This is your Dragon's Code: America Under Cyber Siege podcast.

Name’s Ting. Let’s jack straight into Dragon’s Code: America Under Cyber Siege.

Over the past few days, US networks have been eating a steady diet of precision probes from Chinese state-backed crews the FBI and CISA lump under labels like Volt Typhoon, APT41, and Storm‑0558 in public briefings. According to recent CISA and FBI joint advisories, these operators are leaning hard on living‑off‑the‑land tactics: PowerShell, WMI, scheduled tasks, and stolen VPN credentials instead of loud zero‑days, so their traffic looks like that quiet guy in accounting working late on a Friday.

The main hunting ground has been critical infrastructure and telecom backbones that support it. CISA officials have warned that Chinese operators are burrowing into power grid management systems, water utilities’ SCADA networks, and regional telecoms that route traffic for hospitals and ports. One DHS cyber lead compared it to “pre‑positioning explosives along the digital railroad tracks” – not to blow things up today, but to have options if Washington and Beijing ever truly collide.

Technically, the playbook this week has three big chapters. First, edge device exploitation: firewalls and VPN appliances from big names like Fortinet and Cisco, with access gained via unpatched bugs or credential stuffing. Second, abusing remote‑management tools already approved by IT, like AnyDesk and ScreenConnect, turning helpdesk software into persistent backdoors. Third, hands‑on‑keyboard lateral movement using harvested Active Directory tokens to slide from corporate IT into the operational tech that actually runs turbines and pumps.

Attribution is always messy, but not guesswork. NSA analysts talk about unique command‑and‑control infrastructure leased through Chinese bulletproof hosts, custom malware families that reuse code seen in earlier campaigns against targets in Taiwan and Australia, and work-hours clustering that maps a little too perfectly to 9‑to‑6 Beijing time with weekends off. Private firms like Mandiant and CrowdStrike back that up with malware signatures and infrastructure overlaps they’ve tracked for years.

Defensively, it’s been a busy week. CISA pushed new emergency directives forcing federal agencies to hunt for specific Chinese tradecraft in logs and to segment any network that touches industrial control systems. The Department of Energy has been running red‑team exercises with utilities, simulating exactly these persistence‑in‑the‑grid scenarios. NSA’s Cybersecurity Collaboration Center shared fresh indicators of compromise with major cloud providers so they can auto‑flag suspicious Chinese C2 patterns at scale.

Experts like Dmitri Alperovitch and former CISA director Chris Krebs keep hammering the same lesson: this is not ransomware‑for‑rent; it’s long‑term battlespace prep. The big takeaway this week is that resilience matters more than perfection. Network segmentation, tested incident‑response runbooks, offline backups for OT configs, and mandatory multifactor auth on every remote access path did more to blunt these intrusions than any shiny new AI box.

Final lesson from your friendly China‑cyber nerd: assume the dragon is already inside some walls, and design systems that can take a punch and keep operating safely. Detection, containment, and rapid recovery are the new holy trinity.

Thanks for tuning in, listeners, and don’t forget to subscribe for more deep dives with me, Ting. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Dragon's Code: America Under Cyber Siege podcast.

Hey listeners, I’m Ting, and tonight on Dragon’s Code: America Under Cyber Siege, we’re diving straight into how Chinese operators spent this past week poking at the digital backbone of the United States.

Picture this: in the early hours, a cluster of US power utilities on the East Coast notice weird traffic brushing up against their VPN gateways and industrial control interfaces. Not loud, ransomware-style chaos, but quiet credential stuffing and living-off-the-land recon, the style long associated with groups like Volt Typhoon and APT41. According to recent briefings from CISA and the Department of Energy, the attackers focused on remote access consoles for substation controllers and grid management dashboards, using stolen contractor credentials and carefully throttled brute-force attempts to stay under the radar.

At almost the same time, analysts at a major telecom on the West Coast see anomalous lateral movement through virtualized core network segments. Think DNS servers, authentication nodes, and routers that carry traffic for hospitals and 911 centers. A threat intel lead at Mandiant describes the tradecraft as “textbook PRC espionage” – custom webshells on edge devices, fast-flux command-and-control, and meticulous log tampering to erase pivot paths.

The FBI and CISA quietly push out an emergency advisory to critical infrastructure operators, warning that China-linked actors are not just mapping networks but testing failover and backup paths. One DHS official puts it bluntly in a closed-door briefing: “They’re rehearsing for disruption, not just data theft.” The advisory highlights signatures tied to exploitation of unpatched edge firewalls and older vulnerabilities in VPN appliances that many small municipal utilities still rely on.

Attribution hinges on more than IP addresses. Analysts at CrowdStrike and Recorded Future point to overlapping malware code families, reuse of distinctive encryption routines, and tasking patterns that mirror past campaigns attributed to China’s Ministry of State Security contractors, particularly units previously active against US pipeline operators and maritime logistics.

Defensively, the week turns into a scramble. Grid operators accelerate deployment of out-of-band monitoring for SCADA traffic, telecoms segment their management planes, and several states invoke newly rehearsed cyber incident playbooks with joint exercises between National Guard cyber units and private utilities. A senior CISA strategist emphasizes one lesson: “Assume edge devices are compromised and design like it.”

For listeners, the takeaways are clear: zero trust is not a buzzword, out-of-date VPNs are an engraved invitation, and the boundary between espionage and pre-positioning for sabotage is getting dangerously thin.

Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next breach breakdown. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Dragon's Code: America Under Cyber Siege podcast.

Name’s Ting, your friendly neighborhood China-and-cyber nerd, and this week’s episode of Dragon’s Code: America Under Cyber Siege is…busy.

Let’s jump straight to the hottest op: what analysts at Mandiant and CrowdStrike are calling a coordinated push by Chinese state-linked groups, including Volt Typhoon–style clusters, against US power and port infrastructure on both coasts. According to reports circulating among DHS and CISA briefings, the attackers focused on industrial control systems that manage power distribution, port cranes, and some regional water utilities, not to cause immediate blackout chaos, but to pre-position for future leverage.

Methodology first, because I know my listeners. The crews are going “living off the land” all the way: abusing built‑in Windows tools like PowerShell and WMI, sneaking in via compromised VPN credentials, and then blending into normal network traffic. Several security teams say the intrusions rode in on old but still unpatched Fortinet and Ivanti gateways, plus stolen credentials bought from initial access brokers on Russian-language forums. Once inside, they pivoted laterally, mapped OT networks, and quietly dropped custom backdoors that talk out over HTTPS to cloud providers to look like normal business traffic.

The affected systems? A West Coast power operator’s grid-monitoring network, at least two Gulf Coast ports’ logistics systems, and a Midwestern water utility’s remote pump controllers. None of these were allowed to flip physical switches, thanks to segmentation and some frantic cable‑pulling, but incident responders say the access was deep enough to be operationally serious.

On attribution, the usual “China strongly denies” statement hit X within hours, but NSA and US Cyber Command officials briefed reporters that the malware toolchains, command‑and‑control infrastructure, and working hours all lined up with established PRC-linked outfits long tracked under names like Volt Typhoon and APT41. Microsoft and Google Cloud threat intel teams independently reported overlaps in infrastructure with earlier campaigns targeting Guam telecom and defense contractors, which hardened the case.

Defensively, CISA pushed out emergency directives telling federal agencies and critical infrastructure operators to hunt for specific command patterns, disable outdated VPN appliances, and turn on strict multi-factor authentication everywhere. Several utilities spun up 24/7 threat-hunting cells, pulled their most sensitive OT networks fully offline from corporate IT, and deployed anomaly detection tuned to spot exactly this low‑and‑slow style of intrusion. The FBI’s Cyber Division also quietly knocked on doors of managed service providers that had been used as supply-chain stepping stones.

Lessons learned? First, that “peacetime” is a myth in cyberspace; this is long‑term battlespace prep. Second, that identity is the new perimeter: stolen credentials are now more dangerous than zero‑days. Third, segmentation and rehearsed incident response saved the day; people who practiced tabletop exercises with CISA moved faster and lost less sleep. Cyber experts like Dmitri Alperovitch and former CISA director Chris Krebs are already arguing that these Chinese operations prove critical infrastructure needs security standards closer to nuclear-plant rigor than to office Wi‑Fi.

I’m Ting, and if you’re still with me, you’re exactly the kind of listener I want in this cyber foxhole. Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next breach breakdown. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Dragon's Code: America Under Cyber Siege podcast.

Name’s Ting. Let’s jack straight into Dragon’s Code: America Under Cyber Siege.

Over the past few days, listeners, Chinese state-backed crews have been running some of the most sophisticated probing campaigns against US infrastructure we’ve seen this quarter. According to analysts at Mandiant and CrowdStrike, clusters linked to Volt Typhoon and APT41 have shifted from quiet reconnaissance to what one DHS official called “pre‑positioning for pressure,” especially against power grids and telecom backbones on the US East and Gulf Coasts.

Method-wise, this wasn’t smash-and-grab ransomware. This was living-off-the-land. Operators slipped in through exposed VPN appliances and edge devices from vendors like Fortinet and Ivanti, then used built‑in tools like PowerShell, WMI, and scheduled tasks so their activity looked like a sleepy system admin on a night shift. Microsoft’s threat intel team has been warning that these China-nexus actors increasingly hijack legitimate credentials from contractors instead of dropping noisy malware, and that pattern held all week.

What got touched? According to reports shared with CISA’s Joint Cyber Defense Collaborative, they hit operational technology at regional electric utilities, management interfaces for smart grid controllers, and network management systems in Tier‑1 ISPs. No lights-out moment, but in at least one unnamed utility in the Midwest, incident responders found test commands run against substation control systems—think rehearsal, not attack.

Attribution is always the spicy part. This round tied back to familiar infrastructure: command-and-control servers previously mapped to Chinese operators, overlapping malware loaders seen in earlier Volt Typhoon operations, and time-of-day patterns matching work hours in Guangdong and Hainan. NSA’s Rob Joyce-style analysts pointed to reuse of custom tunneling tools and a preference for web shells on outdated IIS servers, signatures long associated with PRC-linked espionage units.

Defensively, the US didn’t just watch. CISA pushed emergency directives for federal agencies to rotate credentials, segment OT from IT where it was still embarrassingly flat, and deploy enhanced logging to catch anomalous lateral movement. Several utilities invoked their playbooks under the NERC CIP standards, isolating affected substations and running manual override drills. Cloud providers like Amazon Web Services and Microsoft Azure quietly blocked suspect IP ranges and issued new detection rules to customers.

Cybersecurity experts from places like the Atlantic Council and Stanford’s Internet Observatory are calling this week a wake-up that “steady-state intrusion” is now normal, not exceptional. The big lesson: attackers are betting on weak identity management and ancient edge gear more than zero-days. Multi-factor authentication, hardware security keys for admins, and ruthless patching of internet-facing devices did the most damage to these campaigns.

And from government officials at the White House Office of the National Cyber Director, the message was blunt: treat Chinese cyber operations against infrastructure as strategic shaping, not random hacking. In other words, this is about leverage in a crisis.

I’m Ting, thanks for tuning in, listeners. Don’t forget to subscribe so you don’t miss the next dive into Dragon’s Code. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Dragon's Code: America Under Cyber Siege podcast.

Name’s Ting, and Dragon’s Code is running hot, so let’s jack straight into this week’s Chinese cyber ops against America’s backbone.

Over the past few days, US officials and private threat intel teams from places like Mandiant, CrowdStrike, and Recorded Future have been tracking coordinated intrusions into power grid control vendors, regional water utilities, and at least one West Coast port logistics operator. According to analysts at Mandiant, the tradecraft lines up with familiar Chinese state-linked groups like Volt Typhoon and APT41, who specialize in long‑term, low‑noise persistence inside critical infrastructure.

Here’s how they did it. First wave: classic but polished spear‑phishing, using lures spoofing Department of Energy RFP documents and Port of Los Angeles vendor contracts. The payloads dropped living‑off‑the‑land toolchains, abusing PowerShell, WMI, and signed administrative binaries, so almost no traditional malware signatures fired. Parallel to that, CrowdStrike reports a supply‑chain style compromise of a minor but widely used remote monitoring tool for industrial controllers, giving the attackers pivot points into SCADA and OT networks without touching the front door.

Once inside, they went quiet. Volt Typhoon‑style operators relied heavily on stolen credentials and VPN appliances, routing command‑and‑control traffic through compromised small business routers across the US and Europe. CISA officials say this made malicious traffic almost indistinguishable from normal admin activity. On the OT side, investigators found careful reconnaissance of IEC‑104 and Modbus devices, with read‑only access at first, suggesting pre‑positioning for future disruption rather than immediate sabotage.

Attribution hinges on a mix of infrastructure overlap, malware code reuse, and tasking patterns. According to Microsoft’s threat intel team, several command servers reused TLS certificates previously tied to Chinese state operators, and the same custom exfiltration format seen in earlier campaigns against Guam telecoms popped up again here. NSA cyber director Rob Joyce has publicly noted that the timing and target set align with Beijing’s long‑term interest in gaining leverage over US critical infrastructure during a crisis in the Pacific.

Defensively, it hasn’t been a quiet week. CISA, NSA, and FBI pushed out joint advisories, emergency directives to federal agencies to hunt for specific command‑line patterns, and new YARA rules for OT monitoring vendors. Utilities have been segmenting networks more aggressively, rolling out just‑in‑time admin credentials, and turning on deep packet inspection for those industrial protocols that used to be blindly trusted on internal links. Several ports temporarily shifted to manual fail‑safes while they validated their systems.

Lessons learned? First, in 2026 the real cyber battlefield is the boring stuff: routers in strip malls, forgotten vendor accounts, and unmanaged OT gateways. Second, attribution is getting faster, which shrinks the window for quiet persistence but escalates diplomatic tension. And third, as Jen Easterly at CISA keeps reminding everyone, defense is now a team sport: if a small water authority in Indiana doesn’t patch its remote access box, it becomes Beijing’s free pivot into the national grid.

I’m Ting, thanks for tuning in, and don’t forget to subscribe for more Dragon’s Code deep dives. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Dragon's Code: America Under Cyber Siege podcast.

I’m Ting, and this week’s cyber story has one very clear villain: Beijing’s machine-like pressure campaign against American networks. According to Cybersecurity News, the most sophisticated Chinese operations hitting U.S. infrastructure were **Volt Typhoon** and **Salt Typhoon**, and together they show a strategy built less on smash-and-grab disruption and more on quiet access, prepositioning, and intelligence collection.[2]

Volt Typhoon, as reported by Cybersecurity News, was inside U.S. critical infrastructure networks, moving in ways designed to avoid detection and preserve long-term access for possible future disruption during a geopolitical crisis.[2] That matters because the target set was not random internet-facing clutter; it was the nervous system of the country, the places where communications, energy, transportation, and emergency response all intersect. The methodology here was classic stealth tradecraft: living off the land, blending into normal administrative activity, and mapping systems without lighting up alarms like a bad holiday display.[2]

Salt Typhoon went after U.S. telecom providers including **AT&T** and **Verizon**, with Cybersecurity News saying the campaign stole metadata and compromised communications tied to political figures including **Donald Trump** and **JD Vance**.[2] That is a different kind of pain. Instead of knocking a system offline, it gives an adversary a window into who talks to whom, when, and from where. In cyber, metadata is the gossip that tells the whole story.

Attribution here is anchored by the nature of the campaigns themselves and by U.S. official concern reflected in the reporting. Cybersecurity News explicitly describes both operations as **Chinese state-sponsored** campaigns, and it frames them as part of a broader pattern of cyber-espionage used for geopolitical leverage.[2] The larger lesson from that reporting is that these are not lone-wolf intrusions but disciplined operations aligned with state objectives.[2]

Defensively, the U.S. response has increasingly emphasized hardening, segmentation, and realistic training. TechCrunch reported that the FBI built a **22,000-square-foot replica town** in Huntsville, Alabama called the **Kinetic Cyber Range**, with houses, a hotel, a gas station, a grocery mart, a courthouse, a hospital, and a power company so investigators can rehearse real-world cyberattack scenarios in a believable environment.[8] That is not theater; that is muscle memory for a cyber age. It reflects the lesson that defenders need to practice not just alerts and dashboards, but recovery, coordination, and incident response in environments that mirror actual communities.[8]

The big lesson this week is brutally simple: China’s top-end cyber play is about patience, access, and options. As Cybersecurity News describes it, these campaigns reveal both rising sophistication and deep vulnerabilities across sectors, while the FBI’s training push shows Washington knows the answer is not panic, but preparation.[2][8]

Thanks for tuning in, listeners, and please subscribe. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Dragon's Code: America Under Cyber Siege podcast.

I’m Ting, and this week’s cyber weather over the United States has been stormy, with China-linked operators making the headlines for one reason: access. U.S. officials and industry analysts say the most serious activity has centered on stealthy intrusion attempts against critical infrastructure, especially telecom, cloud, and industrial networks, using living-off-the-land tactics, compromised credentials, and disguised web infrastructure rather than flashy smash-and-grab attacks. [4][15]

According to Cybersecurity Dive, researchers saw more than 10,000 World Cup-themed malicious domains pop up since January, while the FBI warned in May about spoofing attacks against FIFA websites; those same phishing and impersonation playbooks are the kind of tradecraft that also shows up in broader state-linked campaigns because they are cheap, scalable, and annoyingly effective. [4][2] Arctic Wolf said attackers used fake career sites to steal Google Workspace accounts and even weaponized an “employee handbook” PDF to target staff at a host city, which is a reminder that one bad click can turn into a full-blown foothold. [4]

The more consequential China-linked set of activity this week is the kind Microsoft has tracked under names like **Storm-0940**, **Volt Typhoon**, and **Flax Typhoon**, where the goal is persistence, not publicity. These operations have relied on credential theft, proxy infrastructure, and exploitation of edge devices to blend into normal traffic and quietly stage access inside U.S. networks, including government, communications, and infrastructure targets. [15] Microsoft has repeatedly said these actors favor stealth over speed, because once they are inside, they can map systems, move laterally, and wait for a crisis moment. [15]

Attribution is built from a pile of clues, not a single smoking gun: shared infrastructure, reused tooling, victimology, malware patterns, and long-running intelligence assessments from Microsoft and U.S. agencies. [15] The U.S. government has also treated China as the most persistent strategic cyber threat to American critical infrastructure, which is why defenders are watching for pre-positioning, not just data theft. [15]

Defensively, the response has been very practical: hunt for unusual authentication patterns, lock down remote management interfaces, rotate credentials, patch internet-facing appliances fast, and segment industrial systems so a compromise in one zone does not become a tour of the whole plant. [15] Analysts at Arctic Wolf and Palo Alto Networks both stressed that phishing, QR-code fraud, fake portals, and ransomware against supporting services remain the most common entry points, even when the bigger strategic concern is state-backed disruption. [4]

The lesson learned is brutally simple, listeners: the best Chinese cyber operations against U.S. infrastructure usually look boring at first. That is the trick. They are patient, credential-driven, and built to survive the noise, which means defenders need to think like hunters, not janitors. Thanks for tuning in, subscribe for more, and this has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Dragon's Code: America Under Cyber Siege podcast.

I’m Ting, and this week’s cyber picture is a little too on-brand for “Dragon’s Code: America Under Cyber Siege.” The clearest China-linked pressure on U.S. infrastructure has centered on *operational technology* and the boring-but-critical systems that keep fuel moving, not flashy smash-and-grab hacks.

According to the American Hospital Association, federal agencies warned on June 9 that malicious cyber activity has targeted U.S.-based automatic tank gauge systems, the remote monitoring gear that tracks fuel and liquid levels, temperature, and leak detection at storage tanks. That matters because these systems sit in the plumbing of airports, gas stations, hospitals, and logistics hubs, where a compromise can create real-world disruption fast. The warning followed a June 2 fact sheet from CISA and other agencies, which points to a campaign aimed at exposed tank gauge systems rather than ordinary office networks. The method here is classic infrastructure tradecraft: find internet-facing devices, probe for weak remote access, and exploit the thin security perimeter around industrial monitoring equipment. The lesson is painfully simple: if a sensor can be reached from the open internet, it can be turned into a foothold. [5]

The attribution picture is less about a single smoking gun and more about the usual stack of evidence: targeting patterns, victimology, infrastructure focus, and the broader warning environment from U.S. officials. In recent public reporting, U.S. agencies have emphasized foreign cyber actors probing critical infrastructure, while private-sector trend data shows the threat environment staying hot. Check Point reported that government and telecommunications remained among the most attacked sectors in May 2026, with the United States accounting for 43% of all reported ransomware victims globally, which underscores why U.S. infrastructure keeps landing in the crosshairs. [2]

Cybersecurity experts keep hammering the same defensive playbook, and for once the advice is not glamorous but it works. Segmentation between IT and operational technology, strict remote-access controls, device inventory, patching of exposed management interfaces, and alerting on unusual login or configuration changes are the basics. For tank gauge systems specifically, the agencies’ warning implies defenders should assume internet exposure is a liability, not a feature, and lock these devices behind VPNs, allowlists, and continuous monitoring. [5]

The bigger lesson from this week is that sophisticated Chinese cyber operations do not always look like movie malware. Sometimes they look like patient reconnaissance against critical systems that most people never notice until they fail. That is the nasty brilliance of it, listeners: not breaking the flashy app, but bending the invisible infrastructure underneath it.

Thanks for tuning in, subscribe, and keep your sensors off the open internet. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Dragon's Code: America Under Cyber Siege podcast.

Listeners, I’m Ting, and Dragon’s Code is running hot this week, so let’s jack straight into it.

Over the past few days, US officials say Chinese state-linked crews have been poking and prodding at the soft underbelly of American infrastructure: power grids, port logistics, and telecom backbones. According to the Cybersecurity and Infrastructure Security Agency, the most active suspect is the group analysts call Volt Typhoon, a stealthy espionage outfit that lives off the land, meaning it abuses built‑in Windows tools like PowerShell, WMI, and stolen admin accounts instead of flashy malware. That makes their traffic look like normal system admin work, which is why defenders hate them.

Microsoft and several threat intel shops report that these operators have been tunneling through small routers and VPN appliances in places like California and Texas, turning vulnerable edge devices into a shadow proxy network. From there, they hop into utility control networks and port management systems, quietly mapping which systems control what: substations, cargo cranes, even rail signaling servers tied to major freight corridors.

In one of this week’s more sophisticated waves, incident responders at a large US West Coast power company say they found carefully timed credential‑stuffing attacks against their remote access portals, followed by lateral movement that targeted engineering workstations connected to SCADA test environments. No lights went out, but the goal looked obvious: learn the layouts now so they can cause chaos later.

Attribution is always messy, but FBI and National Security Agency analysts point to reused command‑and‑control infrastructure previously tied to Chinese strategic support forces, Mandarin-language comments in scripts, and tasking that lines up a little too neatly with People’s Liberation Army interest in “pre‑positioning” inside US critical infrastructure.

On the defense side, CISA pushed out emergency directives urging utilities and port operators to rip out or at least segment old internet‑facing gear, crank up multi‑factor authentication, and enable detailed logging on domain controllers and VPNs. Several regional grids have spun up 24/7 threat‑hunting teams, feeding telemetry into joint fusion cells with the Department of Energy and the Federal Energy Regulatory Commission.

Cybersecurity experts like Dmitri Alperovitch and Jen Easterly keep hammering the same lesson: this is not smash‑and‑grab ransomware, it is patient pre‑war reconnaissance. The playbook is persistence, not publicity. The big takeaway this week is brutal but clear: if an organization cannot see every admin login, every remote connection, it is already compromised and just hasn’t noticed yet.

The silver lining? Each discovered foothold forces these operators to burn infrastructure and tools, shrinking their room to maneuver. Every patched router and monitored VPN narrows the dragon’s tunnel.

Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next chapter of Dragon’s Code: America Under Cyber Siege. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta

This is your Dragon's Code: America Under Cyber Siege podcast.

Hey listeners, Ting here, and the dragon has been busy this week, so let’s jack straight into the wire.

Over the past few days, US networks have been chewing on a wave of Chinese-state–linked probes that look less like smash-and-grab and more like a slow, quiet redrawing of the map of American infrastructure. According to analysts quoted by BleepingComputer and The Hacker News, the most advanced activity chained together three playbooks: vulnerability exploits on edge appliances, living-off-the-land abuse of built‑in admin tools, and hands‑off automation with AI‑driven scripting to scale it all.

On the infrastructure side, the juiciest targets were power grid management portals, regional water utility SCADA gateways, and the file-transfer servers that quietly shuttle configs and logs between them. One campaign leaned on flaws in enterprise VPN and load balancer gear to get a beachhead, then pivoted into Windows domains using stolen credentials and remote management tools that every sysadmin already trusts. That’s classic Volt Typhoon–style tradecraft, the same pattern the FBI and CISA have been warning about for more than a year.

The Hacker News reported that CISA just rushed a SolarWinds Serv‑U vulnerability, CVE-2026-28318, into its Known Exploited Vulnerabilities catalog after seeing real‑world exploitation. CISA officials say they don’t yet have public proof that this specific flaw is tied to a named Chinese group, but the victim profile—managed service providers feeding critical infrastructure clients—lines up perfectly with past Chinese access operations. SolarWinds explained that a crafted POST request using “Content-Encoding: deflate” can knock the service over without even logging in, which makes it a handy DoS tool or a noisy diversion while stealthier actions run elsewhere.

Attribution-wise, government responders are looking at familiar fingerprints: Chinese-language tooling artifacts, command-and-control servers previously tied to clusters like APT41, and working hours that map neatly to Beijing time. NSA and private teams like Mandiant have noted repeated reuse of bespoke tunneling utilities and obfuscated PowerShell loaders that they’ve already pinned to Chinese operators in earlier campaigns, even after code tweaks.

Defensively, this week has been all about speed and segmentation. CISA ordered federal agencies to patch Serv‑U by a hard deadline, pushed fresh Snort and YARA signatures, and told network admins to block unnecessary content‑encoding on exposed file‑transfer services. Utilities have been tightening identity controls, rolling out phishing‑resistant multi‑factor authentication, and carving OT networks away from corporate IT so a compromised VPN account can’t just stroll into a substation.

Cybersecurity experts interviewed across outlets stress three lessons. First, assume persistent Chinese access attempts are a constant background signal, not a special event. Second, watch behaviors, not just malware hashes; these actors are living off your land, not parachuting in flashy new binaries. Third, treat every “boring” edge device—file server, VPN, gateway—as part of national critical infrastructure, because that’s exactly how Beijing’s operators are treating it.

I’m Ting, thanks for tuning in, and don’t forget to subscribe so you don’t miss the next move in Dragon’s Code: America Under Cyber Siege. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai

Get the best deals https://amzn.to/3ODvOta