Sunday, May 25, 2025 // (IG): BB // GITHUB // SN R&D
China’s Digital Strategy Reshapes Global Norms Through Infrastructure, Law, and Influence
NOTE:
China’s approach to international digital infrastructure is uniquely calibrated for long-term intelligence leverage. By embedding network hardware, cloud services, and software platforms through firms like Huawei and Alibaba Cloud, Beijing positions itself to harvest metadata and communications traffic from foreign states without direct cyber intrusion. This method is subtle, durable, and often legal under local contracts. Intelligence laws such as China’s 2017 National Intelligence Law and 2021 Data Security Law legally bind private tech firms to cooperate with state intelligence agencies, regardless of where operations occur. This framework blurs the line between commerce and statecraft, allowing Beijing to pursue “lawful access” espionage under the guise of development aid. The cumulative effect is a surveillance architecture with global reach, designed to erode Western digital hegemony and elevate China’s capacity to shape, monitor, and—where necessary—exploit international data flows.
Bottom Line Up Front (BLUF): China’s digital strategy, encapsulated in the “Digital China” and “Digital Silk Road” initiatives, aims to reshape global digital governance through infrastructure export, legal frameworks, and discourse control. While building domestic cyber power, Beijing simultaneously advances a state-centric model of internet sovereignty abroad, challenging the liberal democratic order championed by the West.
Analyst Comments: Embedding its standards into developing nations via concessional lending and technology transfer fosters digital dependencies that mirror strategic alignment. This has significant implications for global cybersecurity, data flows, and regulatory sovereignty. Liberal democracies must proactively counterbalance China’s approach through investment in rights-based digital infrastructure and international rulemaking partnerships.
FROM THE MEDIA: Under Xi Jinping, China’s “Digital China” vision aligns internal modernization with international influence. The country has enacted far-reaching data governance laws—the Cybersecurity Law, Data Security Law, and Personal Information Protection Law—giving the state sweeping authority over domestic and international data activity. Through the Digital Silk Road, Chinese firms like Huawei, Alibaba, and ByteDance provide digital infrastructure across over 80 countries, often under conditions that embed Chinese techno-legal norms. These exports, backed by state financing, introduce de facto standards in surveillance, e-commerce, and AI. Chinese control over infrastructure and platforms also enables narrative control and data centralization, creating a model of “digital neomercantilism.” While cautious of surveillance risks and legal incompatibilities, Europe has yet to present a fully coordinated alternative. The article calls for a proactive European strategy to offer interoperable, ethical, and transparent digital development pathways, especially in the Global South.
READ THE STORY: Modern Diplomacy
Public Data Transformed Into Global Intelligence Weapon by State and Non-State Actors
Bottom Line Up Front (BLUF): Governments and cyber operators around the world are increasingly weaponizing public and commercially available data—often sourced legally or semi-legally through ad networks, app permissions, public cameras, and online platforms. Centralized data portals, AI tools, and real-time bidding systems allow agencies and actors to acquire granular insight into population behavior, infrastructure movement, and strategic targets without violating traditional surveillance laws. Commercial data originally intended for marketing has become a critical component of modern intelligence operations.
Analyst Comments: Publicly accessible data—once seen as benign or anonymous—now feeds into state-level surveillance, cyber operations, and influence campaigns. Countries with advanced AI capabilities and cyber infrastructure, including China and Russia, have built complex systems to mine and correlate this data for domestic control and foreign intelligence. The growing dependence on this open-source or commercially sourced data has outpaced legal and ethical frameworks, leaving critical privacy protections outdated and ineffective. These tools are also available to smaller states and cybercriminals, democratizing intelligence at a global scale.
FROM THE MEDIA: Governments and cyber actors worldwide are increasingly exploiting publicly and commercially available data, such as mobile location signals, social media metadata, health-related ad segments, and unsecured camera feeds, for intelligence, surveillance, and influence operations. Through real-time bidding platforms, data brokers, and advertising technologies, actors in countries like China, Russia, the U.S., and Israel can access vast datasets intended initially for marketing but now used to track military personnel, monitor aid routes, identify vulnerable populations, and predict protests. Centralized platforms, such as the U.S. Intelligence Community’s planned Data Consortium, integrate AI to streamline this process, enabling profiling, behavioral prediction, and even sentiment analysis at scale. This global trend blurs the line between open-source intelligence and mass surveillance, allowing state and non-state actors to bypass traditional legal oversight while creating new risks for privacy, civil liberties, and national security.
READ THE STORY: Wired // The Intercept
US-DR Congo Critical Minerals Deal Hinges on Peace in Eastern Region
Bottom Line Up Front (BLUF): The Democratic Republic of Congo (DRC) and the United States are in advanced talks over a critical minerals investment deal to resolve the ongoing conflict in the DRC's eastern provinces. The agreement could grant U.S. companies access to strategic resources like lithium, cobalt, and coltan in exchange for infrastructure investment and diplomatic support in negotiating a peace settlement with Rwanda over the M23 rebel insurgency.
Analyst Comments: The intertwining of economic access with conflict resolution shows a shift in U.S. foreign policy toward strategic, conditional engagement. However, the deal’s success is contingent upon tangible peace progress, particularly the withdrawal of Rwandan-backed rebels and the restoration of territorial control by Kinshasa. The outcome could redefine regional dynamics and resource politics across Central Africa.
FROM THE MEDIA: The proposed deal would allow U.S. companies access to key mineral deposits in exchange for support in infrastructure development and efforts to stabilize the eastern region, long troubled by violence linked to Rwandan-supported M23 rebels. The U.S. seeks to regain influence in a mining sector heavily dominated by China since a 2008 infrastructure deal. Talks involve U.S. Africa envoy Massad Boulos, who has facilitated recent peace discussions between Congolese President Félix Tshisekedi and Rwandan President Paul Kagame. Kinshasa remains firm that peace must precede any formal cooperation involving Rwandan interests in Congolese mineral trade.
READ THE STORY: FT
Massive Unsecured Database Exposes 184 Million Login Credentials Across Platforms and Governments
Bottom Line Up Front (BLUF): An exposed database containing over 184 million records with usernames and plaintext passwords from major tech platforms and government domains was discovered in May 2025. The database, hosted on infrastructure from World Host Group, offered no attribution or known owner, raising concerns of a cybercriminal compilation potentially created using infostealer malware.
Analyst Comments: The inclusion of .gov email addresses tied to nearly 30 countries indicates both civilian and state-level compromise potential. While the source remains unknown, the scale and structure suggest use of infostealers or credential harvesting bots. The data could serve as a launchpad for targeted phishing, account takeovers, and nation-state exploitation. Incidents like this reinforce the urgent need for robust data hygiene, credential monitoring, and multifactor authentication across all sectors.
FROM THE MEDIA: Security researcher Jeremiah Fowler discovered the database in early May 2025, containing more than 184 million login records spanning Apple, Google, Meta, Microsoft, and other major services. The unprotected Elastic database lacked attribution and exposed plaintext credentials, including 220 government-linked email accounts from 29 countries. Analysis of a sample revealed frequent mentions of banks, wallets, and popular platforms like Roblox, Discord, and PayPal. The password field was labeled “senha,” the Portuguese word for “password,” hinting at a possible Brazilian link. Fowler reported the issue to the host provider, which shut down the database but confirmed it was controlled by a fraudulent user. It is unknown whether other actors accessed the data before it was secured.
READ THE STORY: Wired
Killnet Resurfaces with New Identity and Profit Motive
Bottom Line Up Front (BLUF): Russian-linked hacker group Killnet has reemerged under new leadership with a revised mission, shifting from pro-Kremlin hacktivism to financially motivated cybercrime. The group’s return coincided with Russia’s Victory Day and included an unverified claim of compromising Ukraine’s drone-tracking systems. Analysts suggest the resurgence marks a strategic rebranding amid internal upheaval and shifting geopolitical narratives.
Analyst Comments: Its pivot toward profit, offering hack-for-hire services and targeting darknet actors, signals increasing overlap between nation-state tactics and organized cybercrime. The group’s operational fragmentation and rebranding illustrate how cyber threat groups adapt quickly to leadership disruptions and public exposure. This development may foreshadow renewed attacks under the Killnet name or splinter factions with new goals and tactics.
