EPISODE · Sep 19, 2025 · 5 MIN
Pentagon Bans China Cloud Crews, Fake Congress Emails, and Qilin Ransomware Rockets to Top Spot
from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Ting here, your dragon-tamer on the Digital Dragon Watch, and wow, the last seven days in China cyber have been a wild firewall ride. Let’s dive right in, because the latest Defense Department moves could fill an entire season of cyber thrillers. The Pentagon just banned cloud vendors from using China-based personnel on defense systems—yeah, after ProPublica exposed Microsoft’s nearly decade-long habit of letting engineers in China tinker with U.S. military cloud code. Turns out, the so-called “digital escorts,” those U.S.-based supervisors, often had less technical chops than the people they were supposed to shadow. Classic big tech workaround, but a field day if you like drama and a national security migraine if you don’t. Now, not only must everyone working on Pentagon cloud be from non-adversarial countries, but every keystroke by foreign engineers gets logged in forensic detail, audit-trail style. Microsoft, feeling the heat, promised it’s done with the China-support model and is on board with the shiny new requirements. Meanwhile, Chinese threat actors flexed social engineering muscles by impersonating Representative John Moolenaar, the chair of the House Select Committee on Strategic Competition with the Chinese Communist Party. They fired off spear-phishing emails that looked like legit legislative business—fake requests for feedback on sanctions drafts, aimed at U.S. officials, law firms, trade groups, even foreign governments. What made it dangerous wasn’t fancy code; it was exploiting government workflow routines. The FBI and Capitol Police are knee-deep investigating. Bottom line: If your inbox lights up with a congressional “request for input,” click with suspicion. Malware aficionados, you’ll love this: CISA’s latest analysis flags a new chain-attack using vulnerabilities in Ivanti Endpoint Manager Mobile. In May, Ivanti dropped patches for CVE-2025-4427 and CVE-2025-4428, but threat actors quickly pulled together a sophisticated “malicious listener.” This malware sniffs out HTTP requests, slips in via base64-encoded segments, and exfiltrates LDAP credentials—impressive stealth. So, CISO friends, patch fast, segment your networks, and crank up monitoring for weird HTTP traffic. Ransomware buffs: The Qilin gang has surged to number one with 25% of ransomware attacks against state and local governments in Q2 this year. They run a double-extortion racket—encryption plus data theft, then threaten to leak. Rising after RansomHub affiliates jumped ship, Qilin’s bounce comes with average ransoms hitting mid-six-figures. They’re hitting public services, critical infrastructure, Chrome credential stores; usually getting in via phishing or exploiting internet-facing holes. What’s Washington doing? The White House is pushing hard to reauthorize CISA 2015, the cyber info-sharing law, facing September 30 expiration. Without it, private companies, who actually own most of A This content was created in partnership and with the help of Artificial Intelligence AI.
What this episode covers
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Ting here, your dragon-tamer on the Digital Dragon Watch, and wow, the last seven days in China cyber have been a wild firewall ride. Let’s dive right in, because the latest Defense Department moves could fill an entire season of cyber thrillers. The Pentagon just banned cloud vendors from using China-based personnel on defense systems—yeah, after ProPublica exposed Microsoft’s nearly decade-long habit of letting engineers in China tinker with U.S. military cloud code. Turns out, the so-called “digital escorts,” those U.S.-based supervisors, often had less technical chops than the people they were supposed to shadow. Classic big tech workaround, but a field day if you like drama and a national security migraine if you don’t. Now, not only must everyone working on Pentagon cloud be from non-adversarial countries, but every keystroke by foreign engineers gets logged in forensic detail, audit-trail style. Microsoft, feeling the heat, promised it’s done with the China-support model and is on board with the shiny new requirements. Meanwhile, Chinese threat actors flexed social engineering muscles by impersonating Representative John Moolenaar, the chair of the House Select Committee on Strategic Competition with the Chinese Communist Party. They fired off spear-phishing emails that looked like legit legislative business—fake requests for feedback on sanctions drafts, aimed at U.S. officials, law firms, trade groups, even foreign governments. What made it dangerous wasn’t fancy code; it was exploiting government workflow routines. The FBI and Capitol Police are knee-deep investigating. Bottom line: If your inbox lights up with a congressional “request for input,” click with suspicion. Malware aficionados, you’ll love this: CISA’s latest analysis flags a new chain-attack using vulnerabilities in Ivanti Endpoint Manager Mobile. In May, Ivanti dropped patches for CVE-2025-4427 and CVE-2025-4428, but threat actors quickly pulled together a sophisticated “malicious listener.” This malware sniffs out HTTP requests, slips in via base64-encoded segments, and exfiltrates LDAP credentials—impressive stealth. So, CISO friends, patch fast, segment your networks, and crank up monitoring for weird HTTP traffic. Ransomware buffs: The Qilin gang has surged to number one with 25% of ransomware attacks against state and local governments in Q2 this year. They run a double-extortion racket—encryption plus data theft, then threaten to leak. Rising after RansomHub affiliates jumped ship, Qilin’s bounce comes with average ransoms hitting mid-six-figures. They’re hitting public services, critical infrastructure, Chrome credential stores; usually getting in via phishing or exploiting internet-facing holes. What’s Washington doing? The White House is pushing hard to reauthorize CISA 2015, the cyber info-sharing law, facing September 30 expiration. Without it, private companies, who actually own most of A This content was created in partnership and with the help of Artificial Intelligence AI.
NOW PLAYING
Pentagon Bans China Cloud Crews, Fake Congress Emails, and Qilin Ransomware Rockets to Top Spot
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.