China's Cyber Buffet: APTs Feast on US Tech, Millions of Tokens Compromised, and PLA's Pit Crew Exposed!

This is your China Hack Report: Daily US Tech Defense podcast.

It’s Ting here—your favorite China cyber oracle with a dose of caffeine and cutting-edge snark, reporting on today’s cyber mayhem served fresh from the People’s Republic. Congratulations, listeners, if you’re tuning in, you made it through August, but the hacks weren’t on vacation.

Let’s get straight into the last 24 hours, because the cat-and-mouse game is getting spicy. US tech infrastructure—especially telecom, cloud, and critical government networks—continue to be prime rib on the Chinese APT buffet. A joint cybersecurity advisory just dropped, applause-worthy for its size at 37 pages and purveyed by CISA, NSA, FBI, British NCSC, and, yes, our friends at the Five Eyes club. It states that Chinese state-sponsored groups—think RedMike, Salt Typhoon, and their unpronounceable cousins—are ruthlessly targeting backbone routers, provider edge gateways, and customers’ edge in sectors like telecommunications, transportation, and even lodging. They’re not just after the confidential files this time; they want persistent access to traffic flows, device controls, and, worryingly, the ability to track users’ movements on a continental scale. The threat overlaps with those groups known elsewhere as OPERATOR PANDA, UNC5807, and GhostEmperor, if you want to collect all the Pokémon.

Several Chinese companies, including Sichuan Juxinhe Network Technology and Beijing Huanyu Tianqiong, were outed as key cyber enablers for China’s Ministry of State Security and PLA—these guys are pretty much the pit stop crew in China’s cyber Grand Prix.

Now, malware news: Reports from the West (spotlight on the Dutch intelligence MIVD and even Google’s Threat Intelligence Group) confirm active deployment of C6DOOR and GTELAM malware, distributed via hijacked update servers—so that innocent-seeming Sogou Zhuyin IME update on Friday? Actually a front for an espionage campaign, particularly in Asia but no borders are honored here. The Cloud sector also took hits: Microsoft was forced into releasing urgent patches to shore up new Exchange hybrid configuration vulnerabilities, prompting a CISA emergency directive ordering all agencies to review and remediate fast—by August 31 or else.

If your organization runs Citrix NetScaler ADCs, take your coffee black because over 28,000 instances are still open to remote code execution via CVE-2025-7775 and attackers are already poking around. CISA, in typical traffic-cop fashion, just added it to the KEV catalog—translation: patch now or invite the PLA into your datacenter.

Also, in the past day, Google and Mandiant disclosed that the recent Salesloft Drift OAuth token breach is way broader than thought, and tokens for the Drift AI chat have been compromised en masse—meaning, if your Salesforce integration isn’t on fire, check again.

For defense, CISA’s top recommendations this cycle: segment critical infrastructure networks, hunt for signs of router tampering and compromised update servers, immediately apply all available patches, monitor for suspicious login attempts, and treat any credential or token as suspect until proven otherwise. CISA also nudged providers to double down on endpoint threat detection and multifactor authentication, and don’t forget to read the new advisories, including the massive one on PRC cyber tactics.

That’s the 360-degree snapshot of your latest China-linked cyber frontline. Hackers may only need to get lucky once, but listeners, you’ve got Ting—every day. Thanks for tuning in to another China Hack Report: Daily US Tech Defense. Don’t forget to subscribe and stay patched. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals