Daily Drop (1174)
11-07-25
Friday, Nov 07, 2025 // (IG): BB // GITHUB // SN R&D
China Orders State-Funded Data Centers to Eliminate Foreign AI Chips, Targeting Nvidia and U.S. Tech
Bottom Line Up Front (BLUF): China has issued a sweeping directive requiring all state-funded data centers still under construction to remove or cancel orders for foreign AI chips, including Nvidia’s H20, AMD, and Intel offerings. The move further accelerates Beijing’s decoupling from Western technology, bolstering domestic chipmakers like Huawei and Cambricon while effectively shutting Nvidia out of the Chinese AI data center market, where it once held a 95% share.
Analyst Comments: These must halt the use of foreign semiconductors, with projects further along subject to individual review. Impacted hardware includes Nvidia’s H20 (the most advanced AI chip Nvidia can legally sell to China), as well as blacklisted models like the B200 and H200, which may still flow through unofficial channels. Nvidia’s share in China’s AI chip market has collapsed from 95% in 2022 to zero, and some new data center builds have been paused or canceled. A source confirmed that one large project never broke ground after receiving the guidance. Meanwhile, Chinese firms like Huawei, Enflame, Cambricon, and MetaX are poised to fill the vacuum, despite domestic production constraints stemming from U.S. sanctions on semiconductor tooling.
READ THE STORY: Technology ORG
Chinese APTs Escalate Espionage Targeting U.S. Foreign Policy Networks
Bottom Line Up Front (BLUF): Chinese state-linked threat groups—specifically APT41, Kelp, and Space Pirates—have been observed conducting coordinated cyber-espionage operations against U.S. non-profits engaged in foreign policy advocacy. Recent intrusions exploited known vulnerabilities (Log4j, Atlassian OGNL, Apache Struts) and employed DLL sideloading, scheduled persistence, and lateral movement techniques. The activity reinforces China’s long-term goal of shaping international policy by covertly gaining access to strategic information networks.
Analyst Comments: The targeting of U.S. think tanks and advocacy organizations tied to China policy is a direct extension of Beijing’s strategic doctrine—treating non-governmental policy influencers as legitimate espionage targets. The operational overlap between APT41 subgroups and others like Kelp and Space Pirates shows continued tool sharing and convergence in objectives. While some of the techniques (like DLL sideloading via signed VipreAV components) are well-documented, their continued success reflects persistent defender gaps in supply chain trust and lateral movement detection. As Chinese groups prioritize stealth and credential theft over noise, defenders should be more aggressive in threat hunting, behavioral monitoring, and identity security.
READ THE STORY: GBhackers
Russia-Linked APTs Escalate, While China Expands to Latin America: ESET Flags Global Surge in State-Sponsored Cyber Operations
Bottom Line Up Front (BLUF): ESET’s latest APT Activity Report (April–September 2025) confirms a sharp escalation in state-aligned cyber activity, led by Russian, Chinese, Iranian, and North Korean threat actors. Russia continues prioritizing destructive attacks in Ukraine, while China is expanding its influence operations into Latin America. The report highlights growing sophistication, inter-group cooperation, and emerging tactics such as adversary-in-the-middle (AiTM) and internal phishing.
Analyst Comments: Russia-linked groups accounted for 40% of observed APT activity, with campaigns focusing on Ukraine and European countries supporting Kyiv. RomCom exploited a WinRAR zero-day, while Sandworm deployed new wipers (ZEROLOT, Sting) against Ukrainian logistics and government networks—Gamaredon’s collaboration with Turla hints at increased cross-unit coordination. China’s 26% share of activity included high-impact operations in Latin America. FamousSparrow targeted five governments in the region. SinisterEye and PlushDaemon hijacked software updates via AiTM to stay undetected, reflecting growing tradecraft maturity. Analysts see a direct link between these campaigns and China’s strategic push near critical trade zones.
READ THE STORY: Help Net Security
South Korea Moves to Expand Espionage Law Beyond North Korea: Intelligence Gaps Draw National Scrutiny
Bottom Line Up Front (BLUF): South Korea is preparing to revise its 72-year-old espionage law to criminalize intelligence leaks to any foreign country, not just North Korea. Prompted by recent espionage involving China and backed by President Lee Jae-myung, the proposed revision seeks to close long-standing legal blind spots that have allowed foreign actors to avoid prosecution under current law.
Analyst Comments: This legal gap allowed suspected Chinese operatives to walk free, even after engaging in surveillance of sensitive military sites. Data from South Korean police also shows that of 25 overseas tech leakage cases last year, 18 were tied to China. Calls to revise the law intensified after a military officer leaked classified information about an agent to China. While a bill passed subcommittee review, it was stalled by lawmakers citing potential for misuse. Justice Minister Jung Sung-ho is now pushing to finalize the law, with broad executive support and signals of willingness from key Democratic Party leaders.
READ THE STORY: The Chosun Daily
China Expands Predictive Surveillance Using AI at Scale
Bottom Line Up Front (BLUF): At a recent AI and public safety conference in Beijing, Chinese authorities and tech firms showcased advanced surveillance technologies, including multilingual voice recognition, behavior-detecting robots, and predictive analytics platforms. These tools are being integrated into China’s already extensive surveillance ecosystem, aiming to tighten control over civil society—particularly in ethnic minority regions. The U.S. government remains concerned, citing the program as justification for semiconductor export restrictions.
Analyst Comments: At a luxury hotel in Beijing, Chinese police and AI firms gathered to promote next-gen surveillance tools under the banner of public safety. Presentations included AI platforms for identifying protest symbols, smart locks for tenant monitoring, and voice systems trained on over 200 dialects. iFlytek, a firm linked to ethnic monitoring programs, claims its tools support national security and the preservation of minority languages. Despite U.S. sanctions, companies like Huawei and Hikvision continue to push domestic alternatives to foreign chips. Experts note that China’s effectiveness isn’t just about technical precision, but also about the psychological effect of knowing one might be watched, making surveillance a tool of behavioral compliance.
READ THE STORY: RHC
Congress Presses for Federal Tech Strategy to Counter China’s 6G and Supply Chain Reach
Bottom Line Up Front (BLUF): U.S. congressional leaders are urging a formalized national strategy to advance 6G development and restrict Chinese technology from critical infrastructure. Lawmakers warn that failing to counter China’s dominance in 5G has left the U.S. vulnerable, and a similar lapse with 6G would pose even greater risks to the country’s industrial and national security.
Analyst Comments: Rep. Raja Krishnamoorthi (D-Ill.) and House Republicans sent separate letters to the Secretaries of State and Commerce urging action on 6G and foreign technology threats. Krishnamoorthi criticized past underinvestment in trusted 5G alternatives and called for the U.S. to take a leadership role in global 6G standards to prevent a repeat of China’s dominance. GOP leaders echoed national security concerns, warning that vulnerable telecom or industrial systems are now strategic liabilities. Both groups emphasized the need for a straightforward, resourced, and unified federal approach.
READ THE STORY: SC MEDIA
A “Bletchley Method” for the Quantum Era: Strategic Blueprint for Post-Quantum Cryptography
Bottom Line Up Front (BLUF): The U.S. and its allies need a coordinated, operational, and verifiable post-quantum cryptography (PQC) transition plan—modeled on Bletchley Park’s wartime fusion of science, engineering, and operations. As quantum computing advances, today’s public-key cryptography is at risk of obsolescence. A failure to move beyond guidance and into execution could leave systems vulnerable to “harvest-now, decrypt-later” attacks and fragment international cryptographic standards.
Analyst Comments: Mauritz Kop argues the U.S. should emulate WWII-era Bletchley Park by unifying science, policy, and deployment to manage the global transition to post-quantum cryptography. Domestically, this means mandated adoption timelines, automated validation, real-world testing, and procurement incentives—turning draft standards like NIST FIPS 203–205 into operational defaults. Internationally, allies must co-develop standards to prevent a splintered internet. Kop proposes a joint certification regime, coordinated testing labs, crypto-failure clearinghouses, and even a G7-backed “International Quantum Agency” to audit and enforce baselines. The report urges U.S. leadership not just through diplomacy, but by executing first at home.
READ THE STORY: War on the Rocks
Time to Detect Is Dead: Morphisec Pushes “Time to Prevent” as the New Security Metric
Bottom Line Up Front (BLUF): In response to accelerating, AI-powered cyberattacks, Morphisec argues that traditional detection metrics like Mean Time to Detect (MTTD) no longer cut it. The modern threat landscape demands preemptive defense—where the priority is preventing execution, not chasing alerts. Their solution? Deception-based Automated Moving Target Defense (AMTD), which morphs memory at runtime to stop attacks before they launch, neutralizing zero-days, info stealers, and credential-based intrusions.
Analyst Comments: In a blog post, Morphisec CMO Brad LaPorte (former Gartner analyst and U.S. military intelligence officer) makes the case for redefining security success. Rather than tracking how quickly threats are discovered, LaPorte argues that defenders must shift to time-to-prevent—a metric focused on stopping breaches outright. He cites IBM’s 2025 reports showing massive increases in infostealer malware, credential misuse, and AI-driven phishing. In this environment, adversaries use deception to exploit trust and persistence. Morphisec counters with its patented AMTD tech, which dynamically reconfigures runtime environments to deflect attacks, making memory layouts unpredictable and preventing attackers from executing payloads—even zero-days. The result is fewer alerts, no dwell time, and blocked attacks that never trigger alarms.
READ THE STORY: Morphisec
Iranian Threat Group Claims Breach of Israeli Defense Contractor Maya Engineering
Bottom Line Up Front (BLUF): Iranian state-linked group Cyber Toufan claims it maintained covert access to Israeli defense contractor Maya Engineering’s network for over 18 months, compromising internal security camera feeds and QNAP archives. The group alleges lateral movement to other Israeli defense firms, including Elbit and Rafael, with access to sensitive devices and operational footage involving drones, missiles, and tanks. While not independently confirmed, the scope and persistence of the alleged breach raise serious concerns about the security of critical infrastructure and third-party exposure in defense supply chains.
Analyst Comments: The intrusion vector—exploitation of internet-connected surveillance devices and storage systems—highlights a critical blind spot in many OT/IT environments: unmanaged peripheral devices. Long dwell time suggests poor visibility into internal communications and a lack of rigorous segmentation between video surveillance, storage, and engineering environments. The attacker’s taunt about recording “meetings with sound and video for over a year” speaks not just to espionage success, but psychological warfare. Whether or not lateral compromise into Elbit and Rafael occurred, the reputational and trust implications within the Israeli defense sector are substantial. This incident reinforces the need for active monitoring of non-traditional endpoints, hardened physical security systems, and ongoing validation of third-party interconnectivity.
READ THE STORY: SC Media
China Blames Netherlands for Supply Chain Chaos in Nexperia Dispute
Bottom Line Up Front (BLUF): Beijing is publicly criticizing the Dutch government for its “improper interference” in the internal operations of Nexperia, a Dutch chipmaker owned by China’s Wingtech. Following the Netherlands’ decision to temporarily seize control of Nexperia under national security laws, China claims the move has disrupted the global semiconductor supply chain and has warned of diplomatic and trade consequences if no resolution is found.
Analyst Comments: China’s Ministry of Commerce condemned the Dutch government’s actions in the Nexperia case, accusing it of ignoring “reasonable demands” during bilateral consultations and causing “significant disruptions” in chip supplies. The dispute follows the Netherlands’ Sept. 30 move to seize temporary control of Nexperia, citing national and EU security concerns about technology transfer. In response, China has restricted exports from Nexperia’s factories in China. Nexperia, though not a high-end chipmaker, produces critical components for cars and consumer electronics, making its operations strategically sensitive. Chinese officials warned the Netherlands to “act responsibly” to avoid further deterioration in EU-China trade relations.
READ THE STORY: AA
Items of interest
Ukraine’s Cyber War Lessons: How Russian Tactics Are Stress-Testing Global Defenses
Bottom Line Up Front (BLUF): Ukraine’s frontline experience with Russian cyber aggression offers hard-earned lessons for allied cyber strategy. Since 2014, and with renewed intensity post-2022, Russia has used Ukraine as a live-fire lab for evolving cyber warfare—blending phishing, disinformation, malware, and kinetic operations. These tactics, once refined, are repurposed globally. Ukraine’s defense posture—built on hybrid public-private cooperation, rapid incident response, and volunteer mobilization—provides a scalable model but raises legal, operational, and ethical challenges.
Analyst Comments: Oleksandr Bakalynskyi and Maggie McDonough argue that Ukraine is not only a victim of Russian cyber operations—it’s also a live battlefield shaping modern cyber doctrine. Since 2014, cyberattacks on energy grids, government networks, and media platforms have accompanied kinetic aggression. Ukrainian defenders now coordinate across government, private companies, and a vast volunteer network (such as the IT Army), executing rapid-response operations and digital countermeasures. However, challenges persist: a lack of consistent vetting for volunteers, legal ambiguity regarding their combatant status, and friction between classified NATO intelligence and Ukraine’s operational needs.
READ THE STORY: AC
CyberWar 2022: From Eastern Europe to Across the Globe (Video)
FROM THE MEDIA: Russia’s full-on military attack of Ukraine was prefaced by cyberattacks on the country’s information systems. Now, the United States and its allies are bracing for cyber escalation and digital sabotage in retaliation for sanctions. In this provocative session, “This Is How They Tell Me the World Ends” author Nicole Perlroth connects with Jonathan Reiber of AttackIQ about this frightening new theater of destruction. Can the genie ever be put back in the bottle?
When Governments Hack – Ukraine vs Russia Cyberwarfare (Video)
FROM THE MEDIA: In today’s digital battlefield, wars aren’t only fought with tanks and missiles — they’re fought with cyberattacks. The Ukraine vs Russia conflict has revealed a new era of cyberwarfare, where governments, hackers, and cyber defense units engage in digital strikes, data breaches, and hacking campaigns.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.