This is your Tech Shield: US vs China Updates podcast.Hey listeners, Ting here—your witty, sleep-deprived cyber sage. No time for intros; this week’s US vs China cyber updates are hotter than a freshly microwaved dumpling, and trust me, you want to bite right in.Let’s start with **Salt Typhoon**, China’s notorious hacking crew. Remember that Microsoft SharePoint vulnerability, CVE-2025-53770? Microsoft finally patched it in July, but Chinese actors—Salt Typhoon and pals like Linen Typhoon (aka Emissary Panda) and Violet Typhoon (aka Judgment Panda)—got there first, compromising over 400 organizations including the US Energy Department. According to Symantec and Carbon Black, these attacks used zero-days and dropped nifty malware like Zingdoor and KrustyLoader, slipping deep into networks and making off with sensitive data. And yes, universities, finance firms, and two South American government agencies joined the victim parade[The Register, October 22].As if one typhoon isn’t enough, Trend Micro flagged a new era of **collaborative hacking** among China-aligned APT groups. Earth Estries and Earth Naga unveiled a pass-the-hack model called “Premier Pass-as-a-Service,” trading shell access and expertise like teenagers swapping game cheats. Their campaign struck major telecom providers across APAC and even NATO member countries, exploiting everything from Citrix edge devices to Cisco routers. Security pros now have whiplash tracking who’s in their network: it’s no longer just one bad guy, it’s an APT family reunion[Trend Micro, October 2025].So how are the Americans responding? A lot of patching, for starters. The **Cybersecurity and Infrastructure Security Agency (CISA)** is playing incident-response whack-a-mole and sharing critical IOC data faster than ever, but analysts like Senator Angus King warn that tech is outpacing defense. Cuts to cyber diplomacy and science programs, plus empty seats at key agencies, are sapping federal momentum. The Trump administration’s budget slashing hasn't helped—State Department cyber teams are stretched thin, the Office of the National Cyber Director (ONCD) lacks real authority, and the US is lagging in cyber talent[Cyberscoop, October 22].Here’s what’s new in the defense tech arsenal: the **Department of Treasury’s OFAC** is widening its Cyber-Related Sanctions Program, slapping penalties on Chinese companies like Sichuan Juxinhe and Shanghai Heiying who act as brokers for stolen data. The Commerce Department is leveraging Executive Order 13984 to block access to US-based internet infrastructure—especially virtual private servers hijacked for attack launches. And yes, there are new government advisories warning telecoms and critical industries to strengthen defenses and tighten remote access controls[Lawfare Media, October 22].On the **industry side**, companies are rushing to patch not just SharePoint but also Citrix and Ivanti products, with Redmond setting the pace and security firms racing to keep up. But the rush to patch is reactive, not proactive—these zero-days get exploited first, fixed later. Not exactly comforting.Now for expert commentary—the fun part. The good news: the US has finally embraced offensive cyber operations to raise the cost for Chinese intrusions, signaling “hack us, get smacked back.” The bad? There’s still no consistent US policy on when to retaliate and how hard—the ambiguity lets threat actors operate with minimal fear. Cross-agency coordination is improving but splintered authorities and funding gaps mean cyber defense is still a work in progress.As for technology, the **rise of coordinated APT alliances** from China means defenders must rethink their playbooks: it’s not just the lone panda pawing at the firewall; it’s an entire menagerie rotating TTPs and digital infrastructure. Detection’s harder, attribution’s murkier, and every patch is already a step behind.So, listeners, the key developments: more advanced hacks, coordinated threat alliances, frantic patches, new sanctions, rushed advisories, and pressure to modernize US cyber defenses—all while government machinery creaks and cyber diplomacy limps. The arms race is real, and it’s being fought at machine speed.Thanks for tuning in. Don’t forget to subscribe for your next delicious helping of cyber intrigue! This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

Ver todos los episodios