Cisco's Zero-Day Holiday Gifts from China & LongNosedGoblin's Sneaky Backdoor Adventures

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.Hey listeners, Ting here with Digital Dragon Watch, your weekly China cyber alert hot off the presses for the past seven days ending December 22, 2025. Buckle up, because Beijing's hackers are dropping zero-days like holiday gifts nobody wants.First off, Chinese state-linked crew UAT-9686 just lit up Cisco's Email Security Appliances with a nasty zero-day, CVE-2025-20393, in AsyncOS software. Cisco's own advisory confirms they've been exploiting it since November for root access, no auth needed, dropping malware like ReverseSSH, aka AquaTunnel, Chisel, AquaPurge, and the sneaky AquaShell backdoor. Targets? Exposed management interfaces in finance, healthcare, and government sectors—think sensitive comms ripe for espionage. No patch yet, so Cisco's yelling to disable Spam Quarantine and isolate those boxes pronto.Meanwhile, the fresh-faced LongNosedGoblin, a China-aligned APT, is prowling government networks in Southeast Asia and Japan. Cyware Social reports they're abusing Group Policy for malware deployment via their NosyDoor backdoor, active since at least September 2023. Sneaky initial access unknown, but they're chaining cloud services for command-and-control. Over in Europe, Ink Dragon—another China nexus—expanded into government environments, per Innovate Cybersecurity, hopping compromised servers for deeper digs.New attack vectors? Picture this: whispered commands hijacking robot armies, as South China Morning Post detailed Chinese researchers demoing a one-word vuln in humanoid bots that spies could whisper to seize control. And don't sleep on Fire Ant's campaign hitting VMware and network infra, noted in SDX Central's top 2025 stories.US gov's firing back hard. The Justice Department indicted 12 Chinese hackers tied to Ministry of State Security units for global intrusions into aerospace, labs, defense contractors, and even journalists, according to CybelAngel. CISA's piling on, adding vulns like those in Fortinet to their KEV catalog—over 25,000 FortiCloud SSO devices exposed via CVE-2025-59718 and CVE-2025-59719 for SAML admin takeovers. They're pushing quantum-resistant crypto in the upcoming national strategy, but Senate adjourned without confirming CISA's director, leaving some limbo as Nextgov reports.Targeted sectors scream critical infrastructure: networks, email gateways, virtualization, even industrial edges. Defensive measures? Experts at The Hacker News urge auditing Cisco configs, rotating creds post-RCE, and segmenting edge devices. WebProNews echoes: implement workarounds now, like isolating internet-facing gear. For you pros, prioritize KEV patches, hunt for AquaShell persistence, and train on Group Policy abuse. Oh, and China's tightening their own Cybersecurity Law, hiking fines to 10 million CNY for critical infra slip-ups, per RP Lawyers—ironic, right?Stay sharp, rotate those secrets, and layer up with network redundancy. Beijing's not slowing; neither should you.Thanks for tuning in, listeners—subscribe for more dragon slaying tips! This has been a Quiet Please production, for more check out quietplease.ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

There are no comments yet.

Please log in to write the first comment.