Daily Drop (1179)

11-13-25

Thursday, Nov 13, 2025 // (IG): BB // GITHUB // SN R&D

China Overhauls Cybersecurity Law: New Powers, AI Regulation, and Extraterritorial Reach

Bottom Line Up Front (BLUF): China has enacted its first major revision of the 2017 Cybersecurity Law (CSL), effective January 1, 2026. The amendments significantly expand the government’s enforcement powers, extend extraterritorial jurisdiction, and formalize a regulatory framework for artificial intelligence. The changes introduce steeper penalties for violations, direct oversight of applications and platforms, and new compliance burdens for both domestic and foreign companies operating in China’s digital space.

Analyst Comments: This revision is a clear signal: China is tightening its grip on digital sovereignty while extending its legal reach beyond its borders. The law now empowers authorities to punish foreign entities for actions that “undermine China’s cybersecurity,” a clause broad enough to include everything from hacking attempts to unauthorized data flows. The explicit addition of AI regulation within the cybersecurity framework reflects Beijing’s intent to bake “algorithmic governance” into its national cyber doctrine. Meanwhile, penalties for noncompliance have increased tenfold, and the ability to shut down apps entirely—without court proceedings—marks a stark escalation in administrative enforcement.

READ THE STORY: CMS

Will China Fill the Gap in Iran’s Defense Sector

Bottom Line Up Front (BLUF): Following Iran’s exposure during the June 2025 Israel-Iran conflict, Beijing is now positioned to fill the vacuum left by Russia’s faltering defense exports. While no official arms deals have been confirmed, experts suggest China could soon supply Tehran with advanced surface-to-air missile (SAM) systems, stealth-capable radar, drones, and anti-ship missiles—reshaping regional power dynamics and complicating U.S. and Israeli strategic planning.

Analyst Comments: ran’s loss of confidence in Russian military support—especially after the absence of Russian intervention during the 12-Day War—has created an opening for China to expand its strategic influence in the Middle East through defense cooperation. Beijing’s calculus appears driven by multiple factors: frayed ties with Israel, simultaneous global conflicts draining U.S. resources, and a strategic opportunity to solidify a relationship with Iran without directly confronting sanctions head-on. A China-Iran arms alignment wouldn’t just bolster Tehran’s defenses; it could arm Iranian proxies with high-grade Chinese hardware, such as YJ-12 anti-ship missiles. That presents new challenges for U.S. and allied forces operating in the Gulf. The potential export of HQ-9 SAM systems and J-10C fighters would also significantly enhance Iran’s previously degraded air defense posture. More covertly, Chinese assistance in missile fuel component supply could accelerate Iran’s efforts to replenish its arsenal.

READ THE STORY: The Diplomat

Canada Sanctions Russian Shadow Fleet, Drone Developers, and Cyber Operators in New Strike on War Infrastructure

Bottom Line Up Front (BLUF): On November 12, 2025, Canada announced a new sanctions package targeting 100 Russian “shadow fleet” tankers, drone developers, and entities supporting Moscow’s cyber warfare infrastructure. The move is part of a coordinated G7 effort to intensify economic and technological pressure on Russia as the Ukraine war approaches its fourth year. Ottawa’s sanctions aim to degrade Russia’s hybrid warfare capabilities and disrupt war financing channels tied to energy exports.

Analyst Comments: This latest action by Canada broadens the sanctions playbook beyond traditional military targets, hitting the often-overlooked digital and logistical back-end of Russia’s war machine. Targeting Russia’s cyber enablers marks a notable shift. Until now, these actors have operated mainly under the radar, despite playing a central role in hybrid campaigns that include disinformation, infrastructure disruption, and C2 (command-and-control) activities. In sanctioning drone developers and cyber support infrastructure, Canada acknowledges the asymmetric tools sustaining battlefield operations and psychological warfare alike. The inclusion of 100 more shadow fleet vessels—used to move oil and LNG outside formal maritime tracking—represents a direct attempt to choke off routes that evade sanctions and fund Russia’s war budget.

READ THE STORY: EuroMaidan

North Korea’s KONNI Hackers Exploit KakaoTalk and Google Find Hub in Android Espionage and Wipe Campaign

Bottom Line Up Front (BLUF): A North Korea-linked hacking group, KONNI (associated with APT37/Kimsuky), used KakaoTalk and Google’s Find My Device to spy on South Korean Android users, steal credentials, and remotely wipe devices. The campaign involved social engineering via phishing, long-term surveillance, and the abuse of legitimate Google tools to erase victims’ data and destroy digital forensics trails.

Analyst Comments: KONNI’s abuse of Google Find Hub to perform remote wipes is a prime example of “living off the land” tactics—using built-in platform features to carry out destructive actions while reducing the need for custom malware. More alarming is the use of KakaoTalk, a widely trusted South Korean messaging platform, to spread malware to victims’ contacts, effectively weaponizing social trust. This tactic mirrors APT37’s history of targeting defectors, journalists, and dissidents using domestic platforms as delivery vehicles. The operation also highlights the espionage-to-sabotage pipeline: KONNI actors maintained persistent access for surveillance and then escalated to data destruction when operational goals were met or the risk of exposure increased.

READ THE STORY: HACK READ

Google Sues Chinese ‘Lighthouse’ Hackers in Landmark RICO Case Over Mass Phishing Campaign

Bottom Line Up Front (BLUF): Google has filed a groundbreaking lawsuit under the Racketeer Influenced and Corrupt Organizations (RICO) Act against a China-based cybercriminal network responsible for the massive “Lighthouse” phishing campaign. The operation allegedly targeted millions of U.S. users with SMS-based phishing, compromising between 15 million and 100 million credit card numbers. This marks a rare and aggressive legal push by a tech giant to hold cybercriminals accountable in court—potentially setting a precedent for future cases against phishing-as-a-service operations.

Analyst Comments: By invoking RICO—typically used against mafias and drug cartels—Google is clearly signaling that organized cybercrime is now being treated as transnational racketeering. The “Lighthouse” platform represents a maturing criminal service economy, offering phishing infrastructure at scale and targeting U.S. citizens via fake brand impersonations. While unlikely to result in direct arrests, the lawsuit could lead to asset seizures, global pressure on infrastructure hosts, and deterrence through legal risk. It’s also a public attribution move: Google is naming China as the locus of these services, aligning with growing U.S. government scrutiny of Chinese cyber activity.

READ THE STORY: Inkl

UK Probes Hidden ‘Kill Switches’ in Chinese-Made Yutong Electric Buses

Bottom Line Up Front (BLUF): The UK government has launched a formal investigation into whether over 2,500 Chinese-manufactured Yutong electric buses operating in the UK contain embedded remote shutdown capabilities. This follows the discovery of confirmed vulnerabilities in similar models in Norway and Denmark. Officials are assessing whether these buses can be disabled remotely by their manufacturer, raising major cybersecurity concerns for public infrastructure amid escalating tensions with China.

Analyst Comments: Yutong’s systems reportedly allow remote updates and telemetry, which could, if exploited or coerced, enable mass disruption of transportation services. The concern isn’t hypothetical. Norway and Denmark found these buses could be shut down remotely, and China’s own national security laws require firms to cooperate with state intelligence—meaning any remote access is a potential vector for coercion or sabotage. With UK transport networks increasingly relying on foreign-made EV fleets, the probe highlights a broader strategic failure: lack of supply chain vetting for embedded systems and software dependencies. The issue isn’t just about “kill switches”—it’s about cyber-physical resilience in a geopolitical era where infrastructure is part of the threat surface.

READ THE STORY: WPN

China’s Cyber Warfare Escalates: Global Campaigns Blend Espionage, Sabotage, and Coercion

Bottom Line Up Front (BLUF): Three Chinese nationals were convicted in Singapore for hacking-related crimes tied to a broader cyber-espionage network with apparent links to Chinese state interests. The investigation revealed targeted reconnaissance of government systems across multiple countries, highlighting China’s expanding use of criminal proxies for intelligence gathering and disruptive cyber operations. The incident reflects a global shift from traditional espionage to pre-positioned access within critical infrastructure.

Analyst Comments: Singapore’s rare criminal convictions provide a glimpse into how China’s cyber operations increasingly blur the lines between state-sponsored actors and organized cybercrime. The use of a Vanuatu-based intermediary adds complexity, pointing to laundering of both money and attribution. The targeting of systems across Asia, Africa, and the West—including U.S. defense contractors and telecoms—confirms that Chinese threat groups are now executing long-term access and prepositioning campaigns. With groups like APT41 and Storm-1849 ramping up activity, defenders should treat espionage attempts as potential precursors to disruption. Expect more joint operations between intelligence and law enforcement agencies as the cyber battlefield moves beyond the digital perimeter and into geopolitical fault lines.

READ THE STORY: Mizzima

Australia Sounds Alarm on Rising Chinese Cyber Threat to Critical Infrastructure

Bottom Line: Australia has issued a stark warning about escalating cyber threats from China, citing attempts by state-backed actors to infiltrate critical infrastructure networks through remote work technologies and persistent reconnaissance. The Australian Signals Directorate (ASD) confirmed in its 2024–25 report that Chinese cyber activity has intensified, with a notable focus on utilities, defense, and supply chain sectors.

Analyst Comments: Australian intelligence services warned that Chinese cyber operations are increasingly targeting water, power, transportation, and defense logistics infrastructure. The ASD noted a threefold rise in cybercrime costs for large Australian enterprises, averaging over AU$300,000 per incident. The attack methods involve exploiting vulnerabilities in remote work software, VPNs, and IoT systems—a tactic consistent with global PRC-attributed campaigns. The ASD highlighted that these activities appear strategic, with goals beyond espionage, such as establishing persistent access to operational technology (OT) networks.

READ THE STORY: Organizer

China Breach Exposes Surveillance of Indian Border and Immigration Data via KnownSec Hack

Bottom Line Up Front (BLUF): A breach of a Chinese cybersecurity firm, KnownSec, revealed that the company possessed sensitive Indian immigration and digital infrastructure data, suggesting China may have directly accessed or exfiltrated records from Indian government systems. The leak exposed over 12,000 internal files detailing offensive cyber operations targeting more than 20 countries, including espionage programs, malware toolkits, and hardware implants. While China denies involvement, the breach offers an unprecedented look at its offensive cyber apparatus and the role of firms like KnownSec in state-aligned surveillance.

Analyst Comments: Chinese cybersecurity giant KnownSec was breached earlier this month, resulting in the leak of over 12,000 documents. The files, briefly hosted on GitHub and now circulating among researchers and dark web forums, included malware blueprints, source code, and surveillance tools capable of compromising communications on WeChat, QQ, and Telegram. Also found were lists of global targets—with India, Japan, and Vietnam among the top. Crucially, the leak included what analysts describe as “archives of Indian immigration data,” possibly stolen in 2024, as well as internal spreadsheets mapping India’s digital border systems. KnownSec, officially Beijing Zhidao Chuangyu Information Technology Co., has long been tied to Chinese national cyber initiatives. The U.S. Department of Defense recently blacklisted it for its role in China’s military cyber ecosystem.

READ THE STORY: WION

Salt Typhoon Update: Chinese State-Tied Hackers Linked to One Million U.S. Mobile Compromises

Bottom Line Up Front (BLUF): New research from the Natto Team and Silent Push sheds light on “Salt Typhoon” (also known as UNC4841), a Chinese-linked cyber-espionage campaign believed to have compromised over one million American mobile devices. The investigation connects multiple Chinese companies—including those with ties to China’s military and intelligence services—to this persistent threat group. The operation highlights the blurred lines between private contractors, PLA units, and the Ministry of State Security (MSS) in Beijing’s global surveillance strategy.

Analyst Comments: Salt Typhoon’s campaign goes beyond conventional surveillance. Allegations of unauthorized access to court-authorized wiretaps mark a new level of intrusion—potentially undermining judicial and law enforcement systems in democratic countries. The use of front companies like Sichuan Zhixin Ruijie Network Technology, later erased from the public internet, shows a pattern of purposeful concealment. As with APT41 (Chengdu 404), attribution is often murky by design—but the operational fingerprints are consistent with China’s broader cyber objectives: long-term access, data collection at scale, and shaping the information environment.

READ THE STORY: Bitter Winter

Items of interest

Singapore’s EMA Highlights Cyber Defence Priorities as Energy Grid Faces Rising Threats

Bottom Line Up Front (BLUF): The Energy Market Authority (EMA) of Singapore is doubling down on cyber resilience, recognizing the national security stakes tied to its digitalized power grid. In a recent feature, an EMA engineer underscored the agency’s proactive cybersecurity efforts—from substation protection to real-time threat assessments—amid a surge in digital infrastructure and growing regional cyber tensions.

Analyst Comments: With Singapore accelerating its innovative grid initiatives, including new substations to expand public housing and industrial zones, EMA’s cybersecurity emphasis isn’t optional—it’s foundational. The shift toward interconnected energy infrastructure makes the grid an attractive target for state and non-state actors alike. Teck Heng’s comments offer rare insight into how Singapore views its operational technology (OT) as a cyber-physical battlefield. The focus on “thinking like the enemy” mirrors threat-hunting practices in global intelligence agencies. While many governments react post-incident, EMA’s approach appears preemptive—continuously mapping vulnerabilities and evaluating emerging threats before attackers do. EMA’s cybersecurity team, which includes internal analysts and external consultants, is a critical layer in defending Singapore’s power grid from intrusion, manipulation, or disruption. This matters more now than ever, given recent regional incidents involving state-linked APTs targeting critical infrastructure in countries like Australia, Japan, and South Korea.

READ THE STORY: EMG (SG GOV)

Introduction To The Singapore Power Market (Video)

FROM THE MEDIA: Andrew Koscharsky of iSwitch Energy gives an introduction to electricity trading, how to manage risk in power markets, the types of market participants, recent developments in the Singapore power market and its future amidst COVID-19.

Singapore doubling down on plans to decarbonise power sector, enhance grid infrastructure (Video)

FROM THE MEDIA: Singapore is doubling down on plans to decarbonise its power sector and enhance grid infrastructure to be more responsive to changes in supply and demand. Deputy Prime Minister Gan Kim Yong announced these at the Singapore International Energy Week. An upcoming roadmap will be launched later this year to set the direction for future grid capabilities. Meanwhile, businesses could get cheaper wholesale electricity prices under an expanded programme by the Energy Market Authority. The scheme rewards firms for shifting power consumption to off-peak periods, ensuring the grid remains stable at all times.

The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.