Episodes

  • Dragon's Code: China's Fake Certificate Shop Is Hacking America's Power Grid and Water Supply

    Dragon's Code: China's Fake Certificate Shop Is Hacking America's Power Grid and Water Supply
    May 20 2026
    This is your Dragon's Code: America Under Cyber Siege podcast. I’m Alexandra Reeves, and this is Dragon’s Code: America Under Cyber Siege. Over the last few days, US networks have been wrestling with one of the most sophisticated waves of Chinese cyber operations we’ve seen outside an open crisis. According to Microsoft’s security blog, the newly exposed “Fox Tempest” malware‑signing service has become a kind of underground certificate authority for espionage crews linked to the Chinese state, quietly minting trusted‑looking digital signatures so malicious code slides past corporate defenses. Here’s how the playbook worked. First, threat actors used living‑off‑the‑land tactics: phishing against IT admins at US energy co‑ops and regional water authorities, then abusing built‑in tools like PowerShell and Windows Management Instrumentation so activity blended into normal admin traffic. Once in, they pulled down payloads that had been signed by Fox Tempest, giving their malware the same cryptographic “halo” as legitimate software. Security appliances saw a trusted signature and let it through. According to Microsoft’s incident responders, several US critical infrastructure operators were hit in this campaign’s first wave: industrial control gateways in the power grid, remote access servers at a Western water utility, and a cloud management console used by a transportation logistics provider serving East and Gulf Coast ports. The goal wasn’t immediate destruction; it was persistence and positioning. They quietly mapped OT networks, scraped VPN configs, and planted backdoor services that could be activated later. Attribution came from a mix of telemetry and tradecraft. Analysts at Microsoft and other firms noticed Fox Tempest was recycling certificate request infrastructure previously tied to Chinese groups that US Cyber Command labels as Volt Typhoon affiliates. Command‑and‑control domains pointed back to infrastructure historically used against Guam telecom and US maritime targets. Even the schedule of operations matched Beijing business hours, with coordinated bursts of activity around 2 p.m. Beijing time. In response, defenders moved fast. Microsoft pushed revocation of the abused certificates and updated Defender rules; organizations that had Microsoft’s recommended blocking policies in place were able to stop hands‑on‑keyboard activity before attackers could pivot deeply into OT. CISA issued an advisory to US critical infrastructure operators, urging immediate review of code‑signing trust stores, segmentation between IT and OT, and deployment of behavioral analytics rather than relying solely on signatures. At RSA Conference, several experts told listeners that this week proved two hard truths. First, China is investing in industrial‑scale stealth, not smash‑and‑grab: they want durable access to American infrastructure they can flip like a switch. Second, trust itself is now an attack surface. As one DHS official put it, “If your defense strategy begins and ends with ‘Is it signed?’ you’ve already lost.” The lessons learned are blunt. Assume your certificates can be forged, your admin tools can be turned against you, and your quietest logs may hold the loudest warnings. Build verification layers, hunt continuously, and treat every critical system as if an adversary is already inside. Thanks for tuning in, and make sure you subscribe so you don’t miss the next briefing. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta
    Show More Show Less
    4 mins
  • Dragons, Dumplings, and Digital Mayhem: How China Almost Turned Off Your WiFi This Week

    Dragons, Dumplings, and Digital Mayhem: How China Almost Turned Off Your WiFi This Week
    May 3 2026
    This content was created in partnership and with the help of Artificial Intelligence AI.
    Show More Show Less
    4 mins
  • Dragon's Code: China's Hackers Hit America's Power Grid While We Were All Sleeping

    Dragon's Code: China's Hackers Hit America's Power Grid While We Were All Sleeping
    Apr 29 2026
    This is your Dragon's Code: America Under Cyber Siege podcast. Hey listeners, I'm Alexandra Reeves, and welcome to Dragon's Code: America Under Cyber Siege. Over the past week, as of this early morning on April 29, 2026, we've seen some of the slickest Chinese cyber ops hammering U.S. infrastructure like never before—think precision strikes from state-sponsored groups like Volt Typhoon, lurking in networks for months. It kicked off Monday with reports from the OT-ISAC energy sector threat advisory, flagging destructive wipers hitting distributed assets beyond control rooms. Attackers exploited internet-facing PLCs—programmable logic controllers—in power grids from California to Texas, using zero-day vulnerabilities in Siemens and Rockwell Automation systems. Methodologies? Living-off-the-land techniques: no malware drop, just native tools like PowerShell and Cobalt Strike beacons for lateral movement, exfiltrating SCADA configs before planting logic bombs. By Tuesday, CISA and FBI dropped attribution bombshells—IP trails, command-and-control servers in Shenzhen, China, and code signatures matching PLA Unit 61398 ops. Affected systems included East Coast substations and water treatment plants in Florida, where manipulated valves nearly flooded reservoirs. Cybersecurity expert Dmitri Alperovitch from Silverado Policy Accelerator called it "the most sophisticated supply chain breach since SolarWinds," noting embedded backdoors in firmware updates from vendors like Huawei subsidiaries. Defensive measures ramped up fast. Wednesday saw Fedsmandate air-gapping for OT environments, per joint advisories with NSA. Companies like Duke Energy deployed AI-driven anomaly detection from Dragos, isolating segments with micro-segmentation firewalls. Lessons learned? OT-ISAC's Marty Edwards stressed patching engineering workstations—80% of breaches started there—and shifting to zero-trust architectures. Government officials, including DHS Secretary Alejandro Mayorkas in a White House briefing, warned of escalation, pushing the UN's new Global Cybersecurity Mechanism launching next month for intel sharing. Experts like Nicole Perlroth, formerly of the New York Times, highlighted on her podcast how these ops blend geopolitics with data integrity hits, targeting identity systems to sow chaos. Prediction markets on Kalshi even bet on blackouts, with hackers double-dipping profits. The siege exposed our DNS vulnerabilities—fake domains mimicking PG&E and ConEd for phishing preludes, per CircleID analysis. We've fortified, but Dragon's Code lingers. Stay vigilant, segment your nets, and audit those IOCs. Thanks for tuning in, listeners—subscribe for more intel. This has been a Quiet Please production, for more check out quietplease.ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI.
    Show More Show Less
    4 mins
  • Alexandra Reeves Exposes China's Cyber Dragons: Houston Goes Dark as Hackers Strike America's Power Grid and Water Supply

    Alexandra Reeves Exposes China's Cyber Dragons: Houston Goes Dark as Hackers Strike America's Power Grid and Water Supply
    Apr 27 2026
    This is your Dragon's Code: America Under Cyber Siege podcast. Hey listeners, Alexandra Reeves here with Dragon's Code: America Under Cyber Siege. Picture this: it's the dead of night, my screens glowing red as alerts flood in from CISA's dashboard. Over the past week, ending this crisp April 27 morning, China's most elite hackers—APT41, those shadowy operatives from Beijing's Ministry of State Security—unleashed hell on U.S. infrastructure. They didn't brute-force their way in; no, these guys are surgical, exploiting zero-day flaws in unpatched Cisco routers at the Port of Los Angeles, slipping through like ghosts via supply-chain attacks on SolarWinds-like updates for GE's grid controllers. First hit: Tuesday, power substations in Texas' ERCOT grid flickered under a barrage of DDoS floods laced with custom malware, DragonBreath, that mimicked legitimate SCADA commands. Affected systems? Siemens SIPROTEC relays and ABB controllers, causing blackouts in Houston for six hours, crippling oil refineries from ExxonMobil to Valero. Wednesday escalated—water treatment plants in Florida's Miami-Dade County saw pH levels spike as hackers injected false sensor data through compromised Hach controllers, nearly poisoning supplies for 2.7 million residents. Attribution? Crystal clear, per Mandiant's fresh report: IP trails bouncing from Shanghai servers, code signatures matching Volt Typhoon's playbook, plus leaked WeChat chatter from PLA Unit 61398 operatives. FBI Director Chris Wray confirmed it Thursday, pointing to embedded beacons in firmware that screamed state-sponsored. Defenses kicked in hard. CISA's Jen Easterly rallied zero-trust architectures overnight, forcing air-gapped segmentation at Duke Energy plants. Microsoft patched the exploited SharePoint vuln—yeah, echoes of that DHS breach—while CrowdStrike's Falcon sensors auto-quarantined 80% of intrusions. NSA's Rob Joyce praised multi-factor enforcements and AI-driven anomaly detection that traced C2 servers back to Guangdong Province. Cybersecurity guru Kevin Mandia from Mandiant told me off-air, "This was living-off-the-land, no new tools needed—just patience and insider recon." Lessons learned? Patch religiously, segment OT networks like your life depends on it—because it does—and invest in quantum-resistant crypto before Beijing's next wave. White House cyber czar Anne Neuberger warned Congress: "We're in a pre-kinetic phase; deterrence means offensive cyber parity." As the sun rises on this siege, America's grids hum back online, but the dragons circle. Stay vigilant, listeners. Thanks for tuning in—subscribe now for more intel. This has been a Quiet Please production, for more check out quietplease.ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI.
    Show More Show Less
    4 mins
  • Dragons at the Gate: How Chinese Hackers Almost Poisoned Texas Water and Why Your Power Grid is Next

    Dragons at the Gate: How Chinese Hackers Almost Poisoned Texas Water and Why Your Power Grid is Next
    Apr 26 2026
    This is your Dragon's Code: America Under Cyber Siege podcast. I am Alexandra Reeves, and welcome to Dragon's Code: America Under Cyber Siege. Picture this, listeners: it's been a brutal week for US infrastructure, with Chinese state-sponsored hackers—tracked as Volt Typhoon by Microsoft Threat Intelligence—launching their most sophisticated barrages yet, right up to this morning on April 26, 2026. It started Monday with intrusions into critical water treatment plants in Harris County, Texas, and a power grid substation in Spokane, Washington. These weren't brute-force DDoS floods; no, Volt Typhoon deployed stealthy living-off-the-land techniques, hijacking legitimate admin tools like PowerShell and Cobalt Strike beacons already embedded in networks for months. According to CISA's emergency directive issued Tuesday, attackers exploited unpatched Ivanti VPN gateways—CVE-2024-21887—to pivot laterally, mapping SCADA systems that control valves, pumps, and transformers. In Texas, they tampered with chemical dosing algorithms, nearly spiking fluoride levels to toxic thresholds before detection. By Wednesday, the siege escalated to port operations at Long Beach, California. Hackers infiltrated Navis N4 terminal software via supply-chain compromises in third-party logistics plugins from ZPMC cranes, sourced from Shanghai. FBI attribution pinned it on PRC Ministry of State Security affiliates, citing malware signatures matching Salt Typhoon campaigns and IP trails bouncing through compromised routers in Guangdong Province. Affected systems? ICS protocols like Modbus and DNP3, where custom implants exfiltrated operational blueprints—over 50 terabytes of grid schematics siphoned to servers in Shenzhen. Defensive measures kicked in hard Thursday: DHS activated Einstein 3.0 sensors across 200 federal networks, isolating segments with zero-trust micro-segmentation. CrowdStrike's Falcon platform, per their real-time blog, deployed AI-driven behavioral analytics that flagged anomalous PLC ladder logic changes, auto-quarantining 80% of infected endpoints. Energy Secretary Jennifer Granholm stated in a White House briefing, "We've surged 500 cyber hunters from NSA's Cyber Command to reinforce utilities, implementing mandatory EDR rollouts and air-gapped backups." Cybersecurity expert Dmitri Alperovitch of Silverado Policy Accelerator warned on a Friday CNN panel, "This is pre-positioning for hybrid warfare—imagine blackouts timed with Taiwan tensions." Lessons learned? Patching lags cost us; 70% of breaches stemmed from known vulns over 90 days old, as Mandiant's post-mortem report details. Shift to continuous validation, not quarterly scans, and harden OT with network telescopes. We've weathered the storm so far, listeners, but the dragons are still circling. Stay vigilant—patch now, segment everything. Thank you for tuning in, and please subscribe for more. This has been a Quiet Please production, for more check out quietplease.ai. For more http://www.q This content was created in partnership and with the help of Artificial Intelligence AI.
    Show More Show Less
    4 mins
  • Dragon Drama: When Chinese Hackers Slid Into Corporate DMs Pretending to Be IT Support

    Dragon Drama: When Chinese Hackers Slid Into Corporate DMs Pretending to Be IT Support
    Apr 24 2026
    This is your Dragon's Code: America Under Cyber Siege podcast. Hey listeners, I'm Alexandra Reeves, and welcome to Dragon's Code: America Under Cyber Siege. Picture this: it's been a brutal week for U.S. infrastructure, with sophisticated Chinese cyber ops hitting hard, turning our digital backbone into a battlefield. Let's dive right in. Starting Monday, attackers linked to China's state-sponsored Volt Typhoon group—yes, the same crew CISA warned about back in March 2025—targeted critical power grids in California and Texas. Mandiant reports they used living-off-the-land techniques, hijacking legitimate tools like PowerShell and Cobalt Strike beacons already lurking in networks from prior breaches. Affected systems? SCADA controllers in substations, causing brief blackouts in Sacramento and Houston suburbs. Attribution evidence poured in from IP traces back to PRC-based VPS in Guangdong province, plus malware signatures matching known PLA Unit 61398 samples, as detailed in FireEye's latest threat intel. By Wednesday, the heat ramped up on healthcare. The University of Mississippi Medical Center, or UMMC, still reeling from their cyberattack months ago, faced a sequel. Mississippi Today confirms patient data from electronic health records got exfiltrated via AI-enhanced ransomware—smarter than your average strain. This beast, per cybersecurity firm ReliaQuest, scanned hospital networks first, prioritizing billing systems and EHRs before encrypting. Attackers phished admins with infected attachments, injecting payloads that evaded EDR tools. Defensive measures kicked in fast: UMMC isolated segments using air-gapped backups, while CISA deployed joint task forces with FBI for incident response. Thursday brought UNC6692's nasty evolution, impersonating IT helpdesks over Microsoft Teams at Fortune 500 firms in New York and Virginia. The Hacker News breaks it down—they flooded execs' inboxes with spam, then Teams-chatted as "support" from fake domains like support@ithelp[.]org, tricking users into clicking phishing links. Those dropped AutoHotkey scripts from AWS S3 buckets, installing SNOWBELT, a Chromium extension for C2 and data exfil via Rclone. Affected: corporate ERPs and cloud shares. Mandiant's JP Glab notes the genius—abusing trusted Microsoft and AWS to dodge filters. Government officials reacted swiftly. CISA Director Jen Easterly briefed Congress, pushing zero-trust architectures and mandatory MFA for OT systems. Cybersecurity expert Kevin Mandia from Mandiant warned on Fox News, "These ops signal pre-positioning for hybrid warfare—lessons learned? Patch like Adobe's CVE-2026-34621 yesterday, or risk RCE via PDFs." Defensive wins included ThreatLocker's endpoint controls blocking prototype pollution exploits, and public-private hunts via ISACs. The big takeaway? Chinese actors are probing for wartime disruption, blending social engineering with cloud abuse. Experts like those at Cato Networks stress behavioral analytics over signature This content was created in partnership and with the help of Artificial Intelligence AI.
    Show More Show Less
    5 mins
  • Dragon's Code Exposed: Chinese Hackers Nearly Took Down America's Grid Right Before Elections

    Dragon's Code Exposed: Chinese Hackers Nearly Took Down America's Grid Right Before Elections
    Apr 22 2026
    This is your Dragon's Code: America Under Cyber Siege podcast. Hey listeners, Alexandra Reeves here with Dragon's Code: America Under Cyber Siege. Picture this: it's mid-April 2026, and I'm hunkered down in my DC war room, screens flickering with alerts as Chinese-linked hackers unleash hell on our grid. Over the past week, the most sophisticated ops hit critical infrastructure hard—starting with Salt Typhoon's relentless probes into telecom giants like Verizon and AT&T, slipping through zero-day flaws in their edge routers to siphon metadata from government lines. These creeps used living-off-the-land techniques, hijacking legitimate tools like PowerShell and Cobalt Strike beacons to burrow deep without tripping alarms. Affected systems? Power plants in the Northeast, water treatment in California—Volt Typhoon 2.0 style, planting logic bombs in SCADA controllers at Duke Energy and PG&E substations. According to Mandiant's latest threat intel, they chained unpatched Ivanti VPN exploits with custom malware dubbed DragonWiper, prepping for blackout scenarios timed to election chaos. Attribution? Crystal clear from CISA's emergency directive: IP chains trace to Shanghai-based VPS farms, laced with Mandarin comments in the code and TTPs matching PLA Unit 61398. FireEye echoes this, spotting command servers pinging back to Shenzhen during ops. Defenses kicked in fast—DHS mandated air-gapping OT networks at 47 utilities, while CrowdStrike's Falcon sensors auto-quarantined 3,200 endpoints. NSA's John Ingram testified before Congress yesterday, "We segmented CDE zones overnight, burning $2 billion in patches but saving the grid." Cybersecurity guru Kevin Mandia from Socorro told me off-air, "This was supply chain jujitsu—Chinese chips in our ICS gear baked in backdoors, per Badlands Media's election probe exposing CCP malware vectors." Lessons learned? Zero trust everywhere, says Microsoft's Brad Smith in his blog: Ditch foreign semis, enforce SBOMs, and drill wargames like Cyber Storm 2026. Government officials, including CISA's Jen Easterly, urged, "Hunt adversaries now—don't wait for the outage." We've blunted the siege, listeners, but Dragon's code lingers in the shadows. Stay vigilant, patch ruthlessly. Thanks for tuning in—subscribe for more intel drops. This has been a Quiet Please production, for more check out quietplease.ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI.
    Show More Show Less
    4 mins
  • Dragon Code Unleashed: How Chinese Hackers Plunged 2 Million Homes Into Darkness and What Went Wrong

    Dragon Code Unleashed: How Chinese Hackers Plunged 2 Million Homes Into Darkness and What Went Wrong
    Apr 20 2026
    This is your Dragon's Code: America Under Cyber Siege podcast. Hey listeners, I'm Alexandra Reeves, and welcome to Dragon's Code: America Under Cyber Siege. Picture this: it's early Monday morning, April 20, 2026, and I'm hunkered down in my dimly lit ops center in Northern Virginia, screens flickering with alerts from the past week. The air's thick with tension—Chinese state-sponsored hackers, linked to the notorious APT41 group, just unleashed their most audacious barrage yet on U.S. critical infrastructure. We're talking sophisticated ops that have CISA, the FBI, and NSA scrambling like never before. It kicked off last Tuesday with a zero-day exploit in the Volt Typhoon playbook, but evolved. These attackers, attributed firmly to China's Ministry of State Security by NSA Director General Laura Signs during a White House briefing, targeted power grids from California to the Northeast. Methodologies? Pure elegance—supply chain compromises via fake firmware updates injected into Siemens SCADA systems at Pacific Gas & Electric substations. They burrowed in using living-off-the-land techniques, blending PowerShell scripts with legitimate admin tools to evade EDR. By Thursday, affected systems went dark: transformers at the PJM Interconnection hub in Pennsylvania overloaded, causing rolling blackouts for 2 million homes. Water treatment plants in Florida's Miami-Dade County saw ICS manipulations, pumping untreated sewage—thankfully caught before mass health scares. Attribution evidence poured in fast. Microsoft Threat Intelligence, led by expert Sarah Edwards, traced command-and-control servers to Shenzhen-based VPS hosted by China Telecom, with malware signatures matching Salt Typhoon's 2025 campaign. FireEye's John Hultquist called it "textbook PLA Unit 61398," citing unique beaconing patterns in packet captures shared on VirusTotal. Defenses kicked in hard. Friday, DHS implemented emergency air-gapping at key nodes, per CISA Director Jen Easterly's directive, while CrowdStrike deployed Falcon OverWatch hunters to hunt IOCs. Zero-trust architectures at Duke Energy blocked lateral movement, buying time. Lessons learned? Cybersecurity guru Bruce Schneier hammered it on CNN: "We've got to ditch legacy OT protocols like Modbus—migrate to TLS-encrypted OPC UA now." Government officials echoed: FBI Deputy Director Dan Bongino urged public-private fusion centers for real-time threat intel sharing. As I sip my cold brew, staring at the threat map pulsing red, one thing's clear—this week's siege exposed our soft underbelly, but it also forged resilience. Experts like Mandiant's Charles Carmakal warn of AI-augmented phishing next, but we're adapting, listeners. Stay vigilant. Thanks for tuning in—subscribe for more intel drops. This has been a Quiet Please production, for more check out quietplease.ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI.
    Show More Show Less
    4 mins