China's Hacking Heyday: UAT-8099's Wild Ride as US Defenses Crumble

This is your China Hack Report: Daily US Tech Defense podcast.Listeners, it’s Ting here—and trust me, today’s China Hack Report is one for the history books. Let’s jump in. In just the last 24 hours, U.S. cyber defenses got hammered on several fronts, and some of it ties directly to Chinese-linked actors ramping up their game. The biggest headline: Chinese-speaking cyber group UAT-8099 has been hijacking high-value Microsoft IIS servers—think the backbone for business operations. Cisco Talos detailed yesterday how these crooks slipped web shells onto trusted servers, escalated privileges, and used open-source tools like SoftEther VPN to tunnel deep, plant persistent access, and install the sneaky BadIIS malware. These BadIIS variants morph their code structures just enough to slip by your average antivirus, letting attackers quietly control university and telecom networks all the way from India to Brazil, with a strong focus on mobile users—yes, iPhone and Android folks are squarely in the crosshairs according to Cisco.And if you’re thinking, “That sounds bad, Ting, but surely federal guidance is coordinated”—sorry to shatter that illusion. The Cybersecurity Information Sharing Act, yes, the CISA 2015 that glues together public-private partnerships for reporting threats in real time, expired this week thanks to good old U.S. gridlock. According to a WilmerHale alert and repeated pleas from the Protecting America’s Cyber Networks Coalition, this dramatically shrinks information sharing across industries, making it the perfect moment for international actors to swoop in. I’d say attackers probably threw a little party.Meanwhile, CISA itself, the U.S. Cybersecurity and Infrastructure Security Agency, is fighting to keep up while reportedly understaffed and racing to contain the surge in vulnerability exploits. They fired off an emergency directive specifically warning organizations to urgently patch Cisco IOS and IOS XE devices, after threat actor activity spiked targeting those platforms. WaterISAC echoed this, telling water infrastructure firms: patch your Cisco gear, review configurations, and watch for signs of compromise—immediately.Let’s talk malware: Broadcom fixed six VMware bugs, including a zero-day (CVE-2025-41244) actively exploited since last year by China-linked group UNC5174. If you run VMware Aria Operations or Tools, you need that emergency patch five days ago. And mobile defense hasn’t gotten easier—industry sources like Comparitech note that phishing and ransomware surged 40% across U.S. businesses, with manufacturing and tech firms—Collins Aerospace in particular—suffering major disruptions. China also rolled out a one-hour incident reporting rule for major cyber events, highlighting just how aggressive and nimble their response is compared to the long, bureaucratic slog in the U.S. If only we could borrow just a little of that speed—right, listeners?So, here’s your Ting-approved action plan: patch your Cisco and VMware gear today, double-check privilege escalations on IIS or anything facing the web, boost monitoring for web shell activity, and—until Congress stops their time-out—get creative about sharing threat intel with your partners. We’re at Cybersecurity Awareness Month, after all, and the name of the game right now is relentless vigilance.Thanks for tuning in to the China Hack Report—don’t forget to subscribe if you want the inside scoop and laughs to go with your daily doom scroll. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

There are no comments yet.

Please log in to write the first comment.