backdoor
Bottom Line Up Front (BLUF): ESET researchers have identified a significant shift in operations by the China-aligned APT group MirrorFace, which has expanded beyond Japan to target a Central European diplomatic institute. The campaign, dubbed Operation AkaiRyū (Red Dragon), marks the first documented European attack by the group. MirrorFace notably revived the ANEL backdoor, previously associated with APT10, and used advanced evasion tactics, including Windows Sandbox execution and Visual Studio Code remote tunnels for stealthy access.
Analyst Comments: MirrorFace’s expansion to Europe highlights the increasing globalization of Chinese cyber espionage efforts, particularly in targeting diplomatic and government entities. The reappearance of the ANEL backdoor suggests a possible link between MirrorFace and APT10, reinforcing theories that Chinese APTs operate under a coordinated umbrella. Their improved operational security (OPSEC), including tool deletion and sandbox execution, complicates detection and response efforts. This development signals a growing need for enhanced monitoring of Chinese cyber threats in Western regions.
FROM THE MEDIA: The attackers first engaged with the target through a benign email referencing a past interaction before following up with a malicious OneDrive link containing a ZIP file with a disguised LNK payload. Once executed, this payload triggered a multi-stage infection chain, deploying ANEL and a customized AsyncRAT for persistent access. The group leveraged PuTTY, Rubeus (for Kerberos abuse), and HiddenFace, its flagship backdoor, to exfiltrate Google Chrome web data, contact lists, and stored payment details. MirrorFace’s tactics align with warnings issued by Japan’s National Police Agency in January 2025 about the group's ongoing operations.
READ THE STORY: Cyber Kendra
Ukraine’s IT Army Ramps Up Cyberattacks on Russia Despite Fading Media Attention
Bottom Line Up Front (BLUF): Ukraine’s IT Army, a crowdsourced cyber force launched initially by Ukraine’s Ministry of Digital Transformation, continues intensifying attacks on Russian targets. While media coverage of their operations has slowed, a new Russian cybersecurity report shows that the frequency of cyberattacks has increased over the past year, mainly targeting telecom operators in Russian border regions. The IT Army’s distributed denial-of-service (DDoS) campaigns have disrupted internet access, media websites, and public transportation systems in cities like Kursk, St. Petersburg, and Krasnodar.
Analyst Comments: Despite a drop in public attention, Ukraine’s IT Army remains a persistent force in the cyber conflict between Ukraine and Russia. The focus on regional telecom providers suggests a strategic shift—these attacks are not only disruptive but also psychologically impactful, drawing attention from Russian citizens and forcing military and government responses. Ukraine’s increased coordination between hacktivists and military intelligence further highlights the blurring lines between civilian and state-sponsored cyber operations. As Ukraine refines its tactics, Russia may retaliate with countermeasures, including cyber offensives or legal action against suspected Ukrainian cyber actors.
FROM THE MEDIA: Earlier in March, the IT Army took down 50 media websites in Kursk, while a January attack in Krasnodar briefly made all paid parking lots free. On March 18, 2025, the group claimed responsibility for disrupting a transport payment app in St. Petersburg, causing delays across the city’s transit system. Ukraine’s military intelligence (HUR) has also publicly acknowledged supporting cyber operations, with some civilian hackers receiving official recognition for their role in Ukraine’s national defense.
READ THE STORY: The Record
LockBit Ransomware Developer Extradited to U.S. from Israel
Bottom Line Up Front (BLUF): A dual Russian-Israeli national, Rostislav Panev, has been extradited to the United States on charges of developing malware for the LockBit ransomware group—one of the most prolific cybercrime organizations in the world. Panev, arrested in Israel in August 2024, allegedly helped create LockBit’s malware and infrastructure, enabling the group to extort over $500 million from victims, including hospitals, businesses, and government agencies. Panev appeared before a U.S. judge in New Jersey and will remain in custody pending trial.
