China's Cyber Rampage: Ransomware, Malware & Zero-Days, Oh My!

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here with your China Hack Report: Daily US Tech Defense. Let’s cut the fluff—these past 24 hours have been packed. Grab your VPN and your metaframe, because here’s what you need to know, straight from the ones and zeros.

Let’s start with the ransomware thunderstorm. DaVita, a major US kidney dialysis firm, confirmed that nearly 2.7 million patients had their personal and health data compromised in a ransomware breach. While the full “whodunit” is still swirling, Security Affairs and SecureBlink suggest China-linked Silk Typhoon, also called Murky Panda, has ramped up attacks on North American healthcare orgs, exploiting both n-day and zero-day flaws. Basically, if you use anything internet-connected and work in healthcare—yeah, you’re on the menu.

The nasty new malware on the block isn’t a fancy worm, but “infinite loop” kill-switch code written by Davis Lu, an ex-Eaton software developer based in Houston. Just sentenced to four years in prison in Ohio, Lu’s malware locked out thousands of employees after he was fired. Prosecutors say his code, affectionately named “IsDLEnabledinAD,” caused hundreds of thousands in losses and was activated when his name was removed from the directory. This wasn’t just a classic ex-employee revenge case—it’s a reminder how insider threats with China connections can go nuclear for US infrastructure.

The vulnerability scene is just as hectic. CISA made noise by adding a fresh zero-day, CVE-2025-43300, hitting Apple iOS, iPadOS, and macOS to its Known Exploited Vulnerabilities catalog. Emergency patches are out, but here’s your Ting tip: patch before you pour that next cup of tea. These are actively exploited, so leaving your systems unpatched is basically sending your secrets straight to Shanghai.

There’s even more: over in pharma, Inotiv took a ransomware punch, halting big parts of its research operations. The Qilin gang claimed 176GB exfiltrated. Now, Qilin isn’t confirmed China-linked, but with so many simultaneous attacks on high-value US sectors, let’s just say coincidence is not a cybersecurity strategy.

Microsoft took a bold step, reportedly halting the sharing of proof-of-concept exploit code with Chinese partners, after July’s SharePoint zero-day led to mass exploitation. They’re now only dishing out written bug details in hopes of slowing things down. Stop spoon-feeding your frenemies, classic CISO move.

CISA and the FBI are hitting the panic button: their official advisory bluntly recommends immediate patching of any Apple and SharePoint systems. Plus, if you’re in healthcare, pharma, or critical infrastructure, it’s time to double-down on network segmentation, internal monitoring, and staff phishing drills. The insider threat—think Davis Lu—remains as dangerous as external APTs like Silk Typhoon.

Wired up and worried about the future? You should be. But knowledge beats fear every time. That’s all for today’s China Hack Report. Thanks for tuning in, stay patched, stay paranoid, and don’t forget to subscribe!

This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta