Silk & Salt Typhoons Wreak Havoc as China Sharpens Cyber Claws—Patch Now or Perish!

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Welcome to Digital Dragon Watch: Weekly China Cyber Alert. I’m Ting, your go-to cyber-sleuth with a soft spot for hotpot and zero tolerance for zero-days. Let’s jump straight into the code soup: The last seven days have been busy, and China-linked actors have been right at the center of the storm.

First up, the notorious Salt Typhoon—also tracked as RedMike by the Insikt Group—has continued rampaging through global telecom, snatching up five more providers, two of them in the US. Their favorite tool for the job? Exploiting those persistent vulnerabilities in Cisco’s IOS XE software. Specifically, we’re talking about CVE-2023-20198 and the weaponized cousin, CVE-2023-20273. Both are privilege escalation bugs, deliciously unpatched on far too many edge devices. Salt Typhoon used these flaws for root-level access, with researchers spotting activity on over 1,000 devices. And it’s not just telecoms: universities have been in the blast radius too, with UCLA and Loyola Marymount University among those probed. This isn’t small potatoes. When cybercriminals have the same network access as your IT admin, it’s only a matter of time before data starts walking out the door, and those “unplanned outages” become the new normal.

And Salt Typhoon isn’t the only player in this week’s threat matrix. Silk Typhoon, another Beijing-backed crew, is switching tactics by targeting the IT supply chain. Think about it: why storm the front gate when you can compromise a vendor and sneak in with the delivery truck? These attacks give adversaries the keys to organizations’ digital kingdoms, moving laterally across networks with supply chain trust as their weapon. Meanwhile, Weaver Ant was caught running a years-long web shell campaign, showing just how patient and persistent Chinese advanced persistent threat (APT) groups remain.

The affected sectors aren’t limited to telecom or academia. U.S. government officials are sounding the alarm: Chris Krebs, former director of CISA, warned just this week that China is now America’s number one cyber adversary. Ransomware attacks are up, but the real worry: foreign hands reaching into critical infrastructure, setting the stage for disruption when tensions rise.

What's the US doing about all this? The government has called for patching “yesterday, if not sooner.” CISA’s latest bulletins urge all orgs using Cisco edge devices to apply those patches, audit logs, and nail down segmentation. Experts recommend never trusting vendor defaults, enabling strict network access controls, and deploying robust endpoint detection to catch stealthy attackers before they can move laterally.

In sum: China’s digital claws are getting sharper, threat actors are evolving, and the most vulnerable targets are the ones that remain complacent. So patch, monitor, and stay paranoid. I’m Ting, and that’s your Digital Dragon Watch—stay cyber-savvy until next week!

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta