Sign up to save your podcasts
Or
Share Silicon Siege: China Hacks US Tech in Epic Cyber Espionage Spree
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Silicon Siege: China Hacks US Tech in Epic Cyber Espionage Spree
This is your Silicon Siege: China's Tech Offensive podcast.
I’m Ting, and you’ve just walked into Silicon Siege in progress.
Over the past two weeks, China-nexus crews have treated US tech like an open-world hacking game. Amazon’s CISO C.J. Moses writes that within hours of the React2Shell bug going public on December 3, at least two Chinese state-linked teams, Earth Lamia and Jackpot Panda, were slamming it at scale, with AWS MadPot honeypots lighting up like a Christmas tree. AWS, Infosecurity Magazine, and TechRadar all confirm they’re targeting finance, logistics, retail, cloud providers, universities, and government networks to gain persistence and quietly siphon data rather than smash-and-grab ransomware.
React2Shell is the perfect espionage weapon: a CVSS 10 remote code execution flaw in React Server Components and Next.js that sits right in the modern web stack. Amazon threat intel says these groups are chaining it with other “N‑day” bugs like the NUUO camera vulnerability CVE-2025-1338, sweeping the internet for unpatched systems and using automated scanners with randomized user agents to dodge detection. That’s not kids in hoodies; that’s Ministry of State Security-grade tradecraft aimed straight at US software supply chains and cloud platforms.
In parallel, CrowdStrike and US government advisories describe another China-aligned outfit, Warp Panda, burrowing into VMware vCenter environments across North American tech, legal, and manufacturing firms, using a backdoor called BrickStorm. Researchers say Warp Panda isn’t just on endpoints; it’s living in the control plane—vCenter, ESXi, even spinning up rogue virtual machines, then deleting them to erase footprints. NSA guidance flagged that in at least one case, they sat inside a victim network from April 2024 into this fall, grabbing Active Directory Federation Services keys and effectively owning identity for the entire enterprise.
Industrial espionage and intellectual property theft are the throughline. Commentary from former US officials in outlets like Fox News and analysis echoed by the National Security Commission on Artificial Intelligence frame this as long-running economic warfare: Chinese services using cyber to hoover up AI, quantum, aerospace, and biotech IP so domestic firms can leapfrog R&D and US defense loses its edge. Salt Typhoon’s earlier hacks on US telcos to spy on senior officials, reported by the Financial Times and summarized by Risky Business, show how these operations blend strategic intelligence with technical access to core communications infrastructure.
Strategically, this two-week sprint tells us three things. First, China’s operators now routinely weaponize fresh vulnerabilities in hours, not weeks. Second, the focus on cloud, identity, and virtualization means the real targets are platforms that underpin entire supply chains, not just a single company. Third, as experts like Gabrielle Hempel at Exabeam warn, once an actor controls your control plane, they can exfiltrate IP today and hold the option to disrupt operations tomorrow.
Looking ahead, listeners should expect faster exploit cycles, more focus on software frameworks and managed service providers, and a tighter fusion of economic and military objectives in Chinese cyber operations. The US response—new defense funding, tighter cloud rules, and supply chain scrutiny—is playing catch-up with an adversary that treats every unpatched system as a strategic opportunity.
Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next breach breakdown. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
I’m Ting, and you’ve just walked into Silicon Siege in progress.
Over the past two weeks, China-nexus crews have treated US tech like an open-world hacking game. Amazon’s CISO C.J. Moses writes that within hours of the React2Shell bug going public on December 3, at least two Chinese state-linked teams, Earth Lamia and Jackpot Panda, were slamming it at scale, with AWS MadPot honeypots lighting up like a Christmas tree. AWS, Infosecurity Magazine, and TechRadar all confirm they’re targeting finance, logistics, retail, cloud providers, universities, and government networks to gain persistence and quietly siphon data rather than smash-and-grab ransomware.
React2Shell is the perfect espionage weapon: a CVSS 10 remote code execution flaw in React Server Components and Next.js that sits right in the modern web stack. Amazon threat intel says these groups are chaining it with other “N‑day” bugs like the NUUO camera vulnerability CVE-2025-1338, sweeping the internet for unpatched systems and using automated scanners with randomized user agents to dodge detection. That’s not kids in hoodies; that’s Ministry of State Security-grade tradecraft aimed straight at US software supply chains and cloud platforms.
In parallel, CrowdStrike and US government advisories describe another China-aligned outfit, Warp Panda, burrowing into VMware vCenter environments across North American tech, legal, and manufacturing firms, using a backdoor called BrickStorm. Researchers say Warp Panda isn’t just on endpoints; it’s living in the control plane—vCenter, ESXi, even spinning up rogue virtual machines, then deleting them to erase footprints. NSA guidance flagged that in at least one case, they sat inside a victim network from April 2024 into this fall, grabbing Active Directory Federation Services keys and effectively owning identity for the entire enterprise.
Industrial espionage and intellectual property theft are the throughline. Commentary from former US officials in outlets like Fox News and analysis echoed by the National Security Commission on Artificial Intelligence frame this as long-running economic warfare: Chinese services using cyber to hoover up AI, quantum, aerospace, and biotech IP so domestic firms can leapfrog R&D and US defense loses its edge. Salt Typhoon’s earlier hacks on US telcos to spy on senior officials, reported by the Financial Times and summarized by Risky Business, show how these operations blend strategic intelligence with technical access to core communications infrastructure.
Strategically, this two-week sprint tells us three things. First, China’s operators now routinely weaponize fresh vulnerabilities in hours, not weeks. Second, the focus on cloud, identity, and virtualization means the real targets are platforms that underpin entire supply chains, not just a single company. Third, as experts like Gabrielle Hempel at Exabeam warn, once an actor controls your control plane, they can exfiltrate IP today and hold the option to disrupt operations tomorrow.
Looking ahead, listeners should expect faster exploit cycles, more focus on software frameworks and managed service providers, and a tighter fusion of economic and military objectives in Chinese cyber operations. The US response—new defense funding, tighter cloud rules, and supply chain scrutiny—is playing catch-up with an adversary that treats every unpatched system as a strategic opportunity.
Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next breach breakdown. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Silicon Siege: China's Tech Offensive podcast.
I’m Ting, and you’ve just walked into Silicon Siege in progress.
Over the past two weeks, China-nexus crews have treated US tech like an open-world hacking game. Amazon’s CISO C.J. Moses writes that within hours of the React2Shell bug going public on December 3, at least two Chinese state-linked teams, Earth Lamia and Jackpot Panda, were slamming it at scale, with AWS MadPot honeypots lighting up like a Christmas tree. AWS, Infosecurity Magazine, and TechRadar all confirm they’re targeting finance, logistics, retail, cloud providers, universities, and government networks to gain persistence and quietly siphon data rather than smash-and-grab ransomware.
React2Shell is the perfect espionage weapon: a CVSS 10 remote code execution flaw in React Server Components and Next.js that sits right in the modern web stack. Amazon threat intel says these groups are chaining it with other “N‑day” bugs like the NUUO camera vulnerability CVE-2025-1338, sweeping the internet for unpatched systems and using automated scanners with randomized user agents to dodge detection. That’s not kids in hoodies; that’s Ministry of State Security-grade tradecraft aimed straight at US software supply chains and cloud platforms.
In parallel, CrowdStrike and US government advisories describe another China-aligned outfit, Warp Panda, burrowing into VMware vCenter environments across North American tech, legal, and manufacturing firms, using a backdoor called BrickStorm. Researchers say Warp Panda isn’t just on endpoints; it’s living in the control plane—vCenter, ESXi, even spinning up rogue virtual machines, then deleting them to erase footprints. NSA guidance flagged that in at least one case, they sat inside a victim network from April 2024 into this fall, grabbing Active Directory Federation Services keys and effectively owning identity for the entire enterprise.
Industrial espionage and intellectual property theft are the throughline. Commentary from former US officials in outlets like Fox News and analysis echoed by the National Security Commission on Artificial Intelligence frame this as long-running economic warfare: Chinese services using cyber to hoover up AI, quantum, aerospace, and biotech IP so domestic firms can leapfrog R&D and US defense loses its edge. Salt Typhoon’s earlier hacks on US telcos to spy on senior officials, reported by the Financial Times and summarized by Risky Business, show how these operations blend strategic intelligence with technical access to core communications infrastructure.
Strategically, this two-week sprint tells us three things. First, China’s operators now routinely weaponize fresh vulnerabilities in hours, not weeks. Second, the focus on cloud, identity, and virtualization means the real targets are platforms that underpin entire supply chains, not just a single company. Third, as experts like Gabrielle Hempel at Exabeam warn, once an actor controls your control plane, they can exfiltrate IP today and hold the option to disrupt operations tomorrow.
Looking ahead, listeners should expect faster exploit cycles, more focus on software frameworks and managed service providers, and a tighter fusion of economic and military objectives in Chinese cyber operations. The US response—new defense funding, tighter cloud rules, and supply chain scrutiny—is playing catch-up with an adversary that treats every unpatched system as a strategic opportunity.
Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next breach breakdown. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
I’m Ting, and you’ve just walked into Silicon Siege in progress.
Over the past two weeks, China-nexus crews have treated US tech like an open-world hacking game. Amazon’s CISO C.J. Moses writes that within hours of the React2Shell bug going public on December 3, at least two Chinese state-linked teams, Earth Lamia and Jackpot Panda, were slamming it at scale, with AWS MadPot honeypots lighting up like a Christmas tree. AWS, Infosecurity Magazine, and TechRadar all confirm they’re targeting finance, logistics, retail, cloud providers, universities, and government networks to gain persistence and quietly siphon data rather than smash-and-grab ransomware.
React2Shell is the perfect espionage weapon: a CVSS 10 remote code execution flaw in React Server Components and Next.js that sits right in the modern web stack. Amazon threat intel says these groups are chaining it with other “N‑day” bugs like the NUUO camera vulnerability CVE-2025-1338, sweeping the internet for unpatched systems and using automated scanners with randomized user agents to dodge detection. That’s not kids in hoodies; that’s Ministry of State Security-grade tradecraft aimed straight at US software supply chains and cloud platforms.
In parallel, CrowdStrike and US government advisories describe another China-aligned outfit, Warp Panda, burrowing into VMware vCenter environments across North American tech, legal, and manufacturing firms, using a backdoor called BrickStorm. Researchers say Warp Panda isn’t just on endpoints; it’s living in the control plane—vCenter, ESXi, even spinning up rogue virtual machines, then deleting them to erase footprints. NSA guidance flagged that in at least one case, they sat inside a victim network from April 2024 into this fall, grabbing Active Directory Federation Services keys and effectively owning identity for the entire enterprise.
Industrial espionage and intellectual property theft are the throughline. Commentary from former US officials in outlets like Fox News and analysis echoed by the National Security Commission on Artificial Intelligence frame this as long-running economic warfare: Chinese services using cyber to hoover up AI, quantum, aerospace, and biotech IP so domestic firms can leapfrog R&D and US defense loses its edge. Salt Typhoon’s earlier hacks on US telcos to spy on senior officials, reported by the Financial Times and summarized by Risky Business, show how these operations blend strategic intelligence with technical access to core communications infrastructure.
Strategically, this two-week sprint tells us three things. First, China’s operators now routinely weaponize fresh vulnerabilities in hours, not weeks. Second, the focus on cloud, identity, and virtualization means the real targets are platforms that underpin entire supply chains, not just a single company. Third, as experts like Gabrielle Hempel at Exabeam warn, once an actor controls your control plane, they can exfiltrate IP today and hold the option to disrupt operations tomorrow.
Looking ahead, listeners should expect faster exploit cycles, more focus on software frameworks and managed service providers, and a tighter fusion of economic and military objectives in Chinese cyber operations. The US response—new defense funding, tighter cloud rules, and supply chain scrutiny—is playing catch-up with an adversary that treats every unpatched system as a strategic opportunity.
Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next breach breakdown. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI