About this episode
This is your Cyber Sentinel: Beijing Watch podcast.Hey listeners, Ting here with your Cyber Sentinel: Beijing Watch, and we’re diving straight into this week’s Chinese cyber moves against US and allied security.The headline: Chinese state-linked groups are doubling down on stealthy, infrastructure-level access, not smash-and-grab. Cisco Talos reports a suspected Chinese-nexus actor, UAT-9686, quietly owning Cisco Secure Email Gateway appliances via an unpatched zero?day, planting backdoors and log?wipers since at least late November. TechCrunch and Help Net Security both note that there’s still no patch, only painful rebuilds of compromised gear, and that many victims are big enterprises and governments. That means your email perimeter might now be Beijing’s favorite on?ramp.At the same time, US CISA, NSA, and the Canadian Cyber Centre just dropped a joint advisory on BRICKSTORM, a Chinese state?sponsored backdoor living inside VMware vSphere and Windows environments. Smarter MSP’s December roundup describes BRICKSTORM maintaining access for 17 months in one case, using DNS?over?HTTPS, layered encryption, and even self?reinstall to survive defenders. Target sets: government networks, MSPs, and critical infrastructure in North America. That’s not vandalism; that’s pre?positioning for crisis options.Check Point Research, via The Hacker News, is tracking Ink Dragon, also known as Jewelbug or REF7707, hijacking government and telecom networks across Europe, Asia, and Africa using ShadowPad, FINALDRAFT, and Google?Drive?based tools. Government InfoSecurity reports that Chinese operators are even routing commands through already?hacked European government networks to mask origin, turning allies’ systems into proxy infrastructure. Strategically, that complicates US attribution and response—traffic “from Europe” may still be Beijing.Targeted industries lining up this week: government ministries and foreign affairs; telecom and email infrastructure; MSPs that serve defense, energy, and healthcare; and broader critical infrastructure highlighted in CISA’s ICS advisories. Add in a congressional report covered by the Associated Press on China exploiting US?funded nuclear research, and you see the pattern: long?term intelligence collection plus leverage over hard power.On attribution, US and Canadian agencies are now very comfortable saying “PRC state?sponsored” in public, and Cisco Talos explicitly ties tactics, infrastructure, and victimology in the UAT?9686 campaign to known Chinese clusters. The Foundation for Defense of Democracies’ Craig Singleton tells Congress that this fits Beijing’s hybrid?warfare playbook: penetrate, pre?position, then apply pressure when it matters—like over Taiwan or sanctions.Internationally, NATO and EU statements after incidents like the Czech APT31 campaign show growing alignment, but response is still mostly naming, shaming, and indict
