Daily Drop (1229)
01-20-26
Tuesday, Jan 20, 2025 // (IG): BB // GITHUB // SN R&D
TRAINING:
Turning OSINT Chaos into Strategic Clarity: Countering Malign Chinese Influence
Open-source intelligence is increasingly central to understanding how PRC-linked actors shape outcomes across digital ecosystems, economic levers, and illicit networks, but turning fragmented, high-volume open data into timely, decision-ready insight remains a challenge.
Join the Irregular Warfare Initiative (IWI), CACI’s DarkBlue Intelligence Suite, and AWS for a half-day forum in Reston, VA, focused on strengthening how teams identify and assess influence activity spanning economic, digital, and criminal domains.
🗓 Date: Thursday, February 19, 2026
⏱ Start Time: 9:30 AM
📍 Location: Reston, VA
💲 Cost: Free to attend (free parking provided)
🔗 Register: https://lnkd.in/eQdS5Xri
China’s Cyber Empire and Tool of Influence
Bottom Line Up Front (BLUF): China's cyber strategy is a federated, state-aligned cyber ecosystem—not a centralized command hub. China’s cyber operations span the PLA's military branches, the Ministry of State Security (MSS) bureaus, academia, and contractors. With the 2024 dismantling of the PLA Strategic Support Force (SSF), offensive cyber operations now fall under the PLA’s newly formed Cyberspace Force, while information operations are managed by the Information Support Force. Technically, China’s cyber strategy relies on long-term access, durable infrastructure, and strategic alignment with national objectives—not zero-day theatrics or flashy malware. Defenders focusing only on IOCs or endpoint signatures will miss the campaign-level persistence that defines Chinese APT operations.
Analyst Comments: China's cyber apparatus is bureaucratically decentralized and technically engineered for scale, persistence, and ambiguity. The malware may be unsophisticated, but the campaigns aren’t. Code reuse, long-lived infrastructure, and supply chain infiltration define the tradecraft. Identity abuse—especially in cloud environments—is more dangerous than the malware itself. Post-SSF, China's cyber forces are becoming more specialized and structurally streamlined, but the targeting logic remains the same: systemic infiltration aligned with long-term national priorities.
READ THE STORY: Youtube
NEWS:
DoD Still Buying from Chinese Telecom Vendors Despite Carrier Hacks
Bottom Line Up Front (BLUF): The Department of Defense continues to procure systems and components from Chinese telecom companies, despite repeated intrusions by Chinese state-backed actors into U.S. mobile carriers. Experts warn this practice exposes critical military infrastructure to long-term espionage and supply chain compromise.
Analyst Comments: After APT41 and other PRC-affiliated groups were caught exfiltrating data from U.S. carriers, continued DoD reliance on Chinese-made systems—even for “non-sensitive” applications like physical security or HVAC—is indefensible. In modern cyber operations, lateral movement often starts in low-privilege environments. The assumption that non-mission-critical tech is immune to exploitation doesn’t hold up. Expect this issue to resurface in FY27 NDAA hearings and possibly trigger new legislation restricting DoD vendor eligibility based on foreign control.
READ THE STORY: FNN
U.S. Sanctions Global Disinformation Index CEO Amid Free Speech Dispute
Bottom Line Up Front (BLUF): Clare Melford, CEO of the Global Disinformation Index (GDI), was sanctioned by the U.S. State Department and had her visa revoked for allegedly coercing tech platforms into censorship. Melford refutes the claim, arguing GDI’s work supports free market transparency by helping advertisers avoid reputational risks tied to disinformation and divisive content online.
Analyst Comments: GDI’s real influence lies in informing ad spend, not removing content, but in the current polarized environment, even data aggregation is being recast as censorship. The larger concern is how this action may chill independent research into disinformation ecosystems—just as generative AI supercharges their scale and realism. If the U.S. begins treating disinfo researchers as partisan actors, it opens the door for authoritarian states to justify harsher crackdowns of their own.
READ THE STORY: FT
UK Set to Approve Chinese ‘Mega’ Embassy Despite Espionage Concerns
Bottom Line Up Front (BLUF): The UK government is expected to approve China’s proposed “mega” embassy at Royal Mint Court, following the inclusion of undisclosed national security measures developed with British intelligence services. The decision comes despite warnings from the US and European allies about espionage risks, including proximity to critical communications infrastructure in the City of London.
Analyst Comments: Intelligence agencies are betting that hardening the site is enough to mitigate risks, but the lack of transparency around the protective measures raises eyebrows. China's embassy will be its largest in Europe, with critics highlighting a potential “shadow network” of secret rooms and the diplomatic protections that come with the Vienna Convention. With China denying UK upgrades to its own embassy in Beijing, this approval may appear one-sided. Expect debate to intensify around reciprocity, surveillance threats, and the broader UK-China relationship. For defenders, the embassy could become a high-value SIGINT concern.
READ THE STORY: FT
Beijing Bans U.S. and Israeli Cybersecurity Firms, Escalating Global Tech Decoupling
Bottom Line Up Front (BLUF): China has formally banned several U.S. and Israeli cybersecurity vendors—including CrowdStrike, Palantir, and Check Point—from operating in its market, citing “national security” concerns. The move is part of Beijing’s growing push to sever reliance on foreign technology, particularly from nations it views as strategic competitors or surveillance threats.
Analyst Comments: The bans are Beijing's direct response to Western restrictions on Chinese tech firms, part of a broader tit-for-tat decoupling in cyber and defense sectors. While symbolic in some cases—many of these firms had limited Chinese market access—the real impact is in the message: foreign software tied to Western intelligence ecosystems is unwelcome. Organizations with global operations should expect increasing fragmentation in tooling and vendor compliance requirements, especially in regulated sectors like finance, telecom, and defense.
READ THE STORY: CYBERMAG
CCP Ran Media is Claiming the Testing Over 10 Quantum Cyber Weapons for Warfare
Bottom Line Up Front (BLUF): China is actively developing and testing more than 10 quantum-based cyber capabilities for potential wartime use, according to statements from the state-affiliated China Science and Technology Daily. These tools reportedly include quantum-enhanced reconnaissance, stealth communication, and offensive cyber weapons—marking a significant leap in the militarization of quantum technology.
Analyst Comments: While the operational readiness of these quantum capabilities is unclear, China is broadcasting its intent to weaponize next-gen computing for cyber warfare. The mention of “offensive tools” is especially notable—suggesting applications like quantum key disruption, sensor evasion, or even prototype quantum malware. Most Western quantum research remains in the academic or civilian domain; China, by contrast, is openly framing it as a warfighting advantage. The gap isn’t just technological—it’s strategic. Defenders should begin preparing for the post-quantum era now, especially in crypto agility, secure communications, and supply chain trust models.
READ THE STORY: GTSC
China Ejects High-Speed Traders from Exchange Data Centers in Market Security Crackdown
Bottom Line Up Front (BLUF): China has ordered high-frequency trading (HFT) firms to vacate co-location facilities within the country’s stock exchange data centers, citing concerns over market stability and “unfair advantages.” The decision affects both domestic and foreign trading firms, and is part of a broader regulatory effort to tighten control over financial infrastructure.
Analyst Comments: By removing co-location privileges—where HFT firms place servers physically close to exchange infrastructure—Beijing is cutting off their speed edge. While framed as a fairness issue, it’s also about sovereignty: Chinese regulators are wary of foreign trading algorithms gaining real-time visibility into market flows. Expect increased surveillance of cross-border capital movements and further restrictions on financial data access. This also raises a red flag for foreign firms still operating latency-sensitive systems in China—regulatory risk just became operational risk.
READ THE STORY: CYBERNEWS
Researchers Exploit XSS Flaw in Stealc Malware Admin Panel to Spy on Threat Actors
Bottom Line Up Front (BLUF): Security researchers are warning that pro-Russia hacktivist groups, often dismissed as low-skilled nuisances, are evolving into a more serious threat. Groups like Killnet and NoName057(16) have begun coordinating with state-backed actors, blending ideological messaging with effective DDoS, defacement, and data-leak campaigns targeting Western infrastructure.
Analyst Comments: The XSS vulnerability in Stealc’s backend is more than a punchline; it gave defenders real-time intelligence on active infections and campaign infrastructure. Stealc has been an increasingly popular infostealer in the underground economy, marketed as a user-friendly, customizable toolkit. That its C2 panel had such a basic web app flaw reflects either rushed development or overconfidence. Researchers gaining access to operational data (such as wallet IDs, infection stats, and affiliate tracking) is a goldmine for attribution and takedown efforts. Don’t be surprised if this leads to arrests or C2 sinkholing in the coming weeks.
READ THE STORY: RESCANA
Pro-Russia Hacktivists Are More Than Noise
Bottom Line Up Front (BLUF): Security researchers are warning that pro-Russia hacktivist groups, often dismissed as low-skilled nuisances, are evolving into a more serious threat. Groups like Killnet and NoName057(16) have begun coordinating with state-backed actors, blending ideological messaging with effective DDoS, defacement, and data-leak campaigns targeting Western infrastructure.
Analyst Comments: For too long, defenders have underestimated these groups as script kiddies with Telegram channels. That’s no longer accurate. What we’re seeing is a fusion of hacktivism and hybrid warfare—where public-facing chaos ops mask deeper intelligence-gathering and disruption campaigns. Pro-Russia actors have repeatedly hit hospitals, transport systems, and government portals with enough impact to trigger real-world response delays. Their growing operational tempo, coordination with GRU-linked actors, and use of custom tooling suggest these are more than noisy patriots—they’re becoming strategic assets. Dismissing them as amateurs is a dangerous misread.
READ THE STORY: The Register
DPRK–Linked Hackers Abuse Naver and Google Ads to Deliver Malware
Bottom Line Up Front (BLUF): Researchers have identified a North Korea–aligned threat group abusing Naver and Google Ads to distribute malware, using paid search results to lure users into downloading trojanized software. The campaign highlights how state-backed actors continue to exploit trusted advertising ecosystems to bypass traditional security controls and reach victims at scale.
Analyst Comments: By leveraging mainstream ad platforms, North Korean operators sidestep email security, reputation-based filtering, and user suspicion. These campaigns are especially effective against developers, crypto users, and small businesses searching for common tools. Expect this tactic to persist—ad ecosystems remain an attractive attack surface because platforms prioritize revenue and scale over deep vetting. Defenders should treat search ads as untrusted content, full stop.
READ THE STORY: SocialNews
Windows 11 Bug Prevents Shutdown and Restart: Microsoft Confirms Fix in Progress
Bottom Line Up Front (BLUF): A newly identified Windows 11 bug is blocking users from properly shutting down or restarting their systems, with error messages referencing “Task Host is stopping background tasks.” Microsoft has acknowledged the issue and confirmed that a fix is underway. The glitch appears to stem from system services failing to terminate cleanly, impacting both personal and enterprise devices.
Analyst Comments: Impacted systems may appear hung or unresponsive during shutdown, potentially complicating patch cycles, user productivity, and restart-based troubleshooting. Until a patch is issued, admins should monitor for abnormal shutdown behaviors and consider scripting forced reboots during maintenance windows. This also underscores the fragility of background service management in Windows 11, where even routine processes like shutting down can become points of failure.
READ THE STORY: The Register
Items of interest
Unidentified Aerial Object Over Chinese Wind Farm Was a Foreign Surveillance Drone
Bottom Line Up Front (BLUF): Chinese state media reports that an unidentified flying object (UFO) spotted over a strategic offshore wind farm in the Yellow Sea has been identified as a foreign surveillance drone. The incident triggered a rapid military response, including radar jamming and naval deployment, with authorities framing it as an act of foreign espionage targeting critical energy infrastructure.
Analyst Comments: This incident fits an emerging pattern: China’s increased sensitivity to perceived surveillance near dual-use infrastructure. Offshore wind farms are not just energy assets—they’re potential platforms for undersea cable routing, radar coverage, and maritime surveillance. Whether the drone belonged to a nation-state remains unconfirmed, but the public framing suggests Beijing is using these events to justify expanded counter-surveillance measures and tighten airspace restrictions. Expect a growing overlap between green energy infrastructure and national defense in both Chinese and Western threat models.
READ THE STORY: CYBERNEWS
Ancient Aliens: China’s Extraterrestrial Legends (Video)
FROM THE MEDIA: "Ancient Aliens" explores the controversial theory that extraterrestrials have visited Earth for millions of years.
UFOs: What Does China Know (Video)
FROM THE MEDIA: Samuel Chong — a lawyer, professional translator, and passionate UFO/UAP researcher originally from China and now based in the United States. Samuel has worked on bringing groundbreaking UFO and extraterrestrial contact books into English, helping to make key information available to a wider global audience.
The selected stories cover a broad range of cyber threats and are intended to help readers frame key publicly discussed threats and improve overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, don't hesitate to get in touch with InfoDom Securities at dominanceinformation@gmail.com.