EPISODE · Feb 23, 2026 · 4 MIN
Dragons Pick Locks While We Fight Over Keys: Chinese Hackers Feast on Ivanti Dell and BeyondTrust Flaws
from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest chaos from the past seven days ending February 23, 2026. Buckle up—China-linked hackers are flexing hard, exploiting old wounds and new flaws like it's a cyber buffet. First off, TechCrunch dropped a bombshell today: back in February 2021, Chinese hackers snuck a secret backdoor into Pulse Secure's VPN software—now under Ivanti—compromising 119 organizations, including U.S. and European military contractors. Mandiant spotted it early, but private equity cuts at Ivanti post-2017 Clearlake acquisition gutted security know-how, leaving doors wide open. Fast-forward, CISA forced federal agencies to yank Ivanti VPNs in early 2024 over zero-days, and last year another Connect Secure flaw got pwned. Sectors hit? Defense, government, you name it—classic supply chain sabotage. Not done yet: CISA's emergency directive this week mandates patching Dell RecoverPoint's CVE-2026-22769, a hardcoded credential mess exploited since mid-2024 by suspected Chinese actors dropping Grimbolt backdoors in VMware backups. Critical infrastructure's sweating bullets. Then there's BeyondTrust's CVE-2026-1731, a 9.9 CVSS remote code exec flaw patched February 6. Palo Alto Networks Unit 42 reports active abuse—web shells like China Chopper echoes, SparkRAT, VShell droppers—for data theft and ransomware across finance, healthcare, government in the U.S., France, Germany, Australia, Canada. Hacktron AI flagged 11,000 exposed instances; GreyNoise saw scans post-PoC. Targeted sectors? Healthcare got hammered—University of Mississippi Medical Center ransomware shut clinics statewide, FBI's on it. Hospitality too, with ShinyHunters hitting Wynn Resorts for $1.5M ransom. New vectors? Stealthy persistence via config stomping, API chaining, and deep infra compromises like virtualization layers, per a fresh study on AI-driven attacks breaching in 72 minutes. Chinese state actors love that long-game lurking. U.S. responses? CISA's patching frenzies and KEV updates scream urgency. No big diplomatic blasts this week, but it's echoing warnings like ex-NSA chief Mike Rogers on Chinese solar inverters phoning home past firewalls. Expert recs from Unit 42 and CISA: Patch now—Ivanti, Dell, BeyondTrust, Honeywell CCTV's auth bypass. Enforce MFA everywhere, hunt weak creds on firewalls like Fortinet's 600+ breaches (though that was Russian AI, lesson sticks). Segment networks, monitor for VShell or Grimbolt IOCs, and diversify threat intel despite China's January ban on Palo Alto, CrowdStrike—don't let geopolitics blind you. Witty wrap: Dragons aren't breathing fire; they're picking locks while we bicker over keys. Stay vigilant, listeners—patch like your data depends on it. Thanks for tuning in—subscribe for more dragon slaying! This has been a Quiet Please production, for more check out quietplease.ai. F This content was created in partnership and with the help of Artificial Intelligence AI.
What this episode covers
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, diving straight into the hottest chaos from the past seven days ending February 23, 2026. Buckle up—China-linked hackers are flexing hard, exploiting old wounds and new flaws like it's a cyber buffet. First off, TechCrunch dropped a bombshell today: back in February 2021, Chinese hackers snuck a secret backdoor into Pulse Secure's VPN software—now under Ivanti—compromising 119 organizations, including U.S. and European military contractors. Mandiant spotted it early, but private equity cuts at Ivanti post-2017 Clearlake acquisition gutted security know-how, leaving doors wide open. Fast-forward, CISA forced federal agencies to yank Ivanti VPNs in early 2024 over zero-days, and last year another Connect Secure flaw got pwned. Sectors hit? Defense, government, you name it—classic supply chain sabotage. Not done yet: CISA's emergency directive this week mandates patching Dell RecoverPoint's CVE-2026-22769, a hardcoded credential mess exploited since mid-2024 by suspected Chinese actors dropping Grimbolt backdoors in VMware backups. Critical infrastructure's sweating bullets. Then there's BeyondTrust's CVE-2026-1731, a 9.9 CVSS remote code exec flaw patched February 6. Palo Alto Networks Unit 42 reports active abuse—web shells like China Chopper echoes, SparkRAT, VShell droppers—for data theft and ransomware across finance, healthcare, government in the U.S., France, Germany, Australia, Canada. Hacktron AI flagged 11,000 exposed instances; GreyNoise saw scans post-PoC. Targeted sectors? Healthcare got hammered—University of Mississippi Medical Center ransomware shut clinics statewide, FBI's on it. Hospitality too, with ShinyHunters hitting Wynn Resorts for $1.5M ransom. New vectors? Stealthy persistence via config stomping, API chaining, and deep infra compromises like virtualization layers, per a fresh study on AI-driven attacks breaching in 72 minutes. Chinese state actors love that long-game lurking. U.S. responses? CISA's patching frenzies and KEV updates scream urgency. No big diplomatic blasts this week, but it's echoing warnings like ex-NSA chief Mike Rogers on Chinese solar inverters phoning home past firewalls. Expert recs from Unit 42 and CISA: Patch now—Ivanti, Dell, BeyondTrust, Honeywell CCTV's auth bypass. Enforce MFA everywhere, hunt weak creds on firewalls like Fortinet's 600+ breaches (though that was Russian AI, lesson sticks). Segment networks, monitor for VShell or Grimbolt IOCs, and diversify threat intel despite China's January ban on Palo Alto, CrowdStrike—don't let geopolitics blind you. Witty wrap: Dragons aren't breathing fire; they're picking locks while we bicker over keys. Stay vigilant, listeners—patch like your data depends on it. Thanks for tuning in—subscribe for more dragon slaying! This has been a Quiet Please production, for more check out quietplease.ai. F This content was created in partnership and with the help of Artificial Intelligence AI.
NOW PLAYING
Dragons Pick Locks While We Fight Over Keys: Chinese Hackers Feast on Ivanti Dell and BeyondTrust Flaws
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.