Sign up to save your podcasts
Or
Share Chinas Cyber Ninjas Just Ghosted 70 Countries and Hacked Your Notepad Plus Plus While You Slept
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Chinas Cyber Ninjas Just Ghosted 70 Countries and Hacked Your Notepad Plus Plus While You Slept
This is your Dragon's Code: America Under Cyber Siege podcast.
Hey listeners, Ting here, your go-to cyber sleuth with a front-row seat to China's digital dragonfire. Picture this: it's been a wild week ending February 8, 2026, and America's infrastructure is feeling the heat from the most slick Chinese cyber ops yet. I'm talking Shadow Campaigns, that beast tracked by Palo Alto Networks Unit 42, where state-sponsored hackers—likely UNC6619 out of GMT+8 timezone—breached 70 government networks across 37 countries, including US allies' power grids and border systems.
These ninjas kicked off with phishing lures themed around ministry shakeups, dropping Diaoyu malware loaders from Mega.nz archives. Once in, ShadowGuard rootkit takes over Linux kernels, hiding files, spoofing syscalls, and ghosting processes like a pro. Affected systems? Brazil's Ministry of Mines and Energy, Mexican ministries, even Venezuelan tech facilities—scanning spiked during the US gov shutdown in October 2025 and Honduras' election prep. US power equipment and aviation got eyes on them too, perfect for espionage on trade policies and nukes. Attribution screams China: Asia-based ops, South China Sea focus on Indonesia, Thailand, Vietnam, per Unit 42's deep dive.
Then there's Lotus Blossom, the old fox since 2009, hitting Notepad++'s update server via Hostinger compromise from June to December 2025. Developer Don Ho confirmed selective backdoors for East Asia watchers—Rapid7 nailed it as Chinese-linked, targeting gov, telecom, aviation. CISA's on it, probing US gov exposure. Don't sleep on DKnife, Cisco Talos' router nightmare active since 2019 through January 2026. This adversary-in-the-middle toolkit hijacks WeChat creds, Chinese taxi apps, spreading ShadowPad via edge devices—high-confidence China nexus, linked to WizardNet hits in Philippines and UAE.
Defenses? CISA mandates 72-hour incident reports for critical infra, per recent rules. Palo Alto notified victims, shared IOCs like SSH from US/Singapore VPS and Tor relays. Experts like Kevin Beaumont spotted three East Asia orgs hit via Notepad++. Lessons? Patch routers, monitor kernel tweaks, ditch weak SSH—persistence beats zero-days. Randall Schriver from US-China Economic and Security Review Commission warns Pacific cables are next, dual-use ports in Solomon Islands fueling debt diplomacy near Guam.
Government officials like Thomas DiNanno call out China's sneaky nuke tests too—cyber's just the opener. Witty takeaway, listeners: China's playing 5D checkers while we're on chessboard defense. Layer up with Coast Guard pivots and intel shines, as Kuiken urges.
Thanks for tuning in, smash that subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to cyber sleuth with a front-row seat to China's digital dragonfire. Picture this: it's been a wild week ending February 8, 2026, and America's infrastructure is feeling the heat from the most slick Chinese cyber ops yet. I'm talking Shadow Campaigns, that beast tracked by Palo Alto Networks Unit 42, where state-sponsored hackers—likely UNC6619 out of GMT+8 timezone—breached 70 government networks across 37 countries, including US allies' power grids and border systems.
These ninjas kicked off with phishing lures themed around ministry shakeups, dropping Diaoyu malware loaders from Mega.nz archives. Once in, ShadowGuard rootkit takes over Linux kernels, hiding files, spoofing syscalls, and ghosting processes like a pro. Affected systems? Brazil's Ministry of Mines and Energy, Mexican ministries, even Venezuelan tech facilities—scanning spiked during the US gov shutdown in October 2025 and Honduras' election prep. US power equipment and aviation got eyes on them too, perfect for espionage on trade policies and nukes. Attribution screams China: Asia-based ops, South China Sea focus on Indonesia, Thailand, Vietnam, per Unit 42's deep dive.
Then there's Lotus Blossom, the old fox since 2009, hitting Notepad++'s update server via Hostinger compromise from June to December 2025. Developer Don Ho confirmed selective backdoors for East Asia watchers—Rapid7 nailed it as Chinese-linked, targeting gov, telecom, aviation. CISA's on it, probing US gov exposure. Don't sleep on DKnife, Cisco Talos' router nightmare active since 2019 through January 2026. This adversary-in-the-middle toolkit hijacks WeChat creds, Chinese taxi apps, spreading ShadowPad via edge devices—high-confidence China nexus, linked to WizardNet hits in Philippines and UAE.
Defenses? CISA mandates 72-hour incident reports for critical infra, per recent rules. Palo Alto notified victims, shared IOCs like SSH from US/Singapore VPS and Tor relays. Experts like Kevin Beaumont spotted three East Asia orgs hit via Notepad++. Lessons? Patch routers, monitor kernel tweaks, ditch weak SSH—persistence beats zero-days. Randall Schriver from US-China Economic and Security Review Commission warns Pacific cables are next, dual-use ports in Solomon Islands fueling debt diplomacy near Guam.
Government officials like Thomas DiNanno call out China's sneaky nuke tests too—cyber's just the opener. Witty takeaway, listeners: China's playing 5D checkers while we're on chessboard defense. Layer up with Coast Guard pivots and intel shines, as Kuiken urges.
Thanks for tuning in, smash that subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Dragon's Code: America Under Cyber Siege podcast.
Hey listeners, Ting here, your go-to cyber sleuth with a front-row seat to China's digital dragonfire. Picture this: it's been a wild week ending February 8, 2026, and America's infrastructure is feeling the heat from the most slick Chinese cyber ops yet. I'm talking Shadow Campaigns, that beast tracked by Palo Alto Networks Unit 42, where state-sponsored hackers—likely UNC6619 out of GMT+8 timezone—breached 70 government networks across 37 countries, including US allies' power grids and border systems.
These ninjas kicked off with phishing lures themed around ministry shakeups, dropping Diaoyu malware loaders from Mega.nz archives. Once in, ShadowGuard rootkit takes over Linux kernels, hiding files, spoofing syscalls, and ghosting processes like a pro. Affected systems? Brazil's Ministry of Mines and Energy, Mexican ministries, even Venezuelan tech facilities—scanning spiked during the US gov shutdown in October 2025 and Honduras' election prep. US power equipment and aviation got eyes on them too, perfect for espionage on trade policies and nukes. Attribution screams China: Asia-based ops, South China Sea focus on Indonesia, Thailand, Vietnam, per Unit 42's deep dive.
Then there's Lotus Blossom, the old fox since 2009, hitting Notepad++'s update server via Hostinger compromise from June to December 2025. Developer Don Ho confirmed selective backdoors for East Asia watchers—Rapid7 nailed it as Chinese-linked, targeting gov, telecom, aviation. CISA's on it, probing US gov exposure. Don't sleep on DKnife, Cisco Talos' router nightmare active since 2019 through January 2026. This adversary-in-the-middle toolkit hijacks WeChat creds, Chinese taxi apps, spreading ShadowPad via edge devices—high-confidence China nexus, linked to WizardNet hits in Philippines and UAE.
Defenses? CISA mandates 72-hour incident reports for critical infra, per recent rules. Palo Alto notified victims, shared IOCs like SSH from US/Singapore VPS and Tor relays. Experts like Kevin Beaumont spotted three East Asia orgs hit via Notepad++. Lessons? Patch routers, monitor kernel tweaks, ditch weak SSH—persistence beats zero-days. Randall Schriver from US-China Economic and Security Review Commission warns Pacific cables are next, dual-use ports in Solomon Islands fueling debt diplomacy near Guam.
Government officials like Thomas DiNanno call out China's sneaky nuke tests too—cyber's just the opener. Witty takeaway, listeners: China's playing 5D checkers while we're on chessboard defense. Layer up with Coast Guard pivots and intel shines, as Kuiken urges.
Thanks for tuning in, smash that subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to cyber sleuth with a front-row seat to China's digital dragonfire. Picture this: it's been a wild week ending February 8, 2026, and America's infrastructure is feeling the heat from the most slick Chinese cyber ops yet. I'm talking Shadow Campaigns, that beast tracked by Palo Alto Networks Unit 42, where state-sponsored hackers—likely UNC6619 out of GMT+8 timezone—breached 70 government networks across 37 countries, including US allies' power grids and border systems.
These ninjas kicked off with phishing lures themed around ministry shakeups, dropping Diaoyu malware loaders from Mega.nz archives. Once in, ShadowGuard rootkit takes over Linux kernels, hiding files, spoofing syscalls, and ghosting processes like a pro. Affected systems? Brazil's Ministry of Mines and Energy, Mexican ministries, even Venezuelan tech facilities—scanning spiked during the US gov shutdown in October 2025 and Honduras' election prep. US power equipment and aviation got eyes on them too, perfect for espionage on trade policies and nukes. Attribution screams China: Asia-based ops, South China Sea focus on Indonesia, Thailand, Vietnam, per Unit 42's deep dive.
Then there's Lotus Blossom, the old fox since 2009, hitting Notepad++'s update server via Hostinger compromise from June to December 2025. Developer Don Ho confirmed selective backdoors for East Asia watchers—Rapid7 nailed it as Chinese-linked, targeting gov, telecom, aviation. CISA's on it, probing US gov exposure. Don't sleep on DKnife, Cisco Talos' router nightmare active since 2019 through January 2026. This adversary-in-the-middle toolkit hijacks WeChat creds, Chinese taxi apps, spreading ShadowPad via edge devices—high-confidence China nexus, linked to WizardNet hits in Philippines and UAE.
Defenses? CISA mandates 72-hour incident reports for critical infra, per recent rules. Palo Alto notified victims, shared IOCs like SSH from US/Singapore VPS and Tor relays. Experts like Kevin Beaumont spotted three East Asia orgs hit via Notepad++. Lessons? Patch routers, monitor kernel tweaks, ditch weak SSH—persistence beats zero-days. Randall Schriver from US-China Economic and Security Review Commission warns Pacific cables are next, dual-use ports in Solomon Islands fueling debt diplomacy near Guam.
Government officials like Thomas DiNanno call out China's sneaky nuke tests too—cyber's just the opener. Witty takeaway, listeners: China's playing 5D checkers while we're on chessboard defense. Layer up with Coast Guard pivots and intel shines, as Kuiken urges.
Thanks for tuning in, smash that subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI