GodRAT Goes Phishing: China's Cyber Spies Target Taiwan & Wall Street episode artwork

EPISODE · Aug 19, 2025 · 3 MIN

GodRAT Goes Phishing: China's Cyber Spies Target Taiwan & Wall Street

from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Welcome back to Digital Dragon Watch, your weekly passport to the pulse of China cyber. I’m Ting, here to hack through the headlines and decrypt the digital drama—let’s jump right into this week’s cyber showdown. Listeners, it’s been a wild ride in and around Taiwan. TechRadar just broke news on a sharp espionage campaign where Chinese state-backed hackers singled out a major Taiwanese web hosting company. These attackers didn’t just sniff around—they rooted through critical systems harvesting credentials and set up for long-term lateral movement. The crew at Cisco Talos fingered a fresh APT, UAT-7237, for these antics. Their toolkit is pure APT: custom malware, skillful deployment of privilege escalation exploits, and a real taste for unpatched vulnerabilities. Think of it as hide-and-seek, but with your corporate secrets as the prize. Taiwan is only the flashpoint. The same strategies—web host compromise, malware drop, credential collection—are showing up in U.S. and global incidents, like the Salt Typhoon operation targeting core internet infrastructure. Industry experts have been warning: hosting providers, often the backbone but not the most cyber-savvy, are soft targets. The Center for Strategic and International Studies counted a marked spike in state-aligned attacks since last year. If you’re running a hosting firm, today’s advice? Patch early, patch often, and monitor for lateral movement because these attackers are both subtle and persistent. Let’s talk new attack vectors. This week Kaspersky spotlighted the GodRAT campaign targeting trading and brokerage firms across Hong Kong, Malaysia, and beyond. The hackers—strong Winnti vibes here, aka APT41—are using Skype to send out .SCR files disguised as financial documents. The neat twist? They hide shellcode in images, steganography style, making it way trickier to detect. This GodRAT variant, built off legacy Gh0st RAT code, can harvest information, deliver more malware, and log keystrokes. Financial firms, triple-check those attachments and run up-to-date endpoint protection with sandboxing. Against this backdrop, the U.S. government is striking a wary stance. Anne Neuberger, formerly at the National Security Council, sounded the klaxons in Foreign Affairs: America is behind in cyber warfare readiness, especially for protecting critical infrastructure like power and water grids. Her fix is twofold—harden defenses and develop offensive cyber tools to keep Chinese targets at risk if escalation looms. The Justice Department, for its part, charged twelve Chinese nationals tied to the Ministry of Public Security with global hacking campaigns. And Congress is eyeing tougher export controls, such as location-verifying tags for GPUs, though Nvidia says ‘no thank you’ to mandated backdoors or kill-switches, warning it’d only help hostile actors. For enterprise defenders, expert consensus says: patch management must become o This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Welcome back to Digital Dragon Watch, your weekly passport to the pulse of China cyber. I’m Ting, here to hack through the headlines and decrypt the digital drama—let’s jump right into this week’s cyber showdown. Listeners, it’s been a wild ride in and around Taiwan. TechRadar just broke news on a sharp espionage campaign where Chinese state-backed hackers singled out a major Taiwanese web hosting company. These attackers didn’t just sniff around—they rooted through critical systems harvesting credentials and set up for long-term lateral movement. The crew at Cisco Talos fingered a fresh APT, UAT-7237, for these antics. Their toolkit is pure APT: custom malware, skillful deployment of privilege escalation exploits, and a real taste for unpatched vulnerabilities. Think of it as hide-and-seek, but with your corporate secrets as the prize. Taiwan is only the flashpoint. The same strategies—web host compromise, malware drop, credential collection—are showing up in U.S. and global incidents, like the Salt Typhoon operation targeting core internet infrastructure. Industry experts have been warning: hosting providers, often the backbone but not the most cyber-savvy, are soft targets. The Center for Strategic and International Studies counted a marked spike in state-aligned attacks since last year. If you’re running a hosting firm, today’s advice? Patch early, patch often, and monitor for lateral movement because these attackers are both subtle and persistent. Let’s talk new attack vectors. This week Kaspersky spotlighted the GodRAT campaign targeting trading and brokerage firms across Hong Kong, Malaysia, and beyond. The hackers—strong Winnti vibes here, aka APT41—are using Skype to send out .SCR files disguised as financial documents. The neat twist? They hide shellcode in images, steganography style, making it way trickier to detect. This GodRAT variant, built off legacy Gh0st RAT code, can harvest information, deliver more malware, and log keystrokes. Financial firms, triple-check those attachments and run up-to-date endpoint protection with sandboxing. Against this backdrop, the U.S. government is striking a wary stance. Anne Neuberger, formerly at the National Security Council, sounded the klaxons in Foreign Affairs: America is behind in cyber warfare readiness, especially for protecting critical infrastructure like power and water grids. Her fix is twofold—harden defenses and develop offensive cyber tools to keep Chinese targets at risk if escalation looms. The Justice Department, for its part, charged twelve Chinese nationals tied to the Ministry of Public Security with global hacking campaigns. And Congress is eyeing tougher export controls, such as location-verifying tags for GPUs, though Nvidia says ‘no thank you’ to mandated backdoors or kill-switches, warning it’d only help hostile actors. For enterprise defenders, expert consensus says: patch management must become o This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

GodRAT Goes Phishing: China's Cyber Spies Target Taiwan & Wall Street

0:00 3:42

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Digital Dragon Watch: Weekly China Cyber Alert?

This episode is 3 minutes long.

When was this Digital Dragon Watch: Weekly China Cyber Alert episode published?

This episode was published on August 19, 2025.

What is this episode about?

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Welcome back to Digital Dragon Watch, your weekly passport to the pulse of China cyber. I’m Ting, here to hack through the headlines and decrypt the digital drama—let’s jump right...

Can I download this Digital Dragon Watch: Weekly China Cyber Alert episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!