Cyber Operations

The FBI, NSA, and German BfV issued a joint warning that Russia's GRU unit APT28 (Fancy Bear/Forest Blizzard) has exploited vulnerable TP-Link and MikroTik routers in a multi-year campaign dubbed Operation Masquerade, which the FBI disrupted via a court-authorized action in 2026. Roughly 18,000 home routers worldwide were hijacked and used as operational relays to steal Microsoft 365 credentials from government, critical-infrastructure, and military targets. ZDNET published five mitigation steps for affected owners, and the NSA-co-sealed PSA is summarized by Intelligence Community News.

A hacker using the alias "FlamingChina" claims to have exfiltrated more than 10 petabytes of data from China's National Supercomputing Center in Tianjin, with the trove reportedly including aircraft, missile, and bomb schematics from the Aviation Industry Corporation of China and the National University of Defense Technology, per SC Media. The Indian business press is calling it a potential data heist of the century; ETCISO notes the exposed files raise national security concerns if authentic. Attribution and authenticity remain unverified.

A single threat actor reportedly used Anthropic's Claude and OpenAI's ChatGPT to compromise nine Mexican government agencies and steal hundreds of millions of citizen records, according to Cybersecurity News and GBHackers. Separately, Tom's Hardware pushed back on Anthropic's broader threat-intel narrative, arguing claims of "thousands" of AI-discovered zero-days rely on 198 manual reviews of mostly unexploitable or legacy bugs.

Espionage

ESET researchers disclosed a mobile espionage operation active across the Middle East since at least 2022 that impersonates Signal, Telegram, and other secure messaging apps to install ProSpy spyware on Android devices, harvesting messages, contacts, and files.

In Taiwan, the High Court upheld the dismissal of a 1990s Chinese-spy case against a former military intelligence officer, citing statute-of-limitations and evidentiary issues — a reminder of how older cross-strait espionage dockets continue to resurface.

Foreign Influence & Information Operations

The U.S. Justice Department announced it had settled litigation alleging that the Biden-era State Department's now-closed Global Engagement Center (GEC) pressured platforms to suppress disfavored American speech. GEC had been a principal U.S. government node for tracking foreign malign influence; the settlement signals continued retrenchment in federal counter-disinformation capacity.

Conservative outlet Townhall reported that several U.S. outlets uncritically amplified an outdated Iranian-origin ceasefire rumor, characterized as a Tehran influence operation — useful as a data point on laundering of adversary narratives, though framed through a partisan lens.

A New York Times/DNYUZ feature interviewed tech reporter Tiffany Hsu on how AI-generated "fake people" are becoming legitimate influencers, with downstream implications for political speech and foreign-influence tradecraft. The Council on Foreign Relations argued that when Washington opts out of democracy messaging, authoritarian states and their proxies fill the narrative vacuum.

Policy & Posture

A DOT Inspector General audit found the FAA remains delinquent in implementing basic cybersecurity controls for air-traffic systems—a standing exposure for nation-state targeting. Treasury announced a new digital-asset cybersecurity initiative as crypto-platform attacks accelerate. Ontario and Quebec police confirmed parallel probes into a recently dismantled botnet that had compromised millions of household devices.