Dragon's Code: America Under Cyber Siege

Inception Point Ai
  • 5.0 (1)
  • TECHNOLOGY
  • UPDATED WEEKLY

This is your Dragon's Code: America Under Cyber Siege podcast. Dragon's Code: America Under Cyber Siege is your go-to podcast for detailed analysis of the week's most sophisticated Chinese cyber operations targeting US infrastructure. Stay updated with expert insights into attack methodologies, affected systems, and compelling attribution evidence. Discover the defensive measures implemented and lessons learned from each incident. Featuring interviews with leading cybersecurity experts and government officials, Dragon's Code delivers essential information for anyone interested in the evolving landscape of cyber warfare and national security. Tune in regularly for in-depth discussions that keep you informed and prepared. For more info go to https://www.quietplease.ai Check out these deals https://amzn.to/48MZPjs

  1. 1D AGO

    China's Cyber Claws: Hacking, Espionage, and the Battle for Digital Dominance

    This is your Dragon's Code: America Under Cyber Siege podcast. Hey there, folks It's Ting here, and I'm about to dive into the wild world of cyber warfare, specifically how China's been throwing its weight around in the digital realm. Let's start with the big picture: China's been beefing up its cybersecurity regulations, requiring major infrastructure providers to report serious cyber incidents within an hour—way faster than the US or EU. This isn't just about compliance; it's about control. In the meantime, Chinese state-sponsored hackers like Salt Typhoon have been targeting global telecommunication infrastructure since at least 2019. They exploit network edge devices, using bespoke malware and stealthy firmware implants to collect sensitive data. From AT&T to the British government, no one's been spared. According to Palo Alto Networks, another group, Phantom Taurus, has been targeting government and telecommunications organizations for espionage, focusing on diplomatic communications and defense-related intelligence. Experts like those at Unit 42 say these groups are highly sophisticated, using shared operational infrastructure that's hard to trace. But there's a silver lining: monitoring passive DNS and registrar telemetry can help spot emerging campaigns. As cybersecurity expert Michael Kratsios noted, forming regulations that support innovation while securing networks is key. The US has started to fight back with stronger regulations and AI-focused defense measures. Sen. Ted Cruz recently introduced the SANDBOX Act to spur AI innovation and competition with China. Meanwhile, the FCC is revoking recognition from Chinese government-controlled labs to protect US national security. That's a wrap for today, folks Thanks for tuning in to this episode of Dragon's Code: America Under Cyber Siege. Be sure to subscribe for more updates on the ever-changing world of cyber warfare. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI

    2 min

  2. 3D AGO

    Cyber Ninjas Unleashed: Inside the US-China Hacker Showdown

    This is your Dragon's Code: America Under Cyber Siege podcast. I'm Ting and the dragons are circling, folks! Welcome to Dragon’s Code: America Under Cyber Siege. You want the inside scoop on this week’s wild cyber cat-and-mouse between the US and China? Strap in. Over the past few days, the US cyber landscape has been a live-action thriller. Most of the excitement centered around a wave of attacks exploiting *not one, not two, but three brand-new Cisco zero-day vulnerabilities*. The threat actors? All reputable sources are pointing at sophisticated China-linked collectives, notably the group Cisco dubs ArcaneDoor. For those of you tracking names, Microsoft tracks these actors as Storm-2077, and Google Threat Intelligence calls one campaign Brickstorm. It went down like this: Chinese-aligned hackers zeroed in on perimeter appliances—think the Cisco firewalls guarding hundreds of federal agency networks. The attack methodology? Pure cyber ninja stuff. First, they slipped in using the zero-days, then escalated privileges and planted Go-based backdoors. These backdoors were especially devious, persisting through system reboots and upgrades. Once inside, the hackers could override security protections, move laterally, collect data, or even deploy additional malware. BitSight’s analysis highlighted that this kind of persistence means even a patched device can remain compromised if not thoroughly scrubbed. The impact? CISA chief Chris Butera said the directive was “emergency mode”—the threat was so severe that agencies had just 48 hours to hunt down evidence of compromise on every Cisco ASA device. CISA ordered step-by-step forensics, including dump reviews and hunting for specific indicators of compromise. No agency was named, but you can bet your bottom bitcoin the whole federal stack was sweating. Internationally, the UK’s National Cyber Security Centre also set off their alarms, seeing implant code and command execution targeting critical infrastructure systems. Cybersecurity titan Sam Rubin from Palo Alto Networks noted the attackers had matured their tactics, pivoting from global espionage to a US-specific focus—defense contractors were on the menu. Google’s Threat Intelligence Group highlighted the scale: the campaign ran for nearly 400 days, showing crazy patience and resource allocation. Attribution-wise, Cisco Talos, Google, and the US government agree it’s overwhelmingly likely these campaigns source back to Chinese state-aligned groups. They point to shared toolkits—like PlugX and RainyDay malware—same RC4 keys, and similar loader techniques. The attackers even leveraged legitimate Windows applications for sideloadings, such as DLL injection, making detection that much harder. What did we learn? Experts across the board stress, patch fast and patch everything. But that’s not enough. You need in-depth forensics, continuous monitoring, and, as the Navy’s cyber chief pointed out, an all-hands culture. And as Michael Hiatt from Epirus warned at the Air, Space & Cyber Conference, don’t get caught flat-footed: the adversary’s drone and cyber arsenals are massive, and the US must innovate and outmaneuver, not just outnumber. So, listeners, if you think the cyber headlines were wild last week, buckle up—there’s no sign the siege is letting up soon. Thanks for tuning in. This is Ting, geeking out on Dragon’s Code. Don’t forget to subscribe for more cyber intrigue. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI

    4 min

  3. 4D AGO

    China's Cyber Ninjas Strike Again: Feds Sweat as Dragon Flexes Digital Muscle

    This is your Dragon's Code: America Under Cyber Siege podcast. Listeners, Ting here—armed with tech, a healthy dose of snark, and a solid stash of digital coffee. Let’s break down this past week, where Chinese cyber wizards really outdid themselves in “Dragon’s Code: America Under Cyber Siege.” It’s been nothing short of a cybersecurity blockbuster—if blockbusters involved zero-day vulnerabilities and federal agencies sweating more than at a Black Hat keynote. First up: the biggest operation. CISA, America’s own cyber commandos, dropped an urgent warning after uncovering a campaign where attackers, allegedly from China, exploited not one but multiple zero-day vulnerabilities across US government networks. These zero-days, for those who prefer hacking candies to jargon, are unknown software flaws the good guys haven’t patched yet—basically, every defender’s nightmare. Even after system reboots and upgrades, these flaws kept offering hackers a golden ticket straight into federal vaults. That’s persistence! Cisco, the networking heavyweight, became the Sherlock Holmes of this drama, linking these shenanigans to ArcaneDoor, a notorious advanced threat actor. Cisco says their investigation started in May, helping several federal agencies probe attacks directed at their ASA security devices. What makes this super spicy? Censys, a leading threat intel firm, tracked four out of five IP addresses straight to China, with ties to heavy-hitters like Tencent and ChinaNet. If you’re wondering how deep the rabbit hole goes—some researchers theorize this hints at state backing, given the sheer scale and resources of the networks involved. So what got hit? Mainly the heart of American infrastructure—the federal backbone—including networks handling sensitive communications and possibly critical logistics. The attack method? Sophisticated remote code execution, hiding malicious code during legitimate processes. Basically, hackers went full ninja, bypassing firewalls and camouflaging their moves so well you’d think they trained with Sun Tzu. Now, let’s talk defense—because keeping up with over 40,000 new vulnerabilities a year, as CISA’s Chris Butera noted at FedScoop, is like playing cyber whack-a-mole with broken paddles. US agencies have made progress, patching over 99 percent of known threats facing the internet, leveraging automation and AI to keep pace. But this is a marathon, not a sprint. One lesson hammered in by every expert, from CISA to private consultants: timely patching and rapid incident response saves lives—or at least, data. Compare that to China’s own one-hour incident reporting rule for critical infrastructure, which makes the US’s four-day requirement look, well, glacial. Cybersecurity pros like Butera, and private sector voices from Cisco and Censys, agree: continuous monitoring, multi-factor authentication, and training staff to spot trouble are non-negotiables. One signal lesson? The age of “patch and pray” is over. AI-powered threat hunting and aggressive, transparent reporting are the new normal. China’s speed shows what’s at stake, and America better learn faster reporting and automated defense if it wants to survive the next digital blitz. So, listeners, as we close out Dragon’s Code, remember—the siege isn’t over, but the playbook is getting sharper. Thanks for tuning in, hit subscribe for more insights from Ting, and remember: This has been a Quiet Please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI

    4 min

  4. 6D AGO

    Cisco Firewall Fail: China's Cyber Dragons Breach US Defenses!

    This is your Dragon's Code: America Under Cyber Siege podcast. Listeners, Ting here—your favorite cyber sleuth with a knack for all things China, hacking, and a bit of dry wit on the side. Strap in, because the past week has read like the ultimate season finale of Dragon’s Code: America Under Cyber Siege—except this time, the cyber dragons aren’t just at the gates. They’re IN the walls, behind the firewalls, sipping your coffee, and rewriting your router configs. Let’s get to the breach everyone’s talking about: a wave of sophisticated cyberattacks targeting US infrastructure, especially government networks and anyone using Cisco’s Adaptive Security Appliances. According to Chris Butera, CISA’s acting deputy executive assistant director for cybersecurity, “The threat campaign is widespread.” Translation—bad news for anyone who ever set up a Cisco firewall and thought, “What could go wrong?” These attacks relied on what the cool kids in infosec call zero-days: vulnerabilities that even Cisco didn’t know about until the dragons came roaring through. Here’s how the offensive unfolded: hackers, believed to be operating out of China and closely tracked as ArcaneDoor, Storm-1849 by Microsoft, or UAT4356 if you like code names, discovered three dangerous vulnerabilities—especially CVE-2025-20333 and CVE-2025-20362. These bugs let attackers send sneaky HTTP(S) requests that give them root privileges or access to restricted URLs without passing Go or collecting $200. The real kicker? This allowed malware implants, remote code execution—basically letting the attackers become admin wizards of your network even after you rebooted the device or updated its firmware. These dragons were burning everything but leaving no smoke, using advanced evasion techniques like disabling logging and disguising commands. Sam Rubin from Palo Alto Networks described it as “a more focused, sophisticated campaign than we’ve seen previously.” The US Cybersecurity and Infrastructure Security Agency, or CISA, pulled the emergency brake Thursday. All civilian agencies had to test Cisco firewall gear for breaches and unplug compromised units before midnight Friday. Basically: if your firewall so much as coughed, it got yanked out and put in cyber quarantine. Patches were developed and rushed out, with Cisco’s engineers and security wonks burning the midnight oil. Chris Butera noted that it took months of investigation to pin down the root cause, since the attackers had been poking around as early as last November—talk about persistence! The impact? At least 10 organizations worldwide breached, “hundreds” of potentially vulnerable US devices, and still an uncertain number affected across critical infrastructure. No official US attribution to China yet, but threat intel firms like Palo Alto’s Unit 42 and Censys are confident—the fingerprints all point back to Beijing. Expert advice? Defensive playbooks got rewritten overnight. Agencies had to hunt for compromise, apply Cisco’s new patches, and permanently retire any end-of-life devices. And since the private sector tends to follow the Feds’ lead, expect every Fortune 500 IT team to be chugging Red Bulls as we speak. Lesson to take home? Real cyber dragons don’t just breathe fire—they sneak in quietly, stay hidden, and only roar once your network’s already theirs. Sam Rubin and Madhu Gottumukkala at CISA both urge: patch early, patch often, and kill your logging amnesia—because today’s intrusion is tomorrow’s front-page story. Thanks for tuning in to Dragon’s Code: America Under Cyber Siege with Ting. Stay sharp, patch your firewalls, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI

    4 min

  5. SEP 24

    Hacked! Chinese Cyber Spies Pwn US Tech for 400 Days Undetected

    This is your Dragon's Code: America Under Cyber Siege podcast. You wouldn’t believe the scene in my inbox these past few days—alerts, threat intelligence, panicked requests from lawyers and sysadmins alike. Welcome to Dragon’s Code: America Under Cyber Siege. I’m Ting, and if anyone’s been having a busier week than the US Cybersecurity and Infrastructure Security Agency, it’s me. Let’s cut to the breach—literally. The talk of the week is Brickstorm, a malware so slippery even seasoned threat hunters at Mandiant and Google’s Threat Intelligence Group are calling it “next-level.” The culprits? Highly sophisticated Chinese hacking crews, with UNC5221 and Silk Typhoon taking lead roles. These attackers have wormed their way into tech firms, legal organizations—heck, even the software-as-a-service providers who help keep America ticking. But what tips Brickstorm into cyber legend status is its ability to hang around for over a year in a compromised system without anyone noticing. That’s right—400 days on average before detection, a hacker’s equivalent to squatting in your server room, eating all your digital snacks, and redecorating[CyberScoop, Mandiant]. What’s their favorite methodology? Go straight for the perimeter and remote access infrastructure: think VPNs like Ivanti, virtual machines like VMware vCenter, and edge devices that are notoriously hard to monitor. For initial access, they love exploiting zero-day vulnerabilities—flaws nobody’s patched because they don’t even know they exist. Once inside, the adversaries upload web shells like China Chopper, set scripts for persistent access, and pull off lateral moves to web servers and SQL databases. They cloak these hops with different IPs and unique malware hashes every time. My favorite detail: they even clean up their digital fingerprints—delete logs, swap credentials, the whole spy movie routine[Google, CISA]. Attribution in cyber is always a slippery sport, but security analysts like Charles Carmakal at Mandiant aren’t shy. UNC5221 has been the most persistent Chinese cyber adversary in the States for years. Silk Typhoon, meanwhile, is infamous for hacking everything from legal emails to federal infrastructure. And the newcomer, RedNovember—a group that just graduated from “activity cluster” to full-fledged headline-maker—has targeted at least two US defense contractors using open-source tools like Pantegana and Spark RAT, plus off-the-shelf tools like Cobalt Strike. All of these facilitate stealthy, modular attacks while muddying the trail for investigators[Recorded Future, The Hacker News]. What’s the government done? The FBI’s running point, coordinating with software vendors and urging organizations to use new detection tools. Over at CISA, lessons learned from a recent GeoServer exploit highlight some classic failures: missed endpoint alerts, poor log retention, and the eternal mistake of not bringing in third-party experts fast enough. In response, agencies are ramping up patch velocity, investing in persistent endpoint detection (EDR), and even deploying new forensics playbooks sourced from both government and private-sector experts. But there’s consensus—like John Hultquist at Google’s Threat Intelligence summed up: “We’re only going to learn more over time as victims retrospectively uncover years-old compromises.” Here’s my expert takeaway: The Chinese threat actors are evolving, swapping bespoke malware for off-the-shelf tools, exploiting edge devices everyone ignores, and using patience as their weapon. Cyber responders have to get more proactive—hunt, patch, and educate, or else these digital dragons will keep flying circles around legacy defenses. Thanks for tuning in, my cyber-savvy listeners. Don’t forget to subscribe for more tales from the frontlines of digital geopolitics. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI

    4 min

  6. SEP 22

    Salt Typhoon Saga: China's Cyber Siege Unleashed on America's Telecoms

    This is your Dragon's Code: America Under Cyber Siege podcast. I’m Ting, and if there’s one thing I love more than a spicy hotpot, it’s dissecting China’s most brazen cyber moves—especially when the whole country is running digital fire drills. This past week? Welcome to Dragon’s Code: America Under Cyber Siege. It’s like “24” meets Shanghai—except the explosions all happen in cyberspace, and the heroes are cybersecurity engineers with too much caffeine. So, here’s what went down. On Thursday, just after most of you had started doomscrolling the morning news, Salt Typhoon took center stage. This was a state-sponsored hack, and experts from both KonBriefing and Microsoft’s threat teams quickly pinned the tactics and digital fingerprints to a group operating out of eastern China, likely connected to PLA Unit 61398. This wasn’t your run-of-the-mill ransomware. Salt Typhoon slipped in through telecom infrastructure—think millions of call logs, location data, and even those ‘are you free for dinner?’ texts. Over eight million people, including politicians, had private communications quietly siphoned out of the country. Top-tier espionage move, especially since they used zero-day exploits and chained privilege escalation attacks to stay invisible for months. Attribution? Microsoft’s team noticed the attackers’ kill chain matched previous Volt Typhoon patterns: lateral movement through outdated VPN appliances, living-off-the-land tools so nothing triggered antivirus, and encrypted data exfiltration using custom protocols. FBI forensics recovered command-and-control addresses linked directly to Shenzhen ISPs, and National Guard deployment rosters showed unauthorized access logs synced with Chinese daylight hours. If there was ever a week for Congress to convene emergency classified briefings, this was it. Of course, Salt Typhoon didn’t stop at snooping—service outages in telecoms followed. What gave the hack global flavor was its coordination: CM Alliance notes that, earlier in the year, similar intrusions hit water utilities and hospital systems. Experts like Anna Economides at Northeastern University warned that even strong encryption only slows elite actors—not stops them. With physical and digital access, attackers can intercept or analyze traffic flows for metadata, even without decrypting the payload. The actual payload? That’s still being unraveled, but it’s clear they had a bird’s-eye view into critical American resilience. The White House’s counterpunch rolled out fast. Department of Homeland Security, led by CISA, shipped mandatory AI-driven threat detection to telecoms—think anomaly hunting, multi-factor authentication as the default, and a blanket ban on China-linked firmware updates. Booz Allen Hamilton, fresh off a $421 million homeland security contract, deployed its best teams to audit network logs and patch the zero-days. Publicly, the Department of Commerce added over 50 Chinese tech suppliers to the infamous entity list; Integrity Technology Group was sanctioned for enabling infrastructure hacks across energy and transport sectors—a signal that Chinese software supply chains are now radioactive for American critical industries. Lessons? According to security pros like Charles Clancy at MITRE, the only way forward is “quantum-resistant cryptography and zero-trust everything.” This week proves—again—that proactive intelligence sharing and global incident reporting are mission critical. And that, listeners, is how Dragon’s Code stays ahead—at least for now. Thanks for tuning in, keep your passwords strong, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI

    4 min

  7. SEP 21

    Salt Typhoon Strikes: China Hacks Americas Telco Heartland in Cyber Siege of the Century

    This is your Dragon's Code: America Under Cyber Siege podcast. It’s Ting coming to you with another wild episode of Dragon’s Code: America Under Cyber Siege, and let me tell you, this week has been a digital rollercoaster only a nation-sized firewall could envy. If you blinked, you missed something. Let’s start with the main event: the Salt Typhoon campaign. Chinese state-sponsored hackers, tracked jointly by the FBI and the US Cybersecurity and Infrastructure Security Agency, unleashed a sophisticated attack wave on America's core telecommunications infrastructure—think AT&T, T-Mobile, Verizon—targeting the digital arteries that keep the country’s comms alive. Brett Leatherman from the FBI calls it “a national defence crisis.” Salt Typhoon’s specialty? They blend in by exploiting zero-day vulnerabilities in routers and network appliances, hiding malicious traffic in plain sight, and using legitimate network protocols so defenders can’t spot the difference between a rogue packet and your grandma’s FaceTime call. These guys have been at it since 2019, but this week they spiked activity and hit more than 200 companies in 80 countries. Some say Beijing’s goals are old-school espionage, but analysts at the UK's National Cyber Security Centre say the real danger is sabotage—disrupting critical infrastructure on a scale possibly never seen before. No shortage of attribution this week. Forensic teams at the National Cybersecurity Incident Management squad found clear evidence—malware dropped from IP ranges tied to Chinese registrants, C2 servers lighting up in provinces notorious for APT operations, and spearphishing emails that looked like they came straight from the Select Committee on Strategic Competition. These weren’t vague “maybe China, maybe not” findings. This was China, front and center, and they barely bothered to hide it. Mark Kelly and Greg Lesnewich flagged TA415 masquerading as US-China policy experts to phish US government and academic orgs with payloads latched onto economic trade talk. Crafty, but the end result was the same: someone, somewhere, lost way too much sleep over another fake PDF. On the defense front, American teams shot back fast. CISA deployed new threat hunting playbooks and mandated full packet captures at key telecom exchanges. AT&T’s in-house cyber squad rolled out an unprecedented encrypted traffic analysis using AI trained specifically to spot Salt Typhoon malware signatures. And the FBI upped their bounty to $10 million for tips on Salt Typhoon crew identities—a cyber version of ‘Wanted Dead or Alive’ on steroids. Cybersecurity legends like Joshua Chung and Golo Mühr warn listeners not to underestimate Mustang Panda, another China-aligned group, who dropped the SnakeDisk USB worm with geofencing so cleverly designed it only activates in Thailand. That’s next-level ops—geo-aware malware with command and control built to blend in with proxy traffic. Lessons learned? Invest more in centralized security controls. The government just tightened penalties for companies that delay breach reports—and announced they’ll launch probes even when companies don’t tell anyone. Joshua Chung said it best: “Next-gen attacks require next-gen defense—behavioral analytics, global threat sharing, and AI at every chokepoint.” Translation: you need to go full cyber ninja, not just stack firewalls. Listeners, thanks for riding the hackwave with Ting! Subscribe to Dragon’s Code for more digital intel that keeps your systems safe and your coffee nervously hot. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI

    4 min

  8. SEP 19

    Cyber Secrets Exposed: Chinese Hacker Gangs Gone Wild!

    This is your Dragon's Code: America Under Cyber Siege podcast. Ting here, and wow, what a wild ride on Dragon’s Code this week! If you thought your Monday was spicy, try waking up to news that three actual Chinese private companies—not just faceless hacker units—were orchestrating cyber assaults straight out of a Netflix thriller. I’m talking about Beijing Huanyu Tianqiong Information Technology, Sichuan Zhixin Ruijie Network Technology, and Sichuan Juxinhe Network Technology, all working with the Ministry of State Security. So, yes, the headlines weren’t lying: Salt Typhoon is back, and it’s bolder than ever. And if you were in DC, there’s a nonzero chance your text messages were cruising through Shanghai for a quick layover, as China’s hackers tapped into AT&T and Verizon, scooping up communications, location data, and, possibly, your unflattering dinner selfies. According to a sprawling 37-page report signed by the FBI, CISA, the NSA, and nearly a dozen of our closest allied agencies, more than 200 companies, ranging from telcos to the ever-mysterious “lodging sector,” were breached. And let’s not gloss over the Department of Defense quietly finding out Salt Typhoon had burrowed into a state National Guard network undetected for almost a year. Like, if you’re going to drop a cyberbomb, at least leave a calling card, am I right? But Salt Typhoon didn’t have the field all to itself. Enter the Qilin ransomware gang—think the French Connection meets a Bored Ape NFT. Qilin specializes in hitting state and local governments, using phishing, exploiting public-facing apps, and even multifactor authentication bombing (so, if your phone starts pinging like it’s the Fourth of July, it might not just be your mom). Qilin’s double-extortion scheme snatches sensitive data, locks up systems, and then threatens to leak everything. The Center for Internet Security pegs them for 25% of all public sector ransomware attacks in Q2 2025. Losses? Up to $40 million in a single clinic, and $91 million in ransomware tracked—and those are just what’s been reported! Now, how do we fight back? First, cue Nick Andersen from CISA, who calls the Cybersecurity Information Sharing Act “foundational.” This law (which, by the way, might expire soon if Congress doesn’t move!) lets private companies share real-time threat intel with the Feds without fearing a lawsuit if they accidentally overshare. Gloria Glaubman, cyber whisperer from the U.S. Embassy in Tokyo, says most attack surfaces are private. That means utilities, telecoms, and even coffee companies are the canaries in our digital coal mine, first to see Chinese state-backed campaigns slipping through corporate routers—not fancy malware, just living off the land, blending in with legitimate network traffic. The FBI and Capitol Police are hot on the heels of a new twist: Chinese spearphishing that mimics U.S. lawmakers—like Rep. John Moolenaar—to sneak into inboxes and drop malware by exploiting routine legislative processes. Dakota Cary from SentinelOne describes the use of real private firms for hacking as “inconceivable,” and I’m with him. The MSS doesn’t just have hackers, but an entire cyber-industrial complex—and, no, I don’t see us asking Apple to hack President Xi anytime soon. The takeaways? Assume everything is compromised—yes, even that mysterious email from your congressman. Invest in incident response drills. And CISA 2015 reauthorization: that’s the legislative shield keeping public-private collaboration alive, and if it lapses, our digital fortresses are one step shakier. The experts agree: ditch the blame, treat victimized firms as, well, victims, and encourage sharing—no more cyber-shaming. So, gear up your cyber hygiene, patch those apps, and maybe text your representative (on Signal, please) about renewing CISA. That’s it for this week's Dragon’s Code. Thanks for tuning in—don’t forget to subscribe! This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI

    4 min
See All (132)

About

This is your Dragon's Code: America Under Cyber Siege podcast. Dragon's Code: America Under Cyber Siege is your go-to podcast for detailed analysis of the week's most sophisticated Chinese cyber operations targeting US infrastructure. Stay updated with expert insights into attack methodologies, affected systems, and compelling attribution evidence. Discover the defensive measures implemented and lessons learned from each incident. Featuring interviews with leading cybersecurity experts and government officials, Dragon's Code delivers essential information for anyone interested in the evolving landscape of cyber warfare and national security. Tune in regularly for in-depth discussions that keep you informed and prepared. For more info go to https://www.quietplease.ai Check out these deals https://amzn.to/48MZPjs

Information