Monday, Feb 17, 2025 // (IG): BB // GITHUB // SN R&D
DOGE Seeks Access to IRS Taxpayer Data, Raising Privacy Concerns
Bottom Line Up Front (BLUF): Elon Musk’s Department of Government Efficiency (DOGE) has requested access to the IRS’s Integrated Data Retrieval System (IDRS), which contains sensitive financial data for millions of American taxpayers. The request, aimed at supporting IT modernization efforts, has sparked concerns within the IRS over privacy and political misuse of taxpayer information.
Analyst Comments: DOGE’s attempt to access IDRS highlights significant tensions between government modernization initiatives and data privacy safeguards. While DOGE claims the access is necessary to combat waste and fraud, the unprecedented nature of political appointees accessing IRS records raises serious concerns about potential misuse, especially given historical fears of political retribution via tax audits. The IRS’s internal hesitation reflects the system’s strict controls, which typically exclude even high-ranking officials from direct access.
FROM THE MEDIA: The request, detailed in a draft memorandum of understanding, would allow DOGE software engineer Gavin Kliger to work at the IRS for 120 days, with the option to extend. His role is described as providing IT modernization consulting, but the request for IDRS access has triggered internal concerns due to its highly restricted nature. IRS officials, including acting Commissioner Doug O’Donnell, have not finalized the agreement, and Kliger has not yet received access. The move follows former IRS Commissioner Danny Werfel’s resignation and comes amid preparations for Trump-ordered layoffs at the IRS. The White House defended DOGE’s mission as a legal effort to reduce waste and fraud, but critics warn that granting political appointees such access undermines taxpayer privacy protections.
READ THE STORY: The Washington Post
Pro-Russian Hackers Launch Cyberattacks on Italian Institutions Following President’s Remarks
Bottom Line Up Front (BLUF): Pro-Russian hacker groups launched retaliatory cyberattacks against Italian institutions following President Sergio Mattarella’s speech condemning Russia’s aggression in Ukraine. The attacks, primarily Distributed Denial of Service (DDoS), targeted airports, public transport, and banking services but caused only temporary disruptions due to swift intervention by Italy’s National Cybersecurity Agency (NCA).
Analyst Comments: The attacks on Italy represent a clear example of politically motivated cyber retaliation, a growing trend in global cyber warfare. Pro-Russian groups have increasingly used DDoS attacks as a low-cost, high-impact tool to disrupt operations and signal displeasure over political statements or actions. Italy’s relatively quick mitigation of the attacks highlights an improvement in its cyber resilience, but the event underscores the persistent threat from Russian-aligned cyber actors. As Italy continues its support for Ukraine under Prime Minister Giorgia Meloni, further cyber aggression from Russian groups is likely.
FROM THE MEDIA: The cyberattacks occurred shortly after President Sergio Mattarella’s speech in Marseille, where he compared Russia’s aggression in Ukraine to the territorial ambitions of the Third Reich. In response, Russian Foreign Ministry spokeswoman Maria Zakharova condemned the remarks, which was followed by a series of DDoS attacks on key Italian institutions. Targets included major transportation hubs and Intesa San Paolo, one of Italy’s largest banks, which confirmed minor disruptions but maintained operational status. Italy’s National Cybersecurity Agency (NCA) responded swiftly, issuing alerts and deploying countermeasures that prevented significant damage. The attacks, attributed to pro-Russian hacktivist groups, were framed as retaliation for Italy’s military aid and political support for Ukraine under the leadership of Prime Minister Giorgia Meloni.
READ THE STORY: Fudzilla
TechUK Calls for Accelerated Action on UK Semiconductor Strategy
Bottom Line Up Front (BLUF): TechUK has urged the British government to expedite its National Semiconductor Strategy, emphasizing the need for bold actions such as designating semiconductor fabrication plants (fabs) as critical national infrastructure (CNI) and establishing new national bodies to support the industry. The trade association argues that progress since the strategy’s launch in 2023 has been slow and that immediate action is needed to secure the UK’s position in the global semiconductor market.
Analyst Comments: The call to designate fabs as critical infrastructure aligns with trends seen in other sectors, such as data centers, to enhance security and streamline planning processes. Additionally, establishing a National Semiconductor Center and regional R&D hubs could help bridge the talent and funding gaps that hinder growth. However, the limited £1 billion investment over a decade remains a significant concern compared to the multi-billion-dollar initiatives in the U.S. and EU. Without additional funding or incentives, the UK may struggle to compete globally and secure its supply chain for critical technologies such as AI accelerators and compound semiconductors.
FROM THE MEDIA: TechUK proposed a six-point delivery plan focusing on three key missions: expanding leadership in chip design, R&D, and compound semiconductors; improving access to public and private capital; and building strategic global partnerships. Among its recommendations are the creation of a National Semiconductor Center and a Design Competence Center to address skills shortages and IP protection challenges. The report also calls for reforms to the UK’s R&D tax credit scheme to make it more competitive with U.S. and EU incentives. Additionally, TechUK advocates for designating semiconductor fabs as critical national infrastructure (CNI) to bolster security and streamline planning processes. The group emphasized the need for stronger international engagement, proposing that the National Semiconductor Center act as a central voice for UK industry, supporting efforts to build partnerships with global players such as TSMC.
READ THE STORY: The Register
South Korea Suspends DeepSeek AI Downloads Over Privacy Violations
Bottom Line Up Front (BLUF): South Korea has suspended new downloads of the Chinese AI chatbot DeepSeek due to violations of local data protection laws. The Personal Information Protection Commission (PIPC) paused downloads on February 15, 2025, citing issues with personal data handling and security weaknesses. Existing users can still access the web version but are advised to avoid entering personal information until further notice.
Analyst Comments: This action highlights South Korea's firm stance on digital privacy and data protection, especially concerning foreign tech services. It follows increasing scrutiny over how AI models collect and use personal data for training. DeepSeek’s failure to align with domestic laws before launch signals a regulatory gap that may lead to broader compliance crackdowns on foreign digital services. Additionally, the recent security concerns—such as unencrypted data transmissions—underscore the importance of thorough security reviews for AI tools. Other countries may follow suit, making it critical for tech companies to prioritize local regulatory compliance from the outset.
FROM THE MEDIA: South Korea's Personal Information Protection Commission (PIPC) suspended new downloads of DeepSeek's mobile apps on February 15, 2025, following concerns over personal data processing practices and security vulnerabilities. The web version remains active, but users are advised to avoid entering personal data. The PIPC's investigation, launched after DeepSeek's release, found the chatbot violated South Korea’s Personal Information Protection Act, with weaknesses such as sending unencrypted user data to servers. Additionally, the National Intelligence Service (NIS) previously criticized DeepSeek for excessively collecting personal data for AI training. In response, DeepSeek appointed a local representative and pledged to revise its policies to meet local privacy standards.
READ THE STORY: THN
U.S. and European Energy Groups Face Risk from Uranium Supply Crunch
Bottom Line Up Front (BLUF): U.S. and European energy companies face increasing risks from a global uranium supply crunch, driven by rising demand for nuclear power and shifting market dynamics. Kazakhstan, which supplies 40% of the world’s uranium, has reduced shipments to the West while increasing sales to Russia and China. Additionally, geopolitical instability in Niger, a key uranium supplier to the EU, has further strained supply chains. Industry experts warn that a growing supply gap could severely impact nuclear energy expansion efforts.
Analyst Comments: The growing imbalance in uranium supply highlights a strategic vulnerability for U.S. and European energy sectors, which are increasingly reliant on nuclear power to meet clean energy goals. Kazakhstan’s pivot toward China and Russia reflects intensifying resource competition, while Niger’s political turmoil underscores the risks of supply chain disruptions. Western utilities face mounting pressure to secure long-term uranium contracts or risk exposure to price shocks. The situation also raises national security concerns, as Russia’s and China’s dominance in uranium sourcing could limit the West’s ability to expand nuclear capacity and power critical infrastructure, such as AI data centers. Immediate steps to diversify supply chains and increase domestic production are crucial to mitigating these risks.
FROM THE MEDIA: In 2023, Kazakhstan’s state-owned Kazatomprom sold two-thirds of its uranium to Russia, China, and domestic buyers, compared to one-third in 2021. Meanwhile, shipments to the U.S., Canada, France, and the U.K. dropped to 28%, down from 60% in 2021. In addition, Niger, which supplied 5% of global uranium and 16% of French company Orano’s resources, halted exports to Europe in 2024 following a military coup. Industry analysts from Berenberg warn that U.S. utilities urgently need to secure medium-term contracts to avoid a supply shock. The U.S. Center for Strategic and International Studies (CSIS) also highlighted a gap between Western governments' uranium security strategies and their nuclear expansion goals. As global uranium demand is projected to double by 2040, driven by pledges to triple nuclear capacity from countries like the U.S., U.K., and South Korea, competition for resources is intensifying.
READ THE STORY: FT
Zelensky Calls for ‘Army of Europe’ to Counter Future Russian Threats
Bottom Line Up Front (BLUF): Ukrainian President Volodymyr Zelensky urged European leaders to build a united European military force to address potential Russian threats and reduce dependence on U.S. support. Speaking at the Munich Security Conference, Zelensky emphasized Europe’s capacity to produce its own defense systems and stressed the importance of European self-reliance amid shifting U.S. foreign policy priorities under President Donald Trump’s administration.
Analyst Comments: Zelensky’s call for a European military force underscores growing concerns about transatlantic security cooperation, particularly as the U.S. signals a more isolationist stance. Vice President JD Vance’s critical remarks about Europe’s internal challenges further highlight tensions between Washington and Brussels. With the EU contributing $145 billion in aid to Ukraine since 2022 and signing 27 bilateral security agreements, there is clear momentum for deeper defense integration. However, building a pan-European force will require overcoming political divisions and aligning military procurement strategies. If successful, such an initiative could reduce Europe’s vulnerability to shifts in U.S. policy and bolster collective deterrence against Russian aggression.
FROM THE MEDIA: Zelensky highlighted that three years of full-scale war in Ukraine had demonstrated Europe’s capability to produce artillery, air defense systems, and other military technologies needed for modern warfare. His remarks followed U.S. Vice President JD Vance’s speech, which criticized European leadership for failing to address internal issues such as illegal migration and democratic backsliding. Vance also questioned whether the U.S. should align with Europe on issues it does not perceive as direct threats. Zelensky warned that the U.S. might withdraw support from EU-led security initiatives, reinforcing the need for Europe to independently safeguard its future. He also noted concerns that the U.S. could exclude Europe from negotiations with Russia, citing a recent phone call between Presidents Trump and Putin regarding a potential peace plan for Ukraine. Despite his push for European self-reliance, Zelensky emphasized the importance of continued security guarantees from both the U.S. and the EU. Since the start of the invasion, the EU has provided $145 billion in aid to Ukraine and signed 27 bilateral security agreements with member states.
READ THE STORY: The Record
New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations
Bottom Line Up Front (BLUF): A newly discovered Golang-based backdoor uses Telegram as a command-and-control (C2) channel, allowing attackers to execute commands and maintain persistence on compromised systems. Disclosed by Netskope Threat Labs, the malware, believed to have Russian origins, leverages the Telegram Bot API for covert communication.
Analyst Comments: The Golang implementation makes the malware cross-platform and harder to detect due to its unique binary signatures. The presence of Russian-language prompts in the malware’s code further suggests a threat actor from the region. Organizations should monitor outbound traffic to cloud services and implement endpoint detection and response (EDR) tools to detect such threats early.
FROM THE MEDIA: According to Netskope Threat Labs, the Golang-based backdoor uses an open-source library for the Telegram Bot API to receive commands from a Telegram chat controlled by the attacker. It can execute PowerShell commands, establish persistence under "C:\Windows\Temp\svchost.exe," and self-delete when instructed. The malware sends command results back to the attacker’s Telegram channel. Notably, a "/screenshot" command exists but is not fully implemented, suggesting the malware is under active development. The Russian origin is indicated by a command prompt message in Russian. Netskope warns that attackers increasingly exploit cloud-based apps for their ease of deployment and evasion capabilities.
READ THE STORY: THN
China’s APT40 Targets Pacific Nations, Raising Cybersecurity Alarms
Bottom Line Up Front (BLUF): Samoa’s Computer Emergency Response Team (SamCERT) has issued a warning about targeted cyber campaigns by China-linked APT40 against Pacific Island nations. The attacks utilize modified commodity malware to maintain network persistence and steal sensitive data. Despite cybersecurity assistance from the U.S., Japan, and Australia, these attacks underscore vulnerabilities in regional critical infrastructure.
Analyst Comments: APT40’s operations align with China’s broader geopolitical strategy to expand influence in the Pacific. The group’s tactics, including persistent malware and data exfiltration techniques, indicate a focus on espionage and strategic disruption. The region’s relatively weaker cyber defenses make it a prime target, highlighting the urgent need for increased regional cooperation and enhanced cybersecurity capabilities. Furthermore, these attacks could coincide with China’s broader efforts to gain leverage through telecommunications and infrastructure projects in the Pacific.
FROM THE MEDIA: The malware used allows APT40 to maintain long-term access to compromised networks and exfiltrate sensitive information without detection. The U.S., Japan, and Australia have been supporting Pacific nations with cybersecurity improvements, but SamCERT's report warns that vulnerabilities persist. The report follows a recent advisory from Papua New Guinea’s Internal Revenue Commission, which recovered from a ransomware attack, demonstrating ongoing cyber threats across the region.
READ THE STORY: The Register
Items of interest
Sweden’s Prime Minister Raises Concerns Over Suspected Baltic Sea Cable Sabotage
Bottom Line Up Front (BLUF): Sweden’s Prime Minister Ulf Kristersson expressed skepticism over recent submarine cable cuts in the Baltic Sea, suggesting they may be part of a broader pattern of hybrid threats rather than coincidences. Speaking at the Munich Security Conference, Kristersson acknowledged findings from Swedish investigators that one incident was caused by poor seamanship but emphasized that the frequency of such disruptions is suspicious. Meanwhile, Finland continues to investigate another cable break, which it suspects was intentional. NATO has responded with heightened military activity in the region.
Analyst Comments: The repeated cable disruptions in the Baltic Sea highlight vulnerabilities in undersea infrastructure that could be targeted in hybrid warfare operations. Kristersson’s comments suggest that while attribution remains uncertain, Sweden and its allies are preparing for the possibility of state-sponsored sabotage, particularly from Russia. The presence of Russia’s “shadow fleet” in the Baltic Sea, which facilitates oil exports and sanctions evasion, adds another layer of geopolitical tension. NATO’s new Baltic Sentry initiative indicates that regional security concerns are driving a shift from reactive responses to active deterrence.
FROM THE MEDIA: Sweden had seized a cargo ship following a cable break on January 26 but concluded that the incident was due to weather conditions and poor seamanship, not sabotage. However, Finland continues to hold another vessel, the Eagle S, which it suspects caused a Christmas Day cable break intentionally. Finnish authorities believe the Eagle S, linked to Russia’s “shadow fleet” of vessels used for sanctions evasion, was involved in the incident and have issued travel bans for several crew members. NATO allies, including Sweden, Norway, and Latvia, responded in January by launching Baltic Sentry, a military initiative aimed at enhancing detection and deterrence capabilities in the Baltic Sea. Kristersson emphasized that the region faces increasing hybrid threats and that recent events are part of a broader pattern tied to Russia’s maritime operations. He also highlighted the connection between the Russian shadow fleet’s activities and funding for the war in Ukraine, urging increased efforts to disrupt these operations.
READ THE STORY: The Record
Undersea cables keep getting severed in the Baltic Sea. What's going on? (Video)
FROM THE MEDIA: We’re on board one of the NATO patrol ships protecting important underwater cables in the Baltic Sea. CBC News’s visual investigations team mapped the sequence of recent damage to cables in the area that some are saying is Russian 'shadow fleet' sabotage.
Kaliningrad Plunges into DARKNESS - Russian Connection has been CUT (Video)
FROM THE MEDIA: On February 12, 2025, Kaliningrad experienced a major blackout and loss of internet connectivity due to the severing of underwater communication cables. The disruption has heightened regional tensions and raised concerns about hybrid warfare in the Baltic region.boo
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.