This is your Red Alert: China's Daily Cyber Moves podcast.

Listeners, it’s Ting with your Red Alert: China's Daily Cyber Moves—grab your cyber-coffee, let’s break down the wild ride of the past few days. If you thought October was going to quietly fade, wrong again. Let’s start with the big one: just yesterday, US steel sector darling Metal Pros announced it was hit by the Play ransomware group. Ransomware, not strictly Chinese, but here’s the twist—the initial access looks eerily similar to methods flagged in China-linked campaigns this year: think spear-phishing, exploiting unpatched servers, and—my favorite—credential stuffing straight off dark web dumps. Play’s threat to leak sensitive data puts critical US supply chains in direct harm's way and the CISA/FBI rushed emergency guidelines overnight, urging all manufacturers (not just Metal Pros’ competitors) to rip off the dusty covers and patch their public-facing systems, especially VPNs and remote management tools.

Meanwhile, in Beijing, cyber-spies from the notorious Earth Estries group—yes, those ‘persistent,’ ‘adaptable’ characters tied to Chinese state espionage—leveled up their US game again. Security experts at Brandefense are alarmed at their creative persistence tricks: Earth Estries moved beyond web shells, now slipping custom malware and leveraging DNS tunneling for covert command and control. Just this past week, their phishing lures mimicked federal research grant notifications—nothing like dangling a few million dollars in front of a scientist to get them to open a malicious attachment. The kicker? They’re no longer satisfied scooping classified documents from government inboxes, but now sniffing around US nanotech and AI startup secrets. According to sector insiders, Earth Estries’ new campaign compromised at least three research institutions through unpatched application flaws, forcing IT admins nationwide to do emergency audit drills and hunt for “living-off-the-land” techniques—those attacks using ordinary system tools to blend in.

CISA responded with a new AI-driven threat hunting playbook, taking a page from former chief Jen Easterly’s not-so-gloomy prophecy. She said this week that bad code—not hacking wizardry—is the real enabler. The People’s Liberation Army isn’t wielding strange zero-days; they’re using twenty-year-old exploits in routers and network hardware to prep for future escalations. According to her, the best defense is software built secure by design and universal adoption of memory-safe languages. She's pushing the White House’s AI Action Plan, too, mandating future federal purchases to meet security-by-default standards.

Across the pond, thirty-six hours ago, a massive smishing campaign leveraging 194,000 lookalike domains targeted US business execs and defense partners. It’s not a scattershot attack—China-linked actors are sending perfectly-crafted texts mimicking corporate communications, luring victims to credential-harvesting pages.

So here’s your defensive action rundown: Patch everything touching the internet yesterday. Audit for weird scheduled tasks, new admin users, and sneaky persistent connections, especially outbound DNS traffic. Run phishing simulations—Earth Estries loves exploiting that one overconfident click. And for any execs or researchers out there, triple-check those “urgent” emails and SMS. If it feels too good to be true, assume it's bait from Shanghai.

Potential escalation? Security folks worry that with ongoing US export controls and chip maker drama—remember the Nexperia standoff in Europe—cyber tit-for-tat is about to get nastier. Each attack probes US resilience, showing Beijing how and where critical infrastructure bends but doesn’t break. But if a campaign like the recent Metal Pros breach had hit something like the US energy grid, CISA would likely issue a Shield Up alert and emergency conference calls would light up DC.

That’s...