China's Cyber Espionage Bonanza: GodRAT's Reign, Nvidia's Kill Switch Drama, and a Looming Tech Divorce

This is your Cyber Sentinel: Beijing Watch podcast.

Ting here, your cyber sentinel with a virtual seat high above Beijing, peering through the haze so you don't have to. Buckle up, listeners—this week’s cyber game between China and the US just hit warp speed.

Let’s start with the most eyebrow-raising reveal: a brand new remote access trojan called GodRAT unleashed on trading and brokerage firms, especially in Hong Kong, but tentacles stretching through the UAE, Malaysia, and beyond. Kaspersky says GodRAT hides its shellcode using steganography inside image files delivered by Skype, then side-loads malicious DLLs via fake screensaver files. This nastyware borrows heavily from the notorious Gh0st RAT lineage, long favored by the Chinese state-backed crew Winnti—also known as APT41. The plugins pilfer credentials, exfiltrate files, and deliver follow-on tools like AsyncRAT, cementing deep persistence and surveillance. With all this, China’s targeting sharpens on the financial sector, threatening the heartbeat of global markets.

Pivoting hard to hardware, the great chip spat is devolving into spy drama territory. Last week, Beijing’s regulator grilled Nvidia about possible “backdoors” and kill switches in its H20 AI chips—specifically designed for the Chinese market after export curbs. State broadcaster CCTV, never shy with theatrics, declared these chips a national security risk. At stake: the specter of the US remotely shutting down China’s AI ambitions with a digital kill switch. Nvidia’s CSO David Reber Jr. fired back, calling it paranoid fantasy, but the mutual finger-pointing didn’t end there. Beijing has quietly warned major Chinese firms—especially in critical sectors—not to use Nvidia H20s in anything sensitive.

And in a delicious twist of the pot-calling-kettle variety, Chinese state media just labeled the US a “surveillance empire” for attaching asset tracking tech to GPU shipments, while conveniently forgetting—hello!—its own CCTV network is literally called Skynet. As The Register quips, only missing element: using humans as batteries, Matrix-style. Yet beneath the satire, the risk is real: should relations nosedive, China fears its critical systems—commercial or military—could be bricked overnight by an external command.

Policy-wise, the US has just retired most export controls under Trump 2.0, opting for a selective export tariff on chips—15% of sales channeled straight to Uncle Sam’s coffers. The idea seems to be: if China will develop its own chips anyway, why not fund both domestic defense and economic competition while they do it? This is poking at nerves in Beijing and accelerating China’s crash program to ditch US technology wherever possible.

On the tactical front, Anne Neuberger—former US deputy national security advisor—warned this week that America’s “digital home front” is dangerously exposed. Hospitals, water plants, pipelines... all at risk from Chinese cyber sabotage, especially if a Taiwan crisis explodes. The message: up our defenses, or watch China exploit these digital Achilles’ heels.

For security leaders, the week’s best guidance is:
- Patch fast, especially against high-severity flaws now widely exploited like SAP NetWeaver’s CVE-2025-31324—there’s confirmed active targeting and easy exploit code in the wild.
- Watch inbound financial sector traffic for artifacts of the GodRAT family, especially suspicious screensaver and image files.
- Audit all AI supply chains, particularly those involving recent Nvidia hardware, for any signs of suspicious remote management features or forced patching.
- Double-check endpoint protection in energy, health, and other critical infrastructure, since these are increasingly targets of opportunity.

Strategically, the current mess points to an accelerating split in tech ecosystems and trust. China’s moving to sever dependence on US chips, and the US is...