NATSEC-TECH THURSDAY — March 13, 2025: Every Thursday’s edition of Threat Status highlights the intersection between national security and advanced technology, from AI to cyber threats and the battle for global data dominance.
Share the daily Threat Status newsletter and the weekly NatSec-Tech Wrap with friends who can sign up here. Send tips to National Security Editor Guy Taylor or lead Tech Correspondent Ryan Lovelace.
China’s military is developing advanced anti-stealth radars for deployment on balloons and unmanned aircraft.
… President Trump has picked Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency.
… Palantir says six new customers are deploying its “Warp Speed” technology to enable “more efficient production of formidable machinery” — from sea vessels to drones and propulsion systems.
… The world’s largest digital camera has been installed at an observatory funded by the National Science Foundation and the Department of Energy to make a “time-lapse record of the universe.”
… Navy Secretary nominee John Phelan’s investment in Dell Technologies has upset Democratic Sen. Elizabeth Warren.
… Amazon, Google and Meta support tripling nuclear energy capacity worldwide in 25 years.
… California-based Rocket Lab says it plans to acquire Mynaric, a German company responsible for manufacturing communication equipment for satellite constellations.
… And while the Trump administration is focused on cutting government waste, the Pentagon is upgrading sand traps at Ramstein Air Base’s Woodlawn Golf Course.
China’s People’s Liberation Army (PLA) is deploying advanced air defense radars capable of detecting stealth aircraft, according to a U.S. Air Force think tank report. The report’s authors say the new radars are set to target threats posed by attack drones and low-flying missiles, and are being deployed on balloons and unmanned aircraft.
“China’s large air defense radar industrial base produces comprehensive detection capabilities at all heights and ranges, and its newest systems appear to be on the international cutting edge of radar technology,” the report by the China Aerospace Studies Institute (CASI) reveals.
It maintains that the scale of radar development for use with China’s integrated air defense networks is very large, as Chinese investment in military radar has tripled in the past decade, with an estimated $6 billion spent on systems in 2022 alone.
The Chinese government-linked hacking group code-named Silk Typhoon is targeting the U.S. information technology supply chain, according to the security group Microsoft Threat Intelligence, which has warned in a report that the cyberespionage group has shifted tactics and is now targeting IT remote-management tools and cloud applications to gain initial access to targeted computer networks.
Silk Typhoon was described in the March 5 report as an espionage-focused Chinese state actor that is well-resourced and technically efficient that operates by exploiting zero-day vulnerabilities – software holes that allow remote cyber access. Silk Typhoon “holds one of the largest targeting footprints among Chinese threat actors,” the report says.
A key tactic of Silk Typhoon is obtaining network access credentials through stolen application programming interface (API) keys that are used for computer access authentication. The group’s wide-ranging targets include information technology services and infrastructure, remote monitoring and management companies, managed service providers and affiliates, health care, legal services, higher education, defense, government, non-governmental organizations, energy and others located in the U.S. and throughout the world.
Elon Musk attributed a major outage on his X platform this week to a well-resourced adversary using internet protocol addresses originating from Ukraine to carry out what he described as a “massive cyberattack” on the social media platform.
“Either a large, coordinated group and/or a country is involved,” Mr. Musk posted on X on Monday, saying later during an interview on Fox News that the hackers appeared to have connections to Ukraine, although he did not explicitly accuse the Kyiv government or Ukrainian hackers of attacking his company.
Hackers may spoof IP addresses to mask their location and work. Such spoofing often accompanies distributed denial of service attacks (DDoS), where victims are overwhelmed with traffic bringing their services to a halt. The IT Army of Ukraine, a Ukrainian hacking activist collective, has proactively denied any involvement in the X outage.
A group called “Dark Storm Team” has claimed responsibility for the breach, according to Baptiste Robert, CEO of the France-based company Predicta Lab. Mr. Robert linked the group to individuals in Egypt, saying on X that “law enforcement and authorities are actively addressing the issue.”
Senate Judiciary Committee Chairman Charles E. Grassley says the Cybersecurity and Infrastructure Security Agency (CISA) has failed to provide basic information about the high-profile cyberattack it suffered in January 2024, when hackers breached its Chemical Security Assessment Tool used by the government to gather data from facilities with dangerous chemicals.
Mr. Grassley, who began investigating the breach soon after CISA publicly revealed it in July 2024, said this week that the agency has yet to fully explain what happened. “It appears that CISA cannot definitively determine whether or not the data on 506,191 individuals has been misused, exfiltrated, or used in furtherance of criminal activity,” the Iowa Republican said in a letter to the agency.
In a notification to Congress last year, CISA said it determined that the “privacy incident presents a moderate risk of harm” despite the hackers having access to the agency’s tool for two days. The agency said at the time that its forensic analysis of the breach was ongoing.
National Security Tech Correspondent Ryan Lovelace offers a closer look, reporting that it remains unclear if CISA ever figured out who hacked the agency. CISA’s April 2024 notice to Congress said the threat actor was “unknown.” Mr. Grassley demanded a status update on the agency’s findings on Tuesday. CISA declined to comment to Threat Status on Wednesday.
Mike Davis, president of the Article III Project, claims in an op-ed that trillion-dollar Big Tech companies — Alphabet (owner of Google and YouTube), Amazon, Meta (parent of Facebook, Instagram, WhatsApp) and Apple — don’t actually care about America.
“Take Google, for example. In 2018, the company abandoned its contract with the Pentagon for Project Maven, an initiative to provide artificial intelligence for military drones,” writes Mr. Davis. “This decision was made after internal protests from employees who, driven by political biases, objected to working with the U.S. military.”
“Meanwhile, Google was negotiating with the Chinese government to develop a censored search engine known as Project Dragonfly, which would grant the Chinese Communist Party access to citizens’ data,” he writes. “In short, Google was unwilling to support U.S. national security but was more than willing to collaborate with China and the Chinese Communist Party. This behavior demonstrates that Google’s priorities were never aligned with our national interests.”
• March 27 — Software-defined Warfare Blueprint, Atlantic Council
Thanks for reading NatSec-Tech Thursdays from Threat Status. Don’t forget to share it with your friends who can sign up here. And listen to our weekly podcast available here or wherever you get your podcasts.
