September 17, 2025 • 3 mins
This is your Tech Shield: US vs China Updates podcast.
Hey listeners, Ting here with your weekly Tech Shield update, and wow, what a week it's been in the cyber warfare trenches between the US and China.
Let me dive right into the biggest story making waves - Chinese hacking group TA415 just pulled off something pretty audacious. These state-sponsored actors, who go by about six different aliases including APT41 and Brass Typhoon, decided to impersonate Congressman John Moolenaar, the Chair of the Select Committee on Strategic Competition between the US and Chinese Communist Party. Talk about bold moves.
Proofpoint caught them red-handed running spear-phishing campaigns throughout July and August, targeting US government agencies, think tanks, and academic organizations. But here's where it gets technically interesting - instead of deploying traditional malware, they're establishing Visual Studio Code remote tunnels for persistent access. It's like they're using legitimate developer tools to backdoor into systems. Quite clever, actually.
The phishing emails spoofed the US-China Business Council, inviting targets to closed-door briefings about Taiwan affairs. The infection chain involved password-protected archives on cloud services containing LNK files and hidden batch scripts. What caught my attention is their pivot to using legitimate services like Google Sheets, Google Calendar, and VS Code tunnels for command and control - blending malicious traffic with trusted services.
Meanwhile, the broader Salt Typhoon campaign continues wreaking havoc. The White House confirmed in December that these Chinese actors infiltrated at least nine US telecommunications companies, targeting critical infrastructure. CISA, NSA, and FBI issued a joint advisory with twelve international partners, highlighting how these Advanced Persistent Threat groups have been operating globally since 2021, exploiting router and firewall vulnerabilities.
What's particularly concerning is their focus on edge devices and peering connections for data exfiltration. The advisory emphasizes that partial defensive responses actually backfire - you alert the attackers without fully evicting them, allowing them to dig deeper and maintain access.
On the defensive front, agencies are pushing organizations to prioritize vulnerability patching proportionate to the threat level. They're recommending robust logging, secure routing, and coordinated incident response. The key insight here is that these APT actors are having considerable success using publicly known vulnerabilities - so patch management isn't just IT housekeeping anymore, it's national security.
Industry responses include enhanced threat hunting capabilities and better information sharing between private sector and government. However, experts note we're still fighting a networked adversary with hierarchical bureaucracy - there's a structural mismatch in how we're approaching this gray zone warfare.
The timing of these campaigns aligns perfectly with ongoing US-China trade negotiations, suggesting intelligence gathering objectives around economic policy trajectories.
Thanks for tuning in to this week's cyber battlefield briefing. Make sure to subscribe for more insider analysis on how nation-state actors are reshaping digital warfare. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here with your weekly Tech Shield update, and wow, what a week it's been in the cyber warfare trenches between the US and China.
Let me dive right into the biggest story making waves - Chinese hacking group TA415 just pulled off something pretty audacious. These state-sponsored actors, who go by about six different aliases including APT41 and Brass Typhoon, decided to impersonate Congressman John Moolenaar, the Chair of the Select Committee on Strategic Competition between the US and Chinese Communist Party. Talk about bold moves.
Proofpoint caught them red-handed running spear-phishing campaigns throughout July and August, targeting US government agencies, think tanks, and academic organizations. But here's where it gets technically interesting - instead of deploying traditional malware, they're establishing Visual Studio Code remote tunnels for persistent access. It's like they're using legitimate developer tools to backdoor into systems. Quite clever, actually.
The phishing emails spoofed the US-China Business Council, inviting targets to closed-door briefings about Taiwan affairs. The infection chain involved password-protected archives on cloud services containing LNK files and hidden batch scripts. What caught my attention is their pivot to using legitimate services like Google Sheets, Google Calendar, and VS Code tunnels for command and control - blending malicious traffic with trusted services.
Meanwhile, the broader Salt Typhoon campaign continues wreaking havoc. The White House confirmed in December that these Chinese actors infiltrated at least nine US telecommunications companies, targeting critical infrastructure. CISA, NSA, and FBI issued a joint advisory with twelve international partners, highlighting how these Advanced Persistent Threat groups have been operating globally since 2021, exploiting router and firewall vulnerabilities.
What's particularly concerning is their focus on edge devices and peering connections for data exfiltration. The advisory emphasizes that partial defensive responses actually backfire - you alert the attackers without fully evicting them, allowing them to dig deeper and maintain access.
On the defensive front, agencies are pushing organizations to prioritize vulnerability patching proportionate to the threat level. They're recommending robust logging, secure routing, and coordinated incident response. The key insight here is that these APT actors are having considerable success using publicly known vulnerabilities - so patch management isn't just IT housekeeping anymore, it's national security.
Industry responses include enhanced threat hunting capabilities and better information sharing between private sector and government. However, experts note we're still fighting a networked adversary with hierarchical bureaucracy - there's a structural mismatch in how we're approaching this gray zone warfare.
The timing of these campaigns aligns perfectly with ongoing US-China trade negotiations, suggesting intelligence gathering objectives around economic policy trajectories.
Thanks for tuning in to this week's cyber battlefield briefing. Make sure to subscribe for more insider analysis on how nation-state actors are reshaping digital warfare. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Hey listeners, ting here with your weekly tex Shield update,
and wow, what a week it's been in the cyber
warfare trenches between the US and China. Let me dive
right into the biggest story making waves. Chinese hacking group
TA four one five just pulled off something pretty audacious.
These state sponsored actors, who go by about six different
aliases including APT forty one and brass Typhoon, decided to
(00:24):
impersonate Congressman John Mulina, the chair of the Select Committee
of the Strategic Competition between the US and Chinese Communist Party,
talk about bold moves. Proofpoint caught them red handed running
spear fishing campaigns throughout July and August, targeting US government agencies,
think tanks, and academic organizations. But here's where it gets
(00:47):
technically interesting. Instead of deploying traditional malware, they're establishing visual
studio code remote tunnels for persistent access. It's like they're
using legitimate developer tools to backdoor into sisstems. Quite clever. Actually,
The phishing emails spoofed the U S China Business Council,
inviting targets to closed door briefings about Taiwan affairs. The
(01:11):
infection chain involved password protected archives on cloud services containing
LNK files and hidden batchscripts. What caught my attention is
their pivot to using legitimate services like Google sheets, Google Calendar,
and vs code tunnels for command and control, blanding malicious
(01:32):
traffic with trusted services. Meanwhile, the broader Salt Typhoon campaign
continues wreaking havoc. The White House confirmed in December that
these Chinese actors infiltrated at least nine US telecommunications companies
targeting critical infrastructure. SEIZA, NSA, and FBI issued a joint
(01:54):
advisory with twelve international partners highlighting how these advanced persis
distant threat groups have been operating globally since twenty twenty one,
exploiting router and firewall vulnerabilities. What's particularly concerning is their
focus on edge devices and peering connections for data exfiltration.
(02:16):
The advisory emphasizes that partial defensive responses actually backfire. You
alert the attackers without fully evicting them, allowing them to
dig deeper and maintain access. On the defensive front, agencies
are pushing organizations to prioritize vulnerability patching proportionate to the
threat level. They're recommending robust logging, secure routing and coordinated
(02:40):
incident response. The key insight here is that these APT
actors are having considerable success using publicly known vulnerabilities, so
patch management isn't just it housekeeping anymore. Its national security
industry responses include enhanced threat hunting capability and better information
(03:01):
sharing between private sector and government. However, expert's note, we're
still fighting a networked adversary with hierarchical bureaucracy. There's a
structural mismatch in how we're approaching this gray zone warfare.
The timing of these campaigns aligns perfectly with ongoing US
China trade negotiations, suggesting intelligence gathering objectives around economic policy trajectories.
(03:27):
Thanks for tuning in to this week's cyber battlefield briefing.
Make sure to subscribe for more insider analysis on how
nation state actors are reshaping digital warfare. This has been
a quiet please production. For more check out Quiet please
dot ai
Hey listeners, ting here with your weekly tex Shield update,
and wow, what a week it's been in the cyber
warfare trenches between the US and China. Let me dive
right into the biggest story making waves. Chinese hacking group
TA four one five just pulled off something pretty audacious.
These state sponsored actors, who go by about six different
aliases including APT forty one and brass Typhoon, decided to
(00:24):
impersonate Congressman John Mulina, the chair of the Select Committee
of the Strategic Competition between the US and Chinese Communist Party,
talk about bold moves. Proofpoint caught them red handed running
spear fishing campaigns throughout July and August, targeting US government agencies,
think tanks, and academic organizations. But here's where it gets
(00:47):
technically interesting. Instead of deploying traditional malware, they're establishing visual
studio code remote tunnels for persistent access. It's like they're
using legitimate developer tools to backdoor into sisstems. Quite clever. Actually,
The phishing emails spoofed the U S China Business Council,
inviting targets to closed door briefings about Taiwan affairs. The
(01:11):
infection chain involved password protected archives on cloud services containing
LNK files and hidden batchscripts. What caught my attention is
their pivot to using legitimate services like Google sheets, Google Calendar,
and vs code tunnels for command and control, blanding malicious
(01:32):
traffic with trusted services. Meanwhile, the broader Salt Typhoon campaign
continues wreaking havoc. The White House confirmed in December that
these Chinese actors infiltrated at least nine US telecommunications companies
targeting critical infrastructure. SEIZA, NSA, and FBI issued a joint
(01:54):
advisory with twelve international partners highlighting how these advanced persis
distant threat groups have been operating globally since twenty twenty one,
exploiting router and firewall vulnerabilities. What's particularly concerning is their
focus on edge devices and peering connections for data exfiltration.
(02:16):
The advisory emphasizes that partial defensive responses actually backfire. You
alert the attackers without fully evicting them, allowing them to
dig deeper and maintain access. On the defensive front, agencies
are pushing organizations to prioritize vulnerability patching proportionate to the
threat level. They're recommending robust logging, secure routing and coordinated
(02:40):
incident response. The key insight here is that these APT
actors are having considerable success using publicly known vulnerabilities, so
patch management isn't just it housekeeping anymore. Its national security
industry responses include enhanced threat hunting capability and better information
(03:01):
sharing between private sector and government. However, expert's note, we're
still fighting a networked adversary with hierarchical bureaucracy. There's a
structural mismatch in how we're approaching this gray zone warfare.
The timing of these campaigns aligns perfectly with ongoing US
China trade negotiations, suggesting intelligence gathering objectives around economic policy trajectories.
(03:27):
Thanks for tuning in to this week's cyber battlefield briefing.
Make sure to subscribe for more insider analysis on how
nation state actors are reshaping digital warfare. This has been
a quiet please production. For more check out Quiet please
dot ai
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.