Sign up to save your podcasts
Or
Share Chinese Cyber Crackdowns, Phantom Taurus Unmasked & CISA Shutdown Leaves US Vulnerable
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Chinese Cyber Crackdowns, Phantom Taurus Unmasked & CISA Shutdown Leaves US Vulnerable
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Welcome back, digital thrill-seekers—Ting here with your fresh-off-the-wire Digital Dragon Watch: Weekly China Cyber Alert. If you thought cyber drama took a break during government shutdowns, think again. Let’s tear right into the hot breach sheet from the last seven days.
First off, big waves out of Southeast Asia, and not the fun, beach kind. According to Risky Business, China cracked down on the notorious Ming crime family for running some of the largest cyber scam compounds based in the Kokang region along the Myanmar border. These guys didn’t just mastermind online scams—they trafficked workers into prison-like complexes and forced them to run sophisticated cryptocurrency and gambling schemes. The numbers? Eleven sentenced to death, with more than 20 others getting life or hefty prison terms. It’s estimated those operations pulled in at least $1.4 billion in ill-gotten gains between 2015 and late 2023. The bust freed thousands trapped in scam shops, and Beijing ramped up pressure on neighboring Golden Triangle countries to join the clean-up effort. But a UN report suggests these forced scam compounds now spread as far as Africa and the Middle East, meaning defenders everywhere need to stay vigilant.
If espionage is your flavor, Palo Alto Networks’ Unit 42 just unmasked Phantom Taurus—a previously unknown, highly persistent Chinese nation-state actor. These folks infiltrated Microsoft Exchange servers used by foreign ministries across Africa, the Middle East, and Asia. What did they seek? Key diplomatic secrets, especially anything tied to high-level summits like the China-Arab gathering in Riyadh. Phantom Taurus blended in with legit network traffic and showcased the kind of stealth only advanced persistent threats have. While Chinese officials deny targeting foreign ministries, the pattern looks painfully familiar. The expert advice here: prioritize patching Exchange servers and beef up with multi-layered monitoring and real-time security tools to fight highly tailored malware.
Now let’s talk new attack vectors. Grafana server admins, heads up. Researchers at GreyNoise caught a one-day surge in exploitation attempts for the old CVE-2021-43798 vulnerability, with malicious IPs from Bangladesh, Germany, and yes—China, all focusing on U.S. targets. The twist? Two China-based addresses on the CHINANET-BACKBONE hammered Grafana paths, showing coordinated, tool-driven campaigns aren’t just theory—they’re live. Recommendation: Patch Grafana now if you haven’t. Review logs for suspicious file access, and block the malicious IPs detected on September 28. This is table-stakes stuff for surviving in the wild.
Switching gears to cybercrime, Cisco Talos profiled UAT-8099, a Chinese-speaking gang hijacking Internet Information Services (IIS) servers in universities and telecom outfits worldwide. They use open-source web shells, RDP, and VPNs to get a foothold, then deploy custom BadIIS malware for SEO scams and data theft. If you run IIS, validate patches, look for unfamiliar web shells or guest users promoted to admin, and strengthen your segmentation.
Let’s not ignore the big U.S. shakeup. On October 1, a double whammy hit: the Cybersecurity Information Sharing Act expired, and CISA furloughed two-thirds of its analysts as Congress still can’t pass a budget. This leaves the U.S. cyber defense thin just when, historically, Chinese and Russian actors have ramped up attacks. Without CISA’s legal shield, info sharing between the private sector and Uncle Sam goes way down, making real-time defense precarious. Experts urge Congress to build dedicated CISA funding or self-sustaining models—because turning off your main cyber shield in 2025 isn’t a winning strategy.
Ting’s take? Prioritize patching, watch for stealthy APT tactics, and—if you’re in the U.S.—support measures to keep CISA running, pandemic or political gridlock aside. Digital dragons don’t sleep when the budget does.
Thanks for tuning in, listeners. Don’t forget to subscribe so you don’t miss next week’s Digital Dragon Watch. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Welcome back, digital thrill-seekers—Ting here with your fresh-off-the-wire Digital Dragon Watch: Weekly China Cyber Alert. If you thought cyber drama took a break during government shutdowns, think again. Let’s tear right into the hot breach sheet from the last seven days.
First off, big waves out of Southeast Asia, and not the fun, beach kind. According to Risky Business, China cracked down on the notorious Ming crime family for running some of the largest cyber scam compounds based in the Kokang region along the Myanmar border. These guys didn’t just mastermind online scams—they trafficked workers into prison-like complexes and forced them to run sophisticated cryptocurrency and gambling schemes. The numbers? Eleven sentenced to death, with more than 20 others getting life or hefty prison terms. It’s estimated those operations pulled in at least $1.4 billion in ill-gotten gains between 2015 and late 2023. The bust freed thousands trapped in scam shops, and Beijing ramped up pressure on neighboring Golden Triangle countries to join the clean-up effort. But a UN report suggests these forced scam compounds now spread as far as Africa and the Middle East, meaning defenders everywhere need to stay vigilant.
If espionage is your flavor, Palo Alto Networks’ Unit 42 just unmasked Phantom Taurus—a previously unknown, highly persistent Chinese nation-state actor. These folks infiltrated Microsoft Exchange servers used by foreign ministries across Africa, the Middle East, and Asia. What did they seek? Key diplomatic secrets, especially anything tied to high-level summits like the China-Arab gathering in Riyadh. Phantom Taurus blended in with legit network traffic and showcased the kind of stealth only advanced persistent threats have. While Chinese officials deny targeting foreign ministries, the pattern looks painfully familiar. The expert advice here: prioritize patching Exchange servers and beef up with multi-layered monitoring and real-time security tools to fight highly tailored malware.
Now let’s talk new attack vectors. Grafana server admins, heads up. Researchers at GreyNoise caught a one-day surge in exploitation attempts for the old CVE-2021-43798 vulnerability, with malicious IPs from Bangladesh, Germany, and yes—China, all focusing on U.S. targets. The twist? Two China-based addresses on the CHINANET-BACKBONE hammered Grafana paths, showing coordinated, tool-driven campaigns aren’t just theory—they’re live. Recommendation: Patch Grafana now if you haven’t. Review logs for suspicious file access, and block the malicious IPs detected on September 28. This is table-stakes stuff for surviving in the wild.
Switching gears to cybercrime, Cisco Talos profiled UAT-8099, a Chinese-speaking gang hijacking Internet Information Services (IIS) servers in universities and telecom outfits worldwide. They use open-source web shells, RDP, and VPNs to get a foothold, then deploy custom BadIIS malware for SEO scams and data theft. If you run IIS, validate patches, look for unfamiliar web shells or guest users promoted to admin, and strengthen your segmentation.
Let’s not ignore the big U.S. shakeup. On October 1, a double whammy hit: the Cybersecurity Information Sharing Act expired, and CISA furloughed two-thirds of its analysts as Congress still can’t pass a budget. This leaves the U.S. cyber defense thin just when, historically, Chinese and Russian actors have ramped up attacks. Without CISA’s legal shield, info sharing between the private sector and Uncle Sam goes way down, making real-time defense precarious. Experts urge Congress to build dedicated CISA funding or self-sustaining models—because turning off your main cyber shield in 2025 isn’t a winning strategy.
Ting’s take? Prioritize patching, watch for stealthy APT tactics, and—if you’re in the U.S.—support measures to keep CISA running, pandemic or political gridlock aside. Digital dragons don’t sleep when the budget does.
Thanks for tuning in, listeners. Don’t forget to subscribe so you don’t miss next week’s Digital Dragon Watch. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Welcome back, digital thrill-seekers—Ting here with your fresh-off-the-wire Digital Dragon Watch: Weekly China Cyber Alert. If you thought cyber drama took a break during government shutdowns, think again. Let’s tear right into the hot breach sheet from the last seven days.
First off, big waves out of Southeast Asia, and not the fun, beach kind. According to Risky Business, China cracked down on the notorious Ming crime family for running some of the largest cyber scam compounds based in the Kokang region along the Myanmar border. These guys didn’t just mastermind online scams—they trafficked workers into prison-like complexes and forced them to run sophisticated cryptocurrency and gambling schemes. The numbers? Eleven sentenced to death, with more than 20 others getting life or hefty prison terms. It’s estimated those operations pulled in at least $1.4 billion in ill-gotten gains between 2015 and late 2023. The bust freed thousands trapped in scam shops, and Beijing ramped up pressure on neighboring Golden Triangle countries to join the clean-up effort. But a UN report suggests these forced scam compounds now spread as far as Africa and the Middle East, meaning defenders everywhere need to stay vigilant.
If espionage is your flavor, Palo Alto Networks’ Unit 42 just unmasked Phantom Taurus—a previously unknown, highly persistent Chinese nation-state actor. These folks infiltrated Microsoft Exchange servers used by foreign ministries across Africa, the Middle East, and Asia. What did they seek? Key diplomatic secrets, especially anything tied to high-level summits like the China-Arab gathering in Riyadh. Phantom Taurus blended in with legit network traffic and showcased the kind of stealth only advanced persistent threats have. While Chinese officials deny targeting foreign ministries, the pattern looks painfully familiar. The expert advice here: prioritize patching Exchange servers and beef up with multi-layered monitoring and real-time security tools to fight highly tailored malware.
Now let’s talk new attack vectors. Grafana server admins, heads up. Researchers at GreyNoise caught a one-day surge in exploitation attempts for the old CVE-2021-43798 vulnerability, with malicious IPs from Bangladesh, Germany, and yes—China, all focusing on U.S. targets. The twist? Two China-based addresses on the CHINANET-BACKBONE hammered Grafana paths, showing coordinated, tool-driven campaigns aren’t just theory—they’re live. Recommendation: Patch Grafana now if you haven’t. Review logs for suspicious file access, and block the malicious IPs detected on September 28. This is table-stakes stuff for surviving in the wild.
Switching gears to cybercrime, Cisco Talos profiled UAT-8099, a Chinese-speaking gang hijacking Internet Information Services (IIS) servers in universities and telecom outfits worldwide. They use open-source web shells, RDP, and VPNs to get a foothold, then deploy custom BadIIS malware for SEO scams and data theft. If you run IIS, validate patches, look for unfamiliar web shells or guest users promoted to admin, and strengthen your segmentation.
Let’s not ignore the big U.S. shakeup. On October 1, a double whammy hit: the Cybersecurity Information Sharing Act expired, and CISA furloughed two-thirds of its analysts as Congress still can’t pass a budget. This leaves the U.S. cyber defense thin just when, historically, Chinese and Russian actors have ramped up attacks. Without CISA’s legal shield, info sharing between the private sector and Uncle Sam goes way down, making real-time defense precarious. Experts urge Congress to build dedicated CISA funding or self-sustaining models—because turning off your main cyber shield in 2025 isn’t a winning strategy.
Ting’s take? Prioritize patching, watch for stealthy APT tactics, and—if you’re in the U.S.—support measures to keep CISA running, pandemic or political gridlock aside. Digital dragons don’t sleep when the budget does.
Thanks for tuning in, listeners. Don’t forget to subscribe so you don’t miss next week’s Digital Dragon Watch. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Welcome back, digital thrill-seekers—Ting here with your fresh-off-the-wire Digital Dragon Watch: Weekly China Cyber Alert. If you thought cyber drama took a break during government shutdowns, think again. Let’s tear right into the hot breach sheet from the last seven days.
First off, big waves out of Southeast Asia, and not the fun, beach kind. According to Risky Business, China cracked down on the notorious Ming crime family for running some of the largest cyber scam compounds based in the Kokang region along the Myanmar border. These guys didn’t just mastermind online scams—they trafficked workers into prison-like complexes and forced them to run sophisticated cryptocurrency and gambling schemes. The numbers? Eleven sentenced to death, with more than 20 others getting life or hefty prison terms. It’s estimated those operations pulled in at least $1.4 billion in ill-gotten gains between 2015 and late 2023. The bust freed thousands trapped in scam shops, and Beijing ramped up pressure on neighboring Golden Triangle countries to join the clean-up effort. But a UN report suggests these forced scam compounds now spread as far as Africa and the Middle East, meaning defenders everywhere need to stay vigilant.
If espionage is your flavor, Palo Alto Networks’ Unit 42 just unmasked Phantom Taurus—a previously unknown, highly persistent Chinese nation-state actor. These folks infiltrated Microsoft Exchange servers used by foreign ministries across Africa, the Middle East, and Asia. What did they seek? Key diplomatic secrets, especially anything tied to high-level summits like the China-Arab gathering in Riyadh. Phantom Taurus blended in with legit network traffic and showcased the kind of stealth only advanced persistent threats have. While Chinese officials deny targeting foreign ministries, the pattern looks painfully familiar. The expert advice here: prioritize patching Exchange servers and beef up with multi-layered monitoring and real-time security tools to fight highly tailored malware.
Now let’s talk new attack vectors. Grafana server admins, heads up. Researchers at GreyNoise caught a one-day surge in exploitation attempts for the old CVE-2021-43798 vulnerability, with malicious IPs from Bangladesh, Germany, and yes—China, all focusing on U.S. targets. The twist? Two China-based addresses on the CHINANET-BACKBONE hammered Grafana paths, showing coordinated, tool-driven campaigns aren’t just theory—they’re live. Recommendation: Patch Grafana now if you haven’t. Review logs for suspicious file access, and block the malicious IPs detected on September 28. This is table-stakes stuff for surviving in the wild.
Switching gears to cybercrime, Cisco Talos profiled UAT-8099, a Chinese-speaking gang hijacking Internet Information Services (IIS) servers in universities and telecom outfits worldwide. They use open-source web shells, RDP, and VPNs to get a foothold, then deploy custom BadIIS malware for SEO scams and data theft. If you run IIS, validate patches, look for unfamiliar web shells or guest users promoted to admin, and strengthen your segmentation.
Let’s not ignore the big U.S. shakeup. On October 1, a double whammy hit: the Cybersecurity Information Sharing Act expired, and CISA furloughed two-thirds of its analysts as Congress still can’t pass a budget. This leaves the U.S. cyber defense thin just when, historically, Chinese and Russian actors have ramped up attacks. Without CISA’s legal shield, info sharing between the private sector and Uncle Sam goes way down, making real-time defense precarious. Experts urge Congress to build dedicated CISA funding or self-sustaining models—because turning off your main cyber shield in 2025 isn’t a winning strategy.
Ting’s take? Prioritize patching, watch for stealthy APT tactics, and—if you’re in the U.S.—support measures to keep CISA running, pandemic or political gridlock aside. Digital dragons don’t sleep when the budget does.
Thanks for tuning in, listeners. Don’t forget to subscribe so you don’t miss next week’s Digital Dragon Watch. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI