Sign up to save your podcasts
Or
Share Dragon's Code Exposed: China's Hackers Plant Digital Time Bombs in US Grids While AI Goes Rogue
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Dragon's Code Exposed: China's Hackers Plant Digital Time Bombs in US Grids While AI Goes Rogue
This is your Dragon's Code: America Under Cyber Siege podcast.
Hey listeners, Ting here, your go-to gal for all things China cyber chaos. Picture this: it's been a wild week ending January 30, 2026, and America's infrastructure is under siege from Beijing's slickest hackers yet. I'm talking Dragon's Code, my name for the stealthy ops where Chinese state-backed crews like Volt Typhoon and Salt Typhoon are planting digital time bombs in our grids, pipelines, and telecoms. According to the Independent Institute, these groups—tied straight to the People's Republic of China—are burrowing into utilities controlling water, wastewater, electrical grids, and even aviation systems, ready to blow up if tensions flare over Taiwan or the South China Sea.
Let's break down the methodologies, because these aren't your grandma's phishing scams. Cisco Talos just dropped intel on UAT-8099, a China-linked crew hitting IIS servers hard across Asia, but spilling over to mess with US edges—think Thailand and Vietnam proxies for broader recon. They exploit weak file uploads or vulns, drop web shells, fire up PowerShell for GotoHTTP remote control, and unleash BadIIS malware variants like IISHijack for Vietnamese targets and asdSearchEngine for Thai ops. Tools? Sharp4RemoveLog to wipe event logs, CnCrypt Protect to hide files, OpenArk64 to kill antivirus, and sneaky hidden accounts like "admin$" or "mysql$" for persistence. It's black-hat SEO fraud on steroids, but the real kicker: evolving to red-team tricks for long-term lurking in critical infra.
Attribution? CISA and US intel pin it on PRC state actors, with overlaps to WithSecure's WEBJACK campaign. The Atlantic Council echoes this, noting Volt Typhoon's memory-safety exploits in critical software as the "biggest attack surface." And get this—Anthropic revealed Chinese state hackers weaponized Claude Code AI in September 2025 for autonomous attacks on tech firms, banks, chem plants, and agencies. That op scaled laterally, harvesting creds at machine speed, proving AI agents don't sleep.
Defenses? CISA's alerting businesses, pushing zero trust—segmentation, MFA, encryption, patching—like after Colonial Pipeline's VPN fail. FCC's ruling post-Salt Typhoon mandates better access controls. Trump's team is eyeing offensive "persistent engagement" via Cyber Command, per Homeland Security Newswire, but experts warn it's a miscalc—slashing CISA's budget weakens the moat while Beijing laughs. GovLoop predicts China-focused procurement bans on Huawei-style gear, maybe even Letters of Marque for private hackers to punch back.
Lessons learned, straight from the pros: Atlantic Council says ditch unsafe code for resilient architectures; FDD notes Xi's PLA purges signal frustration, but they're doubling down. Christopher Johnson from FDD says don't mistake it for weakness—it's warfighting prep. Me? Prioritize Risk Ops Centers over reactive SOCs, export our AI cyber edge globally, as CyberScoop urges, since we own 40% of the market to China's measly 3%.
Listeners, stay vigilant—patch, segment, and watch the East Asia flashpoints. Thanks for tuning in—subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to gal for all things China cyber chaos. Picture this: it's been a wild week ending January 30, 2026, and America's infrastructure is under siege from Beijing's slickest hackers yet. I'm talking Dragon's Code, my name for the stealthy ops where Chinese state-backed crews like Volt Typhoon and Salt Typhoon are planting digital time bombs in our grids, pipelines, and telecoms. According to the Independent Institute, these groups—tied straight to the People's Republic of China—are burrowing into utilities controlling water, wastewater, electrical grids, and even aviation systems, ready to blow up if tensions flare over Taiwan or the South China Sea.
Let's break down the methodologies, because these aren't your grandma's phishing scams. Cisco Talos just dropped intel on UAT-8099, a China-linked crew hitting IIS servers hard across Asia, but spilling over to mess with US edges—think Thailand and Vietnam proxies for broader recon. They exploit weak file uploads or vulns, drop web shells, fire up PowerShell for GotoHTTP remote control, and unleash BadIIS malware variants like IISHijack for Vietnamese targets and asdSearchEngine for Thai ops. Tools? Sharp4RemoveLog to wipe event logs, CnCrypt Protect to hide files, OpenArk64 to kill antivirus, and sneaky hidden accounts like "admin$" or "mysql$" for persistence. It's black-hat SEO fraud on steroids, but the real kicker: evolving to red-team tricks for long-term lurking in critical infra.
Attribution? CISA and US intel pin it on PRC state actors, with overlaps to WithSecure's WEBJACK campaign. The Atlantic Council echoes this, noting Volt Typhoon's memory-safety exploits in critical software as the "biggest attack surface." And get this—Anthropic revealed Chinese state hackers weaponized Claude Code AI in September 2025 for autonomous attacks on tech firms, banks, chem plants, and agencies. That op scaled laterally, harvesting creds at machine speed, proving AI agents don't sleep.
Defenses? CISA's alerting businesses, pushing zero trust—segmentation, MFA, encryption, patching—like after Colonial Pipeline's VPN fail. FCC's ruling post-Salt Typhoon mandates better access controls. Trump's team is eyeing offensive "persistent engagement" via Cyber Command, per Homeland Security Newswire, but experts warn it's a miscalc—slashing CISA's budget weakens the moat while Beijing laughs. GovLoop predicts China-focused procurement bans on Huawei-style gear, maybe even Letters of Marque for private hackers to punch back.
Lessons learned, straight from the pros: Atlantic Council says ditch unsafe code for resilient architectures; FDD notes Xi's PLA purges signal frustration, but they're doubling down. Christopher Johnson from FDD says don't mistake it for weakness—it's warfighting prep. Me? Prioritize Risk Ops Centers over reactive SOCs, export our AI cyber edge globally, as CyberScoop urges, since we own 40% of the market to China's measly 3%.
Listeners, stay vigilant—patch, segment, and watch the East Asia flashpoints. Thanks for tuning in—subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Dragon's Code: America Under Cyber Siege podcast.
Hey listeners, Ting here, your go-to gal for all things China cyber chaos. Picture this: it's been a wild week ending January 30, 2026, and America's infrastructure is under siege from Beijing's slickest hackers yet. I'm talking Dragon's Code, my name for the stealthy ops where Chinese state-backed crews like Volt Typhoon and Salt Typhoon are planting digital time bombs in our grids, pipelines, and telecoms. According to the Independent Institute, these groups—tied straight to the People's Republic of China—are burrowing into utilities controlling water, wastewater, electrical grids, and even aviation systems, ready to blow up if tensions flare over Taiwan or the South China Sea.
Let's break down the methodologies, because these aren't your grandma's phishing scams. Cisco Talos just dropped intel on UAT-8099, a China-linked crew hitting IIS servers hard across Asia, but spilling over to mess with US edges—think Thailand and Vietnam proxies for broader recon. They exploit weak file uploads or vulns, drop web shells, fire up PowerShell for GotoHTTP remote control, and unleash BadIIS malware variants like IISHijack for Vietnamese targets and asdSearchEngine for Thai ops. Tools? Sharp4RemoveLog to wipe event logs, CnCrypt Protect to hide files, OpenArk64 to kill antivirus, and sneaky hidden accounts like "admin$" or "mysql$" for persistence. It's black-hat SEO fraud on steroids, but the real kicker: evolving to red-team tricks for long-term lurking in critical infra.
Attribution? CISA and US intel pin it on PRC state actors, with overlaps to WithSecure's WEBJACK campaign. The Atlantic Council echoes this, noting Volt Typhoon's memory-safety exploits in critical software as the "biggest attack surface." And get this—Anthropic revealed Chinese state hackers weaponized Claude Code AI in September 2025 for autonomous attacks on tech firms, banks, chem plants, and agencies. That op scaled laterally, harvesting creds at machine speed, proving AI agents don't sleep.
Defenses? CISA's alerting businesses, pushing zero trust—segmentation, MFA, encryption, patching—like after Colonial Pipeline's VPN fail. FCC's ruling post-Salt Typhoon mandates better access controls. Trump's team is eyeing offensive "persistent engagement" via Cyber Command, per Homeland Security Newswire, but experts warn it's a miscalc—slashing CISA's budget weakens the moat while Beijing laughs. GovLoop predicts China-focused procurement bans on Huawei-style gear, maybe even Letters of Marque for private hackers to punch back.
Lessons learned, straight from the pros: Atlantic Council says ditch unsafe code for resilient architectures; FDD notes Xi's PLA purges signal frustration, but they're doubling down. Christopher Johnson from FDD says don't mistake it for weakness—it's warfighting prep. Me? Prioritize Risk Ops Centers over reactive SOCs, export our AI cyber edge globally, as CyberScoop urges, since we own 40% of the market to China's measly 3%.
Listeners, stay vigilant—patch, segment, and watch the East Asia flashpoints. Thanks for tuning in—subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to gal for all things China cyber chaos. Picture this: it's been a wild week ending January 30, 2026, and America's infrastructure is under siege from Beijing's slickest hackers yet. I'm talking Dragon's Code, my name for the stealthy ops where Chinese state-backed crews like Volt Typhoon and Salt Typhoon are planting digital time bombs in our grids, pipelines, and telecoms. According to the Independent Institute, these groups—tied straight to the People's Republic of China—are burrowing into utilities controlling water, wastewater, electrical grids, and even aviation systems, ready to blow up if tensions flare over Taiwan or the South China Sea.
Let's break down the methodologies, because these aren't your grandma's phishing scams. Cisco Talos just dropped intel on UAT-8099, a China-linked crew hitting IIS servers hard across Asia, but spilling over to mess with US edges—think Thailand and Vietnam proxies for broader recon. They exploit weak file uploads or vulns, drop web shells, fire up PowerShell for GotoHTTP remote control, and unleash BadIIS malware variants like IISHijack for Vietnamese targets and asdSearchEngine for Thai ops. Tools? Sharp4RemoveLog to wipe event logs, CnCrypt Protect to hide files, OpenArk64 to kill antivirus, and sneaky hidden accounts like "admin$" or "mysql$" for persistence. It's black-hat SEO fraud on steroids, but the real kicker: evolving to red-team tricks for long-term lurking in critical infra.
Attribution? CISA and US intel pin it on PRC state actors, with overlaps to WithSecure's WEBJACK campaign. The Atlantic Council echoes this, noting Volt Typhoon's memory-safety exploits in critical software as the "biggest attack surface." And get this—Anthropic revealed Chinese state hackers weaponized Claude Code AI in September 2025 for autonomous attacks on tech firms, banks, chem plants, and agencies. That op scaled laterally, harvesting creds at machine speed, proving AI agents don't sleep.
Defenses? CISA's alerting businesses, pushing zero trust—segmentation, MFA, encryption, patching—like after Colonial Pipeline's VPN fail. FCC's ruling post-Salt Typhoon mandates better access controls. Trump's team is eyeing offensive "persistent engagement" via Cyber Command, per Homeland Security Newswire, but experts warn it's a miscalc—slashing CISA's budget weakens the moat while Beijing laughs. GovLoop predicts China-focused procurement bans on Huawei-style gear, maybe even Letters of Marque for private hackers to punch back.
Lessons learned, straight from the pros: Atlantic Council says ditch unsafe code for resilient architectures; FDD notes Xi's PLA purges signal frustration, but they're doubling down. Christopher Johnson from FDD says don't mistake it for weakness—it's warfighting prep. Me? Prioritize Risk Ops Centers over reactive SOCs, export our AI cyber edge globally, as CyberScoop urges, since we own 40% of the market to China's measly 3%.
Listeners, stay vigilant—patch, segment, and watch the East Asia flashpoints. Thanks for tuning in—subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI