This is your Cyber Sentinel: Beijing Watch podcast.

Hey there, I'm Ting, your go-to expert on all things China and cyber. Let's dive right into the latest on Beijing's cyber activities affecting US security.

Over the past few days, we've seen a significant escalation in Chinese state-sponsored cyberattacks. Just last week, Check Point revealed a new campaign targeting suppliers of manufacturers in sensitive domains in the US and globally[2]. These hackers are infiltrating networks of firms supplying components for the manufacturing industry, including chemical products and physical infrastructure components like pipes. The goal? Intellectual property theft, with the threat actor trying to better understand the supply chain of the targeted industry.

But that's not all. The House Committee on Homeland Security just released an updated "China Threat Snapshot" detailing over 60 cases of espionage conducted by the Chinese Communist Party (CCP) on US soil since 2021[4]. This includes the transmission of sensitive military information, theft of trade secrets, use of transnational repression operations, and obstruction of justice. It's clear that China's oppressive arm reaches far beyond its own borders to actively oppose democracy, silence dissent, and spy on the United States.

Now, let's talk tactics. Chinese hacking groups like Volt Typhoon and Salt Typhoon are using aggressive tactics to infiltrate critical infrastructure and telecommunications organizations in the US[1][5]. They're exploiting one-day vulnerabilities, software or hardware flaws that have only recently been publicly disclosed and for which users may not have applied any patches. Targeted edge devices include operational relay boxes (ORBs), which are often poorly secured Internet of Things (IoT) devices like routers.

But what's really concerning is the strategic implications. These hacks are not just about stealing data; they're about preparing for future potential conflict. By infiltrating critical infrastructure, the CCP is laying the groundwork to cripple an effective US response in case of a potential conflict over Taiwan. And let's not forget, Taiwan is already bearing the brunt of these attacks, with government networks facing an unprecedented surge in cyber incidents, averaging 2.4 million attacks daily in 2024[1].

So, what can we do? First, organizations need to prioritize applying available security patches and updates to publicly-accessible network devices. They should also avoid exposing administrative interfaces or non-essential services to the internet, particularly for those that have reached end-of-life (EoL). It's time to take a proactive approach to cybersecurity and recognize that the threat is real and evolving.

That's all for now. Stay vigilant, and I'll catch you on the flip side. This is Ting, your Cyber Sentinel, keeping watch on Beijing's cyber activities.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Cyber Sentinel: Beijing Watch podcast.

Hey there, I'm Ting, and welcome to Cyber Sentinel: Beijing Watch. Today, we're diving into the latest Chinese cyber activities that have been making waves in the US security scene.

Let's get straight to it. Over the past few days, we've seen a significant escalation in state-sponsored cyberattacks by the Chinese Communist Party (CCP). One of the most notable incidents was the breach of the US Treasury Department, specifically targeting the Office of Foreign Assets Control (OFAC) and the Office of the Treasury Secretary. This attack is part of Beijing's hybrid tactics to undermine strategic competitors and gather sensitive intelligence[1].

But that's not all. Taiwan has been bearing the brunt of these attacks, with government networks facing a staggering 2.4 million cyberattacks daily in 2024, double the number from 2023. The National Security Bureau in Taiwan has highlighted a substantial rise in PRC cyberattacks targeting critical industries, including telecommunications, transportation, and defense supply chains[2].

Now, let's talk about the tactics. Chinese hackers have been using a range of techniques, from exploiting vulnerabilities in Netcom devices to social engineering tactics targeting Taiwanese civil servants. They've also been deploying phishing attacks, compromising zero-day vulnerabilities, and using Trojans and backdoors. And, of course, there are the DDoS attacks used to harass and intimidate Taiwan during military drills in the area[2].

In the US, we've seen attacks on critical infrastructure, including water treatment plants, the electrical grid, and transportation systems. The Volt Typhoon hacker group, backed by the Chinese state, gained control of hundreds of internet routers in the US to be used as launch pads for these attacks. And let's not forget Salt Typhoon, another Chinese state-backed group that targeted data from numerous US officials, including phones used by Donald J. Trump and his running mate, Senator JD Vance of Ohio[1].

Internationally, there's been a significant response. The US has dismantled operations by these Chinese state-backed hacker groups, and there's growing concern about the coordination between the PRC and Russia in online information operations and cyber operations[1].

So, what can we do? First, it's crucial to prioritize cybersecurity measures, especially in critical sectors like healthcare, where the exploitation of security flaws can lead to severe consequences. Timely patching and robust security protocols are key. And, of course, international cooperation is essential in tackling these state-aligned threat actors.

That's all for today's Cyber Sentinel: Beijing Watch. Stay vigilant, and we'll catch you in the next update.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Cyber Sentinel: Beijing Watch podcast.

Hey there, I'm Ting, your go-to expert on all things China and cyber. Let's dive right into the latest on Beijing's cyber activities affecting US security.

Over the past few days, we've seen a significant escalation in Chinese state-sponsored cyberattacks. Just last week, Check Point revealed a new Chinese hacking campaign targeting suppliers of manufacturers in sensitive domains in the US and globally[2]. These hackers are exploiting one-day vulnerabilities in edge devices like operational relay boxes and poorly secured IoT devices to infiltrate networks. The goal? Intellectual property theft, particularly in industries like chemical products and physical infrastructure components.

But that's not all. The House Committee on Homeland Security recently released an updated 'China Threat Snapshot' report, highlighting over 60 instances of espionage by the Chinese Communist Party (CCP) on US soil over the past four years[4]. This includes cases of transmission of sensitive military information, theft of trade secrets, and transnational repression operations. The report also notes that the CCP has gained significant ground in its information warfare on American soil, targeting not just the US military and government but also businesses, university campuses, and critical infrastructure.

Now, let's talk about the tactics. Chinese hacking groups like Salt Typhoon and Volt Typhoon have been using known security flaws in Cisco network devices to penetrate multiple networks[5]. They're exploiting vulnerabilities like CVE-2023-20198 and CVE-2023-20273 to gain access to telcos and universities, particularly those with research in areas related to telecommunications, engineering, and technology.

So, what's the strategic implication? These attacks are not just about intellectual property theft; they're also about disrupting US military supply lines and hindering an effective US response in case of a potential conflict with the PRC, especially over Taiwan[1]. The CCP is preparing for future potential conflict by testing access to critical infrastructure systems and lying in wait, rather than immediately using detected vulnerabilities to wreak havoc.

To mitigate these risks, organizations need to prioritize applying available security patches and updates to publicly-accessible network devices. They should also avoid exposing administrative interfaces or non-essential services to the internet, particularly for those that have reached end-of-life.

In conclusion, the past few days have seen a significant escalation in Chinese cyber activities affecting US security. From new attack methodologies to targeted industries and attribution evidence, it's clear that the CCP is ramping up its cyber espionage efforts. As Rob Joyce, former cybersecurity director at the NSA, puts it, these hacks serve "so that they can disrupt our ability to support military activities or to distract us, to get us to focus on a domestic incident at a time when something is flaring up in a different part of the world." Stay vigilant, folks.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Cyber Sentinel: Beijing Watch podcast.

Hey there, I'm Ting, and welcome to Cyber Sentinel: Beijing Watch. Let's dive right into the latest on Chinese cyber activities affecting US security.

Over the past few days, we've seen some significant developments. Just yesterday, Symantec revealed that Chinese-linked espionage tools were used in a ransomware attack against an Asian software and services company in November 2024[3]. This is a concerning trend, as it indicates that Chinese nation-state actors are now collaborating with cybercrime groups, a strategy previously linked to Russian and North Korean actors.

Let's talk about the tactics. These Chinese hackers are exploiting vulnerabilities in edge devices, like operational relay boxes (ORBs) and poorly secured IoT devices, to infiltrate networks. This is a classic espionage tactic, as seen in the Volt Typhoon campaigns that targeted US critical infrastructure and telecommunications organizations in 2023 and 2024[2].

But here's the thing: these attacks aren't just about intellectual property theft. They're also about preparing for potential conflict. US officials believe that these hacks are part of the CCP's groundwork to cripple an effective US response in a potential conflict over Taiwan[1]. Think about it: if they can disrupt our military supply lines and critical infrastructure, they'll have a significant advantage.

Now, let's talk about attribution. Check Point's Director of Threat Intelligence & Research, Lotem Finkelsteen, has been tracking a new Chinese cyber campaign targeting suppliers of manufacturers in sensitive domains[2]. These hackers are using aggressive tactics, exploiting one-day vulnerabilities to gain access to networks. And get this: they're targeting companies that supply components for the manufacturing industry, including chemical products and physical infrastructure components like pipes.

So, what can we do about it? First, organizations need to prioritize applying available security patches and updates to publicly-accessible network devices. They should also avoid exposing administrative interfaces or non-essential services to the internet, particularly for those that have reached end-of-life (EoL)[5].

In terms of international responses, the US Treasury Department has been taking action. Just last month, they sanctioned a Beijing-based cybersecurity company, Integrity Technology Group, Incorporated, for its role in multiple computer intrusion incidents against US victims[4].

In conclusion, the past few days have shown us that Chinese cyber activities are escalating, with new attack methodologies and targeted industries. We need to stay vigilant and take proactive measures to protect our critical infrastructure and intellectual property. That's all for today's Cyber Sentinel: Beijing Watch. Stay safe out there.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Cyber Sentinel: Beijing Watch podcast.

Hey there, I'm Ting, and welcome to Cyber Sentinel: Beijing Watch. Today, we're diving into the latest Chinese cyber activities that are making waves in US security. Buckle up, folks!

Just a couple of days ago, Check Point's Director of Threat Intelligence & Research, Lotem Finkelsteen, revealed a new Chinese hacking campaign targeting suppliers of manufacturers in sensitive domains across the globe, including the US[1]. These hackers are exploiting one-day vulnerabilities in edge devices like operational relay boxes and poorly secured IoT devices to infiltrate networks. The goal? Intellectual property theft, specifically to understand the supply chain of targeted industries.

But that's not all. Salt Typhoon, a Chinese nation-state hacking group, has been linked to a set of cyber attacks leveraging known security flaws in Cisco network devices to penetrate multiple networks, including those of US-based affiliates of significant telecommunications providers[2]. They're using these vulnerabilities to change device configurations and add generic routing encapsulation tunnels for persistent access and data exfiltration.

Now, let's talk about the bigger picture. The Chinese Communist Party's espionage efforts on US soil are growing, with over 60 cases reported since 2021, including the transmission of sensitive military information and theft of trade secrets[4]. The House Committee on Homeland Security has released an updated "China Threat Snapshot" detailing these activities, highlighting the CCP's robust cyber espionage campaigns and their efforts to access Americans' private information.

But here's the thing: it's not just about espionage. Cybercrime is a multifaceted national security threat, and financially motivated actors are increasingly supporting state goals[3]. Groups like APT41, a prolific cyber operator working out of the People's Republic of China, have been conducting both state-sponsored espionage campaigns and financially motivated operations, including ransomware deployment.

So, what can we do about it? First, organizations need to prioritize applying available security patches and updates to publicly accessible network devices. They should also avoid exposing administrative interfaces or non-essential services to the internet, especially for devices that have reached end-of-life.

In conclusion, the past few days have shown us that Chinese cyber activities are becoming more aggressive and sophisticated. It's time for us to take a proactive approach to cybersecurity, understanding the tactical and strategic implications of these threats. Stay vigilant, folks, and remember: in the world of cyber, knowledge is power.

That's all for today's Cyber Sentinel: Beijing Watch. Stay tuned for more updates, and until next time, stay cyber-safe.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Cyber Sentinel: Beijing Watch podcast.

Hey there, I'm Ting, and welcome to Cyber Sentinel: Beijing Watch. Let's dive right into the latest on Chinese cyber activities affecting US security.

Over the past few days, we've seen a significant escalation in Chinese hacking campaigns. Check Point's Director of Threat Intelligence & Research, Lotem Finkelsteen, revealed a new campaign targeting suppliers of manufacturers in sensitive domains in the US and globally. The primary targets include suppliers of chemical products and physical infrastructure components like pipes. This campaign is attributed to a known Chinese threat actor, with the intention of intellectual property theft to better understand the supply chain of the targeted industry[1].

The tactics are aggressive, exploiting one-day vulnerabilities in edge devices such as operational relay boxes (ORBs), virtual private servers (VPS), and poorly secured Internet of Things (IoT) devices. This is reminiscent of the Volt Typhoon cyber espionage campaigns that targeted critical infrastructure and telecommunications organizations in the US and elsewhere in 2023 and 2024.

Meanwhile, Taiwan has been facing an onslaught of cyberattacks. The National Security Bureau reported that government networks experienced a daily average of 2.4 million attacks in 2024, double the number from 2023. These attacks are primarily attributed to Chinese state-backed hackers, targeting critical industries like telecommunications, transportation, and defense supply chains[2].

The US Treasury Department has also been a target. A state-sponsored cyberattack by the Chinese Communist Party (CCP) in early December marks the latest escalation in Beijing’s use of hybrid tactics to undermine strategic competitors. This attack is part of a broader campaign to disrupt military supply lines and hinder an effective US response in case of a potential conflict over Taiwan[3].

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data and private communications of individuals involved in government or political activity[4].

In response, the US Treasury has sanctioned Beijing-based cybersecurity company Integrity Technology Group, Incorporated, for its role in supporting the malicious cyber group Flax Typhoon. This group has been active since at least 2021, targeting organizations within US critical infrastructure sectors[5].

So, what does this mean for us? It's clear that Chinese cyber activities are becoming increasingly sophisticated and aggressive. To protect ourselves, we need to review our customers, vendors, and partners, and see ourselves in the bigger picture. This includes patching vulnerabilities promptly, securing edge devices, and sharing threat information in real time.

Stay vigilant, and until next time, stay secure. This is Ting, signing off from Cyber Sentinel: Beijing Watch.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Cyber Sentinel: Beijing Watch podcast.

Hey there, I'm Ting, your go-to expert on all things China, cyber, and hacking. Let's dive right into the latest on Beijing's cyber activities affecting US security.

Over the past few days, we've seen an escalation in Chinese state-sponsored cyberattacks targeting US critical infrastructure. The recent hack into the US Treasury Department's network is a prime example. This attack, attributed to the Chinese Communist Party (CCP), aimed to gather sensitive intelligence and prepare for potential future conflicts, particularly over Taiwan.

The CCP's hybrid tactics are becoming increasingly sophisticated. Take Volt Typhoon, a Chinese-affiliated threat group that has rebuilt its botnet after being disrupted by the FBI in January. This group exploits outdated edge devices within targeted critical infrastructure, using them as operational relay boxes to gain persistent access and control. Their tactics are adaptive and multifaceted, making detection exceptionally difficult.

Another group, Salt Typhoon, has been active since at least 2019 and has compromised the network infrastructure of multiple major US telecommunication and internet service provider companies. This marks a dramatic escalation in Chinese cyber operations against US critical infrastructure targets.

The US government has taken action, with the Treasury Department's Office of Foreign Assets Control (OFAC) sanctioning individuals and companies associated with these malicious cyber activities. For instance, Yin Kecheng, a Shanghai-based cyber actor affiliated with the People's Republic of China Ministry of State Security (MSS), was sanctioned for his involvement in the recent Treasury Department network compromise.

Sichuan Juxinhe Network Technology Co., LTD., a Sichuan-based cybersecurity company, was also sanctioned for its direct involvement in the Salt Typhoon cyber group. These sanctions are part of a broader effort to combat increasingly reckless cyber activity by the PRC and PRC-based actors.

Internationally, there's growing concern about the CCP's cyber activities. Taiwan, in particular, has faced an unprecedented surge in cyber incidents, averaging 2.4 million attacks daily in 2024. The Taiwanese general elections in January 2024 saw large-scale cyber attacks, alongside Chinese state-sponsored disinformation, seeking to undermine the democratic process.

So, what can we do to protect ourselves? First, it's crucial to stay informed about the latest attack methodologies and targeted industries. Regularly updating and patching vulnerabilities in critical infrastructure systems is also essential. Additionally, implementing robust cybersecurity measures, such as multi-factor authentication and network segmentation, can help prevent or mitigate the impact of these attacks.

In conclusion, the past few days have seen a significant escalation in Chinese cyber activities affecting US security. It's essential to stay vigilant and take proactive measures to protect our critical infrastructure. As I always say, in the world of cyber, you're only as strong as your weakest link. Stay safe out there.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Cyber Sentinel: Beijing Watch podcast.

Hey there, I'm Ting, and welcome to Cyber Sentinel: Beijing Watch. Let's dive right into the latest on Chinese cyber activities affecting US security.

So, you know how China's been ramping up its cyber game? Well, the past few days have been no exception. Just last month, the US Treasury Department was hit by a state-sponsored cyberattack, courtesy of the Chinese Communist Party (CCP). The hackers targeted the Office of Foreign Assets Control and the Office of the Treasury Secretary, both of which had administered economic sanctions against Chinese companies in 2024 for engaging in cyberattacks and supplying weapons to Russia for its war in Ukraine[1].

But that's not all - Taiwan's been bearing the brunt of these attacks, with government networks seeing a whopping 2.4 million cyberattacks daily in 2024, double the number from 2023. And get this - most of these attacks are attributed to Chinese state-backed hackers. They're using a range of techniques, from exploiting vulnerabilities in Netcom devices to social engineering tactics targeting Taiwanese civil servants[2].

Now, let's talk about the tactics. Chinese hackers are using living-off-the-land evasion techniques, phishing attacks, and even DDoS attacks to harass and intimidate Taiwan. They're also stealing confidential data, compromising critical infrastructure systems, and selling personal data of Taiwanese nationals on the dark web. It's a whole new level of cyber aggression[2].

But here's the thing - the US isn't just sitting back and taking it. The FBI and CISA are investigating a broad and significant cyber espionage campaign by the PRC, which has compromised networks at multiple telecommunications companies. They've identified MIPS-based malware on these devices, similar to Mirai, engineered to establish covert connections and communicate via port forwarding. It's like a digital game of cat and mouse[5].

And then there's the issue of internet-connected cameras made in China. The Department of Homeland Security is warning that these cameras could be used to spy on US critical infrastructure, including the chemical and energy sectors. It's a serious concern, especially since China's been using "white labeling" to get these cameras into the US undetected[4].

So, what's the takeaway? China's cyber activities are escalating, and the US needs to be on high alert. We need to implement tighter restrictions on Chinese-made cameras, beef up our cybersecurity measures, and work with international partners to counter these threats. It's time to get serious about cyber security.

That's all for now. Stay vigilant, and I'll catch you on the flip side. This is Ting, signing off from Cyber Sentinel: Beijing Watch.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Cyber Sentinel: Beijing Watch podcast.

Hey there, I'm Ting, and welcome to Cyber Sentinel: Beijing Watch. Let's dive right into the latest on Chinese cyber activities affecting US security.

Over the past few days, we've seen a significant uptick in Chinese state-backed hacking attempts. Just last week, the US Treasury Department sanctioned Sichuan Juxinhe Network Technology Co., LTD., a cybersecurity company linked to the Salt Typhoon cyber group, which compromised the network infrastructure of multiple major US telecommunication and internet service provider companies[1]. This is part of a broader pattern of Chinese cyber aggression, as highlighted in the recent Office of the Director of National Intelligence Annual Threat Assessment.

But it's not just the US that's under attack. Taiwan's National Security Bureau reported a staggering 2.4 million cyber-attacks on government networks in 2024, double the number from 2023, with most attributed to Chinese state-backed hackers[2]. These attacks are designed to steal confidential data, exploit vulnerabilities in Netcom devices, and even use social engineering techniques to target Taiwanese civil servants.

Now, let's talk about the tactics. Chinese hackers are using a range of techniques, including phishing attacks, compromise of zero-day vulnerabilities, and the use of Trojans and backdoors. They're also employing evasion techniques like living-off-the-land and using DDoS attacks to harass and intimidate Taiwan's transportation and financial sectors.

But what's really concerning is the strategic implications. China's cyber-attacks are not just about stealing data; they're about disrupting critical infrastructure and undermining the credibility of the Taiwanese government. And it's not just Taiwan; the US is also a prime target. The FBI and CISA have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data and private communications[5].

So, what can we do about it? First, we need to stay vigilant and keep our defenses up. That means implementing robust cybersecurity measures, including regular software updates, strong passwords, and two-factor authentication. We also need to share threat information in real-time, just like Taiwan's joint security defense mechanism.

In conclusion, Chinese cyber activities are a serious threat to US security, and we need to take action. As Deputy Secretary of the Treasury Adewale O. Adeyemo said, "The Treasury Department will continue to use its authorities to hold accountable malicious cyber actors who target the American people, our companies, and the United States government." Let's stay ahead of the game and keep our cyber defenses strong. That's all for now; stay safe, and I'll catch you in the next episode of Cyber Sentinel: Beijing Watch.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Cyber Sentinel: Beijing Watch podcast.

Hey there, I'm Ting, and welcome to Cyber Sentinel: Beijing Watch. Let's dive right into the latest on Chinese cyber activities affecting US security.

Over the past few days, we've seen a significant escalation in Beijing's use of hybrid tactics to undermine its strategic competitors. The recent state-sponsored cyberattack on the US Treasury Department by the Chinese Communist Party (CCP) is a prime example. This attack, which occurred in early December, targeted the Office of Foreign Assets Control (OFAC) and the Office of the Treasury Secretary, both of which had administered economic sanctions against Chinese companies in 2024 for engaging in cyberattacks and supplying Russia with weapons for Moscow's war in Ukraine[1].

But that's not all - Taiwan has been bearing the brunt of the PRC's escalating hybrid tactics, with government networks facing a staggering 2.4 million cyberattacks daily in 2024, most of which were attributed to Chinese state-backed hackers. This represents a doubling of the daily average from 2023, which saw 1.2 million daily attacks targeting government networks[2].

The PRC's cyberattacks on Taiwan are not just about numbers; they're also about sophistication. Chinese hackers have been using a range of techniques, including exploiting vulnerabilities in Netcom devices, utilizing evasion techniques like living-off-the-land, and deploying social engineering tactics to target the emails of Taiwanese civil servants for espionage purposes[2].

In response to these attacks, the US has imposed sanctions on a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. The sanctions target Yin Kecheng, who is assessed to have been a cyber actor for over a decade and affiliated with China's Ministry of State Security (MSS)[4].

So, what can we do to protect ourselves? First, it's essential to stay informed about the latest attack methodologies and targeted industries. We need to be aware of the attribution evidence and international responses to these attacks. From a tactical perspective, we need to focus on strengthening our critical infrastructure systems, including water treatment plants, the electrical grid, and transportation systems.

Strategically, we need to recognize that China's cyber activities are not just about espionage; they're also about disrupting military supply lines and hindering an effective US response in case of a potential conflict with the PRC, especially over Taiwan. We need to work together with our international partners to develop a comprehensive cybersecurity strategy that addresses these threats.

That's all for now. Stay vigilant, and we'll catch you on the next episode of Cyber Sentinel: Beijing Watch.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta