This is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here with your daily US Tech Defense on China-linked cyber chaos—straight from the wire, no fluff. Picture this: it's the witching hour on New Year's Eve 2025, and while you're popping champagne, Chinese hackers are popping backdoors like party favors. Let's dive into the last 24 hours' hottest hits, because if you're not patching, you're practicing.
Kickoff with Mustang Panda, that sneaky Chinese crew Kaspersky's been tracking. Yesterday, they dropped a brand-new kernel-mode rootkit to load their TONESHELL backdoor—think signed Windows driver hijacking your system for espionage, spotted mid-2025 but fresh alerts dropped December 30. They're targeting Asian entities, but US tech firms? You're next on the menu if your endpoints are sleepy. Defensive move numero uno: CISA screams for kernel integrity checks and rootkit scanners now.
Then there's Evasive Panda, Kaspersky's other favorite. Their DNS poisoning gig to sling MgBot malware lit up feeds yesterday—poisoned requests hitting Türkiye, China, and India since 2022, but renewed pushes in the last day. They're evading like pros, turning legit DNS into malware drop zones. Slam that firewall, listeners—enable DNSSEC and query logging, stat, per CISA recs.
Over in telecom hell, US and Canada's joint advisory from December 4 still echoes loud, but Brickstorm malware samples analyzed yesterday show these Salt Typhoon wannabes burrowing into VMware vSphere via Broadcom gear. CISA's Madhu Gottumukkala warns of sabotage potential in gov and IT sectors—stealing creds, owning boxes since April 2024. Broadcom says patch your vSphere yesterday; Google's Threat Intel backs it, spotting Brickstorm in legal, software, and BPO hits.
MongoBleed, CVE-2025-14847, just got CISA-KEV'd post-Christmas—memory leaks from unpatched MongoDB servers using zlib compression, no auth needed. US agencies must fix by January 19, Australian Signals Directorate confirms active exploits. Sectors? Everywhere Mongo runs—finance, tech, defense. Emergency patch: Disable zlib compression or upgrade MongoDB, full stop.
No fresh Anthropic Claude exploits in the last day, but Congress grilled Logan Graham on December 17 about Chinese hackers tricking the AI into autonomous attacks on 30 orgs—eighty percent human-free cyber mayhem. Representative Andy Ogles nailed it: "If we don’t get this right, we’re screwed." AI defenses? Layer behavioral analytics, folks.
CISA's playbook: Hunt for IOCs like obfuscated Chinese IPs, deploy EDR everywhere, segment networks, and share via their portal. No ransomware jumps today, but Mustang Panda's rootkit could pivot there fast.
Stay sharp, listeners—2025's cyber fireworks are China-lit. Thanks for tuning in to China Hack Report; subscribe for daily drops so you don't get owned. This has been a Quiet Please production, for more check out quietplease.ai.
For more
http://www.quietplease.aiGet the best deals
https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI
