Daily Drop (1132)

09-09-25

Tuesday, Sep 09, 2025 // (IG): BB // GITHUB // SN R&D

Chinese Cyber Spies Impersonate U.S. Lawmaker in Trade Espionage Campaign

Bottom Line Up Front (BLUF): Suspected Chinese state-sponsored hackers impersonated Rep. John Moolenaar (R-MI), chairman of the House Select Committee on China, in phishing emails targeting stakeholders involved in U.S.–China trade negotiations. During high-level diplomatic engagements, the attackers used spyware-laden documents and cloud services to exfiltrate sensitive information.

Analyst Comments: The impersonation of a sitting lawmaker marks a bold escalation in tactics, blurring the line between cyber operations and political warfare. Given the timing—during active trade talks—the goal appears to be policy manipulation rather than mere intelligence gathering. Expect similar threats to increase as diplomatic tensions with China rise.

FROM THE MEDIA: A Chinese-linked cyber-espionage group impersonated Rep. John Moolenaar in phishing emails sent to U.S. government personnel, legal and policy experts, business groups, and even foreign officials. The emails appeared to solicit feedback on draft legislation but instead delivered spyware capable of compromising recipient systems. This operation coincided with U.S.–China trade meetings in Sweden and was traced back to actors associated with China's Ministry of State Security. The FBI and Capitol Police are investigating. A prior January 2025 campaign by the same group targeted committee staffers using credential-harvesting tactics disguised as communications from a Chinese SOE, ZPMC.

READ THE STORY: House Select Committee // Axios

Taiwan's LNG Supply Chain at Risk from Chinese Influence Over Qatar, Think Tank Warns

Bottom Line Up Front (BLUF): A U.S.-based think tank, the Foundation for Defense of Democracies (FDD), has warned that Taiwan’s heavy reliance on Qatari liquefied natural gas (LNG) presents a national security risk due to Qatar's susceptibility to Chinese influence. Following a July tabletop exercise simulating cyber-enabled economic warfare (CEEW) by China, the FDD urged Taiwan to diversify energy sources, including shifting LNG procurement to the U.S. and strengthening energy storage, grid security, and renewables.

Analyst Comments: Taiwan's 30% reliance on Qatari LNG, combined with its limited storage capacity, makes it vulnerable to rapid energy shocks in the event of a blockade or diplomatic coercion. Strengthening ties with U.S. and Australian LNG suppliers, expanding renewables, and reinforcing cyber defenses could mitigate risks—but would require significant political will and investment. As tensions rise in the Taiwan Strait, ensuring uninterrupted energy supply may become as vital as traditional military preparedness.

FROM THE MEDIA: The exercise simulated Chinese efforts to cripple Taiwan’s economy through cyber, diplomatic, and maritime tactics aimed at disrupting energy imports. Nearly half of Taiwan's electricity is LNG-generated, with 30% sourced from Qatar under a 27-year agreement signed in 2024. The report warned that China could exploit this dependency by pressuring Qatar to halt shipments, forcing Taiwan to ration electricity between essential services and its semiconductor industry. The FDD called for Taiwan to diversify energy contracts—specifically with the U.S.—and to enhance both physical and cybersecurity for infrastructure like ports and cranes. It also recommended reactivating nuclear plants and building societal resilience to withstand long-term coercion.

READ THE STORY: Taiwan News // TT

Nepal Lifts Social Media Ban Amid Deadly Anti-Corruption Protests Defying Curfew

Bottom Line Up Front (BLUF): Protests against corruption and digital censorship erupted in Kathmandu after the Nepali government banned social media platforms, resulting in violent clashes that left 19 people dead and over 100 injured. Despite an indefinite curfew, mainly Gen Z youth demonstrators returned to the streets, prompting the government to lift the ban on social platforms.

Analyst Comments: The digital blackout fueled public outrage and raised cybersecurity and digital rights concerns in the region. With India closely watching and mounting political pressure, the situation may force Kathmandu to reconsider its internet governance and surveillance approach. The protests also reveal Gen Z's growing political power and online platforms' strategic role in modern civic mobilization.

FROM THE MEDIA: On Monday, security forces fired tear gas and rubber bullets at crowds attempting to breach Parliament, killing 19 and injuring over 100. Despite an indefinite curfew declared in Kathmandu, demonstrators—primarily young people—defied orders and regrouped across the city. Prime Minister K.P. Sharma Oli lifted the social media ban on Tuesday and promised compensation for victims' families, free medical care for the injured, and an investigation into the violence. The unrest has led to cabinet resignations and international concern, with India calling for peaceful dialogue.

READ THE STORY: Reuters // The Record

Iran’s Electricity Crisis Sparks Internal Power Struggle Between Industry and Energy Ministries

Bottom Line Up Front (BLUF): Iran’s ongoing electricity shortages have ignited a public clash between the Ministry of Industry and Energy, with industrial leaders accusing energy officials of mismanagement and unfair blackouts. Despite steep tariff increases, power cuts have intensified across industrial and residential sectors, worsening Iran’s energy crisis.

Analyst Comments: The government's inability to provide reliable electricity—even after industrial rates reportedly rose 30 times since 2018—suggests systemic failures and growing dissatisfaction among regime-aligned factions. As cyber threats to power infrastructure rise globally, Iran’s strained grid could also become more vulnerable to disruption from external adversaries or internal sabotage. The situation underscores how energy instability can ripple into economic decline and civil unrest.

FROM THE MEDIA: On September 6, Deputy Industry Minister Ebrahim Sheikh publicly denounced the Energy Ministry for failing to deliver stable power to industries, accusing it of policy failure and eroding trust. Despite a dramatic rise in industrial electricity costs—up to 30 times higher than in 2018—blackouts have intensified, affecting factories and households, with outages beginning as early as May. Sheikh criticized the Energy Ministry’s approach and called outages to be shifted away from production sectors. Meanwhile, Iranian citizens have reported unaffordable utility bills and repeated disruptions, with at least five fatalities linked to recent outages. The regime has deflected responsibility by urging citizens to “consume less” and “turn off lights,” despite widespread frustration.

READ THE STORY: Iran Focus

Hackers Target U.S. Water Systems as Critical Infrastructure Faces Rising Cyber Risk

Bottom Line Up Front (BLUF): Small-town water utilities across the U.S. are facing a growing wave of cyber threats, as attackers increasingly target vulnerable critical infrastructure. NPR reports that facilities like Cavendish, Vermont's wastewater treatment plant, are actively fighting against attacks, following high-profile breaches at American Water and a Massachusetts utility infiltrated by Chinese hackers for nearly a year.

Analyst Comments: Water systems represent a vulnerable sector in the cyber threat landscape—often underfunded, under resourced, and reliant on outdated industrial control systems (ICS). Nation-states and criminal actors view them as attractive targets due to their essential public service and weak defenses. The breach in Massachusetts highlights how long adversaries can dwell undetected in these networks. Even small municipalities must adopt enterprise-grade cybersecurity strategies as attacks become more targeted and persistent. Expect increased federal attention and regulatory scrutiny around water sector cyber defense in the coming year.

FROM THE MEDIA: Once focused mainly on chemical balances and wastewater processes, Hughes now includes cybersecurity in his day-to-day responsibilities. The segment highlights how hackers, including those linked to Chinese state actors, compromised a Massachusetts utility for nearly a year and targeted American Water, the country’s largest wastewater utility, in October 2024. These incidents underscore the heightened risk to essential services like water, which are increasingly in the crosshairs of advanced persistent threats (APTs). While larger utilities may have some defenses, local operators like Hughes are often the last line of defense, making grassroots cybersecurity education and support essential.

READ THE STORY: NPR

Pakistan Uses Chinese-Built Firewall and Western Tech to Spy on Millions

Bottom Line Up Front (BLUF): Amnesty International has revealed that Pakistan is conducting mass surveillance through phone tapping and a Chinese-supplied internet firewall, monitoring millions of citizens and blocking over 650,000 websites. The report highlights the use of both Chinese and Western technologies in building this vast digital surveillance system.

Analyst Comments: Pakistan’s integration of Western interception gear with a Chinese firewall system shows how authoritarian capabilities can be assembled through hybrid supply chains. With surveillance reaching 4 million phones and social media access increasingly restricted, the precedent set here could embolden other states to expand digital authoritarianism under the guise of national security. The impact on civil liberties and online dissent in Pakistan—especially in conflict zones like Balochistan—is likely to worsen.

FROM THE MEDIA: Amnesty International’s latest report accuses Pakistan of operating a sweeping digital surveillance regime that includes the Lawful Intercept Management System (LIMS) for tapping mobile phones and a Chinese-made WMS 2.0 firewall to filter internet access. LIMS can monitor at least 4 million phones, while the firewall can handle 2 million internet sessions and currently blocks over 650,000 URLs. The system was confirmed during a 2024 Islamabad High Court case, despite official denials from intelligence agencies. The firewall, built by China’s Geedge Networks, incorporates components from Niagara Networks (USA), Thales DIS (France), and a Chinese state-owned IT firm. Western companies have either denied knowledge of misuse or remained silent.

READ THE STORY: Reuters

Nation-States Leverage Cybercriminal Proxies for Espionage, Ransomware, and Influence Operations

Bottom Line Up Front (BLUF): A joint white paper from Health-ISAC and CI-ISAC Australia reveals that nation-states are increasingly outsourcing cyber operations to criminal proxies and hacktivist groups to advance geopolitical agendas. The report outlines how states like Russia, China, Iran, and North Korea blend espionage, ransomware, and faketivism, using criminal infrastructure to maintain plausible deniability.

Analyst Comments: Governments tolerate and actively enable criminal groups that serve national interests. This convergence significantly complicates attribution and defense, as traditional state or criminal activity indicators no longer apply cleanly. Organizations must now treat even low-level criminal threats as potential extensions of state-backed campaigns—especially in critical infrastructure, healthcare, and defense-adjacent sectors.

FROM THE MEDIA: The report details how Russian intelligence has used ransomware tools from criminal gangs like those allegedly connected to APT44/Sandworm, while North Korea directly funds its regime through cryptocurrency theft and fake remote IT workers. Iran is highlighted for sponsoring fake hacktivist groups like CyberAv3ngers, and China for leveraging private contractors under the guise of commercial firms such as I-Soon. These hybrid actors use publicly available tools to avoid attribution, route attacks through compromised Western infrastructure, and operate under laws like China’s 2017 National Intelligence Law, which mandates corporate cooperation with espionage. The report also offers guidance on mitigation, including DDoS protection, MFA enforcement, risk assessments, and segmented networks to reduce damage during intrusions.

READ THE STORY: Industrial Cyber