China's Cyber Mercenaries Exposed: Silk Typhoon's Global Hacking Spree Hits Pandemic Research and Beyond!

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Welcome to Digital Dragon Watch: Weekly China Cyber Alert. Ting here, your cyberspace sherpa with the latest sizzle from the Sino-hacking front lines. Buckle up, listeners—this week reads like a cyber-thriller, with real-world stakes.

First up, the jaw-dropper: Italian authorities, with help from the FBI, just nabbed Xu Zewei in Milan. Xu isn’t your average script kiddie—he’s a 33-year-old IT manager allegedly moonlighting as a cyber mercenary for China’s Silk Typhoon group, formerly tracked as Hafnium. The U.S. Department of Justice says Xu pulled off some of the nastiest cyber heists of the pandemic: think hacking American COVID-19 research and exploiting zero-day flaws in Microsoft Exchange. Xu’s alleged playbook? Infiltrate, install web shells, remote control, and exfiltrate data on thousands of systems globally. Prosecutors claim his targets included Texas universities, global law firms, and government agencies—basically, if you had valuable data, Xu wanted a look. According to Justice officials, Xu and co-defendant Zhang Yu coordinated directly with China’s Ministry of State Security through a Shanghai front company called Powerock Network. Zhang is still out there, so the game isn’t over.

Silk Typhoon’s greatest hits include the 2024 U.S. Treasury Department attack and ongoing supply chain raids. Microsoft and Google both say the group is fixated on healthcare, defense, education, and legal sectors across the U.S., Japan, Australia, and Vietnam. What’s chilling is the scale: FBI Assistant Director Brett Leatherman called out their campaign for hitting over 60,000 U.S. entities, with more than 12,700 confirmed victims. Silk Typhoon’s signature move? Exploiting vendor trust. Recent drone industry attacks—credited to another China-linked group, Earth Ammit—show how China’s threat actors hijack legitimate software updates from smaller vendors. The malware slips in via trusted pathways, bypasses hardened company defenses, and quietly siphons off critical tech. Researchers say Earth Ammit’s focus on drone, satellite, and military tech supply chains in Taiwan and South Korea is no accident; it’s precision cyber-espionage designed to bolster China’s strategic edge.

Let’s pivot north: Canadian telecom titan Rogers was just revealed as a victim in a wide-ranging campaign by the Salt Typhoon group. Salt Typhoon, exposed on both U.S. and Canadian soil, specializes in slipping into telecom networks to scout assets and potentially tap communications. The latest breach occurred back in February, with three Rogers devices compromised. Security analysts suspect the group is leveraging vendor relationships and lawful access mandates to quietly probe major critical infrastructure across the globe.

The U.S. response? A full spectrum push, from aggressive law enforcement to diplomatic pressure. The Justice Department’s multinational pursuit of Xu Zewei is just one plank. CISA is sounding alarms, urging organizations to patch zero-days fast, monitor vendor updates scrupulously, and tighten rules on remote access tools. Experts at Google and Microsoft recommend layered defenses: continuous credential monitoring, endpoint detection with behavioral analytics, and strict security on all supply chain partners. This week’s events drive home a hard truth—countering China’s cyber reach requires relentless vigilance, smarter defenses, and global teamwork.

That’s your 360-degree wrap from Digital Dragon Watch. Thanks for tuning in, listeners. Don’t forget to subscribe for more cyber intrigue straight from the frontline. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta