
Midnight Phishing Party: China's Fake Microsoft App Just Stole Your Defense Contractor Credentials While You Slept
From Red Alert: China's Daily Cyber Moves by Inception Point Ai
May 20, 2026 · 5 min
About this episode
The episode discusses a phishing attack targeting U.S. defense contractors by Chinese state-aligned actors using a fake Microsoft app.
This is your Red Alert: China's Daily Cyber Moves podcast. I’m Alexandra Reeves, and this is Red Alert: China’s Daily Cyber Moves. We start just after midnight on the East Coast, when network telemetry firms pick up a fresh phishing wave targeting U.S. defense contractors. According to Verizon’s 2026 Data Breach Investigations Report, Chinese state-aligned actors have shifted hard into credential-theft phishing with browser-in-the-browser overlays. Tonight’s lure pretends to be a shared “EU-NATO cyber drill” document. The payload? A custom variant of the PlugX remote access tool, rebuilt to look like legitimate Microsoft traffic. By 01:30, a managed security operations center in Northern Virginia notices anomalous OAuth consents in a logistics firm that supports Pacific Fleet movements out of San Diego and Pearl Harbor. Tokens are being granted to a fake app mimicking Microsoft Entra ID. The pattern matches what the Frontier Risk Report from METR warned about this week: more automated, AI-assisted campaigns that adapt in real time to security controls, rotating infrastructure and tweaking lure text as filters catch up. Around 02:15, CISA and the FBI push out an emergency joint…
People in this episode
Host: Alexandra Reeves
Topics covered
- cybersecurity
- phishing
- credential theft
- China
- defense contractors
- malware
- emergency advisory
Keywords
- phishing
- cyber attack
- credential theft
- PlugX
- Microsoft Entra ID
- CISA
- FBI
- defense contractors
- cybersecurity
Mentioned in this episode
Organizations: Verizon, CISA, FBI, METR
Products: Microsoft Entra ID, PlugX
Places: Northern Virginia, San Diego, Pearl Harbor
More episodes of Red Alert: China's Daily Cyber Moves
- Red Alert: Chinas Cyber Shopping Spree - Fake Jobs, FIFA Phishing, and Why Your World Cup Bet Could Cost You Clearance · June 12, 2026 · 3 min
- China's Spare Keys: Why Beijing Just Hid Backdoors in Your Power Grid and Stole Your AI Over the Weekend · June 10, 2026 · 4 min
- Ting Spills Tea: China's Cyber Crews Are Living Rent-Free in US Power Grids and Nobody's Kicking Them Out Yet · June 8, 2026 · 4 min
- Microsoft's GitHub Dumpster Fire: When 73 Repos Catch Chinese Supply Chain Cooties and Your Monday Gets Worse · June 7, 2026 · 4 min
- China's Cyber Slowburn: HTTP Bombs, Human Spies, and the Art of Staying Invisible While Your SOC Drinks Cold Coffee · June 5, 2026 · 4 min
- Beijing's Cyber Tourists Shaking Every Digital Doorknob: Salt Typhoon Still Lurking in US Telecoms Since 2019 · June 3, 2026 · 5 min
Explore listener stats, chart rankings, contacts and more on the Red Alert: China's Daily Cyber Moves podcast page.