Cisco's Zero-Day Holiday Gifts from China & LongNosedGoblin's Sneaky Backdoor Adventures episode artwork

EPISODE · Dec 22, 2025 · 4 MIN

Cisco's Zero-Day Holiday Gifts from China & LongNosedGoblin's Sneaky Backdoor Adventures

from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with Digital Dragon Watch, your weekly China cyber alert hot off the presses for the past seven days ending December 22, 2025. Buckle up, because Beijing's hackers are dropping zero-days like holiday gifts nobody wants. First off, Chinese state-linked crew UAT-9686 just lit up Cisco's Email Security Appliances with a nasty zero-day, CVE-2025-20393, in AsyncOS software. Cisco's own advisory confirms they've been exploiting it since November for root access, no auth needed, dropping malware like ReverseSSH, aka AquaTunnel, Chisel, AquaPurge, and the sneaky AquaShell backdoor. Targets? Exposed management interfaces in finance, healthcare, and government sectors—think sensitive comms ripe for espionage. No patch yet, so Cisco's yelling to disable Spam Quarantine and isolate those boxes pronto. Meanwhile, the fresh-faced LongNosedGoblin, a China-aligned APT, is prowling government networks in Southeast Asia and Japan. Cyware Social reports they're abusing Group Policy for malware deployment via their NosyDoor backdoor, active since at least September 2023. Sneaky initial access unknown, but they're chaining cloud services for command-and-control. Over in Europe, Ink Dragon—another China nexus—expanded into government environments, per Innovate Cybersecurity, hopping compromised servers for deeper digs. New attack vectors? Picture this: whispered commands hijacking robot armies, as South China Morning Post detailed Chinese researchers demoing a one-word vuln in humanoid bots that spies could whisper to seize control. And don't sleep on Fire Ant's campaign hitting VMware and network infra, noted in SDX Central's top 2025 stories. US gov's firing back hard. The Justice Department indicted 12 Chinese hackers tied to Ministry of State Security units for global intrusions into aerospace, labs, defense contractors, and even journalists, according to CybelAngel. CISA's piling on, adding vulns like those in Fortinet to their KEV catalog—over 25,000 FortiCloud SSO devices exposed via CVE-2025-59718 and CVE-2025-59719 for SAML admin takeovers. They're pushing quantum-resistant crypto in the upcoming national strategy, but Senate adjourned without confirming CISA's director, leaving some limbo as Nextgov reports. Targeted sectors scream critical infrastructure: networks, email gateways, virtualization, even industrial edges. Defensive measures? Experts at The Hacker News urge auditing Cisco configs, rotating creds post-RCE, and segmenting edge devices. WebProNews echoes: implement workarounds now, like isolating internet-facing gear. For you pros, prioritize KEV patches, hunt for AquaShell persistence, and train on Group Policy abuse. Oh, and China's tightening their own Cybersecurity Law, hiking fines to 10 million CNY for critical infra slip-ups, per RP Lawyers—ironic, right? Stay sharp, rotate those secrets, and layer up with network redundancy. Beijing's not s This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with Digital Dragon Watch, your weekly China cyber alert hot off the presses for the past seven days ending December 22, 2025. Buckle up, because Beijing's hackers are dropping zero-days like holiday gifts nobody wants. First off, Chinese state-linked crew UAT-9686 just lit up Cisco's Email Security Appliances with a nasty zero-day, CVE-2025-20393, in AsyncOS software. Cisco's own advisory confirms they've been exploiting it since November for root access, no auth needed, dropping malware like ReverseSSH, aka AquaTunnel, Chisel, AquaPurge, and the sneaky AquaShell backdoor. Targets? Exposed management interfaces in finance, healthcare, and government sectors—think sensitive comms ripe for espionage. No patch yet, so Cisco's yelling to disable Spam Quarantine and isolate those boxes pronto. Meanwhile, the fresh-faced LongNosedGoblin, a China-aligned APT, is prowling government networks in Southeast Asia and Japan. Cyware Social reports they're abusing Group Policy for malware deployment via their NosyDoor backdoor, active since at least September 2023. Sneaky initial access unknown, but they're chaining cloud services for command-and-control. Over in Europe, Ink Dragon—another China nexus—expanded into government environments, per Innovate Cybersecurity, hopping compromised servers for deeper digs. New attack vectors? Picture this: whispered commands hijacking robot armies, as South China Morning Post detailed Chinese researchers demoing a one-word vuln in humanoid bots that spies could whisper to seize control. And don't sleep on Fire Ant's campaign hitting VMware and network infra, noted in SDX Central's top 2025 stories. US gov's firing back hard. The Justice Department indicted 12 Chinese hackers tied to Ministry of State Security units for global intrusions into aerospace, labs, defense contractors, and even journalists, according to CybelAngel. CISA's piling on, adding vulns like those in Fortinet to their KEV catalog—over 25,000 FortiCloud SSO devices exposed via CVE-2025-59718 and CVE-2025-59719 for SAML admin takeovers. They're pushing quantum-resistant crypto in the upcoming national strategy, but Senate adjourned without confirming CISA's director, leaving some limbo as Nextgov reports. Targeted sectors scream critical infrastructure: networks, email gateways, virtualization, even industrial edges. Defensive measures? Experts at The Hacker News urge auditing Cisco configs, rotating creds post-RCE, and segmenting edge devices. WebProNews echoes: implement workarounds now, like isolating internet-facing gear. For you pros, prioritize KEV patches, hunt for AquaShell persistence, and train on Group Policy abuse. Oh, and China's tightening their own Cybersecurity Law, hiking fines to 10 million CNY for critical infra slip-ups, per RP Lawyers—ironic, right? Stay sharp, rotate those secrets, and layer up with network redundancy. Beijing's not s This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

Cisco's Zero-Day Holiday Gifts from China & LongNosedGoblin's Sneaky Backdoor Adventures

0:00 4:46

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Digital Dragon Watch: Weekly China Cyber Alert?

This episode is 4 minutes long.

When was this Digital Dragon Watch: Weekly China Cyber Alert episode published?

This episode was published on December 22, 2025.

What is this episode about?

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with Digital Dragon Watch, your weekly China cyber alert hot off the presses for the past seven days ending December 22, 2025. Buckle up, because...

Can I download this Digital Dragon Watch: Weekly China Cyber Alert episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!