Wednesday, Jul 02, 2025 // (IG): BB // GITHUB // SN R&D
SOUTHCOM Launches TMPI to Strengthen Integrated Cyber Deterrence in Latin America
Bottom Line Up Front (BLUF): U.S. Southern Command (SOUTHCOM) has launched the Theater Messaging and Presence Initiative (TMPI) to enhance integrated deterrence in Latin America through synchronized cyber, informational, and military activities. TMPI aims to counter growing influence operations by China, Russia, and transnational criminal organizations by combining cyber defense, strategic messaging, and regional presence.
Analyst Comments: This initiative reflects a growing recognition that deterrence in the Western Hemisphere must extend beyond conventional force postures to include digital and narrative domains. TMPI represents a doctrinal shift toward persistent engagement, where cyber and information capabilities are used proactively to shape the battlespace. The rise of malign influence operations and digital coercion in Latin America demands a coordinated approach, particularly as rival powers exploit weak digital governance and economic dependencies. TMPI could be a template for other combatant commands facing non-kinetic gray-zone threats.
FROM THE MEDIA: “SOUTHCOM Integrated Deterrence and the Theater Messaging and Presence Initiative (TMPI)”, Small Wars Journal outlines the U.S. military’s evolving approach to countering hybrid threats in Latin America. TMPI, spearheaded by SOUTHCOM, integrates cyber operations, strategic communications, and visible U.S. military presence to shape perceptions, counter adversary narratives, and bolster partner resilience. The article details how TMPI synchronizes digital forensics, public diplomacy, and cyber threat intelligence to disrupt disinformation campaigns, particularly those propagated by China’s CGTN and Russia’s RT en Español. TMPI also includes rotational cyber teams to assist partner nations with threat hunting and digital infrastructure hardening. SOUTHCOM leaders describe the initiative as a proactive posture designed to deter aggression in the “competition phase” before crises emerge. Early feedback from regional allies has been positive, suggesting the program fills a long-standing gap in U.S. hemispheric strategy.
READ THE STORY: Small War Journal
Hunan Valin Wire & Cable: Infrastructure Boom Boosts Strategic Role Amid U.S.-China Tech Tensions
Bottom Line Up Front (BLUF): Hunan Valin Wire & Cable has secured a 195 million yuan contract with China’s State Grid as part of a larger 717 million yuan procurement win, reinforcing its strategic role in China’s infrastructure modernization and grid resilience. As geopolitical competition intensifies, Hunan Valin is emerging as a pivotal domestic supplier in sectors sensitive to U.S.-China technological decoupling.
Analyst Comments: The contract signals China’s intent to shield critical supply chains from geopolitical volatility by anchoring infrastructure development to domestic champions. Hunan Valin’s alignment with State Grid’s ultra-high voltage (UHV) and renewable integration goals positions it as a key node in China’s “dual circulation” economic strategy. The company’s exposure to copper price risk and tariff regimes is offset by State Grid's long-term capital expenditure plans and growing demand for high-voltage and submarine cable systems. With its expansion into telecommunications via China Mobile, Hunan Valin’s ability to navigate both energy and digital infrastructure markets grants it leverage in a world where cables—both power and data—are frontline assets in geoeconomic competition.
FROM THE MEDIA: China currently dominates 67% of global copper wire production, making firms like Hunan Valin central to both domestic and global electrification efforts. While the company’s revenue is mostly domestic, its future hinges on navigating export controls, sanctions risk, and copper price volatility. Valuation metrics — including a forward P/E of 12.5x and a net debt/EBITDA ratio of 0.8x — suggest resilience in a competitive, capital-intensive sector. The company’s diversification into telecom infrastructure and its alignment with Beijing’s carbon neutrality goals strengthen its long-term growth outlook.
READ THE STORY: Ainvest
Canada Suspends Hikvision Operations Over National Security Concerns
Bottom Line Up Front (BLUF): The Canadian government has suspended all operations involving Chinese surveillance giant Hikvision, citing national security risks. The move follows intelligence assessments warning that Hikvision’s technologies could enable espionage, data exfiltration, and mass surveillance.
Analyst Comments: Hikvision, already sanctioned by the U.S., has long been accused of enabling Beijing’s authoritarian surveillance practices, including monitoring of Uyghur populations. Canada’s action signals growing alignment with U.S. and Five Eyes policy and raises the stakes for public agencies and private firms still dependent on Hikvision hardware. Expect accelerated efforts to audit and remove Chinese-made surveillance infrastructure in critical sectors across North America.
FROM THE MEDIA: Canada has officially suspended all business and government procurement ties with Hikvision, the Chinese state-linked video surveillance company. The decision, announced by Public Safety Canada, was based on assessments by intelligence agencies warning that Hikvision’s systems could be exploited for data collection or remote access by foreign intelligence services. The suspension affects future procurement and mandates reviews of existing Hikvision deployments in public buildings and infrastructure. Canadian officials cited growing risks posed by embedded surveillance technologies and emphasized the need to safeguard national data and communications. Hikvision is banned or restricted in several other democracies, including the U.S. and the U.K., over national security and human rights concerns.
READ THE STORY: The Record
Pakistan-Based Cracking Site Network Distributes Info-Stealing Malware at Global Scale
Bottom Line Up Front (BLUF): Security firm Intrinsec has uncovered a vast cybercrime operation run by Pakistani freelancers who developed and maintained over 300 "cracking" websites to distribute info-stealing malware. These sites use a pay-per-install model to infect users with stealers, compromising corporate credentials worldwide and feeding dark web markets.
Analyst Comments: PPI services, shared hosting infrastructure, and overlapping email identities show operational maturity. The geopolitical dimension — Pakistan’s limited extradition cooperation and increasing cyber collaboration with China and Russia — further complicates international takedown efforts. While some actors involved have reportedly transitioned to legitimate work, the low risk of prosecution ensures this model will persist unless systemic enforcement changes. Expect continued use of cracked software as an infection vector and increasing overlaps between cybercrime and gray-zone state influence.
FROM THE MEDIA: The infrastructure traces back to domains such as kmspico[.]io and filescrack[.]com, hosted by Virtual Systems LLC and 24xservice, the latter of which is tied to ASN 57717 in Lahore, Pakistan. Shared OpenSSH banners and WHOIS email records linked multiple domains to identifiable individuals, some of whom have since pivoted to legitimate digital work. The info-stealers delivered via these platforms collect browser credentials, session tokens, and system data, feeding into downstream cybercrime such as ransomware deployment and espionage via remote access tools (RATs). Geopolitical factors exacerbate the challenge: Pakistan’s lack of extradition treaties with the U.S. and EU and growing cyber ties with China and Russia hinder effective prosecution. Additionally, the report notes rapid infrastructure regeneration after takedowns, demonstrating the resilience of these networks. Security teams are advised to block identified IOCs and educate users about the risks of pirated software as an infection vector.
READ THE STORY: GBhackers
U.S. Cyber Defense Stocks Surge Amid Rising China Espionage Threats
Bottom Line Up Front (BLUF): AInvest reports that U.S. cybersecurity defense companies are gaining investor attention as espionage activity attributed to China intensifies. Heightened geopolitical tensions and growing recognition of cyber threats as national security priorities drive capital into firms specializing in threat detection, critical infrastructure defense, and incident response.
Analyst Comments: The financial markets are signaling a structural shift in how investors view cybersecurity: not just as a tech niche, but as a vital national defense sector. As Chinese state-backed cyber campaigns increase in frequency and sophistication, companies offering AI-driven threat detection, cloud protection, and industrial control system security are seeing renewed demand. This market reaction reflects broader defense policy trends — including increased public-private partnerships and critical infrastructure mandates — suggesting cyber defense will remain a strategic investment vertical amid prolonged geopolitical competition.
FROM THE MEDIA: High-profile breaches targeting defense contractors, semiconductor firms, and energy infrastructure have elevated cyber defense firms in the eyes of institutional investors. Companies like CrowdStrike, Palantir, and Fortinet have seen increased activity following reports of Chinese espionage campaigns targeting both the public and private sectors. The report also notes that AI-enhanced threat detection, zero-trust architectures, and endpoint security are areas seeing the most capital inflows. Analysts expect further growth in government contracts, especially as the U.S. expands cyber readiness efforts through DHS, DoD, and CISA initiatives.
READ THE STORY: Ainvest
Cyberattack on Russian Media Tied to Sanctioned State Research Institute
Bottom Line Up Front (BLUF): A recent cyberattack on Russian media companies has been linked to the Russian state-run Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), a sanctioned entity known for past offensive cyber operations. The attack demonstrates the growing overlap between Russian government-linked research entities and disruptive cyber activities.
Analyst Comments: TsNIIKhM’s involvement, previously exposed in the Triton malware incident, shows Russia continues to blur the line between state research and active cyber conflict. Targeting domestic media may suggest a testing ground for tools, internal discipline operations, or preparation for disinformation manipulation. This further complicates sanctions enforcement and attribution, as state-sponsored attacks increasingly originate from institutions with dual-use charters.
FROM THE MEDIA: The recent attack involved the deployment of custom malware strains used to compromise newsroom servers and exfiltrate editorial content and journalist communications. The researchers noted similarities in the malware's loader and encryption mechanisms to tools previously linked to TsNIIKhM. While the motive remains unclear, the event follows a pattern of increased domestic cyber operations likely aimed at controlling or monitoring media narratives. TsNIIKhM has been under U.S. sanctions since 2020 and is part of Russia’s defense technology ecosystem, raising concerns about weaponizing scientific research institutions for hybrid operations.
READ THE STORY: The Record
China’s “Gray War” Targets U.S. Through Cyber Ops, Disinformation, and Surveillance Technology
Bottom Line Up Front (BLUF): A new Strategic Assessment Memo (SAM) published by The Globalist warns that China is already waging a “gray war” against the United States — an ongoing campaign involving cyber intrusions, disinformation, and global deployment of surveillance infrastructure. This conflict is designed not only to erode U.S. global influence but to promote China’s techno-authoritarian model and undermine democratic institutions from within.
Analyst Comments: The SAM provides a sobering account of how China uses digital tools and narratives to challenge U.S. power without crossing the threshold of kinetic warfare. Its strategy is deeply rooted in a belief that Western liberal democracy is both a geopolitical threat and a moral weakness. This ideological bias fuels a narrative of American decline — a central theme in China’s disinformation campaigns. By exporting surveillance systems and controlling the backend of global communications infrastructure, China seeks to reshape global norms to favor autocratic governance. Meanwhile, the U.S. remains hampered by its decentralized political and tech systems, internal political polarization, and lack of cohesive cyber doctrine. Bridging the tech-policy gap and addressing supply chain dependencies are now national imperatives.
FROM THE MEDIA: The Arab Spring was a turning point for China, prompting the CCP to intensify control over its domestic internet and accelerate the external export of surveillance technologies. The memo explains how Chinese firms like Huawei and ZTE — deeply embedded in China’s civil-military fusion doctrine — serve as global surveillance and data control conduits. Internally, the CCP employs 2–3 million people to censor and shape online discourse, known as the “50 Cent Party.” Internationally, China forms “techno-blocks” with authoritarian-leaning countries by exporting backend infrastructure and facial recognition systems, creating a networked environment favorable to autocracy.
West argues that the U.S. faces a structural disadvantage: while China commands centralized authority over its tech ecosystem, the U.S. suffers from fragmentation between its private sector and policymaking institutions. He also warns that restrictive immigration policies and industrial outsourcing further erode the U.S. capacity to compete in the technology domain. Cultural and generational divides between Washington and Silicon Valley complicate collaboration. Ultimately, the memo cautions that China’s digital influence campaign will continue to grow unchecked unless the U.S. addresses these internal weaknesses.
READ THE STORY: The Globalist (STATE SPONSORED)
Silver Fox Suspected in DeepSeek Cyber Espionage Campaign Targeting Taiwan
Bottom Line Up Front (BLUF): Security researchers have linked a sophisticated cyber espionage campaign named DeepSeek to the suspected Chinese APT group Silver Fox, targeting Taiwan's government, military, and technology sectors. The campaign uses novel malware loaders and customized toolchains to extract sensitive data while evading detection.
Analyst Comments: DeepSeek’s emphasis on targeting Taiwan’s strategic sectors — especially defense and semiconductor technology — indicates a dual-purpose motive: intelligence gathering and strategic economic disruption. Silver Fox’s tools suggest deep investment in custom malware development and operational security, hallmarks of state-sponsored APTs. As tensions rise over Taiwan’s sovereignty, cyber operations like DeepSeek will likely intensify and expand into gray-zone influence tactics.
FROM THE MEDIA: Security researchers have identified DeepSeek, a multi-phase cyber espionage campaign targeting key institutions in Taiwan. The suspected culprit is Silver Fox, a China-linked APT group known for stealthy, long-dwell operations. DeepSeek employs custom loaders, encrypted C2 communications, and anti-analysis techniques that evade traditional EDR tools. Targets include government agencies, research institutions, and private sector companies in defense-adjacent industries. Researchers discovered payloads designed to exfiltrate email archives, system configurations, and internal documents. The campaign appears active since late 2023, with ongoing infrastructure suggesting it remains operational. Attribution to Silver Fox is based on code reuse, overlapping infrastructure, and TTPs consistent with past campaigns aimed at Taiwan and Southeast Asia.
READ THE STORY: DR
U.S. Sanctions Russia-Based Aeza Group for Providing Bulletproof Hosting to Cybercriminals
Bottom Line Up Front (BLUF): The U.S. Department of the Treasury has sanctioned Aeza Group, a Russian internet infrastructure provider, for offering bulletproof hosting services to cybercriminal groups. Aeza allegedly supported ransomware operations, data theft, and other malicious cyber activities by shielding clients from takedowns and law enforcement.
Analyst Comments: This move signals Washington’s continued efforts to disrupt the enabling infrastructure behind transnational cybercrime. Bulletproof hosting services like Aeza are critical to the persistence and resilience of ransomware and illicit cyber markets. The sanctions also reflect a broader trend of targeting facilitators — not just threat actors — to dismantle the cybercrime ecosystem. Aeza’s operations, which catered to a global clientele while operating under Russian jurisdiction, highlight how Moscow tolerates, and possibly benefits from, such actors as tools of asymmetric leverage.
FROM THE MEDIA: Aeza is accused of providing infrastructure to ransomware gangs and other threat actors by allowing malicious content, ignoring abuse complaints, and resisting law enforcement cooperation. Treasury officials said Aeza knowingly hosted command-and-control servers, phishing infrastructure, and malware delivery systems used in high-profile cyberattacks targeting U.S. critical infrastructure and global businesses. The company’s IP space and domains have been repeatedly linked to threat actor groups operating under the Russian-speaking cybercrime umbrella. These sanctions are part of broader efforts to increase pressure on Russian-based cyber enablers, following similar actions against other infrastructure providers in recent years.
READ THE STORY: The Record
Cyber to Soil: U.S. Food Supply Chain Emerges as New Cyber Battlespace
Bottom Line Up Front (BLUF): The U.S. food supply chain has become a strategic cyber target, with attackers exploiting vulnerabilities in precision agriculture, GPS-based logistics, and centralized processing infrastructure. A new Small Wars Journal report details how ransomware, data corruption, and spoofed geolocation signals have elevated agriculture from a soft target to a key domain in cyber-enabled hybrid warfare.
Analyst Comments: The increasing digitization of agriculture — from satellite-based planting schedules and automated irrigation to AI-driven yield optimization — creates a broad attack surface. Threat actors can now disrupt planting cycles, falsify crop data, or corrupt sensor inputs to degrade output or induce economic shock. Attacks on fertilizer production systems or grain distribution hubs may reduce food availability and generate cascading failures across energy, water, and transport sectors. Agricultural cybersecurity is emerging as a new operational requirement for national resilience planning.
FROM THE MEDIA: “Cyber to Soil: How America’s Food System Became a Battlespace” examines the cyber-physical vulnerabilities that plague the modern U.S. food sector. Following incidents like the 2021 ransomware attack on meat processor JBS, attackers have escalated operations to target GPS-reliant equipment, industrial control systems (ICS) in food processing plants, and cloud-based platforms managing agricultural data. Experts cited in the article note how adversarial actors, including nation-state-backed cyber units, have tested the resilience of the sector by probing IoT-enabled irrigation networks, spoofing GNSS signals to misalign planting operations, and corrupting soil sensor data to sabotage crop yields. The report argues that the food system's digitization — largely unregulated and under-secured — has made it a ripe target for asymmetric warfare. Policy gaps, weak cyber hygiene among small operators, and over-reliance on centralized software vendors compound the risk, transforming farms and food logistics into active cyber terrain.
READ THE STORY: Small War Journal
DOJ Raids U.S.-Based Laptop Farms in Crackdown on Coordinated Influence Operations
Bottom Line Up Front (BLUF): The U.S. Department of Justice has raids on multiple "laptop farms" across several states, seizing thousands of devices allegedly used in coordinated online influence operations. These operations involved bulk social media manipulation and were linked to foreign actors attempting to interfere with U.S. political discourse.
Analyst Comments: Laptop farms — physical arrays of devices automated to generate fake engagement — have become critical in foreign-led information warfare. The raids highlight the growing convergence between cyber-enabled psychological operations and real-world logistics, with adversaries exploiting domestic infrastructure to mask attribution. Expect continued DOJ and DHS scrutiny on proxy-operated influence infrastructure, especially ahead of the 2026 midterm elections.
FROM THE MEDIA: These operations were allegedly used to amplify disinformation, manipulate trending topics, and promote foreign propaganda on U.S. platforms such as X (formerly Twitter), Facebook, and TikTok. Federal officials disclosed that the devices were controlled via custom scripts and botnets, enabling coordinated campaigns disguised as organic public opinion. Preliminary evidence suggests ties to actors in Russia and China, with the farms used to support long-running influence efforts targeting U.S. political polarization and public trust. Officials emphasized the importance of dismantling digital tools and the physical infrastructure enabling such campaigns. No arrests have been announced yet, but investigations remain active.
READ THE STORY: The Record
Items of interest
Transformer Model Risks Spotlighted as National Security Imperative
Bottom Line Up Front (BLUF): America’s outdated power transformer fleet is emerging as a key vulnerability in national security, according to a recent War on the Rocks article. A mix of physical, cyber, and supply chain risks makes transformers prime targets for foreign and domestic adversaries, with slow replacement timelines compounding the threat.
Analyst Comments: Transformers are not just technical hardware but critical nodes for military readiness, emergency response, and societal function. The Biden administration laid the groundwork for resilience, but implementation faltered. As the Trump administration reorients toward deregulation, balancing industrial policy with national defense imperatives will be a defining challenge. Without federal coordination, localized efforts will fall short in preventing or recovering from a systemic attack.
FROM THE MEDIA: The 2022 Moore County, NC, substation attack illustrated how even small-scale incidents can disable infrastructure supporting civilian and military operations. Foreign actors like China, Russia, and Iran have attacked or scoped critical energy infrastructure, while domestic extremists are increasingly targeting substations. Despite Biden-era initiatives like NSM-22 and the use of the Defense Production Act, grid resilience goals remain unfulfilled. The Trump administration has since scaled back federal leadership, pushing responsibility to states. Humpal recommends a national transformer reserve, emergency regulatory relief, domestic manufacturing mandates, and resilience-based modernization. Without urgent action, the U.S. risks cascading blackouts and strategic paralysis in times of crisis.
READ THE STORY: War On The Rocks
What Happened with the Substation Attack in North Carolina? (Video)
FROM THE MEDIA: A coordinated gunfire attack on two substations in Moore County, North Carolina, caused a multi-day blackout affecting ~45,000 customers. The attackers appeared to understand the grid’s layout and vulnerabilities, targeting critical transformer radiators to disable the infrastructure. The event highlights vulnerabilities in physical grid security and the need for more resilient design.
Protecting America's electric grid from attack (Video)
FROM THE MEDIA: Security concerns for the nation's electrical grid are being raised after a substation attack in North Carolina. This past February, Bill Whitaker reported on the vulnerabilities in the system that provides our electricity.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.