Silk Typhoon APT Strikes Again Exploiting Zero-Days While US and China Face Off in Chip Wars

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Hey listeners, it’s Ting here, your digital dragon wrangler, cyber sage, and all-around troublemaker in the world of China and hacking. No long intro, just straight to the best and worst of this week in China cyber alert—so buckle up.

Let’s start with the headline grabber: the China-linked Silk Typhoon APT—sometimes called Murky Panda—is taking things up a notch in North America. CrowdStrike warns they are actively exploiting both n-day and those oh-so-terrifying zero-day vulnerabilities, jumping straight into enterprise networks by slipping past unpatched defenses. Forget fishing in a barrel, this is high-tech spearfishing and nobody is off limits. Healthcare, critical infrastructure, finance—they’re all in the blast radius. Some of the attack paths use n-day flaws, but there are reports of fresh zero-days being dropped, which means standard patching is officially yesterday’s problem, not today’s solution, according to Security Affairs.

Speaking of healthcare—ouch—DaVita, one of the larger U.S. kidney dialysis firms, confirmed a ransomware attack exposed personal and health data of 2.7 million people. That’s not just HIPAA pain; it's national security, since some experts are connecting these tactics to China-linked actors, using access to health records as a leverage point for espionage and financial shakedowns. When data equals power, cybercrime is geopolitical—remember that.

Microsoft is hitting “enough is enough” territory: after their SharePoint platform was abused thanks to a proof-of-concept exploit being used by Chinese partners, they now refuse to share exploit code with Chinese companies. No more free lunches—only written details now, which might slow down threat actor tool development. This was a direct result of leaks that led to mass exploitation, highlighting a new defensive tactic: knowledge compartmentalization.

Now, let’s talk about government response. Washington is sounding alarms over Europe’s cyber coziness with Chinese giants. This week, Congress fired off a warning letter to Secretary of Commerce Howard Lutnick, flagging Spain’s €12.3 million deal with Huawei to manage wiretapped data, citing massive digital trade and national security risks. Congressman Richard Hudson and Gus Bilirakis pushed for a full Commerce Department review, and Director of National Intelligence Tulsi Gabbard is reportedly reevaluating intelligence sharing with Spain to check for leaks to Beijing. It’s classic chain-reaction stuff—one EU contract with Huawei and suddenly the whole NATO data-sharing trust tree shakes.

Meanwhile, commercial tensions keep bubbling. The US and China are trading barbs over Nvidia’s H20 chips. Commerce Secretary Lutnick’s comment that China is only getting “third-best stuff” ticked off Beijing and sent Chinese regulators scrambling to restrict Nvidia chip orders. Nvidia CEO Jensen Huang is outright dismissing security concerns, but underlying all this is a push for Chinese chip self-sufficiency—watch out for retaliatory escalations in tech and semiconductor supply chains.

Expert advice this week is to assume every enterprise is already a target and tighten down supply chains, especially software and hardware updates. CrowdStrike and Microsoft recommend deploying modern endpoint detection, zero-trust frameworks, constant threat hunting, and, of course, fast-lane vulnerability patching—because tomorrow’s zero-day might have already been sold yesterday.

That’s your cyber dragon watch for this week. Thanks for tuning in—remember to subscribe so your inbox gets the latest breach before your boss does. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals