Pandas Plunder Cloud Kingdoms: Genesis & Murky Run Wild at Black Hat - Bellini Blares Kill-Switch Klaxon!

This is your Digital Frontline: Daily China Cyber Intel podcast.

Hey listeners, Ting here back on Digital Frontline: Daily China Cyber Intel, where we cut through the static and get you the sharpest, freshest threat data—because let’s face it, nobody wants to be the slowest gazelle on this savannah.

Today, August 4, 2025, the headlines are nothing short of wild: CrowdStrike’s new Threat Hunting Report just dropped at Black Hat USA, and the numbers tell a story—cloud intrusions absolutely exploded, clocking in at 136% higher than all last year, with a whopping 40% traced to Chinese-state cyber operators. Two groups have everyone buzzing: Genesis Panda and Murky Panda. Genesis Panda is showing off as the cloud’s new initial broker, grabbing hold of weakly-configured web apps and burrowing into cloud service provider accounts, laying the red carpet for future intelligence heists. Meanwhile, Murky Panda works social—jumping from one trusted partner to another, especially in North America, exploiting those supply chain links that businesses rarely lock down. If your IT team is busy high-fiving over that last ransomware dodge, gently remind them to check lateral movement in their own cloud environments—these pandas do not play[Infosecurity Magazine, CrowdStrike].

Now, if you thought your AI was just cool automation and not a juicy target, think again. CrowdStrike warns that agentic AI—those autonomous task-running digital minions—are now prime hunting ground. Attackers, especially Chinese crews, are breaking into the very tools used to build and orchestrate these bots, hijacking machine identities and launching next-generation supply chain attacks. Don’t assume every bot sitting quietly in your SaaS stack is friendly—auditing privileges and monitoring for credential abuse is now non-negotiable[Computer Weekly, CrowdStrike].

Here’s the kicker—Chinese hardware and embedded code still pose an existential risk to US infrastructure. Arnie Bellini, cybersecurity veteran, won’t stop harping on the “tech kill-switch” threat. Power inverters, industrial machines, even surveillance cameras imported from China could, in Bellini’s words, “call back to Beijing, flip a switch, and turn off the lights”—literally. Ports, power grids, water systems: no piece of American infrastructure is too boring to hack if it keeps the lights on[Daily Express US, Bellini].

And what about telecoms? The Salt Typhoon attack proved, in spectacular fashion, why backdoors built for law enforcement can bite back. Chinese hackers recently broke into US telecom systems—thanks in part to vulnerabilities born of the CALEA mandate—and stole databases detailing wiretap targets. That means Beijing now knows which spies we’ve caught, and possibly, which ones are still undercover. This is not some Hollywood drama—this is campaign ops and national security, breached via the switchboard. In response, US, Canada, Australia, and New Zealand all doubled down on end-to-end encryption. The UK, interestingly, is paddling its own canoe with technical capability notices[FTCN, Dr. Susan Landau].

Let’s wrap up with my pro tips, straight from the trenches: If you haven’t enabled multi-factor authentication on every administrator and cloud service account, you’re running naked through an IoT cactus patch. Patch those cloud misconfigs, and start inventorying every single machine identity and AI agent that’s got the keys to your digital castle. Invest in persistent network monitoring, and, for the love of all that’s unphished, audit your supply chain and dump the mystery black boxes from no-name OEMs.

Thanks for tuning in to Digital Frontline! Don’t forget to hit subscribe, send this to your most paranoid sysadmin, and stay one step ahead of those digital pandas. This has been a quiet please production, for more check out quiet please dot ai.

For more