Daily Drop (1235)
01-28-26
Wednesday, Jan 28, 2025 // (IG): BB // GITHUB // SN R&D
A New Scramble for Africa: China, Russia, and the West Compete for Influence via Digital Infrastructure
Bottom Line Up Front (BLUF): Africa’s digital infrastructure is becoming a strategic battleground—not just for markets, but for long-term influence. China’s decades-long head start via Huawei, cloud platforms, and lending means much of the continent runs on tech with embedded geopolitical leverage. Russia is taking a more asymmetric route, offering digital authoritarianism as a service. Western governments, meanwhile, are stuck playing defense, offering vague promises of “trusted connectivity” without concrete investment or scale. For cybersecurity teams, this means a rising risk of opaque supply chains, surveillance creep, and foreign-backed cyber operations using locally hosted infrastructure.
Analyst Comments: China’s Digital Silk Road includes undersea cables, cloud data centers, and e-government platforms across Africa—often delivered with few transparency requirements. Russia, while lacking economic heft, is exporting censorship tools and partnering with regimes on information control. Western countries have tried to counter with public-private initiatives, but these often arrive late, lack coordination, or avoid engagement in politically sensitive regions. The result is a digital ecosystem where authoritarian models are outpacing democratic ones by sheer volume and velocity.
READ THE STORY: Tracking People’s Daily
Chinese Cybercrime-Linked Money Launderers Target Global Financial Infrastructure
Bottom Line Up Front (BLUF): Chinese money laundering networks are increasingly acting as critical infrastructure for global cybercriminals, facilitating ransomware payments, fraud proceeds, and illicit cryptocurrency transactions. According to Infosecurity Magazine, these networks operate with industrial-scale efficiency—blurring the lines between traditional organized crime, cybercrime, and state-tolerated activity.
Analyst Comments: While ransomware groups grab headlines, they depend on these laundering ecosystems to cash out. What’s especially concerning is the scale and professionalism of these Chinese laundering syndicates, some of which overlap with underground banking and “Daigou” networks. They’re fast, anonymous, and often operate beyond Western law enforcement reach. For defenders, the implication is clear: follow the money isn’t just a metaphor—it’s essential for attribution, disruption, and upstream prevention.
READ THE STORY: InfoSecMag
Israel Disrupts Iranian Cyberattack on Defense Contractor Using Wiper Malware
Bottom Line Up Front (BLUF): Israel’s Ministry of Defense confirmed it thwarted an Iranian-attributed cyberattack targeting a major Israeli defense contractor. The attack aimed to deploy wiper malware designed to destroy systems and exfiltrate sensitive data. According to The Jerusalem Post, the campaign was part of a broader Iranian effort to degrade Israeli military-industrial capabilities amid regional tensions.
Analyst Comments: Iran’s cyber playbook continues to escalate: not just espionage, but destructive attacks on defense-linked infrastructure. This incident reinforces a pattern—Tehran is willing to burn access for impact, especially when targeting Israeli national security assets. The use of wipers shows intent to cause real operational disruption, not just gather intel. Expect more hybrid operations pairing data theft with destruction, especially as conflict dynamics intensify in the region. For cyber defenders, this is another data point pushing wiper detection and containment into must-have territory—not just theoretical risk.
READ THE STORY: JPOST
Octopus Energy Urges UK to Embrace Chinese Tech as Starmer Leads Business Delegation to Beijing
Bottom Line Up Front (BLUF): Amid Prime Minister Keir Starmer’s high-profile trip to China, UK energy giant Octopus Energy is publicly advocating for the adoption of Chinese wind turbine technology, citing potential cost reductions of up to 30%. The company argues that integrating Chinese hardware—with UK-developed cybersecurity controls—can support national energy goals without compromising security. The move fuels a growing debate over Chinese involvement in critical infrastructure as Western allies raise alarms over Beijing’s cyber and geopolitical ambitions.
Analyst Comments: Octopus’s pitch may make economic sense in isolation, but it downplays the long-term strategic risk of embedding Chinese-manufactured systems deep into the UK’s energy infrastructure. The promise of layered software-based protections doesn't erase the risk of firmware-level compromise or opaque supply chains—lessons already learned from the Huawei 5G debacle. Starmer’s push for “pragmatic engagement” with China will face serious pushback from the U.S. and UK intelligence community, particularly if energy infrastructure becomes the next battleground for state-level influence.
READ THE STORY: FT // The Times
U.S. Officials Accuse Starmer of Going Soft on China Amid Cybersecurity Concerns
Bottom Line Up Front (BLUF): Senior U.S. officials have privately raised concerns that UK Labour leader Keir Starmer may adopt a softer stance on China if elected, warning that his approach could weaken joint efforts to counter Beijing-linked cyber espionage. As The Telegraph reports, the unease stems from Starmer’s recent signals favoring diplomatic re-engagement—even as Chinese APTs continue targeting UK infrastructure and political institutions.
Analyst Comments: From a U.S. perspective, the concern isn’t just optics—it’s shared threat intel drying up or policy drift weakening collective cyber posture. Starmer’s team insists they won’t compromise on national security, but messaging matters. China’s state-backed actors aren’t slowing down, and any perception of UK softness risks emboldening them. For defenders in the Five Eyes orbit, this is more than politics—it’s about whether a key partner stays aligned on cyber threat priorities.
READ THE STORY: The Telegraph
The Problem with U.S. Strategy for Defending Critical Infrastructure
Bottom Line Up Front (BLUF): Despite repeated warnings and escalating threats, the U.S. continues to rely on voluntary cybersecurity measures to protect critical infrastructure. A detailed analysis from Safehouse Briefing argues that this hands-off approach has failed to produce meaningful risk reduction, leaving sectors like energy, water, and healthcare dangerously exposed to both nation-state and criminal actors.
Analyst Comments: Voluntary frameworks like NIST and sector-specific guidance have been around for years, yet we’re still seeing the same systems compromised with basic TTPs. The public-private partnership model lacks teeth, and incentives for private operators to invest in serious security are weak unless they’ve already been breached. With groups like Volt Typhoon and Black Basta targeting critical sectors, it’s clear the current model isn’t working. Expect renewed calls for mandatory standards and regulatory authority with enforcement power.
READ THE STORY: The Safehouse Briefing
ShinyHunters Exploit SSO Weaknesses in Real-Time Vishing Attacks
Bottom Line Up Front (BLUF): The ShinyHunters threat group is actively exploiting weaknesses in Single Sign-On (SSO) flows to hijack corporate accounts through real-time vishing attacks. By posing as IT support and tricking users into sharing MFA codes, the attackers bypass login protections and gain immediate access to internal systems—often while the target is still on the phone.
Analyst Comments: ShinyHunters engages in real-time phishing by calling employees and directing them to fake login pages. As victims enter credentials and receive MFA prompts, the attackers simultaneously replay the info into legitimate portals. This approach exploits inherent delays and gaps in SSO/MFA integration. The group has targeted multiple Fortune 500 companies and is known for selling access on criminal forums shortly after compromise. Experts note that many organizations have yet to adapt to the rise in interactive phishing, despite years of warnings.
READ THE STORY: The National CIO Review
The OpenAI We Didn’t Expect: Chinese Disinformation Actors Are Already Using GPT Models
Bottom Line Up Front (BLUF): Megan Sukhareva’s Substack reveals that Chinese influence operations have begun leveraging GPT-style language models to scale disinformation campaigns. Using AI-generated content, actors linked to state-backed networks are flooding social media with plausible, emotionally resonant narratives—often tailored to specific regional audiences.
Analyst Comments: While most public focus has been on hallucinations and misuse in the West, this story shows that state-aligned ops are already quietly integrating LLMs into their influence toolkits. The quality of the output isn't always perfect, but the speed, volume, and localization are game changers. Think of it as low-cost information warfare at machine scale. Defenders need to stop viewing AI misuse as a future threat—it's already operational.
READ THE STORY: AI Realist
Chinese Mustang Panda Hackers Deploy Infostealers via 'CoolClient' Backdoor
Bottom Line Up Front (BLUF): Mustang Panda, a Chinese state-aligned APT, has been observed deploying infostealers through a customized backdoor known as CoolClient, according to a new report from Trend Micro covered by BleepingComputer. This toolchain enables credential harvesting, device fingerprinting, and targeted surveillance—primarily against entities in Southeast Asia, the EU, and Taiwan.
Analyst Comments: CoolClient is not off-the-shelf malware—it’s tailored, stealthy, and operationally mature. Its use shows a sustained focus on long-term access and intelligence collection. The targeting aligns with China's strategic interests: regional influence, tech transfer, and geopolitical leverage. The infostealer modules, once inside, do more than exfiltrate data—they set the stage for follow-on access and strategic compromise. Defenders should flag any outbound traffic to obscure or aging C2 infrastructure and prioritize behavioral detection over signature-based tools.
READ THE STORY: Bleeping Computer
WinRAR Flaw Actively Exploited in the Wild, Google Warns of Widespread Abuse
Bottom Line Up Front (BLUF): Google’s Threat Analysis Group (TAG) reports that a critical vulnerability in WinRAR (CVE-2023-38831) has been actively exploited in the wild since early 2023. Threat actors—including financially motivated cybercriminals and state-backed groups—are using the flaw to deliver malware via booby-trapped archive files, often in commodity phishing campaigns.
Analyst Comments: WinRAR, still widely used despite better alternatives, offers an attack surface most orgs aren’t monitoring. Threat actors know that. Google’s report shows both eCrime and APT actors exploiting the bug, blurring the line between low-skill phishing and high-impact breaches. If you're not scanning inbound archives or watching for unusual process spawning from WinRAR, you're flying blind.
READ THE STORY: CS
Top Third-Party Vulnerabilities Driving Supply Chain Risk, per Bitsight Analysis
Bottom Line Up Front (BLUF): Bitsight’s latest report identifies outdated software and misconfigurations as the most common third-party vulnerabilities exploited in supply chain attacks. Microsoft IIS 7.5, Exchange Server 2016, and unsupported Oracle WebLogic versions top the list, with over 75% of observed risk linked to just ten technologies. The data highlights how long-known weaknesses in partner environments remain a critical threat vector.
Analyst Comments: Attackers are skipping hardened front doors and walking in through neglected supply chain assets running decade-old tech. The presence of IIS 7.5 in 2026 speaks volumes. It’s not just about patching anymore—vendor due diligence, contractual security requirements, and continuous monitoring are essential. If your third-party risk management is just an Excel sheet and a trust fall, you’re already behind.
READ THE STORY: Bitsight
Items of interest
WhatsApp Rolls Out ‘High-Security Mode’ for Users Facing Advanced Threats
Bottom Line Up Front (BLUF): WhatsApp has launched a new High-Security Mode designed for users at risk of targeted cyberattacks—including journalists, dissidents, activists, and government personnel. As reported by gHacks, the feature hardens account access, enforces stricter authentication rules, and reduces exposure to device-based exploits, following years of spyware abuse by nation-state actors.
Analyst Comments: The platform has been repeatedly exploited by mercenary spyware like NSO Group’s Pegasus, and this new mode is a partial response. That said, it’s not clear how effective these mitigations will be against zero-click exploits or device-level compromise. If anything, this reinforces the need for high-risk users to move toward hardened platforms (e.g., Signal with safety number checks, or device-agnostic communication). Still, for those stuck in the Meta ecosystem, this is a welcome—if overdue—step.
READ THE STORY: Ghacks
Meta in Court: The Shocking Allegations Against WhatsApp’s Security (Video)
FROM THE MEDIA: According to the legal filing, whistleblowers allege that Meta employees can access any user's messages—including deleted ones—simply by sending an internal "task" request. This allows chats to appear in a real-time "widget" on an engineer's screen. Tech giants like Elon Musk and Telegram CEO Pavel Durov have already voiced their concerns, with Durov stating that believing WhatsApp is secure in 2026 is "nothing short of a delusion."
How to Secure WhatsApp: The Ultimate Privacy Guide for Beginners (Video)
FROM THE MEDIA: Stop hackers and prying eyes! Here is your step-by-step guide to locking down WhatsApp.
The selected stories cover a broad range of cyber threats and are intended to help readers frame key publicly discussed threats and improve overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, don't hesitate to get in touch with InfoDom Securities at dominanceinformation@gmail.com.