China's Execution Spree, Spy Games in Southeast Asia, and 8.7 Billion Leaked Records - Your Weekly Cyber Tea episode artwork

EPISODE · Feb 4, 2026 · 4 MIN

China's Execution Spree, Spy Games in Southeast Asia, and 8.7 Billion Leaked Records - Your Weekly Cyber Tea

from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your weekly China Cyber Alert, and boy do we have some developments that'll make your threat intel team lose sleep. Let's jump straight in. China just sent an unmistakable message about how serious it takes cybercrime by executing members of the Ming family criminal group out of Myanmar. We're talking eleven people executed in Wenzhou in late January for running massive telecom and pig-butchering scam operations. Days later, Shenzhen carried out four more executions of the Bai family syndicate running scam parks in Kokang, Myanmar. Now here's the wild part—these weren't treated as your typical financial crimes. Beijing classified them as national security threats, which means the enforcement hammer came down hard. These operations were draining billions from victims globally while running kidnapping, extortion, and trafficking rings on the side. The UN estimates these syndicates generate billions annually and employ hundreds of thousands of forced workers. But execution announcements aren't the only thing making headlines. Check Point Research just exposed a sophisticated campaign by a China-linked group they're calling Amaranth-Dragon, which shares connections to APT 41. They've been systematically targeting Southeast Asian governments across Cambodia, Thailand, Laos, Indonesia, Singapore, and the Philippines throughout 2025. The group weaponized a WinRAR vulnerability called CVE-2025-8088 just eight days after disclosure, showing scary technical maturity. They deployed a custom loader that chains to an open-source command framework called Havoc. What's particularly clever is their infrastructure was locked down to accept traffic only from specific target countries using Cloudflare, minimizing exposure while maintaining operational secrecy. Meanwhile, Mustang Panda, another Chinese state-sponsored group, launched what researchers are calling PlugX Diplomacy—campaigns between December 2025 and mid-January targeting diplomatic officials with malicious LNK files disguised as US policy documents. One attack hit the Royal Thai Police using seemingly legitimate FBI training materials. When opened, the shortcut executed the Yokai backdoor. These aren't random attacks. They're timed to coincide with sensitive political developments and regional security events, specifically calibrated for maximum social engineering effectiveness. On the defensive side, we've also seen China face its own data exposure problems. Cybersecurity researchers uncovered 8.7 billion records linked to Chinese individuals and businesses sitting unsecured in an Elasticsearch cluster in early January. The dataset included national IDs, home addresses, emails, and social media credentials. It remained accessible for over three weeks before closure. Here's what listeners should take away: Chinese threat actors continue escalating sophistication while Beijing itself increasingly wea This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your weekly China Cyber Alert, and boy do we have some developments that'll make your threat intel team lose sleep. Let's jump straight in. China just sent an unmistakable message about how serious it takes cybercrime by executing members of the Ming family criminal group out of Myanmar. We're talking eleven people executed in Wenzhou in late January for running massive telecom and pig-butchering scam operations. Days later, Shenzhen carried out four more executions of the Bai family syndicate running scam parks in Kokang, Myanmar. Now here's the wild part—these weren't treated as your typical financial crimes. Beijing classified them as national security threats, which means the enforcement hammer came down hard. These operations were draining billions from victims globally while running kidnapping, extortion, and trafficking rings on the side. The UN estimates these syndicates generate billions annually and employ hundreds of thousands of forced workers. But execution announcements aren't the only thing making headlines. Check Point Research just exposed a sophisticated campaign by a China-linked group they're calling Amaranth-Dragon, which shares connections to APT 41. They've been systematically targeting Southeast Asian governments across Cambodia, Thailand, Laos, Indonesia, Singapore, and the Philippines throughout 2025. The group weaponized a WinRAR vulnerability called CVE-2025-8088 just eight days after disclosure, showing scary technical maturity. They deployed a custom loader that chains to an open-source command framework called Havoc. What's particularly clever is their infrastructure was locked down to accept traffic only from specific target countries using Cloudflare, minimizing exposure while maintaining operational secrecy. Meanwhile, Mustang Panda, another Chinese state-sponsored group, launched what researchers are calling PlugX Diplomacy—campaigns between December 2025 and mid-January targeting diplomatic officials with malicious LNK files disguised as US policy documents. One attack hit the Royal Thai Police using seemingly legitimate FBI training materials. When opened, the shortcut executed the Yokai backdoor. These aren't random attacks. They're timed to coincide with sensitive political developments and regional security events, specifically calibrated for maximum social engineering effectiveness. On the defensive side, we've also seen China face its own data exposure problems. Cybersecurity researchers uncovered 8.7 billion records linked to Chinese individuals and businesses sitting unsecured in an Elasticsearch cluster in early January. The dataset included national IDs, home addresses, emails, and social media credentials. It remained accessible for over three weeks before closure. Here's what listeners should take away: Chinese threat actors continue escalating sophistication while Beijing itself increasingly wea This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

China's Execution Spree, Spy Games in Southeast Asia, and 8.7 Billion Leaked Records - Your Weekly Cyber Tea

0:00 4:25

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Digital Dragon Watch: Weekly China Cyber Alert?

This episode is 4 minutes long.

When was this Digital Dragon Watch: Weekly China Cyber Alert episode published?

This episode was published on February 4, 2026.

What is this episode about?

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your weekly China Cyber Alert, and boy do we have some developments that'll make your threat intel team lose sleep. Let's jump straight in. China...

Can I download this Digital Dragon Watch: Weekly China Cyber Alert episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!