Wednesday, Aug 20, 2025 // (IG): BB // GITHUB // SN R&D
China and Russia Accelerate Electronic Warfare Dominance, Challenging U.S. Military Superiority
Bottom Line Up Front (BLUF): Both China and Russia have made long-term investments in advanced electronic warfare (EW) capabilities, now demonstrating superiority in contested environments like Ukraine and the South China Sea. China’s integration of AI and 6G in EW systems and Russia’s battle-proven spectrum dominance reveal growing challenges for U.S. military operations reliant on precision communications and stealth platforms.
Analyst Comments: China and Russia are leveraging EW for tactical disruption and as strategic tools to undermine U.S. force projection. Russia’s doctrine, shaped by decades of modernization and real-world conflict, shows the effectiveness of persistent EW operations in the Ukraine war. Meanwhile, China’s fusion of AI, photonics, and 6G technologies enables real-time jamming, deception, and targeting of advanced U.S. assets like the F-35 and satellite networks. The convergence of cyber and EW in both nations underscores a shift toward cognitive warfare—forcing the U.S. to rethink its dependence on unprotected electromagnetic spectrum assets and to accelerate its own EW modernization.
FROM THE MEDIA: Maj. Nelson Godbolt emphasized that the U.S. Army is only now reestablishing its EW formations, deprioritizing them post-9/11. In contrast, Russia preserved and refined its EW doctrine and hardware for over 30 years. On the battlefield in Ukraine, Russian forces deploy over 300 EW systems per tactical group, ranging from handheld GPS jammers to high-end radar countermeasures. Godbolt noted Russia’s ability to jam U.S. comms and deny precision targeting, highlighting the gap in U.S. capabilities. Simultaneously, China has revealed cutting-edge 6G-enabled EW systems capable of generating thousands of radar decoys, targeting F-35s, and disrupting satellite communications. These systems, integrated with AI and fielded by the PLA Strategic Support Force, operate across domains and leverage real-time data processing to neutralize adversary assets. China's South China Sea EW infrastructure and “intelligentized warfare” doctrine further emphasize its shift toward multi-domain electronic dominance.
READ THE STORY: AFCEA
UK Drops Apple Encryption Backdoor Demand Under U.S. Pressure
Bottom Line Up Front (BLUF): The UK government has reportedly withdrawn its demand for Apple to weaken iPhone encryption after pressure from the White House. U.S. Director of National Intelligence Tulsi Gabbard confirmed the move, citing concerns over civil liberties and the potential exposure of Americans' private data.
Analyst Comments: This retreat marks a significant win for Apple and sets a precedent against government-mandated encryption backdoors in Western democracies. U.S. intervention likely stemmed from fears that a UK-enforced vulnerability could undermine the security of U.S. citizens and corporate data, given the global nature of Apple’s infrastructure. While the UK’s ambitions to regulate encryption remain intact, this outcome may chill further unilateral attempts, especially amid rising global scrutiny of surveillance laws. However, tech firms must remain vigilant, as similar pressures will likely re-emerge under different legislative guises.
FROM THE MEDIA: The demand, issued via a Technical Capability Notice (TCN) under the Investigatory Powers Act, would have forced Apple to compromise end-to-end encryption for UK users. Apple had resisted the order, even disabling its Advanced Data Protection (ADP) for UK iCloud users in February. The situation escalated into a legal battle in the UK’s Investigatory Powers Tribunal. However, U.S. intelligence officials, led by Tulsi Gabbard, intervened over fears that a UK backdoor could compromise American citizens’ data. Apple has not officially commented, and the Home Office has neither confirmed nor denied the reversal.
READ THE STORY: The Register
DOJ Charges RapperBot Creator Behind 370,000 DDoS Attacks Targeting Global Infrastructure
Bottom Line Up Front (BLUF): The U.S. Department of Justice has charged 22-year-old Ethan Foltz from Oregon for operating RapperBot, a DDoS-for-hire botnet responsible for over 370,000 attacks across 80+ countries. The botnet, which infected up to 95,000 IoT devices, has now been dismantled under Operation PowerOFF, an international crackdown on cybercrime infrastructure.
Analyst Comments: RapperBot's evolution from Mirai and fBot lineage to a fully monetized DDoS service demonstrates the ongoing threat posed by weaponized IoT botnets. Its expansion into cryptojacking and ransom DDoS campaigns highlights the profitability and versatility of such botnets in modern cybercrime ecosystems. The dismantling effort shows growing cooperation between public and private sectors, but the bar for launching high-volume attacks remains dangerously low. Expect successors to emerge as toolkits and tactics from RapperBot become public or repurposed.
FROM THE MEDIA: U.S. authorities arrested Ethan Foltz, who allegedly ran RapperBot—a botnet also known as Eleven Eleven Botnet and CowBot—used in DDoS-for-hire schemes since 2021. The botnet targeted vulnerable IoT devices like routers and DVRs using SSH/Telnet brute-force attacks and infected over 45,000 systems globally, with attacks reaching over 6 Tbps. RapperBot was also involved in extortion-based DDoS attacks and illicit Monero mining campaigns. The FBI traced Foltz through digital footprints, including Gmail, PayPal, and suspicious search histories. The case is part of Operation PowerOFF, aimed at dismantling DDoS services worldwide.
READ THE STORY: THN
CCP's Rare Earth Export Ban Sparks Supply Crunch, India Seeks Alternative Partners for EV Industry
Bottom Line Up Front (BLUF): China’s recent ban on exporting key rare earth elements has triggered a global supply crunch, severely impacting electric vehicle (EV) and clean energy industries. India, heavily reliant on Chinese imports, is exploring new strategic partnerships to secure access to critical minerals essential for its energy transition and EV goals.
Analyst Comments: The ban presents both a supply chain risk and a strategic opening for India. If India can diversify sourcing—through domestic mining, international alliances, or recycling—it may strengthen its industrial self-reliance. Expect increased bilateral activity with Australia, the U.S., and African nations as India recalibrates its rare earth strategy.
FROM THE MEDIA: China's decision to ban the export of certain rare earth elements—citing "strategic national interests"—has disrupted global supplies, causing prices to surge. The ban particularly affects dysprosium and terbium, which are vital for EV motors and advanced defense systems. India’s EV manufacturers and electronics sector, which rely heavily on Chinese imports, are already reporting delays and increased production costs. In response, the Indian government is accelerating talks with countries like Australia, Brazil, and Vietnam to secure new supply chains. The Centre is also evaluating public-private partnerships to invest in domestic rare earth extraction and processing, which remains underdeveloped despite India’s mineral reserves.
READ THE STORY: Times of India
GodRAT Malware Targets Financial Firms with Screensaver and Steganography Attacks
Bottom Line Up Front (BLUF): A newly identified Remote Access Trojan named GodRAT—derived from the Gh0st RAT codebase—is actively targeting financial institutions, particularly in Asia and the Middle East. Distributed through Skype using deceptive .scr and .pif files, the malware leverages steganography and DLL injection for stealthy access and credential theft.
Analyst Comments: GodRAT marks a significant evolution in legacy APT tooling, fusing historical Gh0st RAT infrastructure with modern techniques like steganographic payload delivery and multi-stage injection. Its targeting of financial sectors and usage of expired certificates suggest a persistent and well-resourced threat actor, likely linked to the Winnti group. The malware’s modular architecture, reliance on public software like AsyncRAT, and capability to evade AV via AMSI/ETW patching reinforce the need for behavioral analytics and robust email/skype attachment filtering at the endpoint level.
FROM THE MEDIA: A Gh0st RAT variant is being delivered through malicious .scr and .pif files sent via Skype, disguised as financial documents. Linked to the Winnti APT group, GodRAT utilizes image-based steganography to hide shellcode, which is loaded through signed but expired binaries like Valve.exe. The malware uses plugin-based modules such as FileManager to perform reconnaissance and deploy secondary implants like Chrome password stealers and AsyncRAT. The malware performs process injection using self-extracting executables, decrypts C2 configurations via XOR, and transmits compressed, encoded system data. The campaign has been active across Hong Kong, UAE, Lebanon, Malaysia, and Jordan, targeting financial and brokerage firms.
READ THE STORY: GBhackers
China and Russia Use Sanctions-Evasion Oil Networks to Fund Strategic Operations, Including Electronic Warfare Expansion
Bottom Line Up Front (BLUF): A sophisticated global oil smuggling network—originating in Iran and later adapted for Russian crude—has funneled billions of dollars into China, circumventing Western sanctions. The profits from these operations are likely bolstering Chinese and Russian investments in electronic warfare (EW), cyber, and intelligence infrastructure, further challenging U.S. strategic dominance.
Analyst Comments: Through naval mortgages, front companies, and opaque ownership structures, China has quietly imported sanctioned oil while avoiding confrontation with sanctions regimes. These shipments' financial windfall enables Russia and China to reinforce their military technology development—including 6G-enabled EW systems, AI-driven signal warfare, and counter-space capabilities. This “gray zone” economic warfare supports the very tools—like cognitive EW and SIGINT platforms—being used to undermine Western military readiness.
FROM THE MEDIA: A clandestine oil trading network centered around a company called Ocean Glory Giant used naval mortgages and offshore holding firms to transport Iranian, Russian, and Venezuelan crude to China. Between 2019 and 2024, over 130 million barrels of oil—worth nearly $10 billion—were delivered using a “dark vessels” fleet operated under Chinese shell companies. These ships were often mortgaged via Swiss intermediaries to secure trades outside traditional banking systems. The network expanded after 2022 to include sanctioned Russian oil following the Ukraine invasion. Many ships have since been added to U.S. sanctions lists, but China continues to oppose “illegal unilateral sanctions.” This financial network mirrors broader military cooperation and strategic coordination between the three states.
READ THE STORY: FT
Nvidia Prepares Blackwell-Based B30A GPU for China Amid Rising AI Export Tensions
Bottom Line Up Front (BLUF): Nvidia is reportedly developing a scaled-down version of its high-performance B300 GPU, codenamed B30A, specifically for the Chinese market. The chip would bypass current U.S. export controls while delivering performance well above the restricted H20 accelerator—sparking renewed scrutiny from U.S. lawmakers and signaling potential shifts in AI chip trade policy under the Trump administration.
Analyst Comments: The B30A may offer Nvidia a strategic hedge—designed to straddle evolving regulatory boundaries while maintaining access to China’s massive AI market. However, the move will also intensify domestic political backlash and raise questions about enforcing export rules. With China reportedly pressuring companies to avoid Nvidia products for sensitive workloads, the B30A may have limited local impact but broad geopolitical consequences. It also signals how hardware firms adapt to a bifurcated tech landscape where every chip is a diplomatic chess piece.
FROM THE MEDIA: Nvidia’s reported development of the B30A GPU represents both a calculated business strategy and a flashpoint in the broader U.S.–China AI technology standoff. As Washington and Beijing escalate their tug-of-war over advanced semiconductors, each chip design becomes a proxy for deeper power, control, and security conflicts in the AI age. Whether the B30A reaches Chinese customers depends as much on diplomatic maneuvering as on silicon specs.
READ THE STORY: The Register
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
Bottom Line Up Front (BLUF): Threat actors exploit a critical remote code execution vulnerability in Apache ActiveMQ (CVE-2023-46604) to deploy a new Linux malware downloader dubbed DripDropper. Unusually, attackers patch the exploited flaw post-compromise to maintain exclusive access and evade detection.
Analyst Comments: By using legitimate services like Dropbox for C2 and leveraging PyInstaller executables to resist analysis, these actors are complicating traditional detection methods. This campaign underscores the growing risk of cloud-focused malware and the importance of aggressive patch management. Expect more threat actors to adopt this “exploit-then-patch” approach as a stealth tactic in future intrusions.
FROM THE MEDIA: Red Canary disclosed that unknown actors exploit CVE-2023-46604, a critical RCE vulnerability (CVSS 10.0) in Apache ActiveMQ, to gain persistent access to Linux cloud systems. The attackers deploy DripDropper, a password-protected ELF downloader built with PyInstaller that communicates with a Dropbox C2 channel. After initial access, they modify SSH configurations for root login, install persistence via cron directories, and patch the original ActiveMQ vulnerability using Apache Maven. Red Canary observed varied post-compromise tooling, including Sliver and Cloudflare Tunnels, signaling a sophisticated, long-term strategy. This mirrors tactics reported earlier by France’s ANSSI involving similar exploit-then-patch behavior by Chinese APTs.
READ THE STORY: THN
Microsoft Teams "Couldn’t Connect" Bug Resolved After Sidebar Update Disrupts Global Access
Bottom Line Up Front (BLUF): A recent sidebar interface update in Microsoft Teams caused widespread login failures globally, with users encountering a “couldn’t connect to this app” error. Microsoft has deployed a partial fix, with complete remediation expected by August 21, 2025. The issue is not linked to any security breach, and a workaround via the left-hand navigation menu has been provided.
Analyst Comments: While not a security incident, this disruption highlights the risks of pushing UI updates without thorough regression testing in widely used enterprise platforms. Integrating to remote and hybrid workforces, teams suffered reduced functionality due to a non-critical change, reinforcing the need for robust quality control pipelines. Although Microsoft was transparent and responsive, the incident underscores how even minor code changes in large-scale SaaS ecosystems can cascade into major service interruptions.
FROM THE MEDIA: Originating from an unoptimized code flow introduced during a sidebar enhancement update, the bug caused connection failures in desktop and web versions. Microsoft emphasized that the issue posed no data security risk and provided a temporary workaround: navigating directly to “Activity” or “Chat” in the left-hand sidebar. As of August 19, 25% of infrastructure had been patched, with complete resolution expected by August 21 at 6:30 PM UTC. In parallel, Microsoft disclosed a separate, high-severity remote code execution vulnerability in Teams (CVE-2025-53783), unrelated to the connectivity issue.
READ THE STORY: GBhackers
AI Escalates U.S.–China Cybersecurity Race into a Full-Spectrum Strategic Competition
Bottom Line Up Front (BLUF): Artificial Intelligence has become the defining front in the cybersecurity race between the United States and China. Top U.S. officials openly declare AI a national security priority as China aggressively advances AI-powered information warfare and cyber-espionage operations. The strategic competition now spans infrastructure, governance standards, and digital control—threatening to redefine the balance of global power.
Analyst Comments: China is demonstrating a sophisticated fusion of AI with propaganda, cyber-operations, and system pre-positioning, while the U.S. is responding with open-source innovation, DARPA-backed AI challenges, and a renewed strategic framework under the Trump administration. The competition is not merely about superiority in code—it's about shaping the future of digital conflict and global governance. Deterrence will depend not only on defensive resilience but on the credibility and reach of AI-enabled cyber capabilities.
FROM THE MEDIA: They emphasized that the speed and scale of threats, especially from Chinese adversaries, demand AI-powered defenses capable of detecting and responding in real time. Their remarks come amid a broader shift in U.S. posture, as the Trump administration rolls out an AI Action Plan emphasizing public-private collaboration and critical infrastructure protection. Simultaneously, China's cyber units—like the Salt Typhoon group—leverage AI for advanced espionage campaigns against U.S. telecom and academic institutions. Analysts believe this rivalry extends far beyond tactical hacks, forming the backbone of a long-term strategic confrontation over digital power.
READ THE STORY: Bloomberg
Trump-Ukraine Drone Deal Signals U.S. Reindustrialization and Strategic Deterrence Shift
Bottom Line Up Front (BLUF): President Trump’s newly announced drone deal with Ukraine, valued between $10 billion and $30 billion, is more than a military export—it’s a strategic pivot toward rapid U.S. defense reindustrialization and Indo-Pacific deterrence. By leveraging Ukraine’s battlefield-tested drone innovation, the U.S. aims to close its industrial gap in unmanned systems and regain momentum in the AI-enabled security race against Russia and China.
Analyst Comments: Rather than waiting for slow domestic ramp-ups, the Trump administration is outsourcing initial scale-up to Ukraine—already the global leader in drone production under fire. The agreement could help buy time for the U.S. to rebuild its defense manufacturing base while directly enhancing readiness in potential Indo-Pacific flashpoints. Strategically, it sends a clear message to Beijing and Moscow: the U.S. is serious about rearming with innovative, faster, and more combat-ready technologies.
FROM THE MEDIA: The deal follows his meeting with Russian President Vladimir Putin in Alaska, allowing the U.S. to integrate Ukrainian-designed unmanned systems into American force posture. Ukraine, having produced over 1.7 million drones in 2024 alone, is now considered the world’s most experienced and effective drone innovator. The partnership will help the U.S. address urgent shortfalls in expendable, networked, and autonomous drone systems critical to Indo-Pacific operations. Key benefits include operational support, accelerated R&D, and talent acquisition, with long-term implications for industrial policy, force design, and global military technology leadership.
READ THE STORY: The Hill
Massive VPN Security Flaws Exposed: Chinese-Linked Apps Put Millions at Risk
Bottom Line Up Front (BLUF): New research has revealed that over 700 million downloads of popular VPN apps on the Google Play Store are tied to three hidden corporate "families" with connections to Chinese firms, including sanctioned entities like Qihoo 360. These VPNs share insecure codebases, cryptographic flaws, and hard-coded credentials, leaving users vulnerable to traffic decryption and surveillance.
Analyst Comments: This study reinforces growing concerns that popular VPN apps—often marketed under different names—are controlled by the same backend infrastructure and operators, some linked to Chinese intelligence-adjacent companies. The systemic reuse of insecure libraries and embedded credentials undermines user privacy and creates a large-scale attack surface for state and criminal actors. As VPN use grows amid global censorship and surveillance fears, a lack of transparency and weak cryptographic hygiene in these apps poses a serious threat to journalists, dissidents, and everyday users alike. Regulatory oversight and protocol reform are urgently needed.
FROM THE MEDIA: The researchers, building on work from VPN Pro and Tech Transparency Project, identified three VPN “families” operating apps like Turbo VPN, VPN Proxy Master, and others—many falsely claiming Singapore-based operations while being linked to Chinese entities. Technical analysis revealed shared flaws such as hard-coded encryption keys, deprecated ciphers (e.g., RC4-MD5), and shared server infrastructure. Attackers can use tools like Frida to decrypt user traffic in real time. One group’s apps used DNS port tunneling with embedded passwords, exposing users to in-path attacks and data exfiltration. The researchers called for stronger forensic auditing tools and urged providers to adopt secure encryption practices like AEAD ciphers.
READ THE STORY: GBhackers
Items of interest
Trump Floats Air Support Role in Postwar Ukraine Security While Warning Putin Over Peace Deal
Bottom Line Up Front (BLUF): Donald Trump has signaled U.S. support for postwar security guarantees for Ukraine, suggesting a possible American role “by air” while ruling out ground troop deployments. Trump also warned Vladimir Putin of a “rough situation” if he rejects peace negotiations and confirmed U.S. coordination of a potential Putin-Zelenskyy summit to end the conflict.
Analyst Comments: His emphasis on air-based support may include ISR (intelligence, surveillance, and reconnaissance) operations or deterrence patrols, but the ambiguity could fuel uncertainty among NATO allies and adversaries. With Trump distancing the U.S. from NATO-style guarantees while brokering bilateral diplomacy, the burden shifts further to Europe. The evolving security framework will test Kyiv’s flexibility and Moscow’s willingness to negotiate, especially as territorial concessions remain a red line.
FROM THE MEDIA: President Donald Trump told Fox News that the U.S. may play a postwar role in Ukraine’s security “by air,” without deploying ground forces. His press secretary clarified there would be “no boots on the ground,” but affirmed U.S. support for coordinating security guarantees with European allies. Trump also said the U.S. is arranging a bilateral summit between Russian President Vladimir Putin and Ukrainian President Volodymyr Zelenskyy, followed by a potential trilateral meeting. European leaders, seeking to frame Russia as the holdout, are actively coaching Zelenskyy for talks and preparing a summit agenda. Meanwhile, disputes remain over Russian territorial demands in Donetsk and Luhansk, which Kyiv continues to reject.
READ THE STORY: FT
Trump Floats Air Support For Ukraine As Part Of Security Guarantees (Video)
FROM THE MEDIA: President Trump is floating providing U.S. pilots and warplanes as part of security guarantees for post-war Ukraine as he pushes for an end to Russia’s war against the country.
Russia-Ukraine War: President Trump Signals U.S. Air Support To Zelensky for Kyiv's Security (Video)
FROM THE MEDIA: President Trump is floating providing U.S. pilots and warplanes as part of security guarantees for post-war Ukraine as he pushes for an end to Russia’s war against the country.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.