Risky Bulletin: China with the Accusations Again – Detailed Summary

Published on August 4, 2025, by Risky.biz

In the latest episode of Risky Bulletin, host Claire Aird delves into a spectrum of pressing cybersecurity issues, spanning international tensions, legislative developments, significant cyber attacks, and emerging security vulnerabilities. This comprehensive summary captures the key discussions, insights, and conclusions presented during the episode.

1. China Accuses the US of Cyber Attacks

Claire Aird opens the episode by highlighting escalating tensions between China and the United States in the cyber realm.

• Alleged US Cyber Intrusion:

  • Accusation: China has accused US intelligence agencies of hacking one of its major military contractors.
  • Method: US hackers allegedly exploited a Microsoft Exchange zero-day vulnerability to breach the company in July 2022.
  • Duration & Impact: The intrusion lasted a year, during which sensitive data and military research were purportedly stolen.
  • Chinese Response: Beijing has not disclosed the targeted company or detailed the zero-day used, instead demanding that US chipmaker Nvidia implement a possible kill switch in its products.

• Legislative Developments:

  • US Chip Security Act: A proposed law requiring Nvidia to embed location tracking, remote shutdown capabilities, and tracking codes within its products. This measure aims to enhance America's ability to monitor and control exported semiconductor technologies.

  Claire Aird [02:15]: "If passed, the US Chip Security Act will empower America to maintain oversight of critical processes even after they've left its borders."

2. Appointment of Sean Cancross as National Cyber Director

A significant development in US cybersecurity leadership was discussed.

• Sean Cancross' Appointment:

  • Role: Confirmed as the next National Cyber Director.
  • Responsibilities: Advising the president on critical cyber issues, coordinating national cybersecurity efforts, and implementing cybersecurity policies.
  • Historical Context: Cancross is the first cyber official to be confirmed during the second Trump administration.

  Claire Aird [05:30]: "Sean Cancross steps into a pivotal role at a time when national cyber resilience is paramount."

• Unfilled Key Positions:

  • The roles for CISA leadership, the head of the NSA, and the US Cyber Command remain vacant.
  • Impact: The expiration of the contract supporting the Joint Cyber Defence Collaborative (JCDC) led to the loss of over 100 staff members from Security firm ICF, hindering collaboration between the private sector and foreign governments in cybersecurity efforts.

3. International Cybersecurity Measures and Incidents

The episode transitions to global cybersecurity initiatives and notable attacks affecting various nations.

• Pakistan's New Call Centre Licensing:

  • Regulation: Call centres in Pakistan must now obtain licenses from the telecommunications authority and cybercrime agency.
  • Objective: To curb online fraud and scams by ensuring only vetted call centres operate.

• Singapore's Strategic Cyber Attribution:

  • Incident: A recent critical infrastructure hack was disclosed by Singapore's cybersecurity agency.
  • Attribution: The intrusion was linked to group UNC3886, suspected to have a China nexus.
  • Government Stance: Singapore refrains from attributing the attack to a specific country publicly, citing national interests.

• Dutch Caribbean Cyber Attacks:

  • Targets: Government bodies across the Dutch Caribbean islands were hit by ransomware, affecting Curacao's Tax and Customs Administration, Aruba's political email accounts, and the court system.
  • Consequences: Operational shutdowns led to delayed lawsuits and disrupted essential services.

• Luxembourg and German Cyber Incidents:

  • Luxembourg Post: A cyber attack disabled Huawei routers, impacting flights and emergency services.
  • German Company Insolvency: Einhaus Group, a mobile phone repair and insurance firm, entered insolvency after a cyber attack in 2023, resulting in substantial financial losses despite a $230,000 ransom payment.

4. The Largest Bitcoin Heist Unveiled

Claire reveals insights into a monumental cryptocurrency theft.

• Incident Details:
  • Date: December 2020.
  • Target: Chinese mining pool Lubyan.
  • Stolen Assets: Over 125,000 Bitcoin, valued at $3.5 billion at the time, now surpassing $14.5 billion.
  • Aftermath: Lubyan was unable to communicate with the hacker via blockchain and ceased operations two months post-theft.

5. Emerging Security Vulnerabilities and Software Issues

The discussion shifts to recent vulnerabilities exploited by cybercriminals.

• PiHole Adblocker Breach:

  • Incident: Hackers compromised the user donation system, stealing email addresses of nearly 30,000 donors.

• Illumina Inc.'s Cybersecurity Failings:

  • Accusations: Selling genomic sequencing systems with inherent security flaws to federal agencies.
  • DOJ Findings: Lack of cybersecurity integration in software design, absence of a product security team, and negligence in addressing reported vulnerabilities.

• SonicWall VPN Vulnerability:

  • Threat: A campaign deploying Akira ransomware targets SonicWall VPN devices.
  • Details: Initiated in mid-July, with Arctic Wolf identifying a potential new zero-day exploit.

• New Linux Backdoor – The Plague Backdoor:

  • Description: Masquerades as a malicious PAM component, enabling attackers to bypass authentication and access via SSH.
  • Discovery: Multiple malware versions have been identified, indicating a sophisticated threat vector.

6. Legal and Ethical Implications in Cybersecurity

The episode touches upon the intersection of cybersecurity vulnerabilities and legal actions.

• Lovense's Legal Considerations:

  • Context: The adult toy maker is contemplating legal action following the disclosure of security flaws in one of its products.
  • Details: Security researcher Bob Dehacker identified two significant bugs that could allow attackers to leak emails and hijack user accounts. Lovense has since addressed these vulnerabilities.

  Claire Aird [22:40]: "Lovense's proactive measures post-disclosure highlight the fine line companies walk between transparency and liability."

7. China's Censorship Tactics

Concluding the content-rich discussions, Claire examines China's ongoing internet censorship strategies.

• QUIC Protocol Blocking:
  • Action: The Chinese government has been censoring websites utilizing the QUIC protocol since April of the previous year.
  • Research Insights: Academics have found that the Great Firewall’s Quick Filter targets a different subset of domain names compared to standard HTTP traffic, indicating a refined approach to internet control.

Notable Quotes:

• Claire Aird [02:15]: "If passed, the US Chip Security Act will empower America to maintain oversight of critical processes even after they've left its borders."

• Claire Aird [05:30]: "Sean Cancross steps into a pivotal role at a time when national cyber resilience is paramount."

• Claire Aird [22:40]: "Lovense's proactive measures post-disclosure highlight the fine line companies walk between transparency and liability."

Conclusion

This episode of Risky Bulletin underscores the escalating complexities in the global cybersecurity landscape. From nation-state accusations and legislative shifts to high-profile cyber attacks and emerging vulnerabilities, the discussions emphasize the critical need for robust cybersecurity measures and international cooperation. Host Claire Aird effectively navigates these multifaceted topics, providing listeners with a thorough understanding of the current cybersecurity milieu.

For more in-depth analysis and regular updates, subscribe to Risky Bulletin by Risky.biz.