Sign up to save your podcasts
Or
Share China's New Year Fireworks: Malware Mayhem from Beijing's Cyber Army
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
China's New Year Fireworks: Malware Mayhem from Beijing's Cyber Army
This is your Red Alert: China's Daily Cyber Moves podcast.
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks and digital drama. Red alert on China's cyber blitz against US targets these past few days—it's like Beijing's hackers are dropping New Year's fireworks early, but with malware instead of sparks. Buckle up, because Mustang Panda just lit the fuse on December 30th with a sneaky signed kernel-mode rootkit, slipping TONESHELL backdoor into Asian entities, but Kaspersky warns it's eyeing US networks next via mid-2025 espionage chains.
Fast-forward to yesterday, Cisco's screaming about a China-nexus APT, codenamed UAT-9686, exploiting a zero-day in AsyncOS Email Security Appliances—CVE active since they spotted it on December 10th. These creeps hit Secure Email Gateways hard, bypassing patches like ghosts in the machine. CISA's piling on, urging immediate patches, AMSI enablement on SharePoint, and key rotations, per their Known Exploited Vulnerabilities catalog echoes from the July SharePoint mess.
Timeline's brutal: Recall July's ToolShell chaos from Linen Typhoon, Violet Typhoon, and Storm-2603—Chinese crews pounced on Microsoft SharePoint flaws right after MAPP notifications leaked, nuking 400 orgs including the US National Nuclear Security Administration. Patches dropped July 8th, but Storm-2603 flipped to ransomware by the 18th. Now, December's remix: Silver Fox phishing tax lures to ValleyRAT on December 30th, Evasive Panda's DNS poisoning for MgBot since '22 but spiking now, and LongNosedGoblin tweaking Windows Group Policy for Southeast Asia espionage, with US ripples inbound.
DarkSpectre's the wildcard—Chinese pros infected 8.8 million Chrome, Edge, Firefox users over seven years, per Cyber Security News, with campaigns so slick they're funding ops to hit US browsers daily. No CISA/FBI emergency blast today, but FBI's December hearings flag China as top US threat, blurring cybercrime and state lines.
New patterns? DLL hijacking, rootkits, DNS poison, and policy abuse for persistence—think modular RATs evading EDR like pros. Compromised: Email gateways, SharePoint servers, browsers galore. Defensive musts: Patch AsyncOS now, hunt POSTs to ToolPane.aspx, scan for ValleyRAT modules, rotate creds, and deploy behavioral analytics. Watering holes and spear-phish with tax decoys are rampant—train your teams.
Escalation? If Trump-era tensions spike post-Taiwan arms sales, expect PLA Rocket Force cyber shadows merging with Justice Mission 2025 drills—multi-domain precision warfare probing US defenses. Could go ransomware swarm on critical infra or browser botnets DDoSing grids. Stay frosty, segment networks, and MFA everything.
Thanks for tuning in, listeners—subscribe for more cyber scoops. This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks and digital drama. Red alert on China's cyber blitz against US targets these past few days—it's like Beijing's hackers are dropping New Year's fireworks early, but with malware instead of sparks. Buckle up, because Mustang Panda just lit the fuse on December 30th with a sneaky signed kernel-mode rootkit, slipping TONESHELL backdoor into Asian entities, but Kaspersky warns it's eyeing US networks next via mid-2025 espionage chains.
Fast-forward to yesterday, Cisco's screaming about a China-nexus APT, codenamed UAT-9686, exploiting a zero-day in AsyncOS Email Security Appliances—CVE active since they spotted it on December 10th. These creeps hit Secure Email Gateways hard, bypassing patches like ghosts in the machine. CISA's piling on, urging immediate patches, AMSI enablement on SharePoint, and key rotations, per their Known Exploited Vulnerabilities catalog echoes from the July SharePoint mess.
Timeline's brutal: Recall July's ToolShell chaos from Linen Typhoon, Violet Typhoon, and Storm-2603—Chinese crews pounced on Microsoft SharePoint flaws right after MAPP notifications leaked, nuking 400 orgs including the US National Nuclear Security Administration. Patches dropped July 8th, but Storm-2603 flipped to ransomware by the 18th. Now, December's remix: Silver Fox phishing tax lures to ValleyRAT on December 30th, Evasive Panda's DNS poisoning for MgBot since '22 but spiking now, and LongNosedGoblin tweaking Windows Group Policy for Southeast Asia espionage, with US ripples inbound.
DarkSpectre's the wildcard—Chinese pros infected 8.8 million Chrome, Edge, Firefox users over seven years, per Cyber Security News, with campaigns so slick they're funding ops to hit US browsers daily. No CISA/FBI emergency blast today, but FBI's December hearings flag China as top US threat, blurring cybercrime and state lines.
New patterns? DLL hijacking, rootkits, DNS poison, and policy abuse for persistence—think modular RATs evading EDR like pros. Compromised: Email gateways, SharePoint servers, browsers galore. Defensive musts: Patch AsyncOS now, hunt POSTs to ToolPane.aspx, scan for ValleyRAT modules, rotate creds, and deploy behavioral analytics. Watering holes and spear-phish with tax decoys are rampant—train your teams.
Escalation? If Trump-era tensions spike post-Taiwan arms sales, expect PLA Rocket Force cyber shadows merging with Justice Mission 2025 drills—multi-domain precision warfare probing US defenses. Could go ransomware swarm on critical infra or browser botnets DDoSing grids. Stay frosty, segment networks, and MFA everything.
Thanks for tuning in, listeners—subscribe for more cyber scoops. This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Red Alert: China's Daily Cyber Moves podcast.
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks and digital drama. Red alert on China's cyber blitz against US targets these past few days—it's like Beijing's hackers are dropping New Year's fireworks early, but with malware instead of sparks. Buckle up, because Mustang Panda just lit the fuse on December 30th with a sneaky signed kernel-mode rootkit, slipping TONESHELL backdoor into Asian entities, but Kaspersky warns it's eyeing US networks next via mid-2025 espionage chains.
Fast-forward to yesterday, Cisco's screaming about a China-nexus APT, codenamed UAT-9686, exploiting a zero-day in AsyncOS Email Security Appliances—CVE active since they spotted it on December 10th. These creeps hit Secure Email Gateways hard, bypassing patches like ghosts in the machine. CISA's piling on, urging immediate patches, AMSI enablement on SharePoint, and key rotations, per their Known Exploited Vulnerabilities catalog echoes from the July SharePoint mess.
Timeline's brutal: Recall July's ToolShell chaos from Linen Typhoon, Violet Typhoon, and Storm-2603—Chinese crews pounced on Microsoft SharePoint flaws right after MAPP notifications leaked, nuking 400 orgs including the US National Nuclear Security Administration. Patches dropped July 8th, but Storm-2603 flipped to ransomware by the 18th. Now, December's remix: Silver Fox phishing tax lures to ValleyRAT on December 30th, Evasive Panda's DNS poisoning for MgBot since '22 but spiking now, and LongNosedGoblin tweaking Windows Group Policy for Southeast Asia espionage, with US ripples inbound.
DarkSpectre's the wildcard—Chinese pros infected 8.8 million Chrome, Edge, Firefox users over seven years, per Cyber Security News, with campaigns so slick they're funding ops to hit US browsers daily. No CISA/FBI emergency blast today, but FBI's December hearings flag China as top US threat, blurring cybercrime and state lines.
New patterns? DLL hijacking, rootkits, DNS poison, and policy abuse for persistence—think modular RATs evading EDR like pros. Compromised: Email gateways, SharePoint servers, browsers galore. Defensive musts: Patch AsyncOS now, hunt POSTs to ToolPane.aspx, scan for ValleyRAT modules, rotate creds, and deploy behavioral analytics. Watering holes and spear-phish with tax decoys are rampant—train your teams.
Escalation? If Trump-era tensions spike post-Taiwan arms sales, expect PLA Rocket Force cyber shadows merging with Justice Mission 2025 drills—multi-domain precision warfare probing US defenses. Could go ransomware swarm on critical infra or browser botnets DDoSing grids. Stay frosty, segment networks, and MFA everything.
Thanks for tuning in, listeners—subscribe for more cyber scoops. This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks and digital drama. Red alert on China's cyber blitz against US targets these past few days—it's like Beijing's hackers are dropping New Year's fireworks early, but with malware instead of sparks. Buckle up, because Mustang Panda just lit the fuse on December 30th with a sneaky signed kernel-mode rootkit, slipping TONESHELL backdoor into Asian entities, but Kaspersky warns it's eyeing US networks next via mid-2025 espionage chains.
Fast-forward to yesterday, Cisco's screaming about a China-nexus APT, codenamed UAT-9686, exploiting a zero-day in AsyncOS Email Security Appliances—CVE active since they spotted it on December 10th. These creeps hit Secure Email Gateways hard, bypassing patches like ghosts in the machine. CISA's piling on, urging immediate patches, AMSI enablement on SharePoint, and key rotations, per their Known Exploited Vulnerabilities catalog echoes from the July SharePoint mess.
Timeline's brutal: Recall July's ToolShell chaos from Linen Typhoon, Violet Typhoon, and Storm-2603—Chinese crews pounced on Microsoft SharePoint flaws right after MAPP notifications leaked, nuking 400 orgs including the US National Nuclear Security Administration. Patches dropped July 8th, but Storm-2603 flipped to ransomware by the 18th. Now, December's remix: Silver Fox phishing tax lures to ValleyRAT on December 30th, Evasive Panda's DNS poisoning for MgBot since '22 but spiking now, and LongNosedGoblin tweaking Windows Group Policy for Southeast Asia espionage, with US ripples inbound.
DarkSpectre's the wildcard—Chinese pros infected 8.8 million Chrome, Edge, Firefox users over seven years, per Cyber Security News, with campaigns so slick they're funding ops to hit US browsers daily. No CISA/FBI emergency blast today, but FBI's December hearings flag China as top US threat, blurring cybercrime and state lines.
New patterns? DLL hijacking, rootkits, DNS poison, and policy abuse for persistence—think modular RATs evading EDR like pros. Compromised: Email gateways, SharePoint servers, browsers galore. Defensive musts: Patch AsyncOS now, hunt POSTs to ToolPane.aspx, scan for ValleyRAT modules, rotate creds, and deploy behavioral analytics. Watering holes and spear-phish with tax decoys are rampant—train your teams.
Escalation? If Trump-era tensions spike post-Taiwan arms sales, expect PLA Rocket Force cyber shadows merging with Justice Mission 2025 drills—multi-domain precision warfare probing US defenses. Could go ransomware swarm on critical infra or browser botnets DDoSing grids. Stay frosty, segment networks, and MFA everything.
Thanks for tuning in, listeners—subscribe for more cyber scoops. This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI