This is your Dragon's Code: America Under Cyber Siege podcast.

Hey listeners, it's Ting—your one-stop source for witty banter and the hard truth about Chinese cyber ops. The past week has been, well, another episode of Dragon’s Code: America Under Cyber Siege, and you’d better believe the script is jam-packed with intrigue, attribution drama, and some deeply nerdy hacking tactics.

All eyes were on Washington when the Congressional Budget Office was hit by a cyberattack that sent shockwaves through Capitol Hill. According to a briefing seen by CNN, the prime suspects are—you guessed it—Chinese state-linked groups. The CBO, which keeps lawmakers in the cost-estimate and budget loop, suddenly found its communications and projections floating in the cyber ether. Caitlin Emma, their spokesperson, said they've contained the breach and ramped up monitoring and controls, but the attack is “ongoing” and staffers have been warned: don’t click CBO links unless you love roulette with legislative secrets! What makes this even more dramatic? The entire federal government just went through a record 37-day shutdown, so CISA—the agency meant to keep cyber thugs at bay—had furloughed a majority of its team. So, if you were betting on “good time for foreign intelligence fishing”—congratulations, you win a Red Team trophy.

Meanwhile, Symantec and Carbon Black uncovered a campaign against a D.C. nonprofit not just dabbling, but dunking in policy influence. The week’s most sophisticated ops relied on big exploit classics: Log4j, Atlassian OGNL Injection, Apache Struts, and GoAhead RCE. Attackers scanned for vulnerable servers, then used scheduled tasks and legitimate binaries like msbuild.exe to inject code directly into Windows systems—talk about ‘living off the land.’ Techies will appreciate that DLL side-loading via Vipre AV components was a popular trick, with payload delivery and persistence hinging on system-level scheduled tasks. The threat actors, connected to names like Salt Typhoon (aka Kelp), Space Pirates, and APT41, kept their toolkit modular and masquerading as trusted processes, making attribution a forensic nightmare.

Not only were systems breached, but domain controllers—the crown jewels for network-wide privilege escalation—were on the menu. Imjpuexc, an obscure Microsoft utility for East Asian script input, popped up in the logs, adding another telltale sign of Chinese involvement, according to Broadcom and GBHackers. What’s really new here is how these groups didn’t just rely on old espionage. In addition to theft, we saw disruptive capabilities, a step up in scale—think infrastructural prep for conflict rather than mere data heists.

Industrial sectors felt the heat, too. Cyble reported a surge in supply chain attacks, with ransomware gangs piggybacking on compromised update servers. Chinese-aligned PlushDaemon, for example, poisoned network devices and hijacked DNS traffic to serve up SlowStepper malware to unsuspecting energy and defense targets, with payloads delivered via legit software update mechanisms.

So what did experts and officials learn this week? Bill Conner from Carbon Black pointed out operational discipline, tool sharing, and stubborn persistence as key traits of these threat groups. CISA’s emergency advice: abandon complacency, log everything, segment networks, and patch like your next paycheck depends on it.

The key lesson: attribution is tough. Tool reuse and modular attacks blur the lines between Kelp, Space Pirates, and APT41. The solution—collaboration. Government agencies, the private sector, and researchers must swap indicators faster and automate threat detection deep in the trenches.

That’s it for this week’s episode of Dragon’s Code. Thanks for tuning in, listeners. Don’t forget to subscribe! This has been a quiet please production, for more check out quiet please dot ai.

For more Back to Episodes