China's Chip Heist, Hack Tsunamis, and the AI Arms Race: Buckle Up, It's Getting Spicy!

This is your Cyber Sentinel: Beijing Watch podcast.

Welcome back, listeners. Ting here with your Wednesday download on Cyber Sentinel: Beijing Watch. Let’s skip the warm-up—because this week in Chinese cyber activity, we’re skipping chill and heading straight for the blazing core. You want fresh attack methods, hot attribution, and those spicy strategic implications? Let’s plug in.

Kicking off with a thunderclap: Federal agents just nabbed two Chinese nationals, Chuan Geng and Shiwei Yang, smuggling Nvidia’s crown jewel AI chips—the H100 and GeForce RTX 4090—from California to China, dodging export controls by rerouting through Malaysia. The US indictment is more than a win for export law—it’s a peek into China’s relentless appetite for US tech. And meanwhile, Beijing’s been grilling Nvidia about possible backdoors in their H20 chips, demanding assurance that Washington isn’t pulling a double bluff. Nvidia’s own security chief, David Reber Jr, warned both sides: hardware backdoors are basically a “hackers welcome” doormat and could unravel trust in American digital infrastructure.

But while Uncle Sam’s chasing chip smugglers, Chinese hackers aren’t just watching—they’re launching. Darktrace tracked China-attributed crews exploiting a freshly discovered flaw, CVE-2025-0994, in Trimble Cityworks—software running local governments and critical infrastructure, everything from airports to sewers. Attacks started before the vulnerability was ever made public. Proof that China-linked APTs are getting bolder, faster, and more precise. And the tools? Auto-Color backdoors, Ghost RATs, AsyncRATs, and the ever-adaptable Raspberry Robin worm, now moonlighting as an initial access broker for ransomware and government-sponsored attacks.

Credential-harvesting is going premium too. An investigation just exposed a megabreach: up to 115 million US payment cards compromised through slick “smishing” attacks—phishing via SMS—that bypass multi-factor authentication and target digital wallets, Apple Pay, and Google Wallet. The group, led by the alias Lao Wang, deploys platform kit upgrades as fast as TikTok can launch a trend, even tricking fraud monitoring by provisioning cards onto attacker-controlled devices. Pay attention if you handle payments, healthcare, or government logistics—these are the most battered sectors right now.

China isn’t just hacking for cash or chaos. According to a Gladstone AI report, their goals are strategic: strengthen their AI R&D, exfiltrate valuable model secrets, sabotage US industrial capabilities, and—here’s the kicker—prime their own AI-empowered arsenal with our best data. The hardware supply chain is another open wound: Chinese-made components, ubiquitous in servers and routers, raise nightmare scenarios for built-in sabotage or untraceable backdoors.

Don’t overlook the drone front either. Beijing’s subsidized drone manufacturers, like DJI, now own the global market and US skies, which isn’t just bad news for domestic tech—it’s potentially allowing Chinese state actors to map and surveil critical infrastructure, as literally spelled out by the Bureau of Industry and Security’s ongoing investigation into unmanned systems security.

So what next? If you’re defending US assets, up your zero-trust game, patch like neurotics, segment networks, and run continuous monitoring beyond your pretty dashboards—especially for old equipment or those cheap IoT devices everyone forgets about. Rethink your supply chain, and if your SOC isn’t threat-hunting AI-driven APTs, you’re swinging a plastic sword at a power armor brawl.

Tactically, get ready for cross-domain, AI-hybrid attacks—smart, fast, multi-vector, often exploiting blind spots before you even have an alert up. Strategically, US policymakers need airtight export control, real investment in “device-agnostic” security, and coalition building to counter systemic supply chain risks.