CyberWire Daily

From China with love (and Malware).

Mar 6, 2025

In this discussion, cybersecurity expert Dave Bittner sheds light on the U.S. Justice Department's charges against Chinese IT contractors for cyber espionage linked to Silk Typhoon. He explores the vulnerabilities in the IT supply chain and the challenges posed by advanced hacking groups. The conversation also dives into how innovations like passwordless security are reshaping cybersecurity. Bittner and his co-hosts address the growing impact of technologies like AI on cybercrime and underscore the critical need for robust data privacy measures.

33:46

Creator website

Episode guests

Dave Bittner

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The U.S. Justice Department has charged twelve Chinese nationals for state-sponsored cyber espionage, highlighting the pervasive threat of such attacks globally.

A new polymorphic attack using malicious Chrome extensions illustrates the increasing sophistication of cyber threats targeting user data and trust.

Deep dives

Chinese Hacking Charges Unveiled

The U.S. Justice Department has charged twelve Chinese nationals tied to hacking U.S. entities for the Chinese government, highlighting the global threat posed by state-sponsored cyber espionage. Two of those charged are officers from the Ministry of Public Security, while eight work for the IT contractor Ai Sun, which allegedly executed numerous hacking operations at the behest of the Chinese government. Ai Sun's activities reportedly targeted a wide range of organizations, including the U.S. Defense Intelligence Agency and various foreign ministries. The FBI's investigations have linked these operations to multiple hacking groups, underscoring the expansive and coordinated nature of cyber espionage efforts by the Chinese state.

Intro

3min

Exposing Cyber Espionage: The Chinese Connection

8min

Cybersecurity Challenges and Innovations

5min

Navigating Cybersecurity Challenges

7min

The Cyber Heist: Unraveling Tech's Dark Side

8min

US Justice Department charges employees of Chinese IT contractor i-Soon. Silk Typhoon targets the IT supply chain for initial access. Chrome extensions that change shape. Attackers target airflow misconfigurations. LibreOffice vulnerability opens the door to script-based attacks. NSO group leaders face charges in spyware case. Today, our own Dave Bittner is our guest as he appeared on the Adopting Zero Trust podcast at ThreatLocker’s Zero Trust World 2025 event with hosts Elliot Volkman and Neal Dennis and guest Dr. Chase Cunningham. And turning $1B into thin air.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, our own Dave Bittner is in our guest spot as he appeared on the Adopting Zero Trust podcast at ThreatLocker’s Zero Trust World 2025 event with hosts Elliot Volkman and Neal Dennis and guest Dr. Chase Cunningham aka Dr. Zero Trust. Adopting Zero Trust is an ongoing conversation about the people and organizations adopting Zero Trust. You can catch the full episode here where Dave and Dr. Zero Trust weigh the difference between delivering refined news and raw perspective, hitting critical mass for AI, and the current political environment.

Selected Reading

US charges Chinese nationals in cyberattacks on Treasury, dissidents and more (The Record)

Silk Typhoon targeting IT supply chain (Microsoft)

Malicious Chrome extensions can spoof password managers in new attack (Bleeping Computer)

Apache Airflow Misconfigurations Leak Login Credentials to Hackers (GB Hackers)

LibreOffice Flaw Allows Attackers to Run Arbitrary Scripts via Macro URL (GB Hackers)

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks (SecurityWeek)

Catalan court says NSO Group executives can be charged in spyware investigation (TechCrunch)

Former top NSA cyber official: Probationary firings ‘devastating’ to cyber, national security (CyberScoop)

Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation (SecurityWeek)

North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit (The Record)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

From China with love (and Malware).

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Chinese Hacking Charges Unveiled

Polymorphic Attacks via Chrome Extensions

Challenges of Cyber Incident Reporting

CyberWire Guest

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts