Pentagon Bans China Cloud Crews, Fake Congress Emails, and Qilin Ransomware Rockets to Top Spot episode artwork

EPISODE · Sep 19, 2025 · 5 MIN

Pentagon Bans China Cloud Crews, Fake Congress Emails, and Qilin Ransomware Rockets to Top Spot

from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Ting here, your dragon-tamer on the Digital Dragon Watch, and wow, the last seven days in China cyber have been a wild firewall ride. Let’s dive right in, because the latest Defense Department moves could fill an entire season of cyber thrillers. The Pentagon just banned cloud vendors from using China-based personnel on defense systems—yeah, after ProPublica exposed Microsoft’s nearly decade-long habit of letting engineers in China tinker with U.S. military cloud code. Turns out, the so-called “digital escorts,” those U.S.-based supervisors, often had less technical chops than the people they were supposed to shadow. Classic big tech workaround, but a field day if you like drama and a national security migraine if you don’t. Now, not only must everyone working on Pentagon cloud be from non-adversarial countries, but every keystroke by foreign engineers gets logged in forensic detail, audit-trail style. Microsoft, feeling the heat, promised it’s done with the China-support model and is on board with the shiny new requirements. Meanwhile, Chinese threat actors flexed social engineering muscles by impersonating Representative John Moolenaar, the chair of the House Select Committee on Strategic Competition with the Chinese Communist Party. They fired off spear-phishing emails that looked like legit legislative business—fake requests for feedback on sanctions drafts, aimed at U.S. officials, law firms, trade groups, even foreign governments. What made it dangerous wasn’t fancy code; it was exploiting government workflow routines. The FBI and Capitol Police are knee-deep investigating. Bottom line: If your inbox lights up with a congressional “request for input,” click with suspicion. Malware aficionados, you’ll love this: CISA’s latest analysis flags a new chain-attack using vulnerabilities in Ivanti Endpoint Manager Mobile. In May, Ivanti dropped patches for CVE-2025-4427 and CVE-2025-4428, but threat actors quickly pulled together a sophisticated “malicious listener.” This malware sniffs out HTTP requests, slips in via base64-encoded segments, and exfiltrates LDAP credentials—impressive stealth. So, CISO friends, patch fast, segment your networks, and crank up monitoring for weird HTTP traffic. Ransomware buffs: The Qilin gang has surged to number one with 25% of ransomware attacks against state and local governments in Q2 this year. They run a double-extortion racket—encryption plus data theft, then threaten to leak. Rising after RansomHub affiliates jumped ship, Qilin’s bounce comes with average ransoms hitting mid-six-figures. They’re hitting public services, critical infrastructure, Chrome credential stores; usually getting in via phishing or exploiting internet-facing holes. What’s Washington doing? The White House is pushing hard to reauthorize CISA 2015, the cyber info-sharing law, facing September 30 expiration. Without it, private companies, who actually own most of A This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Ting here, your dragon-tamer on the Digital Dragon Watch, and wow, the last seven days in China cyber have been a wild firewall ride. Let’s dive right in, because the latest Defense Department moves could fill an entire season of cyber thrillers. The Pentagon just banned cloud vendors from using China-based personnel on defense systems—yeah, after ProPublica exposed Microsoft’s nearly decade-long habit of letting engineers in China tinker with U.S. military cloud code. Turns out, the so-called “digital escorts,” those U.S.-based supervisors, often had less technical chops than the people they were supposed to shadow. Classic big tech workaround, but a field day if you like drama and a national security migraine if you don’t. Now, not only must everyone working on Pentagon cloud be from non-adversarial countries, but every keystroke by foreign engineers gets logged in forensic detail, audit-trail style. Microsoft, feeling the heat, promised it’s done with the China-support model and is on board with the shiny new requirements. Meanwhile, Chinese threat actors flexed social engineering muscles by impersonating Representative John Moolenaar, the chair of the House Select Committee on Strategic Competition with the Chinese Communist Party. They fired off spear-phishing emails that looked like legit legislative business—fake requests for feedback on sanctions drafts, aimed at U.S. officials, law firms, trade groups, even foreign governments. What made it dangerous wasn’t fancy code; it was exploiting government workflow routines. The FBI and Capitol Police are knee-deep investigating. Bottom line: If your inbox lights up with a congressional “request for input,” click with suspicion. Malware aficionados, you’ll love this: CISA’s latest analysis flags a new chain-attack using vulnerabilities in Ivanti Endpoint Manager Mobile. In May, Ivanti dropped patches for CVE-2025-4427 and CVE-2025-4428, but threat actors quickly pulled together a sophisticated “malicious listener.” This malware sniffs out HTTP requests, slips in via base64-encoded segments, and exfiltrates LDAP credentials—impressive stealth. So, CISO friends, patch fast, segment your networks, and crank up monitoring for weird HTTP traffic. Ransomware buffs: The Qilin gang has surged to number one with 25% of ransomware attacks against state and local governments in Q2 this year. They run a double-extortion racket—encryption plus data theft, then threaten to leak. Rising after RansomHub affiliates jumped ship, Qilin’s bounce comes with average ransoms hitting mid-six-figures. They’re hitting public services, critical infrastructure, Chrome credential stores; usually getting in via phishing or exploiting internet-facing holes. What’s Washington doing? The White House is pushing hard to reauthorize CISA 2015, the cyber info-sharing law, facing September 30 expiration. Without it, private companies, who actually own most of A This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

Pentagon Bans China Cloud Crews, Fake Congress Emails, and Qilin Ransomware Rockets to Top Spot

0:00 5:36

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Digital Dragon Watch: Weekly China Cyber Alert?

This episode is 5 minutes long.

When was this Digital Dragon Watch: Weekly China Cyber Alert episode published?

This episode was published on September 19, 2025.

What is this episode about?

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Ting here, your dragon-tamer on the Digital Dragon Watch, and wow, the last seven days in China cyber have been a wild firewall ride. Let’s dive right in, because the latest...

Can I download this Digital Dragon Watch: Weekly China Cyber Alert episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!