EPISODE · Feb 9, 2026 · 3 MIN
Singapore's Telecom Takedown and the Notepad Nightmare: China's Hackers Go Shopping in Everyone's Backyard
from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your weekly China cyber alert, and we've got some serious developments to walk through. Singapore just got hit hard by UNC3886, a China-linked advanced persistent threat group that's been operating since at least 2022. The Cyber Security Agency of Singapore revealed Monday that all four major telecom operators—M1, SIMBA Telecom, Singtel, and StarHub—fell victim to a deliberate, well-planned campaign. What makes this fascinating is the sophistication. These attackers weaponized zero-day exploits to punch through perimeter firewits, deployed rootkits for persistent access, and grabbed some technical data to advance their operational objectives. The good news? No customer data breach confirmed, and Singapore's cyber defenders mounted something called Operation Cyber Guardian to boot them out and expand monitoring. Now here's where it gets really interesting. According to research from Rapid7 Labs, the Chinese APT group Lotus Blossom just got caught orchestrating a massive supply chain attack. They compromised the infrastructure hosting Notepad++, that popular code editor millions of developers use daily, and delivered a custom backdoor they're calling Chrysalis. This group has been active since 2009 and typically targets government, telecommunications, and aviation sectors across Southeast Asia and Central America. Supply chain attacks are the new frontier for Chinese cyber operations because they're like planting seeds in everybody's garden at once. Meanwhile, the House Energy and Commerce Committee is getting serious about defense. Five bipartisan cybersecurity bills advanced unanimously, with special focus on critical infrastructure. The Energy Threat Analysis Center Act specifically calls out Volt Typhoon and Salt Typhoon as embedded threats already operating in critical infrastructure networks, sometimes undetected. Representative Gabe Evans pointed out that Chinese Communist Party-backed hacker groups have already infiltrated energy sector networks, making reauthorization of ETAC absolutely essential. The broader picture shows these operations aren't just about stealing data anymore. According to analysis from the International Institute for Strategic Studies, Volt Typhoon's targeting of U.S. critical infrastructure suggests preparation for disruption operations in a potential military crisis rather than traditional espionage. They're collecting network diagrams and operating manuals, stuff that would be useful for sabotage, not intelligence gathering. Networks in Guam got particular attention, likely because those U.S. naval ports and air bases would be critical to any military response involving Taiwan. China itself just comprehensively revised its Cybersecurity Law, effective January first, 2026, strengthening penalties and expanding extraterritorial regulation to cover activities endangering China's cybersecurity beyond just critical in This content was created in partnership and with the help of Artificial Intelligence AI.
What this episode covers
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Ting here with your weekly China cyber alert, and we've got some serious developments to walk through. Singapore just got hit hard by UNC3886, a China-linked advanced persistent threat group that's been operating since at least 2022. The Cyber Security Agency of Singapore revealed Monday that all four major telecom operators—M1, SIMBA Telecom, Singtel, and StarHub—fell victim to a deliberate, well-planned campaign. What makes this fascinating is the sophistication. These attackers weaponized zero-day exploits to punch through perimeter firewits, deployed rootkits for persistent access, and grabbed some technical data to advance their operational objectives. The good news? No customer data breach confirmed, and Singapore's cyber defenders mounted something called Operation Cyber Guardian to boot them out and expand monitoring. Now here's where it gets really interesting. According to research from Rapid7 Labs, the Chinese APT group Lotus Blossom just got caught orchestrating a massive supply chain attack. They compromised the infrastructure hosting Notepad++, that popular code editor millions of developers use daily, and delivered a custom backdoor they're calling Chrysalis. This group has been active since 2009 and typically targets government, telecommunications, and aviation sectors across Southeast Asia and Central America. Supply chain attacks are the new frontier for Chinese cyber operations because they're like planting seeds in everybody's garden at once. Meanwhile, the House Energy and Commerce Committee is getting serious about defense. Five bipartisan cybersecurity bills advanced unanimously, with special focus on critical infrastructure. The Energy Threat Analysis Center Act specifically calls out Volt Typhoon and Salt Typhoon as embedded threats already operating in critical infrastructure networks, sometimes undetected. Representative Gabe Evans pointed out that Chinese Communist Party-backed hacker groups have already infiltrated energy sector networks, making reauthorization of ETAC absolutely essential. The broader picture shows these operations aren't just about stealing data anymore. According to analysis from the International Institute for Strategic Studies, Volt Typhoon's targeting of U.S. critical infrastructure suggests preparation for disruption operations in a potential military crisis rather than traditional espionage. They're collecting network diagrams and operating manuals, stuff that would be useful for sabotage, not intelligence gathering. Networks in Guam got particular attention, likely because those U.S. naval ports and air bases would be critical to any military response involving Taiwan. China itself just comprehensively revised its Cybersecurity Law, effective January first, 2026, strengthening penalties and expanding extraterritorial regulation to cover activities endangering China's cybersecurity beyond just critical in This content was created in partnership and with the help of Artificial Intelligence AI.
NOW PLAYING
Singapore's Telecom Takedown and the Notepad Nightmare: China's Hackers Go Shopping in Everyone's Backyard
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.