China Owns Half of All US Tech Hacks Plus a 1.9 Billion Dollar Phishing Ring Just Got Busted

Volt Typhoon Goes Full Pre-War Mode: China's Hackers Camp Out in US Power Grids and Military Telecom

This is your China Hack Report: Daily US Tech Defense podcast. Hey listeners, Ting here, your friendly neighborhood China-cyber-obsessive, sliding straight into the latest China-linked hacking drama hitting US tech and defense in the last 24 hours. Let’s start with the big one: according to CNN and Reuters reporting over the weekend, US officials now say the Chinese state-backed group Volt Typhoon has quietly expanded its foothold in US critical infrastructure, especially power, ports, and communications tied to Pacific military bases. Microsoft’s threat intel team has been tracking Volt Typhoon for months, but new indicators show fresh implants on US telecom and energy networks, with tradecraft tuned for long-term disruption, not quick data theft. The White House and the Pentagon are treating this as pre‑positioning for potential conflict over Taiwan, not just routine espionage. CISA, the NSA, and the FBI pushed updated joint guidance on these China-nexus actors, urging US critical infrastructure operators to harden edge devices, rip out default credentials on routers and VPNs, and enable strict logging on PowerShell, WMI, and remote management tools that Volt Typhoon loves to live off the land with. They’re telling defenders to hunt for unusual command-line use on admin accounts and mysterious scheduled tasks instead of obvious malware, because this crew is allergic to noisy payloads. On the malware front, several security vendors, including CrowdStrike, Mandiant, and Palo Alto Networks’ Unit 42, reported new variants of custom backdoors associated with APT31 and APT41, both long‑linked to China’s Ministry of State Security. These variants are tuned for cloud environments—think Microsoft 365, Azure, and AWS—abusing OAuth apps and stolen tokens instead of dropping big binary payloads. The FBI has been warning that Microsoft 365 tenants are being hammered by phishing and consent-grant scams that are “not hacking software, they’re hacking trust,” targeting US government contractors, universities, and biotech firms. Hit sectors in the last day: US defense industrial base contractors, regional telecom providers that carry traffic for military installations, and at least one major US university doing dual‑use AI and quantum research. Several reports mention targeted spearphishing of senior engineers and program managers, often spoofing HR, legal, or travel vendors to deliver malicious links. Emergency patching: CISA added multiple network device and gateway vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting that China‑linked actors are actively exploiting older bugs in popular firewalls and VPNs. Organizations are being told to immediately patch or remove unsupported devices, disable unused VPN accounts, and enforce phishing‑resistant multifactor authentication for any remote access. Immediate defensive moves recommended by CISA, NSA, and FBI: implement zero trust principles on high-value networks, segment OT from IT in energy and transport, deploy endpoint detection and response with behavioral analytics, and rehearse incident response for destructive scenarios, not just data theft. They are especially stressing rapid isolation of suspicious hosts and continuous monitoring for data exfiltration to overseas VPS infrastructure. That’s your China Hack Report: Daily US Tech Defense download from Ting. Thanks for tuning in, stay patched, stay paranoid, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

China Owns Half of All US Tech Hacks Plus a 1.9 Billion Dollar Phishing Ring Just Got Busted

This is your China Hack Report: Daily US Tech Defense podcast. Hey listeners, Ting here with your China Hack Report: Daily US Tech Defense, and wow, the last 24 hours have been spicy on the wire. Let’s start with the headline problem: China‑linked crews are still hammering US critical infrastructure and tech, but the pattern is getting sharper. CrowdStrike, in a finding amplified by TechCrunch, says one country is responsible for almost half of hands‑on hacking targeting American tech companies, and that country is China. That means if you’re running cloud platforms, developer tooling, or AI infrastructure in the US, you are statistically deep in the blast radius. On the fresh‑malware front, US analysts tracking Volt Typhoon–style actors report new variants tuned for stealth in operational tech networks tied to power and water. Think living‑off‑the‑land binaries, scheduled tasks, and WMI abuse instead of noisy backdoors. Security Affairs, in coverage highlighted by Bob Bragg’s Daily Drop newsletter, notes US water utilities are again being probed with China‑linked tradecraft, blending phishing, stolen VPN creds, and old‑but‑unpatched edge devices. If your water district still has that “temporary” remote‑access box from 2020, this is your wake‑up call. Law enforcement is also playing offense. According to the Daily Drop write‑up of Operation Ghost Hook, US and partner agencies dismantled a China‑based phishing‑as‑a‑service platform tied to roughly 1.9 billion dollars in fraud targeting American users and businesses. That’s not just carders; that’s also credential harvesting for follow‑on intrusions into US enterprises, universities, and local government. Academia is still in the crosshairs. An Instagram report notes that Chinese national Xu Zewei was extradited to the US over alleged cyberattacks on US universities and COVID‑19 researchers, a reminder that higher‑ed networks remain prime hunting grounds for China’s intelligence‑aligned operators, especially where there’s biomedical IP and dual‑use AI research. On the defense side, CISA and the FBI have doubled down in the last day on three immediate actions for US networks they see China targeting. First, patch internet‑facing gear: VPNs, firewalls, and email gateways with any outstanding critical CVEs. Second, enforce phishing‑resistant MFA on all privileged accounts and remote access. Third, hunt for anomalous authentication—impossible travel logins, strange service accounts, and new admin users created at weird hours. For software shops and AI startups, CISA and NSA are again pushing secure‑by‑design guidance: stop shipping products with default credentials, turn on audit logging by default, and make it easy for customers to disable dangerous remote‑management features that China‑linked actors love to hijack. If you’re listening from a US tech, utility, or university network, your homework today: check your edge device patching, verify MFA coverage, and schedule a quick threat‑hunt for unexpected remote‑access tools and new admin accounts. That’s how you stay out of the breach reports I’ll be talking about tomorrow. Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next China Hack Report. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

Panda Party Crashing: How Five Chinese Hacking Crews Are Stealing Americas AI Secrets While We Sleep

This is your China Hack Report: Daily US Tech Defense podcast. This is Ting, your guide to China Hack Report: Daily US Tech Defense, and listeners, we’re diving straight into the last 24 hours of China-linked cyber mayhem aimed at US interests. The headline: according to a new CrowdStrike intelligence brief reported by the Washington Times, China-backed crews like Murky Panda, Mustang Panda, Overcast Panda, Sunrise Panda, and Warp Panda have turned the dial up on stealing advanced US artificial intelligence tech from cloud providers, chip designers, and defense-adjacent labs. CrowdStrike says Chinese operators now account for well over half of state‑sponsored targeted attacks on tech companies, with a sharp spike in intrusions that go after AI training data, model weights, and GPU cluster management consoles. On the malware front, researchers tied to this same wave of activity are flagging new loader variants tailored for US AI and SaaS environments: think stealthy PowerShell and Go-based loaders that only fully arm themselves once they confirm they’re sitting inside environments like NVIDIA GPU management nodes or Kubernetes clusters used for model training. Security teams at West Coast cloud providers reported beacons using Chinese VPS infrastructure and domain patterns consistent with the Mustang Panda and Overcast Panda playbooks. Sector-wise, the bullseye in the past day has been threefold: AI research and cloud, semiconductor and EDA tooling, and defense suppliers working on autonomy and targeting systems. According to analysis discussed around Mastercard’s Connections 2026 cyber sessions, the payments ecosystem is also under heightened scanning, with Chinese-linked reconnaissance probing API gateways and AI-driven fraud systems that sit inside major US banks’ environments. Parallel to the hacking, OpenAI’s latest threat research, amplified by Politico and Slashdot, called out China-linked operators running covert influence campaigns using ChatGPT to seed narratives about AI infrastructure costs and US technology policy. That isn’t just information war; it is recon data on which AI talking points resonate in Washington, and it dovetails neatly with the theft of underlying AI tech. In response, CISA and US sector risk management agencies have pushed emergency defensive guidance over the last day: lock down exposed admin interfaces on cloud AI clusters, enforce phishing-resistant multi-factor authentication for engineers with access to model repositories, and apply out-of-band patches to internet-facing VPNs and remote management tools that Chinese actors have historically loved to exploit. New advisories also stress tightening egress controls so these Panda crews can’t quietly exfiltrate training data to command-and-control servers parked in bulletproof hosting. Your near-term playbook, based on CISA best practice and New York’s Department of Financial Services guidance: harden identity, segment anything touching AI models or sensitive R&D, crank up logging on cloud consoles, and rehearse incident response assuming a China-linked actor already has one compromised credential in your environment. I’m Ting, thanking you for tuning in to China Hack Report: Daily US Tech Defense. Remember to subscribe so you don’t miss tomorrow’s threat rundown. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

China's AI Shopping Spree: How Beijing is Stealing Tomorrow's Tech While You're Still Patching Yesterday's Bugs

This is your China Hack Report: Daily US Tech Defense podcast. Ting here, and the last 24 hours of China-linked cyber activity are classic espionage with a modern AI twist: according to CrowdStrike as reported by IT Brief UK, technology firms remain the world’s most targeted sector, and China-linked adversaries accounted for more than 58% of state-sponsored targeted intrusions against that industry, with the big prize being AI research, software, and intellectual property[1]. That means the pressure point is not just data theft; it is the theft of the ingredients for tomorrow’s models, tools, and products[1]. What matters most for U.S. interests is the target mix. Tech is still the headline sector, but the ripple effect reaches defense contractors, cloud providers, and any company sitting on AI-adjacent secrets or sensitive source code[1]. In practical terms, that means listeners should think beyond the lab and look at the whole supply chain: identities, endpoints, code repositories, collaboration tools, and vendor access paths. Huntress’s summit takeaways line up with that reality, stressing identity resilience and endpoint integrity as the two pillars that keep incidents from becoming business-level disruption[2]. On the malware and intrusion side, the publicly available material in the last day is thinner than I’d like, so I want to be precise: the strongest recent signal is not a named new malware family in the results, but a sustained wave of targeted intrusions aimed at stealing AI secrets and exploiting weak identity and endpoint controls[1][2]. That aligns with the broader pattern of attackers using phishing, social engineering, and other human-focused tradecraft to get a foothold before they move laterally[5]. In other words, the malware may be the second act; the first act is often a stolen credential, a hijacked session, or a rushed click. For emergency patching and immediate defense, the most urgent guidance in the available results is blunt and familiar: patch immediately when exposed services are vulnerable, and do not assume “deployed” means “effective.” A recent warning tied to SolarWinds Serv-U described attackers exploiting a flaw to crash the file transfer service without authentication, with the clear instruction to patch immediately[13]. Even though that report is not China-specific, it is exactly the kind of edge-service weakness that state-linked operators love to chain into larger operations[13]. CISA’s practical playbook, reflected in the current summit guidance, is to harden identity posture, reduce overprivileged or unmanaged identities, validate endpoint controls, and improve detection and response so one compromise does not become a full-blown outage[2]. The defensive move list is short and sharp: prioritize exploitable exposure, review admin access, hunt for suspicious cloud and SaaS logins, isolate suspicious endpoints, and verify recovery steps before you need them in anger[2]. Think of it as closing the door, checking the locks, and then making sure the alarm actually works. Thanks for tuning in, subscribe for more, and this has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

China's Cyber Spies Ditch the Fireworks for Admin Badges and AI Poisoning

This is your China Hack Report: Daily US Tech Defense podcast. I’m Ting, and in the last 24 hours the China-linked cyber picture hitting U.S. interests has been less “movie-montage hack” and more “quiet, persistent, and very annoying.” The biggest theme is not one flashy breach but a cluster of activity around stealthy access, living-off-the-land tradecraft, and the kind of AI-enabled compromise Bob Bragg’s Daily Drop 1313 flags as increasingly relevant: AI agent compromise, memory poisoning, model backdoors, prompt injection, and autonomous offensive capability. That matters because it suggests operators are now blending classic intrusion with manipulation of the tools defenders trust most. According to Bob Bragg’s newsletter, the emphasis is on compromise of AI systems themselves, not just the networks around them.[1] For U.S. defenders, the most immediate practical warning is that attackers do not always need fresh malware to hurt you. Huntress’s analysis of living-off-the-land attacks explains that adversaries can hide inside legitimate tools and bypass security controls, which makes detection harder and response slower.[3] That is exactly the sort of technique that can pair well with China-linked espionage operations aimed at defense contractors, cloud environments, telecom, and critical infrastructure, because it lowers the noise while increasing dwell time. In other words, the threat is not just the “dragon,” it is the dragon wearing your admin badge. On the official-warning front, there was no single new CISA China-only emergency bulletin in the results I reviewed, but U.S. government security posture remains elevated across sensitive sectors, and embassy guidance in Jerusalem underscores the broader operational reality: organizations need fast communications, alternate sheltering or continuity plans, and updated contact procedures when regional tensions spike.[4] For cyber teams, that translates into the same discipline CISA repeatedly pushes in incident response: isolate affected systems, preserve logs, reset exposed credentials, and harden externally reachable services before the next probe lands. The defensive actions recommended by CISA-aligned practice right now are straightforward and urgent: patch internet-facing systems immediately, especially VPNs, email gateways, and identity providers; review for suspicious PowerShell, WMI, scheduled tasks, and other living-off-the-land activity; enforce phishing-resistant multifactor authentication; hunt for new or unusual API keys and service accounts; and monitor AI workflows for prompt injection, poisoned memory, or unauthorized model changes.[3] If your team uses agents or copilots, treat them like privileged users, because that is how attackers will treat them. So the headline for today is simple: the China-linked risk to U.S. interests is moving toward stealth, automation, and AI abuse, with less emphasis on noisy ransomware theater and more on quiet access that can survive routine defenses. Stay sharp, patch fast, and assume the tools you trust are now part of the attack surface. Thanks for tuning in, and please subscribe. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta