Risky Bulletin: China with the accusations again - Risky Bulletin

Summary5 min read

Risky Bulletin: China with the Accusations Again – Detailed Summary

Published on August 4, 2025, by Risky.biz

In the latest episode of Risky Bulletin, host Claire Aird delves into a spectrum of pressing cybersecurity issues, spanning international tensions, legislative developments, significant cyber attacks, and emerging security vulnerabilities. This comprehensive summary captures the key discussions, insights, and conclusions presented during the episode.

1. China Accuses the US of Cyber Attacks

Claire Aird opens the episode by highlighting escalating tensions between China and the United States in the cyber realm.

Alleged US Cyber Intrusion:
- Accusation: China has accused US intelligence agencies of hacking one of its major military contractors.
- Method: US hackers allegedly exploited a Microsoft Exchange zero-day vulnerability to breach the company in July 2022.
- Duration & Impact: The intrusion lasted a year, during which sensitive data and military research were purportedly stolen.
- Chinese Response: Beijing has not disclosed the targeted company or detailed the zero-day used, instead demanding that US chipmaker Nvidia implement a possible kill switch in its products.
Legislative Developments:
- US Chip Security Act: A proposed law requiring Nvidia to embed location tracking, remote shutdown capabilities, and tracking codes within its products. This measure aims to enhance America's ability to monitor and control exported semiconductor technologies.
Claire Aird [02:15]: "If passed, the US Chip Security Act will empower America to maintain oversight of critical processes even after they've left its borders."

2. Appointment of Sean Cancross as National Cyber Director

A significant development in US cybersecurity leadership was discussed.

Sean Cancross' Appointment:
- Role: Confirmed as the next National Cyber Director.
- Responsibilities: Advising the president on critical cyber issues, coordinating national cybersecurity efforts, and implementing cybersecurity policies.
- Historical Context: Cancross is the first cyber official to be confirmed during the second Trump administration.
Claire Aird [05:30]: "Sean Cancross steps into a pivotal role at a time when national cyber resilience is paramount."
Unfilled Key Positions:
- The roles for CISA leadership, the head of the NSA, and the US Cyber Command remain vacant.
- Impact: The expiration of the contract supporting the Joint Cyber Defence Collaborative (JCDC) led to the loss of over 100 staff members from Security firm ICF, hindering collaboration between the private sector and foreign governments in cybersecurity efforts.

3. International Cybersecurity Measures and Incidents

The episode transitions to global cybersecurity initiatives and notable attacks affecting various nations.

Pakistan's New Call Centre Licensing:
- Regulation: Call centres in Pakistan must now obtain licenses from the telecommunications authority and cybercrime agency.
- Objective: To curb online fraud and scams by ensuring only vetted call centres operate.
Singapore's Strategic Cyber Attribution:
- Incident: A recent critical infrastructure hack was disclosed by Singapore's cybersecurity agency.
- Attribution: The intrusion was linked to group UNC3886, suspected to have a China nexus.
- Government Stance: Singapore refrains from attributing the attack to a specific country publicly, citing national interests.
Dutch Caribbean Cyber Attacks:
- Targets: Government bodies across the Dutch Caribbean islands were hit by ransomware, affecting Curacao's Tax and Customs Administration, Aruba's political email accounts, and the court system.
- Consequences: Operational shutdowns led to delayed lawsuits and disrupted essential services.
Luxembourg and German Cyber Incidents:
- Luxembourg Post: A cyber attack disabled Huawei routers, impacting flights and emergency services.
- German Company Insolvency: Einhaus Group, a mobile phone repair and insurance firm, entered insolvency after a cyber attack in 2023, resulting in substantial financial losses despite a $230,000 ransom payment.

4. The Largest Bitcoin Heist Unveiled

Claire reveals insights into a monumental cryptocurrency theft.

Incident Details:
- Date: December 2020.
- Target: Chinese mining pool Lubyan.
- Stolen Assets: Over 125,000 Bitcoin, valued at $3.5 billion at the time, now surpassing $14.5 billion.
- Aftermath: Lubyan was unable to communicate with the hacker via blockchain and ceased operations two months post-theft.

5. Emerging Security Vulnerabilities and Software Issues

The discussion shifts to recent vulnerabilities exploited by cybercriminals.

PiHole Adblocker Breach:
- Incident: Hackers compromised the user donation system, stealing email addresses of nearly 30,000 donors.
Illumina Inc.'s Cybersecurity Failings:
- Accusations: Selling genomic sequencing systems with inherent security flaws to federal agencies.
- DOJ Findings: Lack of cybersecurity integration in software design, absence of a product security team, and negligence in addressing reported vulnerabilities.
SonicWall VPN Vulnerability:
- Threat: A campaign deploying Akira ransomware targets SonicWall VPN devices.
- Details: Initiated in mid-July, with Arctic Wolf identifying a potential new zero-day exploit.
New Linux Backdoor – The Plague Backdoor:
- Description: Masquerades as a malicious PAM component, enabling attackers to bypass authentication and access via SSH.
- Discovery: Multiple malware versions have been identified, indicating a sophisticated threat vector.

6. Legal and Ethical Implications in Cybersecurity

The episode touches upon the intersection of cybersecurity vulnerabilities and legal actions.

Lovense's Legal Considerations:
- Context: The adult toy maker is contemplating legal action following the disclosure of security flaws in one of its products.
- Details: Security researcher Bob Dehacker identified two significant bugs that could allow attackers to leak emails and hijack user accounts. Lovense has since addressed these vulnerabilities.
Claire Aird [22:40]: "Lovense's proactive measures post-disclosure highlight the fine line companies walk between transparency and liability."

7. China's Censorship Tactics

Concluding the content-rich discussions, Claire examines China's ongoing internet censorship strategies.

QUIC Protocol Blocking:
- Action: The Chinese government has been censoring websites utilizing the QUIC protocol since April of the previous year.
- Research Insights: Academics have found that the Great Firewall’s Quick Filter targets a different subset of domain names compared to standard HTTP traffic, indicating a refined approach to internet control.

Notable Quotes:

Claire Aird [02:15]: "If passed, the US Chip Security Act will empower America to maintain oversight of critical processes even after they've left its borders."
Claire Aird [05:30]: "Sean Cancross steps into a pivotal role at a time when national cyber resilience is paramount."
Claire Aird [22:40]: "Lovense's proactive measures post-disclosure highlight the fine line companies walk between transparency and liability."

Conclusion

This episode of Risky Bulletin underscores the escalating complexities in the global cybersecurity landscape. From nation-state accusations and legislative shifts to high-profile cyber attacks and emerging vulnerabilities, the discussions emphasize the critical need for robust cybersecurity measures and international cooperation. Host Claire Aird effectively navigates these multifaceted topics, providing listeners with a thorough understanding of the current cybersecurity milieu.

For more in-depth analysis and regular updates, subscribe to Risky Bulletin by Risky.biz.

Loading summary

Transcript1 lines

[00:04]
Claire Aird
China accuses the US of new cyber attacks a $14.5 billion crypto hack discovered five years later. The US National Cyber Director is named and Lovense considers legal action over a security floor Disclosure this is the Risky Bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 4th of August and this podcast episode is brought to you by no Code Automation Plat Platform Tines China has accused US intelligence agencies of hacking one of its major military contractors. US hackers allegedly used a Microsoft exchange zero day to breach the company in July 2022. They spent a year inside the victims network and have been accused of stealing sensitive data and military research. Beijing officials did not name the company or provide further details about the zero day. The Chinese government has demanded details from US chipmaker Nvidia about a possible kill switch. A proposed US law would require Nvidia to include location, tracking code and remote shutdown mechanisms in its products. If passed, the US Chip Security act will allow America to keep track of processes once they're exported. The U.S. senate has named Sean Cancross as the next National Cyber Director. He'll be responsible for advising the president on critical cyber issues, coordinating cyber security efforts and implementing national cyber security policies. Can Cross is the first cyber official to be confirmed during the second Trump administration. The head roles for cisa, the NSA and the US Cyber Command are yet to be filled. The contract to support a major CISA private sector collaboration program has been allowed to expire. The Joint Cyber Defence Collaborative lost more than 100 staff staff when the contract with security firm ICF expired last week. The JCDC works with private sector companies and foreign governments to warn of ongoing attacks and publish advisories. It's widely considered one of CISA's most successful projects. Call centres operating in Pakistan will now require licences. To obtain a licence, call centres will have to be cleared by the country's telecommunications authority and cybercrime agency. The new licensing system is designed to reduce the number of call centres involved in online fraud and scams. Singapore's government said that attributing a recent critical infrastructure hack to a specific country would not be in Singapore's best interests. The country's cybersecurity agency disclosed the hack two weeks ago. It attributed the intrusion to a group tracked as UNC3886. Previous reporting has described the group as having a China nexus. Cyber attacks have disrupted several government bodies across the Dutch Caribbean islands. Curacao's Tax and Customs Administration shut down its IT systems following a ransomware attack Last week, hackers also gained access to the email accounts of politicians in Aruba. The discovery of a computer virus also shut down the court system across all six Dutch Caribbean islands. Several lawsuits were delayed as a result of the outage. The recent cyber attack against Luxembourg Post crashed Huawei routers across the telco. Last month's hack caused widespread disruption to flights and emergency services. Government officials said the attack was intentionally disruptive. No group has claimed responsibility for the attack yet. A German mobile phone repair and insurance company has begun insolvency proceedings two years on from a major cyber attack. The Einhaus Group paid a $230,000 ransom in 2023 but suffered millions in financial damage. The company cut more than 90% of its staff. Details have emerged about the largest Bitcoin heist ever. In December 2020, more than 125,000 Bitcoin was stolen from Chinese mining pool Lubyan. The stolen funds were valued at 3.5 billion at the time, but they're now worth more than $14.5 billion. Lubyan was unable to contact the hacker via blockchain messages following the theft and shut down two months later. The PiHole adblocker's user donation system's been hacked. Email addresses of almost 30,000 individuals who donated to the project have been stolen. A U.S. biotech contractor has settled with the U.S. government for $9.8 million over alleged subs. Cybersecurity failings Illumina Inc. Was accused of selling genomic sequencing systems with cybersecurity flaws to federal agencies. The DOJ said Illumina did not incorporate cybersecurity in its software design, have a product security team or address reported flaws. Sonicwall VPN devices are being attacked in a campaign designed to deploy the Akira ransomware. The coordinated campaign began in mid July. Security firm Arctic Wolf has not been able to confirm the vulnerability being used and said it may be a new zero day. A new backdoor has been spotted on Linux systems, security firm Nextron Systems said. The plague Backdoor masquerades as a malicious PAM component. It allows attackers to bypass authentication and connect via SSH to infected hosts. Several versions of the malware have been discovered. Adult toymaker Lovense is considering legal action over the recent disclosure of security flaws in one of its products. The company did not specify who the legal action might target. Security researcher Bob Dehacker disclosed two bugs last week. TechCrunch reported that the bugs would have allowed attackers to leak email and takeover accounts of Lovense users. Lovense fixed the bugs following the disclosure and finally, the Chinese government is censoring websites that use the QUIC protocol. According to a team of academics, the filtering began in April last year. Research suggests the Great Firewalls Quick Filter blocks a different set of domain names than regular HTTP traffic. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Tynes. Find them@tynes.com thanks for your Sam.