china

Unwinding the Deal: China Blocks Meta's Manus AI Acquisition

John Z Black Apr 27, 2026

Policy, Law & Governance #china #meta #ai-geopolitics #manus #tech-policy

China reversed a completed Meta acquisition of AI startup Manus on national security grounds. We're now in the era of strategic AI protectionism.

Adversarial Distillation: The Industrial-Scale Theft of Frontier AI

John Z Black Apr 23, 2026

AI Security #ai-security #china #adversarial-distillation #deepseek #white-house #espionage #frontier-ai #anthropic

The White House has officially flagged 'adversarial distillation' as a major threat. China is using tens of thousands of fake accounts to clone U.S. AI capabilities by strip-mining model outputs. This is model theft through the front door.

The Devices China Already Owns: Pre-Positioning for Future Conflict

John Z Black Apr 23, 2026

Threat Intelligence #china #volt-typhoon #flax-typhoon #cisa #ncsc #covert-network #pre-positioning #critical-infrastructure

China's state actors aren't just hacking networks; they're acquiring real estate. A massive joint advisory reveals how covert device networks are being pre-positioned inside everyday hardware like routers and NAS devices, waiting for the right moment to be activated.

China Is Running Two Operations Against Taiwan at Once

John Z Black Apr 15, 2026

Threat Intelligence #china #taiwan #nation-state #influence-operations #lucidrook #lua-malware #cognitive-warfare #ngo #uat-10362

Cisco Talos found Lua-based malware targeting Taiwanese NGOs and universities. Taiwan's intelligence service identified 13,000 AI-amplified influence accounts and 860,000 posts. These are not separate stories.

A Hacker Claims the Biggest Military Breach in History. Experts Think It Might Be Real.

John Z Black Apr 12, 2026

Incidents & Breaches #flamingchina #china #tianjin #nscc #military-breach #supercomputer #threat-intelligence #unverified

FlamingChina claims to have stolen 10 petabytes from China's National Supercomputing Center in Tianjin, including missile schematics and weapons testing data. CNN showed samples to cybersecurity experts. They declined to dismiss it. This has not been confirmed.

China's Ransomware Groups Are Using Zero-Days Now. That Changes the Math.

John Z Black Apr 7, 2026

Ransomware & Cybercrime #storm-1175 #medusa #qilin #china #zero-day #edr #ransomware

Microsoft links China-based Storm-1175 to Medusa ransomware using zero-day exploits, while Qilin deploys EDR-killing techniques before encryption.

China's TA416 Is Back in Europe After Two Years. They Brought New Tricks.

John Z Black Apr 6, 2026

Threat Intelligence #china #ta416 #plugx #oauth #phishing #espionage #eu #apt

TA416 has resumed targeting EU government and diplomatic organizations with PlugX malware, now abusing OAuth redirects to slip past traditional phishing defenses.

BRICKSTORM Hides Where Your EDR Can't See It

John Z Black Apr 6, 2026

Threat Intelligence #china #espionage #vmware #vsphere #brickstorm #unc5221 #edr #hypervisor

A suspected China-nexus espionage operation targets VMware vCenter and ESXi hypervisors, persisting at the virtualization layer where endpoint security is blind.

A Zero-Day Turned TrueConf's Update Channel Into a Malware Delivery System

John Z Black Apr 3, 2026

Threat Intelligence #zero-day #supply-chain #trueconf #espionage #china #cve-2026-3502

Chinese-nexus actors exploited a zero-day in TrueConf to hijack the update mechanism and push trojanized updates to Southeast Asian government agencies.

FBI Says China Hacked Its Surveillance Systems, Triggers 'Major Incident' Classification

John Z Black Apr 3, 2026

Incidents & Breaches #fbi #china #surveillance #fisma #espionage #nation-state

The FBI classified a suspected Chinese intrusion into law enforcement surveillance infrastructure as a FISMA major incident, forcing Congressional notification within days.

Three Chinese Hacker Groups Hit the Same Government. At the Same Time.

John Z Black Mar 31, 2026

Threat Intelligence #china #apt #mustang-panda #unit42 #espionage #southeast-asia #usb-worm #hiupan #nation-state

China's BPFDoor Got an Upgrade. Passive Defenses Still Can't See It.

John Z Black Mar 28, 2026

Threat Intelligence #bpfdoor #china #red-menshen #telecom #apt #nation-state #threat-hunting #backdoor

Red Menshen's upgraded BPFDoor backdoor now hides even better inside telecom backbone networks, and the only way to find it is active threat hunting that most carriers aren't doing.

China Is Running Three Cyber Operations Against the West Simultaneously. Here's What They Look Like.

John Z Black Mar 27, 2026

Threat Intelligence #china #nation-state #bpfdoor #telecom #scam-compounds #xinbi

BPFDoor sleeping inside telecom networks, US officials blaming Beijing for enabling billion-dollar fraud, and a $20B Telegram black market just sanctioned by the UK. Three fronts, one picture.

Smuggled Silicon: The DOJ Case That Puts AI Export Controls in the Spotlight

John Z Black Mar 21, 2026

Policy, Law & Governance #ai #export-controls #china #doj #supply-chain #national-security #hardware #policy

Three men charged with smuggling US AI hardware to China represent the first major criminal test of export control law applied to high-performance compute. The era of treating AI export controls as background noise is over.

Two Spy Campaigns, Two Completely Different Playbooks

John Z Black Mar 16, 2026

Threat Intelligence #espionage #apt #china #russia #signal #asean #military #threat-intelligence

A Chinese APT has been sitting inside Southeast Asian military networks for six years. Meanwhile, Russian hackers are stealing Signal accounts with fake support messages. Same goal, wildly different approaches.

China's Been Quietly Spying on Southeast Asian Militaries for Years

John Z Black Mar 13, 2026

Nation-State Threats #china #apt #espionage #southeast-asia #military #unit42 #nation-state

Unit 42 documented a suspected Chinese state-sponsored espionage campaign with years of undetected access to military networks across Southeast Asia. This is what patient intelligence collection looks like.

After the 'Worst Telecom Hack in History,' Washington Is Already Moving On

John Z Black Mar 13, 2026

Policy & Governance #salt-typhoon #telecom #section-702 #nsa #cyber-policy #china #surveillance

Salt Typhoon was called the most significant cyberattack on US telecom infrastructure ever. Policy reform momentum is stalling. Congress is more interested in restricting FBI surveillance than fixing the infrastructure that got hacked.