Daily Drop (1233)
01-25-26
Sunday, Jan 25, 2025 // (IG): BB // GITHUB // SN R&D
Xi Targets Top Rocket Force General in Corruption Probe
Bottom Line Up Front (BLUF): Chinese President Xi Jinping has placed General Liu Zhenli, chief of the Joint Staff Department of the Central Military Commission, under investigation, marking a significant escalation in China’s widening military anti-corruption purge. The probe follows the abrupt removal of several top officials in China’s Rocket Force and defense technology sectors in 2023.
Analyst Comments: General Liu is no marginal figure; he’s effectively China’s top uniformed officer. His investigation signals a deeper purge inside the PLA’s strategic command layers, including units responsible for missile forces, C4ISR infrastructure, and potentially nuclear command and control. For outside observers, this raises flags on several fronts: potential degradation of command continuity, internal factional instability, and loss of institutional knowledge in sensitive domains. Western defense planners should monitor for shifts in Rocket Force readiness or doctrinal posture as leadership churn continues.
READ THE STORY: WSJ
U.S.–Canada Trade Tensions Spike Over China Transshipment Fears, 100% Tariff Threat Issued
Bottom Line Up Front (BLUF): The U.S. has warned Canada it may impose tariffs of up to 100% on Canadian exports if Chinese goods are found entering the U.S. market via Canadian transit routes. The threat follows reports of deepening Canada–China trade discussions and reflects Washington’s increasing focus on enforcing trade barriers targeting Beijing.
Analyst Comments: The proposed blanket tariffs are a sharp escalation, likely intended to chill future trade facilitation deals with Beijing. For cybersecurity and trade compliance professionals, this signals rising scrutiny on logistics transparency, supply chain documentation, and transshipment tracking. Expect increased U.S. customs enforcement and targeted audits at North American ports and border crossings. Companies moving dual-use tech or electronics components should expect more aggressive classification enforcement.
READ THE STORY: The 420
PLA Military-Linked to Land Buys Near Strategic Bases
Bottom Line Up Front (BLUF): U.S. intelligence agencies are tracking a pattern of land purchases near sensitive military installations by entities with suspected ties to the Chinese military or state-linked firms, according to a report from Modern Diplomacy. The acquisitions are under scrutiny for potential espionage or infrastructure sabotage risks, with lawmakers pushing for stricter foreign ownership controls.
Analyst Comments: Proximity to airbases, missile silos, or training facilities raises red flags for ELINT collection, drone-based ISR, or sabotage staging. U.S. intelligence is likely correlating purchase patterns with military logistics maps, EMCON protocols, and fiber-optic access points. Expect a tightening of CFIUS jurisdiction, potential retroactive reviews, and moves to limit foreign land ownership near national security zones. Local zoning and land registry systems may also come under federal oversight.
READ THE STORY: Modern Diplomacy
Inside Ukraine’s Drone War: Units Awarded for Targeted Strikes in Gamified Kill System
Bottom Line Up Front (BLUF): Ukraine’s drone doctrine is rapidly redefining modern low-cost warfare. The introduction of performance-based incentives—even informal ones—reflects a decentralized, startup-like culture inside Ukraine’s volunteer and military drone corps. This stands in stark contrast to Russia’s more rigid, centralized approach. The use of Telegram groups, real-time video verification, and bounty-like reward systems adds a psychological and motivational layer to drone warfare. But it also raises questions about accountability, escalation dynamics, and civilian oversight, especially as private donors, defense contractors, and crowd-sourced funding blur traditional lines of military procurement and command.
Analyst Comments: Ukrainian drone operators—many in small, semi-autonomous units—are awarded drones, gear, or financial bonuses for confirmed strikes, often validated through footage shared in unit-specific messaging channels. Drone teams use both commercial quadcopters and improvised FPV drones to hunt armored vehicles, infantry clusters, and supply lines. Some units report hundreds of successful hits, with detailed tracking and internal scoreboards reinforcing performance. The reward system is reportedly informal but widespread, fueled by donations, crowdfunding, and volunteer logistics chains.
READ THE STORY: Longevity
Lawsuit Alleges Meta Can Access WhatsApp Messages Despite Encryption Claims
Bottom Line Up Front (BLUF): A global group of plaintiffs filed a class-action lawsuit against Meta in U.S. federal court, alleging that the company can access WhatsApp users’ private messages despite promoting end-to-end encryption. The suit claims Meta stores and analyzes user communications and has misled billions of users about the true scope of its access.
Analyst Comments: While WhatsApp uses Signal’s end-to-end encryption protocol, the lawsuit hinges on what else Meta retains: message metadata, unencrypted backups, or content on endpoints. Even if the encryption itself is uncompromised, access via app-level telemetry, logging, or cloud sync mechanisms could serve as an indirect attack surface. If whistleblower evidence substantiates backend access to message content, this would represent a major breach of public trust—and a win for regulators and privacy advocates pushing for stronger oversight of encrypted platforms.
READ THE STORY: Bloomberg
U.S. to Inject $1.6 Billion into Rare Earths Firm to Counter China’s Supply Chain Dominance
Bottom Line Up Front (BLUF): The U.S. government plans to invest $1.6 billion for a 10% stake in a major rare earths mining company, according to reporting by the Financial Times. The move is part of a broader strategy to secure critical mineral supply chains vital to defense, electronics, and green energy industries amid growing tensions with China.
Analyst Comments: Rare earths are foundational to everything from F-35 flight systems to electric vehicles and missile guidance. For years, China has dominated global refining capacity, leaving the West vulnerable to coercive supply disruptions. A direct equity injection signals that Washington is done waiting on market forces. It also opens the door to future CFIUS scrutiny, potential restrictions on outbound tech investment, and closer alignment between resource policy and national industrial planning. Expect similar plays across lithium, graphite, and cobalt sectors in 2026.
READ THE STORY: Reuters
Oilfield Recovery in Post-Maduro Venezuela
Bottom Line Up Front (BLUF): The US Administration claimed the use of a secret weapon—referred to as “the discombobulator”—during the Jan. 3 raid in Caracas that captured Venezuela’s Nicolás Maduro. They stated the device disabled enemy weapons systems, preventing Russian and Chinese-supplied rockets from firing. The White House has not confirmed the claim, and no technical details have been released.
Analyst Comments: Legacy PDVSA infrastructure is fragile, under-maintained, and largely unsecured. Accelerated deployments of U.S. equipment and personnel into these environments risk exposure to environmental hazards, organized criminal groups, and potential sabotage. Additionally, reactivating decades-old assets without fully assessing integrity or cyber-physical vulnerabilities could invite ICS/OT incidents, either accidental or adversarial. With geopolitical stakes high and infrastructure brittle, this is a live-fire test for energy-sector resilience.
READ THE STORY: Bloomberg
Trump Claims US Used Classified Electronic Warfare Tool in Maduro Capture Operation
Bottom Line Up Front (BLUF): The US Administration claimed the use of a secret weapon—referred to as “the discombobulator”—during the Jan. 3 raid in Caracas that captured Venezuela’s Nicolás Maduro. They stated the device disabled enemy weapons systems, preventing Russian and Chinese-supplied rockets from firing. The White House has not confirmed the claim, and no technical details have been released.
Analyst Comments: EW capabilities targeting missile launch systems are not new, but public acknowledgment of a tool like this, especially one with unverified capabilities, is highly unusual. It’s unclear if “discombobulator” is a placeholder for a real platform or simply rhetorical flourish. Nonetheless, the claim will likely draw scrutiny from foreign intelligence services and fuel regional tensions. For analysts tracking critical infrastructure and military tech, this is a data point—not proof—of advanced EW or offensive cyber deployment.
READ THE STORY: Bloomberg
New Kerberos Relay Technique Abuses DNS CNAMEs to Evade Defenses
Bottom Line Up Front (BLUF): Security researchers have uncovered a novel Kerberos relay technique that exploits DNS CNAME records to bypass hostname-based defenses. The attack abuses inconsistencies in how Kerberos handles service principal names (SPNs), allowing adversaries to impersonate services or relay credentials across trust boundaries—even when mitigations like SMB signing are in place.
Analyst Comments: The issue stems from how Kerberos validates SPNs based on DNS resolution, not strict hostname matching. This allows adversaries to create malicious services that appear valid to the client—enabling credential relay or impersonationattacks. Microsoft has acknowledged the technique, but as of now, no patch exists; mitigation requires strict DNS hygiene and service registration controls.
READ THE STORY: GBhackers
Dresden State Art Collections, Shuts Down Museum Operations
Bottom Line Up Front (BLUF): A cyberattack has disrupted the Staatliche Kunstsammlungen Dresden (SKD), one of Germany’s largest museum networks, forcing a shutdown of IT systems and affecting internal operations and public services. German authorities have confirmed it was a ransomware incident, but no group has yet claimed responsibility.
Analyst Comments: Cultural institutions like SKD often have legacy systems, limited IT budgets, and broad public-facing infrastructure—making them soft targets for ransomware crews. While the attack doesn’t appear to involve data exfiltration (yet), the operational impact on museum functions—ticketing, internal records, logistics—can be significant. If SKD relied on shared IT infrastructure with other public bodies in Saxony, there’s potential for lateral movement. This fits into a broader trend: threat actors increasingly target "non-critical" institutions to pressure governments without crossing escalation thresholds seen with hospitals or energy infrastructure.
READ THE STORY: The Record
JumpServer RCE Vulnerability Exposes Privileged Infrastructure (CVE-2024-40629)
Bottom Line Up Front (BLUF): SentinelLabs disclosed a critical remote code execution vulnerability in JumpServer, an open-source bastion host used for managing access to internal systems. Tracked as CVE-2024-40629, the flaw allows unauthenticated attackers to execute arbitrary commands with root privileges by abusing the WebSocket interface in default configurations. Versions before v3.6.5 and v3.7.1 are vulnerable.
Analyst Comments: Bastion hosts like JumpServer sit between external users and sensitive internal systems—meaning an RCE here isn’t just a system compromise; it’s a perimeter breach. This is the kind of bug APTs love: remote, unauthenticated, and high-privilege. The issue is particularly dangerous because it requires no authentication and affects default setups. If your team is using JumpServer without network-level controls or recent patching, you should treat this as an active exposure.
READ THE STORY: SentinelOne
Items of interest
Ukraine’s Energy Crisis Deepens Under Russian Strikes, Grid Faces Critical Winter Strain
Bottom Line Up Front (BLUF): Amid ongoing Russian missile and drone attacks, Ukraine’s power infrastructure is nearing a breaking point. Energy officials warn of worsening blackouts this winter as repair capacity dwindles and air defenses struggle to intercept increasingly frequent barrages. With up to 50% of generating capacity offline in some regions, the energy crisis is becoming a frontline battleground.
Analyst Comments: Russia is reverting to its 2022 playbook: strategic strikes on Ukraine’s civilian energy infrastructure to degrade morale and force concessions. But this time, Ukraine’s grid is weaker, spare parts are scarce, and international support is slower. Expect Russia to escalate attacks during cold snaps, maximizing disruption. For defenders, this is less about cyber and more about kinetic critical infrastructure defense—but the cyber side still matters. Disruption to SCADA systems, grid telemetry, and repair coordination tools could follow if attackers shift tactics or blend operations.
READ THE STORY: Devdiscourse
‘Freezing conditions’: Russian attacks prompt energy emergency in Ukraine (Video)
FROM THE MEDIA: Australian Federation of Ukrainian Organisations Kateryna Argyrou claims the conditions are “very difficult” amid the Ukraine energy crisis.
Russia Devastates Ukraine’s Gas Output Ahead of Winter: Energy Crisis Deepens (Video)
FROM THE MEDIA: In October 2025, Russia unleashed a massive, coordinated missile and drone campaign targeting Ukraine’s vital gas and power infrastructure, striking from Kharkiv to Odessa. The attacks crippled over half of Ukraine’s gas production capacity, plunging key cities—including Kyiv, Kharkiv, and Poltava—into darkness. Entire districts went cold, rail networks stopped, and transformer plants burned through the night.
The selected stories cover a broad range of cyber threats and are intended to help readers frame key publicly discussed threats and improve overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, don't hesitate to get in touch with InfoDom Securities at dominanceinformation@gmail.com.