Chinese Hacker Drama: Salt Typhoon Storms the Grid as US Scrambles for Cover episode artwork

EPISODE · Sep 7, 2025 · 4 MIN

Chinese Hacker Drama: Salt Typhoon Storms the Grid as US Scrambles for Cover

from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. This is Ting, your cybertastic scout reporting in for Digital Dragon Watch—and wow, the last seven days have been a buffet of cyber drama starring China, its hacking hit squads, and the US defense crowd scrambling for moves. Junk the slow intro, let’s get to the good parts: Leading this week’s cyber parade is Salt Typhoon—Microsoft’s favorite nickname for this particularly gutsy, state-backed group out of China’s Ministry of State Security. The FBI said just last month that Salt Typhoon has hacked over 200 companies across 80 countries, from US telecoms to hotels to a Canadian telecom, and most recently struck Viasat, exploiting kernel-mode Windows rootkits like Demodex. That’s not just data exfiltration, that’s full-on espionage with anti-forensic and anti-analysis techniques that’d make a Hollywood A-lister jealous. Former NSA analyst Terry Dunlap calls them a “component of China’s 100-Year Strategy.” If that doesn’t sound ominous, I don’t know what does. And if you thought Salt Typhoon was a one-man band, cue the Google Threat Intelligence team’s latest blog about UNC6384—aka Mustang Panda, aka TEMP.Hex—hijacking web traffic and deploying heavily obfuscated malware like SOGU.SEC against Southeast Asian diplomats. These actors aren’t just lurking at the cyber fringes; they’re right up in the government and telecom sectors where the data glitters most. The US government is not taking this snooze-worthy. The Cybersecurity and Infrastructure Security Agency (CISA) has been alerting critical infrastructure orgs after Microsoft revealed Chinese state actors exploiting SharePoint vulnerabilities. And it’s not just CISA in the alarm club—this week a coalition including Five Eyes, plus Germany, Italy, Japan, and more, publicly called out three Chinese firms (Sichuan Juxinhe, Beijing Huanyu Tianqiong, Sichuan Zhixin Ruijie) for hands-on collaboration with the PLA and the Ministry of State Security. The US Treasury even slapped sanctions on Juxinhe for its ties to Salt Typhoon and snacking on Americans’ call records. For sector targeting, you’re seeing everything from telecom to the trade game. The Wall Street Journal dropped news about a phishing campaign using bogus emails from Rep. John Moolenaar loaded with APT41-crafted malware, all designed to scoop insights into US-China trade talks. FBI and Capitol Police are on the hunt, no stone unturned. Across the pond, the Czech Republic’s National Cyber and Information Security Agency just dialed up its “China risk” rating to high, warning critical infrastructure folks to avoid Chinese devices and cloud services—think IP cameras, EVs, even medical gear. They’ve confirmed direct APT31 action against the Ministry of Foreign Affairs. If you’re Euro-based and running Chinese tech anywhere near sensitive data, time to rethink your product choices ASAP. Expert consensus? The recommendation list is packed: implement zero-trust security ar This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. This is Ting, your cybertastic scout reporting in for Digital Dragon Watch—and wow, the last seven days have been a buffet of cyber drama starring China, its hacking hit squads, and the US defense crowd scrambling for moves. Junk the slow intro, let’s get to the good parts: Leading this week’s cyber parade is Salt Typhoon—Microsoft’s favorite nickname for this particularly gutsy, state-backed group out of China’s Ministry of State Security. The FBI said just last month that Salt Typhoon has hacked over 200 companies across 80 countries, from US telecoms to hotels to a Canadian telecom, and most recently struck Viasat, exploiting kernel-mode Windows rootkits like Demodex. That’s not just data exfiltration, that’s full-on espionage with anti-forensic and anti-analysis techniques that’d make a Hollywood A-lister jealous. Former NSA analyst Terry Dunlap calls them a “component of China’s 100-Year Strategy.” If that doesn’t sound ominous, I don’t know what does. And if you thought Salt Typhoon was a one-man band, cue the Google Threat Intelligence team’s latest blog about UNC6384—aka Mustang Panda, aka TEMP.Hex—hijacking web traffic and deploying heavily obfuscated malware like SOGU.SEC against Southeast Asian diplomats. These actors aren’t just lurking at the cyber fringes; they’re right up in the government and telecom sectors where the data glitters most. The US government is not taking this snooze-worthy. The Cybersecurity and Infrastructure Security Agency (CISA) has been alerting critical infrastructure orgs after Microsoft revealed Chinese state actors exploiting SharePoint vulnerabilities. And it’s not just CISA in the alarm club—this week a coalition including Five Eyes, plus Germany, Italy, Japan, and more, publicly called out three Chinese firms (Sichuan Juxinhe, Beijing Huanyu Tianqiong, Sichuan Zhixin Ruijie) for hands-on collaboration with the PLA and the Ministry of State Security. The US Treasury even slapped sanctions on Juxinhe for its ties to Salt Typhoon and snacking on Americans’ call records. For sector targeting, you’re seeing everything from telecom to the trade game. The Wall Street Journal dropped news about a phishing campaign using bogus emails from Rep. John Moolenaar loaded with APT41-crafted malware, all designed to scoop insights into US-China trade talks. FBI and Capitol Police are on the hunt, no stone unturned. Across the pond, the Czech Republic’s National Cyber and Information Security Agency just dialed up its “China risk” rating to high, warning critical infrastructure folks to avoid Chinese devices and cloud services—think IP cameras, EVs, even medical gear. They’ve confirmed direct APT31 action against the Ministry of Foreign Affairs. If you’re Euro-based and running Chinese tech anywhere near sensitive data, time to rethink your product choices ASAP. Expert consensus? The recommendation list is packed: implement zero-trust security ar This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

Chinese Hacker Drama: Salt Typhoon Storms the Grid as US Scrambles for Cover

0:00 4:22

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Digital Dragon Watch: Weekly China Cyber Alert?

This episode is 4 minutes long.

When was this Digital Dragon Watch: Weekly China Cyber Alert episode published?

This episode was published on September 7, 2025.

What is this episode about?

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. This is Ting, your cybertastic scout reporting in for Digital Dragon Watch—and wow, the last seven days have been a buffet of cyber drama starring China, its hacking hit squads,...

Can I download this Digital Dragon Watch: Weekly China Cyber Alert episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!