Sign up to save your podcasts
Or
Share Ting's Tea: Beijing's Digital Ninjas Drop PlugX Like Confetti While CISA Scrambles to Plug the Leaks
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Ting's Tea: Beijing's Digital Ninjas Drop PlugX Like Confetti While CISA Scrambles to Plug the Leaks
This is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks and US tech defense. Buckle up, because the last 24 hours have been a sneaky sprint from Beijing's digital ninjas, and I'm spilling the tea straight from the feeds like CSIS's Significant Cyber Incidents log, Risky Business Bulletin, and fresh ThreatLabz alerts.
Picture this: I'm monitoring my dashboards last night around 6 PM UTC on March 13, 2026, when pings light up like a Shenzhen night market. First off, a China-nexus threat actor—ThreatLabz calls 'em out on March 1 but activity spiked yesterday—drops PlugX malware like confetti across the Persian Gulf. Why care, US folks? These Gulf oil chokepoints feed our energy sector, and PlugX is that classic RAT from PLA Unit 61398, burrowing into networks for espionage. They're hitting telecoms and critical infra, sectors we've seen Salt Typhoon gut before. No new exploits named, but it's PlugX's modular payload letting 'em pivot laterally, siphoning data on US allies' defenses.
Switching feeds, China's CERT team flags the RCtea botnet, fresh since December 2025 but DDoS blasts ramped up in the past day targeting IoT devices worldwide. Risky Bulletin reports it's hammering US-facing edge networks—think smart grids and manufacturing hubs. Sectors? Industrial control systems in energy and defense supply chains, echoing those July 2025 Microsoft SharePoint breaches on our agencies.
CISA's not sleeping: Their Emergency Directive 26-03 from February 25 still screams action, but yesterday they ordered federal agencies to ship Cisco SD-WAN logs to the CISA CLAW cloud by March 23. Why? Zero-day attacks since 2023, now linked to China ops per scouts.yutori.com. Those devices guard our telecomm borders—Salt Typhoon's playground. Official warning: Patch immediately or risk full compromise, as Huntress notes attackers daisy-chain RMM tools to fragment trails and persist.
Defensive moves? CISA says enable MFA everywhere, hunt for Cobalt Strike beacons like the one Red Packet Security spotted at 117.72.220.129:5555 yesterday—classic China C2. Validate backups, scrub IoT for RCtea, and monitor Gulf-linked supply chains for PlugX droppers. ISAC echoes this amid Middle East flares, but China's the stealth player blurring hacktivist lines.
Whew, listeners, that's your daily dose—no major zero-days or patches dropped in the hour, but the tempo's rising 150% like February 2025 trends. Stay vigilant; these aren't joyrides, they're prepping for bigger plays.
Thanks for tuning in—subscribe for more intel drops! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks and US tech defense. Buckle up, because the last 24 hours have been a sneaky sprint from Beijing's digital ninjas, and I'm spilling the tea straight from the feeds like CSIS's Significant Cyber Incidents log, Risky Business Bulletin, and fresh ThreatLabz alerts.
Picture this: I'm monitoring my dashboards last night around 6 PM UTC on March 13, 2026, when pings light up like a Shenzhen night market. First off, a China-nexus threat actor—ThreatLabz calls 'em out on March 1 but activity spiked yesterday—drops PlugX malware like confetti across the Persian Gulf. Why care, US folks? These Gulf oil chokepoints feed our energy sector, and PlugX is that classic RAT from PLA Unit 61398, burrowing into networks for espionage. They're hitting telecoms and critical infra, sectors we've seen Salt Typhoon gut before. No new exploits named, but it's PlugX's modular payload letting 'em pivot laterally, siphoning data on US allies' defenses.
Switching feeds, China's CERT team flags the RCtea botnet, fresh since December 2025 but DDoS blasts ramped up in the past day targeting IoT devices worldwide. Risky Bulletin reports it's hammering US-facing edge networks—think smart grids and manufacturing hubs. Sectors? Industrial control systems in energy and defense supply chains, echoing those July 2025 Microsoft SharePoint breaches on our agencies.
CISA's not sleeping: Their Emergency Directive 26-03 from February 25 still screams action, but yesterday they ordered federal agencies to ship Cisco SD-WAN logs to the CISA CLAW cloud by March 23. Why? Zero-day attacks since 2023, now linked to China ops per scouts.yutori.com. Those devices guard our telecomm borders—Salt Typhoon's playground. Official warning: Patch immediately or risk full compromise, as Huntress notes attackers daisy-chain RMM tools to fragment trails and persist.
Defensive moves? CISA says enable MFA everywhere, hunt for Cobalt Strike beacons like the one Red Packet Security spotted at 117.72.220.129:5555 yesterday—classic China C2. Validate backups, scrub IoT for RCtea, and monitor Gulf-linked supply chains for PlugX droppers. ISAC echoes this amid Middle East flares, but China's the stealth player blurring hacktivist lines.
Whew, listeners, that's your daily dose—no major zero-days or patches dropped in the hour, but the tempo's rising 150% like February 2025 trends. Stay vigilant; these aren't joyrides, they're prepping for bigger plays.
Thanks for tuning in—subscribe for more intel drops! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks and US tech defense. Buckle up, because the last 24 hours have been a sneaky sprint from Beijing's digital ninjas, and I'm spilling the tea straight from the feeds like CSIS's Significant Cyber Incidents log, Risky Business Bulletin, and fresh ThreatLabz alerts.
Picture this: I'm monitoring my dashboards last night around 6 PM UTC on March 13, 2026, when pings light up like a Shenzhen night market. First off, a China-nexus threat actor—ThreatLabz calls 'em out on March 1 but activity spiked yesterday—drops PlugX malware like confetti across the Persian Gulf. Why care, US folks? These Gulf oil chokepoints feed our energy sector, and PlugX is that classic RAT from PLA Unit 61398, burrowing into networks for espionage. They're hitting telecoms and critical infra, sectors we've seen Salt Typhoon gut before. No new exploits named, but it's PlugX's modular payload letting 'em pivot laterally, siphoning data on US allies' defenses.
Switching feeds, China's CERT team flags the RCtea botnet, fresh since December 2025 but DDoS blasts ramped up in the past day targeting IoT devices worldwide. Risky Bulletin reports it's hammering US-facing edge networks—think smart grids and manufacturing hubs. Sectors? Industrial control systems in energy and defense supply chains, echoing those July 2025 Microsoft SharePoint breaches on our agencies.
CISA's not sleeping: Their Emergency Directive 26-03 from February 25 still screams action, but yesterday they ordered federal agencies to ship Cisco SD-WAN logs to the CISA CLAW cloud by March 23. Why? Zero-day attacks since 2023, now linked to China ops per scouts.yutori.com. Those devices guard our telecomm borders—Salt Typhoon's playground. Official warning: Patch immediately or risk full compromise, as Huntress notes attackers daisy-chain RMM tools to fragment trails and persist.
Defensive moves? CISA says enable MFA everywhere, hunt for Cobalt Strike beacons like the one Red Packet Security spotted at 117.72.220.129:5555 yesterday—classic China C2. Validate backups, scrub IoT for RCtea, and monitor Gulf-linked supply chains for PlugX droppers. ISAC echoes this amid Middle East flares, but China's the stealth player blurring hacktivist lines.
Whew, listeners, that's your daily dose—no major zero-days or patches dropped in the hour, but the tempo's rising 150% like February 2025 trends. Stay vigilant; these aren't joyrides, they're prepping for bigger plays.
Thanks for tuning in—subscribe for more intel drops! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks and US tech defense. Buckle up, because the last 24 hours have been a sneaky sprint from Beijing's digital ninjas, and I'm spilling the tea straight from the feeds like CSIS's Significant Cyber Incidents log, Risky Business Bulletin, and fresh ThreatLabz alerts.
Picture this: I'm monitoring my dashboards last night around 6 PM UTC on March 13, 2026, when pings light up like a Shenzhen night market. First off, a China-nexus threat actor—ThreatLabz calls 'em out on March 1 but activity spiked yesterday—drops PlugX malware like confetti across the Persian Gulf. Why care, US folks? These Gulf oil chokepoints feed our energy sector, and PlugX is that classic RAT from PLA Unit 61398, burrowing into networks for espionage. They're hitting telecoms and critical infra, sectors we've seen Salt Typhoon gut before. No new exploits named, but it's PlugX's modular payload letting 'em pivot laterally, siphoning data on US allies' defenses.
Switching feeds, China's CERT team flags the RCtea botnet, fresh since December 2025 but DDoS blasts ramped up in the past day targeting IoT devices worldwide. Risky Bulletin reports it's hammering US-facing edge networks—think smart grids and manufacturing hubs. Sectors? Industrial control systems in energy and defense supply chains, echoing those July 2025 Microsoft SharePoint breaches on our agencies.
CISA's not sleeping: Their Emergency Directive 26-03 from February 25 still screams action, but yesterday they ordered federal agencies to ship Cisco SD-WAN logs to the CISA CLAW cloud by March 23. Why? Zero-day attacks since 2023, now linked to China ops per scouts.yutori.com. Those devices guard our telecomm borders—Salt Typhoon's playground. Official warning: Patch immediately or risk full compromise, as Huntress notes attackers daisy-chain RMM tools to fragment trails and persist.
Defensive moves? CISA says enable MFA everywhere, hunt for Cobalt Strike beacons like the one Red Packet Security spotted at 117.72.220.129:5555 yesterday—classic China C2. Validate backups, scrub IoT for RCtea, and monitor Gulf-linked supply chains for PlugX droppers. ISAC echoes this amid Middle East flares, but China's the stealth player blurring hacktivist lines.
Whew, listeners, that's your daily dose—no major zero-days or patches dropped in the hour, but the tempo's rising 150% like February 2025 trends. Stay vigilant; these aren't joyrides, they're prepping for bigger plays.
Thanks for tuning in—subscribe for more intel drops! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI