This is your Red Alert: China's Daily Cyber Moves podcast. Happy Red Alert Wednesday! Ting here, and if you’re tuning in today, let’s get straight to what’s got every cyber nerd on edge: China’s daily moves in the digital shadows. Trust me, it’s been a wild week. I’m talking layered attacks, stealthy persistence, and a timeline that reads more like a reboot of Mr. Robot. Let’s drop into real time: As of just this afternoon, Mandiant and Google Threat Intelligence Group have flagged “Brickstorm,” the new malware darling of a China-linked group called UNC5221. These folks have had stealthy, persistent access to US tech companies, cloud computing providers, and—get this—legal firms, for over a year in some cases. Picture your favorite tech company as a luxury apartment, and these hackers are living in the walls, siphoning off those high-value trade dispute secrets and intellectual property to fuel Beijing’s strategic ambitions. Makes you want to batten down your firewalls, right? Now, here’s the tactical twist: Microsoft and analysts at Breached Company are tracking “Silk Typhoon,” aka HAFNIUM, and their big move this year has been on the supply chain front. Instead of just busting in directly, these groups are exploiting credentials and zero-days in IT management products like Ivanti Pulse Connect VPN (that’s CVE-2025-0282 for you patch hounds), Palo Alto PAN-OS, and Citrix NetScaler. They worm in through your cloud providers and managed service providers, then pivot straight into downstream targets. The attackers are getting creative—using malicious OAuth apps, resetting admin accounts, and reusing dormant credentials. Think CISA and FBI sirens: if your org runs enterprise SaaS, VPNs, or Microsoft infrastructure, you could already be on their list. And if you’re wondering about that CISA/FBI emergency blast from midday, yes, confirmation: multiple US firms got advisories about possible supply chain compromise—specifically, persistent lateral movement and cloud credential abuse. The playbook includes deploying web shells like China Chopper for command execution, deleting logs to erase tracks, and using hacked routers and NAS devices worldwide as launch pads. Basically, if you haven’t checked for suspicious admin creation, service principal abuse, or sudden log disappearances today, Ting urges you to take a beat and do it—right now. What’s next? The scope for escalation is no joke. Mandiant says current Chinese groups outnumber FBI cyber personnel by staggering ratios and are highly active nationwide. If downstream critical infrastructure—energy, defense, even legal teams—doesn’t get ahead of this with rapid patching, segmentation, and continuous monitoring, these persistent campaigns could be staging points for ransomware, disruption ops, or even policy manipulation as trade tensions stay hot. Biggest defensive moves? Patch your VPNs, triple-check credential hygiene, lock down cloud permissions, watch for weird OAuth apps, and monitor all service provider connections. Oh, and if your networking gear’s been feeling “off,” time for a sweep. That wraps my speedrun for today’s Red Alert on China’s cyber maneuvers! Thanks for tuning in, and if you like a fun dose of serious security with a side of Ting, don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI