This is your Red Alert: China's Daily Cyber Moves podcast.I’m Ting, and listeners, we’re on red alert.Over the past few days, Chinese cyber operators have shifted from quiet recon to live fire, and the bullseye is U.S. infrastructure and government-adjacent systems.Let’s roll the tape.Late November, according to Cisco Talos and CyberScoop, a China‑nexus group tracked as UAT‑9686 slipped into Cisco AsyncOS devices that power Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, abusing zero‑day CVE‑2025‑20393 to get full command execution and drop persistent backdoors. Cisco admits there’s still no patch, only hardening and workarounds. CISA and WaterISAC briefings warn that any U.S. org with exposed spam quarantine features is basically broadcasting “hack me” to Beijing.By December 10, Cisco’s internal teams realized this wasn’t lab noise; this was targeted exploitation of government and critical‑infrastructure adjacent networks, with non‑standard configs suggesting very specific U.S. victims. CISA followed with guidance pushing defenders to lock down internet‑facing management ports, disable unnecessary features, and comb logs for odd admin sessions and unexpected config changes.At almost the same time, The Hacker News and Western Illinois University’s cyber news feed highlighted a second track: China‑aligned clusters Ink Dragon, LongNosedGoblin, and friends ramping up espionage against governments in Europe and Asia using ShadowPad, FINALDRAFT, and clever abuse of Windows Group Policy. Those aren’t U.S. hits on paper, but for U.S. listeners they matter: same toolchains, same operators, same playbook that historically pivots into American government contractors and telecoms.Layer onto that the broader 2025 picture described by CrowdStrike and CRN: China‑linked groups like Salt Typhoon hammering U.S. telcos, a 136 percent spike in cloud intrusions, and Microsoft reporting Chinese campaigns against on‑prem SharePoint and VMware vSphere. That tells us today’s Cisco zero‑day spree is one piece of a long, methodical campaign to live inside U.S. networks before any geopolitical crisis.Now, escalation. Short term, if UAT‑9686 keeps control of email security appliances, they can silently strip or forge messages, exfiltrate sensitive traffic, and pivot deeper into internal systems. In a higher‑tension scenario—think South China Sea or Taiwan flashpoint—those backdoors become switches: disruption of government email, selective leaks, even support for sabotage against power and water utilities already on Chinese targeting lists, as CISA has warned in multiple PRC‑focused alerts.Defensive actions, right now: treat every Cisco Secure Email Gateway and Secure Email and Web Manager box as potentially hostile; isolate from the internet, review for unexpected admin users, strange cron jobs, and outbound connections to unfamiliar IPs; enforce rapid patching on ASUS Live Update and Sierra Wireless AirLink routers that CISA just added to the Known Exploited Vulnerabilities catalog; and assume your telemetry is incomplete—China’s specialty in 2025 has been hiding in devices you barely monitor.I’m Ting, thanks for tuning in, stay patched, stay paranoid, and don’t forget to subscribe.This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

Ver todos los episodios