Daily Drop (1127)

09-03-25

Wednesday, Sep 03, 2025 // (IG): BB // GITHUB // SN R&D

China Unveils Advanced Nuclear Triad and Hypersonic Arsenal in 80th WWII Victory Anniversary Parade

Bottom Line Up Front (BLUF): China conducted a massive military parade on September 3, 2025, in Beijing's Tiananmen Square, unveiling its complete nuclear triad capabilities, including the new DF-61 ICBM, JL-1 air-launched atomic missile, and multiple hypersonic weapons systems. President Xi Jinping, flanked by Vladimir Putin and Kim Jong-un, oversaw the display of advanced military hardware while emphasizing China's stance on the "right side of history" amid growing global tensions.

Analyst Comments: The simultaneous presence of Putin, Kim, and Xi—the first gathering—sends an unmistakable message about emerging military alignments counter U.S. interests. The unveiling of the complete nuclear triad (land-based DF-61/DF-5C, sea-based JL-3, and air-launched JL-1) alongside multiple hypersonic delivery systems demonstrates China has achieved parity with U.S. and Russian strategic capabilities. The emphasis on unmanned systems, including "loyal wingman" drones and XLUUVs, indicates China's commitment to asymmetric warfare capabilities that could prove decisive in Taiwan Strait or South China Sea contingencies.

FROM THE MEDIA: The upgraded DF-5C can reportedly carry 10 MIRV warheads with a global strike range. Hypersonic systems featured prominently, including the YJ-21 (Mach 6-10), CJ-1000 long-range hypersonic cruise missile, and the YJ-20 "aircraft carrier killer" combining ballistic missile speed with cruise missile maneuverability. The HQ-29 anti-ballistic missile system, comparable to the U.S. SM-3 interceptor, demonstrated China's expanding missile defense capabilities, including anti-satellite potential. Advanced unmanned systems included AI-equipped combat drones, extra-large underwater vehicles, and the GJ-11 stealth UCAV serving as "loyal wingmen" to crewed aircraft. Xi's speech emphasized China standing on the "right side of history" while warning the world faces questions of "dialogue or confrontation and peace or war." Unlike 2015's parade featuring international troops, this year's display was exclusively Chinese, though attended by leaders from Russia, North Korea, Iran, Belarus, and Malaysia. The event concluded with releasing 80,000 peace doves and balloons, juxtaposing the military display with peace symbolism.

READ THE STORY: SCMP

Chinese Factory Footage Found in Downed Russian "Gerbera" Drone Reveals Supply Chain Links

Bottom Line Up Front (BLUF): Ukrainian forces discovered video footage from a Chinese manufacturing facility in Shenzhen's Aotexing Science Park on a recovered Russian "Gerbera" drone camera system. The Viewpro A40 camera, commercially priced at $2,999, was geolocated to a specific Chinese factory, providing evidence of China's dual-use technology exports supporting Russia's military operations despite Beijing's claims of neutrality in the Ukraine conflict.

Analyst Comments: The Viewpro A40's sophisticated features—40x optical zoom, AI tracking, and anti-interference housing—represent exactly the type of dual-use technology that transforms commercial products into military assets. The presence of factory test footage suggests either poor operational security or rushed deployment bypassing standard data sanitization procedures. China's role as a critical supplier of "non-lethal" components that are essential for lethal systems highlights the inadequacy of current export control regimes. The March 2025 reports of new CRPA antennas on Shahed drones designed to defeat Ukrainian electronic warfare further demonstrates an evolving supply chain responding to battlefield conditions. This creates a strategic dilemma: confronting China over component supplies risks pushing Beijing toward more explicit military support for Russia.

FROM THE MEDIA: Defense outlet Militarnyi identified the production facility location, with independent verification by the Cyber Boroshno community confirming coordinates in Shenzhen's high-tech manufacturing district. The camera system features advanced capabilities marketed for commercial surveillance but readily adaptable for military reconnaissance and targeting. Previous reporting indicates Shahed kamikaze drones have been upgraded with new 16-element CRPA antennas specifically engineered to counter Ukrainian jamming systems, suggesting ongoing technical collaboration between Russian military requirements and Chinese manufacturing capabilities. While China maintains it does not provide lethal aid to Russia and supports peaceful resolution, the continuous flow of dual-use components enables sustained Russian drone operations against Ukrainian infrastructure.

READ THE STORY: SOFX

Industry Groups Urge Congress to Expand State and Local Cybersecurity Grant Program to $4.5B

Bottom Line Up Front (BLUF): The State and Local Cybersecurity Grant Program (SLCGP) expires on September 30, 2025. Five major industry groups are pressing Congress to renew it and expand it to $4.5 billion over two years. Advocates cite rising global cyber threats and the program’s success in enhancing local cybersecurity readiness as key reasons for continued investment.

Analyst Comments: As threats from state-sponsored actors like China and Russia intensify, underfunded municipalities remain soft targets. Increasing the grant amount would help close longstanding capability gaps and institutionalize collaboration between state and local entities. If Congress fails to act, hard-won gains in threat intelligence sharing and infrastructure protection could be rolled back, making U.S. communities more vulnerable to cyberattacks.

FROM THE MEDIA: Originally funded at $1 billion over four years, the program is scheduled to end this month. The letter requests $4.5 billion over the next two years, citing success stories in states like Kentucky, Maryland, and New Hampshire, as well as escalating threats from foreign actors such as Volt Typhoon, a Chinese hacking group. The letter warns that failure to renew the program will halt progress and expose communities to greater risk. Advocates point to bipartisan support, endorsements from officials like CISA Director Sean Plankey, and favorable reports from the GAO as signs the program could survive congressional budget cuts affecting other cyber initiatives.

READ THE STORY: STATESCOOP

Industry Groups Urge Congress to Expand State and Local Cybersecurity Grant Program to $4.5B

Bottom Line Up Front (BLUF): The State and Local Cybersecurity Grant Program (SLCGP) expires on September 30, 2025. Five major industry groups are pressing Congress to renew it and expand it to $4.5 billion over two years. Advocates cite rising global cyber threats and the program’s success in enhancing local cybersecurity readiness as key reasons for continued investment.

Analyst Comments: As threats from state-sponsored actors like China and Russia intensify, underfunded municipalities remain soft targets. Increasing the grant amount would help close longstanding capability gaps and institutionalize collaboration between state and local entities. If Congress fails to act, hard-won gains in threat intelligence sharing and infrastructure protection could be rolled back, making U.S. communities more vulnerable to cyberattacks.

FROM THE MEDIA: Originally funded at $1 billion over four years, the program is scheduled to end this month. The letter requests $4.5 billion over the next two years, citing success stories in states like Kentucky, Maryland, and New Hampshire, as well as escalating threats from foreign actors such as Volt Typhoon, a Chinese hacking group. The letter warns that failure to renew the program will halt progress and expose communities to greater risk. Advocates point to bipartisan support, endorsements from officials like CISA Director Sean Plankey, and favorable reports from the GAO as signs the program could survive congressional budget cuts affecting other cyber initiatives.

READ THE STORY: CYBERSCOOP

FCC Investigation Jeopardizes Cyber Trust Mark IoT Security Program Over China Ties

Bottom Line Up Front (BLUF): The FCC’s Cyber Trust Mark program—designed to certify the security of IoT devices—has stalled following an internal investigation into UL Solutions, the lead administrator selected to oversee the initiative. The probe centers on UL’s business ties with China, which raise national security concerns and threaten to derail the entire effort before its official launch.

Analyst Comments: The Cyber Trust Mark program is a rare bipartisan initiative to improve baseline IoT cybersecurity, yet it's now caught in geopolitical crossfire. The FCC’s scrutiny of UL’s China ties illustrates the growing U.S. policy trend of decoupling from foreign influence in critical technology domains. If the investigation removes UL or further delays certification, it could dampen industry momentum and discourage vendor participation. However, global regulatory pressure, including from the EU’s Cyber Resilience Act, may keep industry interest high—if the FCC can resolve leadership uncertainty quickly.

FROM THE MEDIA: UL Solutions, a longtime product testing leader, was chosen to administer the program. However, shortly after President Trump’s re-election, new FCC Chairman Brendan Carr investigated UL’s joint venture with a Chinese state-owned entity and its use of labs in China. While no formal action has been taken, the investigation has effectively paused the program’s progress. Despite UL’s denial of wrongdoing and insistence on transparency, uncertainty around the investigation has created concern in both the tech industry and national security circles. Experts warn that prolonged delays could damage the program's credibility and deter companies—like LG and Samsung—from submitting products for certification.

READ THE STORY: CyberSecDive

FBI: Chinese Cyberespionage at Risk Due to Dependence on Domestic Tech Firms

Bottom Line Up Front (BLUF): The FBI has highlighted a critical vulnerability in Chinese state-sponsored cyber operations tied to the country's reliance on private domestic tech companies. A lack of tight government oversight over these firms has enabled U.S. and allied intelligence agencies to uncover their involvement in campaigns like Salt Typhoon.

Analyst Comments: This dynamic reflects a growing tension between authoritarian control and market-based tech innovation in China's cyber ecosystem. The exposure of firms such as Sichuan Juxinhe Network Technology suggests future breaches in attribution may become easier as these companies leave digital footprints. Increased international pressure and intelligence sharing may accelerate the unraveling of similar covert operations in the near term.

FROM THE MEDIA: The U.S. has linked companies like Sichuan Juxinhe Network Technology and two others to the long-running Salt Typhoon cyberespionage campaign. Bilnoski emphasized that the Chinese Communist Party’s reliance on these "enabling companies" without strong oversight introduces a risk of operational exposure. The attribution of Salt Typhoon’s activities over the past four years to these companies underscores this vulnerability. Bilnoski called for broader global action against China’s “indiscriminate” cyber operations, urging U.S. citizens and international allies to remain vigilant.

READ THE STORY: SCMEDIA

Items of interest

China Thinks It’s Winning the Cyberwar: State-sponsored acts like "Salt Typhoon" expose their Insecurities

Bottom Line Up Front (BLUF): China simultaneously displays advanced cyber warfare capabilities in military parades and defense white papers while maintaining blanket denials of offensive cyber operations. The September 2025 military parade featured dedicated Cyberspace Force units, electronic warfare systems, and AI-enabled platforms, with state media describing cyber capabilities as "strategic support for winning informationized warfare." Meanwhile, the Ministry of Foreign Affairs asserts that China has "never engaged in cyber attacks" and is the "world's primary victim" of such activities.

Analyst Comments: China's 2019 Defense White Paper explicitly stated the PLA "accelerates the development of cyber forces" and builds "cyber defense capabilities," carefully avoiding offensive terminology. The 2024 establishment of the independent Cyberspace Force, elevated to equal status with traditional service branches, signals cyber's strategic importance. State media regularly highlights PLA cyber competition victories—including consistent top rankings in international capture-the-flag exercises—while Foreign Ministry spokespersons denounce "groundless accusations" of Chinese hacking. This deliberate ambiguity allows Beijing to project strength to domestic audiences and potential adversaries while avoiding international legal liability or sanctions.

FROM THE MEDIA: The Global Times has published articles about China's "world-class cyber defense capabilities" and the need to "deter cyber hegemony," while never acknowledging offensive operations. PLA Daily featured the Strategic Support Force's "electromagnetic spectrum dominance" exercises, describing only defensive scenarios. Chinese military academies publish extensive research on "cyber deterrence theory" and "active defense in cyberspace"—concepts that technically include preemptive strikes—while maintaining these are purely theoretical frameworks. Ministry of State Security recruitment videos highlight "defending national cyber borders" with dramatic footage of analysts at keyboards, though officially these personnel only conduct "security reviews." When confronted with specific attribution like Salt Typhoon, Foreign Ministry spokesperson Wang Wenbin stated China "opposes and cracks down on all forms of cyber attacks" and called for "objective evidence rather than presumption of guilt."

READ THE STORY: Foreign Affairs

Information support formation passes through Tian'anmen Square (Video)

FROM THE MEDIA: China's information support equipment was unveiled in Wednesday's V-Day military parade. The formation included vehicles of cloud computing, digital intelligence, air-ground networks, and integrated information. They can quickly establish new types of cyber systems to support joint operations.

China Military Parade 2025 LIVE: Putin and Kim Jong Un Attend China's Victory Day Parade (Video)

FROM THE MEDIA: The "Victory Day" parade on Wednesday will see Kim rub shoulders with China's President Xi Jinping, Russia's Vladimir Putin and other world leaders - making it his first multilateral international meeting. Kim crossed into China on Tuesday onboard his armoured train, which is said to include a restaurant serving fine French wines and dishes like fresh lobster. Kim's attendance marks the first time a North Korean leader has attended a Chinese military parade since 1959. He will be among 26 other heads of state - including leaders from Myanmar, Iran and Cuba.

The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.