Daily Drop (1184)

11-20-25

Thursday, Nov 20, 2025 // (IG): BB // GITHUB // SN R&D

FCC Urged to Block Chinese Involvement in U.S. Undersea Cable Infrastructure

Bottom Line Up Front (BLUF): A formal public comment submitted on Nov. 20 outlines how China is leveraging cable construction, maintenance vessels, and embedded components for potential espionage and sabotage. FDD recommends a ban on Chinese ownership or the use of components in U.S. submarine cables, mandatory adversary reporting, and stronger regulatory oversight of undersea infrastructure.

Analyst Comments: This is a direct challenge to China’s shadow footprint on the world’s internet backbone. Submarine cables carry 95% of global traffic—including military comms—and Beijing’s control over cable-laying, repair vessels, and embedded tech creates a wide attack surface. FDD rightly highlights how this goes beyond cyber—the threat is physical, persistent, and strategic. Volt Typhoon and Salt Typhoon show China isn’t just mapping our infrastructure, it’s prepositioning for disruption. The call for adversary reporting and exclusion of Covered List vendors is overdue. Right now, too many third-party providers linked to China are slipping under the radar. The bigger issue? Supply chain risk isn’t just Huawei anymore—it’s every component, every contractor, every sensor along the line. The U.S. is playing catch-up in a domain where China already thinks in terms of warfighting.

READ THE STORY: FDD

U.S. Risks Falling Behind in Tech War with China Without Clear Pushback on Cyber, AI, and Infrastructure

Bottom Line Up Front (BLUF): The Center for a New American Security (CNAS) is sounding alarms over China’s expanding influence in global tech infrastructure, AI standards, and cyber operations—warning that U.S. hesitance to confront Beijing, especially in cyberspace, risks ceding strategic ground. As China’s Digital Silk Road deepens its reach into emerging markets and CCP-linked actors escalate cyber intrusions, CNAS calls on the U.S. to match China’s strategic ambition with stronger leadership on global tech norms, export controls, and allied innovation.

Analyst Comments: From AI chips to submarine cables, Beijing is offering infrastructure with built-in leverage, while the U.S. risks being reactive, fragmented, or—worse—silent. The criticism of Trump’s failure to call out China’s cyber aggression underscores a larger issue: the lack of consistent U.S. messaging emboldens adversaries and unnerves allies. The Digital Silk Road is more than branding—it’s a geopolitical toolset. Whether through Huawei hardware, BeiDou satellite access, or tech-for-loans diplomacy, China is embedding itself in the critical systems of partner nations. The U.S. needs more than bans and sanctions—it requires a global tech strategy that offers real alternatives.

READ THE STORY: CNAS

U.S. Must Heed China’s Cyber and Space Force Experiment in Debate Over Standalone Cyber Force

Bottom Line Up Front (BLUF): As Washington debates the creation of a standalone U.S. Cyber Force, CSIS warns that China’s recent dismantling of its own Strategic Support Force (SSF)—a once-unified command for cyber, space, and information warfare—offers key lessons. While the SSF represented a revolutionary approach to multi-domain integration, its dissolution in 2024 underscores the challenges of sustaining coherence across distinct strategic capabilities. The U.S. must learn from China’s experiment to avoid similar pitfalls as it adapts force design for 21st-century warfare.

Analyst Comments: The U.S. Cyber Command model has worked—for now—but scaling up to a fully independent Cyber Force carries both opportunity and risk. China’s SSF proved that consolidating cyber, space, and information ops under one roof can accelerate maturity—but also that structure alone doesn’t guarantee integration. CSIS is right: the U.S. can’t afford to silo cyber from joint operations, nor can it assume a new force will magically solve talent and interagency friction. And don’t miss the subtext—cyber is now a strategic domain, not just a supporting capability. China built SSF to wage an informationized war. Their 2024 pivot to split cyber, space, and info into separate commands under direct CMC control reflects the CCP’s growing emphasis on centralized strategic dominance. The takeaway for U.S. planners? Integration isn’t about org charts—it’s about doctrine, culture, and command relationships.

READ THE STORY: CSIS

Russian Spy Ship Yantar Raises UK Alarm Over Undersea Infrastructure Sabotage Risk

Bottom Line Up Front (BLUF): A Russian naval intelligence vessel, Yantar, was observed operating near UK territorial waters off Scotland this week, prompting warnings from the UK Ministry of Defence and public statements from Defence Secretary John Healey. The ship is suspected of conducting reconnaissance on undersea cable infrastructure—critical to the UK’s communications, finance, and military operations. UK officials consider the vessel part of a broader Russian hybrid warfare campaign targeting NATO members through sabotage, cyber operations, and information warfare.

Analyst Comments: Russia has demonstrated a clear focus on undersea cables and seabed infrastructure in recent years, viewing them as asymmetric targets capable of inflicting outsized disruption. With prior GRU activity linked to Baltic cable sabotage and railway attacks in Poland, this event is likely part of Russia’s evolving “parallel war” strategy, which seeks to destabilize NATO states without triggering open conflict. The use of lasers to interfere with RAF pilots is an exceptionally provocative move. It suggests an escalation in both risk tolerance and intent, especially if Yantar continues south toward denser subsea cable networks. While the UK may be relatively under-targeted compared to continental allies like Poland or Germany, that may reflect operational constraints—not a lack of interest. Expelled GRU operatives and degraded HUMINT networks post-2022 have slowed operations, but not erased the threat.

READ THE STORY: The Standard

Senator Warns of “Catastrophic” Cyber Risks After Trump-Era Purge of National Security Leadership

Bottom Line Up Front (BLUF): Senator Mark Warner (D-VA), Vice Chair of the Senate Intelligence Committee, issued a stark warning about U.S. cyber vulnerabilities following politically motivated firings within key national security agencies by the Trump administration. Warner highlighted the removal of one-third of CISA’s workforce, the ouster of FBI cyber leadership, and unfilled roles at the NSA and U.S. Cyber Command as weakening America’s cyber defense posture amid escalating threats from China, Russia, and Iran.

Analyst Comments: The gutting of CISA—responsible for defending elections, energy, and water systems—at a time of rising nation-state activity is strategically negligent at best. The dismissal of experienced leaders like FBI Cyber Division head Michael Nordwall and former NSA/Cyber Command chief Tim Haugh further compounds the loss of institutional knowledge. If confirmed, these removals—reportedly tied to political loyalty tests or conspiracy-driven influence—reflect a politicization of national security that undermines operational integrity. Regardless of party alignment, security professionals should interpret this as a signal: federal cyber coordination is likely to be degraded in the short term, increasing the likelihood of delayed detection and slower responses to cyber incidents, especially ransomware, critical infrastructure disruptions, or election interference in 2026.

READ THE STORY: CS

Europe Misreads Russia’s Playbook: Experts Warn of Rising Hybrid and Conventional Threats

Bottom Line Up Front (BLUF): While European policymakers remain focused on the specter of Russian nuclear escalation, regional security experts warn that Moscow’s real play is already well underway—leveraging conventional, hybrid, and technological means to destabilize Ukraine and NATO’s eastern flank. According to LSE researcher Maria Zolkina, Russia’s evolving approach includes sabotage, cyberattacks, drone strikes, and psychological influence operations, with 2024 marking a tactical shift toward broader European targets. Analysts now caution that overreacting to nuclear rhetoric while underpreparing for active hybrid warfare may leave Europe dangerously exposed.

Analyst Comments: The obsession with nuclear deterrence—while necessary—has created a strategic blind spot. Russia’s current threat isn’t hypothetical; it’s operational. Subversion campaigns, drone incursions, cable sabotage, and information ops are already destabilizing NATO members, especially in the Baltics and Poland. Maria Zolkina’s framing is blunt but accurate: Europe’s deterrence strategy has become intellectually defensive—preoccupied with red-line scenarios, while Moscow tests the gray zone. The result is a defensive vacuum. And as Russia shifts toward next-gen warfare—AI-driven targeting, autonomous drones, deepfake psyops—the time to pivot is now. Operation “Horizont” in Poland, which mobilizes 10,000 troops to counter sabotage threats, should be a blueprint for NATO-wide readiness. The broader lesson: Western security must be recalibrated from Cold War deterrence to continuous hybrid resilience.

READ THE STORY: Mezha

Google Lawsuit Dismantles China-Based Smishing Syndicate Behind Massive USPS and E-ZPass Phishing Campaigns

Bottom Line Up Front (BLUF): Google has filed a landmark lawsuit against a China-based cybercriminal group responsible for a massive smishing campaign that impersonated USPS and E-ZPass to steal personal and financial data from millions of Americans. The group used a phishing-as-a-service platform called Lighthouse to automate attacks and distribute compelling fake messages. Google, in collaboration with law enforcement and cybersecurity firms, rapidly dismantled the infrastructure—though experts caution that similar campaigns may soon re-emerge in new forms.

Analyst Comments: The obsession with nuclear deterrence—while necessary—has created a strategic blind spot. Russia’s current threat isn’t hypothetical; it’s operational. Subversion campaigns, drone incursions, cable sabotage, and information ops are already destabilizing NATO members, especially in the Baltics and Poland. Maria Zolkina’s framing is blunt but accurate: Europe’s deterrence strategy has become intellectually defensive—preoccupied with red-line scenarios, while Moscow tests the gray zone. The result is a defensive vacuum. And as Russia shifts toward next-gen warfare—AI-driven targeting, autonomous drones, deepfake psyops—the time to pivot is now. Operation “Horizont” in Poland, which mobilizes 10,000 troops to counter sabotage threats, should be a blueprint for NATO-wide readiness. The broader lesson: Western security must be recalibrated from Cold War deterrence to continuous hybrid resilience.

READ THE STORY: WPN

Five Eyes Targets Russia-Based Bulletproof Hosts Supporting Ransomware Ecosystem

Bottom Line Up Front (BLUF): In a coordinated international effort, the U.S., U.K., and Australia imposed sanctions against Russian bulletproof hosting provider Media Land and individuals supporting Aeza Group’s sanctioned infrastructure. These services have played a critical role in enabling ransomware operations such as LockBit, BlackSuit, and Play by providing hardened infrastructure for phishing, malware delivery, and extortion. The action represents a strategic shift to undermine the cybercrime-as-a-service ecosystem by targeting the infrastructure layer rather than just individual actors.

Analyst Comments: Bulletproof hosting providers are the quiet enablers of global cybercrime, and Russia-based outfits like Media Land have operated with impunity for years. By targeting these providers, law enforcement is attacking the backbone of ransomware operations. Without resilient infrastructure, affiliate groups have a harder time deploying payloads, exfiltrating data, or maintaining command-and-control channels. That said, this isn’t a takedown—it’s pressure. As long as Russian ISPs like JSC RetnNet and even Western-based peers (such as U.K.-based RETN Limited) continue to route traffic for these actors, bulletproof infrastructure will persist. Attribution and sanctions alone won’t collapse these networks unless paired with aggressive routing policy enforcement, BGP filtering, and legal action against upstream enablers.

READ THE STORY: CS

Russian Insurer VSK Suffers Major Outage Amid Suspected Ransomware Attack

Bottom Line Up Front (BLUF): VSK, one of Russia’s largest insurance providers, has been crippled by a significant cyberattack that disrupted its digital infrastructure for over a week. The incident, likely ransomware, has taken down VSK’s website, mobile app, email services, and critical backend systems, impacting access to car insurance, medical services, and policy management for its 33 million clients. Ukrainian-linked Telegram channels have claimed that data was stolen, but VSK insists that customer data remains secure.

Analyst Comments: VSK has been flagged by the UK and EU for its role in insuring Russia’s “shadow fleet” used to evade oil export sanctions. That makes it a strategically symbolic and operationally disruptive target. While attribution remains unconfirmed, claims and leaked screenshots on Telegram suggest Ukrainian hacktivists are involved. If verified, this could mark an escalation in cyberattacks targeting Russia’s economic infrastructure, with real-world consequences for ordinary citizens. The timing also coincides with increased hacktivist and retaliatory activity on both sides: pro-Russian group NoName057(16) launched DDoS attacks against Ukrainian insurers shortly after VSK’s disclosure. This fits a growing pattern of cyber tit-for-tat campaigns tied to the kinetic and economic dimensions of the Russia-Ukraine war. With Russian cybersecurity resources stretched and many ransomware operations based domestically, expect further spillover—both internal and cross-border.

READ THE STORY: The Record

Africa Becomes New Epicentre of Global Cyber Attacks as AI-Driven Threats Surge

Bottom Line Up Front (BLUF): Africa has emerged as a central battleground in global cyber operations, with state-linked espionage, AI-driven disinformation, ransomware, and infostealer campaigns targeting both public and private sectors. Chinese, Russian, and Iranian threat actors are expanding their presence across African infrastructure, leveraging weak security postures and rapid digital growth. The 2025 State of Cyber Security Report calls for African nations to reframe cyber defense as a national security imperative, not just an IT challenge.

Analyst Comments: Chinese espionage groups are digging deep into government networks. Russian and Iranian-linked operatives are hijacking infrastructure and pushing political agendas. And ransomware gangs are exploiting healthcare and municipal systems already strained by underfunding. What’s more troubling is how generative AI has accelerated disinformation and election interference. The big picture? Africa’s digital transformation is outpacing its security maturity—and adversaries know it. If you’re defending assets on the continent, expect more AI-generated fake media, widespread infostealer infections, and long-term APT persistence inside national systems. This isn’t just cybercrime anymore—it’s strategic warfare over infrastructure, influence, and information.

READ THE STORY: TechAfrica News

Items of interest

Congress Moves to Reauthorize Cyber Grants, Escalate Response to Chinese Threats

Bottom Line Up Front (BLUF): The U.S. House has passed two cybersecurity-focused bills—H.R. 5078 (PILLAR Act) and H.R. 2659 (Strengthening Cyber Resilience Against State-Sponsored Threats Act)—aimed at bolstering state and local cyber defenses and countering rising threats from China-linked actors. The PILLAR Act extends DHS cyber grant funding for seven years, while H.R. 2659 establishes an interagency task force led by CISA and FBI to track and respond to CCP cyber activity.

Analyst Comments: The passage of these bills reflects bipartisan urgency to bolster cyber defenses at the SLTT level and formalize efforts to monitor Chinese cyber activity. While the PILLAR Act reinforces existing grant mechanisms, its language around OT and AI inclusion is a notable expansion. The real value will hinge on how funds are allocated, implemented, and audited. H.R. 2659, on the other hand, signals a stronger federal push to coordinate interagency intelligence and improve visibility into state-sponsored threats like Volt Typhoon. However, the ongoing federal shutdown and the lapse of the Cybersecurity Information Sharing Act (CISA 2015) undercut some of the coordination these bills seek to enhance. Until new funding and legal authorities are restored, much of this remains aspirational.

READ THE STORY: Industrial

Rep. Laurel Lee, the Strengthening Cyber Resilience Against State-Sponsored Threats Act, H.R. 9769 (Video)

FROM THE MEDIA: H.R. 9769 establishes a new interagency task force led by Cybersecurity and Infrastructure Security Agency (CISA) and co-chaired by the Federal Bureau of Investigation (FBI), aimed at coordinating the U.S. government’s response to Chinese state-sponsored cyber threats (notably the actor known as “Volt Typhoon”). The task force is required to deliver classified and unclassified reports to Congress for multiple years detailing vulnerabilities, threat actor TTPs, sector risk assessments, and recommended actions

Rep. Ogles Passes PILLAR Act in Committee (Video)

FROM THE MEDIA: The PILLAR Act was passed by the House committee and later the full House. It aims to strengthen federal support for state and local cybersecurity—especially for infrastructure and operational technology systems—by reauthorizing and expanding the existing grant programme. The focus is on rural and under-resourced communities facing threats from sophisticated nation-state actors.

The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.