Sign up to save your podcasts
Or
Share China's Digital Ninjas Strike Again: iOS Zero-Days, Telecom Takeovers and Why Your iPhone Might Be Snitching on You
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
China's Digital Ninjas Strike Again: iOS Zero-Days, Telecom Takeovers and Why Your iPhone Might Be Snitching on You
This is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks hitting US tech defenses. Buckle up, because the last 24 hours dropped some scorcher reports on Beijing's digital ninjas probing our edges.
Cisco Talos just blew the lid off UAT-9244, a China-linked APT that's been feasting on South American telecoms since 2024, but the ripples are slamming US interests hard. These creeps deploy TernDoor on Windows boxes, PeerTime—aka angrypeer—on Linux servers, and BruteEntry on edge routers, turning them into brute-force zombies scanning Postgres, SSH, and Tomcat. Tracked close to FamousSparrow, which vibes with Salt Typhoon's telecom takedowns, it's all about espionage supply chains that bleed into our networks. Imagine your ISP's edge gear phoning home to Shenzhen—yikes.
Meanwhile, CISA's Known Exploited Vulnerabilities catalog lit up like a fireworks show over three iOS flaws from the Coruna exploit kit: CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000 in WebKit. Google's Threat Intelligence Group caught this beast evolving from spyware vendor gigs in February 2025 to Russian UNC6353 watering holes on Ukrainian sites by July, then Chinese UNC6691 financial crooks rifling crypto wallets like MetaMask and Phantom via fake exchanges. It chains 23 zero-days across iOS 13 to 17.2.1, fingerprinting your iPhone on sketchy sites, rooting the powerd daemon, and slurping financial data. CISA's BOD 22-01 gives feds till March 26 to patch, but hey, everyone—update now or kiss your seed phrases goodbye.
Not done yet: CISA also flagged CVE-2017-7921 in Hikvision cams—improper auth letting creeps pivot inside—and CVE-2021-22681 in Rockwell Automation's Studio 5000 Logix Designer, where attackers impersonate controllers for ICS chaos. Silver Dragon, under APT41's wing, is weaponizing Windows Google Drive for fresh espionage drops. Google's year-end tally? China-linked spies topped 2025's enterprise zero-days, hammering security gear and edges we can't even detect properly.
Defensive playbooks scream urgency: CISA says scan for these KEVs, patch iOS pronto, isolate edge devices, hunt TernDoor C2s, and rotate creds on telecom stacks. Federal crews, BOD-mandated; the rest of you, don't sleep on it—Salt Typhoon's 80-country sweep proves they're scaling fast.
Thanks for tuning in, listeners—hit subscribe for daily drops. This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks hitting US tech defenses. Buckle up, because the last 24 hours dropped some scorcher reports on Beijing's digital ninjas probing our edges.
Cisco Talos just blew the lid off UAT-9244, a China-linked APT that's been feasting on South American telecoms since 2024, but the ripples are slamming US interests hard. These creeps deploy TernDoor on Windows boxes, PeerTime—aka angrypeer—on Linux servers, and BruteEntry on edge routers, turning them into brute-force zombies scanning Postgres, SSH, and Tomcat. Tracked close to FamousSparrow, which vibes with Salt Typhoon's telecom takedowns, it's all about espionage supply chains that bleed into our networks. Imagine your ISP's edge gear phoning home to Shenzhen—yikes.
Meanwhile, CISA's Known Exploited Vulnerabilities catalog lit up like a fireworks show over three iOS flaws from the Coruna exploit kit: CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000 in WebKit. Google's Threat Intelligence Group caught this beast evolving from spyware vendor gigs in February 2025 to Russian UNC6353 watering holes on Ukrainian sites by July, then Chinese UNC6691 financial crooks rifling crypto wallets like MetaMask and Phantom via fake exchanges. It chains 23 zero-days across iOS 13 to 17.2.1, fingerprinting your iPhone on sketchy sites, rooting the powerd daemon, and slurping financial data. CISA's BOD 22-01 gives feds till March 26 to patch, but hey, everyone—update now or kiss your seed phrases goodbye.
Not done yet: CISA also flagged CVE-2017-7921 in Hikvision cams—improper auth letting creeps pivot inside—and CVE-2021-22681 in Rockwell Automation's Studio 5000 Logix Designer, where attackers impersonate controllers for ICS chaos. Silver Dragon, under APT41's wing, is weaponizing Windows Google Drive for fresh espionage drops. Google's year-end tally? China-linked spies topped 2025's enterprise zero-days, hammering security gear and edges we can't even detect properly.
Defensive playbooks scream urgency: CISA says scan for these KEVs, patch iOS pronto, isolate edge devices, hunt TernDoor C2s, and rotate creds on telecom stacks. Federal crews, BOD-mandated; the rest of you, don't sleep on it—Salt Typhoon's 80-country sweep proves they're scaling fast.
Thanks for tuning in, listeners—hit subscribe for daily drops. This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks hitting US tech defenses. Buckle up, because the last 24 hours dropped some scorcher reports on Beijing's digital ninjas probing our edges.
Cisco Talos just blew the lid off UAT-9244, a China-linked APT that's been feasting on South American telecoms since 2024, but the ripples are slamming US interests hard. These creeps deploy TernDoor on Windows boxes, PeerTime—aka angrypeer—on Linux servers, and BruteEntry on edge routers, turning them into brute-force zombies scanning Postgres, SSH, and Tomcat. Tracked close to FamousSparrow, which vibes with Salt Typhoon's telecom takedowns, it's all about espionage supply chains that bleed into our networks. Imagine your ISP's edge gear phoning home to Shenzhen—yikes.
Meanwhile, CISA's Known Exploited Vulnerabilities catalog lit up like a fireworks show over three iOS flaws from the Coruna exploit kit: CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000 in WebKit. Google's Threat Intelligence Group caught this beast evolving from spyware vendor gigs in February 2025 to Russian UNC6353 watering holes on Ukrainian sites by July, then Chinese UNC6691 financial crooks rifling crypto wallets like MetaMask and Phantom via fake exchanges. It chains 23 zero-days across iOS 13 to 17.2.1, fingerprinting your iPhone on sketchy sites, rooting the powerd daemon, and slurping financial data. CISA's BOD 22-01 gives feds till March 26 to patch, but hey, everyone—update now or kiss your seed phrases goodbye.
Not done yet: CISA also flagged CVE-2017-7921 in Hikvision cams—improper auth letting creeps pivot inside—and CVE-2021-22681 in Rockwell Automation's Studio 5000 Logix Designer, where attackers impersonate controllers for ICS chaos. Silver Dragon, under APT41's wing, is weaponizing Windows Google Drive for fresh espionage drops. Google's year-end tally? China-linked spies topped 2025's enterprise zero-days, hammering security gear and edges we can't even detect properly.
Defensive playbooks scream urgency: CISA says scan for these KEVs, patch iOS pronto, isolate edge devices, hunt TernDoor C2s, and rotate creds on telecom stacks. Federal crews, BOD-mandated; the rest of you, don't sleep on it—Salt Typhoon's 80-country sweep proves they're scaling fast.
Thanks for tuning in, listeners—hit subscribe for daily drops. This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks hitting US tech defenses. Buckle up, because the last 24 hours dropped some scorcher reports on Beijing's digital ninjas probing our edges.
Cisco Talos just blew the lid off UAT-9244, a China-linked APT that's been feasting on South American telecoms since 2024, but the ripples are slamming US interests hard. These creeps deploy TernDoor on Windows boxes, PeerTime—aka angrypeer—on Linux servers, and BruteEntry on edge routers, turning them into brute-force zombies scanning Postgres, SSH, and Tomcat. Tracked close to FamousSparrow, which vibes with Salt Typhoon's telecom takedowns, it's all about espionage supply chains that bleed into our networks. Imagine your ISP's edge gear phoning home to Shenzhen—yikes.
Meanwhile, CISA's Known Exploited Vulnerabilities catalog lit up like a fireworks show over three iOS flaws from the Coruna exploit kit: CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000 in WebKit. Google's Threat Intelligence Group caught this beast evolving from spyware vendor gigs in February 2025 to Russian UNC6353 watering holes on Ukrainian sites by July, then Chinese UNC6691 financial crooks rifling crypto wallets like MetaMask and Phantom via fake exchanges. It chains 23 zero-days across iOS 13 to 17.2.1, fingerprinting your iPhone on sketchy sites, rooting the powerd daemon, and slurping financial data. CISA's BOD 22-01 gives feds till March 26 to patch, but hey, everyone—update now or kiss your seed phrases goodbye.
Not done yet: CISA also flagged CVE-2017-7921 in Hikvision cams—improper auth letting creeps pivot inside—and CVE-2021-22681 in Rockwell Automation's Studio 5000 Logix Designer, where attackers impersonate controllers for ICS chaos. Silver Dragon, under APT41's wing, is weaponizing Windows Google Drive for fresh espionage drops. Google's year-end tally? China-linked spies topped 2025's enterprise zero-days, hammering security gear and edges we can't even detect properly.
Defensive playbooks scream urgency: CISA says scan for these KEVs, patch iOS pronto, isolate edge devices, hunt TernDoor C2s, and rotate creds on telecom stacks. Federal crews, BOD-mandated; the rest of you, don't sleep on it—Salt Typhoon's 80-country sweep proves they're scaling fast.
Thanks for tuning in, listeners—hit subscribe for daily drops. This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI