Daily Drop (1228)
01-18-26
Sunday, Jan 18, 2025 // (IG): BB // GITHUB // SN R&D
TRAINING:
Turning OSINT Chaos into Strategic Clarity: Countering Malign Chinese Influence
Open-source intelligence is increasingly central to understanding how PRC-linked actors shape outcomes across digital ecosystems, economic levers, and illicit networks, but turning fragmented, high-volume open data into timely, decision-ready insight remains a challenge.
Join the Irregular Warfare Initiative (IWI), CACI’s DarkBlue Intelligence Suite, and AWS for a half-day forum in Reston, VA, focused on strengthening how teams identify and assess influence activity spanning economic, digital, and criminal domains.
🗓 Date: Thursday, February 19, 2026
⏱ Start Time: 9:30 AM
📍 Location: Reston, VA
💲 Cost: Free to attend (free parking provided)
🔗 Register: https://lnkd.in/eQdS5Xri
China’s Cyber Empire and Tool of Influence
Bottom Line Up Front (BLUF): China's cyber strategy is a federated, state-aligned cyber ecosystem—not a centralized command hub. China’s cyber operations span the PLA's military branches, the Ministry of State Security (MSS) bureaus, academia, and contractors. With the 2024 dismantling of the PLA Strategic Support Force (SSF), offensive cyber operations now fall under the PLA’s newly formed Cyberspace Force, while information operations are managed by the Information Support Force. Technically, China’s cyber strategy relies on long-term access, durable infrastructure, and strategic alignment with national objectives—not zero-day theatrics or flashy malware. Defenders focusing only on IOCs or endpoint signatures will miss the campaign-level persistence that defines Chinese APT operations.
Analyst Comments: China's cyber apparatus is bureaucratically decentralized and technically engineered for scale, persistence, and ambiguity. The malware may be unsophisticated, but the campaigns aren’t. Code reuse, long-lived infrastructure, and supply chain infiltration define the tradecraft. Identity abuse—especially in cloud environments—is more dangerous than the malware itself. Post-SSF, China's cyber forces are becoming more specialized and structurally streamlined, but the targeting logic remains the same: systemic infiltration aligned with long-term national priorities.
READ THE STORY: Youtube
NEWS:
US Eyes Rare Earths Pact With Brazil Amid Strategic Realignment and China Tensions
Bottom Line Up Front (BLUF): The US is in early talks with Brazil on a rare-earth supply agreement, seeking to reduce its dependence on China for critical minerals essential to defense and high-tech manufacturing. The potential deal would include US financing, joint exploration, and industrial partnerships, elevating Brazil as a strategic counterweight in the global rare earths supply chain.
Analyst Comments: The Department of Commerce, State, Defense, and Energy are reportedly coordinating the effort. The DFC (Development Finance Corporation) has already approved a $465M loan to Serra Verde, Brazil’s only operational rare earth mine, and a feasibility study for a second. Europe is also in talks with Brazil, raising geopolitical competition over access. Though Brazil holds 23% of global reserves, only 30% of its territory has been geologically mapped. Development is hampered by long permitting cycles—Serra Verde took 15 years to reach production. A US-Brazil framework could resemble the October 2025 US-Australia pact, which unlocked $3B in joint rare earth investments.
READ THE STORY: FT
Bejing Tightens Grip on Rare Earths Amid Rising Tensions with Japan
Bottom Line Up Front (BLUF): China’s rare-earth exports dropped in December 2025, coinciding with new export controls targeting Japan amid escalating geopolitical tensions. Though the month-over-month decline (6,745 tons vs. 6,958 in November) was modest, the real signal is Beijing’s shift toward weaponizing its dominance in rare-earth magnets—critical to EVs, defense systems, and high-tech manufacturing—by threatening tighter licensing and military-use restrictions.
Analyst Comments: China’s Ministry of Commerce has imposed new shipment controls on rare-earth exports to Japan tied to potential military end use. The move follows inflammatory remarks by Japan’s prime minister concerning Taiwan. While overall exports dropped slightly in December, more detailed geographic data—expected Tuesday—may reveal sharper pullbacks. China Daily also reports that Beijing may increase scrutiny of export licensing to Japan. This marks a renewed flashpoint in trade tensions, even as U.S.-China relations saw a slight easing in late 2025.
READ THE STORY: Bloomberg
China Spent $213.5B on the BRI in 2025
Bottom Line Up Front (BLUF): China’s Belt and Road Initiative (BRI) hit a record $213.5B in 2025, with massive investments in energy, metals, green tech, and infrastructure across Africa, Latin America, and Southeast Asia. Amid global fragmentation and growing skepticism of U.S. leadership, China is doubling down on influence-building through economic statecraft. For many emerging markets, Beijing now appears to be a more consistent—if transactional—partner than Washington.
Analyst Comments: What stands out in both the data and global reaction is the ongoing perception shift. China is no longer simply building roads and pipelines—it is constructing alternatives to the Western-led order, embedding itself into national infrastructure, resource chains, and policy influence through long-term contracts, strategic investment, and aggressive bilateral diplomacy. From a cybersecurity and supply chain security standpoint, the implications are substantial. Infrastructure built under the BRI is often constructed by Chinese state-owned enterprises (SOEs) with minimal transparency. This raises red flags about persistent access, data flow control, and dual-use capabilities baked into telecoms, smart ports, energy infrastructure, and surveillance systems.
READ THE STORY: FT
Xi Blocks Nvidia’s H200 AI Chips Despite US Export Approval
Bottom Line Up Front (BLUF): Chinese customs have halted imports of Nvidia’s H200 AI chips—despite the Biden administration’s recent approval for export—introducing fresh volatility into an already strained US-China tech relationship. The move leaves suppliers scrambling, with some halting production, while Beijing remains silent on whether the restriction is temporary or a formal ban.
Analyst Comments: The H200 is one of the most advanced chips China can legally buy from Nvidia under tightened U.S. export controls, making it both a symbol and a pawn in broader economic and military competition. Blocking its entry lets Beijing send multiple messages: push domestic chip development, signal displeasure with U.S. tariffs, and keep leverage in ongoing tech negotiations. The fact that authorities gave no formal explanation only adds to the uncertainty, leaving Western firms guessing and Chinese firms increasingly wary of U.S. tech dependencies.
READ THE STORY: The Guardian
CCP’s Taiwan Messaging Sharpens Amid Global Distractions
Bottom Line Up Front (BLUF): In his 2026 New Year speech, Xi Jinping doubled down on reunification with Taiwan as China’s central strategic goal—while noticeably avoiding mention of the U.S., Russia, or ongoing global conflicts. As historian Peter Frankopan notes, this rhetorical shift, combined with recent PLA military exercises, suggests Beijing is recalibrating its messaging to emphasize long-term pressure on Taiwan while projecting domestic strength and international restraint.
Analyst Comments: Xi’s omission of usual geopolitical antagonists like the U.S. or NATO suggests Beijing is positioning itself as the “calm power” amid global instability. But make no mistake: the clarity with which Taiwan was framed as a non-negotiable goal should raise eyebrows in every Indo-Pacific capital. China is using soft power language—national rejuvenation, scientific progress, harmony—while hardening its posture through exercises and procurement. This dual-track strategy is about buying time while shaping the psychological terrain. The timing also matters: global focus on crises in Venezuela and Iran gives China cover to reinforce its Taiwan messaging without immediate scrutiny.
READ THE STORY: Peter Frankopan
China Flies Surveillance Drone into Taiwan Airspace for First Time, Testing Boundaries and Air Defense Gaps
Bottom Line Up Front (BLUF): Chinese WZ-7 “Soaring Dragon” high-altitude surveillance drone entered the airspace above Pratas Island (Dongsha)—a Taiwan-administered atoll in the South China Sea—for four minutes. This marks the first confirmed PLA drone intrusion into Taiwan's territorial airspace, escalating Beijing’s pressure campaign and probing Taiwan’s rules of engagement.
Analyst Comments: Taiwan’s Ministry of Defense confirmed the drone breach occurred on Saturday. The PLA’s Southern Theatre Command later claimed the flight as part of “normal exercises” over what it called “China’s Dongsha Island.” Taiwanese forces responded by broadcasting radio warnings, but did not engage. The WZ-7 Soaring Dragon flew above the altitude at which Pratas’ known air defense capabilities reportedly include Avenger mobile SAMs and Stinger missiles—both ineffective at that altitude. Military analysts note that rules of engagement for counter-strike against unmanned intrusions remain undefined. Taiwan’s 2024 defense policy stated any unauthorized entry by PLA platforms may qualify as a “first strike”, but the policy lacks clear tactical delegation for frontline units.
READ THE STORY: FT
China Struggles to Decode Trump’s Foreign Policy Chaos Amid Global Power Rebalancing
Bottom Line Up Front (BLUF): Jesse Marks argues that Donald Trump’s erratic and improvisational foreign policy has left Beijing—and much of the world—scrambling to interpret U.S. intentions. China, traditionally reliant on long-term strategic forecasting, is now forced into reactive mode, as Trump mixes unpredictable threats, abrupt military actions, and reversals without clear strategic coherence. While China may exploit short-term openings, its broader ability to counter U.S. influence is hindered by persistent uncertainty.
Analyst Comments: Beijing may find tactical advantage in global power vacuums, but the analytical overload from trying to parse Trump’s motives and likely actions leaves Chinese strategists paralyzed in many cases. Worse, traditional U.S. allies—Canada, Denmark, parts of the Middle East—are being alienated by the volatility and may turn toward China for stability, giving Beijing leverage it never fully planned for. Trump’s “Trump Corollary” to the Monroe Doctrine also signals a return to zero-sum geopolitics in Latin America and the Arctic, where China now faces not just pressure, but an overt attempt at ejection.
READ THE STORY: Jesse Marks
South Korea Pushes for Tariff Relief Amid U.S. Crackdown on AI Chip Imports
Bottom Line Up Front (BLUF): South Korea will enter negotiations with the U.S. to secure favorable treatment under Washington’s new AI chip tariffs, according to a senior official from the presidential office. The move comes as the Trump administration expands 25% tariffs on high-performance semiconductors, sparking concern among major South Korean manufacturers like Samsung and SK Hynix, which dominate the global memory chip market.
Analyst Comments: AI chip tariffs may currently focus on processors like Nvidia's H200, but the scope could easily widen—and memory makers know it. South Korea’s dependence on U.S. markets and technology leaves it exposed, but its strategic position in the semiconductor supply chain also gives it leverage. Washington wants to contain China without alienating allies—so Seoul is likely to win carve-outs or reduced enforcement pressure, especially given existing trade provisions.
READ THE STORY: The Reuters
Ukraine Automates Drone Delivery to Frontline Units, Slashing Wait Times to One Day
Bottom Line Up Front (BLUF): Ukraine has launched an automated logistics system to deliver drones directly to frontline units within 24 hours. The system leverages digital requests, regional hubs, and military-civilian coordination to speed up drone deployment, addressing a critical supply bottleneck in Ukraine’s defense strategy.
Analyst Comments: Frontline soldiers can now file requests for drones through an automated system, with deliveries dispatched from regional warehouses often on the same day. The process is coordinated by Ukraine’s Ministry of Digital Transformation in partnership with the military’s “Army of Drones” initiative. Over 20,000 drones were distributed in December alone using the new pipeline. Officials say the system also helps track battlefield demand trends and prevent inefficiencies in stockpiling.
READ THE STORY: United24 // UNN
Italy Seizes Suspected Russian Shadow Fleet Vessel in EU Sanctions Crackdown
Bottom Line Up Front (BLUF): Italian authorities have seized a Panama-flagged cargo ship suspected of being part of Russia’s "shadow fleet" used to evade EU sanctions on oil and strategic commodities. The vessel was detained in the port of Sardinia following an inspection that revealed ties to sanctioned Russian entities, marking one of the EU’s clearest enforcement actions against maritime sanctions evasion.
Analyst Comments: This seizure shows Italy—and, by extension, the EU—are becoming more aggressive in targeting Russia’s opaque logistics network, which has grown to support wartime revenue through sanctions circumvention. The so-called "shadow fleet" has been vital for Russia’s continued oil exports and covert shipments of restricted materials. While this isn't the first such vessel identified, seizure on EU soil sets a precedent. Expect tighter port inspections across southern Europe, potential retaliatory moves from Moscow, and increased use of flag-of-convenience registrations to mask ownership.
READ THE STORY: TVP
Russia Smuggles Arms to Libya Using Sanctioned Ship Under Naval Escort
Bottom Line Up Front (BLUF): Russia has reportedly used a sanctioned cargo ship to deliver weapons to eastern Libya, escorted by a Russian Navy vessel. According to Ukrainian and allied intelligence sources cited by United24 Media, the ship bypassed international monitoring by sailing under naval protection—an apparent breach of the UN arms embargo and a direct challenge to Western maritime enforcement.
Analyst Comments: Moscow uses state assets (a warship escort) to shield covert military logistics under the guise of civilian shipping. Libya offers Russia a foothold on NATO’s southern flank and a testing ground for sanctions defiance. The use of a sanctioned ship—already flagged by Western authorities—shows how openly Russia is willing to challenge international norms when enforcement lacks bite. This move also highlights the operational flexibility of Russia’s "sanctions-proof" fleet, which is increasingly being repurposed for military logistics beyond oil.
READ THE STORY: United24
Ukraine Sanctions Russian Sports Figures Ahead of Winter Olympics in Symbolic Pushback
Bottom Line Up Front (BLUF): Ukraine has imposed new sanctions targeting over 30 Russian athletes, officials, and sports organizations ahead of the 2026 Winter Olympics in Milan-Cortina. The move aims to isolate Russian influence in international sport and spotlight the ongoing use of athletics as a soft power tool amid Russia’s war on Ukraine.
Analyst Comments: While largely symbolic in isolation, these sanctions reinforce Ukraine’s broader strategy of political warfare—denying Russia legitimacy on the global stage wherever possible. The timing is deliberate: the IOC’s controversial decision to allow “neutral” Russian athletes to compete has drawn international criticism, and Ukraine is leveraging that controversy to reignite diplomatic pressure. Sanctioning athletes and sports bodies won’t cripple the Kremlin’s war effort, but it feeds into a larger effort to stigmatize Russia across all domains—economic, diplomatic, and cultural. This also reflects Kyiv’s belief that sports, like energy or propaganda, are strategic terrain in modern conflict.
READ THE STORY: The Kyiv Independent
Black Basta Ransomware: Threat Actor Grows More Dangerous With Sophisticated Dark Web Operations
Bottom Line Up Front (BLUF): A new analysis of Black Basta, a prominent ransomware-as-a-service (RaaS) operation, reveals a highly organized threat group leveraging enterprise-grade infrastructure, stealthy infection chains, and reputation-based extortion tactics. The group’s operations are expanding globally, with a focus on double extortion and rapid post-exploitation deployment.
Analyst Comments: Black Basta has quickly graduated from newcomer to major player. The group combines classic RaaS methods with disciplined ops: initial access via Qakbot, fast privilege escalation, and exfil before encryption. Victim shaming on dedicated leak sites and Tor-hosted chat for ransom negotiation adds pressure. The infrastructure is hardened, with support roles and payment channels well-disguised. This actor’s increasing profile warrants special attention in threat modeling for healthcare, manufacturing, and education sectors—all frequent victims.
READ THE STORY: RHC
US Nuclear Agency Breached via SharePoint Exploit: Nation-State Group Suspected
Bottom Line Up Front (BLUF): Hackers exploited unpatched Microsoft SharePoint vulnerabilities to breach systems at a U.S. nuclear regulatory body, according to recent reporting. While attribution is pending, early indicators suggest a sophisticated threat actor likely operating with nation-state backing.
Analyst Comments: Targeting a nuclear oversight entity suggests either espionage or long-term disruption planning. SharePoint vulnerabilities have become an increasingly popular target for state-aligned APTs, especially in government environments where patching cycles lag. This incident reinforces how even non-production systems in critical infrastructure can be leveraged for footholds, credential harvesting, or lateral movement. If attribution confirms state ties (e.g., China or Russia), expect diplomatic fallout and increased regulatory scrutiny on patch compliance for federal systems.
READ THE STORY: MSN
Deadlock Ransomware Uses Exploited Polygon Smart Contracts to Evade Detection
Bottom Line Up Front (BLUF): A new variant of the Deadlock ransomware group is using Polygon blockchain smart contracts to store and retrieve payloads and encryption keys, thereby bypassing traditional network monitoring and forensic techniques.
Analyst Comments: This is next-gen tradecraft: combining ransomware ops with decentralized infrastructure to hide tooling in plain sight. By leveraging smart contracts, Deadlock avoids hosting its payloads on servers that are vulnerable to takedowns or DNS blocking. Crypto and Web3-savvy defenders should start mapping blockchain-based abuse vectors, because this won’t be the last time ransomware goes “on-chain.” Notably, the attack chain still begins via phishing or compromised credentials—initial access remains the weak link.
READ THE STORY: MSN
Arrest Made in Coinbase Ransomware Breach
Bottom Line Up Front (BLUF): Law enforcement has made an arrest tied to the Coinbase ransomware breach, which disrupted the crypto exchange’s internal systems in late 2025. The suspect reportedly worked with a broader affiliate ransomware network, using phishing and credential stuffing as entry points.
Analyst Comments: This is an operational win for law enforcement—and a warning shot to ransomware operators hitting financial infrastructure. While Coinbase wasn’t directly extorted, the attacker did gain access to sensitive dev environments. The arrest may yield intel on ransomware affiliate ecosystems, especially if plea deals are offered. The fact that an arrest occurred so quickly suggests attribution was clear—possibly due to reused infrastructure or OPSEC failures.
READ THE STORY: Mashable
WordPress Plugin Vulnerability Enables Privilege Escalation (CVE-2026-23800)
Bottom Line Up Front (BLUF): A critical privilege escalation flaw in WordPress Modular DS Plugin v2.5.2 (CVE-2026-23800) could allow unauthenticated users to gain admin access. No patch available at time of disclosure; exploitation likely in the wild.
Analyst Comments: If your org hosts public-facing WordPress sites, now’s the time to panic responsibly. This is classic “low-effort, high-impact” material for botnets and skids alike. Since WordPress is often overlooked in asset inventories, especially by marketing and comms teams, security teams should hunt for rogue installations. Given the plugin’s popularity in EU and APAC small-business deployments, mass exploitation is likely if patching lags.
READ THE STORY: SystemTek
Google Chrome Lets Users Disable On-Device AI for Scam Detection
Bottom Line Up Front (BLUF): A new Chrome update allows users to disable the on-device AI model used for scam and phishing detection. While privacy-conscious users may welcome this, the move could also reduce baseline protections, making less-savvy users more vulnerable to phishing.
Analyst Comments: This is a usability-versus-security dilemma. The toggle likely appeases those wary of local model storage, but it weakens Chrome’s defenses against phishing and social engineering—particularly for zero-click and deceptive content. Threat actors will test how reliably this toggle impacts detection. Expect to see scam kits evolve to exploit differences between AI-assisted and vanilla rendering modes.
READ THE STORY: BleepingComputer
Free Cloud-Based Spear Phishing Protection Announced — But With Caveats
Bottom Line Up Front (BLUF): A new, free cloud-based tool has been released for spear-phishing detection. While potentially useful for small orgs and under-resourced teams, it lacks behavioral detection and only catches known indicators.
Analyst Comments: Free is fine—if you know what you’re getting. This tool is more antivirus than XDR: it’ll help catch known threats, but won’t stop zero-day phishing payloads or insider-based lures. That said, orgs with no email security budget may still benefit from some protection rather than going blind. Notably, there’s no integration with SIEMs or alert triage pipelines—so defenders must monitor manually or through email quarantines.
READ THE STORY: BetaNews
Items of interest
Iran’s Hybrid Warfare Strategy Evolves: Asymmetric Tools Drive Regional Influence
Bottom Line Up Front (BLUF): Iran is advancing a multi-pronged hybrid warfare strategy that fuses cyber operations, proxy militias, information warfare, economic disruption, and diplomacy to expand its regional influence without direct conventional conflict. Analysts warn that Tehran’s model is maturing—emphasizing deniability, long-term positioning, and calibrated escalation, particularly across the Middle East and South Asia.
Analyst Comments: What’s evolving now is how Tehran synchronizes its tools: launching cyberattacks while stirring unrest via proxies, amplifying narratives through state media, and engaging diplomatically to avoid backlash. From oil infrastructure strikes to cyber sabotage and maritime harassment, each move is deniable but clearly coordinated. For security planners, the takeaway is this: Iran doesn’t need to “win” in a Western military sense. It just needs to raise costs, create friction, and exploit vulnerabilities over time. Expect continued targeting of critical infrastructure (especially oil, water, and ports), cyber intrusions with delayed payloads, and increased use of social engineering and influence ops. India and Gulf states should factor hybrid threats into both kinetic and cyber readiness planning, especially as regional tensions rise around Israel and U.S. force posture.
READ THE STORY: The Kashmir Horizon
Drones, cyberattacks, and Sabotage (Video)
FROM THE MEDIA: War has returned to Europe. As a hot war in Ukraine. But also as a so‑called hybrid war, aimed, above all, at NATO countries supporting Ukraine. Countries like Germany. Just last week, Munich Airport was brought to a standstill on two separate days. The reason: drones, allegedly controlled by Russian criminals. And it doesn’t stop there. Cyber intrusions targeting critical infrastructure, government agencies, and businesses have almost become routine. In Germany alone, more than 1,000 are recorded each week.
Iran Using Houthis To Start New Hydro War At Sea? Iran-Israel War (Video)
FROM THE MEDIA: Critical undersea internet cables in the Red Sea were damaged, disrupting connectivity across Asia and the Middle East, with NetBlocks confirming failures in the IMEWE and SEA-ME-WE 4 systems near Jeddah. Microsoft warned of slower access in the Middle East, while other regions were mostly unaffected. Houthis, possibly backed by Iran, are suspected of involvement as part of a growing hybrid warfare campaign targeting key infrastructure. The incident highlights the fragility of undersea cables and underscores the Red Sea’s strategic importance for global trade and communications, with repairs expected to take weeks.
The selected stories cover a broad range of cyber threats and are intended to help readers frame key publicly discussed threats and improve overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, don't hesitate to get in touch with InfoDom Securities at dominanceinformation@gmail.com.