EPISODE · Nov 7, 2025 · 4 MIN
Chinese Hackers Feast on US Gov as Feds Slash Cybersecurity | Digital Dragon Watch Ep 37
from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. It’s Ting here with your fresh-off-the-wire Digital Dragon Watch: Weekly China Cyber Alert for November 7th, 2025. If you thought last week was spicy, the last seven days have truly been a dim sum cart of Chinese cyber tactics, advanced threats, and some very questionable US defensive maneuvers. Let’s get straight to the biggest story: suspected Chinese state-backed hackers breached the US Congressional Budget Office. Yes, the CBO—the folks running budget estimates for every squabble on Capitol Hill—discovered malicious actors had infiltrated emails and internal communications. This raised eyebrows at CNN and Politico, since any leaked correspondence here could reveal the legislative pulse, giving Beijing a behind-the-scenes seat at America’s policy table. U.S. officials cited in major outlets indicate China as the likely culprit, matching tactics used in July’s law firm breach, which also carried the trade negotiation scent. CBO spokesperson Caitlin Emma says quick action plugged some gaps, with extra monitoring and controls rolled out, but the breach is still under active investigation. Staffers were warned: don’t trust links from CBO mail, as accounts could remain infected. This is unfolding as the federal shutdown stretches into its 37th day, conveniently handicapping two-thirds of the CISA cyber defense team and making the government an even juicier target. Moving to attack vectors, researchers at Symantec and Carbon Black laid out a fascinating technique menu in an April 2025 campaign, recently tied to Chinese groups like Salt Typhoon (also known as Kelp) and the infamous APT41. They exploited vulnerabilities like OGNL injection in Atlassian (CVE-2022-26134), the ubiquitous Log4j bug, Apache Struts, and GoAhead RCE. Once in, tools like netstat for recon, scheduled tasks for persistence (using system-level privileges), and DLL sideloading with legitimate apps like vetysafe.exe kept them hidden and flexible. Oh, and watch out for Dcsync, a credential-stealing tool that can pretty much let an attacker stroll through the entire network if not found quickly. Salt Typhoon’s skillset is impressive: this group rooted around major US ISPs for over a year—including giants like AT&T and Verizon—using default credential exploits and sideloaded payloads to spy, even after supposed “detection.” What’s different this week? There's a major push by Chinese attackers into critical and sensitive sectors—think nonprofits influencing policy, legal firms working on US-China relations, and government offices like the CBO. Meanwhile, over in the private sector, threat researchers at ESET spotted groups like PlushDaemon redirecting DNS to hijack software updates—think ‘man-in-the-middle’ but on steroids—while IIS server attacks with SEO cloaking and stealthy backdoors are ramping up, courtesy of groups like REF3927. Let’s not skip the elephant in the situation room: the US government response This content was created in partnership and with the help of Artificial Intelligence AI.
What this episode covers
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. It’s Ting here with your fresh-off-the-wire Digital Dragon Watch: Weekly China Cyber Alert for November 7th, 2025. If you thought last week was spicy, the last seven days have truly been a dim sum cart of Chinese cyber tactics, advanced threats, and some very questionable US defensive maneuvers. Let’s get straight to the biggest story: suspected Chinese state-backed hackers breached the US Congressional Budget Office. Yes, the CBO—the folks running budget estimates for every squabble on Capitol Hill—discovered malicious actors had infiltrated emails and internal communications. This raised eyebrows at CNN and Politico, since any leaked correspondence here could reveal the legislative pulse, giving Beijing a behind-the-scenes seat at America’s policy table. U.S. officials cited in major outlets indicate China as the likely culprit, matching tactics used in July’s law firm breach, which also carried the trade negotiation scent. CBO spokesperson Caitlin Emma says quick action plugged some gaps, with extra monitoring and controls rolled out, but the breach is still under active investigation. Staffers were warned: don’t trust links from CBO mail, as accounts could remain infected. This is unfolding as the federal shutdown stretches into its 37th day, conveniently handicapping two-thirds of the CISA cyber defense team and making the government an even juicier target. Moving to attack vectors, researchers at Symantec and Carbon Black laid out a fascinating technique menu in an April 2025 campaign, recently tied to Chinese groups like Salt Typhoon (also known as Kelp) and the infamous APT41. They exploited vulnerabilities like OGNL injection in Atlassian (CVE-2022-26134), the ubiquitous Log4j bug, Apache Struts, and GoAhead RCE. Once in, tools like netstat for recon, scheduled tasks for persistence (using system-level privileges), and DLL sideloading with legitimate apps like vetysafe.exe kept them hidden and flexible. Oh, and watch out for Dcsync, a credential-stealing tool that can pretty much let an attacker stroll through the entire network if not found quickly. Salt Typhoon’s skillset is impressive: this group rooted around major US ISPs for over a year—including giants like AT&T and Verizon—using default credential exploits and sideloaded payloads to spy, even after supposed “detection.” What’s different this week? There's a major push by Chinese attackers into critical and sensitive sectors—think nonprofits influencing policy, legal firms working on US-China relations, and government offices like the CBO. Meanwhile, over in the private sector, threat researchers at ESET spotted groups like PlushDaemon redirecting DNS to hijack software updates—think ‘man-in-the-middle’ but on steroids—while IIS server attacks with SEO cloaking and stealthy backdoors are ramping up, courtesy of groups like REF3927. Let’s not skip the elephant in the situation room: the US government response This content was created in partnership and with the help of Artificial Intelligence AI.
NOW PLAYING
Chinese Hackers Feast on US Gov as Feds Slash Cybersecurity | Digital Dragon Watch Ep 37
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.