Thursday, May 29, 2025 // (IG): BB // GITHUB // SN R&D
U.S. Begins Revoking Chinese Student Visas in Escalation of Tech and Education Crackdown
Bottom Line Up Front (BLUF): Under Secretary of State Marco Rubio, the U.S. government is revoking visas for Chinese students linked to the Chinese Communist Party or studying in sensitive technological fields. This move is part of a broader Trump administration effort to tighten scrutiny over foreign students amid rising U.S.-China tensions.
Analyst Comments: The visa revocations mark a significant escalation in the geopolitical technology rivalry between the U.S. and China, with academia and research now clearly in the crosshairs. The move risks chilling international academic collaboration and could further fragment global innovation ecosystems. Universities—already under political scrutiny—may be forced to tighten admission criteria and monitor research access more closely. While U.S. officials cite national security concerns, this policy shift also raises questions about academic freedom, scientific openness, and the future of American soft power.
FROM THE MEDIA: Marco Rubio announced a plan to “aggressively” revoke visas of Chinese students studying in the U.S., particularly those with links to the Chinese Communist Party or involved in critical technological fields. The State Department also suspended new student visa interviews at U.S. embassies while reviewing social media and background checks. Rubio emphasized that a visa is “a privilege,” not a right, and said the revocations already number in the thousands. This follows President Trump’s directive to limit foreign student enrollment at elite institutions and aligns with broader efforts to curb foreign influence and espionage on U.S. campuses. The crackdown comes amid ongoing trade, intellectual property, and national security tensions.
READ THE STORY: Bloomberg
Czech Republic Accuses China-Linked APT31 of Cyber Espionage Targeting Government Institutions
Bottom Line Up Front (BLUF): Czech authorities have formally accused the China-linked threat group APT31 of conducting a long-term cyber espionage campaign against its government institutions. The operation, reportedly ongoing since 2020, targeted critical infrastructure and appears state-sponsored.
Analyst Comments: The Czech government signals a growing willingness among European states to publicly call out cyber intrusions by nation-state actors, particularly from China. Identifying APT31—a group with well-documented links to Chinese intelligence—adds credibility to the claims and aligns with similar allegations made by other Western nations. These public disclosures may lead to diplomatic consequences or increased counter-cyber operations as geopolitical tensions escalate, especially around cybersecurity norms and digital sovereignty. The case also highlights persistent vulnerabilities in government systems that remain attractive targets for foreign intelligence gathering.
FROM THE MEDIA: Prime Minister Petr Fiala's office announced that Chinese state-sponsored actors had been behind a long-running cyber espionage operation targeting Czech government institutions. The campaign was attributed to APT31, also known as "Zirconium" or "Judgement Panda," a group previously linked to China’s Ministry of State Security. The Czech National Cyber and Information Security Agency (NUKIB) and Military Intelligence jointly conducted the investigation, which found that the actors had maintained access to Czech networks since at least 2020. The activity focused on data exfiltration and strategic surveillance, targeting email servers and internal communications systems. In response, the Czech Ministry of Foreign Affairs summoned the Chinese ambassador and condemned the actions as violating international norms. China’s embassy denied the allegations, calling them “unfounded and irresponsible.”
READ THE STORY: Reuters
Ukraine Arrests Alleged Russian Spies Who Used Dash Cams to Aid Missile Strikes
Bottom Line Up Front (BLUF): Ukraine’s Security Service (SBU) detained five young Ukrainians accused of aiding Russian missile strikes by filming military sites with dash cams. The suspects were allegedly recruited via Telegram and reported intelligence to Russian handlers.
Analyst Comments: Using decentralized local assets—young civilians seeking money—reflects a hybrid warfare strategy that blends cyber, physical, and psychological operations. It also underlines Ukraine’s enduring challenge in securing its critical infrastructure and population against unconventional intelligence threats. Expect increased surveillance of public electronics and enhanced counterintelligence efforts, particularly around military zones.
FROM THE MEDIA: Ukraine’s SBU arrested five individuals, aged 16 to 23, for allegedly assisting Russian forces by filming military installations with dashboard cameras. The suspects, including a Zaporizhzhia student and two Kharkiv brothers, operated independently while reporting to a single Russian intelligence handler. They placed cars near military sites, left dash cams running for up to 12 hours, and monitored from nearby cafes while periodically changing memory cards. The individuals were recruited through Telegram with the promise of "easy money" and are now charged with high treason under martial law—an offense punishable by life imprisonment. The SBU had previously warned about the weaponization of civilian surveillance systems by Russian operatives.
READ THE STORY: The Record
Israel Confirms Use of Laser Air Defense to Intercept Drones in Active Combat
Bottom Line Up Front (BLUF): Israel has used its Iron Beam laser air-defense system to intercept drones more than 40 times since the start of its multifront war in 2023. The Defense Ministry released footage of successful interceptions, marking one of the first confirmed wartime deployments of high-energy laser weapons.
Analyst Comments: The technology offers a cost-effective alternative to traditional interceptors, but limitations remain, such as weather sensitivity and one-target-at-a-time restrictions. Integrating lasers into Israel’s multi-tiered air-defense network signals a future where hybrid kinetic-energy and directed-energy systems work in tandem. U.S. defense partners will likely accelerate collaboration and development as lasers move from experimental to operational status.
FROM THE MEDIA: The lasers were reportedly used over 40 times, primarily against threats from Lebanon. The Defense Ministry released a video showing drones being disabled mid-air by laser beams. Though less effective against high-speed missiles, lasers provide an inexpensive alternative to costly missile interceptors like those used in the Iron Dome system. Israeli officials said the laser systems—produced by Rafael Advanced Defense Systems—will soon be incorporated into the country’s broader air-defense architecture. Analysts caution, however, that lasers are still limited in adverse weather conditions and face challenges in scalability.
READ THE STORY: WSJ
Ukraine Blames Russian State Hackers for Cyberattacks on News Media Infrastructure
Bottom Line Up Front (BLUF): Ukraine's State Service for Special Communications and Information Protection (SSSCIP) has accused Russian state-sponsored hackers of targeting Ukrainian media organizations with cyberattacks. The goal appears to be disrupting the dissemination of information and sowing disinformation during the ongoing conflict.
Analyst Comments: Targeting media outlets serves tactical and strategic objectives—disrupting communication channels and undermining public trust in domestic narratives. These operations will likely intensify as the conflict continues, especially during key dates or geopolitical developments. Ukraine and its allies expect increased investment in media infrastructure resilience and counter-disinformation initiatives.
FROM THE MEDIA: Ukrainian cyber authorities have linked recent cyberattacks on domestic media companies to Russian state-sponsored hackers. The SSSCIP noted that the attacks attempted to compromise the digital infrastructure responsible for publishing news and broadcasting content. The campaign, which involved phishing, malware, and distributed denial-of-service (DDoS) tactics, is seen as part of Russia’s broader effort to destabilize Ukrainian information systems. The report did not specify the threat group but indicated clear hallmarks of Russian cyber operations, including techniques seen in previous campaigns targeting energy and government sectors. Ukrainian officials have called for enhanced international cooperation to protect critical media assets.
READ THE STORY: The Record
U.S. Data Centers Face Strategic Risk Over Heavy Dependence on Chinese Lithium
Bottom Line Up Front (BLUF): Data centers in the United States are highly dependent on lithium-based batteries, the supply and refining of which are dominated by China. This overreliance poses strategic and operational risks as geopolitical tensions rise and China tightens export controls on key battery technologies.
Analyst Comments: The concentration of lithium refining capacity in China—more than 60% of the global total—creates a critical vulnerability for U.S. digital infrastructure. As data centers grow in number and importance, particularly with the expansion of AI and cloud computing, their exposure to Chinese-controlled lithium supply chains becomes a national security concern. Exploring alternative battery technologies, such as organic flow and sodium-ion batteries, is promising, but these solutions are still in their early stages. Over the next decade, expect the U.S. to ramp up efforts to localize lithium processing and diversify its energy storage options, especially for critical infrastructure.
FROM THE MEDIA: China dominates the global lithium supply chain, refining over 60% of the world's lithium and exporting $15.3 billion in lithium batteries to the U.S. last year. Recent moves by China to restrict exports of key battery-processing technologies—including those for lithium and gallium—have heightened concerns about the vulnerability of U.S. infrastructure. In response, companies like Prometheus Hyperscale are exploring alternatives such as organic flow batteries, which do not rely on lithium or other geopolitically sensitive minerals. While these alternatives are not widely adopted, they begin a strategic shift in U.S. energy storage policy.
READ THE STORY: FT
251 Amazon-Hosted IPs Used in Widespread Exploit Campaign Targeting Web Servers
Bottom Line Up Front (BLUF): Security researchers have identified at least 251 Amazon Web Services (AWS) IP addresses used in a large-scale exploit campaign targeting web servers with known vulnerabilities. The attackers are using these cloud-hosted resources to launch HTTP-based attacks and deploy malware, raising concerns about abuse of public cloud infrastructure.
Analyst Comments: AWS infrastructure in this exploit campaign underscores a persistent challenge in cybersecurity: attackers increasingly leverage trusted cloud providers to mask malicious activity and bypass traditional defenses. This trend complicates attribution and incident response, as organizations may hesitate to block cloud traffic due to potential business impact. While AWS has protocols for abuse reporting, the scale and duration of this campaign suggest that existing detection and takedown mechanisms may not be keeping pace. Expect calls for tighter coordination between cloud providers and security researchers and improved monitoring tools that can detect malicious behavior originating from reputable IP ranges.
FROM THE MEDIA: The attackers exploit known vulnerabilities in web servers to deliver malware payloads and establish persistence on compromised systems. The malicious activity involves HTTP POST and GET requests to deploy web shells, crypto miners, and data exfiltration tools. While the specific vulnerabilities being targeted were not named, the nature of the campaign indicates automated scanning and exploitation at scale. Cado Security has reported the abuse to AWS, which is investigating the issue. The findings highlight a recurring problem of threat actors abusing cloud-hosted IP space for cyberattacks.
READ THE STORY: THN
Senator Marco Rubio Warns of European Social Media Crackdown and Its Impact on U.S. Tech Firms
Bottom Line Up Front (BLUF): Senator Marco Rubio has raised concerns about Europe’s growing regulatory pressure on American social media platforms, arguing that the European Union's digital policies risk undermining U.S. economic and strategic interests. Rubio is urging Congress to respond with stronger protections for American tech companies.
Analyst Comments: Rubio’s remarks reflect a broader geopolitical tension over digital sovereignty and the regulation of Big Tech. American lawmakers increasingly view these policies through a national security and competitiveness lens as the EU pushes forward with the Digital Services Act (DSA) and other platform accountability measures. Rubio’s framing—casting EU digital policy as potentially harmful to U.S. power—signals a shift from domestic platform regulation to viewing tech governance as a battleground in international affairs. This could accelerate legislative efforts to shield U.S. firms abroad or retaliate against perceived overreach.
FROM THE MEDIA: In remarks made during a Senate Intelligence Committee briefing, Rubio said Europe’s digital policy agenda, including content moderation rules and antitrust scrutiny, threatens American innovation and hands leverage to authoritarian regimes like China. He emphasized that Congress must treat European regulation as a strategic issue, not merely an economic one. Rubio’s comments come as the EU continues to enforce the Digital Services Act, which imposes strict obligations on large platforms, many of which are American. The senator called for a coordinated U.S. policy response to counterbalance European digital governance efforts.
READ THE STORY: Politico
Hackers Exploit CVE-2025-32432 in MIMOS Webmail to Deploy Web Shells
Bottom Line Up Front (BLUF): Attackers actively exploit CVE-2025-32432, a critical vulnerability in MIMOS Webmail, to deploy web shells and gain remote access to compromised servers. The flaw allows for unauthenticated remote code execution, which has already been weaponized in the wild.
Analyst Comments: The exploitation of CVE-2025-32432 highlights the ongoing threat posed by vulnerable webmail and collaboration tools in enterprise environments. The fact that attackers are already deploying web shells suggests automated scanning and mass exploitation. Organizations using MIMOS Webmail should prioritize patching and threat hunting to detect any signs of compromise. As with similar vulnerabilities, this incident reinforces the importance of segmentation, access control, and routine log monitoring to limit blast radius.
FROM THE MEDIA: This vulnerability allows unauthenticated attackers to execute arbitrary commands on the server via specially crafted HTTP requests. Researchers observed attackers deploying web shells to establish persistent access, likely for espionage or lateral movement. The MIMOS development team released a patch earlier this week, urging all users to update immediately. The vulnerability carries a CVSS score of 9.8, reflecting its ease of exploitation and potential for severe impact.
READ THE STORY: THN
Estonia Issues Arrest Warrant Over Massive Pharmacy Data Breach Tied to Dark Web Sales
Bottom Line Up Front (BLUF): Estonian authorities have issued an international arrest warrant for a suspect accused of stealing and selling over 200,000 patient records from a local pharmacy chain. The stolen health data was reportedly found for sale on the dark web.
Analyst Comments: Estonia, known for its advanced e-governance infrastructure, now faces a critical test in data protection enforcement and cross-border cybercrime cooperation. The fact that sensitive health records were monetized on the dark web indicates an intersection between traditional data breaches and the cybercriminal economy. Expect broader regulatory scrutiny and pressure on healthcare providers to bolster cybersecurity defenses.
FROM THE MEDIA: The breach involved the theft of over 200,000 sensitive patient records, including prescription details and personal information. According to Estonian officials, the data was discovered being sold on dark web marketplaces. Authorities are working with international partners to locate and extradite the suspect, whose identity has not been publicly disclosed. The case has sparked renewed concern about the security of medical records in the Baltic and prompted Estonia’s Data Protection Inspectorate to investigate how the breach occurred.
READ THE STORY: WSJ
DPRK’s Warship Launch Fails in Embarrassing “Side Launch” Disaster
Bottom Line Up Front (BLUF): North Korea’s attempt to launch a new Choe Hyon-class destroyer failed after the ship capsized during a risky “side launch” maneuver. The accident, attributed to poor engineering and haste, underscores the limitations of Pyongyang’s naval modernization program and has led to the detention of four officials.
Analyst Comments: This failed launch is a rare and revealing moment for a regime that typically controls its narrative tightly. The use of an outdated and risky launch method indicates North Korea's struggle to modernize with limited resources and technical capability. The drive to rapidly showcase military advances—possibly countering U.S. and South Korean naval developments—likely contributed to the disaster. While North Korea will likely recover and try again, this event underscores the dangers of politicized military engineering under authoritarian oversight, particularly in high-stakes domains like naval warfare.
FROM THE MEDIA: North Korea’s second Choe Hyon-class destroyer capsized during a launch attempt at the northeastern port city of Chongjin. Leader Kim Jong Un was present to witness what was expected to be a triumphant demonstration of naval power. Instead, the 5,000-ton vessel tipped into the water unevenly after a failed side launch, a method rarely used for warships due to stability risks. Analysts point to poor center-of-gravity calculations and an overloaded weapons deck as causes. North Korean state media called the failure an “unpardonable crime,” and four officials were detained. The incident comes amid a broader push by Kim to accelerate military development despite technical and industrial constraints.
READ THE STORY: The Washington Post
TuSimple Shared U.S. Autonomous Trucking Tech with China, Exposing National Security Gaps
Bottom Line Up Front (BLUF): TuSimple, a once-prominent U.S.-based autonomous trucking company, transferred sensitive self-driving technology to Chinese partners despite pledges to U.S. regulators to isolate its operations. The firm’s collapse and subsequent asset shift to China have intensified scrutiny of U.S. oversight on foreign-linked tech firms.
Analyst Comments: Despite a national security agreement with the Committee on Foreign Investment in the U.S. (CFIUS), TuSimple continued sharing critical data and source code with Chinese entities, exposing compliance and accountability frameworks vulnerabilities. This incident accelerates policy shifts, including new Commerce Department rules restricting Chinese access to AI-enabled transportation systems. The company's collapse also underscores the strategic challenge of dual-use technology leakage, where civilian advancements can bolster military capabilities abroad.
FROM THE MEDIA: TuSimple, a U.S. self-driving truck company co-founded by Chinese entrepreneurs, shared proprietary autonomous driving data and designs with Chinese state-linked firms, including Foton and Hydron. Despite a 2022 agreement with CFIUS to shield its U.S. operations from Chinese influence, the company continued transmitting technical details like sensor layouts and source code. Internal communications reveal that TuSimple’s Beijing office maintained joint access to U.S.-developed systems. Although CFIUS found no direct violation of the agreement, TuSimple paid a $6 million fine and shuttered U.S. operations in 2023. Former executives have since launched new ventures in China and the U.S., some of which have been funded by Chinese capital. The fallout is prompting tighter restrictions on foreign-linked commercial vehicle technology.
READ THE STORY: WSJ
Items of interest
Ethereum Co-Founder Calls for Blockchain Reset to Reinvent Global Finance Infrastructure
Bottom Line Up Front (BLUF): Ethereum co-founder Joseph Lubin has argued that the global financial system is overdue for a "blockchain reset," emphasizing the need for interoperable, decentralized infrastructure amid growing mistrust in traditional institutions. Lubin highlights that blockchain technologies—already used by major financial firms—can offer resilience, transparency, and efficiency.
Analyst Comments: Lubin positions blockchain not as a disruptive threat to banks or fiat currencies but as a complementary infrastructure layer that enhances global coordination and reduces counterparty risk. While the commentary is idealistic and self-interested, it resonates with a broader industry trend: major financial players are increasingly experimenting with tokenization and distributed ledger technology. However, adoption hurdles remain, including regulatory fragmentation, scalability issues, and public skepticism rooted in past crypto volatility.
FROM THE MEDIA: Ethereum co-founder and Consensys CEO Joseph Lubin proposed a “blockchain reset” for the global financial architecture. He argues that economic systems, like the internet in the 1990s, are due for a foundational restructuring to overcome inefficiencies in cross-border payments and eroding trust in central institutions. Lubin compares blockchain protocols like Ethereum and Bitcoin to HTTP’s role in the rise of the internet, enabling decentralized coordination of value. Citing adoption by firms such as BlackRock, JPMorgan, and Franklin Templeton, he asserts the technology is already operational at scale. Lubin stresses that the aim isn’t to replace national currencies or eliminate banks but to build interoperable layers of trust that reduce friction and increase system resilience.
READ THE STORY: FT
Money (and Bitcoin) Make The World Go Round (Video)
FROM THE MEDIA: Ben shares his journey from using Bitcoin as a payment tool during his poker days to becoming an educator working with the public, regulators, and policymakers. In this conversation, we explore the role of Bitcoin in the broader financial and political landscape and why education is essential these days. Ben analyzes the influence of global power shifts on monetary systems, the emerging economic order involving stablecoins, CBDCs, and the potential for a new Bretton Woods moment. Ben outlines the dangers of institutional co-option, the Bank of Israel’s digital shekel, and why the coming years are critical for resisting centralized control and fostering a truly decentralized future.
Ethereum's Blockchain | Trust Disrupted: Bitcoin and the Blockchain (Video)
FROM THE MEDIA: Ethereum is the blockchain project that has gained the most traction. Led by the enigmatic Vitalik Buterin and a constellation of coders and venture capitalists, Ethereum could one day run the world. However, the recent hack of its Decentralized Autonomous Organization has raised doubts.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.