Daily Drop (1226)
01-16-26
Friday, Jan 16, 2025 // (IG): BB // GITHUB // SN R&D
Turning OSINT Chaos into Strategic Clarity: Countering Malign Chinese Influence
Open-source intelligence is increasingly central to understanding how PRC-linked actors shape outcomes across digital ecosystems, economic levers, and illicit networks, but turning fragmented, high-volume open data into timely, decision-ready insight remains a challenge.
Join the Irregular Warfare Initiative (IWI), CACI’s DarkBlue Intelligence Suite, and AWS for a half-day forum in Reston, VA, focused on strengthening how teams identify and assess influence activity spanning economic, digital, and criminal domains.
🗓 Date: Thursday, February 19, 2026
⏱ Start Time: 9:30 AM
📍 Location: Reston, VA
💲 Cost: Free to attend (free parking provided)
🔗 Register: https://lnkd.in/eQdS5Xri
Operation Absolute Resolve Reveals the Future of Cyber-Enabled Warfare — Implications for India
Bottom Line Up Front (BLUF): Operation Absolute Resolve—a real-world decapitation strike by the U.S. in Venezuela—demonstrated the brutal efficiency of cyber-first, multi-domain warfare. Within hours, President Nicolás Maduro was captured, air defenses collapsed, and military command was digitally paralyzed. For India, the lesson is urgent: in the next war, power grids, satellite comms, and cognitive infrastructure will be the first targets—not just tanks or missiles.
Analyst Comments: For India, this isn’t about copying U.S. capabilities—it’s about internalizing what modern offensive operations actually look like and building systems that can survive a coordinated cyber-EW-kinetic assault. That means accelerating theaterisation, treating C5ISR as a combat system, and preparing to operate in spectrum-denied environments. It also means finally institutionalizing national-level joint doctrine, cognitive warfare capability, and decision architectures that operate at machine speed.
READ THE STORY: Eurasia Review
Special Operations Emphasize Influence Over Lethality
Bottom Line Up Front (BLUF): A new analysis published by Irregular Warfare Center argues that U.S. Special Operations Forces (SOF) must pivot toward influence-focused strategies in “cognitive warfare,” where shaping public perception, narrative, and behavior has become more strategically decisive than physical force. The piece calls for greater investment in psychological operations (PSYOP), information warfare, and cross-domain influence capabilities to stay competitive in modern conflicts.
Analyst Comments: As peer adversaries like Russia and China excel at using information ops, disinformation, and perception manipulation to achieve strategic objectives below the threshold of war, SOF is re-evaluating its traditional focus on kinetic solutions. The article places influence—not firepower—at the core of 21st-century competition, with implications for cybersecurity, media integrity, and public trust. The U.S. still tends to silo information operations as adjuncts to combat, while adversaries treat them as front-line tools. Closing that gap will require not just new tools, but new mindsets.
READ THE STORY: IWI
The Battle for Perception in Modern Conflict
Bottom Line Up Front (BLUF): Unlike traditional psychological operations that aim to influence opinion temporarily, cognitive warfare seeks long-term control over the informational and emotional terrain within which people operate. The article provides a granular breakdown of how adversaries conduct sustained, non-kinetic campaigns using disinformation, algorithmic manipulation, social engineering, and psychological conditioning to gradually reshape public consciousness.
Analyst Comments: Cognitive warfare is not new—but the scale, speed, and precision with which it can now be waged is. The information environment has become fragmented and saturated, making populations more susceptible to confusion, apathy, and radicalization. This is no longer just about influence campaigns during elections or disinformation during crises; it’s a constant, adaptive struggle to dominate the interpretive frameworks that shape public opinion, political legitimacy, and strategic decision-making.
READ THE STORY: SWJ
Russia’s Campaign Against Ukraine’s Power Grid May Constitute a Crime Against Humanity
Bottom Line Up Front (BLUF): Ukraine's Security Service (SBU) has presented evidence that Russia’s ongoing destruction of energy infrastructure is part of a deliberate campaign to make civilian life unsustainable, potentially rising to the level of crimes against humanity. Kyiv faces a “very serious” energy crisis, with roughly half of its generation capacity destroyed.
Analyst Comments: By crippling heating, electricity, and water supplies, the attacks mirror historical siege tactics but updated for a modern grid. The framing as a crime against humanity isn't just rhetorical; it could lay the groundwork for future legal action or further sanctions. From a cyber-physical risk perspective, it also raises questions about grid resilience under hybrid warfare, where kinetic and cyberattacks may converge.
READ THE STORY: The Kyiv Independent
Ukrainian Authorities Arrest Pro-Russian Hacker Group Tied to GRU Operations
Bottom Line Up Front (BLUF): Ukraine’s SBU detained members of a hacker group allegedly linked to Russian military intelligence (GRU), accusing them of launching cyberattacks against critical infrastructure and assisting missile targeting by geolocating Ukrainian military sites. The group reportedly used drone surveillance and compromised systems to gather targeting intel for Russian forces.
Analyst Comments: These actors weren’t just launching malware—they were acting as battlefield sensors, feeding data to a live war zone. The SBU connecting them to the GRU’s 85th Main Special Service Center (GTsSS) puts this squarely in nation-state territory. It’s another reminder that Russia’s cyber toolkit spans from high-end espionage (APT28/Sofacy) to local operatives with drones and compromised routers. Defenders in conflict zones should assume that physical surveillance and cyber intrusion go hand in hand.
READ THE STORY: DEV (UA)
CISA, others issue guidance on industrial operational technology threats
Bottom Line Up Front (BLUF): The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside counterparts from the UK, Canada, Australia, and New Zealand, released a joint advisory warning of increased threat activity targeting operational technology (OT) and industrial control systems (ICS). The guidance outlines TTPs observed across multiple campaigns and urges critical infrastructure operators to harden systems before geopolitical tensions escalate further.
Analyst Comments: With threat actors increasingly blurring lines between cyber and kinetic domains, ICS networks—long vulnerable due to legacy systems and poor segmentation—are now squarely in the crosshairs. The timing of this advisory, in parallel with attacks on energy infrastructure in Europe and persistent threats in the Middle East and Asia, suggests that intelligence partners are seeing pre-positioning or probing behavior. Operators in energy, water, transportation, and manufacturing should treat this as a readiness check, not a routine bulletin.
READ THE STORY: SCMEDIA
Poland Foils Major Cyberattack on Energy Grid, Points to Russia
Bottom Line Up Front (BLUF): Poland's government announced it had successfully blocked a cyberattack targeting energy infrastructure in December 2025, which could have left half a million people without heat during winter. Prime Minister Donald Tusk credited the country’s cyber defenses and warned of escalating threats from actors linked to Russian intelligence, urging swift legislative action to bolster national cybersecurity.
Analyst Comments: While attribution remains unofficial, the tactics mirror past GRU-linked operations: targeting SCADA systems in the energy sector during peak seasonal vulnerability. The fact that Poland’s cyber defense systems caught the intrusion before operational disruption occurred is a win, but also a warning. Winter-focused energy attacks are a known Russian playbook (see Ukraine 2015–2016), and Poland’s proximity to the conflict zone, along with its support for Ukraine, makes it a prime target. This should accelerate public-private coordination, incident-response maturity, and sector-specific cyber hardening in other EU member states.
READ THE STORY: EURO NEWS
Ukraine’s Rising War Dead Overwhelm Cemeteries as Russia’s Invasion Grinds On
Bottom Line Up Front (BLUF): A Kyiv Independent investigation documents how Ukraine’s war dead now outpace the physical space available to bury them, with cemeteries like Kyiv’s Forest Cemetery expanding rapidly to accommodate mounting casualties. Officials won’t disclose exact death tolls, but local records, satellite imagery, and burial logs suggest a sharp, sustained increase in military funerals since early 2023.
Analyst Comments: At the Forest Cemetery in Kyiv, officials confirmed 621 new military graves appeared between October 2023 and May 2024, with burials continuing at a pace of 3–4 per day. Satellite images reveal the military section has tripled in size since mid-2022. Similar expansion is seen in other cities, including Lviv, Dnipro, and Kharkiv. Despite increasing evidence of sustained losses, Ukrainian authorities maintain a strict information lockdown on casualty figures. The report draws on interviews with cemetery staff, grieving families, and OSINT researchers who corroborate trends with high-resolution imagery. Officials acknowledge the burden but frame it as a necessary sacrifice to defend national survival.
READ THE STORY: The Kyiv Independent
Iran’s Partial Internet Blackout Offers Rare Intel Opportunities for Cyber Analysts
Bottom Line Up Front (BLUF): Iran’s government-imposed internet disruptions—triggered by internal unrest—have inadvertently exposed new threat infrastructure, offering foreign analysts rare visibility into Tehran’s cyber operations. As domestic network traffic reroutes or leaks through misconfigured proxies and fallback nodes, security researchers are observing patterns typically obscured by state-controlled routing.
Analyst Comments: As Iran clamps down on domestic internet use, threat actors (including APTs aligned with the regime) are forced to adapt quickly, sometimes exposing IP addresses, C2 infrastructure, or test environments that were previously hidden behind national filters. It's a paradox: the more Iran tries to isolate its network, the more it risks exposing sensitive telemetry to the global view. Analysts should monitor for misconfigured VPN endpoints, side-channel indicators, and sudden changes in Iranian ASN activity. The window won't stay open long.
READ THE STORY: CSO
U.S. Sanctions Iranian Officials and Institutions for Human Rights Abuses and Illicit Finance
Bottom Line Up Front (BLUF): The U.S. sanctioned Iran’s Fardis Prison for systemic abuse of women and designated senior Iranian officials—including Ali Larijani—for their role in repressing protests. The Treasury also targeted 18 individuals and entities linked to Iran’s shadow banking networks, which laundered proceeds from illicit petroleum sales. These actions reinforce U.S. policy to pressure Tehran over human rights abuses and global destabilization efforts.
Analyst Comments: Targeting Fardis Prison highlights specific human rights violations, while going after Larijani signals an escalation—he’s a top national security figure with significant regime influence. The inclusion of shadow banking entities reflects a shift toward cutting off indirect funding routes for sanctioned oil sales, a tactic Iran increasingly relies on. These moves will likely trigger countermeasures from Tehran and limit its access to global capital, particularly as it turns to gray-market actors to sustain its economy under sanctions.
READ THE STORY: STATE
US Cyber Operation Allegedly Behind Venezuela’s Nationwide Blackout
Bottom Line Up Front (BLUF): Unnamed U.S. officials have reportedly confirmed to The New York Times that a precise, deniable cyber operation was responsible for the recent collapse of Venezuela’s power grid, causing a nationwide blackout. While no official attribution has been made, this marks a significant—and highly escalatory—use of offensive cyber capabilities for geopolitical coercion.
Analyst Comments: While Venezuela’s grid has been unstable for years, a covert U.S. cyberattack—intended to induce systemic failure—would break new ground in cyber norms, particularly against civilian critical infrastructure. Strategically, it signals to adversaries U.S. capabilities, but it also risks legitimizing similar tactics by hostile actors. From an operational perspective, the operation reportedly targeted grid control systems, likely exploiting legacy industrial control systems (ICS) with poor segmentation and outdated firmware. Defenders worldwide should take this as a warning shot: the gloves may be off.
READ THE STORY: arsTECHNICA
ICE Doxxing Site Knocked Offline After DDoS Attack Following Agent-Involved Shooting
Bottom Line Up Front (BLUF): A website that published personal details of U.S. Immigration and Customs Enforcement (ICE) agents was taken offline after a sustained distributed denial-of-service (DDoS) attack. The takedown came shortly after renewed public outrage following a recent ICE-involved shooting in Minnesota.
Analyst Comments: Sites hosting doxxed law enforcement data are high-value targets for both activists and adversaries, and the takedown may signal escalating tensions between federal agencies and online activist groups. DDoS remains a blunt but effective tool for silencing controversial platforms, especially when combined with domain and hosting pressure. If attribution points to hacktivists, expect further tit-for-tat activity, particularly if more personal data is exposed or other agents are implicated in misconduct.
READ THE STORY: InfoSecMag
Items of interest
Resistance by Design: How Ukrainian Networks Are Undermining Russian Control in Occupied Territories
Bottom Line Up Front (BLUF): Ukrainian resistance cells are conducting a coordinated, multi-domain campaign to disrupt the Russian occupation in territories such as Zaporizhzhia, Kherson, and Luhansk. These networks combine sabotage, intelligence collection, and influence operations to degrade Russian administrative control, with both government-backed and grassroots actors playing central roles.
Analyst Comments: This is a modern resistance model—decentralized, digitally enabled, and embedded within the civilian population. Ukraine isn’t relying solely on armed insurgency; it’s building a layered defense that integrates open-source intelligence, low-tech sabotage, and psychological operations. What began as spontaneous defiance has evolved into a national strategy, institutionalized through the National Resistance Center and coordinated via secure messaging apps and underground networks.
READ THE STORY: IWI
Unpacking Russian Cognitive Warfare (Video)
FROM THE MEDIA: Cognitive warfare is a national security imperative to understand, as it focuses on influencing an opponent's reasoning, decisions, and actions to secure strategic objectives, often with less military effort.
Exposing Cognitive Warfare (Video)
FROM THE MEDIA: Understanding modern conflict means understanding information warfare. ISW's Cognitive Warfare Task Force exposes the adversary narratives and influence operations that shape how the world understands conflict — from Ukraine to the Middle East to the Indo-Pacific.
The selected stories cover a broad range of cyber threats and are intended to help readers frame key publicly discussed threats and improve overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, don't hesitate to get in touch with InfoDom Securities at dominanceinformation@gmail.com.