Daily Drop (1099)
08-02-25
Saturday, Aug 02, 2025 // (IG): BB // GITHUB // SN R&D
Cartel Operatives Infiltrate Ukraine’s Foreign Legion to Acquire Drone Warfare Skills
Bottom Line Up Front (BLUF): Mexican and Colombian drug cartel operatives have reportedly joined Ukraine’s International Legion under false identities to gain expertise in FPV drone warfare. An investigation by Ukraine’s SBU and Military Intelligence (HUR), in cooperation with Mexican intelligence, uncovered that several individuals used falsified documents to access drone training, potentially transferring lethal military knowledge to transnational criminal networks.
Analyst Comments: Ukraine's open-door recruitment strategy, while beneficial for military manpower, has created an intelligence gap exploitable by criminal organizations. With FPV drones proving low-cost yet highly effective on the battlefield, cartels could soon deploy similar tactics in urban narco-conflicts. The convergence of criminal insurgency and wartime drone tactics marks a new hybrid threat landscape requiring urgent multilateral controls.
FROM THE MEDIA: According to Intelligence Online and confirmed by the SBU, individuals linked to the Zetas and former FARC fighters entered Ukraine between 2023–2024 via Latin American PMCs using falsified IDs. One operative, a former Mexican GAFE special forces member, completed full FPV drone training and deployed near Kharkiv. Another trio was flagged after suspicious behavior and accents drew the attention of Ukrainian agents. These operatives received tactical training in explosive payload delivery, electronic warfare, and thermal evasion. Ukraine has since tightened background checks and is working with Interpol, the DEA, and European law enforcement to prevent further infiltration.
READ THE STORY: SOFX
China Privately Warns EU Against Russia’s Defeat in Ukraine, Citing Strategic Threat from U.S.
Bottom Line Up Front (BLUF): In a private meeting with EU officials, Chinese Foreign Minister Wang Yi warned that a Russian defeat in Ukraine is unacceptable, signaling fears that U.S. focus would then fully pivot toward China. The comments sharply contrast China’s public neutrality and its strategic alignment with Moscow.
Analyst Comments: China’s warning reflects deep geopolitical calculations—Beijing views Russia’s stability as a buffer against Western pressure. By subtly encouraging a protracted conflict in Ukraine, China may seek to keep the U.S. diplomatically and militarily engaged in Europe. While publicly promoting peace, Beijing's behind-the-scenes maneuvering suggests a preference for controlled instability over a decisive Western victory. The indirect use of Chinese-manufactured components in Russian drones further undermines China's credibility as a neutral actor.
FROM THE MEDIA: During a four-hour meeting in Brussels, Chinese Foreign Minister Wang Yi told EU foreign policy chief Kaja Kallas that China cannot allow Russia to lose the war in Ukraine, citing the risk of unopposed U.S. strategic dominance. The talks also addressed cybersecurity, trade, and rare earth supply chains. Despite official Chinese statements calling for peace, Western officials are skeptical, noting China’s tightening relationship with Moscow and reports that Chinese components have been found in Russian drones. On July 4, Russia’s missile and drone attacks near Kyiv and Odesa included debris allegedly marked "Made in China," with one drone striking China’s consulate in Odesa. Ukraine has also accused China of indirectly supporting Russia’s military capabilities, further straining Beijing’s peace narrative.
READ THE STORY: MSN
FSB-Linked Hackers Exploit ISP Access to Target Foreign Embassies in Moscow
Bottom Line Up Front (BLUF): Russian state-sponsored hacking group "Secret Blizzard" (also known as Turla) is targeting foreign embassies and diplomatic entities in Moscow through ISP-level access. Microsoft reports that the attackers can intercept encrypted communications and deploy malware via fake captive portals.
Analyst Comments: The use of ISP-level access enables highly effective man-in-the-middle attacks, posing a severe threat to diplomatic personnel. The deployment of custom malware like ApolloShadow and root certificate manipulation suggests sustained, deeply integrated surveillance activity. This campaign also reflects a broader trend of nation-state actors exploiting infrastructure-level vulnerabilities to maintain persistent access to sensitive data.
FROM THE MEDIA: Microsoft disclosed that foreign diplomatic missions in Moscow are under active cyber surveillance by hackers tied to Russia’s Federal Security Service (FSB), specifically Center 16. The actor, known as Secret Blizzard (aka Turla), is leveraging local ISPs to intercept internet traffic using adversary-in-the-middle (AiTM) techniques. Attackers trick victims into installing fake security certificates under the guise of legitimate software like Kaspersky AV, allowing the decryption of TLS/SSL traffic. Victims are redirected to fake login pages mimicking airport/hotel captive portals, triggering the download of ApolloShadow malware. Microsoft recommends that foreign diplomats in Moscow avoid using local ISPs and adopt satellite or VPN-based communication systems to mitigate exposure.
READ THE STORY: SEMAFOR
Hackers Breach Nokia Network via Third-Party Contractor, Expose Employee Data
Bottom Line Up Front (BLUF): A cybercriminal group known as "Tsar0Byte" claims to have breached Nokia’s internal network by exploiting vulnerabilities in a third-party contractor’s infrastructure. The alleged attack may have compromised sensitive information of over 94,500 employees, including contact details, internal documentation, and organizational data.
Analyst Comments: As major firms increase reliance on external vendors, attackers are shifting focus to weaker links with privileged access. Nokia’s recent security issues illustrate the urgency for organizations to adopt zero-trust models and intensify third-party risk assessments. Even if Nokia’s core systems remain uncompromised, exposed employee data creates new vectors for targeted phishing and espionage campaigns.
FROM THE MEDIA: Exfiltrated data allegedly includes full employee names, emails, job titles, departments, phone numbers, and ID numbers, as well as internal references and LinkedIn traces. Security experts believe access was gained via misconfigured access controls or default credentials. Nokia acknowledged awareness of the claims and is investigating, though no direct compromise of core infrastructure has yet been confirmed. This is Nokia’s second major third-party breach in under a year, following a November 2024 incident involving stolen credentials and source code.
READ THE STORY: GBhackers
Trump Deploys Nuclear Submarines Amid Escalating Tensions with Former Russian President
Bottom Line Up Front (BLUF): President Donald Trump has ordered repositioning U.S. nuclear submarines near Russian waters following a heated exchange with Dmitri Medvedev, former Russian president and current deputy chair of Russia’s Security Council. The move signals heightened military readiness as geopolitical rhetoric between the U.S. and Russia intensifies over Ukraine.
Analyst Comments: This rapid escalation reflects a growing risk of miscalculation in the U.S.-Russia cyber and kinetic standoff. Medvedev’s reference to “Soviet-era nuclear strike capabilities” suggests Moscow is willing to invoke Cold War-era deterrence language. In parallel with recent cyber campaigns targeting NATO supply chains, this military posture shift may reinforce American resolve while preparing for retaliatory hybrid cyber threats. The cyber domain will likely see increased probing of U.S. defense infrastructure in the coming days.
FROM THE MEDIA: The move followed a public online exchange with Dmitri Medvedev, who accused Trump of playing a “game of ultimatums” after Trump demanded a Ukrainian ceasefire within ten days or face new tariffs. Medvedev responded with a veiled threat, referencing Russia’s legacy nuclear strike capabilities. Trump warned that such rhetoric could lead to “unintended consequences,” implying a deterrence posture was warranted. The White House has not yet commented further; this remains a developing story.
READ THE STORY: Forbes
Microsoft Draws Fire as China Accuses U.S. of Cyberattacks Using Exchange Zero-Days
Bottom Line Up Front (BLUF): China has publicly accused the United States of launching prolonged cyberattacks on its defense sector using zero-day vulnerabilities in Microsoft Exchange. The Chinese government claims U.S. intelligence agencies exploited Microsoft systems for a year-long breach and leveraged SharePoint flaws to target sensitive Chinese infrastructure.
Analyst Comments: This escalation signals deepening cyber hostilities between two superpowers, with Microsoft increasingly caught in the geopolitical crossfire. While China’s attribution lacks independent verification, the incident illustrates the strategic importance of software supply chains in state-on-state cyber operations. These reciprocal accusations further undermine global norms and trust in enterprise cloud platforms. Expect increased scrutiny of U.S. tech companies by foreign regulators, particularly in authoritarian states.
FROM THE MEDIA: China’s Cyber Security Association accused U.S. intelligence of exploiting a Microsoft Exchange zero-day vulnerability from mid-2022 to 2023 to access the internal email systems of a major Chinese military contractor. In a separate case, U.S. operators allegedly compromised a communications and satellite defense firm via additional exploits. These allegations coincide with Microsoft’s own warnings about China-linked actors exploiting SharePoint vulnerabilities, which have affected over 400 organizations including U.S. federal agencies. As tensions rise, both nations are weaponizing cybersecurity disclosures in public diplomacy battles.
READ THE STORY: CyberScoop
China Grills Nvidia Over Alleged Backdoors in H20 AI Chips Amid Cybersecurity Tensions
Bottom Line Up Front (BLUF): Chinese regulators have summoned Nvidia CEO Jensen Huang over cybersecurity concerns tied to the company's H20 chips, citing fears the hardware can be tracked and remotely disabled. The incident threatens Nvidia’s renewed access to the Chinese market, just weeks after a U.S. export ban on the chips was lifted.
Analyst Comments: China’s accusations likely reflect genuine concerns about sovereignty, surveillance, and retaliatory pressure as U.S. lawmakers propose mandatory tracking in exported AI chips. The long-term implication may be a hardened bifurcation of AI supply chains, with both countries demanding sovereignty over compute infrastructure security. Expect more regulatory friction and tighter compliance mandates for vendors operating across both markets.
FROM THE MEDIA: The regulator summoned Nvidia executives to explain alleged capabilities to remotely track and disable the chips, citing U.S. legislative proposals like the Chip Security Act. Nvidia denied the claims, asserting that its chips do not contain remote access mechanisms. CEO Jensen Huang, who had been in Beijing to promote the resumed sales, now faces losing a lucrative market if trust cannot be restored. U.S. lawmakers have expressed concern that even downgraded chips like the H20 could empower Chinese military AI development. Meanwhile, Chinese officials stress that national cybersecurity laws must be upheld to protect users and infrastructure.
READ THE STORY: Fortune // Reuters
Echo Raises $15M to Deliver CVE-Free Container Base Images with AI
Bottom Line Up Front (BLUF): Security startup Echo has raised $15 million in seed funding to produce container-based images free from known vulnerabilities. The company leverages AI to build secure, enterprise-grade images that drastically reduce remediation times for CVEs, enabling organizations to strengthen software supply chains from the ground up.
Analyst Comments: Echo’s approach is a notable shift from traditional vulnerability management, which often focuses on patching known issues post-deployment. By eliminating CVEs from the base image itself, Echo promises a “clean-by-default” infrastructure model. This could accelerate DevSecOps pipelines and redefine how software containers are built and secured, especially amid mounting software supply chain attacks.
FROM THE MEDIA: Developers can adopt these images by swapping out the base in their Dockerfile, without switching to non-standard operating systems. Echo’s co-founders, Eilon Elhadad and Eylam Milner, previously founded Argon, acquired by Aqua Security in 2021. According to Elhadad, their solution cuts average vulnerability remediation times from 120 days to 24 hours, while remaining compatible with existing security scanners and CNAPPs.
READ THE STORY: SecurityWeek
Mexico Nears US Security Deal in Step Toward Trade Pact
Bottom Line Up Front (BLUF): The U.S. and Mexico are finalizing a major bilateral security deal focused on intelligence sharing, fentanyl interdiction, and firearms control. This agreement is a critical step toward easing tariff tensions and renegotiating aspects of the USMCA trade pact.
Analyst Comments: By tying fentanyl reduction and anti-cartel operations to tariff relief, Washington is reframing economic diplomacy around complex security concerns. Cybersecurity collaboration mentioned by Mexican military officials also indicates growing U.S. interest in securing digital supply chains and port infrastructure. The outcome could shape cross-border threat mitigation efforts across drug trafficking, cybercrime, and supply chain resilience.
FROM THE MEDIA: The agreement includes intelligence sharing, restricting chemical precursor imports, and clamping down on U.S.-origin firearms. President Trump delayed imposing increased tariffs on Mexico by 90 days to allow for progress in the talks. The pact could also open the door to broader trade discussions, revising aspects of USMCA and easing penalties on steel, copper, and aluminum exports. U.S. officials, including Secretary of State Marco Rubio, have praised Mexico’s cooperation, while members of Congress noted interest in cybersecurity coordination from Mexican armed forces. The deal may be finalized as early as next week.
READ THE STORY: Forbes
APT28 Uses AI-Powered Malware to Orchestrate Adaptive Cyberattacks Against Ukraine
Bottom Line Up Front (BLUF): According to Ukraine's cybersecurity agency CERT-UA, Russian state-sponsored hacking group APT28 is leveraging AI-driven malware that queries large language models (LLMs) during live operations to guide intrusions dynamically. This method allows malware to adapt its behavior in real-time, significantly complicating detection and response efforts.
Analyst Comments: APT28's use of a Chinese open-source LLM (Qwen2.5-Coder-32B-Instruct) for real-time command logic highlights the risks of unregulated, publicly accessible AI models. As these AI tools proliferate, defenders must shift toward behavior-based analytics and AI-specific threat detection strategies to counter increasingly adaptive malware.
FROM THE MEDIA: CERT-UA reported that APT28, a well-known Russian threat actor, employed AI-driven malware that interacts with a public LLM during attacks on Ukrainian networks. Instead of executing pre-coded instructions, the malware queried Hugging Face-hosted Qwen2.5 for contextual next steps based on live reconnaissance. This AI-in-the-loop capability allowed the malware to generate and execute dynamic code during the command-and-control phase. The incident follows broader trends noted at the 2025 Munich Security Conference and by cybersecurity firms like Zscaler, which report growing use of generative AI for phishing, malware creation, and data exploitation. U.S. experts warn that such AI-powered capabilities may soon be used for disruptive or destructive operations against critical infrastructure.
READ THE STORY: FDD
Items of interest
Pwn2Own Ireland Offers $1 Million for Zero-Click WhatsApp Exploit
Bottom Line Up Front (BLUF): Meta sponsors a $1 million prize at Pwn2Own Ireland 2025 for a zero-click remote code execution (RCE) exploit targeting WhatsApp. The unprecedented reward underscores growing concerns around secure messaging platforms and highlights WhatsApp’s appeal as a high-value target for researchers and threat actors.
Analyst Comments: The dramatic increase in prize money from previous years signals rising industry concern about exploiting zero-click vulnerabilities—attacks that require no user interaction and are notoriously difficult to detect or mitigate. Messaging apps like WhatsApp, which operate at the intersection of personal and business communication, are prime targets for surveillance and cybercriminal activity. This bounty could lead to significant discoveries, but it also signals that offensive capabilities are evolving faster than defenses, raising the stakes for all mobile users.
FROM THE MEDIA: Trend Micro’s Zero Day Initiative (ZDI) revealed prize details for Pwn2Own Ireland 2025, set for October 21–24 in Cork. Meta’s top reward is for a zero-click RCE exploit in WhatsApp, offering up to $1 million. Additional awards include $500,000 for a one-click RCE and $150,000 for zero-click account takeover. Exploits for accessing device sensors and data remotely can fetch up to $130,000. Other Pwn2Own targets include Pixel 9, iPhone 16, Meta Ray-Ban smart glasses, and the Meta Quest headset. The event expands to cover USB attack vectors, networked home devices, and lateral movement scenarios. Last year, no zero-click WhatsApp exploits were successfully demonstrated, making this year’s record prize all the more significant.
READ THE STORY: SecurityWeek
Inside Pwn2Own Berlin: AI Categories & Global Hackers (Video)
FROM THE MEDIA: ZDI is a vendor‑agnostic bug bounty program that buys zero‑day vulnerabilities from researchers across vendors like Microsoft, Apple, Cisco, etc.; they work with vendors to patch these flaws proactively. Pwn2Own originated in 2007 as a contest to “pwn” new devices (e.g. MacBooks) and claim them, evolving today into a global competition with multi‑million dollar payouts.
How China Is Building an Army of Hackers (Video)
FROM THE MEDIA: China and the US are locked in a constant struggle for information, using cyber espionage to gain strategic advantage. Recently leaked files have shed light on rapid advances in China’s cyber capabilities as both nations prepare for any future conflict.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.