Analyst Comments: This extradition marks a significant win for U.S. law enforcement in its ongoing fight against ransomware groups, especially as LockBit has been responsible for thousands of cyberattacks worldwide. The case also highlights international cooperation, as Israel’s authorities worked closely with U.S. and European agencies to bring Panev to justice. However, the more significant challenge remains—LockBit’s primary administrator, Dmitry Khoroshev, is still at large, and Russia is unwilling to extradite its cyber criminals. While recent law enforcement actions have disrupted LockBit’s operations, the group is still a threat, and affiliates may continue launching attacks using its leaked malware tools.
FROM THE MEDIA: Panev’s arrest and extradition follow a global crackdown on LockBit, which peaked in February 2024 when authorities seized its servers and websites in a coordinated takedown operation led by the U.K. National Crime Agency (NCA), the FBI, and Europol. During Panev’s arrest, investigators found admin credentials to LockBit’s dark web infrastructure, source code for its StealBit data exfiltration tool, and evidence of crypto payments totaling over $230,000 from LockBit’s leaders. Meanwhile, LockBit’s founder, Khoroshev, remains one of the most wanted cybercriminals, with a $10 million U.S. bounty on his head.
READ THE STORY: HST
Controversy Over VA's IT Contract Cancellation Promoted by DOGE
Bottom Line Up Front (BLUF): Elon Musk's DOGE (Department of Government Efficiency) claimed credit for terminating a $3.5 million Department of Veterans Affairs (VA) IT contract, presenting it as part of a broader cost-cutting initiative. However, records show that the contract was set to expire naturally just 10 days later, raising questions about the actual savings from the cancellation. The contract, managed by Duty First Consulting, a Service-Disabled Veteran-Owned Small Business (SDVOSB), was part of 247 federal contract cancellations that DOGE claimed would save $390 million.
Analyst Comments: This raises serious questions: Was this about saving money or just a PR stunt? If the contract was about to end anyway, what was saved by canceling it early? Moves like this could undermine trust in DOGE’s budget-cutting efforts, significantly when they impact small businesses owned by disabled veterans. It also raises concerns about whether these cancellations are being made carefully or just for political optics. If federal contracts keep getting slashed without objective financial justification, we could see unexpected disruptions in government services down the road.
FROM THE MEDIA: Russian fighter-bombers were launching up to 100 glide bombs per day along the 800-mile front line, mainly targeting cities like Kharkiv and Zaporizhzhia. However, after Ukraine deployed Lima jammers, the accuracy of Russian attacks dropped sharply, forcing Russia to rethink its bombing strategy. Russian military channels on Telegram have acknowledged the challenge, particularly around Pokrovsk, where bombings have become less effective. In response, Russia has modified its bombs and drones to counter Ukrainian jamming, but Ukraine quickly adapted by studying recovered Russian hardware.
READ THE STORY: The Register
China Accuses Taiwanese Military of Cyberattacks and Espionage
Bottom Line Up Front (BLUF): China’s Ministry of State Security (MSS) has publicly accused four Taiwanese military personnel of cyberattacks and espionage targeting key Chinese infrastructure. The individuals, allegedly linked to Taiwan’s Information, Communications, and Electronic Force Command (ICEFCOM), were named in an MSS report claiming that Taiwanese hackers have targeted power grids, water supplies, and telecommunications networks in China. Taiwan has denied the allegations, calling them a fabricated excuse to justify Beijing’s cyber operations.
Analyst Comments: This marks a new phase in China's cyber strategy, as public attribution of foreign hackers is rare for Beijing. The near-simultaneous release of reports by three Chinese cybersecurity firms suggests a coordinated effort between state authorities and private sector analysts. Given Taiwan's repeated claims of Chinese cyber intrusions, this accusation may be a tit-for-tat response designed to shape the global cybersecurity narrative. Whether China intends to escalate cyber operations against Taiwan in retaliation remains a key concern, particularly as regional tensions rise ahead of major political events.
FROM THE MEDIA: China’s MSS released the identities, photos, and job titles of four alleged Taiwanese hackers on March 18, 2025, accusing them of conducting phishing attacks, disinformation campaigns, and hacking government systems. Taiwanese officials immediately denied the claims, stating that ICEFCOM’s cyber operations focus solely on national defense. Chinese cybersecurity firms QiAnXin, Antiy, and Anheng Information also published reports on a Taiwan-linked cyber group known as APT-Q-20, which has allegedly been active since 2006. While these reports do not explicitly tie ICEFCOM to APT-Q-20, their simultaneous release suggests coordination with Beijing's accusations.
READ THE STORY: The Record
China Expands Strategic Mineral Funding Amid U.S. Trade War
Bottom Line Up Front (BLUF): China is increasing state funding for domestic mineral exploration to secure supply chains for high-tech industries amid escalating tensions with the U.S. At least 17 provincial governments have expanded subsidies for mining operations, reinforcing Beijing’s control over critical resources like rare earth metals essential for semiconductors and electric vehicles. This move counters U.S. efforts to reduce reliance on Chinese minerals through expanded domestic mining and overseas partnerships.
Analyst Comments: With the U.S. imposing export controls on advanced technology, Beijing is leveraging its dominance in rare earth minerals as geopolitical leverage. The continued restriction of key mineral exports, coupled with increased state-backed exploration, suggests China is preparing for prolonged economic and technological rivalry. The global supply chain, especially in high-tech industries, may face further disruptions as these policies unfold.
FROM THE MEDIA: China is ramping up financial support for domestic mineral exploration, with some provinces like Xinjiang increasing funding more than fourfold. The Chinese government has allocated over $13.8 billion annually since 2022 for geological exploration, the highest in a decade. Beijing also continues to tighten export controls on minerals critical for chip manufacturing, such as gallium and graphite, in response to U.S. trade restrictions. Meanwhile, the Biden administration has prioritized securing alternative supplies in Greenland, Ukraine, and Africa. China’s move reinforces its position as the leading producer of 30 of 44 critical minerals tracked by the U.S. Geological Survey, intensifying the global competition for strategic resources.
READ THE STORY: FT
Items of interest
Congo Offers U.S. Strategic Minerals in Exchange for Military Assistance
Bottom Line Up Front (BLUF): The Democratic Republic of Congo (DRC) has made a secret proposal to the Trump administration: military support against the Rwanda-backed M23 rebels in exchange for access to critical minerals such as cobalt, lithium, and tantalum. President Félix Tshisekedi outlined the offer in a February 8, 2025, letter to Trump, emphasizing the potential benefits for U.S. technology and defense industries. The deal aligns with Trump’s resource-driven foreign policy and comes as private military contractor Erik Prince engages in separate negotiations to secure Congo’s mining revenues.
Analyst Comments: The U.S. has long sought to reduce dependence on Chinese-controlled supply chains, and gaining direct access to Congo’s mineral wealth would be a significant geopolitical win. However, any U.S. military involvement in Congo would risk escalating tensions with Rwanda and entangling American forces in a volatile conflict. Tshisekedi’s outreach to Erik Prince signals that private military forces may also play a role, raising ethical and legal concerns about mercenary involvement in securing mineral wealth.
FROM THE MEDIA: Tshisekedi’s letter to Trump emphasized that securing Congo’s mineral resources would enhance U.S. competitiveness in aerospace, AI, and electric vehicles. The proposal was forwarded to the White House National Security Council, which invited an intermediary to discuss it further. Meanwhile, U.S. sanctions on a top Rwandan official linked to the M23 rebels coincided with these negotiations. Erik Prince, founder of Blackwater, is discussing a deal with the DRC to crack down on mining tax evasion. The offer also follows reports that Rwanda has been smuggling minerals from Congo to fuel its own economic ambitions.
READ THE STORY: WSJ
The Future of U.S. AI Leadership with CEO of Anthropic (Video)
FROM THE MEDIA: The Democratic Republic of Congo has offered the US exclusive access to critical minerals and infrastructure projects in exchange for security assistance. Congo asked for an urgent meeting between Presidents Felix Tshisekedi and Donald Trump to discuss a pact that would give American companies access to some of the most coveted minerals for energy transition.
DR Congo considers US access to its critical minerals in return for security guarantees (Video)
FROM THE MEDIA: The Democratic Republic of Congo says it will not rule out giving the US access to its vast mineral wealth in return for security guarantees. The statement comes as the M23 armed group backed by Rwanda continues its advance in the eastern part of the DRC after seizing territory,, including the main cities of Goma and Bukavu, in recent months.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.