This is your Dragon's Code: America Under Cyber Siege podcast.

Listeners, it’s Ting! If you’ve spent the past week anxiously tracking breaches in US infrastructure, congratulations on surviving the latest episode of Dragon’s Code: America Under Cyber Siege. Let’s skip the pleasantries and jump in, because these past few days have been a masterclass in Chinese cyber-ops wizardry—equal parts terrifying and fascinating for cyber nerds like me.

Late last Friday, the Department of Energy—yes, again!—spotted malicious scanning on power grid management networks from IP addresses linked to the threat group APT41, a notorious cyber collective with deep ties to China’s Ministry of State Security. According to cybersecurity teams briefed by CrowdStrike analysts, this campaign used a blend of zero-day privilege escalation exploits and classic spear-phishing, but with a twist: the delivery mechanism bypassed traditional email gates by weaponizing legitimate energy supply chain vendor portals. As one Red Team lead at Forescout Technologies mused, “If the vendors can’t tell friend from foe, neither can you.” Chilling.

Attackers prioritized stealth. They deployed “pre-positioning” malware—basically ghost code that just sits dormant, a tactic increasingly employed by advanced states. Experts like Roy Kamphausen from The National Bureau of Asian Research warn this enables sabotage on demand and is straight out of the Volt Typhoon and Salt Typhoon playbook. Pre-positioning not only threatens downtime, but also signals that adversaries can flick the off switch for critical systems—think water, power, transport—whenever they choose.

Let’s talk attribution. Forensic evidence pointed directly to salted payloads compiled with Mandarin-language build environments and time stamps aligning with China’s business hours. DefenseOne’s panel of experts, including former DOD advisor Sean Berg, described China as “already in phase three” of the Pacific data war, dominating not by brute force but by knowing exactly when, where, and how to strike for maximum chaos. They weren’t kidding; the attackers also leveraged analytics on bulk-collected employee metadata to simulate legitimate operational traffic—a move only made possible by years of slow, silent exfiltration.

Government response moved fast this time. The Department of War (yes, that’s a new Trump-era name—roll with it), under Austin Dahmer, immediately issued a sector-wide threat directive: inventories of xIoT (that’s “everything Internet of Things,” by the way) endpoints, network traffic segmentation, and rapid rollouts of anomaly-based intrusion detection fed by AI. White House officials openly admitted to exploiting regulatory loopholes to counter China’s tempo—a bit of deregulation to make us nimbler, one staffer winked.

Lessons? Even advanced detection is no substitute for supply chain integrity and interagency drills. Officials emphasized burden-sharing; allies patched in as critical logs showed attempted pivots through Europe and Latin America. My favorite hot take comes from Rob Christian, ex-311th Signal Command, who lamented, “Hiding in the noise isn’t possible anymore. They see you buy snacks at 7-Eleven—literally.”

So, listeners, secure your endpoints, patch that router, and always, always verify who is really behind that vendor login. Thanks for tuning in—don’t forget to subscribe for another slice of cyber truth. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI

This is your Dragon's Code: America Under Cyber Siege podcast.

Today’s episode of Dragon’s Code: America Under Cyber Siege, I’m Ting, your trusted cyber-bard on all things China. So buckle up, listeners—this week has been a wild ride for America’s digital defenses.

Let’s start with the real headline-grabber: a fresh Chinese campaign using a zero-day vulnerability in Motex Lanscope, which nailed several US utility networks on Halloween, no less. Security analysts at SC World report these attacks weren’t your garden variety—attackers leveraged the Lanscope bug to hopscotch laterally across internal networks, evade traditional endpoint protection, and exfiltrate operations data tied to energy control systems. Now, all signs point to a suspected group with ties to China’s Ministry of State Security, building on a pattern seen in the notorious 2021 Hainan State Security Department hack that targeted aviation and marine R&D with surgical precision.

Here’s the kicker: China’s playbook keeps evolving. According to the Information Technology and Innovation Foundation, phishing’s never gone out of style—it just got an upgrade. We’re talking AI-sculpted spear phishing emails that mimic a colleague’s digital voice better than you can say “Inbox Zero.” Doppelganger domains and deepfake profile pics made it almost too easy for stressed-out employees to click the wrong link. And don’t forget the old-school subterfuge: a “consultant” inside a US defense supplier planted a poisoned USB drive, revisiting tactics straight out of the Operation Aurora saga.

America’s affected systems? This week, it’s a sobering list: water treatment facilities in the Midwest, an airline’s ticketing backend in Atlanta, and a logistics firm supporting military supply chains out of New Jersey. Even as the focus remains on digital, experts like Adam Segal from the Council on Foreign Relations warn that the line between cyber and physical is blurring—shutting down a logistics network can ground planes and starve cities, fast.

How did the US respond? Even with no confirmed permanent head at Cyber Command or the NSA—a vacuum making some folks in Congress pull their hair out—temporary leader Lt. Gen. William Hartman greenlit “active defense.” Analysts at SecurityWeek note that American countermeasures included isolating compromised subnets within minutes of detection, deploying rolling credential resets, and, in some cases, manually disconnecting critical SCADA components. Industry giants stepped in too, with Google and Microsoft launching zero-trust patches and rolling out global push-alerts for vulnerable configurations.

But here’s where the lesson bites hardest: Attribution is rarely a smoking gun, yet the tell-tale language choices in command-and-control servers, coupled with patterns reminiscent of previous PLA-affiliated hacks, make the source nearly impossible to deny. Still, don’t expect indictments to solve the issue—experts say the threat’s not going anywhere, any time soon.

Wrap up takeaways? Invest in continuous employee training—seriously, with AI phishing, your weakest link is your best friend with a caffeine addiction. Layered defense is not optional, it’s existential. And above all, says Don Bacon in Congress, fill top cyber command posts yesterday.

Thanks for tuning in, digital warriors—stay vigilant, upgrade often, and don’t forget to subscribe for next week’s deep dive. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI

This is your Dragon's Code: America Under Cyber Siege podcast.

It’s Ting here—your friendly cyber sleuth and specialist on all things China and hacking. Let’s dive straight into the wildest week yet in America’s ongoing cyber drama: Dragon’s Code—America Under Cyber Siege. The past few days have delivered no shortage of high drama, zero-day acrobatics, and government handwringing as Chinese APTs basically played “Capture the Flag” on US, and yes, allied, digital turf.

The talk of the threat intel community is all about BRONZE BUTLER, also tracked as Tick, a Chinese state-sponsored group that Secureworks’ CTU caught actively exploiting a zero-day—CVE-2025-61932—in Motex’s LANSCOPE Endpoint Manager used massively in Japan, but security experts warn the same tactics are being spotted among vendors to US critical infrastructure. This zero-day allowed SYSTEM-level remote code execution, turning whole fleets of endpoints into malware launchpads. Analysts pointed out the two-variant Gokcpdoor backdoor communicating via tricky TCP ports, plus the deployment of tools like Havoc C2 and goddi for Active Directory snooping. Data exfiltration? Ingeniously done via browser uploads to rare services like Piping Server, completely sidestepping your grandma’s DLP solution. The warning here, according to JPCERT/CC and CISA, is internal exploitation—attackers now fish with a spear, not a net.

But the American side is not just watching Japan’s back. Back home, Cisco’s infamous CVE-2023-20198—the IOS XE web UI bug—refuses to die, despite patches being a year old. SALT TYPHOON, another Chinese operator, and friends are still dropping the BADCANDY web shell on unpatched Cisco routers, including those controlling network traffic for water and power utilities. We’re talking privileged backdoors, rogue tunnel interfaces, mass credential harvesting. Even after rebooting and “cleaning up,” many orgs aren’t patching root issues, so attackers simply walk right back in. The Australian Signals Directorate says hundreds of compromised routers in late 2025 prove just how poor global patch hygiene still is.

If you like international intrigue, Mustang Panda’s newer offshoot, UNC6384, just pulled off a high-impact phishing campaign targeting Western diplomats and aviation authorities—this time with a fresh zero-day, CVE-2025-9491 in Windows LNK files, to smuggle PlugX malware onto systems. It’s clever, customized, and timed to real-world events, with phishing emails built around current EU defense topics. PlugX is old but gold; its modularity helps it dodge endpoint defenses, and the group still loves PowerShell and DLL sideloading for stealthy control.

These incidents highlight hallmarks of Chinese cyber tradecraft: fast exploit adoption, precise targeting, leveraging hybrid tooling—custom plus open source. Attribution poles—according to experts at CISA and Secureworks—point to overlapping infrastructure, recurring C2 patterns, and PLA-linked researchers in US academic programs. There’s a big deal now about cracking down on university research collaborations: the House Select Committee found hundreds of PRC-linked engineers embedded in US universities, sometimes funded out of taxpayer pockets and with active defense ties.

Government responses? The Biden administration is pushing for new bans on hardware like TP-Link routers, and Congress is tightening the visa and grant rules for STEM exchanges, particularly for students from institutions like Beihang and Harbin Engineering. Defenders recommend: patch relentlessly, log diligently, separate your admin interfaces, and audit who and what is plugged into your network—because your infrastructure’s weakest link could now be the user-side device.

Enduring lessons? As my friend Emily Austin at Censys always says: Critical infrastructure is now the actual frontline, not just some faceless server farm off in the digital fog. The US, for all...

This is your Dragon's Code: America Under Cyber Siege podcast.

Listeners, it’s Ting—yes, your go-to for everything China, cyber-intrigue, and flaming-hot hacking updates. You want this week in America’s cyber defense? Buckle in, because Dragon’s Code has written a blockbuster chapter.

This week, Salt Typhoon, the Chinese cyberespionage crew backed by China’s Ministry of State Security, didn’t just knock on our digital doors—they blew them off the hinges. According to the FCC, Salt Typhoon breached the wiretap request systems at dozens of US telecom companies. That’s right, the lawful intercept tools that let law enforcement snoop on suspected criminals? Chinese hackers found a way to use these against us, targeting everyone from candidates like President Donald Trump and Vice President JD Vance to campaign teams of Kamala Harris. Imagine Xi Jinping’s agents eavesdropping on America’s latest campaign strategy sessions—makes Watergate look analog.

How’d they do it? Methodology: sophisticated spear phishing, zero-day exploits in obscure telecom systems, and a little old-school credential stuffing. Chinese operators leaned on exploiting vulnerabilities in Cisco’s Adaptive Security Appliance firewalls—those beefy gatekeepers supposedly guarding government and private infrastructure alike. According to The Record, their scan-and-exploit routine hit network perimeters, with some success in government and defense contractor domains.

Attribution wasn’t just guesswork. The FBI, working alongside CISA, followed forensic breadcrumbs—unique malware signatures, command-and-control infrastructure bouncing through .cn domains, and operational overlap with known Salt Typhoon campaigns. Key evidence included identical malware samples found across 600 organizations in over 80 countries, but traced right back to this Chinese crew.

So, did Uncle Sam take it lying down? Absolutely not. Emergency patches from Cisco flew out the door; telecoms isolated affected systems, and the FBI started a rolling notification campaign to compromised organizations. The patchwork, per FCC Chair Brendan Carr and NIST’s tech team, included tighter network segmentation and forced multi-factor authentication. But the FCC threw drama into the mix—next month, they’ll vote to reverse some security requirements put in after the attacks. Cybersecurity pros like Jessica Rosenworcel, former FCC Chair, think rolling back these protections now is like locking your doors after the burglar leaves, then removing the locks altogether.

Let’s talk lessons. First, no law-enforcement tool is too mundane for foreign cyber ops; second, never underestimate persistence—Salt Typhoon spent months mapping systems before striking. Experts like NIST’s Dr. Sonia Lin say automation, AI-driven monitoring, and continuous systems audit are now “non-negotiable” in this new normal, while infosec consultant Marcus Flynn insists public-private threat info sharing must shift from monthly memos to real-time alerts.

And the political cyber chessboard just keeps escalating. US firms are under pressure to ditch all gear with Chinese components—Huawei, ZTE, you name it. Even old systems, previously authorized, made the new blacklist. Millions of online listings got swept out overnight, raising cries from businesses and sparking snoozy legal protests from the usual suspects in Beijing.

That’s the week’s highlight reel: advanced Chinese cyber tactics, strategic hits on American infrastructure, proof-backed attribution, a rapidly adapting defense, and a policy tug-of-war that keeps even me, Ting, caffeinated and wide-eyed at midnight.

Thanks for tuning in, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals Show more...