Sign up to save your podcasts
Or
Share Hacking Gone Wild: China's Cyber Spies Exploit US Shutdowns and Legacy Flaws
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Hacking Gone Wild: China's Cyber Spies Exploit US Shutdowns and Legacy Flaws
This is your US-China CyberPulse: Defense Updates podcast.
Hey listeners, it’s Ting with your US-China CyberPulse update, where the only thing sharper than a Chinese APT’s spear-phishing email is my commentary. And wow, have the past few days been a masterclass in digital cat-and-mouse. Let’s jump in before your firewall times out.
The biggest blip on the radar has to be the breach of the Congressional Budget Office. That’s right, the CBO – not exactly Fort Knox, but they do handle some seriously sensitive legislative projections. According to CNN’s sources this week, Chinese state-backed hackers are the main suspects. The attack couldn’t have come at a worse time: a crippling 37-day government shutdown had already stretched CISA’s resources thin. With two-thirds of their workforce planning for furlough, gaps in cyber defenses were wide open, making federal systems as inviting as a low-hanging phishing kit on GitHub.
But it’s not just the government feeling the pressure. Symantec and Carbon Black discovered that in April, China-linked hackers—think APT41, Kelp, and Space Pirates—were using old vulnerabilities like Log4j and Atlassian’s OGNL exploits to go after a US nonprofit with policy influence. Their tactic? Get in, lay low, and linger long enough to scoop up policy-related intel. These groups are pros at persistence. They set up scheduled tasks with legitimate tools like msbuild.exe to fly under the radar, running payloads as SYSTEM every sixty minutes. Operational cooperation and tool-sharing across these hacking factions is so well-oiled, you’d think they had their own Hacker Olympics.
Congress isn’t just wringing its hands, though. This week saw the introduction of the DISRUPT Act, pressed ahead by Representatives Raja Krishnamoorthi and James Moylan. The bill demands a coordinated playbook: task forces spanning State, Defense, Commerce, Treasury, DNI, and CIA, all laser-focused on countering the expanded axis of China, Russia, Iran, and North Korea. If you love acronyms and multi-agency reports, you’re in for a treat. The DISRUPT Act would force real strategy updates, especially on tech transfer risks and adversary-alignment in AI, cyber, and military domains.
Over in the private sector, while federal agencies were firefighting compromises, US companies have doubled down on AI-driven defense platforms—think predictive analytics for abnormal traffic, zero trust frameworks, better endpoint isolation. No more just hoping your legacy antivirus understands Mandarin C2 commands. There’s also growing international sharing, where the US is working with allies to identify Chinese tradecraft, from update hijacking (that’s you, PlushDaemon) to DNS rerouting for software supply chain compromise. The US and its partners are signing more pacts for AI safety and cyber threat intelligence exchange, and after the CISA emergency order in September, patching known-vulnerable systems has finally started to look less like a New Year’s resolution and more like an actual routine.
Meanwhile, don’t underestimate the tech race. At the World Internet Conference in China today, DAS-Security just bagged a “Distinguished Contribution Award”—and they love to tout their new AI security intelligent agents and Hengnao security model upgrades. The arms race in security AI is fierce, and the innovation is a two-way street. Real-time threat hunting clusters echo defense advances, but also make you ponder: is this helping global security or just turbocharging cyberspace brinkmanship?
If you take one thing from this week, listeners, it’s that both the attack surface and the command structures defending it are getting more complex. Legacy bugs are still the Achilles’ heel, and as long as international policy is in play, China’s state-linked hackers will keep dialing up the sophistication—while Washington scrambles to keep pace, shutdowns or not.
Thanks for tuning in to your CyberPulse update. Subscribe for more unfiltered takes and deep dives. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, it’s Ting with your US-China CyberPulse update, where the only thing sharper than a Chinese APT’s spear-phishing email is my commentary. And wow, have the past few days been a masterclass in digital cat-and-mouse. Let’s jump in before your firewall times out.
The biggest blip on the radar has to be the breach of the Congressional Budget Office. That’s right, the CBO – not exactly Fort Knox, but they do handle some seriously sensitive legislative projections. According to CNN’s sources this week, Chinese state-backed hackers are the main suspects. The attack couldn’t have come at a worse time: a crippling 37-day government shutdown had already stretched CISA’s resources thin. With two-thirds of their workforce planning for furlough, gaps in cyber defenses were wide open, making federal systems as inviting as a low-hanging phishing kit on GitHub.
But it’s not just the government feeling the pressure. Symantec and Carbon Black discovered that in April, China-linked hackers—think APT41, Kelp, and Space Pirates—were using old vulnerabilities like Log4j and Atlassian’s OGNL exploits to go after a US nonprofit with policy influence. Their tactic? Get in, lay low, and linger long enough to scoop up policy-related intel. These groups are pros at persistence. They set up scheduled tasks with legitimate tools like msbuild.exe to fly under the radar, running payloads as SYSTEM every sixty minutes. Operational cooperation and tool-sharing across these hacking factions is so well-oiled, you’d think they had their own Hacker Olympics.
Congress isn’t just wringing its hands, though. This week saw the introduction of the DISRUPT Act, pressed ahead by Representatives Raja Krishnamoorthi and James Moylan. The bill demands a coordinated playbook: task forces spanning State, Defense, Commerce, Treasury, DNI, and CIA, all laser-focused on countering the expanded axis of China, Russia, Iran, and North Korea. If you love acronyms and multi-agency reports, you’re in for a treat. The DISRUPT Act would force real strategy updates, especially on tech transfer risks and adversary-alignment in AI, cyber, and military domains.
Over in the private sector, while federal agencies were firefighting compromises, US companies have doubled down on AI-driven defense platforms—think predictive analytics for abnormal traffic, zero trust frameworks, better endpoint isolation. No more just hoping your legacy antivirus understands Mandarin C2 commands. There’s also growing international sharing, where the US is working with allies to identify Chinese tradecraft, from update hijacking (that’s you, PlushDaemon) to DNS rerouting for software supply chain compromise. The US and its partners are signing more pacts for AI safety and cyber threat intelligence exchange, and after the CISA emergency order in September, patching known-vulnerable systems has finally started to look less like a New Year’s resolution and more like an actual routine.
Meanwhile, don’t underestimate the tech race. At the World Internet Conference in China today, DAS-Security just bagged a “Distinguished Contribution Award”—and they love to tout their new AI security intelligent agents and Hengnao security model upgrades. The arms race in security AI is fierce, and the innovation is a two-way street. Real-time threat hunting clusters echo defense advances, but also make you ponder: is this helping global security or just turbocharging cyberspace brinkmanship?
If you take one thing from this week, listeners, it’s that both the attack surface and the command structures defending it are getting more complex. Legacy bugs are still the Achilles’ heel, and as long as international policy is in play, China’s state-linked hackers will keep dialing up the sophistication—while Washington scrambles to keep pace, shutdowns or not.
Thanks for tuning in to your CyberPulse update. Subscribe for more unfiltered takes and deep dives. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your US-China CyberPulse: Defense Updates podcast.
Hey listeners, it’s Ting with your US-China CyberPulse update, where the only thing sharper than a Chinese APT’s spear-phishing email is my commentary. And wow, have the past few days been a masterclass in digital cat-and-mouse. Let’s jump in before your firewall times out.
The biggest blip on the radar has to be the breach of the Congressional Budget Office. That’s right, the CBO – not exactly Fort Knox, but they do handle some seriously sensitive legislative projections. According to CNN’s sources this week, Chinese state-backed hackers are the main suspects. The attack couldn’t have come at a worse time: a crippling 37-day government shutdown had already stretched CISA’s resources thin. With two-thirds of their workforce planning for furlough, gaps in cyber defenses were wide open, making federal systems as inviting as a low-hanging phishing kit on GitHub.
But it’s not just the government feeling the pressure. Symantec and Carbon Black discovered that in April, China-linked hackers—think APT41, Kelp, and Space Pirates—were using old vulnerabilities like Log4j and Atlassian’s OGNL exploits to go after a US nonprofit with policy influence. Their tactic? Get in, lay low, and linger long enough to scoop up policy-related intel. These groups are pros at persistence. They set up scheduled tasks with legitimate tools like msbuild.exe to fly under the radar, running payloads as SYSTEM every sixty minutes. Operational cooperation and tool-sharing across these hacking factions is so well-oiled, you’d think they had their own Hacker Olympics.
Congress isn’t just wringing its hands, though. This week saw the introduction of the DISRUPT Act, pressed ahead by Representatives Raja Krishnamoorthi and James Moylan. The bill demands a coordinated playbook: task forces spanning State, Defense, Commerce, Treasury, DNI, and CIA, all laser-focused on countering the expanded axis of China, Russia, Iran, and North Korea. If you love acronyms and multi-agency reports, you’re in for a treat. The DISRUPT Act would force real strategy updates, especially on tech transfer risks and adversary-alignment in AI, cyber, and military domains.
Over in the private sector, while federal agencies were firefighting compromises, US companies have doubled down on AI-driven defense platforms—think predictive analytics for abnormal traffic, zero trust frameworks, better endpoint isolation. No more just hoping your legacy antivirus understands Mandarin C2 commands. There’s also growing international sharing, where the US is working with allies to identify Chinese tradecraft, from update hijacking (that’s you, PlushDaemon) to DNS rerouting for software supply chain compromise. The US and its partners are signing more pacts for AI safety and cyber threat intelligence exchange, and after the CISA emergency order in September, patching known-vulnerable systems has finally started to look less like a New Year’s resolution and more like an actual routine.
Meanwhile, don’t underestimate the tech race. At the World Internet Conference in China today, DAS-Security just bagged a “Distinguished Contribution Award”—and they love to tout their new AI security intelligent agents and Hengnao security model upgrades. The arms race in security AI is fierce, and the innovation is a two-way street. Real-time threat hunting clusters echo defense advances, but also make you ponder: is this helping global security or just turbocharging cyberspace brinkmanship?
If you take one thing from this week, listeners, it’s that both the attack surface and the command structures defending it are getting more complex. Legacy bugs are still the Achilles’ heel, and as long as international policy is in play, China’s state-linked hackers will keep dialing up the sophistication—while Washington scrambles to keep pace, shutdowns or not.
Thanks for tuning in to your CyberPulse update. Subscribe for more unfiltered takes and deep dives. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, it’s Ting with your US-China CyberPulse update, where the only thing sharper than a Chinese APT’s spear-phishing email is my commentary. And wow, have the past few days been a masterclass in digital cat-and-mouse. Let’s jump in before your firewall times out.
The biggest blip on the radar has to be the breach of the Congressional Budget Office. That’s right, the CBO – not exactly Fort Knox, but they do handle some seriously sensitive legislative projections. According to CNN’s sources this week, Chinese state-backed hackers are the main suspects. The attack couldn’t have come at a worse time: a crippling 37-day government shutdown had already stretched CISA’s resources thin. With two-thirds of their workforce planning for furlough, gaps in cyber defenses were wide open, making federal systems as inviting as a low-hanging phishing kit on GitHub.
But it’s not just the government feeling the pressure. Symantec and Carbon Black discovered that in April, China-linked hackers—think APT41, Kelp, and Space Pirates—were using old vulnerabilities like Log4j and Atlassian’s OGNL exploits to go after a US nonprofit with policy influence. Their tactic? Get in, lay low, and linger long enough to scoop up policy-related intel. These groups are pros at persistence. They set up scheduled tasks with legitimate tools like msbuild.exe to fly under the radar, running payloads as SYSTEM every sixty minutes. Operational cooperation and tool-sharing across these hacking factions is so well-oiled, you’d think they had their own Hacker Olympics.
Congress isn’t just wringing its hands, though. This week saw the introduction of the DISRUPT Act, pressed ahead by Representatives Raja Krishnamoorthi and James Moylan. The bill demands a coordinated playbook: task forces spanning State, Defense, Commerce, Treasury, DNI, and CIA, all laser-focused on countering the expanded axis of China, Russia, Iran, and North Korea. If you love acronyms and multi-agency reports, you’re in for a treat. The DISRUPT Act would force real strategy updates, especially on tech transfer risks and adversary-alignment in AI, cyber, and military domains.
Over in the private sector, while federal agencies were firefighting compromises, US companies have doubled down on AI-driven defense platforms—think predictive analytics for abnormal traffic, zero trust frameworks, better endpoint isolation. No more just hoping your legacy antivirus understands Mandarin C2 commands. There’s also growing international sharing, where the US is working with allies to identify Chinese tradecraft, from update hijacking (that’s you, PlushDaemon) to DNS rerouting for software supply chain compromise. The US and its partners are signing more pacts for AI safety and cyber threat intelligence exchange, and after the CISA emergency order in September, patching known-vulnerable systems has finally started to look less like a New Year’s resolution and more like an actual routine.
Meanwhile, don’t underestimate the tech race. At the World Internet Conference in China today, DAS-Security just bagged a “Distinguished Contribution Award”—and they love to tout their new AI security intelligent agents and Hengnao security model upgrades. The arms race in security AI is fierce, and the innovation is a two-way street. Real-time threat hunting clusters echo defense advances, but also make you ponder: is this helping global security or just turbocharging cyberspace brinkmanship?
If you take one thing from this week, listeners, it’s that both the attack surface and the command structures defending it are getting more complex. Legacy bugs are still the Achilles’ heel, and as long as international policy is in play, China’s state-linked hackers will keep dialing up the sophistication—while Washington scrambles to keep pace, shutdowns or not.
Thanks for tuning in to your CyberPulse update. Subscribe for more unfiltered takes and deep dives. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI