This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Hey listeners, Ting here with another high-voltage episode of Digital Dragon Watch: Weekly China Cyber Alert. No long wind-up – let’s boot into the breach. The headline this week is all about the chaos unleashed by Chinese state-backed hackers flexing their muscle with new attack vectors, and US cyber-defense playing cat-and-mouse.

Top of the incident chart: Microsoft sounded the alarm about an ongoing onslaught exploiting unpatched SharePoint server flaws. In this fresh wave, veteran Chinese threat groups like Linen Typhoon and Violet Typhoon, plus the notorious Storm-2603, have been digging into government, defense, finance, health, and media organizations across the US, Europe, and East Asia. According to Microsoft, these actors are persistent – even after patches, they're able to pilfer cryptographic keys, impersonating users long after you think you’ve kicked them out. Cyber firm Eye Security counted over 400 compromised systems, with the advisory ringing especially loud for those running on-prem SharePoint. The origin of this mess? Shout out to Viettel Cyber Security, whose discovery at Pwn2Own Berlin back in May started the patch race – but the fix Microsoft dropped on July 8 wasn’t enough. Only last week did they finally squish the bug completely, so if you haven’t patched again, you might already be hosting uninvited guests.

It doesn’t end there. Sygnia revealed a campaign by the China-tied Fire Ant group targeting VMware ESXi and F5 systems. This crew’s advanced: they use host-to-guest commands, lateral movement, even Medusa rootkits, tunneling through network barriers that defenders thought were air-tight. The target list includes: large enterprise, government, and critical infrastructure. For anyone running segmented networks with virtualized platforms, take note: Fire Ant maintained footholds by adapting in real time, swapping up tactics and leaving stealth backdoors wherever they went.

Let’s zoom out. The sector hit hardest has been government – US agencies, National Guard units, and critical infrastructure from energy to telecoms. These hacks are part of larger campaigns like Salt Typhoon and Volt Typhoon, marking an escalation well beyond old-school economic espionage into campaigns that, as former UK NCSC chief Ciaran Martin puts it, run “everything, everywhere, all at once.” US military networks have now been told to assume breach and operate under a zero-trust mindset, according to recent advisories dragged out of the Department of Defense.

US response? The White House is on the offensive with the new AI Action Plan. This strategy, announced July 23, ramps up trade controls on advanced AI hardware and semiconductors, doubling down on export restrictions to prevent so-called countries of concern (yes, China makes the list) from acquiring sensitive tech. Expect tighter end-use monitoring and new controls on components not previously covered – the Department of Commerce is leading this charge.

So what’s the expert prescription for weary defenders? Get patching, obviously, but don’t trust patches alone. Wipe and replace any compromised keys, monitor for lateral movement with behavioral analytics, tighten privilege escalation paths, and revisit your segmentation strategy. Assume they might already be inside, living off the land. Deploy defense-in-depth, and bake incident response into your regular playbook. And if you haven’t thrown the latest zero-days into your threat-hunting cycles, better start now.

That’s the byte-packed download for this week. Thanks for tuning in to Digital Dragon Watch. Don’t forget to subscribe so you never miss the frontline reports from the cyber shadows. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Welcome back listeners, it's Ting here with your Digital Dragon Watch: Weekly China Cyber Alert. No time for fluff—let's jack into this week’s red-hot cyber drama. If you thought summer was sizzling, try having tens of thousands of SharePoint servers roasted by Chinese threat groups. That's right, the biggest story was the breach linked to the US National Nuclear Security Administration—a name that makes my pulse spike like a Geiger counter at Chernobyl. According to Bloomberg and the Independent, starting July 18, Chinese hackers exploited a zero-day in Microsoft's SharePoint, slipping into the system that oversees America's nuclear arsenal. The feds say no classified info was snatched, but let’s be honest: having your nuke babysitters get even "minimally impacted" is enough to make security pros everywhere update their LinkedIn with "stress management skills."

Now, about those attack vectors. Microsoft had patched a significant flaw in SharePoint back on July 8, thinking they'd slammed the door. Instead, Chinese hacking groups—think Linen Typhoon, Violet Typhoon, and Storm-2603—not only jimmied the lock but apparently installed a revolving door. Reports from Interesting Engineering and Taipei Times highlight that these actors bypassed Microsoft's fix with skillful maneuvering: stealing authentication keys, session tokens, and even executing code for lingering, stealthy access. Organization types affected? Not just the usual suspect government agencies. We're talking energy providers, consulting shops, academic institutions—you name it, their credentials might now be on the menu.

The numbers reflect worst-case-IT nightmares: over 100 servers globally breached, with confirmed US targets in government and healthcare, plus international universities. What's new this week? Researchers traced attackers deploying not just espionage tools but Warlock ransomware—yep, going from data thief to data kidnapper with scary speed.

The US response? The FBI, CISA, and Department of Energy investigators are collaborating closely now, and the official message from the White House is “patch like your job depends on it—because it does.” But here's the hacker twist: even installations updated within days weren’t safe, thanks to those crafty workarounds. The former SharePoint flaw—first spotted in May thanks to Vietnamese researcher Dinh Ho Anh Khoa and reported via Trend Micro’s bounty program—went from ethical competition to worldwide exploit in the blink of an eye.

What do the pros recommend? First, ditch those legacy on-prem servers. Microsoft cloud may have its headaches, but its layers of defense were the main reason the damage wasn’t catastrophic. Next up: multifactor authentication everywhere, rigorous credential rotation, and—this is from Microsoft’s chief security officer—continuous monitoring for anomalous SharePoint activity, because those “sleeper cells” are likely still gathering login tokens as we speak.

My message for tech leads and CISOs: if you’re stuck on-prem, get moving to the cloud, and bake assuming compromise into every protocol. For those not sleeping well this week—congratulations, you’re paying attention.

Thanks for tuning in to Digital Dragon Watch with Ting—if you liked this, subscribe for more sharp takes and actionable cyber-insider intel. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Listeners, Ting here with your latest dose of Digital Dragon Watch: Weekly China Cyber Alert. Let’s jack straight in—this week has been a virtual fireworks show in the world of cyber with Chinese state-backed hackers hitting US government agencies via Microsoft SharePoint. Not exactly the kind of sharing we had in mind.

Here’s the rundown. Microsoft, in a July 19 blog post, confirmed that not just one but three Chinese threat groups—Linen Typhoon, Violet Typhoon, and the enigmatic Storm-2603—blitzed internet-facing SharePoint servers. These folks aren’t dabblers; according to Eye Security, they compromised more than 400 organizations in at least four rapid-fire attack waves between July 17 and July 21. Government targets included the National Nuclear Security Administration, the Department of Health and Human Services, Education, and even the Rhode Island General Assembly. If you were betting on a slow week for cyber, bad odds.

The attack vector is classic but potent: exploiting an unpatched SharePoint vulnerability to seize credentials, plant ransomware, and burrow in. Ransomware deployed included the relatively new Warlock strain. Microsoft, rapid on the response, released a security update to shut the door, but not before several agencies—including the Defense Intelligence Agency—had their systems disrupted for hours. Imagine being mid-biosecurity research at the NIH and suddenly you’re locked out by a cyber dragon. Not ideal.

Here’s the kicker: SharePoint Online on Microsoft 365 was spared, but on-premises servers—kind of like that one old server nobody wanted to replace—were feast territory. Palo Alto Networks warns, if you’re a government, big business, or school with on-prem SharePoint, you’re a sitting duck unless patched pronto. Microsoft, CISA, and the White House all issued alerts, and emergency patching became the phrase of the week. CISA’s Tricia McLaughlin assured the press there’s no sign of data exfiltration at DHS, but let's be honest—absence of evidence isn’t evidence of absence when typhoons are swirling.

Meanwhile, the White House rolled out its much-touted AI Action Plan, with three Executive Orders targeting everything from accelerating data center builds to exporting the “full AI technology stack” and, pointedly, tightening security controls to counter China. The plan moves the spotlight to new technical standards for high-security data centers and calls for an AI Information Sharing and Analysis Center within DHS. Expect new tools, new frameworks, and new headaches for cyber lawyers everywhere.

Oh, and if you thought it was just the software under fire, think again. Following the uproar over Microsoft using China-based engineers to support US government cloud systems, Microsoft announced it’s ending that practice and will review all processes over the next month—cue nervous cloud admins everywhere.

Expert recommendations for anyone listening in the trenches: Patch fast and often, especially legacy on-prem shenanigans. Assess exposure to Chinese-manufactured networking gear. Follow updated CISA, DHS, and Microsoft guidance. Harden identity and access management, and don’t assume that only classified systems are targets—unclassified data can still be gold to adversaries.

That’s a wrap from Ting—thank you for tuning in to Digital Dragon Watch. Remember to subscribe for your weekly byte of China cyber action. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Ting here, and believe me, these last seven days have felt like the cyber equivalent of trying to eat hot pot with a leaky chopstick—messy, spicy, and, if you’re not careful, professionally hazardous. Let’s dive straight into the latest, starting with Microsoft’s SharePoint mayhem, which has been the hottest ticket on the China cyber scene this week.

Microsoft confirmed that not just one, but three Chinese state-sponsored groups—Linen Typhoon, Violet Typhoon, and the newly tracked Storm-2603—have been exploiting a zero-day flaw in their SharePoint servers, dubbed ToolShell. The bug affects on-premises deployments, not the cloud, which, let’s be blunt, has left government agencies and enterprises globally sweating bullets. These attackers have been targeting everything from North American governments to European telecom giants, and, get this, the US agency that designs nuclear weapons itself got breached. I’m not saying we should panic, but if you saw any security team in lead-lined hazmat suits recently, now you know why.

How did they do it? With a classic remote code execution exploit—think sending booby-trapped data to the SharePoint server, which obligingly lets them run whatever code they want. Attackers can steal data, move across networks, and generally make Mondays worse for IT admins everywhere. Microsoft scrambled to patch—CVE-2025-53770 and CVE-2025-53771 are your new favorite acronyms—but the situation is extra spicy since a public exploit surfaced online. In other words, script kiddies, cybercriminals, and nation-state operators now have party invitations.

The US government’s response was swift—CISA issued a July 23 patch deadline for federal agencies, adding these vulnerabilities to its Known Exploited Vulnerabilities list. Chris Butera, CISA’s acting director for cybersecurity, confirmed around 400 organizations, including multiple government agencies, had already been compromised or were under active threat. Meanwhile, Secretary of Defense Pete Hegseth demanded tightened supply chain reviews for the entire Department of Defense, following reports that Microsoft had been outsourcing cloud engineering to China-based teams. Microsoft, perhaps feeling the digital equivalent of being caught with a hand in the Great Firewall cookie jar, quickly swore off China-based engineering for US defense systems.

The news isn’t all code and command prompts, though. Hong Kong’s financial sector was lit up by a Mandarin-language SquidLoader campaign, targeting banks with hyper-obfuscated spear-phishing attacks that drop Cobalt Strike post-exploit. These emails spoof official documents, and the loader can evade sandboxes, antivirus, and even run fake errors if it senses it’s being watched. If your bank’s IT staff looks extra caffeinated this week, you know why.

As a cherry on top, analysts sounded alarms about US critical infrastructure exposure after advanced monitoring by the Lawrence Livermore National Lab was suspended due to funding woes. Tatyana Bolton of the Operational Technology Cyber Coalition broke the bad news to Congress—breaches can go undetected for years, and getting foreign adversaries out of our systems is sometimes impossible. OT cybersecurity—think energy, water, and nuclear systems—needs urgent upgrades.

What should savvy listeners do? Top experts urge immediate patching of on-prem SharePoint, comprehensive reviews of third-party tech suppliers, implementation of network monitoring for known attacker IPs shared by Microsoft, and a healthy, absolutely justified paranoia toward any incoming email, especially those in suspiciously perfect Mandarin.

That was the week in China cyber—no shortage of digital drama, and plenty for defenders to chew on. Thanks for tuning in to Digital Dragon Watch: Weekly China Cyber Alert. Subscribe for next week’s episode and stay vigilant—your networks, your secrets, and, frankly, your lunch breaks may depend on it. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Hey listeners, it’s Ting here—your Digital Dragon Watch host, serving up the week’s wildest China cyber antics with a side of actionable insight. Let’s not waste time, the cyber seas have been stormy, and you’re here for the real story.

First up, if you thought the legendary Chinese group APT41 had settled down, think again. According to Kaspersky, APT41 just dropped a new campaign targeting government IT systems, but this time, it’s Africa in the crosshairs. They’re using hardcoded internal services, hijacking SharePoint servers within victim infrastructures, and smuggling in C2 commands through web shells. The trickiest bit? They’re sidestepping detection with living-off-the-land tactics, blending C# trojans and Windows tools to move quietly through networks. Oh, and their malware checks which language packs are installed—it bails if it detects Japanese, Korean, or any Chinese variants. Sorry, global ops only.

These aren’t isolated sleights of hand. Over in Singapore, their critical infrastructure just took a hit, as Singapore’s cybersecurity agency confirmed Chinese hackers had breached core systems late last week. We’re seeing the same escalation worldwide: China’s state-run “Salt Typhoon” group has ties to the Ministry of State Security and is targeting everything from telecom to energy, using techniques once reserved for military espionage.

Let’s head back stateside. The U.S. Department of Defense reacted fast after a ProPublica investigation exposed Microsoft’s use of China-based engineers for patching Pentagon cloud systems. Turns out these engineers, although supervised by U.S.-cleared “digital escorts,” were still helping patch some of the cloud’s most sensitive layers—think material just short of top secret. Defense Secretary Pete Hegseth didn’t mince words: China will have “no involvement whatsoever” in Pentagon cloud services, effective immediately. Microsoft did a quick pivot, promising no more China-based support on DoD clouds. But the implications? Big providers everywhere are now under the microscope. Congress is also scrutinizing potential PRC ties to America’s subsea Internet cables—Huawei Marine, China Telecom, and SBSS are all popping up on their radars.

Meanwhile in India, Hackread details how Chinese threat groups are running a $580 million annual cyber-laundering scheme. They’re using WhatsApp and Telegram to recruit students as money mules, hijacking bank accounts, and washing illicit proceeds through local shadow banking systems for crypto conversion. It’s a hybrid attack: part cybercrime, part financial warfare.

Stateside response? Some experts, like Dave Kennedy, say the U.S. absolutely must shift to a more aggressive, offensive cyber stance. The days of defensive posturing and “strongly worded statements” are over. New investments—rumored at $1 billion—are being proposed to build up real-time offensive capabilities, not just tools locked away behind endless layers of bureaucracy. Congress is pushing for strict prohibitions on any entity using Chinese components or personnel for critical infrastructure—cables, clouds, you name it.

On the regulatory front, China just amped up mandatory data protection rules: if your company touches data on a million or more individuals, you now have 30 days to report your appointed Personal Information Protection Officers online to the Cyberspace Administration of China. Miss it, and they’re promising serious consequences.

And finally, the expert recommendations this week:
- Immediately audit all legacy connections and MSP relationships for supply chain exposure, especially where offshore labor is involved
- Use threat intel platforms that go beyond signature detection; APT41 and Salt Typhoon are masters at blending in with normal network traffic
- Tighten controls around internal SharePoint and proxy tools, and monitor for unusual proxy and lateral movement patterns
- Don’t trust, and definitely verify—especially when it comes to cloud supply chains and subsea cable providers

That’s your Digital Dragon Watch rundown for the week! Stay sharp, patch quick, and never underestimate a dragon with a keyboard. Thanks for tuning in. Don’t forget to subscribe to get the latest, every week. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Listeners, Ting here—your go-to dragon tamer for all things China, cyber, and chaos. Welcome to this week’s Digital Dragon Watch: Weekly China Cyber Alert, bringing you the biggest cyber shakedowns and sharpest defense moves straight from the land of the digital red dragon. Strap in, it’s been a week where cyber really got political, technical, and, honestly, a little wild.

Let’s rip the bandage off the big story: Microsoft’s bombshell cloud scandal. After a jaw-dropping ProPublica exposé, it turns out Microsoft had been letting Chinese engineers, monitored by US-based “digital escorts,” help patch the Pentagon’s cloud—yes, the one holding extremely sensitive military data. The digital escorts had clearances but frequently lacked the cyber chops to vett what was going into the most classified systems. Imagine hiring a bouncer who can’t spot a fake ID! Senator Tom Cotton absolutely erupted, demanding answers from Defense Secretary Pete Hegseth. In response, Hegseth yanked Chinese labor from all Pentagon cloud work “effective immediately," and he ordered a full-scope review of all Department of Defense cloud arrangements—with a two-week deadline and zero tolerance for further slip-ups. Microsoft, caught flat-footed, dropped its China-based teams for DoD systems in an instant, showing this was always about cost, not necessity. As Senator Cotton thundered, this is not the time for cyber amateur hour when facing America’s “most dangerous cyber threats.”

Pivoting to the latest attack vectors: Chinese state-affiliated threat actors set off alarms everywhere from Singapore to Africa. In Singapore, officials revealed ongoing breach campaigns by hacking group UNC3886, a crew previously spotlighted by Mandiant for planting custom backdoors in Juniper routers, VMware, and Fortinet appliances. The Singaporean minister for national security issued stark warnings about critical infrastructure and the ripple effects: compromised vendors and supply chains. Meanwhile, the Chinese embassy in Singapore called these accusations “groundless,” but experts—and the targeted firewalls—aren’t buying it.

Over in Africa, Kaspersky uncovered a fresh campaign from APT41, deploying stealthy malware that used compromised internal SharePoint servers as command-and-control hubs—an unusually covert tactic. They injected malicious C# code which only runs on non-Chinese and non-Asian language systems, a crafty move designed to evade detection at home and maximize foreign impact. APT41’s toolkit combined custom droppers and living-off-the-land techniques, using trusted IT services as attack pivots.

Let’s not forget India: CloudSEK found that over $580 million a year is being laundered by Chinese-controlled shadow banking circuits. The operation entices job-seekers via WhatsApp and Telegram, scooping up banking credentials to operate vast illegal payment networks tied to gambling, Ponzi schemes, and more. This isn’t a simple scam—it’s an economic attack undermining India’s digital financial trust.

The US government isn't just playing defense anymore. CyberScoop’s Dave Kennedy argues it’s time for America to invest in offensive cyber: new tools, elite operators, and a flexible legal framework. The old “respond with indictments” game is over; it’s time to show cyber force deters cyber aggression.

Expert recommendations? First, ditch legacy models that let foreign nationals anywhere near core infrastructure—even with “escorts.” Next, ramp up real-time monitoring for lateral movement, credential theft, and living-off-the-land attacks across all public-facing systems. Third, patch your network gear—especially Juniper, VMware, and Fortinet—like yesterday. And finally, raise the bar for detection, especially in critical infrastructure, by adopting behavioral analytics, not just signatures.

Thanks for tuning in to Digital Dragon Watch. Subscribe for more weekly truth bombs and hacks of the week—protect your data and your sanity. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, dropping straight into the heart of this wild, always-evolving cyber battleground between the US, China, and everyone in their digital blast radius.

Here's what’s rattled the wires the past seven days: It’s a banner week for Salt Typhoon, the notorious Chinese state-sponsored hacking crew that just can’t quit US infrastructure. First, the juicy breach: The US Department of Defense confirmed Salt Typhoon lurked inside a National Guard network for almost a year, quietly siphoning off network diagrams, admin credentials, and configuration files. The scope is massive—experts estimate info from over 70 government and critical infrastructure identities across a dozen sectors got hoovered up, including wastewater, transportation, energy, and comms. Pretty much everyone’s worst patch management nightmare made real. This is the kind of haul that could grease the skids for stealth attacks on multiple government and infrastructure targets, not to mention enable future espionage or disruptive operations. The DoD's answer? They’re pushing for zero-trust security models and warning every military branch to reassess whether they’re as safe as they think.

Now, let’s cross the Pacific. Salt Typhoon’s appetite for telecommunications hasn’t dulled. A new report from Recorded Future shows their hit list includes devices connected to global telecoms, with Comcast, South Africa's MTN Group, and South Korea’s LG Uplus all finding compromised client hardware on their turf. The favorite move: exploiting old, unpatched vulnerabilities in edge devices—routers, switches, anything that lets you pivot from one boring box to a crown-jewel database. Pete Renals from Palo Alto Networks lays it down—these devices are foot-in-the-door vectors, launching pads for far more serious incursions. And the targeting is broadening: not just core networks, but the consumer endpoints that glue the whole info economy together.

But the digital tiger’s got its eyes on more than just the pipes—it wants what’s flowing through them too. Taiwan’s semiconductor sector took heavy incoming from not one but three China-linked hacker groups—labeled UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp by Proofpoint. Their spear-phishing campaigns hit designers, manufacturers, and investment analysts with emails masquerading as job-seeking grad students. Cobalt Strike payloads and custom backdoors like Voldemort (aptly named, they who must not be detected) got sent out like party favors. Proofpoint’s Mark Kelly said the attackers got crafty, sometimes spamming entire orgs, sometimes sending just one or two precisely crafted hooks. The motive? Espionage, driven by both geopolitical tension—hello, US chip export restrictions—and Beijing’s hunger for semiconductor supremacy.

And the US response? Let’s just say the phrase "own goal" comes to mind. While the FBI and CISA urge critical infrastructure sectors to wake up and harden defenses—multi-factor everywhere, rapid patching, and zero-trust all the things—the State Department went and gutted its own cyber diplomacy bureau. Key digital diplomats and strategists were pushed out, just as China goes full throttle in empowering not just state hackers, but the private sector to run its own unsupervised cyber ops. Experts, including Justin Sherman of Global Cyber Strategies, are blunt: firing diplomats and telling allies to "figure it out themselves" just puts more targets on US back.

If you want to dig deeper, pay attention to Senate Intelligence’s Tom Cotton, who’s now grilling the Pentagon about Microsoft’s use of Chinese staff on sensitive DoD contracts. With digital trust as shaky as a two-legged stool, oversight and transparency are being pushed front and center.

So what should you do right now? Experts say: inventory your assets, patch your public-facing devices, log everything, limit vendor supply chain exposure, and get serious about insider threat models. Assume the adversary already has a foothold and build your defenses for defense-in-depth.

Thanks for tuning in, listeners—don’t forget to subscribe for your weekly front-row seat to digital intrigue! This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Welcome, cyber sleuths, to Digital Dragon Watch! I’m Ting, and if you wondered how much digital havoc China’s been up to this week, buckle up because the cyber weather forecast is…cloudy, with a chance of espionage.

Let’s leap straight into the week’s jaw-dropper: the Salt Typhoon breach. According to a Department of Defense report, this Chinese state-sponsored hacking group stealthily infiltrated a U.S. Army National Guard network and camped there for a whopping nine months, starting back in March of last year. Their vacation wasn’t for sightseeing—they hoovered up network configurations, admin credentials, and communications not just from the breached state, but from Army National Guard units across all fifty states and four territories. That’s like robbing one house and leaving with a map, the alarm codes, and spare keys to every other home on the block. The information snatched could enable follow-on attacks targeting state-level cyber defense, especially chilling since the Guard’s digital squads plug right into critical infrastructure defense across fourteen states. The FBI isn’t messing around either—they’re dangling a ten million dollar carrot for leads on Salt Typhoon’s masterminds—and frankly, they’ll need all the help they can get. Security experts stress this is one of the most damaging campaigns waged against U.S. military communications and state-level cyber resilience. The best defense right now, according to CISA and DoD guidance, is reinforcing least-privilege access, encrypting sensitive data, locking down old vulnerabilities, and watching admin accounts like a hawk.

Now, simultaneous to Salt Typhoon’s stealth, the crew from Volt Typhoon took their shot at U.S. critical infrastructure, especially on Guam—likely preparing digital beachheads for any future kerfuffle over Taiwan. The NSA confirmed they were detected and evicted before they could embed, but the failed attack is a loud reminder: these operations are not freelance. The Chinese Communist Party calls the plays, and their long-term strategy is out in the open.

That’s not all. Pull up your socks for this: ProPublica dropped a bombshell on Microsoft and the Pentagon. It turns out the U.S. Defense Department has allowed Microsoft-employed engineers, based in China, to help operate and troubleshoot Pentagon cloud systems for the past decade. These engineers are “supervised” by U.S. citizens called “digital escorts”—but here’s the twist: many escorts know more about securing a lunch break than scrutinizing code. The loophole? Pentagon guidelines let these engineers work with “high-impact” data that, if leaked, could cause catastrophic operational damage—all while Uncle Sam foots the bill. National security experts, like Harry Coker, have voiced scathing criticisms, calling this “like asking the fox to guard the henhouse.” Microsoft insists all staff are vetted, but as critics point out, vetting only works if the chaperone knows how to catch a trick. Lawmakers are now demanding oversight, and if ProPublica’s exposé holds water, there could be major legal and security repercussions on the horizon.

Finally, travelers, consider this your one-minute malware warning: mobile security researchers at Lookout just revealed Chinese authorities are rolling out an advanced mobile malware, Massistant, to extract data from any phones seized at Chinese borders. The malware gobbles up everything: texts (even from apps like Signal), contacts, locations, photos, and audio. Experts urge travelers: carry clean devices, avoid sensitive data, and assume any info on your phone may be collected.

Folks, China’s cyber strategy is coordinated, persistent, and opportunistic—and whether you’re state government, private sector, or a globetrotter, vigilance is non-negotiable. Double-down on vulnerability management, enforce strict privilege controls, and, seriously, encrypt everything. Thanks for tuning in to Digital Dragon Watch. Don’t forget to subscribe for your weekly dose of cyber-zen. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Welcome back to Digital Dragon Watch, your weekly China cyber alert with me, Ting—your favorite cyber sleuth who runs on caffeine, curiosity, and a steady stream of zero-day disclosures. Buckle up, listeners, because the dragon has definitely been breathing fire this week.

Let’s get right into the biggest headline: security researchers have sounded the alarm about an alarming vulnerability in the Wing FTP Server, tagged as CVE-2025-47812. Huntress and Shadowserver researchers confirm attackers are actively exploiting this nasty flaw, which combines a null byte and Lua injection to allow root-level remote code execution. In layman’s terms, it’s a digital skeleton key—hackers can take control of whole systems, scoop up passwords, and even wipe out files if they’re feeling spicy. Wing FTP counts some big players among its 10,000 clients, with the U.S., China, and Germany topping the exposure charts. This isn’t speculative, folks—Shadowserver is tracking at least 2,000 exposed systems and says active exploitation began July 1. If you run Wing FTP and haven’t patched, you might as well be handing the keys to your digital kingdom to the nearest stranger. So, as expert Julien Ahrens bluntly put it, patch now or risk total compromise.

Meanwhile, hacktivism is evolving in ways that should unsettle every infrastructure operator. According to Cyble, hacktivists are no longer just playing with website graffiti—they're breaching industrial control systems and causing real disruptions. The Russia-linked Z-Pentest group has launched 38 ICS attacks in Q2 alone—a 150% increase—and, while not all directly tied to China, the inspiration and technical overlap with China’s industrial espionage are hard to ignore. These attacks aren’t just about chaos; they’re aimed at undermining the backbone of entire sectors, including energy and utilities.

Let’s talk statecraft—China’s cyber operations aren’t just about stealing secrets anymore. The Irregular Warfare Center warns that Beijing is heavily focused on pre-positioning malware within U.S. critical infrastructure, especially in energy, transportation, and water systems. The notorious Volt Typhoon group, for example, has become the poster child for this hybrid espionage campaign, blending network intrusions with the ability to disrupt life-critical services. The FBI now has over 2,000 open investigations into PRC-related IP theft. This is economic warfare—Chinese companies leapfrog R&D costs by snatching U.S. breakthroughs, and that’s got strategic implications far beyond quarterly earnings.

On the regulatory front, the U.S. government isn’t just playing defense. A new White House executive order directs NIST, CISA, and OMB to adopt policy-as-code—think machine-readable cybersecurity rules and automated compliance pipelines. By 2027, all federal IoT procurements will require machine-checked security labels. This is a big move toward operationalizing security and making sure standards aren’t just words but living, enforced controls.

Turning to the Pacific, China’s hybrid gray-zone tactics against Taiwan’s allies like Palau continue. Asia Times details how cyberattacks have dovetailed with economic coercion and political influence ops, including a 2024 hack that cost Palau $1.2 million and the suspicious leasing of land near U.S. military sites. The U.S. has responded by ramping up missile defense requests and pushing for more robust regional alliances, even as it asks allies to boost defense spending.

On the privacy front, TikTok’s woes in Europe just hit another speedbump. The Irish Data Protection Commission is investigating ByteDance for shipping EU user data to China, despite prior denials and a massive €530 million fine. TikTok says Project Clover will localize data, but regulators are skeptical—and so should you be, if you value your privacy.

So, what do the experts recommend? Patch your systems immediately, especially if you use widely targeted software like Wing FTP; automate your compliance—don’t just check the box, make security continuous; and if you’re a critical infrastructure operator, segment your ICS from the Internet like your infrastructure depends on it—because it does. And never underestimate the human element: train your teams, verify your alerts, and scrutinize access, especially from third parties and foreign suppliers.

Thanks for tuning in to Digital Dragon Watch. Subscribe for your weekly fix of cyber intrigue, and don’t forget: in cyberspace, vigilance isn’t optional—it’s survival. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Welcome back, listeners! Ting here—and if you think the summer’s hot, wait till you hear what’s been cooking in cyberspace. It’s Digital Dragon Watch, and these past seven days have delivered a fresh surge of China-related cyber drama.

Let’s dive right into the weekend’s bombshell: Italian authorities dropped the digital hammer on Zewei Xu, a 33-year-old Chinese national linked to the notorious Silk Typhoon, also known as Hafnium. Xu was arrested in Milan, wanted by the FBI for spearheading espionage against Western networks. Allegedly, Xu and his crew infiltrated the University of Texas’ COVID-19 vaccine research and ran mass phishing ops snagging thousands of email accounts. The FBI’s most-wanted list just got a little lighter, and U.S. officials are beaming as this arrest ramps up the global crackdown on state-backed cyber actors. Xu faces decades in a U.S. prison if extradited—major win for cross-border cyber law enforcement.

But it doesn’t stop with individuals. According to a new Cyberstreams report, China-linked cyberattacks on U.S. defense contractors surged by 1 percent so far this year, focusing on proprietary designs and supply chains. IBM’s threat force highlights persistent, targeted campaigns—reminding everyone that intellectual property is a battlefield commodity.

Legal eagles weren’t spared either. Just this week, suspected Chinese hackers breached the email accounts of attorneys and advisers at a powerful Washington, DC law firm. No word yet on the clients or cases caught in the crosshairs, but the implications for privileged information—and national influence—are huge.

On the hardware front, the U.S. is tightening the noose on Chinese tech, especially drones. In April, Washington barred Chinese drones and components from critical infrastructure projects and government contracts. Beijing responded tit-for-tat, pulling U.S. firms into its “unreliable entities” list and slapping new export controls on key drone tech. This geopolitical chess match has forced manufacturers like DJI, who once ruled the U.S. consumer drone market, out of public sector sales, while the Pentagon pushes homegrown alternatives through the Blue UAS program.

All this has triggered big moves in the cyber defense world. Former CISA Director Chris Krebs, in a rousing speech, called for ramping up talent and defending U.S. cyber agencies against downsizing. Meanwhile, critical infrastructure is under siege globally—Chinese espionage reportedly targeted Latin America’s energy sector, echoing the call for urgent upgrades in industrial control system security.

Experts have a clear playbook: adopt advanced endpoint detection, ensure routine vulnerability patching, and, if you’re running anything sensitive—think zero trust. CrowdStrike, Dragos, and Palo Alto Networks are spotlighted for their industrial and endpoint security solutions, and the government is urging deeper public-private partnerships.

Before I sign off, remember: every sector, from fintech to law, is a potential target. Reinforce your defenses, keep your staff sharp, and watch those supply chains.

Thanks for tuning in, listeners! Don’t forget to subscribe for your weekly Dragon Watch—and as always, this has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta