ShadowPad 20 Strikes US Defense Contractors as Chinese Hackers Go After F-35 Secrets and Power Grids

China's Ghost Malware is Haunting US Networks and Your Router Might Already Be Compromised

This is your China Hack Report: Daily US Tech Defense podcast. Hey listeners, Ting here with your China Hack Report: Daily US Tech Defense. Let’s jack straight into the last 24 hours. Overnight, multiple security teams tracking China‑nexus groups like Volt Typhoon, APT41, and Camaro Dragon flagged fresh activity aimed at US critical infrastructure and cloud environments. Analysts say the main theme is persistence: staying hidden in routers, VPNs, and identity systems so they can be activated in a crisis. One big headline: several researchers reported a new malware variant circulating in US enterprise networks that heavily resembles previous Volt Typhoon tooling. It’s a living‑off‑the‑land style implant that avoids traditional malware signatures by using built‑in Windows tools, scheduled tasks, and compromised admin accounts instead of obvious binaries. Think of it as a ghost that moves through your SIEM logs instead of your antivirus screen. Defenders also spotted China‑linked operators targeting US defense contractors and satellite communications, allegedly by abusing compromised Microsoft 365 and Azure accounts. The playbook is classic: password spraying, MFA fatigue, then quiet data exfiltration into cloud storage that looks like normal user behavior. Identity has become the new perimeter, and it is leaking. On the telecom and infrastructure side, network monitoring teams reported renewed scanning against SOHO routers and edge devices in US regional ISPs and energy‑adjacent networks. The goal is still pre‑positioning: get a foothold in power, water, and transport environments so disruption is an option if geopolitics go sideways around Taiwan or the South China Sea. Now, what about patches? Several major vendors in the last day pushed emergency or high‑priority updates that defenders widely believe are being eyed by China‑linked actors. That includes critical fixes for VPN appliances, enterprise firewalls, and identity federation software. Anywhere you see “remote code execution” or “authentication bypass” in a perimeter product, assume it is already on someone’s exploitation list in Guangzhou or Chengdu. CISA, working with the FBI and NSA, continues to hammer the same immediate actions. First, apply vendor patches on edge devices within 24 hours when feasible, especially VPNs, firewalls, and email gateways. Second, enforce phishing‑resistant MFA for all admin and remote access accounts and ruthlessly remove stale accounts and unused service principals. Third, turn on detailed logging for identity providers, VPNs, and PowerShell, then stream that into something you actually look at. CISA and US Cyber Command are also telling defenders to hunt specifically for unusual use of utilities like PowerShell, WMI, and certutil, unexpected VPN logins from residential IPs in Asia, and weird configurations on routers and switches that could indicate long‑term persistence. If your organization touches critical infrastructure, assume you are a target, not an exception. Here’s your Ting‑level takeaway: patch the edge, lock the identity layer, and hunt for quiet, low‑and‑slow activity. China‑linked operators are playing the long game. Your job is to make your network a terrible investment. Thanks for tuning in, listeners, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

Beijing's Backdoor Bonanza: Azureveil Hits Euro Targets While US Telecom Burns and Bots Learn to Act Human

This is your China Hack Report: Daily US Tech Defense podcast. Hey listeners, Ting here with your “China Hack Report: Daily US Tech Defense,” so let’s jack straight into what Beijing’s crews have been up to in the last 24 hours. According to Dark Reading, threat intel teams are still dissecting a China‑linked campaign built around a dual‑layer spear‑phishing play that drops a custom backdoor called Azureveil against government and research targets in Europe and Asia, and US analysts are flagging the tooling as highly reusable against American think tanks and defense contractors. Dark Reading notes the operators are pairing Azureveil with a loader that hides in cloud services, which is exactly the kind of infrastructure Chinese groups like APT31 and APT40 love to repurpose against US networks once the playbook is tested abroad. Several US telecom and cloud providers have spent the last day pushing emergency hardening guidance after multiple incidents tied to suspected Chinese intrusion sets targeting backbone routing gear and 5G management platforms. Cybersecurity Dive reports that these are the same broad campaigns that helped push the White House and the Department of Homeland Security to lean on carriers about “prohibited technologies” in their networks, especially equipment with supply‑chain ties back to the PRC. On the malware side, US threat hunters are tracking fresh variants of China‑style, living‑off‑the‑land toolchains that abuse built‑in admin utilities instead of dropping big noisy binaries. Radware’s bot researchers describe how modern bots now mimic real users across residential IPs, browser fingerprints, and API calls, turning credential stuffing and reconnaissance into something that looks like normal traffic. That’s a perfect fit for Chinese credential‑harvesting ops against US financial services, cloud admin portals, and single sign‑on gateways. Sector‑wise, the last day has been roughest for three areas: critical infrastructure, research, and telecom. The McCrary Institute’s work on “defending America’s lifelines” highlights how utilities and pipeline operators are being hammered with increasingly sophisticated probes from foreign adversaries, and China remains at the top of that risk list for industrial control systems. At the same time, Cybersecurity Insiders is amplifying warnings about China‑linked targeting of US universities and startups sitting on AI, quantum, and semiconductor research that Beijing’s Five‑Year Plans desperately want. In Washington, the policy response is trying to keep pace. Cybersecurity Dive and the White House detail a new executive order on advanced AI security that gives DHS, Treasury, NIST, and the new US Tech Force a bigger role in locking down AI models and using AI to triage the “tidal wave” of vulnerabilities being exploited by foreign hackers, with China specifically called out as a strategic cyber adversary. So what are the immediate defensive moves you should take, channeling CISA’s usual playbook even before the next binding operational directive lands? Patch internet‑facing gear ruthlessly, especially VPNs, firewalls, and email gateways. Turn on phishing‑resistant multi‑factor authentication everywhere that matters. Put rate‑limits, bot‑detection, and anomaly scoring in front of your login pages to blunt those human‑like bots Radware describes. For critical infrastructure listeners, map every externally reachable OT and management interface and get them off the open internet now. And for the executives in the back: fund logging and monitoring so your security team can actually see when an Azureveil‑style backdoor starts calling home. I’m Ting, and that’s your China Hack Report: Daily US Tech Defense. Thanks for tuning in, and don’t forget to subscribe so you don’t miss tomorrow’s briefing. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

China's AI Malware Goes Speed Dating with US Healthcare While CISA Screams Patch Faster People

This is your China Hack Report: Daily US Tech Defense podcast. I’m Alexandra Reeves, and this is your China Hack Report for Daily US Tech Defense. Over the last twenty‑four hours, US defenders have been tracking a sharp uptick in China‑linked activity against critical tech and healthcare infrastructure, with a heavy assist from advanced AI tooling. The EU Parliament’s recent warning that AI models can now “hack any system on a large scale and with the speed of light,” in their plenary debate on cybersecurity and preparedness, is playing out in real time on US networks. Threat intel teams report a new malware strain being folded into existing Chinese tradecraft, behaving like an AI‑assisted upgrade to earlier Volt Typhoon and APT41 toolsets. Reverse engineers describe it as modular and “goal‑seeking”: once it lands on a Windows or Linux server, it dynamically scripts credential theft and lateral movement based on local configs instead of relying on static playbooks. That adaptability is making it particularly effective against US cloud‑hosted dev environments and hybrid data centers. According to analysis highlighted in Verizon’s latest Data Breach Investigations Report, most of the China‑linked incidents in the last day still start with familiar actions—hacking, malware, and social engineering—but the execution is faster and more precisely targeted. Ransomware crews described in CXOToday’s look at the “LLM effect” are now mimicking Chinese state‑style reconnaissance, scraping US corporate org charts, LinkedIn profiles, and code repos to craft spear‑phish that look like legitimate build alerts or incident tickets. Healthcare moved back into the crosshairs, echoing the Medtronic breach covered by Kavout’s breakdown of the ShinyHunters cyberattack. US medical device makers and hospital groups saw fresh credential‑stuffing waves overnight, aimed at clinical portals and research data linked to AI‑driven diagnostics. None of these have reached the scale of that Medtronic incident, but network telemetry shows similar infrastructure and overlapping operators. CISA and sector‑specific agencies are pushing immediate defensive actions. On emergency briefings with CISOs—mirroring the governance and risk urgency Adaptive Security wrote about for 2026—CISA is emphasizing three moves: first, patch newly disclosed remote‑code‑execution bugs in internet‑facing VPNs, load balancers, and collaboration suites within twenty‑four hours, not the usual patch‑Tuesday cadence. Second, enforce phishing‑resistant multifactor authentication on admin accounts, including cloud consoles and CI/CD pipelines. Third, deploy strict egress controls and DNS logging so AI‑driven malware can’t freely call out to command servers or novel domain‑generated infrastructure. For software teams, CISA and US‑CERT are advising rapid review of build systems under the “assume breach” mindset: lock down access tokens, sign builds, and monitor for unapproved script execution inside runners. Critical infrastructure operators—especially energy, transportation, and healthcare—are being urged to rehearse manual fallback procedures in case Chinese operators pivot from pure espionage to disruption. As AI‑enabled intrusion tooling spreads, the balance tilts toward whoever can automate defense fastest. For listeners in leadership roles, that means treating security operations, patch management, and tabletop exercises as board‑level priorities, not back‑office chores. Thanks for tuning in, and don’t forget to subscribe for the next China Hack Report. This has been a Quiet Please production, for more check out quietplease dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta

ShadowClaw Strikes Silicon Valley: China's Sneakiest Grid Hack Yet and Why Your Power Company is Freaking Out

This content was created in partnership and with the help of Artificial Intelligence AI.

China's Telecom Heist: How UNC3886 Snatched Your Call Records and What They're Doing With Them Now

This content was created in partnership and with the help of Artificial Intelligence AI.