Hacked FTP Keys, ICS Hits, and TikTok's Clover Caper: China's Cyber Dragon Breathes Fire

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Welcome back to Digital Dragon Watch, your weekly China cyber alert with me, Ting—your favorite cyber sleuth who runs on caffeine, curiosity, and a steady stream of zero-day disclosures. Buckle up, listeners, because the dragon has definitely been breathing fire this week.

Let’s get right into the biggest headline: security researchers have sounded the alarm about an alarming vulnerability in the Wing FTP Server, tagged as CVE-2025-47812. Huntress and Shadowserver researchers confirm attackers are actively exploiting this nasty flaw, which combines a null byte and Lua injection to allow root-level remote code execution. In layman’s terms, it’s a digital skeleton key—hackers can take control of whole systems, scoop up passwords, and even wipe out files if they’re feeling spicy. Wing FTP counts some big players among its 10,000 clients, with the U.S., China, and Germany topping the exposure charts. This isn’t speculative, folks—Shadowserver is tracking at least 2,000 exposed systems and says active exploitation began July 1. If you run Wing FTP and haven’t patched, you might as well be handing the keys to your digital kingdom to the nearest stranger. So, as expert Julien Ahrens bluntly put it, patch now or risk total compromise.

Meanwhile, hacktivism is evolving in ways that should unsettle every infrastructure operator. According to Cyble, hacktivists are no longer just playing with website graffiti—they're breaching industrial control systems and causing real disruptions. The Russia-linked Z-Pentest group has launched 38 ICS attacks in Q2 alone—a 150% increase—and, while not all directly tied to China, the inspiration and technical overlap with China’s industrial espionage are hard to ignore. These attacks aren’t just about chaos; they’re aimed at undermining the backbone of entire sectors, including energy and utilities.

Let’s talk statecraft—China’s cyber operations aren’t just about stealing secrets anymore. The Irregular Warfare Center warns that Beijing is heavily focused on pre-positioning malware within U.S. critical infrastructure, especially in energy, transportation, and water systems. The notorious Volt Typhoon group, for example, has become the poster child for this hybrid espionage campaign, blending network intrusions with the ability to disrupt life-critical services. The FBI now has over 2,000 open investigations into PRC-related IP theft. This is economic warfare—Chinese companies leapfrog R&D costs by snatching U.S. breakthroughs, and that’s got strategic implications far beyond quarterly earnings.

On the regulatory front, the U.S. government isn’t just playing defense. A new White House executive order directs NIST, CISA, and OMB to adopt policy-as-code—think machine-readable cybersecurity rules and automated compliance pipelines. By 2027, all federal IoT procurements will require machine-checked security labels. This is a big move toward operationalizing security and making sure standards aren’t just words but living, enforced controls.

Turning to the Pacific, China’s hybrid gray-zone tactics against Taiwan’s allies like Palau continue. Asia Times details how cyberattacks have dovetailed with economic coercion and political influence ops, including a 2024 hack that cost Palau $1.2 million and the suspicious leasing of land near U.S. military sites. The U.S. has responded by ramping up missile defense requests and pushing for more robust regional alliances, even as it asks allies to boost defense spending.

On the privacy front, TikTok’s woes in Europe just hit another speedbump. The Irish Data Protection Commission is investigating ByteDance for shipping EU user data to China, despite prior denials and a massive €530 million fine. TikTok says Project Clover will localize data, but regulators are skeptical—and so should you be, if you value your privacy.