From Bans to Breaches: TikTok, PlugX, FortiGate, and Salt Typhoon

Forecast: TikTok storm clears out as critical infrastructure takes a hit from FortiGate downpours. ‍ In this episode of Storm⚡️Watch, we explore the dramatic conclusion of TikTok's presence in the United States and its unexpected return. The saga, which began in 2019 with initial government scrutiny, culminated in a series of significant events in January 2025, including the Supreme Court's unanimous decision to uphold the federal ban law and TikTok's brief operational shutdown. We'll discuss the emergence of alternative platforms like Xiaohongshu (REDNote) in the U.S. market and examine recent security concerns, including Remy's investigation into potential backdoor vulnerabilities. The conversation then shifts to a major cybersecurity operation where the Justice Department and FBI successfully removed malware deployed by China-backed hackers using PlugX. We'll share insights from CISA Director Jen Easterly's recent comments on the Salt Typhoon campaign and their approach to tracking cyber threats. A significant portion of our discussion focuses on the FortiGate configuration leak incident. The Belsen Group's release of sensitive data from over 15,000 FortiGate devices has exposed critical infrastructure vulnerabilities across multiple countries. The leak, stemming from a 2022 authentication bypass vulnerability (CVE-2022-40684), primarily affected devices in Mexico and the UAE, with configuration files containing firewall rules, VPN credentials, and digital certificates being exposed. We wrap up with an analysis of recent Volt Typhoon activities and their implications for global cybersecurity, along with some suspicious thoughts from GreyNoise. This episode provides crucial insights into the evolving landscape of international cyber threats and the continuous challenges faced by security professionals worldwide. Storm Watch Homepage >> Learn more about GreyNoise >>