Sign up to save your podcasts
Or
Share Billion-Dollar Phishing Frenzy Fuels US Scam Crackdown as Ghost Tap Stalks Payment Cards
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Billion-Dollar Phishing Frenzy Fuels US Scam Crackdown as Ghost Tap Stalks Payment Cards
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Hey listeners, Ting here, your digital dragon slayer on the Weekly China Cyber Alert. Buckle up—because the past seven days have been pure cyber-chaos in the world of China-linked hacks, scams, and behind-the-scenes defensive moves. Let’s get right to the highlights, starting with a billion-dollar troublemaker.
Google just dropped a legal nuke in the Southern District of New York—suing a China-based cyber gang behind a Phishing-as-a-Service platform called Lighthouse. Think of Lighthouse as the Amazon Prime of online scams; instead of delivering deals, it delivers SMS phishing at industrial scale. Over a million victims, across 120 countries, tricked by fake E-ZPass and USPS messages. Lighthouse doesn’t bother reinventing the wheel—it rents out cloned login screens from Google, banks, and delivery services. Netcraft tracked over 17,000 phishing domains linked to this syndicate, and Palo Alto Networks says they’ve fired off nearly 200,000 malicious domains since January, targeting everything from banks to—get this—state police.
The hits just keep coming, because Lighthouse isn’t alone. These PhaaS operations—Lighthouse, Lucid, Darcula—are interconnected, constantly evolving, and worse: syndicates like the Smishing Triad may have slurped data tied to up to 115 million U.S. payment cards over the last year. The new trick? Ghost Tap, used to load your stolen card right into a digital wallet—so by the time you notice the double-charged lattes, your card’s gone global.
US government response? This week, after dollar losses soared from crypto “pig butchering” to classic phishing, the Department of Justice and Treasury teamed up on the new Scam Center Strike Force. They’re bringing DOJ, FBI, OFAC, and State together, aiming to whack these scam compounds at every level—prosecution, infrastructure takedowns, asset freezes, working with allies, the works. Treasury’s even sanctioned Burma-based networks that have strong ties to Chinese cybercrime syndicates. It’s the biggest, most coordinated counter-scam push in recent memory.
Meanwhile, the threat’s not just financial. Socket’s security researchers busted malicious NuGet packages—published under the Chinese-flavored alias shanhai666—that silently sabotage industrial systems and PLCs. These packages were designed so cleverly that they can crash safety-critical infrastructure, cause random failures masked as hardware glitches, and even corrupt data without detection for years. Sharp7Extend, one of the nastiest, waits for months or years after installation, then triggers silent write failures and random process kills—imagine the headaches for industrial plants and supply chains.
And let’s not skip the international espionage angle—just yesterday, Andrew Shearer, the chief of Australia’s spy agency, warned that Chinese hackers are actively probing critical networks Down Under, hunting for both secrets and sabotage opportunities. That’s not just theory—Australia’s seen increased cyber reconnaissance across its infrastructure.
Policy responses in the States are equally dynamic. The finalized Cybersecurity Maturity Model Certification (CMMC) rule went live on Monday, meaning every defense contractor is now living under tighter audit requirements—NIST frameworks, risk management, you name it. On the flip side, CISA’s beefed-up critical infrastructure incident reporting rule? Delayed until at least next year. So while the US is punching back, there’s still lag at the regulatory level.
If you’re wondering how to stay safe: Experts say enable message filtering on devices, audit all open source supply chain dependencies—especially for lookalike author names or weird time delays—and stay up-to-date with phishing protection updates. In the financial arena, be wary of unsolicited investment pitches, especially involving crypto, and check wallet addresses before any transfers.
That’s a wrap for this week. Huge thanks for tuning in to Digital Dragon Watch with me, Ting. Don’t forget to subscribe so you never miss the latest in China, Cyber, and everything in between.
This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your digital dragon slayer on the Weekly China Cyber Alert. Buckle up—because the past seven days have been pure cyber-chaos in the world of China-linked hacks, scams, and behind-the-scenes defensive moves. Let’s get right to the highlights, starting with a billion-dollar troublemaker.
Google just dropped a legal nuke in the Southern District of New York—suing a China-based cyber gang behind a Phishing-as-a-Service platform called Lighthouse. Think of Lighthouse as the Amazon Prime of online scams; instead of delivering deals, it delivers SMS phishing at industrial scale. Over a million victims, across 120 countries, tricked by fake E-ZPass and USPS messages. Lighthouse doesn’t bother reinventing the wheel—it rents out cloned login screens from Google, banks, and delivery services. Netcraft tracked over 17,000 phishing domains linked to this syndicate, and Palo Alto Networks says they’ve fired off nearly 200,000 malicious domains since January, targeting everything from banks to—get this—state police.
The hits just keep coming, because Lighthouse isn’t alone. These PhaaS operations—Lighthouse, Lucid, Darcula—are interconnected, constantly evolving, and worse: syndicates like the Smishing Triad may have slurped data tied to up to 115 million U.S. payment cards over the last year. The new trick? Ghost Tap, used to load your stolen card right into a digital wallet—so by the time you notice the double-charged lattes, your card’s gone global.
US government response? This week, after dollar losses soared from crypto “pig butchering” to classic phishing, the Department of Justice and Treasury teamed up on the new Scam Center Strike Force. They’re bringing DOJ, FBI, OFAC, and State together, aiming to whack these scam compounds at every level—prosecution, infrastructure takedowns, asset freezes, working with allies, the works. Treasury’s even sanctioned Burma-based networks that have strong ties to Chinese cybercrime syndicates. It’s the biggest, most coordinated counter-scam push in recent memory.
Meanwhile, the threat’s not just financial. Socket’s security researchers busted malicious NuGet packages—published under the Chinese-flavored alias shanhai666—that silently sabotage industrial systems and PLCs. These packages were designed so cleverly that they can crash safety-critical infrastructure, cause random failures masked as hardware glitches, and even corrupt data without detection for years. Sharp7Extend, one of the nastiest, waits for months or years after installation, then triggers silent write failures and random process kills—imagine the headaches for industrial plants and supply chains.
And let’s not skip the international espionage angle—just yesterday, Andrew Shearer, the chief of Australia’s spy agency, warned that Chinese hackers are actively probing critical networks Down Under, hunting for both secrets and sabotage opportunities. That’s not just theory—Australia’s seen increased cyber reconnaissance across its infrastructure.
Policy responses in the States are equally dynamic. The finalized Cybersecurity Maturity Model Certification (CMMC) rule went live on Monday, meaning every defense contractor is now living under tighter audit requirements—NIST frameworks, risk management, you name it. On the flip side, CISA’s beefed-up critical infrastructure incident reporting rule? Delayed until at least next year. So while the US is punching back, there’s still lag at the regulatory level.
If you’re wondering how to stay safe: Experts say enable message filtering on devices, audit all open source supply chain dependencies—especially for lookalike author names or weird time delays—and stay up-to-date with phishing protection updates. In the financial arena, be wary of unsolicited investment pitches, especially involving crypto, and check wallet addresses before any transfers.
That’s a wrap for this week. Huge thanks for tuning in to Digital Dragon Watch with me, Ting. Don’t forget to subscribe so you never miss the latest in China, Cyber, and everything in between.
This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Hey listeners, Ting here, your digital dragon slayer on the Weekly China Cyber Alert. Buckle up—because the past seven days have been pure cyber-chaos in the world of China-linked hacks, scams, and behind-the-scenes defensive moves. Let’s get right to the highlights, starting with a billion-dollar troublemaker.
Google just dropped a legal nuke in the Southern District of New York—suing a China-based cyber gang behind a Phishing-as-a-Service platform called Lighthouse. Think of Lighthouse as the Amazon Prime of online scams; instead of delivering deals, it delivers SMS phishing at industrial scale. Over a million victims, across 120 countries, tricked by fake E-ZPass and USPS messages. Lighthouse doesn’t bother reinventing the wheel—it rents out cloned login screens from Google, banks, and delivery services. Netcraft tracked over 17,000 phishing domains linked to this syndicate, and Palo Alto Networks says they’ve fired off nearly 200,000 malicious domains since January, targeting everything from banks to—get this—state police.
The hits just keep coming, because Lighthouse isn’t alone. These PhaaS operations—Lighthouse, Lucid, Darcula—are interconnected, constantly evolving, and worse: syndicates like the Smishing Triad may have slurped data tied to up to 115 million U.S. payment cards over the last year. The new trick? Ghost Tap, used to load your stolen card right into a digital wallet—so by the time you notice the double-charged lattes, your card’s gone global.
US government response? This week, after dollar losses soared from crypto “pig butchering” to classic phishing, the Department of Justice and Treasury teamed up on the new Scam Center Strike Force. They’re bringing DOJ, FBI, OFAC, and State together, aiming to whack these scam compounds at every level—prosecution, infrastructure takedowns, asset freezes, working with allies, the works. Treasury’s even sanctioned Burma-based networks that have strong ties to Chinese cybercrime syndicates. It’s the biggest, most coordinated counter-scam push in recent memory.
Meanwhile, the threat’s not just financial. Socket’s security researchers busted malicious NuGet packages—published under the Chinese-flavored alias shanhai666—that silently sabotage industrial systems and PLCs. These packages were designed so cleverly that they can crash safety-critical infrastructure, cause random failures masked as hardware glitches, and even corrupt data without detection for years. Sharp7Extend, one of the nastiest, waits for months or years after installation, then triggers silent write failures and random process kills—imagine the headaches for industrial plants and supply chains.
And let’s not skip the international espionage angle—just yesterday, Andrew Shearer, the chief of Australia’s spy agency, warned that Chinese hackers are actively probing critical networks Down Under, hunting for both secrets and sabotage opportunities. That’s not just theory—Australia’s seen increased cyber reconnaissance across its infrastructure.
Policy responses in the States are equally dynamic. The finalized Cybersecurity Maturity Model Certification (CMMC) rule went live on Monday, meaning every defense contractor is now living under tighter audit requirements—NIST frameworks, risk management, you name it. On the flip side, CISA’s beefed-up critical infrastructure incident reporting rule? Delayed until at least next year. So while the US is punching back, there’s still lag at the regulatory level.
If you’re wondering how to stay safe: Experts say enable message filtering on devices, audit all open source supply chain dependencies—especially for lookalike author names or weird time delays—and stay up-to-date with phishing protection updates. In the financial arena, be wary of unsolicited investment pitches, especially involving crypto, and check wallet addresses before any transfers.
That’s a wrap for this week. Huge thanks for tuning in to Digital Dragon Watch with me, Ting. Don’t forget to subscribe so you never miss the latest in China, Cyber, and everything in between.
This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your digital dragon slayer on the Weekly China Cyber Alert. Buckle up—because the past seven days have been pure cyber-chaos in the world of China-linked hacks, scams, and behind-the-scenes defensive moves. Let’s get right to the highlights, starting with a billion-dollar troublemaker.
Google just dropped a legal nuke in the Southern District of New York—suing a China-based cyber gang behind a Phishing-as-a-Service platform called Lighthouse. Think of Lighthouse as the Amazon Prime of online scams; instead of delivering deals, it delivers SMS phishing at industrial scale. Over a million victims, across 120 countries, tricked by fake E-ZPass and USPS messages. Lighthouse doesn’t bother reinventing the wheel—it rents out cloned login screens from Google, banks, and delivery services. Netcraft tracked over 17,000 phishing domains linked to this syndicate, and Palo Alto Networks says they’ve fired off nearly 200,000 malicious domains since January, targeting everything from banks to—get this—state police.
The hits just keep coming, because Lighthouse isn’t alone. These PhaaS operations—Lighthouse, Lucid, Darcula—are interconnected, constantly evolving, and worse: syndicates like the Smishing Triad may have slurped data tied to up to 115 million U.S. payment cards over the last year. The new trick? Ghost Tap, used to load your stolen card right into a digital wallet—so by the time you notice the double-charged lattes, your card’s gone global.
US government response? This week, after dollar losses soared from crypto “pig butchering” to classic phishing, the Department of Justice and Treasury teamed up on the new Scam Center Strike Force. They’re bringing DOJ, FBI, OFAC, and State together, aiming to whack these scam compounds at every level—prosecution, infrastructure takedowns, asset freezes, working with allies, the works. Treasury’s even sanctioned Burma-based networks that have strong ties to Chinese cybercrime syndicates. It’s the biggest, most coordinated counter-scam push in recent memory.
Meanwhile, the threat’s not just financial. Socket’s security researchers busted malicious NuGet packages—published under the Chinese-flavored alias shanhai666—that silently sabotage industrial systems and PLCs. These packages were designed so cleverly that they can crash safety-critical infrastructure, cause random failures masked as hardware glitches, and even corrupt data without detection for years. Sharp7Extend, one of the nastiest, waits for months or years after installation, then triggers silent write failures and random process kills—imagine the headaches for industrial plants and supply chains.
And let’s not skip the international espionage angle—just yesterday, Andrew Shearer, the chief of Australia’s spy agency, warned that Chinese hackers are actively probing critical networks Down Under, hunting for both secrets and sabotage opportunities. That’s not just theory—Australia’s seen increased cyber reconnaissance across its infrastructure.
Policy responses in the States are equally dynamic. The finalized Cybersecurity Maturity Model Certification (CMMC) rule went live on Monday, meaning every defense contractor is now living under tighter audit requirements—NIST frameworks, risk management, you name it. On the flip side, CISA’s beefed-up critical infrastructure incident reporting rule? Delayed until at least next year. So while the US is punching back, there’s still lag at the regulatory level.
If you’re wondering how to stay safe: Experts say enable message filtering on devices, audit all open source supply chain dependencies—especially for lookalike author names or weird time delays—and stay up-to-date with phishing protection updates. In the financial arena, be wary of unsolicited investment pitches, especially involving crypto, and check wallet addresses before any transfers.
That’s a wrap for this week. Huge thanks for tuning in to Digital Dragon Watch with me, Ting. Don’t forget to subscribe so you never miss the latest in China, Cyber, and everything in between.
This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI