Full Report
Chinese leader Xi Jinping has purged dozens of senior People’s Liberation Army officers since mid-2023, including two in January, but will this increase the risk of war? The loss of experienced officers could make Xi less confident in how his military would perform, but his increased power could also provide him greater latitude to order troops into combat…
Analysis Summary
# Morning News Roll-up February 24, 2026
## Overview
Today's intelligence landscape is dominated by internal shifts within the Chinese military leadership, alongside evolving cyber threats hitting the transportation, energy, and manufacturing sectors. Key developments include the purge of senior PLA officers impacting strategic stability, high-speed lateral movement by cyber attackers, and geopolitical alignment of ransomware operations.
## Top Stories
### The danger in the middle: Will Xi’s purges increase the risk of war?
- Summary: Since mid-2023, Xi Jinping has purged dozens of senior PLA officers, including CMC Vice Chairman Zhang Youxia. While the loss of experienced leadership may temporarily decrease tactical confidence, the consolidation of power may grant Xi greater latitude for military action regarding Taiwan in the late 2020s.
- Source: hxxps://threatbeat[.]com/the-danger-in-the-middle-will-xis-purges-increase-the-risk-of-war/
### Air Côte d'Ivoire confirms cyberattack following ransomware claims
- Summary: The national airline of Ivory Coast has confirmed a cyberattack after ransomware actors claimed to have breached their systems. This incident highlights the ongoing vulnerability of critical transportation infrastructure to extortion-based campaigns.
- Source: hxxps://threatbeat[.]com/air-cote-divoire-confirms-cyberattack-following-ransomware-claims/
### CrowdStrike says attackers are moving through networks in under 30 minutes
- Summary: New threat telemetry indicates "breakout time"—the time it takes for an attacker to move laterally from an initial compromise—has dropped to under 30 minutes. This necessitates a shift toward automated detection and rapid response capabilities.
- Source: hxxps://threatbeat[.]com/crowdstrike-says-attackers-are-moving-through-networks-in-under-30-minutes/
---
# Main Topic
**Strategic Instability and PLA Command Purges under Xi Jinping**
The primary threat narrative concerns the internal "purging" of dozens of senior People’s Liberation Army (PLA) officers. This restructuring creates a temporary vacuum of experienced leadership but signifies a shift toward absolute personalist control by Xi Jinping, potentially altering the risk calculus for a conflict over Taiwan in the 2028–2032 timeframe.
## Key Points
- **Leadership Attrition:** Massive removal of high-ranking officers, including the Vice Chairman of the Central Military Commission (CMC), Zhang Youxia.
- **Operational Impact:** The loss of "battlefield effectiveness" due to the removal of experienced tactical and strategic minds.
- **Strategic Window:** The risk of war is assessed to be highest in the "medium term" (late 2020s) as new, more compliant commanders take their posts.
- **Trust Deficit:** The purges highlight a significant lack of trust between the Chinese Communist Party (CCP) leadership and the military establishment, often stemming from corruption or perceived disloyalty.
## Threat Actors
- **The Chinese Communist Party (CCP) Leadership:** Specifically Xi Jinping, acting as the primary driver of the internal purge.
- **People’s Liberation Army (PLA):** The entity undergoing structural and leadership instability.
- **Ransomware Gangs (Related Context):** Mentioned in supplementary reports as advancing Moscow's geopolitical aims, secondary to the primary China story.
## TTPs
- **Political Purges:** Systematic removal of senior officials to consolidate power.
- **Information Warfare:** Use of conspiracy theories and narrative control to manage domestic and international perceptions of military readiness.
- **Lateral Movement (Cyber Context):** Attackers observed achieving breakout times of under 30 minutes in unrelated but concurrent incidents.
## Affected Systems
- **PLA Command and Control (C2):** The decision-making hierarchy of the Central Military Commission.
- **Critical Minerals Systems:** Targeted via email impersonation (recently patched by the U.S. Department of Energy).
- **Smart Factory Time Clocks:** Targeted to disrupt manufacturing operations.
## Mitigations
- **Deterrence Signaling:** Efforts should focus on convincing peak leadership (Xi) of unacceptable risks, rather than influencing military advisors.
- **Rapid Patching:** Addressing flaws in critical infrastructure, specifically email impersonation vulnerabilities in energy systems.
- **Enhanced Monitoring:** Implementing detection strategies capable of identifying lateral movement within the 30-minute breakout window.
## Conclusion
The purge of the PLA represents a period of "danger in the middle." While the immediate loss of expertise may deter near-term aggression, the resulting consolidation of power likely increases the probability of conflict in the medium term. Analysts should monitor the credentials and loyalty of newly appointed commanders in the 2026-2030 window for signs of "war optimism."