Sign up to save your podcasts
Or
Share China's Cyber Chaos: Smishing Tsunamis, AI Arms Races, and Luxury Hacks Galore!
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
China's Cyber Chaos: Smishing Tsunamis, AI Arms Races, and Luxury Hacks Galore!
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Hey listeners, Ting here on Digital Dragon Watch, and if you’ve got nerves of steel, you’ll need them—China cyber action this week has been more electrifying than a high-voltage power grid, and almost as unpredictable. Buckle up: we’re jumping straight into the breach.
First up, the smishing tsunami that’s swept through the United States—security researchers just exposed an advanced network of Chinese-speaking cyber syndicates running large-scale attacks targeting digital wallets. These aren’t your garden variety phishing texts: these attacks exploit mobile wallets like Apple Pay and Google Wallet by bypassing multi-factor authentication entirely, using platforms like Lighthouse and phishing-as-a-service kits driven by cyber kingpins with aliases like “Lao Wang.” What’s wild? They’re turning pilfered card data into tokenized assets, then provisioning those cards onto attacker-controlled devices for seamless, legitimate-looking purchases—think contactless fraud that slips right past most defenses. We are talking about 115 million US cards exposed, all via slick SMS campaigns pretending to be everything from toll payment reminders to USPS notifications. Rockstar cybercrooks like Darcula, XinXin, and Panda Shop are all in on this action.
Now, in a show of corporate whack-a-mole, Chinese threat actors Linen Typhoon and Violet Typhoon, along with the infamous Storm-2603, exploited not one but a series of SharePoint zero-days. Wouldn’t you know, these bugs were patched by Microsoft’s China-based code team…but the vulnerabilities started being exploited literally a day before the patch went public. Espionage and ransomware? Both, confirmed. These attackers aim for intellectual property theft, espionage, and are increasingly deploying Warlock ransomware. It’s got the Office of the Director of National Intelligence declaring China the “most active and persistent” cyber threat facing both US government and private sector critical infrastructure.
Meanwhile, supply chain anxieties are reaching a fever pitch. The US just launched a Section 232 national security investigation into Chinese unmanned aircraft systems—think drones by DJI and Autel Robotics—amid legitimate fears they’re not just flying gadgets but reconnaissance platforms. There’s real concern over hacking, data theft, and China’s ability to weaponize its ridiculous dominance in the US drone market to cause havoc, from emergency response right up to military assets.
Switching gears, luxury gets hacked—Chanel just confirmed unauthorized access to their US client database, piggybacking a similar breach at Dior in China. While the impact was limited to contact details, no malware was injected, and operations are unaffected, it’s yet another painful reminder that no one’s data is off-limits. Chanel’s incident response involved A-list cybersecurity experts and quick client notifications.
The AI arms race also hit turbo this week. US officials say China’s government is now going full tilt with AI-driven information warfare—using homegrown companies to collect data on American lawmakers and orchestrate influence ops in Hong Kong, Taiwan, and watching for opportunities closer to home. These AI-driven campaigns mean information warfare at the speed of light, folks.
Meanwhile, China’s Ministry of State Security is warning citizens about Worldcoin-style iris biometric harvesting—a subtle note that foreign companies luring people with crypto for a retinal scan may be doing more than building a global ID. China’s worried about espionage and privacy, urging people to question how and where their iris scans are stored.
And on the US side, drama at Nvidia—after China raised security concerns over the new H20 AI chips, Nvidia’s security chief David Reber publicly declared—no backdoors, no spyware, but warned that any US-mandated “chip kill switches” would do more harm than good, saying it’s “an overreaction that would irreparably harm America’s economic and national security interests.”
Expert advice to wrap: don’t trust SMS even from brands you know, patch fast (especially SharePoint and digital wallet apps), prioritize supply chain audits—especially drones and chipsets—and for C-suite executives, talk to your threat intel teams weekly. No time for “set and forget.”
Thanks for tuning into Digital Dragon Watch! Smash that subscribe button so you don’t miss the next wave. This has been a Quiet Please production, for more check out quietplease dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Hey listeners, Ting here on Digital Dragon Watch, and if you’ve got nerves of steel, you’ll need them—China cyber action this week has been more electrifying than a high-voltage power grid, and almost as unpredictable. Buckle up: we’re jumping straight into the breach.
First up, the smishing tsunami that’s swept through the United States—security researchers just exposed an advanced network of Chinese-speaking cyber syndicates running large-scale attacks targeting digital wallets. These aren’t your garden variety phishing texts: these attacks exploit mobile wallets like Apple Pay and Google Wallet by bypassing multi-factor authentication entirely, using platforms like Lighthouse and phishing-as-a-service kits driven by cyber kingpins with aliases like “Lao Wang.” What’s wild? They’re turning pilfered card data into tokenized assets, then provisioning those cards onto attacker-controlled devices for seamless, legitimate-looking purchases—think contactless fraud that slips right past most defenses. We are talking about 115 million US cards exposed, all via slick SMS campaigns pretending to be everything from toll payment reminders to USPS notifications. Rockstar cybercrooks like Darcula, XinXin, and Panda Shop are all in on this action.
Now, in a show of corporate whack-a-mole, Chinese threat actors Linen Typhoon and Violet Typhoon, along with the infamous Storm-2603, exploited not one but a series of SharePoint zero-days. Wouldn’t you know, these bugs were patched by Microsoft’s China-based code team…but the vulnerabilities started being exploited literally a day before the patch went public. Espionage and ransomware? Both, confirmed. These attackers aim for intellectual property theft, espionage, and are increasingly deploying Warlock ransomware. It’s got the Office of the Director of National Intelligence declaring China the “most active and persistent” cyber threat facing both US government and private sector critical infrastructure.
Meanwhile, supply chain anxieties are reaching a fever pitch. The US just launched a Section 232 national security investigation into Chinese unmanned aircraft systems—think drones by DJI and Autel Robotics—amid legitimate fears they’re not just flying gadgets but reconnaissance platforms. There’s real concern over hacking, data theft, and China’s ability to weaponize its ridiculous dominance in the US drone market to cause havoc, from emergency response right up to military assets.
Switching gears, luxury gets hacked—Chanel just confirmed unauthorized access to their US client database, piggybacking a similar breach at Dior in China. While the impact was limited to contact details, no malware was injected, and operations are unaffected, it’s yet another painful reminder that no one’s data is off-limits. Chanel’s incident response involved A-list cybersecurity experts and quick client notifications.
The AI arms race also hit turbo this week. US officials say China’s government is now going full tilt with AI-driven information warfare—using homegrown companies to collect data on American lawmakers and orchestrate influence ops in Hong Kong, Taiwan, and watching for opportunities closer to home. These AI-driven campaigns mean information warfare at the speed of light, folks.
Meanwhile, China’s Ministry of State Security is warning citizens about Worldcoin-style iris biometric harvesting—a subtle note that foreign companies luring people with crypto for a retinal scan may be doing more than building a global ID. China’s worried about espionage and privacy, urging people to question how and where their iris scans are stored.
And on the US side, drama at Nvidia—after China raised security concerns over the new H20 AI chips, Nvidia’s security chief David Reber publicly declared—no backdoors, no spyware, but warned that any US-mandated “chip kill switches” would do more harm than good, saying it’s “an overreaction that would irreparably harm America’s economic and national security interests.”
Expert advice to wrap: don’t trust SMS even from brands you know, patch fast (especially SharePoint and digital wallet apps), prioritize supply chain audits—especially drones and chipsets—and for C-suite executives, talk to your threat intel teams weekly. No time for “set and forget.”
Thanks for tuning into Digital Dragon Watch! Smash that subscribe button so you don’t miss the next wave. This has been a Quiet Please production, for more check out quietplease dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
View all episodes
By Quiet. PleaseThis is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Hey listeners, Ting here on Digital Dragon Watch, and if you’ve got nerves of steel, you’ll need them—China cyber action this week has been more electrifying than a high-voltage power grid, and almost as unpredictable. Buckle up: we’re jumping straight into the breach.
First up, the smishing tsunami that’s swept through the United States—security researchers just exposed an advanced network of Chinese-speaking cyber syndicates running large-scale attacks targeting digital wallets. These aren’t your garden variety phishing texts: these attacks exploit mobile wallets like Apple Pay and Google Wallet by bypassing multi-factor authentication entirely, using platforms like Lighthouse and phishing-as-a-service kits driven by cyber kingpins with aliases like “Lao Wang.” What’s wild? They’re turning pilfered card data into tokenized assets, then provisioning those cards onto attacker-controlled devices for seamless, legitimate-looking purchases—think contactless fraud that slips right past most defenses. We are talking about 115 million US cards exposed, all via slick SMS campaigns pretending to be everything from toll payment reminders to USPS notifications. Rockstar cybercrooks like Darcula, XinXin, and Panda Shop are all in on this action.
Now, in a show of corporate whack-a-mole, Chinese threat actors Linen Typhoon and Violet Typhoon, along with the infamous Storm-2603, exploited not one but a series of SharePoint zero-days. Wouldn’t you know, these bugs were patched by Microsoft’s China-based code team…but the vulnerabilities started being exploited literally a day before the patch went public. Espionage and ransomware? Both, confirmed. These attackers aim for intellectual property theft, espionage, and are increasingly deploying Warlock ransomware. It’s got the Office of the Director of National Intelligence declaring China the “most active and persistent” cyber threat facing both US government and private sector critical infrastructure.
Meanwhile, supply chain anxieties are reaching a fever pitch. The US just launched a Section 232 national security investigation into Chinese unmanned aircraft systems—think drones by DJI and Autel Robotics—amid legitimate fears they’re not just flying gadgets but reconnaissance platforms. There’s real concern over hacking, data theft, and China’s ability to weaponize its ridiculous dominance in the US drone market to cause havoc, from emergency response right up to military assets.
Switching gears, luxury gets hacked—Chanel just confirmed unauthorized access to their US client database, piggybacking a similar breach at Dior in China. While the impact was limited to contact details, no malware was injected, and operations are unaffected, it’s yet another painful reminder that no one’s data is off-limits. Chanel’s incident response involved A-list cybersecurity experts and quick client notifications.
The AI arms race also hit turbo this week. US officials say China’s government is now going full tilt with AI-driven information warfare—using homegrown companies to collect data on American lawmakers and orchestrate influence ops in Hong Kong, Taiwan, and watching for opportunities closer to home. These AI-driven campaigns mean information warfare at the speed of light, folks.
Meanwhile, China’s Ministry of State Security is warning citizens about Worldcoin-style iris biometric harvesting—a subtle note that foreign companies luring people with crypto for a retinal scan may be doing more than building a global ID. China’s worried about espionage and privacy, urging people to question how and where their iris scans are stored.
And on the US side, drama at Nvidia—after China raised security concerns over the new H20 AI chips, Nvidia’s security chief David Reber publicly declared—no backdoors, no spyware, but warned that any US-mandated “chip kill switches” would do more harm than good, saying it’s “an overreaction that would irreparably harm America’s economic and national security interests.”
Expert advice to wrap: don’t trust SMS even from brands you know, patch fast (especially SharePoint and digital wallet apps), prioritize supply chain audits—especially drones and chipsets—and for C-suite executives, talk to your threat intel teams weekly. No time for “set and forget.”
Thanks for tuning into Digital Dragon Watch! Smash that subscribe button so you don’t miss the next wave. This has been a Quiet Please production, for more check out quietplease dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Hey listeners, Ting here on Digital Dragon Watch, and if you’ve got nerves of steel, you’ll need them—China cyber action this week has been more electrifying than a high-voltage power grid, and almost as unpredictable. Buckle up: we’re jumping straight into the breach.
First up, the smishing tsunami that’s swept through the United States—security researchers just exposed an advanced network of Chinese-speaking cyber syndicates running large-scale attacks targeting digital wallets. These aren’t your garden variety phishing texts: these attacks exploit mobile wallets like Apple Pay and Google Wallet by bypassing multi-factor authentication entirely, using platforms like Lighthouse and phishing-as-a-service kits driven by cyber kingpins with aliases like “Lao Wang.” What’s wild? They’re turning pilfered card data into tokenized assets, then provisioning those cards onto attacker-controlled devices for seamless, legitimate-looking purchases—think contactless fraud that slips right past most defenses. We are talking about 115 million US cards exposed, all via slick SMS campaigns pretending to be everything from toll payment reminders to USPS notifications. Rockstar cybercrooks like Darcula, XinXin, and Panda Shop are all in on this action.
Now, in a show of corporate whack-a-mole, Chinese threat actors Linen Typhoon and Violet Typhoon, along with the infamous Storm-2603, exploited not one but a series of SharePoint zero-days. Wouldn’t you know, these bugs were patched by Microsoft’s China-based code team…but the vulnerabilities started being exploited literally a day before the patch went public. Espionage and ransomware? Both, confirmed. These attackers aim for intellectual property theft, espionage, and are increasingly deploying Warlock ransomware. It’s got the Office of the Director of National Intelligence declaring China the “most active and persistent” cyber threat facing both US government and private sector critical infrastructure.
Meanwhile, supply chain anxieties are reaching a fever pitch. The US just launched a Section 232 national security investigation into Chinese unmanned aircraft systems—think drones by DJI and Autel Robotics—amid legitimate fears they’re not just flying gadgets but reconnaissance platforms. There’s real concern over hacking, data theft, and China’s ability to weaponize its ridiculous dominance in the US drone market to cause havoc, from emergency response right up to military assets.
Switching gears, luxury gets hacked—Chanel just confirmed unauthorized access to their US client database, piggybacking a similar breach at Dior in China. While the impact was limited to contact details, no malware was injected, and operations are unaffected, it’s yet another painful reminder that no one’s data is off-limits. Chanel’s incident response involved A-list cybersecurity experts and quick client notifications.
The AI arms race also hit turbo this week. US officials say China’s government is now going full tilt with AI-driven information warfare—using homegrown companies to collect data on American lawmakers and orchestrate influence ops in Hong Kong, Taiwan, and watching for opportunities closer to home. These AI-driven campaigns mean information warfare at the speed of light, folks.
Meanwhile, China’s Ministry of State Security is warning citizens about Worldcoin-style iris biometric harvesting—a subtle note that foreign companies luring people with crypto for a retinal scan may be doing more than building a global ID. China’s worried about espionage and privacy, urging people to question how and where their iris scans are stored.
And on the US side, drama at Nvidia—after China raised security concerns over the new H20 AI chips, Nvidia’s security chief David Reber publicly declared—no backdoors, no spyware, but warned that any US-mandated “chip kill switches” would do more harm than good, saying it’s “an overreaction that would irreparably harm America’s economic and national security interests.”
Expert advice to wrap: don’t trust SMS even from brands you know, patch fast (especially SharePoint and digital wallet apps), prioritize supply chain audits—especially drones and chipsets—and for C-suite executives, talk to your threat intel teams weekly. No time for “set and forget.”
Thanks for tuning into Digital Dragon Watch! Smash that subscribe button so you don’t miss the next wave. This has been a Quiet Please production, for more check out quietplease dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta