China's Cyber Snoops Strike Again: Bots, Bugs, and Spies, Oh My!

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here with your China Hack Report: Daily US Tech Defense, coming to you on August 15, 2025—and believe me, the last 24 hours have not been boring in cyberland. Let’s hack in!

First, the big headline: according to the Office of the Director of National Intelligence, China is regularly probing US critical infrastructure, looking for weak spots using a mix of AI, big data, and a flavor of what their People’s Liberation Army calls “Multi-Domain Precision Warfare.” We’re not just talking about script kiddies knocking on digital doors—Volt Typhoon, one of China’s leading state-backed groups, is still on the move. Even after direct FBI action earlier this year, Volt Typhoon’s persistent bots have adapted yet again, exploiting vulnerable third-party systems and embedding themselves deep in US civilian utility networks and potentially supporting military logistics as well. Picture malware that acts like a sleeper agent—quiet now, devastating when awoken.

From the malware front, SOC Radar just flagged a zero-day vulnerability, CVE-2025-8088, in the Windows version of WinRAR. This one’s mainly attributed to the RomCom group, who, yes, usually operate out of Russia, but who's counting when the vulnerability spreads so quickly? This bug allows attackers to hide malicious files in tricky places and force extractions into high-privilege folders, ensuring their malware runs at system startup. The recommended move from CISA? If you use WinRAR—patch yesterday. There’s no time for the “I’ll do it Friday” crowd.

Switching sectors, CISA just added two N-able N-central flaws to the Known Exploited Vulnerabilities Catalog. These remote monitoring tools are favorites for managed service providers, meaning if you’re a small business relying on outsourced IT, you’re at elevated risk. CISA is advising urgent patching and a full audit of MSP access controls—don’t leave backdoors open for Volt Typhoon or copycat groups.

Zoom and Xerox also released emergency security fixes this week. Zoom’s patch closes a privilege escalation bug on Windows, tracked as CVE-2025-49457, with a whopping CVSS score of 9.6. Don’t just update Zoom for new emojis—this one’s crucial for keeping your meetings private and your systems safe. If you’re on Xerox FreeFlow Core, get patching there too.

Meanwhile, on the global chip chessboard, Xinhua—China’s state media—is accusing the US of turning high-end chip exports into surveillance tools by secretly hiding trackers in shipments. The US, of course, says this is strictly for anti-diversion and counter-espionage, but it’s yet another signal that the tech trade war is now full-spectrum, touching semiconductors, telecom, and even smart vehicles.

On Taiwan’s web front, a Chinese-speaking APT group known as UAT-7237 was caught breaching Taiwanese web servers using custom versions of open source hacking tools. Cisco Talos researchers watched as these hackers used everything from shellcode loaders called SoundBill to credential extraction tools like Mimikatz, aiming for deep, long-term access—likely as a dry run for similar techniques against US infrastructure. Lesson for today? Patch old servers and audit remote desktop protocols—these groups thrive on vintage vulnerabilities and lazy configuration.

Finally, for those in the Defense Industrial Base, keep an eye out for new Cybersecurity Maturity Model Certification (CMMC) 2.0 guidance from the DoD CIO. Expect stricter supply chain security checks and no tolerance for unmitigated foreign influence. It’s all about closing the weakest links.

That’s your rapid-fire rundown of the most critical China-linked cyber activities affecting US interests in the last 24 hours. Thanks for tuning in—be sure to patch, double-check your MSPs, and subscribe for the latest defense tips. This has been a quiet please...