This is your Red Alert: China's Daily Cyber Moves podcast.I’m Ting, and listeners, we’re going straight to battle stations.In the last 96 hours, the big red blinking light is a perfect storm of Chinese state-backed activity: Brickstorm inside US infrastructure, Warp Panda prowling VMware, and Chinese APTs pile‑driving the new React2Shell bug that just detonated across the JavaScript world.Timeline first, because I know you’re all running incident response playbooks in your heads.December 3: according to coverage of AWS threat intel and the AWS Security Blog, Chinese state‑nexus groups like Earth Lamia, Jackpot Panda, and UNC5174 start hammering the React2Shell vulnerability, CVE‑2025‑55182, within hours of disclosure. Tenable Research calls it a CVSS 10.0 remote code execution flaw in React Server Components, with over 77,000 internet‑exposed IPs vulnerable and about 23,700 of those in the United States. Palo Alto Networks reports more than 30 organizations already compromised, with Cobalt Strike, Snowlight, and Vshell lighting up victim networks.December 4: Google Threat Intelligence and CyberScoop‑covered briefings reveal a grim picture of long‑term Chinese espionage: Brickstorm malware quietly sitting inside US critical infrastructure and government networks since at least 2022, with an average dwell time of 393 days. CISA’s Nick Andersen says state actors are embedding “to enable long‑term access, disruption, and potential sabotage.” Austin Larsen from Google explains Brickstorm targets VMware vSphere and Windows, reinfects if removed, and tunnels laterally like it owns your data center.December 5: CISA, NSA, and the Canadian Centre for Cyber Security drop a joint advisory on Brickstorm, warning critical infrastructure operators that Chinese state‑sponsored actors are backdooring VMware vCenter and vSphere, often via a China‑linked group CrowdStrike tracks as Warp Panda. Homeland Security Today reports that dozens of US organizations are already affected, plus downstream victims that never saw the initial breach. Same day, CISA adds React2Shell to the Known Exploited Vulnerabilities catalog and orders US federal agencies to patch by December 26. Cloudflare rushes out an emergency WAF rule; BleepingComputer and others report the mitigation misfire briefly knocks out around a quarter of their HTTP traffic, reminding everyone that one bug plus one config push can ripple across half the internet.December 6–7: Shadowserver and GreyNoise see live exploitation traffic surge, including from Chinese infrastructure. Data Breaches Digest and security blogs flag React2Shell and Brickstorm together as the new “daily drivers” for China‑nexus operators going after government, healthcare, legal, manufacturing, and cloud‑heavy tech.So what does this mean, right now, for listeners defending US networks?If you run React, Next.js, or anything with React Server Components exposed to the internet, your priority zero is to patch CVE‑2025‑55182, verify with vendor‑specific guidance, and comb logs from December 3 onward for suspicious POSTs, unusual child processes, and new outbound connections. Assume credential theft and cloud pivoting; rotate keys, especially AWS IAM and Kubernetes tokens.If you run VMware vSphere or vCenter, especially in critical infrastructure, you need to pull the Brickstorm advisory from CISA, NSA, and the Canadian Centre for Cyber Security and hunt for their indicators of compromise: odd persistence mechanisms, covert tunnels from management networks, and malware that reappears after you think you’ve cleaned it. Segment vCenter from the internet like it’s plutonium, not a convenience portal.On the escalation ladder, here’s the uncomfortable scenario: Brickstorm stays hidden as a pre‑positioned capability while high‑tempo exploits like React2Shell give Chinese services fresh access and new credentials. In a geopolitical crisis, those quiet footholds could flip from espionage to disruption—power grid control planes, logistics hubs, or cloud identity providers all hit at once. Amazon has already warned, in separate reporting, about the trend of nation‑states blending cyber intrusions with kinetic targeting; this fits that playbook uncomfortably well.Defensively, listeners should move toward continuous attack surface management, mandatory egress filtering from management networks, and rehearsed “internet middleware failure” drills—because as the recent Cloudflare, AWS, and Azure outages show, when one big provider sneezes, your entire detection stack might catch a cold.I’m Ting, your slightly too‑caffeinated China‑and‑cyber nerd. Thanks for tuning in, and don’t forget to subscribe so you don’t miss the next Red Alert. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

Ver todos los episodios