Sign up to save your podcasts
Or
Share Cyber Sleuth Ting: Hafnium Hacker Nabbed, LapDogs Spy Network Exposed, and CISA's Silent Siege Defense
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cyber Sleuth Ting: Hafnium Hacker Nabbed, LapDogs Spy Network Exposed, and CISA's Silent Siege Defense
This is your Dragon's Code: America Under Cyber Siege podcast.
Listeners, if you thought your Wi-Fi router was just there to stream The Great British Bake Off, think again. This is Ting, your go-to cyber sleuth, and America just survived another wild week under Dragon’s Code: America Under Cyber Siege.
Let’s dive straight into the thick of it. The hottest news: Italian authorities just pinched Xu Zewei, a Chinese national and alleged member of the notorious Hafnium group. Xu stands accused of orchestrating a massive breach on over 60,000 Microsoft Exchange servers and snatching up critical COVID-19 research. The U.S. Justice Department says Xu, while working for Shanghai Powerock Network, not only grabbed top-secret university research in 2020, but also used Exchange vulnerabilities to rifle through small business and government emails nationwide. Hafnium’s fingerprints are all over this: we’re talking identity theft, wire fraud, and—my favorite—deploying new attack campaigns dubbed Silk Typhoon. Nicholas Ganjei from the Southern District of Texas says they've been gunning for Xu for years, and thanks to Italian law enforcement, that day in court is finally coming.
But take it from John Hultquist at Google’s Threat Intelligence Group: this isn’t a movie with a neat ending. Sure, Xu’s arrest makes headlines, but cyber operators are legion—they’ll keep coming, with or without him, because these operations are state-backed and way bigger than any one hacker.
Meanwhile, SecurityScorecard’s STRIKE team just blew open the LapDogs operation—yes, like the pet, but these are no lap puppies. Over 1,000 small office and home office devices—think routers, DVRs, NAS systems—turned into espionage tools, forming a shadowy network called the Operational Relay Box, or ORB. LapDogs leveraged old vulnerabilities with a custom backdoor named ShortLeash, targeting industries from IT to real estate across the U.S. and Asia. This is next-level: attackers use these devices to anonymize traffic, stage more attacks, and exfiltrate data all while flying under the radar. Google’s Mandiant and SentinelOne have both flagged similar tactics as China’s new go-to for hiding state operations in plain sight.
On the defense, U.S. agencies aren’t just patching holes—they’re overhauling strategy. As seen after the Colonial Pipeline hit, investing in resilience is the new mantra. States like Ohio have created the Cyber Reserve, volunteer tech commandos who advise and respond statewide. The Cybersecurity and Infrastructure Security Agency (CISA) has doubled down on pushing regular firmware updates, enforcing strong passwords, disabling unused network services, and isolating IoT devices—because even grandma’s webcam might be a spy.
This week’s top lesson? The modern siege is silent, persistent, and always adapting. Attribution is painstaking, with links running through everything from Chinese-language GitHub repos to “self-patching” attackers who cover their own tracks after exploiting vulnerabilities. As Assistant Director Brett Leatherman from the FBI’s Cyber Division notes, enforcement delays don’t always deter state actors, but they do rattle the underlings.
So listeners, remember—patch your stuff, segment your network, and never trust a device with default passwords. Thanks for tuning in to Dragon’s Code. Hit subscribe so you never miss the next twist in the cyber thriller we’re all living. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Listeners, if you thought your Wi-Fi router was just there to stream The Great British Bake Off, think again. This is Ting, your go-to cyber sleuth, and America just survived another wild week under Dragon’s Code: America Under Cyber Siege.
Let’s dive straight into the thick of it. The hottest news: Italian authorities just pinched Xu Zewei, a Chinese national and alleged member of the notorious Hafnium group. Xu stands accused of orchestrating a massive breach on over 60,000 Microsoft Exchange servers and snatching up critical COVID-19 research. The U.S. Justice Department says Xu, while working for Shanghai Powerock Network, not only grabbed top-secret university research in 2020, but also used Exchange vulnerabilities to rifle through small business and government emails nationwide. Hafnium’s fingerprints are all over this: we’re talking identity theft, wire fraud, and—my favorite—deploying new attack campaigns dubbed Silk Typhoon. Nicholas Ganjei from the Southern District of Texas says they've been gunning for Xu for years, and thanks to Italian law enforcement, that day in court is finally coming.
But take it from John Hultquist at Google’s Threat Intelligence Group: this isn’t a movie with a neat ending. Sure, Xu’s arrest makes headlines, but cyber operators are legion—they’ll keep coming, with or without him, because these operations are state-backed and way bigger than any one hacker.
Meanwhile, SecurityScorecard’s STRIKE team just blew open the LapDogs operation—yes, like the pet, but these are no lap puppies. Over 1,000 small office and home office devices—think routers, DVRs, NAS systems—turned into espionage tools, forming a shadowy network called the Operational Relay Box, or ORB. LapDogs leveraged old vulnerabilities with a custom backdoor named ShortLeash, targeting industries from IT to real estate across the U.S. and Asia. This is next-level: attackers use these devices to anonymize traffic, stage more attacks, and exfiltrate data all while flying under the radar. Google’s Mandiant and SentinelOne have both flagged similar tactics as China’s new go-to for hiding state operations in plain sight.
On the defense, U.S. agencies aren’t just patching holes—they’re overhauling strategy. As seen after the Colonial Pipeline hit, investing in resilience is the new mantra. States like Ohio have created the Cyber Reserve, volunteer tech commandos who advise and respond statewide. The Cybersecurity and Infrastructure Security Agency (CISA) has doubled down on pushing regular firmware updates, enforcing strong passwords, disabling unused network services, and isolating IoT devices—because even grandma’s webcam might be a spy.
This week’s top lesson? The modern siege is silent, persistent, and always adapting. Attribution is painstaking, with links running through everything from Chinese-language GitHub repos to “self-patching” attackers who cover their own tracks after exploiting vulnerabilities. As Assistant Director Brett Leatherman from the FBI’s Cyber Division notes, enforcement delays don’t always deter state actors, but they do rattle the underlings.
So listeners, remember—patch your stuff, segment your network, and never trust a device with default passwords. Thanks for tuning in to Dragon’s Code. Hit subscribe so you never miss the next twist in the cyber thriller we’re all living. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
View all episodes
By Quiet. PleaseThis is your Dragon's Code: America Under Cyber Siege podcast.
Listeners, if you thought your Wi-Fi router was just there to stream The Great British Bake Off, think again. This is Ting, your go-to cyber sleuth, and America just survived another wild week under Dragon’s Code: America Under Cyber Siege.
Let’s dive straight into the thick of it. The hottest news: Italian authorities just pinched Xu Zewei, a Chinese national and alleged member of the notorious Hafnium group. Xu stands accused of orchestrating a massive breach on over 60,000 Microsoft Exchange servers and snatching up critical COVID-19 research. The U.S. Justice Department says Xu, while working for Shanghai Powerock Network, not only grabbed top-secret university research in 2020, but also used Exchange vulnerabilities to rifle through small business and government emails nationwide. Hafnium’s fingerprints are all over this: we’re talking identity theft, wire fraud, and—my favorite—deploying new attack campaigns dubbed Silk Typhoon. Nicholas Ganjei from the Southern District of Texas says they've been gunning for Xu for years, and thanks to Italian law enforcement, that day in court is finally coming.
But take it from John Hultquist at Google’s Threat Intelligence Group: this isn’t a movie with a neat ending. Sure, Xu’s arrest makes headlines, but cyber operators are legion—they’ll keep coming, with or without him, because these operations are state-backed and way bigger than any one hacker.
Meanwhile, SecurityScorecard’s STRIKE team just blew open the LapDogs operation—yes, like the pet, but these are no lap puppies. Over 1,000 small office and home office devices—think routers, DVRs, NAS systems—turned into espionage tools, forming a shadowy network called the Operational Relay Box, or ORB. LapDogs leveraged old vulnerabilities with a custom backdoor named ShortLeash, targeting industries from IT to real estate across the U.S. and Asia. This is next-level: attackers use these devices to anonymize traffic, stage more attacks, and exfiltrate data all while flying under the radar. Google’s Mandiant and SentinelOne have both flagged similar tactics as China’s new go-to for hiding state operations in plain sight.
On the defense, U.S. agencies aren’t just patching holes—they’re overhauling strategy. As seen after the Colonial Pipeline hit, investing in resilience is the new mantra. States like Ohio have created the Cyber Reserve, volunteer tech commandos who advise and respond statewide. The Cybersecurity and Infrastructure Security Agency (CISA) has doubled down on pushing regular firmware updates, enforcing strong passwords, disabling unused network services, and isolating IoT devices—because even grandma’s webcam might be a spy.
This week’s top lesson? The modern siege is silent, persistent, and always adapting. Attribution is painstaking, with links running through everything from Chinese-language GitHub repos to “self-patching” attackers who cover their own tracks after exploiting vulnerabilities. As Assistant Director Brett Leatherman from the FBI’s Cyber Division notes, enforcement delays don’t always deter state actors, but they do rattle the underlings.
So listeners, remember—patch your stuff, segment your network, and never trust a device with default passwords. Thanks for tuning in to Dragon’s Code. Hit subscribe so you never miss the next twist in the cyber thriller we’re all living. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Listeners, if you thought your Wi-Fi router was just there to stream The Great British Bake Off, think again. This is Ting, your go-to cyber sleuth, and America just survived another wild week under Dragon’s Code: America Under Cyber Siege.
Let’s dive straight into the thick of it. The hottest news: Italian authorities just pinched Xu Zewei, a Chinese national and alleged member of the notorious Hafnium group. Xu stands accused of orchestrating a massive breach on over 60,000 Microsoft Exchange servers and snatching up critical COVID-19 research. The U.S. Justice Department says Xu, while working for Shanghai Powerock Network, not only grabbed top-secret university research in 2020, but also used Exchange vulnerabilities to rifle through small business and government emails nationwide. Hafnium’s fingerprints are all over this: we’re talking identity theft, wire fraud, and—my favorite—deploying new attack campaigns dubbed Silk Typhoon. Nicholas Ganjei from the Southern District of Texas says they've been gunning for Xu for years, and thanks to Italian law enforcement, that day in court is finally coming.
But take it from John Hultquist at Google’s Threat Intelligence Group: this isn’t a movie with a neat ending. Sure, Xu’s arrest makes headlines, but cyber operators are legion—they’ll keep coming, with or without him, because these operations are state-backed and way bigger than any one hacker.
Meanwhile, SecurityScorecard’s STRIKE team just blew open the LapDogs operation—yes, like the pet, but these are no lap puppies. Over 1,000 small office and home office devices—think routers, DVRs, NAS systems—turned into espionage tools, forming a shadowy network called the Operational Relay Box, or ORB. LapDogs leveraged old vulnerabilities with a custom backdoor named ShortLeash, targeting industries from IT to real estate across the U.S. and Asia. This is next-level: attackers use these devices to anonymize traffic, stage more attacks, and exfiltrate data all while flying under the radar. Google’s Mandiant and SentinelOne have both flagged similar tactics as China’s new go-to for hiding state operations in plain sight.
On the defense, U.S. agencies aren’t just patching holes—they’re overhauling strategy. As seen after the Colonial Pipeline hit, investing in resilience is the new mantra. States like Ohio have created the Cyber Reserve, volunteer tech commandos who advise and respond statewide. The Cybersecurity and Infrastructure Security Agency (CISA) has doubled down on pushing regular firmware updates, enforcing strong passwords, disabling unused network services, and isolating IoT devices—because even grandma’s webcam might be a spy.
This week’s top lesson? The modern siege is silent, persistent, and always adapting. Attribution is painstaking, with links running through everything from Chinese-language GitHub repos to “self-patching” attackers who cover their own tracks after exploiting vulnerabilities. As Assistant Director Brett Leatherman from the FBI’s Cyber Division notes, enforcement delays don’t always deter state actors, but they do rattle the underlings.
So listeners, remember—patch your stuff, segment your network, and never trust a device with default passwords. Thanks for tuning in to Dragon’s Code. Hit subscribe so you never miss the next twist in the cyber thriller we’re all living. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta