Saturday, Apr 26, 2025 // (IG): BB // GITHUB // SN R&D
Chang Guang Satellite Firm Sanctioned by U.S. for Allegedly Aiding Russia and Houthis
Bottom Line Up Front (BLUF): The U.S. has intensified scrutiny of Chang Guang Satellite Technology, accusing the Chinese company of supporting Russia's war efforts in Ukraine and aiding Houthi rebels targeting U.S. assets. Despite U.S. sanctions imposed in 2023, Chang Guang has continued expanding its satellite network, raising concerns about China’s military-civil fusion strategy.
Analyst Comments: Chang Guang’s activities underline how Beijing’s blending of civilian and military technologies can enable adversaries without direct state intervention. As China scales up its Jilin-1 satellite constellation, the risk of its use for military surveillance and attacks against Western interests will grow. Efforts to counter this influence are complicated by China’s unwillingness to restrain its private sector and by the globalized nature of satellite technology markets.
FROM THE MEDIA: U.S. officials claim Chang Guang Satellite Technology, closely tied to the Chinese military, has provided satellite imagery to Russia during its invasion of Ukraine and is now suspected of aiding Houthi attacks on U.S. warships. Founded in 2014, Chang Guang has launched over 117 satellites under its Jilin-1 program, aiming for 300 by 2026. Despite civilian applications like agricultural monitoring, about 75% of its revenue in 2021 came from military customers. The company denies ties to hostile groups, but U.S. authorities argue Chang Guang’s capabilities reflect Beijing’s military-civil fusion strategy, blurring the line between commercial and military operations.
READ THE STORY: WSJ
Critical CVE-2025-32433 in Erlang/OTP Threatens Multiple Cisco Products With RCE Risk
NOTE:
This PoC demonstrates a technique that exploits a vulnerability in some SSH servers, allowing attackers to open sessions and execute commands before authentication. This critical security flaw can lead to remote code execution. It works by faking a legitimate SSH connection, sending carefully crafted key exchange and sesIn real-world scenarios, advanced persistent threat (APT) groups, especially those backed by nation-states like China, North Korea, Russia, or Iran, are known to leverage SSH vulnerabilities to quietly infiltrate critical infrastructure, steal sensitive data, or establish long-term backdoors into government, telecom, and corporate networks.
Bottom Line Up Front (BLUF): Cisco has issued a high-severity advisory warning about CVE-2025-32433, a critical remote code execution flaw in Erlang/OTP’s SSH server. The vulnerability impacts key products, including Cisco NSO, WAAS, and Catalyst Center. The vulnerability carries a CVSS score of 10.0, and currently no workarounds are available.
Analyst Comments: The exploit’s unauthenticated nature dramatically increases the likelihood of mass exploitation once public proof-of-concept code emerges. Organizations must prioritize patching and SSH access restrictions immediately, while this case further spotlights persistent supply-chain risks associated with legacy open-source components like Erlang/OTP.
FROM THE MEDIA: This flaw allows unauthenticated attackers to take full control of affected systems during the authentication process. Cisco confirmed the issue impacts products such as Network Services Orchestrator (NSO) and ConfD, with patches expected in May 2025. Meanwhile, administrators are advised to block unnecessary SSH access and closely monitor updates. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is also expected to list this vulnerability in its Known Exploited Vulnerabilities Catalog soon.
READ THE STORY: GBhackers PoC: CVE-2025-32433
Simon Schama: Trump’s War on Universities Threatens American Knowledge Infrastructure
Bottom Line Up Front (BLUF): Historian Simon Schama warns that the Trump administration’s attacks on American universities — including funding cuts and ideological purges — pose a serious threat to the country’s intellectual foundations. The erosion of support for research and critical inquiry undermines national security, scientific progress, and the democratic values the U.S. was founded upon.
Analyst Comments: Targeting higher education weakens not just academia but the technological and economic strength of the United States. Discrediting science and history to enforce ideological conformity risks long-term strategic decline, especially as global competitors like China continue investing heavily in education and innovation. Efforts to replace objective inquiry with political loyalty mirror historic patterns seen in authoritarian regimes, inevitably leading to self-inflicted vulnerabilities.
FROM THE MEDIA: Simon Schama describes the Trump administration’s sweeping cuts to U.S. universities, including slashing billions in federal research funding to institutions like Harvard and cancelling grants for critical fields like public health, disinformation studies, and climate science. Schama traces how these moves reflect a broader historical hostility toward intellectualism, rooted in American populism. He connects today's anti-university rhetoric to past attacks on academia by figures like Andrew Jackson and Richard Nixon. He warns that undermining the partnership between government and universities — a partnership that produced innovations like the Manhattan Project — will have devastating consequences for America's global leadership and domestic resilience.
READ THE STORY: FT
FBI Offers $10 Million Reward for Information on China's Salt Typhoon Hackers
Bottom Line Up Front (BLUF): The FBI announced a $10 million reward for information leading to identifying individuals behind Salt Typhoon, a China-backed cyberespionage group responsible for breaching major U.S. telecommunications providers and the U.S. Treasury. The group exfiltrated sensitive data, including call logs linked to political figures during the 2024 U.S. election.
Analyst Comments: Salt Typhoon’s prolonged access to critical telecom infrastructure highlights a dangerous escalation in China's cyber activities targeting U.S. national security. Their sophisticated anti-forensic techniques enabled them to operate undetected for years, suggesting significant future risks. The FBI’s public bounty underscores the urgency and seriousness of countering state-sponsored cyber threats in an election-sensitive environment.
FROM THE MEDIA: The FBI and U.S. State Department offer $10 million for information about Salt Typhoon hackers after uncovering their infiltration of U.S. telecom giants like Verizon, AT&T, T-Mobile, and Lumen Technologies. The group, believed to have been active since 2020, stole call records, intercepted limited communications, and accessed information tied to then-President-elect Donald Trump and Senator JD Vance. Experts also linked Salt Typhoon—also known as GhostEmperor and FamousSparrow—to a breach of the U.S. Treasury Department. Despite China’s denials, the cyberattack campaign reflects broader efforts by Beijing to penetrate American critical infrastructure.
READ THE STORY: CyberNews
UK Bans Video Game Controller Exports to Russia to Disrupt Drone Operations
Bottom Line Up Front (BLUF): The UK has implemented a ban on the export of video game controllers to Russia, aiming to prevent their repurposing for frontline drone operations in Ukraine. Although the move targets dual-use technologies, experts question its effectiveness due to the availability of controllers through other global sources, notably China.
Analyst Comments: This export restriction highlights the evolving nature of dual-use technologies in modern warfare, where civilian hardware is repurposed for military use. However, the ubiquity and maturity of gaming controllers make enforcement difficult, and the ban appears more symbolic than impactful. Strategic efforts targeting critical materials and software for Russia's defense and energy sectors will likely have a greater long-term effect.
FROM THE MEDIA: Minister Stephen Doughty stated that preventing the use of gaming consoles to control drones would help hinder Russian military activities. Experts, however, note that most controllers are manufactured in China and other regions, meaning the impact of the UK ban is limited. Analysts suggest controllers may interface with specialized drone systems rather than directly piloting aircraft. The sanctions package also targets chemicals, electronics, and software critical to Russia’s defense and energy sectors.
READ THE STORY: The Register
Non-Human Identities (NHIs) Emerge as Cybersecurity's Most Dangerous Blind Spot
Bottom Line Up Front (BLUF): The explosive growth of Non-Human Identities (NHIs) — including service accounts, API keys, and tokens — has created a major new cybersecurity risk. These machine identities now vastly outnumber human users, authenticate without multi-factor authentication, and are difficult to monitor, making them a prime target for attackers, including nation-states.
Analyst Comments: Nation-state actors and sophisticated cybercriminal groups increasingly exploit leaked or poorly secured NHIs to bypass traditional defenses and move laterally through networks. Traditional IAM and PAM tools built for human users are ineffective at managing this growing ecosystem. Solutions like GitGuardian's NHI Governance aim to close this gap by mapping machine identities, enforcing secret rotation policies, and identifying zombie or overprivileged credentials before they can be exploited.
FROM THE MEDIA: Non-Human Identities have become the "most dangerous blind spot" in cybersecurity due to their unchecked proliferation across cloud, IoT, and AI-driven systems. In 2024 alone, 23.7 million secrets were leaked on GitHub, many remaining valid for months or years. Unlike human credentials, NHIs often lack lifecycle management, expiration dates, or proper monitoring.
READ THE STORY: THN
K Bans Video Game Controller Exports to Russia to Disrupt Drone Operations
Bottom Line Up Front (BLUF): The UK has implemented a ban on the export of video game controllers to Russia, aiming to prevent their repurposing for frontline drone operations in Ukraine. Although the move targets dual-use technologies, experts question its effectiveness due to the availability of controllers through other global sources, notably China.
Analyst Comments: This export restriction highlights the evolving nature of dual-use technologies in modern warfare, where civilian hardware is repurposed for military use. However, the ubiquity and maturity of gaming controllers make enforcement difficult, and the ban appears more symbolic than impactful. Strategic efforts targeting critical materials and software for Russia's defense and energy sectors will likely have a greater long-term effect.
FROM THE MEDIA: Minister Stephen Doughty stated that preventing the use of gaming consoles to control drones would help hinder Russian military activities. Experts, however, note that most controllers are manufactured in China and other regions, meaning the impact of the UK ban is limited. Analysts suggest controllers may interface with specialized drone systems rather than directly piloting aircraft. The sanctions package also targets chemicals, electronics, and software critical to Russia’s defense and energy sectors.
READ THE STORY: The Register
Sam Altman: AI Privacy Rules Should Follow, Not Precede, Emerging Problems
Bottom Line Up Front (BLUF): OpenAI CEO Sam Altman argued at a major privacy conference that it is premature to regulate AI privacy protections, emphasizing that dynamic, reactive policies should be created only after real-world issues emerge. Altman's comments signal a hands-off approach, leaving privacy frameworks to evolve as societal impacts from AI use become clearer.
Analyst Comments: Altman's position reflects a broader challenge facing governments and tech companies: regulating AI systems advancing faster than existing legal frameworks. While a flexible approach may support innovation, it risks exposing users to significant privacy breaches. Given how rapidly sensitive personal data is being shared with generative AI models, nation-states, regulators, and privacy advocates will likely push for faster, preemptive guardrails.
FROM THE MEDIA: At the IAPP Global Privacy Summit in Washington, D.C., Sam Altman stated that privacy safeguards for AI cannot be fully established before observing societal impacts. He highlighted that people already share personal information with AI systems despite there being no legal confidentiality protections. Altman suggested a “tight feedback loop” to adapt regulations dynamically as problems arise. Meanwhile, House Energy and Commerce Committee lawmakers are working on a new privacy bill where AI regulation is expected to be a central focus, underscoring growing pressure to address these concerns more proactively.
READ THE STORY: The Record
Hackers Exploit MS-SQL Servers to Deploy Ammyy Admin and PetitPotato Malware
Bottom Line Up Front (BLUF): Attackers are exploiting vulnerable Microsoft SQL servers to deploy Ammyy Admin and PetitPotato malware, gaining remote access and escalating privileges. This sophisticated campaign highlights the dangers of mismanaged database environments and emphasizes the urgent need for better server hardening practices.
Analyst Comments: By enabling RDP and creating rogue accounts, adversaries strengthen their foothold for long-term exploitation. Expect similar multi-stage intrusions to increasingly target backend infrastructure in 2025, particularly critical yet poorly monitored systems.
FROM THE MEDIA: Attackers target unpatched or misconfigured MS-SQL servers, using weak credentials to infiltrate systems. Once compromised, they deploy Ammyy Admin for remote control and PetitPotato for privilege escalation, allowing extensive lateral movement. They also activate RDP and create privileged accounts to ensure persistent access. Symantec has identified the threat using a combination of file-based, machine learning, and web protections. Security experts urge organizations to prioritize patching, disable unnecessary services like RDP, enforce strong authentication, and monitor for suspicious behavior to counteract these attacks.
READ THE STORY: GBhackers
U.S. Appoints Michael Anton to Lead Technical Cybersecurity Talks with Iran
Bottom Line Up Front (BLUF): The Trump administration has selected Michael Anton, a former National Security Council official, to lead technical discussions with Iran focused on nuclear risks and limited cybersecurity issues. These talks, hosted in Geneva, are designed to manage escalation, not to create a new diplomatic agreement.
Analyst Comments: Michael Anton’s role signals the Trump administration's cautious, tactical approach: reengaging Iran strictly on technical grounds without reviving the broader 2015 nuclear deal. While cybersecurity will be discussed, it remains secondary to atomic concerns. The move reflects a desire to build basic crisis communication pathways, though deep cooperation is unlikely given the current hostile climate.
FROM THE MEDIA: These talks, which broke with support from European intermediaries, will narrowly focus on containing nuclear threats and minimizing cyber conflict risks. Officials stress that this initiative is not a precursor to a broader political agreement. The discussions come at a time of rising U.S.-Iran tensions, with cyber and nuclear miscalculations seen as urgent threats. Anton, known for his hawkish views during Trump’s first term, is expected to control the agenda tightly.
READ THE STORY: Politico
Jen Easterly Urges Cybersecurity Industry to Resist Politicization Under Trump Administration
Bottom Line Up Front (BLUF): Former CISA Director Jen Easterly warned that the Trump administration’s political targeting of cybersecurity officials directly threatens U.S. national security. Easterly called for the industry to publicly stand against the politicization and hollowing out of federal cyber agencies, citing the firings of NSA leadership and investigations into former CISA chief Chris Krebs.
Analyst Comments: The removal of senior cybersecurity leaders under partisan pretenses risks dismantling hard-won national security frameworks built over the last decade. Easterly’s alarm underscores a growing concern that loyalty tests replace technical merit, leaving critical U.S. cyber defenses vulnerable. Without sustained, bipartisan protection of the cybersecurity apparatus, federal and private-sector networks could face greater instability and foreign exploitation.
FROM THE MEDIA: Former CISA Director Jen Easterly published a public warning on LinkedIn ahead of the RSA Conference, decrying the Trump administration’s firing of NSA Director Gen. Tim Haugh, Deputy Director Wendy Noble, and targeting of former CISA Director Chris Krebs. Easterly described the actions as a political purge, endangering trust in America's cyber defense systems. Easterly criticized the broader cybersecurity industry's muted response and emphasized that defending critical infrastructure means also defending the public servants behind it. The controversy follows the administration’s April 9 memo revoking Krebs’ security clearance and ordering investigations linked to federal election security efforts. Her warning comes when U.S. agencies face mounting cyber threats from China and other nation-state actors, further compounding concerns about weakening leadership and institutional integrity at CISA and NSA.
READ THE STORY: The Record
DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks
Bottom Line Up Front (BLUF): Attackers exploited Ivanti Connect Secure (ICS) vulnerability CVE-2025-0282 to deploy DslogdRAT malware in Japan, enabling remote control and data exfiltration. The critical flaw was weaponized before a patch was available, highlighting persistent threats against enterprise VPNs.
Analyst Comments: Exploiting Ivanti ICS appliances reflects an ongoing trend of threat actors, particularly Chinese espionage groups, targeting VPN devices to gain initial network access. The rapid deployment of new malware like DslogdRAT indicates a growing sophistication and modular approach to cyber espionage. Organizations must remain vigilant, as recent scanning surges suggest broader exploitation efforts are likely imminent.
FROM THE MEDIA: JPCERT/CC reported that DslogdRAT was installed on Japanese networks by exploiting CVE-2025-0282, a critical Ivanti ICS zero-day vulnerability patched in January 2025. Attackers used a Perl web shell to deploy the malware, which connects to an external server to execute commands, transfer files, and proxy communications. Associated threat activity is linked to the UNC5337 group, although connections to the broader SPAWN malware campaigns remain unclear. Meanwhile, GreyNoise has detected a 9x spike in suspicious ICS scanning activity, potentially foreshadowing wider exploitation beyond the initial attacks in Japan.
READ THE STORY: THN
FTC Finalizes Stronger COPPA Rule, Preserving Tougher Kids' Privacy Protections
Bottom Line Up Front (BLUF): The FTC officially published a strengthened version of the Children’s Online Privacy Protection Act (COPPA) rule, despite concerns that Trump-appointed leadership might delay or weaken it. The new rule enhances protections for children’s data online and will take effect on June 23, 2025.
Analyst Comments: Although fears of rollback under new leadership were significant, the FTC’s decision suggests there are still institutional boundaries around online children's privacy. However, with Congress failing to pass even tougher legislation (COPPA 2.0 and KOSPA), digital privacy for minors remains a battleground likely to see future legislative efforts.
FROM THE MEDIA: After a six-year effort, the FTC finalized its revised COPPA rule this week, tightening restrictions on how online platforms handle children's data. The updated regulation mandates stronger data security programs, stricter data deletion and retention policies, and greater transparency about third-party data sharing. The rule survived under new FTC Chair Andrew Ferguson, despite his prior criticisms. Privacy groups lauded the move as a crucial update to a law initially passed in 2000. Meanwhile, Congress’s attempt at broader reform under COPPA 2.0 failed last year, leaving the FTC’s rule as the primary federal safeguard for children’s online privacy.
READ THE STORY: The Record
DragonForce and Anubis Ransomware Gangs Expand Operations with New Affiliate Programs
Bottom Line Up Front (BLUF): Researchers at Secureworks Counter Threat Unit have uncovered new affiliate models launched by the DragonForce and Anubis ransomware groups. Both gangs have innovated their business operations to expand reach and maximize profits, complicating law enforcement and defensive efforts. DragonForce has moved to a distributed cartel model, while Anubis offers multiple extortion modes to appeal to a broader range of cybercriminals.
Analyst Comments: These developments reflect a broader trend in which ransomware operators evolve their models to be more resilient, decentralized, and appealing to affiliates with varying skill levels. DragonForce's distributed branding and Anubis' multi-mode extortion will likely make attacks harder to attribute and defend against. Expect diverse ransomware tactics, regulatory threats to victims, and rapid compromise cycles. Security teams must enhance threat detection and cross-sector information sharing to counter these growing threats.
FROM THE MEDIA: Secureworks researchers detailed how DragonForce has rebranded into a "cartel," allowing affiliates to build their ransomware brands while using DragonForce’s infrastructure. Affiliates gain access to administration panels, encryption tools, and leak sites, but are no longer forced to use a specific ransomware payload. Meanwhile, the Anubis ransomware group introduced a three-tier affiliate program: traditional ransomware attacks, data-only extortion targeting public leaks and regulatory bodies like the ICO and HHS, and access monetization of pre-compromised victims. Both groups are adapting to law enforcement disruptions, aiming to widen their cybercriminal ecosystem and intensify pressure on victims through creative new extortion tactics.
READ THE STORY: GBhackers
More Than 60% of Russian Piracy Sites Depend on Alloha CDN
Bottom Line Up Front (BLUF): A study by Russian cybersecurity firm F6 reveals that over 60% of illegal streaming sites in Russia rely on the content delivery network (CDN) Alloha. Despite declining piracy revenues, the volume of pirated content continues to grow, complicating enforcement efforts due to the international hosting of these CDNs.
Analyst Comments: The findings highlight the resilience and adaptability of digital piracy networks. With pirate platforms relying on multiple international CDNs outside Russian jurisdiction, enforcement remains a major challenge. This trend mirrors broader global difficulties in curbing piracy in decentralized, cloud-driven infrastructures. More sophisticated international cooperation and technical countermeasures are likely needed to make meaningful progress.
FROM THE MEDIA: F6 found that 61% of Russian piracy sites use Alloha CDN, followed by Rewall (42%) and Lumex (11%). Sites often rely on multiple CDNs simultaneously, complicating takedown efforts. Hosting infrastructure located in the Netherlands, US, Ukraine, Germany, and France enables these networks to evade Russian legal actions. Although piracy revenue has fallen since 2018, F6 notes a 42% year-over-year increase in the amount of pirated content blocked, signaling continued growth in piracy activity despite enforcement efforts.
READ THE STORY: DCD
Items of interest
Malfunctioning Russian Satellite Tied to Suspected Nuclear Space Weapon Program
Bottom Line Up Front (BLUF): U.S. experts report that Russia’s Cosmos 2553 satellite, suspected to be part of a nuclear anti-satellite weapon program, appears to be malfunctioning. Data suggests the satellite has been tumbling in orbit, raising doubts about its operational status, although recent observations indicate potential stabilization.
Analyst Comments: The instability of Cosmos 2553 could be a setback for Russia's alleged ambitions to deploy nuclear weapons in space, an action widely condemned by international norms. Even if Cosmos 2553 stabilizes, its erratic behavior will fuel Western concerns over Moscow's intentions and intensify scrutiny of Russia’s military space activities. Strategic tensions over space-based weapons are expected to rise, especially given ongoing global conflicts.
From the Media:
FROM THE MEDIA: According to The Kyiv Independent, U.S. experts cited by Reuters reported that Russia's Cosmos 2553 satellite, launched shortly before the 2022 invasion of Ukraine, shows signs of malfunction, including uncontrolled spinning observed by LeoLabs and Slingshot Aerospace. A December 2024 analysis suggested the satellite was tumbling, signaling a loss of functionality. The U.S. Space Command confirmed altitude changes, though newer data suggests the satellite may have restabilized. Russia continues to assert that Cosmos 2553 is for scientific research, a claim U.S. officials dismiss amid concerns about potential nuclear weaponization of space.
READ THE STORY: The Kyiv Independent
Cosmos-2553 - Russia's Secret Satellite: Testing Space Nukes (Video)
FROM THE MEDIA: Alarming U.S. claims: Russia testing anti-satellite nukes. Secret "Cosmos-2553" spacecraft suspected as weapon prototype. Capable of disabling rival satellite networks like Starlink. Escalating space militarization amid fears of orbital warfare.
Russia’s Secret Space Weapon? The Chilling Truth Behind Cosmos 2553 (Video)
FROM THE MEDIA: The battle for dominance is moving to the final frontier—space. Russia’s satellite, Cosmos 2553, has sparked global alarm. Officially a 'technological experiment,' experts warn it could be the prototype for a new space weapon. Could this lead to an EMP strike that cripples satellites and electronic systems worldwide? Dive into the chilling mystery of Cosmos 2553 and the terrifying implications of space warfare.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.