Wednesday, May 28, 2025 // (IG): BB // GITHUB // SN R&D
China’s ‘Made in China 2025’ Policy Reshapes Global Manufacturing and Sparks Trade Tensions
Bottom Line Up Front (BLUF): Made in China 2025, has successfully transformed the nation into a global manufacturing powerhouse, particularly in robotics, electric vehicles, and advanced rail systems. However, this transformation—driven by heavy subsidies, state-backed funds, and restricted market access—has created global trade friction and raised concerns about overcapacity, market distortions, and fair competition.
Analyst Comments: China’s approach to industrial policy—centralized planning, massive capital deployment, and aggressive localization—has proven effective in scaling technological manufacturing capabilities. But it also reveals the risks of state-driven overproduction and dependency on export markets. As Beijing shifts toward “new quality productive forces,” including AI and humanoid robotics, other nations may be forced to respond with protective policies, particularly in strategic tech sectors. The challenge now for Western democracies lies in balancing industrial competitiveness with open market values amid rising geopolitical and economic tensions.
FROM THE MEDIA: The strategy combined hundreds of state-guided investment funds, favorable tax policies, and restricted foreign access to accelerate domestic capabilities in robotics, smart manufacturing, and EVs. While the policy succeeded in scaling up domestic production and reducing import dependence in key sectors, it also created overcapacity and intensified trade tensions with the U.S. and Europe. Despite criticism and structural inefficiencies, Beijing is doubling its industrial policy under “new quality productive forces,” targeting next-gen technologies such as AI and humanoid robots. Critics argue that the plan has come at the expense of long-term innovation and productivity, but China remains committed to its model of manufacturing-led national strength.
READ THE STORY: FT
Iranian National Sentenced to Over 13 Years for Ransomware Attacks Targeting U.S. Entities
Bottom Line Up Front (BLUF): An Iranian national has been sentenced to more than 13 years in U.S. federal prison for conducting a series of ransomware attacks against American companies and public institutions. The individual was part of a broader cybercriminal network that targeted critical infrastructure and extorted millions in ransom payments.
Analyst Comments: While not officially tied to Tehran, the attacker’s operations reflect the broader trend of Iranian nationals participating in ransomware campaigns targeting U.S. interests. The sentencing sends a strong message about the U.S. justice system’s willingness to pursue and prosecute foreign nationals for cyber offenses—even when geopolitical tensions complicate extradition and legal processes.
FROM THE MEDIA: Prosecutors stated that the man was involved in deploying ransomware, stealing data, and extorting victims for cryptocurrency payments between 2020 and 2022. The attacks caused millions of dollars in damages and disrupted critical services. While the defendant did not act under official government orders, law enforcement views the case as part of a pattern of Iranian cyber actors operating with relative impunity within Iran. The conviction follows an international law enforcement effort and cooperation with cybersecurity firms that helped trace the activity and link it to the suspect.
READ THE STORY: The Record
New Self-Spreading Malware Exploits PHP Vulnerabilities to Infect Over 90,000 Servers
Bottom Line Up Front (BLUF): A new self-propagating malware strain has infected over 90,000 web servers globally by exploiting unpatched PHP vulnerabilities. The malware leverages a worm-like mechanism to spread laterally across vulnerable systems, deploying a persistent web shell for remote control.
Analyst Comments: The malware’s ability to self-replicate makes it a high-priority threat, especially for service providers and small to mid-sized businesses that rely on legacy or unmanaged PHP-based web apps. With over 90,000 servers compromised, the campaign could evolve into a larger botnet or a launchpad for future attacks, including ransomware or supply chain compromises.
FROM THE MEDIA: A new PHP-based malware strain has infected over 90,000 servers worldwide. The malware exploits multiple known and likely zero-day vulnerabilities in PHP applications to gain remote access and execute arbitrary commands. Once it compromises a server, it drops a stealthy web shell and scans the internet for additional targets, continuing the infection chain autonomously. The malware includes evasion techniques to bypass detection and persistence mechanisms to survive server reboots. Security researchers have traced the infections to a coordinated campaign likely run by a financially motivated cybercrime group. Efforts are ongoing to identify the full scope of the attack infrastructure.
READ THE STORY: THN
Trump Proposes Mandatory U.S. Manufacturing for iPhones to Boost Tech Sovereignty
Bottom Line Up Front (BLUF): Former U.S. President Donald Trump has proposed legislation requiring Apple to manufacture iPhones entirely within the United States, citing national security and economic independence concerns. The announcement is part of his broader 2025 campaign platform focused on reshoring critical technology supply chains.
Analyst Comments: Trump's call to mandate domestic iPhone production aligns with a broader geopolitical push to reduce U.S. dependence on Chinese manufacturing, especially in tech hardware. While logistically and economically challenging, the proposal taps into rising public and political sentiment around supply chain security and technological sovereignty. However, forcing tech giants to shift operations could face fierce industry resistance and may strain U.S.-China trade relations further. It also reflects the growing fusion of economic policy with national security considerations in the technology sector.
FROM THE MEDIA: Donald Trump, speaking at a campaign rally, vowed to require Apple to build all iPhones in the U.S. if re-elected. He framed the move as essential to protect American jobs and reduce exposure to Chinese espionage through foreign-manufactured components. Trump criticized Apple for its reliance on Chinese facilities and pledged new tariffs and incentives to pressure companies into domestic production. The comments sparked debate in the tech industry, with analysts pointing to the enormous infrastructure and cost implications of such a shift. Apple has not officially responded to the proposal.
READ THE STORY: The Register
DPRK’s Velvet Chollima Targets Government Officials with Espionage Malware Campaign
Bottom Line Up Front (BLUF): A North Korean APT group known as Velvet Chollima targets government officials across Asia and beyond using a new cyber-espionage campaign involving custom malware and phishing lures. The campaign aims to exfiltrate sensitive data and monitor diplomatic communications.
Analyst Comments: Velvet Chollima’s latest campaign highlights Pyongyang’s continued investment in cyber-espionage capabilities targeting political and strategic intelligence. The group’s use of well-crafted phishing emails and stealthy backdoors suggests high operational maturity and intent. As North Korea remains isolated diplomatically, its reliance on cyber operations to gather intelligence and pursue geopolitical leverage will likely intensify. Governments should anticipate further spear-phishing efforts against foreign ministries, embassies, and regional organizations.
FROM THE MEDIA: The group used phishing emails spoofing official government communications to deliver a custom malware strain for data exfiltration and surveillance. The malware establishes persistent access, captures keystrokes, steals credentials, and exfiltrates documents to remote command-and-control servers. The group is believed to operate under the broader Lazarus umbrella and has a history of targeting defense, diplomatic, and humanitarian sectors. Researchers noted the malware's strong obfuscation and anti-analysis techniques, suggesting the campaign is ongoing and evolving.
READ THE STORY: GBhackers
China Accuses Taiwan-Affiliated Group of Launching Cyberattacks on Mainland Infrastructure
Bottom Line Up Front (BLUF): China has publicly accused a Taiwan-linked hacking group of carrying out cyberattacks against the mainland Chinese government and infrastructure systems. Beijing claims the group is connected to Taiwan’s Ministry of National Defense, escalating cross-strait tensions in the cyber domain.
Analyst Comments: While attribution in cyberspace is often opaque, Beijing’s decision to publicize these claims suggests a strategic intent—possibly to justify future retaliatory actions or discredit Taiwan internationally. It also reflects growing pressure on both sides to assert digital dominance as geopolitical and military friction escalates. This development may prompt Taiwan to reinforce its cyber defenses and information warfare posture amid concerns over escalation in the cyber domain.
FROM THE MEDIA: Chinese authorities have accused a Taiwan-based cyber unit of conducting attacks on government networks and critical infrastructure. Beijing claims the group is affiliated with Taiwan’s military and has been involved in cyber-espionage and disruptive operations. The Chinese government alleges that the threat actors used spear-phishing campaigns and custom malware to breach mainland systems. Taiwan has not officially responded to the accusations, and no independent forensic evidence has been made public. The announcement comes amid heightened tensions over Taiwan’s growing military ties with the West and China’s increasingly aggressive regional posture.
READ THE STORY: The Record
Global Law Enforcement Operation Dismantles DanaBot Infrastructure Tied to Russian Cybercrime
Bottom Line Up Front (BLUF): An international law enforcement coalition has taken down the infrastructure of DanaBot, a major Russian-linked banking trojan operation responsible for large-scale financial theft across Europe and North America. The coordinated takedown involved agencies from multiple countries, resulting in the seizure of domains and servers used to control the malware.
Analyst Comments: Originally surfacing in 2018, DanaBot evolved into a modular, resilient malware-as-a-service platform used by Russian-speaking criminals. Its takedown demonstrates growing international resolve and technical collaboration to disrupt high-impact cybercrime ecosystems. However, as with similar past efforts, the operators may attempt to rebuild under new infrastructure or aliases, highlighting the need for continued vigilance.
FROM THE MEDIA: The malware has been used to steal banking credentials, deploy secondary payloads, and facilitate access-for-rent schemes. Authorities seized multiple domains and servers during the operation and coordinated arrests and interrogations in several jurisdictions. DanaBot was known for targeting financial institutions and businesses through phishing and malicious spam campaigns. Europol and the
READ THE STORY: DR
Critical Zero-Interaction libvpx Flaw in Firefox Enables Remote Code Execution
Bottom Line Up Front (BLUF): Mozilla has patched a critical zero-interaction vulnerability in Firefox 139 related to the libvpx encoder, which could allow attackers to execute arbitrary code simply through normal web browsing. The flaw, affecting the vpx_codec_enc_init_multi function used in WebRTC, enables memory corruption via a double-free bug.
Analyst Comments: Given Firefox’s broad user base and the vulnerability’s exploitation potential across platforms, this flaw may become a prime target for threat actors, particularly in espionage or mass exploitation campaigns. Organizations should prioritize patching, and security teams should monitor for indicators of exploitation related to WebRTC or multimedia processing components.
FROM THE MEDIA: Firefox 139 includes a fix for a critical vulnerability in the libvpx encoder, a library for processing video in WebRTC applications. Mozilla engineer Randell Jesup discovered the flaw involving a double-free condition in the encoder initialization function. If triggered, the vulnerability can corrupt memory and lead to remote code execution. Mozilla rated the issue as critical because it requires no user interaction. Additional moderate-severity vulnerabilities were also fixed, including local code execution flaws in the “Copy as cURL” developer tool and several cross-origin and clickjacking issues. Mozilla strongly urges users to update their browsers to mitigate these risks.
READ THE STORY: GBhackers
Pirelli Faces Potential U.S. Sale Restrictions Due to Chinese Ownership Concerns
Bottom Line Up Front (BLUF): Pirelli, the Italian tire giant, may face sales and distribution restrictions in the United States due to its partial ownership by the Chinese state-linked conglomerate Sinochem. U.S. authorities are reportedly reviewing the situation over national security concerns, especially regarding data collection from innovative tire technology.
Analyst Comments: As smart tire technology collects real-time telemetry, pressure, and geolocation data, ownership by a Chinese firm raises red flags in Washington, echoing broader trends seen in the semiconductor and telecommunications sectors. The Pirelli situation underscores how even traditional manufacturing sectors are now entangled in digital and geopolitical considerations, with data sovereignty becoming a key factor in foreign investment reviews.
FROM THE MEDIA: U.S. regulators are considering restrictions on Pirelli’s business operations due to concerns over its Chinese ownership structure. Sinochem, a Chinese state-owned chemical company, holds a controlling stake in Pirelli, which has led to increased regulatory attention amid tensions between the U.S. and China. Of particular concern is the potential for vehicle data collected by Pirelli’s smart tires to be accessed by foreign actors. While no official ban has been issued, the Committee on Foreign Investment in the United States (CFIUS) is reportedly assessing whether Pirelli’s products pose a national security risk. Pirelli has stated its compliance with all international regulations.
READ THE STORY: Team BHP
Russian Programmer Sentenced to 14 Years for Leaking Military Data to Ukraine
Bottom Line Up Front (BLUF): A Russian court has sentenced software developer Mikhail Shubin to 14 years in prison for allegedly leaking sensitive military data to Ukrainian intelligence. The case is one of the harshest punishments under Russia’s wartime espionage laws.
Analyst Comments: Shubin’s case sends a strong deterrent signal to other Russian tech workers who may sympathize with Ukraine or oppose the war. It also underscores how civilian access to defense-related IT systems can pose insider threats in wartime. As cyber and kinetic conflicts continue to converge, nations increasingly use harsh legal penalties to protect military secrecy and enforce loyalty in the digital domain.
FROM THE MEDIA: Mikhail Shubin to 14 years in a high-security prison for allegedly passing confidential military technical information to Ukrainian intelligence. According to prosecutors, Shubin accessed the data through his work on military software systems and transferred it to Ukraine via encrypted messaging channels. The court found him guilty of state treason under Article 275 of the Russian Criminal Code. His case follows a broader pattern of internal security measures taken by Russia since the start of its full-scale invasion of Ukraine, aimed at preventing leaks and suppressing pro-Ukrainian sentiment among the tech community.
READ THE STORY: The Record
Russian Government Hackers Caught Purchasing Stolen Credentials from Cybercriminal Markets
Bottom Line Up Front (BLUF): Russian state-sponsored hackers have been observed purchasing login credentials from cybercriminal marketplaces to infiltrate Western government and corporate networks. Mandiant researchers confirmed the activity is tied to APT28 (Fancy Bear), a GRU-linked threat group.
Analyst Comments: This revelation blurs the line between state-sponsored espionage and traditional cybercrime, showing how government-backed hackers increasingly leverage criminal infrastructure to achieve strategic goals. State actors can reduce operational risk and cost by buying stolen credentials instead of conducting bespoke intrusions. This hybrid model complicates attribution and highlights the growing convergence between espionage and the cybercrime economy. It also reinforces the need for rapid credential exposure monitoring and zero-trust access models within high-value organizations.
FROM THE MEDIA: Mandiant uncovered activity linking Russia’s APT28 to the purchase of compromised credentials on illicit markets. These credentials were later used in targeted attacks against U.S. and European institutions, including government agencies and defense contractors. The actors used previously stolen credentials from infostealer malware logs, readily available on forums like Genesis Market and Russian-language dark web shops. The move reflects a tactical shift by nation-state hackers to use criminal data as a force multiplier. Mandiant noted that while the credentials were criminal, the subsequent activity and targeting aligned with Russian intelligence interests.
READ THE STORY: SecurityWeek
Russian Hackers Breach 20 NGOs Using Google Drive-Themed Phishing Campaign
Bottom Line Up Front (BLUF): A Russian state-sponsored threat actor has compromised at least 20 non-governmental organizations (NGOs) through a phishing campaign impersonating Google Drive notifications. The attackers used this lure to deploy custom malware and steal sensitive internal documents.
Analyst Comments: By mimicking common tools like Google Drive, attackers lower their detection risk and increase their likelihood of success. NGOs—particularly those involved in humanitarian, civil society, and geopolitical work—remain prime targets for espionage due to their connections and data on political actors. As APT groups increasingly blend cybercrime tactics with strategic objectives, defending against them requires a mix of technical controls and user awareness training.
FROM THE MEDIA: According to researchers at Palo Alto Networks' Unit 42, the phishing emails contained links to fake login pages crafted to harvest credentials. Once credentials were captured, attackers deployed malware that provided persistent access and facilitated document theft. The campaign targeted organizations in Europe, the U.S., and Asia, many focusing on human rights and political advocacy. The attackers used infrastructure and tactics consistent with APT29 (Cozy Bear), a group linked to Russian intelligence services. The campaign is ongoing, and victims are being notified.
READ THE STORY: THN
APT36 and SideCopy Hackers Target India’s Critical Infrastructure in Coordinated Espionage Campaign
Bottom Line Up Front (BLUF): Pakistan-linked APT groups APT36 and SideCopy are targeting India’s critical infrastructure using spear phishing and custom malware. According to researchers from Cyble, the campaign is designed to exfiltrate sensitive data from the government, defense, and energy sectors.
Analyst Comments: APT36 and SideCopy continue to evolve their tooling and tradecraft, often mirroring the tactics of more sophisticated actors to evade detection. Their focus on critical infrastructure suggests strategic motivations that extend beyond intelligence gathering to potential disruption. As geopolitical tensions remain high in South Asia, organizations supporting national infrastructure must reinforce cyber hygiene, implement threat detection measures, and prepare for lateral movement attempts.
FROM THE MEDIA: The attackers used phishing emails with malicious documents and compromised websites to deliver backdoors and remote access trojans (RATs). These tools allow attackers to surveil, extract files, and gain long-term access to networks supporting India’s critical infrastructure. The campaign appears ongoing, with infrastructure and payloads regularly updated to avoid detection. The targeted sectors include energy, telecommunications, and government services, with some attacks mimicking Indian government communications to enhance credibility.
READ THE STORY: GBhackers
Items of interest
European Industry Leaders Urge Abandonment of Battery Rivalry With China in Favor of Cooperation
Bottom Line Up Front (BLUF): Top executives from Eramet and Umicore have stated that Europe should abandon efforts to rival China’s battery industry independently and instead pursue partnerships with Chinese companies. Following the collapse of Swedish battery startup Northvolt, the leaders argue that Europe lacks the scale, technology, and supply chain depth to catch up without Chinese cooperation.
Analyst Comments: While pragmatic, the call for deeper integration with Chinese battery manufacturers could expose Europe to long-term technological and geopolitical dependency, especially as battery production becomes central to green transitions and economic security. The comments may also clash with emerging U.S.-EU industrial policies that aim to reduce reliance on China. Policymakers must now weigh the short-term need for competitiveness against the long-term costs of surrendering control over essential supply chains.
FROM THE MEDIA: The chairs of French mining firm Eramet and battery materials leader Umicore said Europe should "embrace China" rather than compete with its dominance in battery technology. They argue that China’s 20-year head start in battery R&D and manufacturing has made it "unrealistic" for Europe to build a rival industry from scratch. Instead, they propose requiring Chinese firms like CATL and BYD to invest locally in Europe through joint ventures and IP-sharing arrangements. Critics warn that many Chinese firms avoid transferring knowledge and often import their labor, turning European ventures into mere assembly hubs. Despite efforts by some Chinese companies to establish local production, such as CATL’s factories in Hungary and Germany, analysts caution that a lack of European upstream capacity and policy coordination remains a significant barrier to battery sovereignty.
READ THE STORY: FT
Why China is winning the EV war (Video)
FROM THE MEDIA: The Biden administration set a climate goal that 50 percent of all new car sales in the US would be electric by 2030. Meanwhile, China reached that milestone this year, in 2024. This video explains how China was able to fast-track EV adoption and develop an EV battery that rivals what any other country has been able to do so far. It’s been a decade of government strategies that have created some of the biggest battery companies in the world, like CATL and BYD.
China’s Massive EV Battery Industry: Can the U.S. Catch Up? | WSJ U.S. vs. China (Video)
FROM THE MEDIA: China’s dominance is clear when it comes to powering electric vehicles. The U.S. lags in most steps of the battery-making process, from sourcing raw materials to assembling components.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.