This is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks and US tech defense. Buckle up, because the last 24 hours dropped a bombshell from Kaspersky on December 26: China-linked Evasive Panda, also known as Bronze Highland or Daggerfly, has been running a slick DNS poisoning campaign since 2022, but fresh details just hit on delivering their signature MgBot backdoor. These crafty operators poisoned DNS requests for sites like dictionary.com, tricking systems in Türkiye, China, and India into resolving to attacker-controlled IPs—think adversary-in-the-middle magic, dropping loaders and encrypted shellcode hidden in PNGs, all geo-targeted by ISP and location. No new US hits confirmed yet, but this espionage playbook screams prep for broader infrastructure plays.
Zoom out to the past few days, and the Pentagon's "Military and Security Developments Involving the People's Republic of China 2025" report, released December 23, paints a dire picture: a 150% spike in Chinese cyber intrusions on US energy, water, comms, and transport grids in 2024, courtesy of Volt Typhoon. That's the state-sponsored crew pre-positioning for Taiwan crisis disruptions, straight threats to our homeland. Snyderville Basin Water Reclamation District in Utah just fended off what they call a likely Chinese international cyber-attack—critical infra holding the line, but barely.
Sectors under fire? US defense tech took a geopolitical punch today, December 26, with China slapping sanctions on 20 American firms like Northrop Grumman, Boeing, L3Harris, and even Anduril's Palmer Luckey over Taiwan arms sales—assets frozen, no business in Beijing. Cyber-wise, CISA flagged the Digiever DS-2105 Pro NVR flaw, CVE-2023-52163, on December 25; it's a command injection beast enabling remote code execution, actively exploited, so patch those network video recorders yesterday. No fresh China malware drops in the last day, but Evasive Panda's MgBot evolution—XOR-encrypted, DPAPI-RC5 hybrid—shows they're evading like pros.
Official warnings? Pentagon urges deterrence by strength, while CISA's Known Exploited Vulnerabilities catalog screams urgency on Digiever. Immediate defenses from CISA and feds: Hunt for DNS anomalies with tools like Wireshark, enforce network segmentation on ICS like water and energy, apply emergency patches for CVE-2023-52163 pronto, and rotate credentials—Volt Typhoon loves living off the land. Run EDR scans for MgBot loaders in perf.dat spots, block suspicious IPs like that Cobalt Strike beacon on 1.15.25.148:9080 popping today, and enable MFA everywhere. Listeners, layer up with zero-trust, monitor for AitM, and simulate Taiwan-scenario disruptions in your red teams.
China's not slowing—AI-fueled info ops, space jammers, nuclear cyber nexus per the DoD report. Stay vigilant, US tech warriors; this is daily defense chess.
Thanks for tuning in, listeners—subscribe for more edge-of-your-seat updates! This has been a Quiet Please production, for more check out quietplease.ai.
For more
http://www.quietplease.aiGet the best deals
https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI
