Sign up to save your podcasts
Or
Share Dragons Dont Breathe Fire They Code It: Chinas Sneaky Notepad Hack and Telecom Ransomware Rampage
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Dragons Dont Breathe Fire They Code It: Chinas Sneaky Notepad Hack and Telecom Ransomware Rampage
This is your Dragon's Code: America Under Cyber Siege podcast.
Hey listeners, I'm Ting, your go-to gal for all things China cyber chaos and hacker hijinks. Buckle up, because this past week wrapping on February 2nd, 2026, America's been under a sneaky digital dragon siege—Dragon's Code style, with Chinese ops hitting US infrastructure like a precision-guided phishing spear.
Picture this: back in June 2025, but the fallout exploded this week with fresh Rapid7 Labs reports on the Notepad++ supply chain nightmare. Chinese state-sponsored hackers, tracked as Lotus Blossom by Rapid7, wormed into the shared hosting provider for notepad-plus-plus.org. They didn't touch the code—no sloppy zero-days there. Instead, these pros compromised the infrastructure itself, snagging internal credentials to selectively hijack update traffic. From certain IP ranges—think targeted US devs—they redirected folks to malicious servers pumping out malware manifests. This ran till December 2nd, 2025, when the provider finally yanked everything to new servers, patched vulns, rotated creds, and scrubbed logs confirming no lingering access. Security experts like Donnan Mallon from Talion called it a "concerning infrastructure-level compromise," super selective, screaming nation-state. Attribution? Multiple researchers, including those at Security Affairs, peg it to China based on tactics mirroring Salt Typhoon telecom breaches.
Speaking of telecoms, the FCC dropped a bombshell alert on January 29th, warning small and medium US providers about surging ransomware tying back to Chinese ops. Echoes of Salt Typhoon, where hackers breached patchwork networks for years, slurping call data. Sen. Ron Wyden's raging, blocking CISA noms till they spill on 2022 telecom vulns, demanding Justice probe failures under CALEA. FCC's playbook: patch religiously, MFA everywhere, segment networks, monitor supply chains—'cause third-party slip-ups like SonicWall cloud backups at Marquis Health just got ransomware'd this January.
Then there's UAT-7290, that China-linked crew breaching US telcos via edge device exploits and weak controls, per cybersecurity reports. They're planting persistent malware footholds, prepping for bigger plays. Anthropic even flagged Chinese hackers automating attacks with agentic AI—self-running cyber bots reshaping 2026 statecraft. Attack methods? Credential theft, vuln chains like CVE-2025-12825 in Fortinet FortiGates still haunting firewalls, and BGP leaks like Cloudflare's January flub exposing routes.
Defenses kicked in: hosting providers isolated, creds nuked; FCC pushing backups, training, least-privilege access via their CSRIC council. Lessons? As Jason Tower from Global Initiative testified to Congress, China's got a hand in scam ops too, but experts like Mark Bo warn don't overfixate—hit enablers like crypto exchanges. US needs multilateral export controls tightened, per Homeland Security Today, and CHIPS Act acceleration to starve their tech.
Witty wrap: Dragons don't breathe fire anymore; they code it. Stay vigilant, patch up, or get served malware with your updates.
Thanks for tuning in, listeners—subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, I'm Ting, your go-to gal for all things China cyber chaos and hacker hijinks. Buckle up, because this past week wrapping on February 2nd, 2026, America's been under a sneaky digital dragon siege—Dragon's Code style, with Chinese ops hitting US infrastructure like a precision-guided phishing spear.
Picture this: back in June 2025, but the fallout exploded this week with fresh Rapid7 Labs reports on the Notepad++ supply chain nightmare. Chinese state-sponsored hackers, tracked as Lotus Blossom by Rapid7, wormed into the shared hosting provider for notepad-plus-plus.org. They didn't touch the code—no sloppy zero-days there. Instead, these pros compromised the infrastructure itself, snagging internal credentials to selectively hijack update traffic. From certain IP ranges—think targeted US devs—they redirected folks to malicious servers pumping out malware manifests. This ran till December 2nd, 2025, when the provider finally yanked everything to new servers, patched vulns, rotated creds, and scrubbed logs confirming no lingering access. Security experts like Donnan Mallon from Talion called it a "concerning infrastructure-level compromise," super selective, screaming nation-state. Attribution? Multiple researchers, including those at Security Affairs, peg it to China based on tactics mirroring Salt Typhoon telecom breaches.
Speaking of telecoms, the FCC dropped a bombshell alert on January 29th, warning small and medium US providers about surging ransomware tying back to Chinese ops. Echoes of Salt Typhoon, where hackers breached patchwork networks for years, slurping call data. Sen. Ron Wyden's raging, blocking CISA noms till they spill on 2022 telecom vulns, demanding Justice probe failures under CALEA. FCC's playbook: patch religiously, MFA everywhere, segment networks, monitor supply chains—'cause third-party slip-ups like SonicWall cloud backups at Marquis Health just got ransomware'd this January.
Then there's UAT-7290, that China-linked crew breaching US telcos via edge device exploits and weak controls, per cybersecurity reports. They're planting persistent malware footholds, prepping for bigger plays. Anthropic even flagged Chinese hackers automating attacks with agentic AI—self-running cyber bots reshaping 2026 statecraft. Attack methods? Credential theft, vuln chains like CVE-2025-12825 in Fortinet FortiGates still haunting firewalls, and BGP leaks like Cloudflare's January flub exposing routes.
Defenses kicked in: hosting providers isolated, creds nuked; FCC pushing backups, training, least-privilege access via their CSRIC council. Lessons? As Jason Tower from Global Initiative testified to Congress, China's got a hand in scam ops too, but experts like Mark Bo warn don't overfixate—hit enablers like crypto exchanges. US needs multilateral export controls tightened, per Homeland Security Today, and CHIPS Act acceleration to starve their tech.
Witty wrap: Dragons don't breathe fire anymore; they code it. Stay vigilant, patch up, or get served malware with your updates.
Thanks for tuning in, listeners—subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Dragon's Code: America Under Cyber Siege podcast.
Hey listeners, I'm Ting, your go-to gal for all things China cyber chaos and hacker hijinks. Buckle up, because this past week wrapping on February 2nd, 2026, America's been under a sneaky digital dragon siege—Dragon's Code style, with Chinese ops hitting US infrastructure like a precision-guided phishing spear.
Picture this: back in June 2025, but the fallout exploded this week with fresh Rapid7 Labs reports on the Notepad++ supply chain nightmare. Chinese state-sponsored hackers, tracked as Lotus Blossom by Rapid7, wormed into the shared hosting provider for notepad-plus-plus.org. They didn't touch the code—no sloppy zero-days there. Instead, these pros compromised the infrastructure itself, snagging internal credentials to selectively hijack update traffic. From certain IP ranges—think targeted US devs—they redirected folks to malicious servers pumping out malware manifests. This ran till December 2nd, 2025, when the provider finally yanked everything to new servers, patched vulns, rotated creds, and scrubbed logs confirming no lingering access. Security experts like Donnan Mallon from Talion called it a "concerning infrastructure-level compromise," super selective, screaming nation-state. Attribution? Multiple researchers, including those at Security Affairs, peg it to China based on tactics mirroring Salt Typhoon telecom breaches.
Speaking of telecoms, the FCC dropped a bombshell alert on January 29th, warning small and medium US providers about surging ransomware tying back to Chinese ops. Echoes of Salt Typhoon, where hackers breached patchwork networks for years, slurping call data. Sen. Ron Wyden's raging, blocking CISA noms till they spill on 2022 telecom vulns, demanding Justice probe failures under CALEA. FCC's playbook: patch religiously, MFA everywhere, segment networks, monitor supply chains—'cause third-party slip-ups like SonicWall cloud backups at Marquis Health just got ransomware'd this January.
Then there's UAT-7290, that China-linked crew breaching US telcos via edge device exploits and weak controls, per cybersecurity reports. They're planting persistent malware footholds, prepping for bigger plays. Anthropic even flagged Chinese hackers automating attacks with agentic AI—self-running cyber bots reshaping 2026 statecraft. Attack methods? Credential theft, vuln chains like CVE-2025-12825 in Fortinet FortiGates still haunting firewalls, and BGP leaks like Cloudflare's January flub exposing routes.
Defenses kicked in: hosting providers isolated, creds nuked; FCC pushing backups, training, least-privilege access via their CSRIC council. Lessons? As Jason Tower from Global Initiative testified to Congress, China's got a hand in scam ops too, but experts like Mark Bo warn don't overfixate—hit enablers like crypto exchanges. US needs multilateral export controls tightened, per Homeland Security Today, and CHIPS Act acceleration to starve their tech.
Witty wrap: Dragons don't breathe fire anymore; they code it. Stay vigilant, patch up, or get served malware with your updates.
Thanks for tuning in, listeners—subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, I'm Ting, your go-to gal for all things China cyber chaos and hacker hijinks. Buckle up, because this past week wrapping on February 2nd, 2026, America's been under a sneaky digital dragon siege—Dragon's Code style, with Chinese ops hitting US infrastructure like a precision-guided phishing spear.
Picture this: back in June 2025, but the fallout exploded this week with fresh Rapid7 Labs reports on the Notepad++ supply chain nightmare. Chinese state-sponsored hackers, tracked as Lotus Blossom by Rapid7, wormed into the shared hosting provider for notepad-plus-plus.org. They didn't touch the code—no sloppy zero-days there. Instead, these pros compromised the infrastructure itself, snagging internal credentials to selectively hijack update traffic. From certain IP ranges—think targeted US devs—they redirected folks to malicious servers pumping out malware manifests. This ran till December 2nd, 2025, when the provider finally yanked everything to new servers, patched vulns, rotated creds, and scrubbed logs confirming no lingering access. Security experts like Donnan Mallon from Talion called it a "concerning infrastructure-level compromise," super selective, screaming nation-state. Attribution? Multiple researchers, including those at Security Affairs, peg it to China based on tactics mirroring Salt Typhoon telecom breaches.
Speaking of telecoms, the FCC dropped a bombshell alert on January 29th, warning small and medium US providers about surging ransomware tying back to Chinese ops. Echoes of Salt Typhoon, where hackers breached patchwork networks for years, slurping call data. Sen. Ron Wyden's raging, blocking CISA noms till they spill on 2022 telecom vulns, demanding Justice probe failures under CALEA. FCC's playbook: patch religiously, MFA everywhere, segment networks, monitor supply chains—'cause third-party slip-ups like SonicWall cloud backups at Marquis Health just got ransomware'd this January.
Then there's UAT-7290, that China-linked crew breaching US telcos via edge device exploits and weak controls, per cybersecurity reports. They're planting persistent malware footholds, prepping for bigger plays. Anthropic even flagged Chinese hackers automating attacks with agentic AI—self-running cyber bots reshaping 2026 statecraft. Attack methods? Credential theft, vuln chains like CVE-2025-12825 in Fortinet FortiGates still haunting firewalls, and BGP leaks like Cloudflare's January flub exposing routes.
Defenses kicked in: hosting providers isolated, creds nuked; FCC pushing backups, training, least-privilege access via their CSRIC council. Lessons? As Jason Tower from Global Initiative testified to Congress, China's got a hand in scam ops too, but experts like Mark Bo warn don't overfixate—hit enablers like crypto exchanges. US needs multilateral export controls tightened, per Homeland Security Today, and CHIPS Act acceleration to starve their tech.
Witty wrap: Dragons don't breathe fire anymore; they code it. Stay vigilant, patch up, or get served malware with your updates.
Thanks for tuning in, listeners—subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI