Sunday, Mar 02, 2025 // (IG): BB // GITHUB // SN R&D
Sanctioned Oil Trader Niels Troost Challenges EU Blacklisting Over ‘Disinformation’
Bottom Line Up Front (BLUF): Dutch oil trader Niels Troost, the only European sanctioned for trading Russian oil, has filed an appeal in the EU General Court to overturn the decision. Troost claims that the EU sanctions were based on disinformation spread by his former business partner, Gaurav Srivastava, with whom he had a bitter commercial dispute. His lawyers argue that his companies ceased Russian oil trading 15 months before the sanctions and that a ship-chartering business cited in the listing was sold six years prior.
Analyst Comments: Trump’s renewed focus on commodity tariffs underscores his broader economic nationalism agenda. While U.S. lumber producers argue that Canadian subsidies create an unfair market, additional tariffs could increase homebuilding costs, fueling inflation in an already sensitive economy. Just before introducing 25% tariffs on Canada and Mexico, the timing suggests a hardline stance ahead of potential trade negotiations. Canada could retaliate if the U.S. moves forward, worsening North American trade tensions.
FROM THE MEDIA: The Department of Commerce was ordered to investigate whether foreign lumber imports are undercutting U.S. logging companies. The move follows a long-standing dispute over Canadian softwood lumber, which accounted for over 80% of U.S. imports in 2023. The Forest Products Association of Canada warned that additional tariffs could harm workers on both sides of the border, while the U.S. Lumber Coalition supports the probe. The announcement comes as the U.S. prepares to raise tariffs on Chinese imports and expand trade enforcement measures.
READ THE STORY: FT
US Targets China With New Tariffs Over Fentanyl Trade Dispute
Bottom Line Up Front (BLUF): The Trump administration is set to impose an additional 10% tariff on Chinese imports, citing China’s role in the fentanyl crisis as justification. While China denies responsibility, U.S. officials argue that Chinese chemical firms supply precursors to Mexican cartels, which manufacture and smuggle fentanyl into the U.S. Beijing has historically leveraged drug enforcement as a diplomatic tool, previously halting cooperation over political disputes.
Analyst Comments: The fentanyl trade remains a highly politicized issue, with the U.S. and China using it as a bargaining chip in broader geopolitical tensions. While tariffs may apply pressure, history suggests China only cooperates when it aligns with its strategic interests. Without deeper law enforcement collaboration or targeted financial sanctions on Chinese precursor manufacturers, cartel networks may shift sourcing to other countries like India. The long-term effectiveness of tariffs as a deterrent for the illicit fentanyl trade remains questionable.
FROM THE MEDIA: Secretary of State Marco Rubio suggested that China may be deliberately flooding the U.S. with fentanyl, a claim dismissed by Beijing as “Cold War thinking.” China has previously restricted fentanyl production, but U.S. officials argue that Chinese firms now focus on supplying precursor chemicals instead. While China blacklisted specific fentanyl precursors in 2022, enforcement has been slow. Experts warn that even if China complies, criminal organizations may shift supply chains elsewhere, making enforcement a global challenge rather than a China-specific issue.
READ THE STORY: WSJ
Space Pirates Deploy New LuckyStrike Agent Malware Against Russian IT Firms
Bottom Line Up Front (BLUF): The APT group Space Pirates has been linked to a cyberespionage campaign targeting Russian IT organizations using a newly discovered .NET backdoor called LuckyStrike Agent. Identified by Solar, Rostelecom’s cybersecurity division, the campaign also employs Deed RAT (ShadowPad Light) and a customized version of Stowaway for persistence and network infiltration. Attackers used compromised web services to gain access and maintain a foothold for over 19 months, highlighting the persistence of state-sponsored cyber threats.
Analyst Comments: The Space Pirates group, active since at least 2017, has primarily targeted government and tech organizations in Russia, Georgia, and Mongolia, suggesting a state-sponsored or financially motivated espionage agenda. The long-term access (19 months) before detection indicates advanced stealth tactics and weak security monitoring in victim networks. Using Microsoft OneDrive for C2 communications allows attackers to blend malicious traffic with legitimate network activity, complicating detection. Given the group's toolset overlaps with China-linked APT Webworm, this campaign reinforces concerns over Chinese cyberespionage targeting Russian entities amid shifting geopolitical alignments.
FROM THE MEDIA: Russian cybersecurity firm Solar (Rostelecom) identified Space Pirates' latest campaign, tracking it under Erudite Mogwai. The group leveraged LuckyStrike Agent, a multi-functional .NET backdoor that exploits Microsoft OneDrive for command-and-control (C2). Attackers initially compromised a publicly exposed web service in March 2023, moving laterally through the network until November 2024. The campaign also included a modified version of Stowaway, stripped down to proxy functions and equipped with LZ4 compression, XXTEA encryption, and QUIC transport support to evade detection. The APT group's evolving tactics and persistence highlight the need for enhanced monitoring of critical IT infrastructure.
READ THE STORY: THN
Three Charged in Singapore Over Alleged Nvidia GPU Smuggling to China
Bottom Line Up Front (BLUF): Singapore authorities have arrested and charged three individuals with an alleged illegal shipment of Nvidia GPUs to China, violating U.S. export controls. The accused, including two Singaporeans and one Chinese national, face fraud and conspiracy charges after authorities raided 22 locations. This incident highlights ongoing concerns about black market GPU sales, which may fuel China’s AI development despite U.S. sanctions.
Analyst Comments: This case underscores China’s continued access to restricted AI hardware through black market networks despite escalating U.S. export bans. Though seemingly minor, the $350 million quarterly GPU shipments to Singapore suggest the potential rerouting of restricted chips into China. With DeepSeek's latest AI models raising concerns over unauthorized access to U.S. technology, U.S. and allied nations may intensify enforcement of semiconductor export rules. Future smuggling crackdowns could target other Asian intermediaries suspected of aiding China’s AI ambitions.
FROM THE MEDIA: Singapore authorities arrested nine suspects and later charged three individuals for allegedly using fraudulent business claims to ship Nvidia GPUs into China illegally. The investigation follows U.S. efforts to curb AI chip exports, with Singapore emerging as a potential transshipment hub for restricted technology. In recent years, U.S. sanctions have expanded to Middle Eastern nations to prevent similar rerouting. Singapore customs officials are now reviewing whether these shipments explicitly violated U.S. export laws. Nvidia declined to comment on the case.
READ THE STORY: The Register
U.S. Foreign Aid Halt Disrupts China-Focused Research and Cybersecurity Monitoring
Bottom Line Up Front (BLUF): The Trump administration’s freeze on foreign aid has significantly disrupted nonprofit research on China, cutting off funding for organizations tracking human rights abuses, economic trends, cyber threats, and Beijing’s geopolitical influence. NGOs that previously provided key intelligence to U.S. policymakers and international bodies are now suspending operations, raising concerns over a growing information gap on China.
Analyst Comments: The suspension of U.S. government grants limits access to critical intelligence on China’s digital surveillance, supply chain abuses, and cyber activities. As Beijing tightens control over data and independent analysis, losing these NGO reports may weaken Western strategic decision-making. With NGOs forced to downsize, governments and businesses must seek alternative intelligence sources, possibly shifting more responsibility to intelligence agencies. This funding cut could also accelerate China’s ability to control global narratives by reducing independent oversight.
FROM THE MEDIA: Following the Trump administration’s foreign aid suspension, U.S.-funded NGOs such as Freedom House, China Digital Times, and the Australian Strategic Policy Institute (ASPI) have been forced to scale back or halt China-focused research. Freedom House’s China Dissent Monitor, which tracked protests and public dissent, is now suspended. China Digital Times, which documented censorship policies and cyber influence operations, has cut salaries and working hours. ASPI, a key source of research on Chinese cyber threats and disinformation, is seeking alternative funding. Analysts warn that losing these data-driven insights may hinder efforts to counter China’s growing digital authoritarianism and cybersecurity risks.
READ THE STORY: WSJ
Chinese Hackers Breach Belgium’s State Security Service via Barracuda Vulnerability
Bottom Line Up Front (BLUF): Belgium’s State Security Service (VSSE) has suffered a significant security breach after Chinese hackers exploited a Barracuda Email Security Gateway vulnerability, accessing 10% of the agency’s email traffic for nearly two years. While no classified data appears to have been compromised, the personal information of almost half of all VSSE personnel may have been exposed. The breach also affected the Belgian Pipeline Organisation (BPO). Investigations are ongoing, and Belgium is facing growing concerns over cybersecurity vulnerabilities in critical infrastructure.
Analyst Comments: The length of the intrusion (two years) suggests a lack of adequate detection and response mechanisms. China's alleged involvement aligns with broader trends of advanced persistent threat (APT) operations targeting Western institutions. To prevent such prolonged breaches, Belgian authorities must enhance email security measures, limit third-party dependencies, and strengthen threat intelligence sharing.
FROM THE MEDIA: Chinese hackers were infiltrating Belgium’s VSSE and BPO, exploiting a Barracuda Email Security Gateway vulnerability. The breach, initially reported in 2023, has now been revealed to be far more extensive than initially believed. Attackers remained undetected for nearly two years, intercepting 10% of VSSE’s email traffic and potentially exposing the personal data of intelligence personnel. The Chinese Embassy in Belgium denied the allegations, calling them “false information.” Cybersecurity experts, however, warn this is part of a broader trend of Chinese APT groups targeting Western intelligence agencies. The Belgian government now calls for stricter oversight of third-party software providers and improved cybersecurity measures across its national security infrastructure.
READ THE STORY: GBhackers
Anne Neuberger on AI: "We Have to Challenge Ourselves to Be First"
Bottom Line Up Front (BLUF): Former White House cyber official Anne Neuberger warns that China’s AI advancements—such as DeepSeek’s recent breakthroughs—highlight the urgency for the U.S. to accelerate AI innovation. At the Munich Security Conference, Neuberger emphasized the dual use of AI in cybersecurity, noting that while adversaries leverage AI for cyberattacks, defenders must deploy AI-powered defenses faster. She also called for stronger public-private partnerships to keep the U.S. at the forefront of AI and cybersecurity.
Analyst Comments: Neuberger’s insights reinforce the growing AI arms race between the U.S. and China, where constraints on AI chip exports have pushed China toward more efficient AI models. The discussion highlights how AI reshapes cyber warfare, enabling sophisticated attacks and next-generation defenses. AI-driven security tools could provide real-time threat detection as cyber threats evolve, but their deployment lags behind offensive AI capabilities. For the U.S. to maintain a technological edge, policymakers and private sector leaders must move faster in AI adoption, balancing security, transparency, and innovation.
FROM THE MEDIA: In an interview with the Click Here podcast, Anne Neuberger discussed the impact of China’s DeepSeek AI breakthrough, the role of AI in cyber operations, and how it could influence future military conflicts. She warned that AI accelerates cyber offense and defense, citing examples like AI-generated phishing attacks and pattern recognition for missile defense. Neuberger also stressed that AI’s impact on cybersecurity is inevitable, and the U.S. must prioritize AI-driven security solutions. Reflecting on her time in government, she highlighted the need for agility in AI policy, urging leaders to act quickly, assess, and adapt rather than wait for perfect solutions.
READ THE STORY: The Record
RDP: A Double-Edged Sword for IT Teams – Essential Yet Exploitable
Bottom Line Up Front (BLUF): Remote Desktop Protocol (RDP) is widely used by IT teams for remote access and system management, but its exposure to the internet makes it a prime target for cyberattacks. Recent trends indicate hackers scanning alternative ports, like 1098, to exploit misconfigured RDP setups. Organizations must implement strict security measures, including patching, multi-factor authentication (MFA), and advanced monitoring tools to mitigate risks.
Analyst Comments: RDP remains a critical tool for businesses, especially in remote work environments, but its vulnerabilities continue to attract threat actors. The increasing shift from port 3389 to alternative ports like 1098 suggests that attackers are evolving their methods to bypass traditional defenses. Security-conscious organizations should reassess their RDP exposure and employ proactive testing tools like vPenTest and endpoint detection solutions like Datto EDR. Enterprises should prioritize zero-trust principles and enforce strict access controls to minimize unauthorized intrusions.
FROM THE MEDIA: The Shadowserver Foundation reported in December 2024 that cybercriminals are increasingly scanning port 1098 for vulnerable RDP instances. Honeypot sensors have detected up to 740,000 daily IP scans targeting RDP services, with a significant portion originating from a single country. Microsoft responded by releasing security patches in December 2024 and January 2025, addressing critical vulnerabilities (CVE-2025-21309 and CVE-2025-21297) that could allow remote code execution. Security firms like Kaseya and Datto recommend proactive pen-testing, real-time threat monitoring, and automated response mechanisms to prevent exploitation. Businesses should also enforce strong authentication and limit RDP exposure to minimize the risk of ransomware and data breaches.
READ THE STORY: THN
China Advises AI Leaders to Avoid U.S. Travel Amid Security Concerns
Bottom Line Up Front (BLUF): Chinese authorities are urging top AI researchers and executives to avoid traveling to the U.S., citing national security risks. Beijing fears these individuals could be detained, pressured for information, or poached by U.S. companies. This move reflects China’s tightening control over cutting-edge technology sectors, deepening the U.S.-China technology divide amid ongoing semiconductor restrictions and geopolitical tensions.
Analyst Comments: China’s travel advisory for AI leaders highlights Beijing’s growing paranoia over losing technological advancements to Western influence. The concerns about executive detentions recall the Huawei CFO Meng Wanzhou case, reinforcing the belief that tech leaders are valuable geopolitical assets. As China pushes for self-sufficiency in AI and semiconductors, restricting foreign travel may hinder cross-border collaboration but also signals Beijing’s commitment to securing its tech ecosystem. This move could also further isolate China’s AI industry, reducing its exposure to global innovation.
FROM THE MEDIA: According to sources familiar with the matter, Chinese authorities in Beijing, Shanghai, and Zhejiang discourage AI executives from traveling to the U.S. unless necessary. DeepSeek founder Liang Wenfeng declined an AI summit invitation in Paris, while other executives have canceled U.S. trips under government advisories. Beijing is reportedly concerned that these individuals could be subject to U.S. pressure, espionage, or recruitment efforts. President Xi Jinping met with top tech leaders on February 17, 2025, reinforcing the need for a "sense of national duty" in technology development. While interactions between Chinese and U.S. firms continue at international events like CES 2025, China’s AI sector faces increasing isolation as geopolitical tensions escalate.
READ THE STORY: WSJ
Microsoft Identifies Developers Behind AI-Powered Celebrity Deepfake Scheme
Bottom Line Up Front (BLUF): Microsoft has identified six individuals modifying generative AI services, including Azure OpenAI, to create non-consensual celebrity deepfakes. The cybercrime group, tracked as Storm-2139, allegedly resold access to these illicit AI tools. The company has filed a civil lawsuit and is preparing criminal referrals to U.S. and international law enforcement.
Analyst Comments: Microsoft’s legal action against Storm-2139 underscores the tech industry’s increased focus on enforcing ethical AI usage and preventing misuse. Using stolen customer credentials to access AI services suggests a broader cybersecurity concern where credential hygiene and access control must be reinforced. This case may set a precedent for future AI-related litigation and policy development, pushing for stricter regulations on generative AI access and misuse.
FROM THE MEDIA: In a legal filing unsealed in January 2025, Microsoft accused six developers—four foreign nationals and two U.S. residents—of modifying AI tools to produce explicit deepfake content. The accused include individuals from Iran, the U.K., Hong Kong, and Vietnam, while the U.S. suspects, based in Illinois and Florida, remain unnamed due to pending investigations. Storm-2139 allegedly accessed Microsoft’s AI services through exploited customer credentials scraped from public sources. Following an initial court order, Microsoft seized a key website linked to the group, causing internal member disputes. Some members even retaliated by doxing Microsoft’s legal team, though this backfired as other suspects attempted to shift blame. Microsoft has confirmed that it is coordinating with law enforcement agencies to pursue criminal charges.
READ THE STORY: The Record
Musk’s DOGE Shuts Down Federal Tech Team Behind Free Tax-Filing Site
Bottom Line Up Front (BLUF): The Trump administration has disbanded 18F, a government tech team responsible for modernizing federal websites and building the IRS’s free tax-filing platform. The move aligns with executive orders promoting government efficiency and was influenced by Elon Musk, who leads the Department of Government Efficiency (DOGE). The decision immediately locked 90 employees out of their systems, raising concerns about the future of digital public services.
Analyst Comments: The shutdown of 18F signals a broader shift in U.S. federal tech policy, favoring private-sector solutions over government-led innovation. While the administration frames this as an efficiency measure, critics argue it undermines public digital services like the IRS-free tax-filing system. Musk’s influence suggests a potential privatization push, possibly benefiting commercial tax-prep companies. The dismantling of 18F may also have security implications, as the team was involved in enhancing federal cybersecurity infrastructure—an area already under increasing threat.
FROM THE MEDIA: Thomas Shedd, Director of Technology Transformation Services at GSA, informed 18F employees that their roles had been terminated. The shutdown aligns with the February 11 executive order on government workforce efficiency. Elon Musk, who leads DOGE, previously referred to 18F as a “far-left government-wide computer office” on social media. The IRS’s free tax filing site remains online, but its future is unclear. 18F, founded in 2014, played a key role in modernizing federal websites and improving digital accessibility. Critics warn that its closure could reduce government tech innovation and increase reliance on private companies for essential public services.
READ THE STORY: Reuters
China’s Cyber Norms Expand in Indo-Pacific, ARTICLE 19 Calls for Taiwan’s Support
Bottom Line Up Front (BLUF): A new ARTICLE 19 report warns that China is exporting its digital authoritarian model across the Indo-Pacific, embedding restrictive cybersecurity norms in Indonesia, Pakistan, and Vietnam. Through its Digital Silk Road, China promotes "cyber sovereignty" policies that suppress free expression and enhance state surveillance. The report highlights Taiwan’s transparent, rights-based cybersecurity approach as a viable alternative and urges the international community to increase engagement with Taiwan to counter Beijing’s growing influence.
Analyst Comments: China’s push for authoritarian cybersecurity norms aligns with its broader geopolitical strategy to shape global internet governance in its favor. The adoption of China-style digital policies by Indo-Pacific nations risks legitimizing internet censorship and state-controlled digital infrastructure beyond China’s borders. Taiwan, which has resisted Chinese cyberattacks while upholding democratic digital governance, presents an alternative model. The West’s response will determine whether Beijing’s digital influence expands unchecked or a free and open internet model prevails in the Indo-Pacific.
FROM THE MEDIA: "Cybersecurity with Chinese Characteristics" details how China’s Digital Silk Road serves as a vehicle for spreading its cyber governance model. In Indonesia, Pakistan, and Vietnam, China-backed policies have led to internet firewalls, content censorship, and expanded surveillance powers. The report argues that Taiwan’s cybersecurity framework, which emphasizes multi-stakeholder governance and digital transparency, offers a counterweight to China’s restrictive policies. Michael Caster, head of ARTICLE 19’s Global China Programme, warns that China’s digital influence could reshape global internet norms, urging policymakers to partner with Taiwan to resist Beijing’s cyber ambitions.
READ THE STORY: Article 19
Trump Orders Probe Into Alleged Lumber Dumping, Signaling Possible Tariffs
Bottom Line Up Front (BLUF): The Trump administration has investigated potential lumber dumping, targeting Canadian wood imports as a threat to U.S. national security. If the Department of Commerce finds evidence of unfair trade practices, the U.S. could impose new tariffs on top of the existing 14.5% duties on Canadian lumber. This follows similar actions against steel, aluminum, and copper, escalating the administration’s aggressive trade policies.
Analyst Comments: Trump’s renewed focus on commodity tariffs underscores his broader economic nationalism agenda. While U.S. lumber producers argue that Canadian subsidies create an unfair market, additional tariffs could increase homebuilding costs, fueling inflation in an already sensitive economy. Just before introducing 25% tariffs on Canada and Mexico, the timing suggests a hardline stance ahead of potential trade negotiations. Canada could retaliate if the U.S. moves forward, worsening North American trade tensions.
FROM THE MEDIA: The Department of Commerce was ordered to investigate whether foreign lumber imports are undercutting U.S. logging companies. The move follows a long-standing dispute over Canadian softwood lumber, which accounted for over 80% of U.S. imports in 2023. The Forest Products Association of Canada warned that additional tariffs could harm workers on both sides of the border, while the U.S. Lumber Coalition supports the probe. The announcement comes as the U.S. prepares to raise tariffs on Chinese imports and expand trade enforcement measures.
READ THE STORY: FT
Items of interest
Rethinking Cyber Strategy: Does Standing Down on Russia Benefit the U.S.
Defense Secretary Pete Hegseth’s order for U.S. Cyber Command (CYBERCOM) to halt offensive cyber planning against Russia is a bold shift in strategy. The Trump administration argues that this move could de-escalate tensions with Moscow, free up resources for more pressing cyber threats, and even create room for potential cooperation. However, this raises critical questions: Why extend this approach to Russia, not China? Can this strategy enhance U.S. cybersecurity, or does it simply weaken deterrence? And with the U.S. reducing its cyber posture against Russia, what does this signal to Ukraine and European allies?
Analyst Comments: This decision appears to be about prioritization at face value. Given its extensive espionage campaigns, intellectual property theft, and influence operations, the administration sees China as a more strategic cyber adversary. Redirecting CYBERCOM’s focus could allow the U.S. to concentrate its cyber resources where they are most needed. However, this approach assumes that Russia will not take advantage of the reduced U.S. cyber posture—an assumption that contradicts historical precedent. Russian state-linked hackers have repeatedly engaged in cyber espionage, ransomware attacks, and election interference. This strategy could backfire if de-escalation with Moscow does not lead to restraint but emboldens Russian cyber actors. The geopolitical optics of this move are concerning. Standing down against Russia while simultaneously reducing military and cyber support for Ukraine may signal a broader realignment that could erode U.S. influence in Eastern Europe. While some argue this could push European allies to take greater responsibility for countering Russian cyber threats, history suggests that NATO and the EU have primarily relied on U.S. cyber leadership. If European allies do not fill the gap, the result could be greater vulnerability to Russian cyber operations, not just for the U.S. but for its partners.
FROM THE MEDIA: Last week, Hegseth instructed CYBERCOM to halt cyber operations targeting Russia, which reportedly intended to support broader diplomatic efforts to normalize relations with Moscow. The NSA will continue intelligence-gathering, but the stand-down removes an active deterrent against Russian cyber threats. The administration maintains that this decision aligns with its strategic priorities, allowing CYBERCOM to focus on other threats, such as China and Mexican drug cartels. However, critics warn that this could embolden Russian cyber actors, expose U.S. infrastructure to more significant risks, and weaken the U.S. position in Eastern Europe, particularly in Ukraine. The Pentagon has not provided details on how long this policy will remain in effect or what criteria would trigger a reassessment.
READ THE STORY: CEPA
How Russian Hackers Stole $100M from US Banks | Cyberwar (Video)
FROM THE MEDIA: Russian cybercrime is big business – and some say hackers get a pass when they work double duty for Putin and his geopolitical ambitions.
Trump’s Dangerous Tango with Putin (Video)
FROM THE MEDIA: The Tango is a complicated dance often associated with passion, with no room for missteps. U.S. President Donald Trump’s engagement with Russian President Vladimir Putin is also complicated on multiple levels, and missteps here could be deadly. Will Trump’s efforts to court the Russian leader with charm lead to the result the U.S. is looking for after Putin’s deadly war in Ukraine? The Cipher Brief asked former senior CIA Officer and former Station Chief Dan Hoffman for his take on the risks of dancing with Putin.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.