Juicy! China's APT41 Strikes Again, Pentagon Cuts Microsoft Ties, and Cyber Laundromats Exposed!

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Hey listeners, it’s Ting here—your Digital Dragon Watch host, serving up the week’s wildest China cyber antics with a side of actionable insight. Let’s not waste time, the cyber seas have been stormy, and you’re here for the real story.

First up, if you thought the legendary Chinese group APT41 had settled down, think again. According to Kaspersky, APT41 just dropped a new campaign targeting government IT systems, but this time, it’s Africa in the crosshairs. They’re using hardcoded internal services, hijacking SharePoint servers within victim infrastructures, and smuggling in C2 commands through web shells. The trickiest bit? They’re sidestepping detection with living-off-the-land tactics, blending C# trojans and Windows tools to move quietly through networks. Oh, and their malware checks which language packs are installed—it bails if it detects Japanese, Korean, or any Chinese variants. Sorry, global ops only.

These aren’t isolated sleights of hand. Over in Singapore, their critical infrastructure just took a hit, as Singapore’s cybersecurity agency confirmed Chinese hackers had breached core systems late last week. We’re seeing the same escalation worldwide: China’s state-run “Salt Typhoon” group has ties to the Ministry of State Security and is targeting everything from telecom to energy, using techniques once reserved for military espionage.

Let’s head back stateside. The U.S. Department of Defense reacted fast after a ProPublica investigation exposed Microsoft’s use of China-based engineers for patching Pentagon cloud systems. Turns out these engineers, although supervised by U.S.-cleared “digital escorts,” were still helping patch some of the cloud’s most sensitive layers—think material just short of top secret. Defense Secretary Pete Hegseth didn’t mince words: China will have “no involvement whatsoever” in Pentagon cloud services, effective immediately. Microsoft did a quick pivot, promising no more China-based support on DoD clouds. But the implications? Big providers everywhere are now under the microscope. Congress is also scrutinizing potential PRC ties to America’s subsea Internet cables—Huawei Marine, China Telecom, and SBSS are all popping up on their radars.

Meanwhile in India, Hackread details how Chinese threat groups are running a $580 million annual cyber-laundering scheme. They’re using WhatsApp and Telegram to recruit students as money mules, hijacking bank accounts, and washing illicit proceeds through local shadow banking systems for crypto conversion. It’s a hybrid attack: part cybercrime, part financial warfare.

Stateside response? Some experts, like Dave Kennedy, say the U.S. absolutely must shift to a more aggressive, offensive cyber stance. The days of defensive posturing and “strongly worded statements” are over. New investments—rumored at $1 billion—are being proposed to build up real-time offensive capabilities, not just tools locked away behind endless layers of bureaucracy. Congress is pushing for strict prohibitions on any entity using Chinese components or personnel for critical infrastructure—cables, clouds, you name it.

On the regulatory front, China just amped up mandatory data protection rules: if your company touches data on a million or more individuals, you now have 30 days to report your appointed Personal Information Protection Officers online to the Cyberspace Administration of China. Miss it, and they’re promising serious consequences.

And finally, the expert recommendations this week:
- Immediately audit all legacy connections and MSP relationships for supply chain exposure, especially where offshore labor is involved
- Use threat intel platforms that go beyond signature detection; APT41 and Salt Typhoon are masters at blending in with normal network traffic
- Tighten controls around internal SharePoint...