Sign up to save your podcasts
Or
Share Digital Dragon Watch: China's Cyber Claws Sink Deeper as US Fights Back with AI Arsenal & Chip Tricks
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Digital Dragon Watch: China's Cyber Claws Sink Deeper as US Fights Back with AI Arsenal & Chip Tricks
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Listeners, Ting here with your Digital Dragon Watch China Cyber Alert. Let's cut the fluff—because this past week in the cyber trenches was anything but boring.
First up, Taiwan’s web infrastructure took a direct hit from UAT-7237, a China-based advanced persistent threat group that Cisco Talos believes spun off from UAT-5918. These folks are crafty: they blended open-source tools, some custom flavor, and a shellcode loader called SoundBill to slip secondary payloads—think Cobalt Strike—past IT teams. What’s unique this round? Selective web shell deployment after initial compromise, plus old-school RDP access and SoftEther VPN for stick-around control. The critical infrastructure sector is feeling the tremors, and that, my friends, is the sort of scenario where “assume breach” isn’t paranoia—it’s Tuesday.
Simultaneously, the US telecom sector remains in the Volt Typhoon weather alert zone. Despite a headline-grabbing FBI “success” in early 2024, Volt Typhoon just morphed again. Their bots are worming through legacy telecom systems and exploiting supply chain partners who skipped their cyber hygiene routines. Persistent Chinese infiltration of US critical infrastructure has directly shaped new FCC breach notification rules, which—against all expectations—survived court challenges this week. Cyber attorney Rick Halm put it bluntly: these rules are here to stay, not because DC likes paperwork, but because Chinese access to telecom networks is no longer just an IT problem. It’s a national security tripwire.
On the tech trade front, the Trump administration’s wild experiment to monetize export controls—making Nvidia and AMD fork over 15% of China chip-sale revenue—has both sides furrowing their digital brows. Beijing’s response? Telling big names like Tencent and Baidu to dump Nvidia’s H20 chips for homegrown silicon, and blasting US hardware as a security risk. Meanwhile, Reuters and the Financial Times report the US quietly planted location trackers in outbound AI chips, destroying any shred of Silicon Valley trust left in China’s tech sector. Nvidia execs are sweating, buyers are hesitating, and American kit in China is one firmware update away from being fully persona non grata.
Inside homeland cyber defense, new leadership at CISA—take a bow, Secretary Noem—is going full throttle: $100 million dropped for local cybersecurity upgrades, an arsenal of new defender tools (including the Eviction Strategies Tool and the Thorium analysis platform), and more than 700 pre-ransomware warnings pushed out in the last few months. You could almost hear the collective exhale as AI-driven threat detection quietly shifted from a bureaucratic dream to a field toolkit.
For anyone keeping score on expert advice: invest in modernizing legacy systems vulnerable to persistence threats, double down on network segmentation, and for all love of uptime, treat open-source components like live grenades—know what’s in your stack and keep them patched. CISA’s public advisories are more relevant than ever. On both sides of the Pacific, AI and cyber policy are officially strategic arms races. The only constant is that complacency is a vulnerability.
Thank you for tuning in, listeners! For deep dives and daily cyber drama, remember to subscribe. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Listeners, Ting here with your Digital Dragon Watch China Cyber Alert. Let's cut the fluff—because this past week in the cyber trenches was anything but boring.
First up, Taiwan’s web infrastructure took a direct hit from UAT-7237, a China-based advanced persistent threat group that Cisco Talos believes spun off from UAT-5918. These folks are crafty: they blended open-source tools, some custom flavor, and a shellcode loader called SoundBill to slip secondary payloads—think Cobalt Strike—past IT teams. What’s unique this round? Selective web shell deployment after initial compromise, plus old-school RDP access and SoftEther VPN for stick-around control. The critical infrastructure sector is feeling the tremors, and that, my friends, is the sort of scenario where “assume breach” isn’t paranoia—it’s Tuesday.
Simultaneously, the US telecom sector remains in the Volt Typhoon weather alert zone. Despite a headline-grabbing FBI “success” in early 2024, Volt Typhoon just morphed again. Their bots are worming through legacy telecom systems and exploiting supply chain partners who skipped their cyber hygiene routines. Persistent Chinese infiltration of US critical infrastructure has directly shaped new FCC breach notification rules, which—against all expectations—survived court challenges this week. Cyber attorney Rick Halm put it bluntly: these rules are here to stay, not because DC likes paperwork, but because Chinese access to telecom networks is no longer just an IT problem. It’s a national security tripwire.
On the tech trade front, the Trump administration’s wild experiment to monetize export controls—making Nvidia and AMD fork over 15% of China chip-sale revenue—has both sides furrowing their digital brows. Beijing’s response? Telling big names like Tencent and Baidu to dump Nvidia’s H20 chips for homegrown silicon, and blasting US hardware as a security risk. Meanwhile, Reuters and the Financial Times report the US quietly planted location trackers in outbound AI chips, destroying any shred of Silicon Valley trust left in China’s tech sector. Nvidia execs are sweating, buyers are hesitating, and American kit in China is one firmware update away from being fully persona non grata.
Inside homeland cyber defense, new leadership at CISA—take a bow, Secretary Noem—is going full throttle: $100 million dropped for local cybersecurity upgrades, an arsenal of new defender tools (including the Eviction Strategies Tool and the Thorium analysis platform), and more than 700 pre-ransomware warnings pushed out in the last few months. You could almost hear the collective exhale as AI-driven threat detection quietly shifted from a bureaucratic dream to a field toolkit.
For anyone keeping score on expert advice: invest in modernizing legacy systems vulnerable to persistence threats, double down on network segmentation, and for all love of uptime, treat open-source components like live grenades—know what’s in your stack and keep them patched. CISA’s public advisories are more relevant than ever. On both sides of the Pacific, AI and cyber policy are officially strategic arms races. The only constant is that complacency is a vulnerability.
Thank you for tuning in, listeners! For deep dives and daily cyber drama, remember to subscribe. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
View all episodes
By Quiet. PleaseThis is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Listeners, Ting here with your Digital Dragon Watch China Cyber Alert. Let's cut the fluff—because this past week in the cyber trenches was anything but boring.
First up, Taiwan’s web infrastructure took a direct hit from UAT-7237, a China-based advanced persistent threat group that Cisco Talos believes spun off from UAT-5918. These folks are crafty: they blended open-source tools, some custom flavor, and a shellcode loader called SoundBill to slip secondary payloads—think Cobalt Strike—past IT teams. What’s unique this round? Selective web shell deployment after initial compromise, plus old-school RDP access and SoftEther VPN for stick-around control. The critical infrastructure sector is feeling the tremors, and that, my friends, is the sort of scenario where “assume breach” isn’t paranoia—it’s Tuesday.
Simultaneously, the US telecom sector remains in the Volt Typhoon weather alert zone. Despite a headline-grabbing FBI “success” in early 2024, Volt Typhoon just morphed again. Their bots are worming through legacy telecom systems and exploiting supply chain partners who skipped their cyber hygiene routines. Persistent Chinese infiltration of US critical infrastructure has directly shaped new FCC breach notification rules, which—against all expectations—survived court challenges this week. Cyber attorney Rick Halm put it bluntly: these rules are here to stay, not because DC likes paperwork, but because Chinese access to telecom networks is no longer just an IT problem. It’s a national security tripwire.
On the tech trade front, the Trump administration’s wild experiment to monetize export controls—making Nvidia and AMD fork over 15% of China chip-sale revenue—has both sides furrowing their digital brows. Beijing’s response? Telling big names like Tencent and Baidu to dump Nvidia’s H20 chips for homegrown silicon, and blasting US hardware as a security risk. Meanwhile, Reuters and the Financial Times report the US quietly planted location trackers in outbound AI chips, destroying any shred of Silicon Valley trust left in China’s tech sector. Nvidia execs are sweating, buyers are hesitating, and American kit in China is one firmware update away from being fully persona non grata.
Inside homeland cyber defense, new leadership at CISA—take a bow, Secretary Noem—is going full throttle: $100 million dropped for local cybersecurity upgrades, an arsenal of new defender tools (including the Eviction Strategies Tool and the Thorium analysis platform), and more than 700 pre-ransomware warnings pushed out in the last few months. You could almost hear the collective exhale as AI-driven threat detection quietly shifted from a bureaucratic dream to a field toolkit.
For anyone keeping score on expert advice: invest in modernizing legacy systems vulnerable to persistence threats, double down on network segmentation, and for all love of uptime, treat open-source components like live grenades—know what’s in your stack and keep them patched. CISA’s public advisories are more relevant than ever. On both sides of the Pacific, AI and cyber policy are officially strategic arms races. The only constant is that complacency is a vulnerability.
Thank you for tuning in, listeners! For deep dives and daily cyber drama, remember to subscribe. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Listeners, Ting here with your Digital Dragon Watch China Cyber Alert. Let's cut the fluff—because this past week in the cyber trenches was anything but boring.
First up, Taiwan’s web infrastructure took a direct hit from UAT-7237, a China-based advanced persistent threat group that Cisco Talos believes spun off from UAT-5918. These folks are crafty: they blended open-source tools, some custom flavor, and a shellcode loader called SoundBill to slip secondary payloads—think Cobalt Strike—past IT teams. What’s unique this round? Selective web shell deployment after initial compromise, plus old-school RDP access and SoftEther VPN for stick-around control. The critical infrastructure sector is feeling the tremors, and that, my friends, is the sort of scenario where “assume breach” isn’t paranoia—it’s Tuesday.
Simultaneously, the US telecom sector remains in the Volt Typhoon weather alert zone. Despite a headline-grabbing FBI “success” in early 2024, Volt Typhoon just morphed again. Their bots are worming through legacy telecom systems and exploiting supply chain partners who skipped their cyber hygiene routines. Persistent Chinese infiltration of US critical infrastructure has directly shaped new FCC breach notification rules, which—against all expectations—survived court challenges this week. Cyber attorney Rick Halm put it bluntly: these rules are here to stay, not because DC likes paperwork, but because Chinese access to telecom networks is no longer just an IT problem. It’s a national security tripwire.
On the tech trade front, the Trump administration’s wild experiment to monetize export controls—making Nvidia and AMD fork over 15% of China chip-sale revenue—has both sides furrowing their digital brows. Beijing’s response? Telling big names like Tencent and Baidu to dump Nvidia’s H20 chips for homegrown silicon, and blasting US hardware as a security risk. Meanwhile, Reuters and the Financial Times report the US quietly planted location trackers in outbound AI chips, destroying any shred of Silicon Valley trust left in China’s tech sector. Nvidia execs are sweating, buyers are hesitating, and American kit in China is one firmware update away from being fully persona non grata.
Inside homeland cyber defense, new leadership at CISA—take a bow, Secretary Noem—is going full throttle: $100 million dropped for local cybersecurity upgrades, an arsenal of new defender tools (including the Eviction Strategies Tool and the Thorium analysis platform), and more than 700 pre-ransomware warnings pushed out in the last few months. You could almost hear the collective exhale as AI-driven threat detection quietly shifted from a bureaucratic dream to a field toolkit.
For anyone keeping score on expert advice: invest in modernizing legacy systems vulnerable to persistence threats, double down on network segmentation, and for all love of uptime, treat open-source components like live grenades—know what’s in your stack and keep them patched. CISA’s public advisories are more relevant than ever. On both sides of the Pacific, AI and cyber policy are officially strategic arms races. The only constant is that complacency is a vulnerability.
Thank you for tuning in, listeners! For deep dives and daily cyber drama, remember to subscribe. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta