Saturday, Feb 01, 2025 // (IG): BB // GITHUB // SN R&D
Russian LNG Giant Novatek Lobbies EU Think Tanks Amid Sanctions Debate
Bottom Line Up Front (BLUF): Novatek, Russia’s largest liquefied natural gas (LNG) company, has approached EU think tanks in Brussels to lobby against tighter sanctions on Russian LNG imports. The company’s deputy chair, Denis Solovyov, requested meetings with three influential policy organizations, but all declined. This comes as EU governments debate banning Russian LNG, the last fossil fuel largely exempt from sanctions imposed after Russia’s invasion of Ukraine. Russian LNG imports hit record highs in 2024, with over 90% sourced from Novatek’s Yamal and Vysotsk LNG plants.
Analyst Comments: With U.S. sanctions already targeting Russian LNG projects, further EU actions could significantly disrupt Novatek’s European market and revenue streams. The refusal of think tanks to engage suggests European policymakers are unwilling to entertain Russian influence, especially as the war in Ukraine continues. If a complete LNG ban is imposed, Europe may seek alternative suppliers, potentially increasing energy prices and dependence on U.S. LNG. Meanwhile, although logistical and financial challenges remain, Russia may attempt to divert LNG exports to Asia.
FROM THE MEDIA: The lobbying effort coincides with intensified EU discussions over banning Russian LNG, which still flows into European ports not connected to the EU’s primary gas grid. The European Commission has proposed limited restrictions. However, a complete ban requires unanimous approval from all 27 member states—a politically divisive issue given that Russian LNG accounts for over 20% of the EU’s total LNG imports. Novatek’s Yamal and Vysotsk LNG plants supply over 90% of these shipments, making them a key target for potential sanctions. While neither Solovyov nor Novatek is currently under EU sanctions, the company’s Arctic LNG 2 project was recently sanctioned by the U.S. Meanwhile, President Donald Trump has signaled a willingness to expand economic restrictions on Russia if the war in Ukraine persists. The rejection of Novatek’s lobbying attempts highlights Europe’s reluctance to re-engage economically with Russia, as Fabian Zuleeg of the European Policy Centre noted, who warned that Moscow continues to “weaponize interdependence.” Simone Tagliapietra of Bruegel also cautioned that Europe remains vulnerable to a divide-and-rule strategy, as some countries might prioritize cheaper energy over political unity.
READ THE STORY: FT
Ukraine’s Military Intelligence Disrupts Gazprom’s Digital Services in Cyberattack
Bottom Line Up Front (BLUF): Ukraine’s Military Intelligence Agency (HUR) launched a cyberattack on Russian energy giant Gazprom and its subsidiary Gazpromneft. The attack, reportedly a Distributed Denial-of-Service (DDoS) operation, severely disrupted critical digital services, including customer accounts and fuel payment systems. Gazprom acknowledged the disruption but downplayed it as a "temporary technical glitch". The attack coincided with the anniversary of the Battle of Kruty, symbolizing Ukraine’s historical resistance against Russian forces.
Analyst Comments: Disrupting Gazprom, a key revenue source for Russia, signals Ukraine’s ability to target critical national assets beyond the battlefield. The symbolic timing of the attack suggests a psychological and political dimension, reinforcing historical narratives of Ukrainian resistance. Moving forward, Russia may retaliate with counter-cyberattacks or increased digital defenses, while Ukraine is likely to continue leveraging cyber operations to weaken Russian economic stability.
FROM THE MEDIA: According to Hromadske, citing unnamed sources within HUR, Ukraine’s cyber forces launched a DDoS attack on Gazprom and Gazpromneft on January 29, 2025. The attack disabled online services, preventing customers from accessing accounts, making fuel payments, and using other Gazprom digital services since January 28. The attack was symbolically carried out on the anniversary of the 1918 Battle of Kruty, where Ukrainian cadets and volunteers fought against advancing Bolshevik forces. Gazprom publicly acknowledged the issue, referring to it as a “temporary technical glitch” but did not disclose details or provide a resolution timeline. Cyberattacks have been a key component of the digital warfare between Ukraine and Russia since the start of the full-scale war in 2022, with both sides targeting government agencies, infrastructure, and private-sector organizations.
READ THE STORY: Kyiv Independent
Pentagon to Remove Major Media Outlets in Controversial Office Rotation Plan
Bottom Line Up Front (BLUF): The Trump administration’s Pentagon has announced a new media rotation policy that will remove four major news organizations—The New York Times, NPR, NBC News, and Politico—from their dedicated office spaces in the Pentagon by February 14, 2025. The administration claims this move aims to allow other outlets access. The vacated spaces will be given to the New York Post, One America News Network (OANN), Breitbart News Network, and HuffPost News.
Analyst Comments: This decision marks a significant shift in media access at the Pentagon and has sparked concerns over press freedom. While the administration argues the change promotes media diversity, critics view it as a move to sideline mainstream media organizations that have been critical of the Trump administration. The inclusion of conservative outlets such as OANN and Breitbart suggests a potential politicization of press access. The Pentagon Press Association has condemned the decision, calling it unprecedented. This policy could set a precedent for future administrations controlling media access to key government institutions.
FROM THE MEDIA: The New York Times, NPR, NBC News, and Politico have been ordered to vacate their Pentagon offices by February 14, making room for New York Post, One America News Network (OANN), Breitbart News, and HuffPost. NBC News responded, expressing disappointment and stating that the move creates significant obstacles for journalists covering national security issues. Other affected outlets, including the Times and NPR, did not immediately comment. The Pentagon Press Association, representing journalists covering the Defense Department, strongly criticized the move, calling it troubling and unprecedented. However, Pentagon spokesperson John Ullyot insisted that affected outlets will still be full members of the Pentagon Press Corps, with the only change being the loss of their dedicated workspaces. This decision is part of broader tensions between the Trump administration and the media, including past conflicts over press access and White House briefings.
READ THE STORY: Reuters
China Accuses US Hackers of Cyberattacks on DeepSeek
Bottom Line Up Front (BLUF): China has accused U.S.-based hackers of launching large-scale cyberattacks against AI startup DeepSeek. The attack, which included DDoS and brute-force techniques, coincided with the release of DeepSeek’s AI model, R1. Reports suggest that the attack originated from multiple countries, though Chinese authorities specifically blame the United States.
Analyst Comments: This cyberattack highlights the geopolitical competition in artificial intelligence, where cybersecurity is increasingly becoming a battleground. The timing—just days after the release of DeepSeek-R1—raises concerns about potential industrial espionage or cyber sabotage to disrupt China's AI progress. However, cyberattack attribution is complex, as attackers can use proxy servers or botnets from various locations. While China accuses the U.S., whether this was a state-sponsored operation or an independent hacking group remains unclear. If confirmed as a state-backed action, this could lead to further cyber retaliation, economic sanctions, or policy restrictions in AI research collaboration between the two nations. Given the broader context, including U.S. concerns over China’s use of Western AI models, such cyber incidents may further strain global AI supply chains and technological cooperation.
FROM THE MEDIA: Reports from XLab, a Chinese cybersecurity firm, indicate that a majority of the attack traffic came from IP addresses in the United States, with additional sources traced to Singapore, the Netherlands, Germany, and China itself. Wang Hui, a cybersecurity expert from QAX Technology Group, stated that "all the attack IPs were recorded, all are from the US.” However, independent verification of this claim is still pending. The cyberattack coincided with DeepSeek’s January 10 release of its DeepSeek-R1 AI model, an open-source AI assistant praised for its efficiency and cost-effectiveness compared to Western alternatives. The AI model’s success attracted global attention and reportedly raised concerns among U.S. policymakers. In response to the attacks, DeepSeek restricted new user registrations to mainland Chinese mobile numbers to prevent further breaches. Additionally, Chinese state media suggested that the attacks may be linked to U.S. concerns over AI competition. Howard Lutnick, the U.S. Secretary of Commerce nominee under President Donald Trump, expressed doubts about the legitimacy of DeepSeek’s AI advancements, stating, “I do not believe that DeepSeek was done all above board. That’s nonsense. I will be rigorous in enforcing restrictions to keep us in the lead.”
READ THE STORY: IE // SCMP(CN)
Arab States Reject Trump’s Plan to Relocate Palestinians
Bottom Line Up Front (BLUF): U.S. President Donald Trump has proposed relocating Palestinians from Gaza to neighboring Egypt and Jordan, but Arab governments strongly oppose the plan. Their resistance stems from both historical conflicts involving Palestinian refugees and concerns that such a move would undermine the two-state solution. Past experiences in Jordan, Lebanon, and Egypt highlight the security and political challenges of absorbing large Palestinian populations.
Analyst Comments: The Arab world's rejection of Trump’s proposal underscores the long-standing geopolitical tensions surrounding Palestinian displacement. While humanitarian concerns are cited, Arab leaders also fear domestic instability and the potential for renewed conflicts—similar to past Palestinian uprisings in Jordan and Lebanon. Moreover, Egypt and Jordan’s peace agreements with Israel could be threatened if they are forced to absorb large numbers of Palestinians. The U.S. plan may also strain relations between Washington and key Middle Eastern allies. If enforced, this policy could destabilize the region, potentially sparking new waves of violence and resistance from both Palestinians and host countries.
FROM THE MEDIA: Historically, Palestinian refugees have caused internal conflicts in Arab nations. In the 1970s, Jordan expelled the PLO after Palestinian militants attempted to overthrow the monarchy, leading to thousands of deaths. Lebanon also faced violent clashes, culminating in the 1982 Israeli invasion to expel Palestinian fighters. Today, Lebanon still restricts Palestinian rights to avoid upsetting its sectarian balance. Egypt, which governed Gaza before Israel’s occupation in 1967, has firmly rejected Trump’s plan. Egyptian President Abdel Fattah Al-Sisi called the forced displacement of Palestinians an “injustice”, while also warning that resettling them in the Sinai Peninsula could create a base for future attacks on Israel, threatening Egypt’s peace treaty with Israel. Jordan, home to the largest Palestinian refugee population (2.4 million people), has also rejected mass relocation. King Abdullah II emphasized that Palestinians should remain on their land and that their “legitimate rights” must be upheld.
READ THE STORY: WSJ
FDA, CISA Warn of Backdoor in Chinese Patient Monitors Used in US Hospitals
Bottom Line Up Front (BLUF): The Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued an urgent warning about a backdoor found in the firmware of Contec CMS8000 patient monitors, widely used in US and European hospitals. The vulnerabilities, tracked as CVE-2024-12248, CVE-2025-0626, and CVE-2025-0683, could allow remote code execution, device modification, and data exfiltration, posing serious risks to patient safety and privacy. There is currently no software patch to mitigate the vulnerabilities.
Analyst Comments: The discovery of a backdoor in critical medical devices raises serious concerns about cybersecurity risks in the healthcare sector. Given that China-based Contec Medical produced the affected monitors, this incident may fuel geopolitical tensions and further scrutiny of Chinese-manufactured medical and IoT devices in Western countries. The ability to remotely control or disable life-supporting devices presents a direct threat to patient safety, and state-sponsored cyber espionage cannot be ruled out. Without a fix, hospitals may need to immediately disconnect vulnerable devices from networks, increasing operational challenges for healthcare providers.
FROM THE MEDIA: The backdoor function embedded in the firmware could allow hackers to execute code remotely, manipulate device settings, and extract sensitive patient data, including personally identifiable information (PII) and protected health information (PHI). Security researchers discovered that once the CMS8000 is connected to the internet, it transmits patient data to an unknown third-party IP address. CISA noted that the IP address is linked to a university, but the agency has not disclosed its location. The FDA has advised disconnecting affected devices from hospital networks, using only wired (ethernet) connections, and avoiding devices with unauthorized wireless capabilities. An independent cybersecurity researcher disclosed the vulnerabilities through CISA’s Coordinated Vulnerability Disclosure Process, and subsequent testing confirmed the existence of a reverse backdoor across multiple firmware versions. Unlike typical update mechanisms, this backdoor forcibly overwrites system files and prevents hospitals from tracking software changes—an alarming violation of medical device security standards.
READ THE STORY: The Record
Google Identifies 57 Nation-State Threat Groups Using AI for Cyber Operations
Bottom Line Up Front (BLUF): A new Google Threat Intelligence Group (GTIG) report reveals that 57 state-sponsored hacking groups linked to China, Iran, North Korea, and Russia are leveraging Google’s AI models, including Gemini, to enhance cyber operations. These Advanced Persistent Threat (APT) groups use AI for research, phishing, malware development, and reconnaissance, though they have yet to create novel cyberattack techniques. Iranian hackers were the most active, using AI for phishing campaigns and espionage, while North Korean groups exploited AI to draft fake job applications for infiltrating Western companies.
Analyst Comments: While GTIG found that AI has not yet enabled entirely new attack techniques, its use for automation, scripting, and reconnaissance poses a serious threat. The misuse of AI by APTs raises concerns about the need for stronger access controls and ethical safeguards in AI platforms. Additionally, the emergence of underground AI models like WormGPT and FraudGPT, which remove safety restrictions, suggests a looming wave of AI-driven cybercrime. Governments and AI providers must strengthen security measures to prevent AI from becoming a force multiplier for cyber threats.
FROM THE MEDIA: Iranian hackers accounted for 30% of all AI usage by threat actors, with APT42 using Gemini to draft cybersecurity-themed phishing lures and spy on defense experts. Meanwhile, North Korean actors exploited AI to research Western job markets and draft fake LinkedIn applications, supporting their broader strategy of placing IT workers in foreign companies for espionage and financial gain. GTIG also noted an increased presence of black-market AI models, including WormGPT, WolfGPT, and FraudGPT, designed to bypass security restrictions and assist in BEC attacks, phishing, and fraud. In response, Google emphasized the need for public-private partnerships to counteract the weaponization of AI in cybercrime and state-sponsored operations.
READ THE STORY: THN
DeepSeek Accused of Distilling American AI Models
Bottom Line Up Front (BLUF): U.S. officials and AI industry leaders suspect that Chinese AI startup DeepSeek may have used distillation techniques to train its new AI model, DeepSeek-R1, by leveraging knowledge from American AI models like OpenAI’s. Distillation, a method where a smaller model learns from a more advanced one, violates U.S. tech firms’ terms of service. U.S. lawmakers are considering export restrictions on AI technology to prevent China from gaining a competitive edge. However, AI experts argue that blocking distillation is nearly impossible due to open-source models and decentralized AI research.
Analyst Comments: The U.S. is intensifying its efforts to restrict China’s access to advanced AI, similar to its approach to semiconductor technology. If proven, DeepSeek’s distillation of American AI models could lead to tighter regulations on AI exports and open-source technologies, making collaboration between Western and Chinese AI firms even more difficult. However, AI distillation is a standard industry practice—even among U.S. companies—raising ethical and legal challenges in enforcement. The broader concern is that if China can train competitive AI models at a fraction of the cost, U.S. tech dominance in AI could be at risk. Given the geopolitical stakes, AI technology may soon be treated as a national security asset, subject to the same controls as high-end semiconductors.
FROM THE MEDIA: Distillation allows a smaller AI model to learn from a larger, more powerful one, reducing computational costs while preserving model efficiency. While common in AI development, this technique violates the terms of service of OpenAI, Meta, and other U.S. AI firms if misused. OpenAI confirmed that it is investigating DeepSeek, suspecting the company of replicating American AI models violating these rules. U.S. Commerce Secretary nominee Howard Lutnick stated in a Senate hearing that he would push for stricter restrictions on AI exports to China, calling DeepSeek’s actions "not above board." AI and cryptocurrency policy advisor David Sacks echoed similar concerns in a Fox News interview, warning of China’s ability to rapidly iterate on American AI breakthroughs. AI experts note that blocking distillation is extremely difficult. Some, like Umesh Padval of Thomvest Ventures, argue that open-source AI models such as Meta’s Llama or Mistral’s AI are freely available, making enforcement impractical. Others, like Jonathan Ross, CEO of Groq, have begun blocking all Chinese IP addresses to prevent AI model misuse, though he admits this is not a foolproof solution.
READ THE STORY: Reuters
U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
Bottom Line Up Front (BLUF): Law enforcement agencies in the United States and the Netherlands have shut down 39 domains linked to a business email compromise (BEC) fraud network operated by a Pakistan-based cybercrime group known as Saim Raza (HeartSender). The takedown, codenamed Operation Heart Blocker, targeted online marketplaces selling phishing kits, scam pages, and fraud-enabling tools used by criminals to conduct large-scale email-based financial fraud, resulting in over $3 million in losses.
Analyst Comments: While Saim Raza’s network was not technically sophisticated, it was critical in enabling cybercriminals with low technical skills to carry out large-scale BEC fraud. Using educational YouTube videos to train criminals suggests that these platforms must enhance efforts to detect and remove malicious content. Additionally, with previous law enforcement actions shutting down platforms like Cracked, Nulled, Sellix, and StarkRDP, authorities are increasingly prioritizing cybercrime-as-a-service (CaaS) models. However, cybercriminals quickly adapt, meaning new fraudulent marketplaces will likely emerge.
FROM THE MEDIA: The U.S. Department of Justice (DoJ) reported that the group sold fraud-enabling tools and trained criminals via YouTube tutorials on how to execute cyber fraud schemes. Dutch authorities estimate the marketplace had thousands of customers before being taken offline. Saim Raza, also known as The Manipulaters, has been active since at least 2015, with a presence in Lahore, Fatehpur, Karachi, and Faisalabad. DomainTools investigations previously uncovered operational security lapses in the group’s infrastructure. Victims concerned about potential credential theft can check if they were impacted by visiting the Dutch police website: www.politie[.]nl/checkjehack. This takedown follows a broader crackdown on cybercrime marketplaces, including the recent law enforcement operation codenamed Talent, which targeted significant platforms facilitating stolen data and hacking tools.
READ THE STORY: THN
Former Polish Justice Minister Arrested in Pegasus Spyware Investigation
Bottom Line Up Front (BLUF): Poland’s former Justice Minister Zbigniew Ziobro was arrested on January 31, 2025, as part of an ongoing investigation into the illegal use of Pegasus spyware against opposition leaders. Authorities allege that government funds were used to finance unauthorized surveillance from 2017 to 2022, impacting nearly 600 victims. This follows the arrest of Poland’s former Internal Security Agency chief, Piotr Pogonowski, earlier in the week. The case has sparked international scrutiny, as other European countries have faced similar spyware scandals.
Analyst Comments: The deployment of Pegasus, a powerful zero-click spyware, has been controversial worldwide, but Poland’s case stands out because it was allegedly used for political purposes rather than national security. The arrest of high-ranking officials signals a shift towards greater transparency in Poland's cybersecurity governance. However, it raises broader concerns about how governments procure and deploy surveillance tools without proper oversight. With other European nations—such as Greece, Spain, and Hungary—facing similar allegations, this case could pressure governments to reform spyware regulations and increase legal scrutiny on vendors like Israel’s NSO Group.
FROM THE MEDIA: The current Polish Prime Minister Donald Tusk has been leading the investigation, stating in February 2025 that documents prove the previous administration engaged in politically motivated surveillance. A Polish Senate commission in 2023 found “gross violations of constitutional standards” linked to the use of Pegasus in the 2019 elections, recommending criminal charges. Ziobro had refused to testify before the committee, arguing that doing so would be “engaging in illegal activities.” Human rights groups have praised the government’s efforts to hold officials accountable, with Access Now’s Natalia Krapiva highlighting the misuse of crime victims’ funds to finance surveillance operations. Poland’s case adds to a growing list of European spyware scandals, with Greece, Spain, and Hungary also facing investigations into Pegasus deployments.
READ THE STORY: The Record
BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key
Bottom Line Up Front (BLUF): BeyondTrust has confirmed that a zero-day vulnerability in a third-party application led to a security breach affecting 17 Remote Support SaaS customers, including the U.S. Treasury Department. The attackers exploited a compromised API key to reset local application passwords, allowing unauthorized access. The breach, detected on December 5, 2024, has been linked to China-backed hacking group Silk Typhoon (formerly Hafnium). The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two BeyondTrust vulnerabilities (CVE-2024-12356 and CVE-2024-12686) to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild.
Analyst Comments: Silk Typhoon’s involvement, a China-linked APT group, indicates a well-coordinated cyber-espionage campaign targeting high-value U.S. entities. The Treasury Department’s exposure raises concerns about the security of federal IT infrastructure, emphasizing the need for stronger API security measures and real-time monitoring. BeyondTrust’s swift action to revoke compromised credentials and suspend affected instances is critical in mitigating the damage, but customers should immediately update security configurations to prevent further exploitation.
FROM THE MEDIA: BeyondTrust disclosed that a compromised API key was used to target its Remote Support SaaS customers by resetting local application passwords. The breach was first detected on December 5, 2024, and has since been linked to Silk Typhoon (formerly Hafnium), a China-backed hacking group. The attackers exploited a zero-day vulnerability in an unnamed third-party application to gain access to a BeyondTrust AWS asset containing an infrastructure API key. The key was then used to access a separate AWS account operating the company’s Remote Support infrastructure. The U.S. Treasury Department confirmed it was among the impacted entities, but no other federal agencies are believed to be affected. In response, the U.S. government has sanctioned Shanghai-based cyber actor Yin Kecheng, citing his alleged involvement in the breach.
READ THE STORY: THN
Italy Bans Chinese AI Tool DeepSeek Over Privacy Violations
Bottom Line Up Front (BLUF): Italy’s data protection authority (Garante) has banned DeepSeek from operating in the country after the Chinese AI company refused to acknowledge compliance with European data privacy laws (GDPR). Regulators investigated DeepSeek’s data collection practices, citing concerns over user data storage in China and the potential for unauthorized web scraping. Similar investigations are now expanding across Ireland and Belgium.
Analyst Comments: DeepSeek’s ban in Italy highlights growing European scrutiny of Chinese AI companies, particularly regarding data sovereignty and user privacy. The fact that DeepSeek stores user data on Chinese servers raises concerns about state access to sensitive European information, a recurring issue in China-West technology disputes. This development echoes past actions, such as Italy’s temporary ban on ChatGPT in 2023, suggesting that AI companies must prove compliance with GDPR or risk being blocked. If investigations confirm illegal data transfers, more EU nations may follow suit, potentially restricting DeepSeek across the region and escalating tensions between China and Europe over AI governance.
FROM THE MEDIA: Italy’s move has sparked wider scrutiny across Europe. Ireland’s Data Protection Commission has requested details from DeepSeek regarding its handling of Irish citizens’ data. Meanwhile, in Belgium, the consumer rights group Testachats filed a complaint, leading the country’s data protection regulator to open an investigation into potential illegal data transfers. Italy previously banned ChatGPT in 2023 over similar privacy concerns before lifting restrictions after OpenAI updated its data handling policies. However, DeepSeek’s lack of transparency could result in wider EU restrictions on the Chinese AI firm.
READ THE STORY: The Record
Former Federal Reserve Official Accused of Passing Economic Secrets to China
Bottom Line Up Front (BLUF): U.S. authorities have arrested John Harold Rogers, a former senior adviser at the Federal Reserve, for allegedly sharing sensitive economic data with Chinese intelligence operatives. Prosecutors claim Rogers accessed confidential Federal Reserve and Federal Open Market Committee (FOMC) information, including tariff policies, monetary policy briefings, and economic forecasts, and passed them to Chinese contacts posing as graduate students. He allegedly received $450,000 as a part-time professor at a Chinese university in exchange for the information.
Analyst Comments: If proven, the leak could have enabled China to anticipate and react to U.S. economic policy changes, giving it a strategic advantage in global markets. The incident will likely lead to tighter security protocols at the Federal Reserve. It could fuel further U.S.-China tensions, potentially resulting in sanctions or additional restrictions on economic engagement between the two nations. Moreover, it may prompt Congress to revisit legislation on foreign academic collaborations to prevent similar breaches in the future.
FROM THE MEDIA: Rogers allegedly transferred classified Federal Reserve data to his email, later printing it out and passing it to Chinese intelligence operatives posing as students. The Department of Justice (DOJ) stated that Rogers met with his handlers in Chinese hotel rooms, where he provided information in exchange for substantial financial compensation. The DOJ alleges that from at least 2018, Rogers leaked details on U.S. interest rate decisions, trade tariffs targeting China, and Federal Reserve policy deliberations. This information could have given China a competitive edge in financial markets, particularly as it remains the second-largest foreign holder of U.S. Treasury securities (valued at $768.6 billion as of November 2024).
READ THE STORY: FT
Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists and Activists
Bottom Line Up Front (BLUF): Meta has confirmed that 90 journalists and civil society members were targeted in a zero-click spyware campaign on WhatsApp, using surveillance software developed by Israeli firm Paragon Solutions. The attack, which required no user interaction, is suspected to have involved a malicious PDF file. Meta has notified affected users and issued a cease-and-desist letter to Paragon. The culprit behind the attack remains unknown, but this marks the first known misuse of Paragon’s spyware technology.
Analyst Comments: Paragon Solutions, like NSO Group (maker of Pegasus), develops state-sponsored surveillance tools, which are marketed for law enforcement but often misused for espionage and political suppression. The timing of the attack—shortly after Paragon’s $500 million acquisition by U.S.-based AE Industrial Partners—raises concerns about accountability in the spyware industry. If these tools continue to be weaponized against journalists and activists, we may see more decisive government legal and regulatory actions, similar to Meta’s successful lawsuit against NSO Group.
FROM THE MEDIA: The attackers exploited a zero-click vulnerability, likely involving a malicious PDF file sent via WhatsApp group chats. Once executed, the spyware allowed remote access to the victim’s device, compromising sensitive data and communications. Paragon’s spyware, Graphite, is marketed as a tool for tracking criminals and countering digital threats, but this incident marks the first confirmed misuse of its technology. Paragon has previously provided services to the U.S. Drug Enforcement Administration (DEA) and received scrutiny for a $2 million contract with the Department of Homeland Security (DHS). This disclosure comes weeks after a California judge ruled in favor of WhatsApp in its lawsuit against NSO Group, which used WhatsApp infrastructure to deploy Pegasus spyware in 2019. Additionally, former Polish Justice Minister Zbigniew Ziobro was recently arrested for allegedly using Pegasus to spy on opposition leaders.
READ THE STORY: THN
Items of interest
SoftBank in Talks to Invest Up to $25 Billion in OpenAI
Bottom Line Up Front (BLUF): SoftBank is negotiating a potential investment of $15–25 billion in OpenAI, making it the AI company's largest financial backer. This investment is in addition to SoftBank’s commitment of over $15 billion to Stargate, a massive AI infrastructure project. SoftBank’s total commitment to OpenAI and related ventures could exceed $40 billion if finalized.
Analyst Comments: OpenAI's search for diversified funding sources reflects its ambition to scale AI capabilities independently. While Microsoft remains a key backer, the company's pursuit of additional investors suggests a strategic pivot to avoid over-reliance on a single partner. The Stargate project highlights the massive financial requirements for AI infrastructure, raising questions about long-term sustainability and return on investment. If successful, these efforts could position OpenAI as a leader in AI-driven infrastructure, but the scale of investment required introduces significant financial risk.
FROM THE MEDIA: Stargate’s total projected cost is $100 billion, possibly expanding to $500 billion by 2029. The investment discussions come as OpenAI continues to diversify its financial and technological partnerships, moving beyond Microsoft’s exclusive cloud infrastructure. In 2024, OpenAI was valued at $157 billion after raising $20 billion from investors, including Microsoft. As part of the Stargate deal, Microsoft has agreed to relinquish its exclusivity as OpenAI’s cloud provider, signaling a shift in the AI infrastructure landscape.
READ THE STORY: FT
The Biggest AI Project Ever "STARGATE" by OpenAI, SoftBank & Trump SHOCKED AMERICA! (Video)
FROM THE MEDIA: Stargate is a $500 billion AI infrastructure project launched by Donald Trump, OpenAI, SoftBank, and Oracle to build the largest AI data centers and supercomputers in the world. Designed to strengthen America's leadership in artificial intelligence, it aims to outpace China and revolutionize industries like healthcare, finance, and robotics. This ambitious initiative promises massive job creation, advanced AI technology, and a transformative impact on the global tech landscape.
US Probes If DeepSeek Got Nvidia Chips via Singapore (Video)
FROM THE MEDIA: “Bloomberg: The China Show” is your definitive source for news and analysis on the world's second-biggest economy. From politics and policy to tech and trends, David Ingles and Rebecca Choong Wilkins give global investors unique insight, delivering in-depth discussions with the newsmakers who matter.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.