EPISODE · Jan 16, 2026 · 3 MIN
China's Cyber Playground: Zero-Days, Billion Dollar Scams, and the Great Tech Cold War Heats Up
from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your weekly China cyber alert, and let me tell you, it's been absolutely wild out there. So first up, we've got UAT-8837, a China-nexus advanced persistent threat group that's been absolutely relentless against North American critical infrastructure. According to Cisco Talos, these actors have been exploiting a critical zero-day vulnerability in Sitecore with a CVSS score of 9.0 to gain initial access to high-value targets. What's particularly sneaky is their playbook once they're inside. They grab credentials, security configs, and Active Directory information, then deploy open-source tools like EarthWorm for reverse tunneling and DWAgent for persistent access. They're literally building highways into your network infrastructure. But wait, there's more. Just this week, Cisco also disclosed another group, UAT-9686, that exploited a maximum severity AsyncOS flaw in Cisco's Secure Email Gateway. This one's a real doozy with a perfect CVSS score of 10.0. We're talking arbitrary root command execution on email appliances. According to Cisco's Product Security Incident Response Team, attacks started in late November 2025 and they discovered malicious activity on December 10th. The actors deployed something called AquaShell for persistence, plus AquaTunnel and AquaPurge to cover their tracks. Now here's where it gets interesting. Leaked internal documents from a Chinese contractor called Knownsec reveal this entire state-aligned cyber espionage ecosystem. According to Field Effect Security Intelligence, Knownsec developed systematic reconnaissance capabilities supporting Chinese nation-state objectives through internet-wide scanning, vulnerability identification, and massive data aggregation. They're running continuous, automated targeting operations that dwarf anything we've seen before. Speaking of government response, according to Lawfare Media, China arrested alleged scam kingpin Chen Zhi, who the U.S. had previously sanctioned and charged with orchestrating fifteen billion dollars worth of cryptocurrency schemes. China actually succeeded where American authorities initially couldn't, using regional clout to extract him from Cambodia. Though experts note China's anti-scam efforts remain reactive rather than strategically comprehensive. On the diplomatic front, according to multiple sources, China has reportedly prohibited U.S. and Israeli cybersecurity firms from operating domestically, citing national security concerns. Meanwhile, the Trump administration's National Security Strategy explicitly states they want U.S. technology and standards to drive the world forward, setting up what's shaping up to be a serious technology cold war. The recommendations from cybersecurity agencies across Australia, Germany, the Netherlands, New Zealand, the UK, and the U.S. are straightforward but critical. Limit your operational technology exposure, centralize This content was created in partnership and with the help of Artificial Intelligence AI.
What this episode covers
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your weekly China cyber alert, and let me tell you, it's been absolutely wild out there. So first up, we've got UAT-8837, a China-nexus advanced persistent threat group that's been absolutely relentless against North American critical infrastructure. According to Cisco Talos, these actors have been exploiting a critical zero-day vulnerability in Sitecore with a CVSS score of 9.0 to gain initial access to high-value targets. What's particularly sneaky is their playbook once they're inside. They grab credentials, security configs, and Active Directory information, then deploy open-source tools like EarthWorm for reverse tunneling and DWAgent for persistent access. They're literally building highways into your network infrastructure. But wait, there's more. Just this week, Cisco also disclosed another group, UAT-9686, that exploited a maximum severity AsyncOS flaw in Cisco's Secure Email Gateway. This one's a real doozy with a perfect CVSS score of 10.0. We're talking arbitrary root command execution on email appliances. According to Cisco's Product Security Incident Response Team, attacks started in late November 2025 and they discovered malicious activity on December 10th. The actors deployed something called AquaShell for persistence, plus AquaTunnel and AquaPurge to cover their tracks. Now here's where it gets interesting. Leaked internal documents from a Chinese contractor called Knownsec reveal this entire state-aligned cyber espionage ecosystem. According to Field Effect Security Intelligence, Knownsec developed systematic reconnaissance capabilities supporting Chinese nation-state objectives through internet-wide scanning, vulnerability identification, and massive data aggregation. They're running continuous, automated targeting operations that dwarf anything we've seen before. Speaking of government response, according to Lawfare Media, China arrested alleged scam kingpin Chen Zhi, who the U.S. had previously sanctioned and charged with orchestrating fifteen billion dollars worth of cryptocurrency schemes. China actually succeeded where American authorities initially couldn't, using regional clout to extract him from Cambodia. Though experts note China's anti-scam efforts remain reactive rather than strategically comprehensive. On the diplomatic front, according to multiple sources, China has reportedly prohibited U.S. and Israeli cybersecurity firms from operating domestically, citing national security concerns. Meanwhile, the Trump administration's National Security Strategy explicitly states they want U.S. technology and standards to drive the world forward, setting up what's shaping up to be a serious technology cold war. The recommendations from cybersecurity agencies across Australia, Germany, the Netherlands, New Zealand, the UK, and the U.S. are straightforward but critical. Limit your operational technology exposure, centralize This content was created in partnership and with the help of Artificial Intelligence AI.
NOW PLAYING
China's Cyber Playground: Zero-Days, Billion Dollar Scams, and the Great Tech Cold War Heats Up
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.