Chinese Cyber Shenanigans Galore: BRICKSTORM, SharePoint Hacks, and Record-Smashing Botnets Unleashed!

This is your China Hack Report: Daily US Tech Defense podcast.Hey listeners, Ting here—your go-to for truth bombs about China-linked cyber shenanigans! There’s no way around it: the past 24 hours in US tech defense have been absolutely turbocharged, so let’s jack in.First up, let’s talk about the headline-grabber: the ongoing BRICKSTORM espionage campaign, as spotlighted by Google’s Threat Intelligence and Mandiant teams. This isn’t your typical “script kiddies in hoodies” stuff. UNC5221, a top-tier Chinese APT actor, is laying down highly stealthy backdoors, targeting US tech giants and law firms. This malware’s superpower? Staying invisible—these intruders have lingered in enterprise systems on average for nearly 400 days before anyone even smells something fishy. And the goal is bigger than grabbing source code—they’re after zero-day vulnerabilities, laying groundwork for much broader access, possibly for strategic disruption if tensions with China ratchet up. Legal, SaaS, and core tech sectors: you’re in the crosshairs, my friends.But the plot thickens. Remember July’s SharePoint hack? That disaster is still echoing through the cyber halls of power. After three Chinese threat groups—Linen Typhoon, Violet Typhoon, and Storm-2603—exploited three nasty zero-days after Microsoft’s confidential notifications, more than 400 organizations, including the US National Nuclear Security Administration, found themselves on the wrong end of a multi-stage attack. The kicker: the attackers sidestepped both initial and post-patch protections, keeping their foothold even after Microsoft dropped emergency updates. CISA has been all over this, urging everyone to apply every available SharePoint patch, enable the Anti-malware Scan Interface, rotate your ASP.NET keys, and scan logs for weird POST requests to "/_layouts/15/ToolPane.aspx". And if your SharePoint server’s end-of-life—or you suspect it’s compromised—get it off the internet now.Across sectors, things are getting uncomfortably real. Oracle just threw a five-alarm fire with CVE-2025-61884—a critical, unauthenticated remote code execution vulnerability in E-Business Suite. No login needed, just point and exploit. Oracle urges immediate patching, because if you’re running EBS 12.2.3 through 12.2.14, you could lose sensitive internal data, or worse, give an intruder a golden ticket to your entire network. These kinds of ERP attacks are a feast for nation-state hackers who want a shortcut to America’s business underbelly.There’s also been a flurry of Cobalt Strike beacon traffic flagged on multiple US servers today—a sure tell that either preliminary access is being brokered or command-and-control persistence is being set up for future incursions.Meanwhile, Gladinet file-sharing servers are under siege by a zero-day, with no patch yet in sight. Since attackers can steal cryptographic keys and execute code, the immediate ask from security pros is to apply temporary mitigation steps, disconnect public-facing servers, and monitor for illicit API traffic.The botnet Aisuru, born in Asia but now powered by US-based hijacked IoT, just broke DDoS records—showing China-linked actors are colonizing our own infrastructure for their attacks. If you haven’t isolated those smart fridges, get a move on.Finally, in the past day, CISA issued a new warning on a fresh Windows local privilege escalation bug. Patch immediately, restrict unnecessary admin rights, and scrutinize all accounts logging in from abroad.Key takeaways: patch fast, check logs, rotate keys, and if your public-facing servers aren’t absolutely mission-critical, get them off the internet or behind strong access controls. China’s cyber playbook is evolving, so your defense has to keep up.Thanks for tuning in—don’t forget to subscribe for your daily shot of cyber reality from Ting. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

There are no comments yet.

Please log in to write the first comment.