FROM THE MEDIA: Killnet reemerged in May 2025, claiming responsibility for cyber activity aiding Russian military strikes, though evidence is lacking. Its comeback follows a 2023 exposé revealing the identity of its founder, KillMilk, who allegedly had ties to drug trafficking. Control of the group has since shifted to Deanon Club, an anti-drug collective led by a figure known as BTC. Under BTC’s leadership, Killnet has embraced more financially driven objectives, alienating pro-Russian loyalists and spawning offshoots like KillNet 2.0. Cybersecurity experts describe the group as fluid and opportunistic, using its brand when beneficial and abandoning it when compromised.
READ THE STORY: The Record
SpaceX Launches 23 Starlink Satellites from California, Marks 450th Falcon 9 Booster Landing
Bottom Line Up Front (BLUF): SpaceX successfully launched 23 Starlink satellites aboard a Falcon 9 rocket from Vandenberg Space Force Base, California. This mission marked SpaceX's 61st Falcon 9 launch of the year and achieved a milestone 450th booster landing, reinforcing the company's dominance in satellite internet deployment and reusable launch technology.
Analyst Comments: The reusability milestone—450 booster landings—highlights SpaceX's unmatched operational efficiency and cost reduction in spaceflight. As global competitors race to establish low Earth orbit (LEO) internet coverage, SpaceX's infrastructure lead is becoming increasingly difficult to challenge. This also sets the stage for Starlink's broader commercial and defense applications, particularly in remote and conflict-prone regions.
FROM THE MEDIA: The Starlink 11-16 mission launched at 4:36 p.m. EDT (2036 GMT) and was the 18th flight for Falcon 9 booster B1075, which has now supported 14 previous Starlink launches. The booster landed successfully on the Pacific-based droneship “Of Course I Still Love You,” marking SpaceX’s 450th Falcon 9 landing. The satellites were deployed into low Earth orbit approximately one hour after launch. This mission is part of a busy weekend with up to three Starlink launches planned, and it adds to the rapidly growing Starlink network, designed to provide global high-speed internet access.
READ THE STORY: SPACE
Global Authorities Dismantle Lumma Infostealer Malware Network
Bottom Line Up Front (BLUF): An international coalition of law enforcement and tech firms has disrupted the Lumma infostealer malware operation, which was widely used to steal credentials, banking data, and crypto wallets. The takedown included seizing over 2,300 domains and key infrastructure, curbing the spread of malware that infected nearly 400,000 devices in just two months.
Analyst Comments: The Lumma takedown marks another significant blow against the growing infostealer ecosystem, which has become a preferred tool for both financially motivated cybercriminals and advanced persistent threat actors. With modular designs, AI integration, and distribution via phishing and fake software, Lumma and its variants have served as critical entry points for broader cyberattacks, including ransomware and espionage. While the operation disrupted current infrastructure, similar threats will likely reemerge under new branding unless systemic demand for infostealer services is reduced.
FROM THE MEDIA: Microsoft’s Digital Crimes Unit obtained a U.S. court order to seize domains linked to the malware’s infrastructure, while the Department of Justice disrupted associated marketplaces. Lumma, also known as LummaC2, emerged in 2022 on Russian-speaking cybercrime forums and quickly rose in popularity due to its ease of use and ability to bypass security tools. Between March and May 2025, Lumma infected over 394,000 Windows systems, and was cited in more than 21,000 listings across cybercrime forums. The malware was distributed via phishing emails, fake software, and deepfake-related lures. Microsoft identified the primary developer as a Russian actor known as “Shamel,” who sold the malware through Telegram and other forums. Despite the disruption, cybersecurity experts warn that the infostealer threat remains persistent and will likely evolve further.
READ THE STORY: Wired
Critical Infrastructure Faces Escalating Cyber Threats from Exploited Vulnerabilities
Bottom Line Up Front (BLUF): Critical infrastructure is increasingly under siege from cyberattacks that exploit unpatched vulnerabilities in legacy systems and internet-exposed assets. According to IBM X-Force, 70% of attacks in 2024 targeted critical infrastructure, with over a quarter initiated through vulnerability exploitation. Energy, water, telecoms, and healthcare sectors remain high-risk due to slow patching cycles and systemic exposure.
Analyst Comments: While credential theft and phishing remain prevalent, the scale and impact of vulnerability exploitation in critical systems signal a dangerous trend. Nation-state actors and cybercriminals are finding success by targeting outdated and unprotected devices that form the backbone of national infrastructure. As evidenced by incidents like Volt Typhoon and MOVEit, these attacks can pre-position adversaries to disrupt or destroy essential services. The industry must prioritize reducing exposure, accelerating patch cycles, and adopting proactive threat hunting and real-time monitoring to defend against these evolving threats.
FROM THE MEDIA: Attackers target VPNs, firewalls, legacy web servers, and internet-facing OT systems. IBM reports that several top-traded CVEs on the dark web in 2024 were associated with critical infrastructure and exploited by criminal and nation-state groups. High-profile campaigns, such as China’s Volt Typhoon using Fortinet and Cisco flaws, and Iran-linked CyberAv3ngers exploiting exposed PLC interfaces, show the global scope of the threat. Meanwhile, the Colonial Pipeline incident remains a cautionary example of how simple misconfigurations and missing multi-factor authentication can cascade into nationwide disruption. Experts warn that traditional, reactive defense models are insufficient, urging a shift toward proactive, system-wide cyber resilience.
READ THE STORY: CSO ONLINE
Zimbra XSS Vulnerability Exploited on 129K Servers; Sednit Suspected
Bottom Line Up Front (BLUF): A cross-site scripting (XSS) vulnerability tracked as CVE-2024-27443 in Zimbra Collaboration Suite (ZCS) is being actively exploited in the wild, potentially by the Russian state-linked Sednit group (APT28/Fancy Bear). The flaw affects over 129,000 online ZCS instances globally, prompting urgent patching recommendations from Zimbra and inclusion in CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Analyst Comments: Sednit's suspected involvement in Operation RoundPress highlights ongoing geopolitical cyber espionage aimed at infiltrating public and private sector communications. Unpatched systems remain high-risk vectors, especially those in on-prem or shared-host environments. With no public PoC yet released, immediate patching provides the best mitigation pathway.
FROM THE MEDIA: CVE-2024-27443 is a stored XSS vulnerability within Zimbra’s CalendarInvite feature, impacting ZCS versions 9.0 (Patch 1–38) and 10.0 (up to 10.0.6). Exploitation enables attackers to execute malicious JavaScript in user browsers when they open rigged calendar invites, potentially hijacking sessions. As of May 22, 2025, Censys identified over 129,000 vulnerable instances globally, most hosted in the cloud. Security firm ESET suspects the Sednit group may leverage this flaw in broader espionage activities. Zimbra has patched the issue in versions 9.0 Patch 39 and 10.0.7.
READ THE STORY: HR
Global Botnet Disrupted: DanaBot Takedown Marks Major Ransomware Blow
Bottom Line Up Front (BLUF): An international law enforcement coalition led by Europol and the U.S. Department of Justice dismantled infrastructure linked to multiple ransomware and initial access malware operations in a coordinated crackdown dubbed Operation Endgame. Key targets included the DanaBot malware network, resulting in 300 server takedowns, 650 domain seizures, and charges against 16 individuals accused of infecting over 300,000 systems.
Analyst Comments: Targeting botnet-as-a-service models like DanaBot also reflects growing law enforcement focus on the ecosystem enabling ransomware. However, while infrastructure seizures slow operations, the persistence of successor variants suggests these efforts must be ongoing and intelligence-driven to maintain momentum. The operation’s global scale and multi-sector collaboration demonstrate an evolving playbook for future cybercrime crackdowns.
FROM THE MEDIA: Europol and U.S. authorities revealed the results of Operation Endgame on May 23, 2025, announcing the dismantling of major infrastructure used by ransomware actors. The DOJ filed charges against 16 members of the DanaBot malware group, including Russian nationals Aleksandr Stepanov and Artem Kalinkin, for their roles in deploying malware that caused over $50 million in damage. DanaBot was used to gain network access, steal credentials, and facilitate ransomware deployment. The malware also reportedly targeted U.S. military and diplomatic systems. Concurrently, law enforcement agencies “neutralized” other malware families, including Qakbot, Trickbot, and Bumblebee, while issuing 20 new arrest warrants tied to ransomware operators. Organizations like CrowdStrike, Amazon, Google, and PayPal assisted the effort.
READ THE STORY: The Record
U.S.-UK Trade Pact Aims to Block Chinese Hardware Risks from Entering Critical Infrastructure
Bottom Line Up Front (BLUF): The newly signed U.S.-UK Economic Prosperity Deal includes strong national security clauses designed to keep Chinese components, particularly in infrastructure and energy tech, out of supply chains for goods exported to the U.S. The agreement signals a policy shift from tariffs to broader, preemptive restrictions on Chinese-made equipment suspected of carrying sabotage-enabling features.
Analyst Comments: This deal is part of a growing U.S. strategy to counter China's "Trojan horse" tactics in tech supply chains, amid repeated reports of embedded surveillance or sabotage-capable devices in power grid components, solar infrastructure, and port equipment. The national security provisions in the deal are likely to set a precedent for future trade agreements and accelerate global decoupling from Chinese industrial tech. The strategic alignment with the UK also serves as a political and economic counterweight to Chinese influence.
FROM THE MEDIA: This move aims to keep Chinese-manufactured components, especially in infrastructure systems, out of U.S. markets. China has strongly objected, citing unfair trade practices. However, multiple incidents reported by Reuters and the Wall Street Journal support U.S. concerns: unauthorized communication devices have been found in Chinese-made power inverters and port cranes. These devices could enable remote shutdowns or cyber sabotage of critical systems. Experts suggest the deal’s "poison pill" clauses could discourage global adoption of Chinese infrastructure tech.
READ THE STORY: The Hill
Commvault Zero-Day Prompts CISA Warning Over SaaS Supply Chain Risks
Bottom Line Up Front (BLUF): The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning following the exploitation of CVE-2025-3928 — a zero-day vulnerability in Commvault’s Azure-hosted M365 backup SaaS platform. The attack enabled threat actors to access stored Microsoft 365 application secrets, posing risks to customers using default configurations and elevated permissions. CISA advises immediate review and remediation of access configurations.
Analyst Comments: Attackers continue to prioritize cloud-native entry points, and compromised application secrets offer scalable access to multiple environments. The focus should now be credential rotation, hardened configurations, and audit logging to detect anomalies across SaaS-connected systems. This event may be part of a broader campaign targeting SaaS platforms with misconfigured or over-permissioned access roles.
FROM THE MEDIA: CISA’s alert stems from a breach disclosed by Commvault, where attackers exploited CVE-2025-3928 — a vulnerability rated 8.7 CVSS — to insert web shells in Commvault’s Azure infrastructure. Though Commvault asserts no customer data was accessed, the attackers aimed to harvest app credentials that could be used to compromise Microsoft 365 environments of downstream clients. CISA has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog. The agency recommends reviewing Microsoft Entra logs, enforcing IP-based access restrictions, rotating credentials, and auditing unnecessary admin privileges.
READ THE STORY: The Register
Chinese Taikonauts Install Debris Shield in 8-Hour Tiangong Spacewalk
Bottom Line Up Front (BLUF): Two Chinese astronauts aboard the Tiangong space station completed an eight-hour spacewalk on May 22, 2025, to install a debris shield and perform exterior maintenance. This marks the 19th extravehicular activity (EVA) on Tiangong and the first to utilize the Tianhe module's airlock.
Analyst Comments: China's continued development of the Tiangong space station showcases its long-term investment in sovereign human spaceflight capabilities. The focus on installing debris protection suggests growing concern about orbital congestion and space debris hazards. These developments underscore China’s strategic commitment to becoming a leading space power in terms of exploration and orbital infrastructure resilience.
FROM THE MEDIA: Chen Dong and Chen Zhongrui of the Shenzhou-20 mission completed a critical spacewalk on the Tiangong space station, working eight hours to affix a debris shield and conduct routine inspections. Supported by astronaut Wang Jie inside the station and ground control, this EVA was the first to use the Tianhe module’s node airlock. China’s space agency, CMSA, reported the taikonauts received assistance from the station’s robotic arm during shield deployment. The crew arrived on April 24 and is one month into a six-month mission. Tiangong, operational since 2022, continues its long-term occupancy with at least one more crewed launch expected later in 2025.
READ THE STORY: SPACE
South Africa Proposes Empowerment Law Changes to Enable Starlink Access
Bottom Line Up Front (BLUF): South Africa has proposed amendments to its Black Economic Empowerment (BEE) laws to allow Elon Musk’s Starlink satellite internet service to operate in the country. The changes, announced May 23, 2025, would enable foreign telecom companies to fulfill equity requirements through alternative measures such as local job creation or supplier development, rather than transferring 30% equity to Black South Africans.
Analyst Comments: South Africa’s approach to foreign tech investment signals the government's willingness to accommodate high-impact technologies that can bridge digital divides, especially in rural areas. The proposal reflects the rising geopolitical and economic influence of Musk’s ventures and pressure from U.S. diplomacy. While the workaround may accelerate Starlink’s rollout, it may spark domestic political backlash and raise questions about policy consistency, equity reform, and integrity.
FROM THE MEDIA: The legislative change was prompted after Musk, citing South Africa’s empowerment laws as “openly racist,” refused to comply with existing telecom regulations requiring 30% Black ownership. In response, Communications Minister Solly Malatsi proposed an “equity equivalence” framework allowing foreign firms to contribute via job creation, SME support, or infrastructure investment. The announcement follows a tense Oval Office meeting between U.S. President Donald Trump and South African President Cyril Ramaphosa, where the empowerment issue was reportedly raised. Critics, including opposition politician Julius Malema, have denounced the proposal as caving to foreign pressure.
READ THE STORY: FT
ViciousTrap Exploits Cisco Routers to Build Global Honeypot Network
Bottom Line Up Front (BLUF): A threat actor dubbed ViciousTrap has compromised over 5,300 Cisco routers across 84 countries using CVE-2023-20118, a known vulnerability in Cisco Small Business RV routers. The attackers have turned these devices into a global honeypot infrastructure to intercept traffic and collect exploit data and credentials. The campaign is ongoing, with infrastructure traced to Malaysia and activity dating back to March 2025.
Analyst Comments: This operation demonstrates a sophisticated and strategic repurposing of compromised network edge devices for adversary-in-the-middle (AitM) surveillance and intelligence gathering. By building a distributed honeypot network, ViciousTrap can silently monitor global threat activity, potentially gathering sensitive data or unearthing zero-day exploits. The campaign shows hallmarks of Chinese-speaking actors and reflects an evolution in adversarial tradecraft, merging traditional botnet techniques with cyberespionage motives.
FROM THE MEDIA: ViciousTrap exploited the Cisco RV router vulnerability (CVE-2023-20118) to install a shell script called NetGhost, which reroutes inbound traffic from compromised routers to attacker-controlled infrastructure. Most affected devices are located in Macau, with additional infections spanning 84 countries. The routers involved are older Cisco SOHO models, often used in small businesses and edge environments. The attacker infrastructure is tied to Autonomous System AS45839, operated by Malaysian hosting provider Shinjiru. The group has reused tools from the PolarEdge botnet and has demonstrated links to the GobRAT infrastructure, indicating Chinese-speaking origins.
READ THE STORY: THN
Russian Cyber Unit APT28 Targets Western Defense and Logistics Firms in Aid Disruption Campaign
Bottom Line Up Front (BLUF): A joint advisory issued by U.S. and allied cyber agencies warns that Russia’s GRU Unit 26165 (APT28/Fancy Bear) is conducting a targeted cyber campaign against IT, defense, and transportation firms supporting Ukraine. The operation aims to hinder military aid logistics by infiltrating Western companies and surveillance infrastructure.
Analyst Comments: The compromise of IP cameras and logistics systems offers Russia granular insights into aid movements, potentially enabling physical interdiction or psychological operations. This evolution from conventional cyber sabotage to real-time battlefield surveillance underscores the growing role of cyberwarfare in hybrid conflicts. Organizations supporting military logistics should adopt a “targeted by default” security posture and reassess exposure points like IP-connected devices and under-secured operational tech.
FROM THE MEDIA: The operation is reportedly designed to disrupt aid to Ukraine by infiltrating systems and tracking shipments. Techniques include credential stuffing, spear phishing, NTLM relay attacks via Microsoft Outlook vulnerabilities, and post-compromise lateral movement. The group has also hijacked IP cameras in Ukraine and bordering NATO states to monitor supply routes. Analysts believe the campaign began shortly after Russia’s 2022 invasion and escalated as Western support to Ukraine intensified.
READ THE STORY: Breaking Defense
Oracle Commits $40B for Nvidia Chips to Power OpenAI’s Project Stargate Data Center
Bottom Line Up Front (BLUF): Oracle will spend approximately $40 billion on Nvidia's GB200 AI chips to support OpenAI's massive new U.S. data center in Abilene, Texas, a cornerstone of the $500 billion Project Stargate initiative. The site will provide 1.2 gigawatts of computing power, making it one of the world’s most significant AI infrastructure projects.
Analyst Comments: The Abilene facility represents a significant step in OpenAI’s move to reduce dependency on Microsoft and increase compute autonomy. The scale and investment signal that hyperscale AI training, requiring unprecedented energy and hardware, will define tech competitiveness. However, questions remain about these high-capital projects' sustainability, power availability, and long-term returns amid rapidly evolving AI chip efficiencies.
FROM THE MEDIA: Oracle has agreed to purchase around 400,000 Nvidia GB200 "superchips" to power the Abilene data center, which it will lease for 15 years. The project is part of OpenAI and SoftBank's Project Stargate, which aims to invest up to $500 billion over the next four years in global AI infrastructure. The Abilene facility, expected to go live by mid-2026, is backed by $15 billion in funding, including $9.6 billion in loans led by JPMorgan and $5 billion in equity from Crusoe and Blue Owl Capital. The move reflects OpenAI’s exit from its exclusive cloud compute agreement with Microsoft. Oracle’s investment rivals Elon Musk’s plans for his "Colossus" data center and Amazon’s Northern Virginia site, all vying for leadership in AI infrastructure.
READ THE STORY: FT
Items of interest
Global Law Enforcement Takes Down Dark Web Psychedelics Empire Built on DMT Trafficking
Bottom Line Up Front (BLUF): A multi-year Homeland Security investigation has dismantled a massive online psychedelics trafficking operation run by Joseph Clements, aka "Akasha Song" and "Shimshai." Using the dark web, Clements built a multimillion-dollar business extracting and distributing DMT, selling retail and wholesale quantities across the globe.
Analyst Comments: This case illustrates the convergence of cryptocurrency, global logistics, and encrypted marketplaces in the modern illicit drug trade. The operation leveraged legal gray areas around raw plant imports, pseudonymous online identities, and decentralized e-commerce to scale DMT distribution to industrial levels. While focused on psychedelics, the case reflects broader cybercrime trends, including the use of dark web anonymity tools, custom branding, and laundering via crypto exchanges. Expect law enforcement to tighten further controls around chemical precursors and target high-volume darknet actors exploiting regulatory loopholes.
FROM THE MEDIA: Joseph Clements, operating under the alias "Shimshai," built one of the most significant known psychedelic drug operations using dark web marketplaces. He extracted DMT from jurema preta bark in covert U.S. labs and sold millions of doses online. His network extended globally, with raw materials sourced from Brazil and laundering done through foreign crypto exchanges. The operation peaked with over 200 daily shipments, aided by sophisticated lab equipment and decentralized logistics. Homeland Security began tracking him in 2017, intercepting bark shipments and conducting a sting in 2022. In 2023, Clements was sentenced to 24 months in federal prison after authorities calculated that the bark contained only a small percentage of DMT, dramatically reducing sentencing weight. Colorado’s recent decriminalization of DMT also influenced the case’s outcome.
READ THE STORY: WIRED
The Entities that Exist Within Psychedelics | With Dennis McKenna (Video)
FROM THE MEDIA: Dr. Jordan B. Peterson and Dr. Dennis McKenna discuss the entities that exist beyond our reality that users of psychedelic medicine have reportedly been able to contact. Together they examine the causation, the science, the depth of such beings, and how they truly correlate to sections of our own personalities.
Inside a Home DMT Lab Run by A Chemistry Teacher | High Society (Video)
FROM THE MEDIA: VICE visits a homemade DMT lab in the heart of London and sees how the product is made. Splitting his time between teaching chemistry and making DMT, ‘Bob’ shows he has become a real life, Walter White.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.