Daily Drop (1178)
11-12-25
Wednesday, Nov 12, 2025 // (IG): BB // GITHUB // SN R&D
Longest U.S. Government Shutdown Nears End as House Prepares Key Vote
Bottom Line Up Front (BLUF): The U.S. House of Representatives is set to vote on a short-term funding bill that would end the record-breaking 42-day government shutdown. The Senate has already passed the compromise legislation, and House Speaker Mike Johnson has signaled it will clear the House. The stopgap measure funds the government through January 30, 2026, restoring federal operations temporarily but setting the stage for another potential crisis early next year.
Analyst Comments: The deal funds the government through January 30, continues SNAP food assistance through September 2026, and temporarily bars further cuts to the federal workforce. Healthcare subsidies for 24 million Americans—set to expire at year’s end—were omitted, though Senate Republicans agreed to a separate December vote. House Democrats are divided, with progressive members calling the deal a capitulation. President Trump, expected to sign the bill, called the shutdown unnecessary and repeated his intention to reduce the federal workforce and discretionary spending unilaterally.
READ THE STORY: Reuters
Resilient Infrastructure as Strategic Deterrence: Why Recovery Matters More Than Retaliation
Bottom Line Up Front (BLUF): A new analysis from ASPI’s Jason Van der Schyff argues that modern deterrence increasingly hinges not on retaliation, but on a nation’s ability to absorb and recover from disruption—especially to its critical infrastructure. Cyber and hybrid threats targeting energy grids, digital systems, and supply chains are designed to sow confusion without provoking conventional war. The ability to keep functioning under pressure—deterrence by resilience—signals to adversaries that attacks will fail to achieve strategic objectives.
Analyst Comments: Grid downtime, communication failures, or cloud outages can have outsized effects if systems can’t recover quickly. Van der Schyff nails the point—resilience is not just technical, it’s psychological. It denies adversaries confidence. Exercises, redundancies, and fallback systems aren’t luxuries; they’re frontline defenses. For defenders, that means thinking beyond firewalls and patching toward failure modes, recovery timelines, and interdependence modeling. It also calls for tighter public-private coordination, especially with operators who own most of the attack surface.
READ THE STORY: ASPI
State-Backed APTs Target Construction Sector via Supply Chain and Stolen Credentials
Bottom Line Up Front (BLUF): The construction industry is under sustained targeting by Chinese, Russian, North Korean, and Iranian advanced persistent threat (APT) groups, according to a Rapid7 report. Threat actors are using phishing, stolen credentials, and third-party access to breach construction networks and exfiltrate sensitive data. Most access is brokered through dark web marketplaces offering RDP, SSH, Citrix, and VPN credentials—often verified with screenshots and reputation scoring systems.
Analyst Comments: Construction firms are attractive soft targets due to rapid digitization, weak segmentation, and heavy reliance on contractors and vendors. The presence of nation-state APTs suggests an interest not only in IP and bid data but also in mapping physical infrastructure and exploiting supply chain dependencies. Expect this targeting to persist as long as credentials remain cheap and defenses remain fragmented. Vendor access, exposed RDP, and unmonitored VPN use should be top concerns for defenders in the sector.
READ THE STORY: SC MEDIA
VanHelsing Ransomware-as-a-Service Hits Multi-Platform Targets with Silent Mode, ARM Support, and Advanced Evasion
Bottom Line Up Front (BLUF): A new Ransomware-as-a-Service (RaaS) offering, VanHelsing, is rapidly expanding and targeting Windows, Linux, BSD, ARM, and ESXi systems. First observed in March 2025, the operation features advanced evasion capabilities, flexible encryption options, and aggressive lateral movement tools—raising the bar for affiliate-driven ransomware campaigns. With a $5,000 buy-in, affiliates receive a complete attack platform and keep 80% of profits, incentivizing mass-scale deployment across diverse environments.
Analyst Comments: VanHelsing isn’t novel in concept, but its execution is technically sharp and operationally aggressive. Its multi-platform targeting, ARM and ESXi support, and “silent” two-phase execution mode clearly indicate an intent to bypass modern EDR heuristics and target hybrid enterprise networks. The use of Curve25519 and ChaCha20 makes recovery without backups impractical. Its affiliate model, flexible C2 panel, and payload customization will likely drive adoption among mid-tier ransomware crews. Defenders should expect VanHelsing to follow a LockBit-style trajectory unless takedowns or key leaks intervene. Key red flag: its propagation module leverages psexec and selectively avoids CIS targets—hallmarks of ransomware operations hosted or tolerated in Russia. This may imply tacit alignment with criminal groups operating under geopolitical constraints.
READ THE STORY: Cyber Press
Chinese Cybersecurity Watchdog Accuses U.S. of Seizing $13.2B in Bitcoin from Mining Pool Hack
Bottom Line Up Front (BLUF): China’s top cybersecurity agency, the CVERC, has accused the U.S. of unlawfully acquiring over 127,000 BTC—now worth $13.2 billion—from a 2020 mining pool hack. The watchdog alleges the U.S. seized the funds through covert means and later rebranded them as criminal assets linked to “pig butchering” scams. U.S. authorities say the funds were tied to Chen Zhi, a Cambodian businessman accused of crypto fraud. Blockchain evidence from Elliptic, Arkham, and TRM Labs shows alignment between the DOJ’s seizure and earlier thefts, but definitive attribution remains disputed.
Analyst Comments: The Chinese National Computer Virus Emergency Response Center (CVERC) claims the U.S. seized 127,272 BTC originally stolen from LuBian, a Chinese mining pool, in late 2020. At the time, the stash was worth $3.5B; it’s now valued at over $13B. U.S. authorities allege the funds belonged to Chen Zhi, a Cambodian-Chinese national accused of leading a global “pig-butchering” crypto scam involving forced labor and fraud. According to blockchain analytics firm TRM Labs, the seized Bitcoin originated from 25 unhosted wallets linked to Chen, but how U.S. authorities gained control remains unclear. Movement of funds to U.S.-tagged wallets in mid-2024 has fueled speculation. Beijing is calling it cyber theft. Washington is calling it asset forfeiture.
READ THE STORY: Decrypt // Bloomberg
US Coal Fleet Framed as “First Line of Defense” in National Security Argument
Bottom Line Up Front (BLUF): A new editorial from energy policy commentator T.L. Headley argues that coal remains a critical backbone of U.S. national defense infrastructure. With mounting concerns over grid resilience and supply chain reliability, Headley contends that dismantling the coal fleet in favor of intermittent renewables risks crippling America’s ability to sustain military operations during conflict or crisis. He cites coal’s stockpiled availability, its role in steel production, and its independence from foreign supply chains as unmatched strategic assets.
Analyst Comments: As cyber and kinetic threats to energy infrastructure grow, the case for “stackable,” on-site fuel becomes more than rhetorical. From a security lens, coal’s appeal is clear: offline storage, zero reliance on pipelines or global markets, and high surge capacity. While the article downplays environmental concerns, it surfaces a real tension: the energy transition has outpaced military and industrial planning for wartime contingencies. If grid resilience is part of deterrence, then shuttering baseload assets without hardened replacements risks becoming a self-inflicted vulnerability. This narrative may influence future DoD energy policy, especially around base-level generation, blackstart capabilities, and defense manufacturing continuity.
READ THE STORY: RealClearEnergy
Multiple Ivanti Endpoint Manager Vulnerabilities Allow Authenticated Arbitrary File Writes
Bottom Line Up Front (BLUF): Ivanti has patched three high-severity vulnerabilities in Ivanti Endpoint Manager (EPM), including a newly disclosed flaw (CVE-2025-10918) that allows local authenticated users to write arbitrary files to disk. This could enable attackers to bypass system protections, escalate privileges, or maintain persistence. Affected versions include EPM 2024 SU3 SR1 and earlier. Ivanti urges customers to upgrade to version 2024 SU4, as legacy 2022 builds will not receive patches.
Analyst Comments: While the requirement for local authentication reduces exploitability slightly, the impact remains significant—especially in enterprise environments where lateral movement often follows initial compromise. CVE-2025-10918 highlights the danger of insecure default file permissions (CWE-276), a recurring issue in endpoint management tools. The fact that all three CVEs allow arbitrary writes suggests systemic permission mismanagement in the EPM agent design. Organizations still running the deprecated 2022 branch are now exposed with no vendor support. Patch now, and treat unpatched hosts as high risk.
READ THE STORY: Cyber Press
Chinese APTs Probing Australia’s Infrastructure for “High-Impact Sabotage,” Warns ASIO Chief
Bottom Line Up Front (BLUF): Australia’s top intelligence official says hackers linked to the Chinese state are actively targeting the nation’s critical infrastructure in what he calls a mounting threat of “cyber-enabled sabotage.” ASIO Director-General Mike Burgess warns that probing activity by groups like Salt Typhoon and Volt Typhoon has increased, putting essential services—water, power, telecoms, and transport—at risk of coordinated disruption or destruction in the next five years.
Analyst Comments: Volt Typhoon’s operations in the US have already revealed the playbook: persistent, stealthy access to infrastructure with a long game in mind. If Australia is seeing similar activity, the implications go beyond data theft—this is about staging for geopolitical coercion or wartime disruption. The fact that outages unrelated to foreign interference have already shown societal fragility adds urgency. Expect a policy response, but defenders shouldn’t wait. Assume compromise, harden OT environments, and test for dormant persistence.
READ THE STORY: BBC
US Army Stands Up Indo-Pacific Information Warfare Unit to Counter Chinese Disinformation
Bottom Line Up Front (BLUF): The US Army has activated the 1st Theater Information Advantage Detachment (TIAD) in Hawaii, a 65-member unit designed to combat hostile disinformation and bolster resilience among Indo-Pacific allies. This is the first of three TIADs planned globally by 2026 and directly targets malign influence operations, especially from China, which continues to escalate gray zone and cognitive warfare tactics across the region.
Analyst Comments: The 1st TIAD, based at Fort Shafter, Hawaii, consists of integrated teams spanning cyber intelligence, psychological operations, public affairs, civil affairs, electronic warfare, and broader information operations. According to its commander, Col. Sean Heidgerken, the unit is focused on “promoting transparency” and enabling partner nations to resist malign state-sponsored influence. CSM Avery Bennett pointed to Chinese coercion in the South China Sea as a key motivator. Two more TIADs are planned: one under Army Cyber Command in Georgia (Spring 2026) and one under U.S. European Command (Fall 2026). Taiwan officials, meanwhile, continue to highlight China’s hybrid warfare efforts targeting democratic cohesion.
READ THE STORY: Taiwan News
APT-C-08 Weaponizes WinRAR Directory Traversal Flaw (CVE-2025-6218) to Target South Asian Government Systems
Bottom Line Up Front (BLUF): APT-C-08 (aka BITTER), a South Asia-linked state-sponsored threat group, is actively exploiting a critical vulnerability in WinRAR (CVE-2025-6218) to deploy persistent malware on government systems. The flaw allows directory traversal during file extraction, enabling attackers to drop malicious Word templates that auto-execute macros on document open—granting long-term access to compromised systems.
Analyst Comments: WinRAR may be a legacy tool, but it’s ubiquitous—and often ignored in patching cycles. By weaponizing a path traversal bug, APT-C-08 bypasses traditional security controls with precision, planting macro-enabled templates in Microsoft’s auto-load paths. The tradecraft is quiet, adequate, and persistent. If your asset inventory includes vulnerable WinRAR versions (≤ 7.11), this needs to be prioritized now. This isn’t spray-and-pray ransomware—it’s targeted espionage with staying power.
READ THE STORY: GBhackers
KnownSec Leak Exposes Chinese Cyber Contractor’s Espionage Playbook and Global Data Haul
Bottom Line Up Front (BLUF): Over 12,000 internal documents from Chinese cybersecurity firm KnownSec—widely linked to Chinese military and intelligence operations—have leaked online, revealing details about the company’s hacking tools, contracts with Chinese government agencies, and data collection activities in at least 28 countries. The leak includes stolen immigration data, telecom records, and infrastructure mappings, raising concerns over the scope of China’s commercial cyber-espionage operations.
Analyst Comments: This leak mirrors the earlier i-SOON dump and further lifts the veil on China’s cyber mercenary ecosystem. KnownSec, best known for the ZoomEye search engine, now appears to be a significant player in mapping—and in some cases exploiting—leaky global infrastructure. The 80-entity target list and large datasets exfiltrated from countries like India, Taiwan, South Korea, and Brazil point to long-term, opportunistic surveillance likely used for strategic or intelligence objectives.
READ THE STORY: Risky Biz
Age Verification Systems Under Fire: Discord and Tea App Breaches Expose ID Data Goldmine
Bottom Line Up Front (BLUF): Recent breaches involving Discord and the Tea app have exposed the growing cybersecurity risks tied to mandatory age verification systems. Both platforms collected sensitive personal data—such as photo IDs and selfies—to comply with new laws, such as the UK’s Online Safety Act. APTs and cybercriminals are increasingly targeting these repositories, especially when third-party vendors are involved, creating rich targets for identity theft and AI-driven fraud.
Analyst Comments: Regulators mandate rigorous age checks, but leave enforcement of privacy and data minimization to vague guidance. In reality, platforms outsource these checks to third-party vendors, often beyond jurisdictional reach, where data-deletion promises are unverifiable. For attackers, photo IDs and facial data are high-value assets—ideal for identity fraud, account takeover, and deepfake generation. The proliferation of such verification regimes across sectors (social media, gaming, adult content, dating) guarantees this won’t be the last headline. Until there’s actual audit power behind “delete after use” claims, assume collected data will be retained—and eventually breached.
READ THE STORY: The Conversation
Ukraine Formalizes Ban List for Sanctioned and Unsafe Software
Bottom Line Up Front (BLUF): Ukraine has enacted a formal legal mechanism to prohibit the use of software and communication equipment deemed unsafe, sanctioned, or otherwise unfit for critical infrastructure. Under a resolution adopted on 22 October 2025, the Ukrainian government will maintain a public “ban list” overseen by the State Service for Special Communications (Derzhspetszviazku). Use of listed technologies after the ban is illegal and may result in legal, administrative, and operational penalties.
Analyst Comments: This move codifies what many governments have done informally for years: blocking technologies linked to adversarial states or supply chain vulnerabilities. Expect Russian, Belarusian, and possibly Chinese-origin products to feature prominently on the list. The immediate impact will affect public sector entities and critical infrastructure providers, but private companies that process sensitive data or engage in state procurement are also at risk. The five-day update window for list changes means security and compliance teams need real-time visibility into their tech stacks and rapid migration plans for banned tools. This isn’t just regulatory theater—failing to comply could mean audits, business disruption, or worse.
READ THE STORY: Dentons
UK Unveils Cyber Security and Resilience Bill in Response to £14.7 Billion Annual Threat
Bottom Line Up Front (BLUF): The UK government has introduced the long-anticipated Cyber Security and Resilience Bill, aimed at hardening national infrastructure and critical service providers against surging cyberattacks. The bill arrives amid escalating state-sponsored and criminal cyber threats, with the UK reporting over 200 nationally significant attacks in the past year. It will apply new regulations and penalties to about 1,000 firms, including NHS suppliers, and could mark a pivotal shift in the UK’s cyber risk posture.
Analyst Comments: This legislation is overdue and badly needed. From NHS disruptions to the Jaguar Land Rover ransomware hit that impacted UK GDP, recent attacks have made clear that voluntary standards aren’t cutting it. The bill’s scope—bringing critical supply chain partners into regulatory coverage—is a strong step, especially given attackers’ growing preference for indirect access routes. The £14.7B annual impact figure puts a hard economic cost on lax cyber hygiene, and it’s encouraging to see movement from resilience rhetoric to enforcement action. Execution and clarity on enforcement mechanisms will be key—especially with third-party tech vendors and foreign service providers.
READ THE STORY: Bloomberg
Items of interest
Banks Brace for Quantum Cyber Threats as PQC Migration Becomes Urgent
Bottom Line Up Front (BLUF): Quantum computing presents an existential challenge to the cryptographic systems that underpin global banking. While practical quantum attacks are still years away, financial institutions must begin transitioning to post-quantum cryptography (PQC) now, as adversaries could already be “harvesting now, decrypting later.” The complexity of cryptographic inventories, legacy systems, and blockchain tokenization initiatives makes this a time-sensitive security imperative.
Analyst Comments: Banks aren’t just competing with cybercriminals anymore—they’re racing against quantum physics. The shift from prevention to cyber resilience is well underway, but resilience alone won’t survive a cryptographic collapse. Most major institutions are years away from full PQC coverage due to sprawling legacy systems and unknown dependencies. Worse, blockchain deployments—especially public ledgers—introduce a long-tail risk profile due to governance inertia and PQC lag. The lack of urgency in blockchain dev communities is a glaring blind spot.
READ THE STORY: The Banker
The Future of Cybersecurity in Banking with Quantum Computing (Video)
FROM THE MEDIA: In the ever-evolving banking landscape, cybersecurity remains a critical concern, especially as we stand on the brink of a quantum computing revolution. Over my three-decade career in IT, with the last ten years as a CIO in large banks, I have seen the transformative power of technology firsthand. With its unparalleled computational capabilities, Quantum computing promises significant advancements but poses substantial threats to traditional cybersecurity strategies. This article explores how banks prepare for quantum threats, the intersection of quantum computing and AI in cybersecurity, and the strategic imperatives for securing the future.
Is Bitcoin at Risk?: Quantum Computing and the Future of Satoshi’s Coins (Video)
FROM THE MEDIA: One of the most prolific thought-leaders in Bitcoin security and privacy, few people understand the nuances of Bitcoin security quite as deeply - not to mention the OPSEC practices required to protect against wrench attacks, for instance, which are rising globally as Bitcoin price increases.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.
Hey, great read as always; what if this critical focus on resilient infrastructure, while insightful, underestimates the complex cascading failures from a truly sophisticated hybrid attack?