EPISODE · Sep 21, 2025 · 5 MIN
Aisuru Botnet's Mega Meltdown: Volt Typhoon's Critical Hit & WarLock's Zero-Day Play
from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. This is Ting, your digital dragon watcher, and wow, buckle up listeners—the past week in China cyber has been a fire-breathing spectacle. Cyber threats, state action, and headline-worthy espionage moves, all with a twist of tech innovation—let's dive right into the wires. First up, let’s talk attack vectors: Microsoft and Sophos have been sounding the alarm on the WarLock ransomware gang, who arguably deserve a “rookie of the year” title for sheer nerve. These folks, with clear suspected Beijing backing, ramped up attacks and unveiled some fresh tactics. Since March, they’ve hit a spectrum of targets, from small agencies to digital powerhouses like France’s Orange and the UK’s Colt. The showstopper? Their latest operation exploited a zero-day flaw in on-premise Microsoft SharePoint—an attack chain featuring clever web shell deployments and covert tunneling with legit admin tools like Velociraptor. Microsoft highlighted Chinese state-aligned actors tagging along, especially with the Salt Typhoon group, who cracked into government networks using these SharePoint exploits. Let me translate: thousands of organizations, lots in the public sector, have been left exposed and scrambling to patch. It didn’t stop there. The infamous Volt Typhoon group stayed true to form, burrowing deep into U.S. critical infrastructure. U.S. officials and Dragos are warning that these actors have successfully nested inside utilities—especially water systems—across the country, laying groundwork for a potential crisis if tensions over Taiwan boil over. Picture rogue code ready to turn off water in entire cities, just by flipping the digital switch. Now, over in the Indo-Pacific, Hive0154—also known as Mustang Panda—dropped a new Toneshell backdoor plus the novel SnakeDisk USB worm. This little nasty only operates in Thailand, spreading through USB drives and deploying the Yokai backdoor. The cyber zoo never looked so wild. Meanwhile, botnet Aisuru, with its megaton of infected devices, keeps flooding targets in China, the U.S., and Europe. If your sysadmin seems frazzled, blame Aisuru. State side, U.S. government agencies are in high alert mode. New Federal Acquisition Regulation rules strictly limit Chinese telecom hardware, aiming to close backdoors and keep critical networks shaded from cyber snoops. The CISA has been putting the word out about Ivanti endpoint vulnerabilities after threat actors exploited fresh CVEs, with malware enabling remote code on compromised servers. What's China doing about its own digital drama? The Cyberspace Administration's sweeping "Clean Internet" campaign landed hard on social media giants like Weibo and Kuaishou this week—cracking down not just on celebrity gossip, but targeting rumor-mongering, fake influencers, and manipulative online campaigns. Nearly 900 bits of false news vaporized in Tianjin alone, plus more than a thousand rumor cases squashed in Inner Mong This content was created in partnership and with the help of Artificial Intelligence AI.
What this episode covers
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. This is Ting, your digital dragon watcher, and wow, buckle up listeners—the past week in China cyber has been a fire-breathing spectacle. Cyber threats, state action, and headline-worthy espionage moves, all with a twist of tech innovation—let's dive right into the wires. First up, let’s talk attack vectors: Microsoft and Sophos have been sounding the alarm on the WarLock ransomware gang, who arguably deserve a “rookie of the year” title for sheer nerve. These folks, with clear suspected Beijing backing, ramped up attacks and unveiled some fresh tactics. Since March, they’ve hit a spectrum of targets, from small agencies to digital powerhouses like France’s Orange and the UK’s Colt. The showstopper? Their latest operation exploited a zero-day flaw in on-premise Microsoft SharePoint—an attack chain featuring clever web shell deployments and covert tunneling with legit admin tools like Velociraptor. Microsoft highlighted Chinese state-aligned actors tagging along, especially with the Salt Typhoon group, who cracked into government networks using these SharePoint exploits. Let me translate: thousands of organizations, lots in the public sector, have been left exposed and scrambling to patch. It didn’t stop there. The infamous Volt Typhoon group stayed true to form, burrowing deep into U.S. critical infrastructure. U.S. officials and Dragos are warning that these actors have successfully nested inside utilities—especially water systems—across the country, laying groundwork for a potential crisis if tensions over Taiwan boil over. Picture rogue code ready to turn off water in entire cities, just by flipping the digital switch. Now, over in the Indo-Pacific, Hive0154—also known as Mustang Panda—dropped a new Toneshell backdoor plus the novel SnakeDisk USB worm. This little nasty only operates in Thailand, spreading through USB drives and deploying the Yokai backdoor. The cyber zoo never looked so wild. Meanwhile, botnet Aisuru, with its megaton of infected devices, keeps flooding targets in China, the U.S., and Europe. If your sysadmin seems frazzled, blame Aisuru. State side, U.S. government agencies are in high alert mode. New Federal Acquisition Regulation rules strictly limit Chinese telecom hardware, aiming to close backdoors and keep critical networks shaded from cyber snoops. The CISA has been putting the word out about Ivanti endpoint vulnerabilities after threat actors exploited fresh CVEs, with malware enabling remote code on compromised servers. What's China doing about its own digital drama? The Cyberspace Administration's sweeping "Clean Internet" campaign landed hard on social media giants like Weibo and Kuaishou this week—cracking down not just on celebrity gossip, but targeting rumor-mongering, fake influencers, and manipulative online campaigns. Nearly 900 bits of false news vaporized in Tianjin alone, plus more than a thousand rumor cases squashed in Inner Mong This content was created in partnership and with the help of Artificial Intelligence AI.
NOW PLAYING
Aisuru Botnet's Mega Meltdown: Volt Typhoon's Critical Hit & WarLock's Zero-Day Play
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.