Beijing's Two Billion Dollar AI Breakup and Why Japan Should Be Very Nervous Right Now

LinkedIn Lures and Cloud Ghosts: Why Chinese Spies Are Sliding Into Your DMs With Fake Job Offers

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your Digital Dragon Watch, and the last week has been spicy in China cyber land, so let’s jack in. Let’s start with the fresh joint advisory from the FBI, MI5, and the governments of Australia, Canada, and New Zealand, as reported by TechCrunch. According to that advisory, Chinese intelligence officers are leaning hard on LinkedIn and other job platforms, masquerading as recruiters for fake overseas companies. They are targeting Western professionals with access to non‑public data, especially security‑cleared personnel, Indo‑Pacific military staff, defense contractors, journalists, academics, and think‑tank analysts. The vector isn’t malware; it’s psychology. The playbook is slow‑burn relationship building: flattery, “consulting” offers, and then the quiet ask for sensitive insights. The advisory amounts to a public warning shot from the Five Eyes, telling both government and private sector: treat unsolicited recruiter outreach as a potential intelligence operation, not a networking opportunity. While that’s happening in the open web, in the shadows we’ve got campaigns like Operation Dragon Weave, detailed by researchers at Hexnode. This one is a China‑linked espionage operation hitting organizations in the Czech Republic and Taiwan, especially government, public services, research, academia, tech, and financial services. The attackers kick things off with convincing spear‑phishing emails, often themed around things like Czech Social Security meetings, and pack ZIP attachments that drop Rust‑based malware dubbed Rustcloak. For command‑and‑control, they use an agent called Azureveil that hides traffic in Microsoft Azure Blob Storage, blending in with normal cloud noise. That’s classic “living in the cloud” tradecraft: no sketchy servers, just abusing trusted infrastructure. On the financially motivated side, threat‑intel from SOC Prime highlights a Chinese‑speaking group known as TA4922. They are running credential‑phishing campaigns using HR, payroll, tax, and invoicing lures to trick employees into surrendering login data. Their targets are broad across corporate environments, but the theme is consistent: weaponize everyday business paperwork to punch through the front door. So how are defenders responding? U.S. and allied agencies in the Five Eyes advisory push specific recommendations: verify recruiter identities through official channels, route any approach that touches on sensitive topics to security officers, and train staff that “side gigs” with unknown firms are a risk surface, not a perk. Cloud security experts analyzing Dragon Weave stress deeper inspection of traffic to services like Azure, strict identity and access controls, and threat hunting for odd patterns in Blob Storage use. Email security teams are doubling down on phishing‑resistant authentication, attachment sandboxing, and user reporting drills. And across the board, experts recommend continuous monitoring for living‑off‑the‑land behavior: trusted tools or platforms doing very untrusted things. I’ll leave you with this: the most dangerous exploit right now isn’t a zero‑day, it’s a zero‑skepticism professional on LinkedIn and a cloud tenant nobody’s watching closely. Thanks for tuning in, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

China's Cloudy with a Chance of Espionage: Azure Blobs, Rust Loaders, and Why Your LNK Files Need Therapy

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. I’m Ting, and this week’s China cyber weather report is a little stormy: the clearest fresh campaign is **Operation Dragon Weave**, a China-linked espionage operation that used LNK shortcut lures, a Rust loader, and Microsoft Azure Blob Storage as command-and-control to hit government personnel and researchers in **Taiwan** and **Czechia**. According to **SOC Prime**, the chain moved from a ZIP file to VBScript, PowerShell decryption, DLL sideloading, and a custom Rust loader that decrypted the final payload with RC4, Base64, and SM4, which is a very polished way to say “quietly very annoying.” The standout new attack vector is the abuse of **cloud storage as C2**, especially Azure Blob Storage, because it blends in with ordinary enterprise traffic and makes takedown harder. **SOC Prime** says the last-stage malware, called **AZUREVEIL**, communicates only through Azure Blob Storage and can execute Beacon Object File payloads in memory, which is the sort of detail defenders want before the coffee gets cold. The targeted sectors in this campaign are **government** and **research**, especially people handling sensitive regional policy, technical analysis, or cross-border intelligence. On the defensive side, the lesson is blunt: treat **LNK files, ZIP attachments, and script launch chains** as high-risk, especially when they trigger wscript, PowerShell, or unusual DLL sideloading. SOC Prime’s reporting implies defenders should hunt for multi-stage behavior, not just one malicious hash, because the attack survives by chaining normal-looking tools together. In practice, that means tightening endpoint rules, restricting script interpreters, watching for suspicious Azure storage access, and correlating file execution with network beacons. Now, zooming out to the broader China-related threat picture for the past week, the most important pattern is that espionage crews are increasingly using **living-off-the-land** techniques and cloud infrastructure to blend into legitimate traffic. That matters because the old “block the bad IP” playbook is not enough when the attacker is hiding inside Microsoft Azure or borrowing trusted Windows components. For official U.S. government response, the strongest directly relevant recent move in the available reporting is the White House’s new framework to **vet top AI models for national security risks**, which reflects Washington’s growing concern that advanced AI can amplify cyber operations, even if that order is not China-specific in the narrow sense. That kind of policy signal matters because cyber defenders are now worrying not only about malware, but about AI-assisted reconnaissance, phishing, and automation. Expert recommendations are consistent across the current threat landscape: reduce reliance on static indicators, monitor for **multi-step intrusion chains**, segment high-value research and government networks, and make sure cloud logs are actually being reviewed rather than admired from a distance. If I had to say it in one sentence, listeners: the new China cyber playbook is less smash-and-grab and more stealth, cloud, and patience. Thank you for tuning in, subscribe for more, and this has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

Living Off the Land: How China's Hackers Are Ghosting Your Defenses With Tools You Already Own

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. I’m Alexandra Reeves, and this is Digital Dragon Watch: your weekly China cyber alert. Over the past week, China-linked cyber activity has focused less on splashy ransomware and more on quiet persistence: data theft, infrastructure mapping, and testing of Western defenses. According to Verizon’s 2026 Data Breach Investigations Report, state‑affiliated actors linked to China remain heavily focused on credential theft and living‑off‑the‑land techniques. Instead of dropping obvious malware, intruders increasingly abuse built‑in tools like PowerShell, WMI, and remote management agents, which makes detection harder for overworked security teams. Verizon highlights that multi-factor fatigue attacks and token theft are now a preferred way in, especially against U.S. government contractors and managed service providers. In parallel, the European Parliament’s recent plenary session on EU cybersecurity and AI development underscored persistent concern about Chinese advanced persistent threat groups targeting European critical infrastructure, particularly energy, transportation, and telecoms. Lawmakers pointed directly to the risk that AI‑enhanced intrusion tools could supercharge campaigns resembling past operations like Volt Typhoon, which quietly probed U.S. power, ports, and pipelines. The nonprofit METR, in its Frontier Risk Report for February and March, notes something that should worry every listener: a large fraction of AI‑assisted agent activity at major tech firms wasn’t reviewed by any human. Combine that with China’s long‑running push for automated surveillance platforms like the Xueliang, or Bright Eyes, system described by NetAskari in Hebei’s Zhangjiakou region, and you get a clear trajectory: Beijing is building end‑to‑end, AI‑driven monitoring and exploitation capabilities, both at home and potentially abroad. On the policy front, Johns Hopkins University’s recent discussion of the Trump–Xi summit highlighted that while high‑level diplomacy may stabilize trade and military tensions, it is not slowing offensive cyber operations. U.S. officials continue to publicly attribute infrastructure intrusions to Chinese state actors and quietly pressure allies to harden 5G, satellite links, and subsea cable landing stations. So how do you defend against this evolving toolkit? Experts contributing to Verizon’s DBIR emphasize three moves. First, assume compromise and prioritize identity: enforce phishing‑resistant multi‑factor authentication, monitor for impossible travel and anomalous session tokens, and lock down admin accounts behind hardware keys. Second, focus on visibility for those living‑off‑the‑land behaviors: centralized logging, endpoint detection tuned to scripting engines, and strict application control in critical environments. Third, build resilience: segmentation for OT networks in power, manufacturing, and transport; tested incident response runbooks; and backups isolated from domain credentials. For organizations doing business in or with China, Hong Kong M&A analysts at China Briefing warn that data residency, AI governance, and exposure of internal networks to Chinese partners are now core cyber risk questions, not legal footnotes. If your deal team isn’t talking to your CISO, you are sleepwalking into trouble. That’s it for this week’s Digital Dragon Watch. Thanks for tuning in, and don’t forget to subscribe so you never miss an alert. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

Alexandra Reeves Spills Tea on China's AI Cyber Weapon and Beijing's Power Move That Killed a Zambian Tech Summit

This content was created in partnership and with the help of Artificial Intelligence AI.

Beijing's Two Billion Dollar AI Breakup and Why Japan Should Be Very Nervous Right Now

This content was created in partnership and with the help of Artificial Intelligence AI.