China's Cyber Chaos: Smishing, Spying Drones, and SharePoint Snafu - Your Daily Dose of Digital Mayhem!

This is your Digital Frontline: Daily China Cyber Intel podcast.

Call me Ting, your go-to brainiac for Digital Frontline: Daily China Cyber Intel, and let’s get you plugged in to the latest cyber-chaos from the Middle Kingdom. So: what’s cooking in the past 24 hours? If you’re imagining quiet, you’ve obviously never had to patch a server at midnight while Chinese APTs prowl the wire.

First up, today’s eyes-bulging headline is the smishing juggernaut run by Chinese-speaking cybercriminal crews. They’ve weaponized digital wallet tokenization—yes, the very same Apple Pay and Google Wallet that made us all think real-world wallets were obsolete. These syndicates, fronted by infamous handles like Lao Wang and his “Lighthouse” platform, are now believed to have compromised as many as 115 million U.S. payment cards. They pull it off by sending phony USPS or toll payment texts, then herding you through a slick credential-capture maze powered by pro-level Phishing-as-a-Service kits. Once they’ve got your data, they provision the cards into their own devices—often just old, insecure iPhones—making it rain at U.S. stores, or moving funds around with zero friction. Major U.S. brands are getting impersonated and even your grandmother isn’t safe if she texts back. The tokenization hack totally circumvents old-school card fraud triggers, blindsiding both banks and consumers. Industry analysts are naming big players behind the curtain too—besides Lao Wang, think Chen Lun, Darcula, and their ever-expanding cast, each using modular phishing kits and globalized infrastructure.

Pivot to critical infrastructure: Darktrace and other industry wizards are reporting a wave of targeted attacks on systems like Trimble Cityworks. This platform is everywhere—utilities, airports, local governments. Chinese-speaking threat actors were exploiting a vulnerability (CVE-2025-0994) weeks before it even hit the public radar, laying quiet groundwork for broader system compromise. They employ next-generation backdoors, like Auto-Color, that go silent if detected, showing just how much these attackers are upping their stealth game.

On the big league espionage front, there’s also serious hand-wringing about the U.S. continuing to rely on Chinese hardware for both drones and AI infrastructure. According to the Foundation for Defense of Democracies, China’s dominance in UAVs and embedded tech is now a national security liability. DJI and Autel Robotics, straight out of Shenzhen, have their drones circling close to U.S. military bases, police departments, and disaster response. Every flight is a chance for Beijing to collect, disrupt, or even sabotage—think military-civil fusion, where a cheap drone could also be a flying, persistent spy.

Federal agencies aren’t asleep at the wheel, either—CISA just added SharePoint flaws, CVE-2025-49704 and -49706 (dubbed ToolShell), to the “patch right now or die trying” list. Chinese state-linked actors Linen Typhoon and Violet Typhoon are deploying web shells and stealing cryptographic goodies from unpatched installs, with more than 400 U.S. organizations in their sights.

So what can you, the overworked IT lead or risk-conscious exec, actually do? Slam those patches—especially on SharePoint, public-facing web apps, and utility management systems. Train every single employee to spot sophisticated SMS phishing. Segregate networks for operational and payment platforms, and scrutinize device origin and supply chains like your job depends on it. If your business runs drones, monitor them like you would your payroll system—seriously, treat every off-brand update with suspicion. And for organizations playing with AI: lock down your models, monitor hardware anomalies, and pray your datacenter isn’t broadcasting power-signal Morse code to someone in Chengdu.

That’s the digital frontline for today. Thanks for tuning in, listeners! Remember to subscribe for a...