China's Invisible Hackers: Silently Squatting in US Grids and Factories!

This is your China Hack Report: Daily US Tech Defense podcast.This is Ting, serving you the China Hack Report: Daily US Tech Defense, and we have a spicy platter of cyber intrigue to unpack, so let’s jack straight in! All eyes have snapped to Salt Typhoon and Volt Typhoon, China-linked hacking collectives that are, according to FBI Deputy Assistant Director Jason Bilnoski, acting more like long-term squatters than smash-and-grab burglars. Instead of noisy malware, these pros use so-called “living off the land” tactics—think blending in by hijacking legit tools hiding in plain sight, making their operations nearly invisible. This past day, fresh warnings from CISA and the FBI emphasize: Hunt as if the attackers are already living in your network, because they likely are.Critical infrastructure is the bullseye. Rich Andres from the National War College spelled it out on FOX 5 DC: state-backed Chinese hackers are quietly burrowing into America’s power grids, water systems, and telecom backbones. What’s the endgame? To get so deep, so early, that if conflict erupts near Taiwan, they could knock US utilities offline, deterring any intervention. Yeah, you might want to keep bottled water handy. This is not just “spy games”—we’re talking real-world, multi-day outages as an actual possibility.Top of the zero-day charts this weekend is CVE-2025-5086, a nasty exploit in Dassault Systèmes DELMIA Apriso used in the manufacturing sector. CISA has thrown out an emergency bulletin demanding immediate patching—this bug lets hackers execute remote code, and intelligence suspects Chinese state actors are gleefully at the controls. The manufacturing and logistics sectors are squirming, and if your org runs Apriso, you need to verify those patches went in before lunch, no exceptions.Phishing fever’s also up—Okta Threat Intelligence has outed VoidProxy, a phishing-as-a-service toolkit that slices right through multi-factor authentication like a vibroblade through tofu. While leading indicators point toward operators from Morocco, the infrastructure and customer targeting mirror previous China-backed ploys, especially against Google and Microsoft accounts holding trade secrets. Both Okta and Google are urging passkey adoption because classic MFA is no longer enough to defend the digital castle gates.And just landing on the defensive radar, Akira ransomware is spiking again—this time hammering any SonicWall firewalls still unpatched for last year’s CVE-2024-40766. Rapid7 and the Australian Cyber Security Centre are echoing this: “Patch now, or prepare for ransom notes.” U.S. orgs, especially in finance and healthcare, are watching these exploits pop off and are scrambling to close yet another vulnerability window.Meanwhile, Congress is still haggling over new cyber reporting rules, so don’t wait for bureaucracy—enforce least-privilege, kill obsolete connections, and, by all means, rehearse your incident response plans with red-team attacks as if adversaries are already inside. Because frankly, they probably are.Thanks for tuning into the China Hack Report with Ting. Hit subscribe, and stay looped for the truth no firewall can block. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

There are no comments yet.

Please log in to write the first comment.