Friday, Jun 27, 2025 // (IG): BB // GITHUB // SN R&D
Bipartisan U.S. Bill Seeks to Ban Chinese AI from Federal Agencies Over National Security Fears
Bottom Line Up Front (BLUF): A new bipartisan bill introduced in the U.S. Congress aims to ban federal agencies from procuring or using AI technologies developed by Chinese companies. Lawmakers cite national security risks, including espionage and data access by the Chinese government, as the primary motivation for the legislation.
Analyst Comments: This bill reflects the growing bipartisan consensus in Washington that Chinese-made AI poses systemic risks to U.S. infrastructure and intelligence. It mirrors earlier bans on hardware like Huawei and TikTok and highlights how AI is now viewed as a geopolitical asset. If passed, the legislation could set a precedent for broader restrictions across state and local governments and the private sector. The move may also escalate tech tensions between the U.S. and China, particularly around supply chains and AI leadership.
FROM THE MEDIA: A bipartisan group of lawmakers introduced legislation prohibiting U.S. federal agencies from using AI tools developed in China. The bill explicitly targets companies believed to be under the influence of the Chinese Communist Party and seeks to prevent potential backdoor data access or manipulation. Lawmakers argue that AI systems developed in China could be weaponized for espionage or influence operations. The bill follows a series of warnings from U.S. intelligence agencies about foreign-sourced AI being used to harvest data or shape political narratives. The legislation would also require a federal audit of all deployed AI systems for foreign-origin components.
READ THE STORY: SecurityWeek
Critical Mitsubishi Electric AC Vulnerability Exposes Industrial and Smart Building Systems to Remote Attacks
Bottom Line Up Front (BLUF): A critical vulnerability in Mitsubishi Electric’s air conditioning management system (CVE-2024-1410) allows remote attackers to execute arbitrary code, potentially compromising smart building infrastructure and industrial environments. The flaw affects the AC Smart M product and remains unpatched in many installations.
Analyst Comments: Mitsubishi’s AC Smart M system is widely used in commercial and industrial settings, making exploitation a viable entry point for lateral movement into larger networks. As critical infrastructure continues to digitize, threat actors—criminal and nation-state—are likely to exploit similar IoT and OT vulnerabilities for espionage, sabotage, or ransomware deployment. Organizations must ensure timely patching, network segmentation, and OT-specific monitoring.
FROM THE MEDIA: CVE-2024-1410, a remote code execution vulnerability in Mitsubishi Electric’s AC Smart M system, could allow unauthenticated attackers to hijack control functions. The vulnerability stems from improper access control in the web-based interface, enabling attackers to manipulate temperature settings or pivot into broader networks connected to the same environment. Mitsubishi Electric has issued a security advisory recommending firmware updates and firewall-based protections. The system is used globally in commercial buildings, manufacturing sites, and data centers, increasing the urgency for asset owners to assess exposure and mitigate risks.
READ THE STORY: GBhackers
Geopolitical Tensions Fuel Evolution of State-Sponsored Cyber Warfare Strategies
Bottom Line Up Front (BLUF): As global geopolitical rivalries escalate, nation-state cyber operations evolve in scope and sophistication, expanding beyond government targets to infiltrate enterprise environments. Experts warn that threat actors from China, Russia, Iran, and North Korea are increasingly prioritizing intellectual property theft, influence campaigns, and critical infrastructure disruption as core strategic objectives.
Analyst Comments: The findings confirm that cyber operations are now tightly interwoven with geopolitical agendas. Modern cyber warfare is no longer limited to espionage—it includes psychological operations, critical infrastructure sabotage, and election interference. Trellix’s report suggests that APTs are shifting from short-term disruption to long-term access and strategic impact, often blending cybercrime techniques to obfuscate attribution. With conflicts intensifying in Eastern Europe, the Middle East, and the Indo-Pacific, organizations should expect more covert, state-aligned activity aimed at destabilization and coercive leverage.
FROM THE MEDIA: Cybersecurity leaders from Sygnia and AttackIQ described how geopolitical conflicts—such as U.S.-China rivalry, Iran’s regional ambitions, and North Korea’s financial desperation—transform cyber warfare. Enterprise targets across telecom, law, logistics, and healthcare are now in the crosshairs due to their access to sensitive data and broader network ecosystems. Chinese group Velvet Ant maintained persistent access via legacy F5 appliances, while GhostEmperor used advanced rootkits for stealthy espionage. Meanwhile, old malware families like Emotet and QakBot are being retooled with new delivery vectors. Experts emphasize the urgency of combining traditional defense hygiene with real-time adversary simulation and intelligence-led decision-making to counter this new wave of targeted cyber aggression.
READ THE STORY: DR
British Teen Hacker ‘IntelBroker’ Linked to High-Profile Government and Corporate Breaches
Bottom Line Up Front (BLUF): A British teenager allegedly operating under the alias IntelBroker has been linked to a spree of cyberattacks targeting U.S. federal agencies and major corporations. The hacker is accused of selling sensitive stolen data on dark web forums and has now been arrested by UK authorities.
Analyst Comments: IntelBroker gained notoriety through high-profile breaches, highlighting how individuals with the right tools and skills can inflict nation-state-level damage. Law enforcement’s success in tracking and arresting the suspect signals improved international collaboration. Still, it also raises questions about how effectively cybersecurity education and deterrence are reaching younger, high-risk demographics.
FROM THE MEDIA: UK authorities arrested a British teenager believed to be behind the online persona IntelBroker, a well-known figure in cybercrime forums. The suspect is connected to several major breaches, including intrusions into U.S. federal systems and tech companies, where sensitive data such as law enforcement documents and internal corporate records were exfiltrated and offered for sale. The hacker had claimed responsibility for a breach of DC Health Link, exposing data on U.S. lawmakers, and was tied to multiple leaks affecting Apple, Meta, and AMD. The arrest was coordinated with U.S. law enforcement following months of digital forensics and intelligence gathering.
READ THE STORY: The Record
Iranian APT35 Targets High-Profile Cybersecurity Experts with Sophisticated Social Engineering Campaign
Bottom Line Up Front (BLUF): Iranian state-sponsored threat group APT35 (Charming Kitten) launched a targeted phishing campaign against high-profile cybersecurity professionals. The group uses fake conference invitations and weaponized documents to steal credentials and gather intelligence.
Analyst Comments: APT35’s focus on cybersecurity experts indicates a shift toward intelligence collection on threat detection methods, tooling, and internal industry communications. Iran may be aiming to preemptively undermine coordinated cyber defense efforts or gain early access to vulnerability disclosures by compromising trusted figures. The campaign shows a high level of planning and tailored deception, underscoring the need for security professionals to remain vigilant against even highly credible-looking correspondence.
FROM THE MEDIA: The campaign involves spoofed email addresses and professionally written invites to real or fabricated cybersecurity events. Victims are prompted to download conference materials, which include macro-laced Word files or links to phishing pages resembling login portals. Security researchers believe the ultimate goal is to infiltrate private communications and gather strategic insight into Western cyber capabilities. APT35 has a long history of targeting dissidents, journalists, and academics, but this campaign signals an evolution in their targeting priorities.
READ THE STORY: GBhackers
Chinese Hackers Deploy PubLoad Malware Using Tibetan-Themed Lures in Targeted Espionage Campaign
Bottom Line Up Front (BLUF): Chinese state-linked threat actors actively deploy a malware loader called PubLoad in espionage campaigns targeting European government entities. The campaign leverages phishing emails and staged payload delivery to evade detection and establish persistence.
Analyst Comments: PubLoad’s use reflects a broader Chinese cyber strategy of modular, stealthy infection chains that prioritize low detection and long-term access. These campaigns show increasing operational maturity, with threat actors using multi-stage malware to bypass endpoint defenses. Targeting European governments suggests Beijing’s continued interest in geopolitical intelligence gathering, especially amid heightened EU-China tensions over trade, tech policy, and Taiwan. Expect further targeting of EU institutions, particularly those involved in defense, diplomacy, or technology regulation.
FROM THE MEDIA: The malicious emails contain weaponized documents or links designed to lure recipients into executing the loader. Once installed, PubLoad facilitates multi-stage infection by retrieving additional malware payloads while evading detection through sandbox evasion and obfuscation techniques. This campaign is part of a long-standing pattern of digital surveillance by China against ethnic minority groups and political dissidents. Researchers believe the attackers are linked to known APTs involved in regional intelligence collection.
READ THE STORY: CSN
Iranian Hackers Target Israeli Cyber Experts and Scientists in Credential Phishing Campaign
Bottom Line Up Front (BLUF): Iranian threat actors have launched a credential phishing campaign targeting Israeli cybersecurity professionals, computer scientists, and engineers. The operation is part of Tehran’s broader intelligence-gathering efforts amid escalating regional tensions.
Analyst Comments: Using targeted phishing against subject-matter experts, rather than institutions alone, highlights a shift toward personalized cyber-espionage tactics. As cyber professionals increasingly become direct targets, organizations must reinforce awareness training and implement stronger identity protection protocols for technical staff.
FROM THE MEDIA: Iranian hackers are behind a spear-phishing campaign aimed at Israeli cyber experts, with victims including academics, engineers, and high-level researchers in computer science and national defense. The attackers sent fraudulent emails disguised as professional or academic outreach, tricking recipients into entering credentials on fake login portals. Israeli officials noted the operation’s high targeting precision, suggesting access to open-source intelligence or previous breach data. The campaign is part of a broader trend of Iran-linked cyber activity focused on Israeli defense and technology sectors, particularly since the recent flare-ups in regional hostilities.
READ THE STORY: The Record
Chinese Researchers Explore AI-Driven Propaganda Strategies in State-Affiliated Study
Bottom Line Up Front (BLUF): Chinese researchers have conducted a study on using artificial intelligence to improve the efficiency and effectiveness of propaganda dissemination. The research, linked to a government-affiliated institution, explored how AI models could generate and optimize pro-government narratives across social media platforms.
Analyst Comments: China’s application of generative AI in shaping public opinion—domestically and internationally—signals a shift toward more adaptive, personalized, and automated disinformation. As these tools become more sophisticated, detecting and countering AI-generated propaganda will become increasingly complex, challenging free expression and platform moderation efforts.
FROM THE MEDIA: Chinese state-affiliated researchers recently published a paper investigating how AI tools, including large language models (LLMs), can enhance online propaganda. The study focused on using AI to craft compelling narratives that align with government messaging and bypass content moderation systems on Western platforms. While the researchers framed the work as academic, analysts noted that the practical applications closely align with state propaganda objectives. The project highlights China’s strategic interest in using generative AI for ideological influence and online discourse manipulation, raising alarm among digital rights advocates and cybersecurity experts.
READ THE STORY: CyberNews
IISS Report Maps Russia’s Expansive "Information Confrontation" Cyber Ecosystem
Bottom Line Up Front (BLUF): A new analysis from the International Institute for Strategic Studies (IISS) reveals the structure and strategy behind Russia’s broad information confrontation ecosystem. It shows how Russian state agencies, contractors, and proxies collaborate to conduct cyber operations, influence campaigns, and psychological warfare aligned with Kremlin objectives.
Analyst Comments: This detailed mapping of Russia’s cyber and information warfare apparatus confirms the hybrid nature of modern conflict, where influence operations, digital espionage, and infrastructure attacks operate in parallel. The blurred lines between military, intelligence, private contractors, and cybercriminals offer Russia plausible deniability while increasing operational flexibility. As the Ukraine conflict persists and Moscow seeks to undermine Western unity, we can expect continued reliance on this decentralized, layered model. Policymakers and defenders must recognize that Russia’s threat is not limited to isolated hacks but is part of a broader, state-directed ecosystem.
FROM THE MEDIA: This strategy integrates state actors like the GRU and FSB with a network of front companies, universities, and criminal proxies to execute disinformation, cyberattacks, and influence campaigns. The report outlines how various nodes—including cyber contractors like NTC Vulkan and troll farms like the Internet Research Agency—coordinate efforts to target adversaries and shape public perception domestically and abroad. IISS emphasizes the dual-use role of private-sector entities that simultaneously support national defense and conduct deniable offensive operations. The analysis highlights that information warfare is not a supporting tool, but a strategic pillar of Russian national security.
READ THE STORY: IISS
China Pushes Back Against NATO’s Cybersecurity Warning Amid Growing Tensions
Bottom Line Up Front (BLUF): China has responded strongly to NATO’s recent warning about cyber threats from Chinese state actors. Beijing condemned the allegations as “groundless,” insisting that NATO is using cybersecurity as a pretext to contain China’s rise on the global stage.
Analyst Comments: NATO’s warning aligns with mounting evidence of cyber-espionage tied to Chinese APTs, particularly targeting critical infrastructure and strategic industries. China’s defensive posture suggests it may view cyber attribution not just as a technical issue, but as a geopolitical weapon. The fallout may spur increased cyber posturing, more aggressive attribution from Western agencies, and bolstering collective cyber defense strategies under NATO’s digital umbrella.
FROM THE MEDIA: NATO recently issued a rare, coordinated warning naming China as a significant cyber threat, particularly to intellectual property theft and espionage operations. In response, Chinese officials lashed out at the alliance, accusing it of spreading disinformation and attempting to politicize cybersecurity for strategic gain. Beijing also reiterated that it opposes all forms of cyberattacks and maintains that it has been a frequent victim of foreign hacking campaigns. This diplomatic clash follows months of rising friction over cyber incidents involving Chinese threat actors like Volt Typhoon and tensions over Taiwan and trade policies.
READ THE STORY: MSN
Critical Pre-Auth Vulnerability in MongoDB Server Exposes Systems to Remote Code Execution
Bottom Line Up Front (BLUF): A newly disclosed pre-authentication vulnerability in MongoDB Server (CVE-2024-27348) could allow unauthenticated remote attackers to execute arbitrary code on affected systems. The flaw poses a severe risk to cloud-hosted and on-premises MongoDB deployments that have not yet applied the latest patches.
Analyst Comments: A pre-auth RCE vulnerability in MongoDB significantly raises the stakes, as exploitation could result in total database compromise—including sensitive credentials, PII, or enterprise application data. With MongoDB used across sectors—from startups to Fortune 500s—rapid patching, strict network segmentation, and cloud firewall enforcement are essential to reduce exposure.
FROM THE MEDIA: MongoDB disclosed a high-severity vulnerability (CVSS 9.8) that enables remote attackers to achieve code execution without authentication. The issue affects specific versions of MongoDB Server and stems from improper input validation, which can be exploited via specially crafted requests. The vulnerability impacts both Linux and Windows environments. MongoDB has released security advisories and patched versions to mitigate the risk.
READ THE STORY: GBhackers
Data Leak Exposes 26 Billion Credentials Harvested by Infostealers
Bottom Line Up Front (BLUF): According to new research from Cybernews, a massive data leak has exposed over 26 billion records harvested by infostealer malware. The leaked dataset includes credentials from major platforms like Google, Facebook, Netflix, and government websites, raising urgent concerns over global cybersecurity hygiene.
Analyst Comments: Including government, educational, and critical infrastructure domains highlights the systemic risk of poor endpoint hygiene and password reuse. The accessibility of these credentials on the dark web enables cascading supply chain risks, account takeovers, and insider threat scenarios. Organizations must now assume compromise and adopt passwordless authentication, real-time monitoring, and dark web scanning as standard practice.
FROM THE MEDIA: A team of researchers working with security expert Bob Diachenko uncovered a database containing 26 billion credentials stolen by various infostealer malware strains over the past several years. The data originates from infections on consumer and enterprise endpoints and includes login credentials, session tokens, and browser-stored autofill data. The platforms most affected include Tencent, Google, Microsoft, Facebook, Twitter, and Netflix. Government domains from the U.S., Brazil, Germany, and others were also found in the trove. Many leaked credentials were reused across services, dramatically amplifying the threat of credential stuffing and account hijacking. The researchers described the leak as possibly “the largest credential exposure ever discovered.”
READ THE STORY: CyberNews
Items of interest
China’s “Mosquito Drone” Raises Surveillance and Cyber-Espionage Concerns
Bottom Line Up Front (BLUF): China has developed a micro aerial vehicle, dubbed the “Mosquito Drone,” capable of capturing images, audio, and electronic signals. This has sparked fresh concerns about its use in covert surveillance and cyber-espionage operations. The drone is small enough to evade detection and could be deployed for both domestic monitoring and foreign intelligence gathering.
Analyst Comments: The emergence of ultra-miniaturized drones like the Mosquito Drone represents a convergence of physical and cyber-surveillance technologies. Its ability to collect not just visual and audio data but also electronic signals suggests potential for SIGINT (signals intelligence) operations in both civilian and military contexts. If exported or deployed abroad, such devices could pose a significant risk to national security, corporate confidentiality, and personal privacy. Expect heightened scrutiny of Chinese UAV technologies by governments and cyber defense agencies worldwide.
FROM THE MEDIA: China’s new Mosquito Drone is a cutting-edge surveillance tool that has been developed to be nearly undetectable due to its tiny size. Designed to mimic the size and appearance of a mosquito, it can capture images, eavesdrop on conversations, and intercept electronic signals. While details on its operational deployment remain limited, experts suggest that Chinese intelligence services could use it in espionage operations. The device’s development reflects Beijing’s growing investment in surveillance technologies as part of its broader military-civil fusion strategy. Analysts warn that the drone could be weaponized for cyber-enabled spying against foreign targets.
READ THE STORY: Times of India
What We Know About China’s Mosquito-Sized Drone That Could Change Warfare (Video)
FROM THE MEDIA: China Mosquito Drone: China has unveiled a mosquito-sized drone designed for stealth military missions and battlefield surveillance. Developed by the National University of Defence Technology, the micro-UAV reflects China’s growing focus on bio-inspired robotics. Similar technologies are emerging globally, with applications spanning warfare, disaster response, environmental monitoring, and even future medical procedures.
China Unveiled the CRAZIEST Drones at UAV SHENZHEN EXPO 2025 (Video)
FROM THE MEDIA: China's Drone World Congress 2025 in Shenzhen showcased an unprecedented leap in autonomous aerial, ground, and underwater technologies. From AI-powered drones to flying taxis and modular flying cars, the event cemented China's dominance in the low-altitude economy and future urban air mobility, posing significant challenges to global competitors like Elon Musk.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.