Sign up to save your podcasts
Or
Share Spreadsheets Gone Rogue: How China Hacked the World with Google Sheets and Congressional Emails
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Spreadsheets Gone Rogue: How China Hacked the World with Google Sheets and Congressional Emails
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest cyber chaos from the past seven days ending March 3, 2026. Buckle up—China-linked hackers are flexing like never before, but defenses are firing back.
Picture this: Google's Mandiant team just dropped a bombshell on February 26, announcing they smashed UNC2814, aka the Gallium group, a slick China-backed crew that infiltrated 53 orgs across 42 countries in Africa, Asia, and the Americas. These shadows ran a nearly decade-long espionage op, hitting government agencies and telecom giants hard. Their killer move? A fresh backdoor called GridTide that phoned home via Google Sheets—yep, your everyday spreadsheet turned command-and-control wizardry. Attackers scribbled commands in cells, malware slurped them via legit APIs, executed, and beamed back stolen goodies like names, phone numbers, voter IDs, even national IDs. Google nuked their Cloud projects, axed accounts, sinkholed domains, and alerted victims. Initial access? Still foggy, but smells like compromised web servers. No ties to Salt Typhoon, but the tradecraft screams state-sponsored sophistication.
Not done yet—Salt Typhoon and Linen Typhoon kept the telecom beatdown going, per Cloudflare's 2026 Threat Report. They burrowed into North American providers like AT&T, Verizon, and Lumen, plus a July 2025 Microsoft SharePoint hit, grabbing calls, texts, metadata for long-game disruption. Financial Times caught Salt Typhoon sneaking into Congressional staff emails for House committees on China policy, intel, foreign affairs, and military oversight back in December—smart, low-drama entry to spy on policy brewing.
US pushback? Florida AG James Uthmeier launched the CHINA Unit on March 3, zeroing in on CCP-linked data grabs, especially healthcare's juicy medical devices from firms like Contec and TP-Link. Subpoenas flying to Shein, Lorex, the works—money laundering, cyber fraud in the crosshairs. Echoes federal moves like the DOJ's Data Security Program and BIOSECURE Act. FBI's pushing Operation Winter Shield for better intel sharing against Chinese hackers, eyeing Taiwan invasion spillovers.
New vectors: Abusing cloud APIs like Sheets for stealth C2, over-privileged SaaS integrations cascading breaches. Sectors? Telecom, gov, healthcare—critical infrastructure central.
Expert tips from Mandiant and Cloudflare: Hunt for anomalous Sheets API calls, enforce least-privilege on cloud accounts, segment Congressional-style networks, deploy threat hunting for long-haulers. Patch fast—like that Ivanti zero-day RESURGE from UNC5221—and monitor USBs for North Korea overlaps, but China's the dragon here. Florida firms, audit China-tied vendors yesterday.
China's clapping back via People's Daily, slamming US as cyberspace's chaos king, pre-positioning AI attacks on their infra. Spokesperson Mao Ning vows "all measures necessary" for cyber defense.
Whew, listeners, that's your weekly pulse—stay vigilant, layer those defenses. Thanks for tuning in to Digital Dragon Watch—subscribe now for the edge! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest cyber chaos from the past seven days ending March 3, 2026. Buckle up—China-linked hackers are flexing like never before, but defenses are firing back.
Picture this: Google's Mandiant team just dropped a bombshell on February 26, announcing they smashed UNC2814, aka the Gallium group, a slick China-backed crew that infiltrated 53 orgs across 42 countries in Africa, Asia, and the Americas. These shadows ran a nearly decade-long espionage op, hitting government agencies and telecom giants hard. Their killer move? A fresh backdoor called GridTide that phoned home via Google Sheets—yep, your everyday spreadsheet turned command-and-control wizardry. Attackers scribbled commands in cells, malware slurped them via legit APIs, executed, and beamed back stolen goodies like names, phone numbers, voter IDs, even national IDs. Google nuked their Cloud projects, axed accounts, sinkholed domains, and alerted victims. Initial access? Still foggy, but smells like compromised web servers. No ties to Salt Typhoon, but the tradecraft screams state-sponsored sophistication.
Not done yet—Salt Typhoon and Linen Typhoon kept the telecom beatdown going, per Cloudflare's 2026 Threat Report. They burrowed into North American providers like AT&T, Verizon, and Lumen, plus a July 2025 Microsoft SharePoint hit, grabbing calls, texts, metadata for long-game disruption. Financial Times caught Salt Typhoon sneaking into Congressional staff emails for House committees on China policy, intel, foreign affairs, and military oversight back in December—smart, low-drama entry to spy on policy brewing.
US pushback? Florida AG James Uthmeier launched the CHINA Unit on March 3, zeroing in on CCP-linked data grabs, especially healthcare's juicy medical devices from firms like Contec and TP-Link. Subpoenas flying to Shein, Lorex, the works—money laundering, cyber fraud in the crosshairs. Echoes federal moves like the DOJ's Data Security Program and BIOSECURE Act. FBI's pushing Operation Winter Shield for better intel sharing against Chinese hackers, eyeing Taiwan invasion spillovers.
New vectors: Abusing cloud APIs like Sheets for stealth C2, over-privileged SaaS integrations cascading breaches. Sectors? Telecom, gov, healthcare—critical infrastructure central.
Expert tips from Mandiant and Cloudflare: Hunt for anomalous Sheets API calls, enforce least-privilege on cloud accounts, segment Congressional-style networks, deploy threat hunting for long-haulers. Patch fast—like that Ivanti zero-day RESURGE from UNC5221—and monitor USBs for North Korea overlaps, but China's the dragon here. Florida firms, audit China-tied vendors yesterday.
China's clapping back via People's Daily, slamming US as cyberspace's chaos king, pre-positioning AI attacks on their infra. Spokesperson Mao Ning vows "all measures necessary" for cyber defense.
Whew, listeners, that's your weekly pulse—stay vigilant, layer those defenses. Thanks for tuning in to Digital Dragon Watch—subscribe now for the edge! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest cyber chaos from the past seven days ending March 3, 2026. Buckle up—China-linked hackers are flexing like never before, but defenses are firing back.
Picture this: Google's Mandiant team just dropped a bombshell on February 26, announcing they smashed UNC2814, aka the Gallium group, a slick China-backed crew that infiltrated 53 orgs across 42 countries in Africa, Asia, and the Americas. These shadows ran a nearly decade-long espionage op, hitting government agencies and telecom giants hard. Their killer move? A fresh backdoor called GridTide that phoned home via Google Sheets—yep, your everyday spreadsheet turned command-and-control wizardry. Attackers scribbled commands in cells, malware slurped them via legit APIs, executed, and beamed back stolen goodies like names, phone numbers, voter IDs, even national IDs. Google nuked their Cloud projects, axed accounts, sinkholed domains, and alerted victims. Initial access? Still foggy, but smells like compromised web servers. No ties to Salt Typhoon, but the tradecraft screams state-sponsored sophistication.
Not done yet—Salt Typhoon and Linen Typhoon kept the telecom beatdown going, per Cloudflare's 2026 Threat Report. They burrowed into North American providers like AT&T, Verizon, and Lumen, plus a July 2025 Microsoft SharePoint hit, grabbing calls, texts, metadata for long-game disruption. Financial Times caught Salt Typhoon sneaking into Congressional staff emails for House committees on China policy, intel, foreign affairs, and military oversight back in December—smart, low-drama entry to spy on policy brewing.
US pushback? Florida AG James Uthmeier launched the CHINA Unit on March 3, zeroing in on CCP-linked data grabs, especially healthcare's juicy medical devices from firms like Contec and TP-Link. Subpoenas flying to Shein, Lorex, the works—money laundering, cyber fraud in the crosshairs. Echoes federal moves like the DOJ's Data Security Program and BIOSECURE Act. FBI's pushing Operation Winter Shield for better intel sharing against Chinese hackers, eyeing Taiwan invasion spillovers.
New vectors: Abusing cloud APIs like Sheets for stealth C2, over-privileged SaaS integrations cascading breaches. Sectors? Telecom, gov, healthcare—critical infrastructure central.
Expert tips from Mandiant and Cloudflare: Hunt for anomalous Sheets API calls, enforce least-privilege on cloud accounts, segment Congressional-style networks, deploy threat hunting for long-haulers. Patch fast—like that Ivanti zero-day RESURGE from UNC5221—and monitor USBs for North Korea overlaps, but China's the dragon here. Florida firms, audit China-tied vendors yesterday.
China's clapping back via People's Daily, slamming US as cyberspace's chaos king, pre-positioning AI attacks on their infra. Spokesperson Mao Ning vows "all measures necessary" for cyber defense.
Whew, listeners, that's your weekly pulse—stay vigilant, layer those defenses. Thanks for tuning in to Digital Dragon Watch—subscribe now for the edge! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest cyber chaos from the past seven days ending March 3, 2026. Buckle up—China-linked hackers are flexing like never before, but defenses are firing back.
Picture this: Google's Mandiant team just dropped a bombshell on February 26, announcing they smashed UNC2814, aka the Gallium group, a slick China-backed crew that infiltrated 53 orgs across 42 countries in Africa, Asia, and the Americas. These shadows ran a nearly decade-long espionage op, hitting government agencies and telecom giants hard. Their killer move? A fresh backdoor called GridTide that phoned home via Google Sheets—yep, your everyday spreadsheet turned command-and-control wizardry. Attackers scribbled commands in cells, malware slurped them via legit APIs, executed, and beamed back stolen goodies like names, phone numbers, voter IDs, even national IDs. Google nuked their Cloud projects, axed accounts, sinkholed domains, and alerted victims. Initial access? Still foggy, but smells like compromised web servers. No ties to Salt Typhoon, but the tradecraft screams state-sponsored sophistication.
Not done yet—Salt Typhoon and Linen Typhoon kept the telecom beatdown going, per Cloudflare's 2026 Threat Report. They burrowed into North American providers like AT&T, Verizon, and Lumen, plus a July 2025 Microsoft SharePoint hit, grabbing calls, texts, metadata for long-game disruption. Financial Times caught Salt Typhoon sneaking into Congressional staff emails for House committees on China policy, intel, foreign affairs, and military oversight back in December—smart, low-drama entry to spy on policy brewing.
US pushback? Florida AG James Uthmeier launched the CHINA Unit on March 3, zeroing in on CCP-linked data grabs, especially healthcare's juicy medical devices from firms like Contec and TP-Link. Subpoenas flying to Shein, Lorex, the works—money laundering, cyber fraud in the crosshairs. Echoes federal moves like the DOJ's Data Security Program and BIOSECURE Act. FBI's pushing Operation Winter Shield for better intel sharing against Chinese hackers, eyeing Taiwan invasion spillovers.
New vectors: Abusing cloud APIs like Sheets for stealth C2, over-privileged SaaS integrations cascading breaches. Sectors? Telecom, gov, healthcare—critical infrastructure central.
Expert tips from Mandiant and Cloudflare: Hunt for anomalous Sheets API calls, enforce least-privilege on cloud accounts, segment Congressional-style networks, deploy threat hunting for long-haulers. Patch fast—like that Ivanti zero-day RESURGE from UNC5221—and monitor USBs for North Korea overlaps, but China's the dragon here. Florida firms, audit China-tied vendors yesterday.
China's clapping back via People's Daily, slamming US as cyberspace's chaos king, pre-positioning AI attacks on their infra. Spokesperson Mao Ning vows "all measures necessary" for cyber defense.
Whew, listeners, that's your weekly pulse—stay vigilant, layer those defenses. Thanks for tuning in to Digital Dragon Watch—subscribe now for the edge! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI