Sign up to save your podcasts
Or
Share Beijing's Cyber Army Plays 4D Chess While We're Still Learning Checkers: Volt Typhoon's Kill Switch Exposed
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Beijing's Cyber Army Plays 4D Chess While We're Still Learning Checkers: Volt Typhoon's Kill Switch Exposed
This is your Cyber Sentinel: Beijing Watch podcast.
Hey listeners, Ting here with Cyber Sentinel: Beijing Watch, diving straight into the hottest Chinese cyber chaos from the past week that's got US security sweating. Picture this: I'm hunkered down in my digital war room, coffee IV-dripped, watching Beijing's hackers play 4D chess with our grids.
Dragos dropped their 2025 Year in Review report Tuesday, and it's a gut punch—Volt Typhoon, that notorious PRC squad the US government's been yelling about, is still burrowed deep in US energy networks like electric utilities, oil, and gas pipelines. They're not swiping IP; nah, Dragos CEO Robert M. Lee says Voltzite, their close cousin, is embedding malware in control loops for one reason: to flip the kill switch when Beijing says go. They hit Sierra Wireless AirLink devices to slurp sensor data, tweak engineering workstations, and snag configs on how to halt ops cold. Another op? They unleashed the JDY botnet to probe VPNs in energy and defense—prepping for the big boom.
But wait, fresh blood: three new crews joined the party. Sylvanite, Voltzite's access broker, pummels F5, Ivanti, and SAP vulns within 48 hours of patch drops, handing keys to power grids and water systems across North America to the Middle East. Azurite, overlapping Flax Typhoon, ghosts into manufacturing, defense, and autos, yoinking network diagrams and alarms. Pyroxene teams with Iran's Imperial Kitten for supply chain hits, even wiping data in Israel amid that June 2025 flare-up.
Tactically, these ops scream living off the land—edge devices, no EDR, persistence for years. Strategically? It's pre-war positioning; disrupt US critical infra in a Taiwan scrap, and we're blacked out while they sip tea.
Then boom, Google Threat Intelligence and Mandiant's Tuesday bombshell: UNC6201, China-linked and cozy with Silk Typhoon's UNC5221, exploited Dell RecoverPoint zero-day CVE-2026-22769—a hardcoded Tomcat password nightmare, CVSS 10/10—since mid-2024. They deployed Brickstorm backdoor, then upgraded to stealthy Grimbolt in September, a C#-native AOT beast evading analysis on resource-poor appliances. Ghost NICs on VMware ESXi for pivots, iptables SPA tricks—pure wizardry. CISA's piling on with IOCs; dozens of US orgs hit, dwelling 400+ days. Dell patched it, but unpatched nets? Actor's still lurking.
Texas just sued TP-Link Tuesday, claiming their routers are CCP backdoors—easy hacks into homes and biz.
Internationally? CISA, NSA, Canada's CCC pushing Brickstorm intel. FCC's yelling at telcos to ransomware-proof after a 4x spike.
Recommendations? Patch Dell now, hunt Grimbolt with Mandiant's YARA rules. Segment OT, ditch default creds, monitor edge like hawks—Sierra, Ivanti, F5. Air-gap backups, drill disruptions. Strategically, push allies for supply chain bans; tactically, EDR on OT edges.
Whew, Beijing's not slowing—stay vigilant, listeners.
Thanks for tuning in—subscribe for more! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here with Cyber Sentinel: Beijing Watch, diving straight into the hottest Chinese cyber chaos from the past week that's got US security sweating. Picture this: I'm hunkered down in my digital war room, coffee IV-dripped, watching Beijing's hackers play 4D chess with our grids.
Dragos dropped their 2025 Year in Review report Tuesday, and it's a gut punch—Volt Typhoon, that notorious PRC squad the US government's been yelling about, is still burrowed deep in US energy networks like electric utilities, oil, and gas pipelines. They're not swiping IP; nah, Dragos CEO Robert M. Lee says Voltzite, their close cousin, is embedding malware in control loops for one reason: to flip the kill switch when Beijing says go. They hit Sierra Wireless AirLink devices to slurp sensor data, tweak engineering workstations, and snag configs on how to halt ops cold. Another op? They unleashed the JDY botnet to probe VPNs in energy and defense—prepping for the big boom.
But wait, fresh blood: three new crews joined the party. Sylvanite, Voltzite's access broker, pummels F5, Ivanti, and SAP vulns within 48 hours of patch drops, handing keys to power grids and water systems across North America to the Middle East. Azurite, overlapping Flax Typhoon, ghosts into manufacturing, defense, and autos, yoinking network diagrams and alarms. Pyroxene teams with Iran's Imperial Kitten for supply chain hits, even wiping data in Israel amid that June 2025 flare-up.
Tactically, these ops scream living off the land—edge devices, no EDR, persistence for years. Strategically? It's pre-war positioning; disrupt US critical infra in a Taiwan scrap, and we're blacked out while they sip tea.
Then boom, Google Threat Intelligence and Mandiant's Tuesday bombshell: UNC6201, China-linked and cozy with Silk Typhoon's UNC5221, exploited Dell RecoverPoint zero-day CVE-2026-22769—a hardcoded Tomcat password nightmare, CVSS 10/10—since mid-2024. They deployed Brickstorm backdoor, then upgraded to stealthy Grimbolt in September, a C#-native AOT beast evading analysis on resource-poor appliances. Ghost NICs on VMware ESXi for pivots, iptables SPA tricks—pure wizardry. CISA's piling on with IOCs; dozens of US orgs hit, dwelling 400+ days. Dell patched it, but unpatched nets? Actor's still lurking.
Texas just sued TP-Link Tuesday, claiming their routers are CCP backdoors—easy hacks into homes and biz.
Internationally? CISA, NSA, Canada's CCC pushing Brickstorm intel. FCC's yelling at telcos to ransomware-proof after a 4x spike.
Recommendations? Patch Dell now, hunt Grimbolt with Mandiant's YARA rules. Segment OT, ditch default creds, monitor edge like hawks—Sierra, Ivanti, F5. Air-gap backups, drill disruptions. Strategically, push allies for supply chain bans; tactically, EDR on OT edges.
Whew, Beijing's not slowing—stay vigilant, listeners.
Thanks for tuning in—subscribe for more! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Cyber Sentinel: Beijing Watch podcast.
Hey listeners, Ting here with Cyber Sentinel: Beijing Watch, diving straight into the hottest Chinese cyber chaos from the past week that's got US security sweating. Picture this: I'm hunkered down in my digital war room, coffee IV-dripped, watching Beijing's hackers play 4D chess with our grids.
Dragos dropped their 2025 Year in Review report Tuesday, and it's a gut punch—Volt Typhoon, that notorious PRC squad the US government's been yelling about, is still burrowed deep in US energy networks like electric utilities, oil, and gas pipelines. They're not swiping IP; nah, Dragos CEO Robert M. Lee says Voltzite, their close cousin, is embedding malware in control loops for one reason: to flip the kill switch when Beijing says go. They hit Sierra Wireless AirLink devices to slurp sensor data, tweak engineering workstations, and snag configs on how to halt ops cold. Another op? They unleashed the JDY botnet to probe VPNs in energy and defense—prepping for the big boom.
But wait, fresh blood: three new crews joined the party. Sylvanite, Voltzite's access broker, pummels F5, Ivanti, and SAP vulns within 48 hours of patch drops, handing keys to power grids and water systems across North America to the Middle East. Azurite, overlapping Flax Typhoon, ghosts into manufacturing, defense, and autos, yoinking network diagrams and alarms. Pyroxene teams with Iran's Imperial Kitten for supply chain hits, even wiping data in Israel amid that June 2025 flare-up.
Tactically, these ops scream living off the land—edge devices, no EDR, persistence for years. Strategically? It's pre-war positioning; disrupt US critical infra in a Taiwan scrap, and we're blacked out while they sip tea.
Then boom, Google Threat Intelligence and Mandiant's Tuesday bombshell: UNC6201, China-linked and cozy with Silk Typhoon's UNC5221, exploited Dell RecoverPoint zero-day CVE-2026-22769—a hardcoded Tomcat password nightmare, CVSS 10/10—since mid-2024. They deployed Brickstorm backdoor, then upgraded to stealthy Grimbolt in September, a C#-native AOT beast evading analysis on resource-poor appliances. Ghost NICs on VMware ESXi for pivots, iptables SPA tricks—pure wizardry. CISA's piling on with IOCs; dozens of US orgs hit, dwelling 400+ days. Dell patched it, but unpatched nets? Actor's still lurking.
Texas just sued TP-Link Tuesday, claiming their routers are CCP backdoors—easy hacks into homes and biz.
Internationally? CISA, NSA, Canada's CCC pushing Brickstorm intel. FCC's yelling at telcos to ransomware-proof after a 4x spike.
Recommendations? Patch Dell now, hunt Grimbolt with Mandiant's YARA rules. Segment OT, ditch default creds, monitor edge like hawks—Sierra, Ivanti, F5. Air-gap backups, drill disruptions. Strategically, push allies for supply chain bans; tactically, EDR on OT edges.
Whew, Beijing's not slowing—stay vigilant, listeners.
Thanks for tuning in—subscribe for more! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here with Cyber Sentinel: Beijing Watch, diving straight into the hottest Chinese cyber chaos from the past week that's got US security sweating. Picture this: I'm hunkered down in my digital war room, coffee IV-dripped, watching Beijing's hackers play 4D chess with our grids.
Dragos dropped their 2025 Year in Review report Tuesday, and it's a gut punch—Volt Typhoon, that notorious PRC squad the US government's been yelling about, is still burrowed deep in US energy networks like electric utilities, oil, and gas pipelines. They're not swiping IP; nah, Dragos CEO Robert M. Lee says Voltzite, their close cousin, is embedding malware in control loops for one reason: to flip the kill switch when Beijing says go. They hit Sierra Wireless AirLink devices to slurp sensor data, tweak engineering workstations, and snag configs on how to halt ops cold. Another op? They unleashed the JDY botnet to probe VPNs in energy and defense—prepping for the big boom.
But wait, fresh blood: three new crews joined the party. Sylvanite, Voltzite's access broker, pummels F5, Ivanti, and SAP vulns within 48 hours of patch drops, handing keys to power grids and water systems across North America to the Middle East. Azurite, overlapping Flax Typhoon, ghosts into manufacturing, defense, and autos, yoinking network diagrams and alarms. Pyroxene teams with Iran's Imperial Kitten for supply chain hits, even wiping data in Israel amid that June 2025 flare-up.
Tactically, these ops scream living off the land—edge devices, no EDR, persistence for years. Strategically? It's pre-war positioning; disrupt US critical infra in a Taiwan scrap, and we're blacked out while they sip tea.
Then boom, Google Threat Intelligence and Mandiant's Tuesday bombshell: UNC6201, China-linked and cozy with Silk Typhoon's UNC5221, exploited Dell RecoverPoint zero-day CVE-2026-22769—a hardcoded Tomcat password nightmare, CVSS 10/10—since mid-2024. They deployed Brickstorm backdoor, then upgraded to stealthy Grimbolt in September, a C#-native AOT beast evading analysis on resource-poor appliances. Ghost NICs on VMware ESXi for pivots, iptables SPA tricks—pure wizardry. CISA's piling on with IOCs; dozens of US orgs hit, dwelling 400+ days. Dell patched it, but unpatched nets? Actor's still lurking.
Texas just sued TP-Link Tuesday, claiming their routers are CCP backdoors—easy hacks into homes and biz.
Internationally? CISA, NSA, Canada's CCC pushing Brickstorm intel. FCC's yelling at telcos to ransomware-proof after a 4x spike.
Recommendations? Patch Dell now, hunt Grimbolt with Mandiant's YARA rules. Segment OT, ditch default creds, monitor edge like hawks—Sierra, Ivanti, F5. Air-gap backups, drill disruptions. Strategically, push allies for supply chain bans; tactically, EDR on OT edges.
Whew, Beijing's not slowing—stay vigilant, listeners.
Thanks for tuning in—subscribe for more! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI