Salt Typhoon Strikes Again: Cisco Backdoors, Infostealers & More! Your Cyber Gossip Fix with Ting episode artwork

EPISODE · Jul 1, 2025 · 4 MIN

Salt Typhoon Strikes Again: Cisco Backdoors, Infostealers & More! Your Cyber Gossip Fix with Ting

from Digital Frontline: Daily China Cyber Intel · host Inception Point AI

This is your Digital Frontline: Daily China Cyber Intel podcast. Hey all, Ting here—your digital vanguard and resident China-cyber-sleuth—bringing you the latest from the Digital Frontline: Daily China Cyber Intel, reporting as of July 1st, 2025. Let’s jump right into the thick of it: in the past 24 hours, US cyber defenders have been on high alert following fresh activity by Salt Typhoon, a China-linked APT group that’s become the stuff of cybersecurity nightmares. These folks are the ones who just exploited the infamous Cisco IOS XE vulnerability, tracked as CVE-2023-20198, scoring a perfect 10.0 on the CVSS chart. Unnamed telecom giants in Canada—and, by extension, the US—have seen their network configuration files pillaged, GRE tunnels spun up, and traffic siphoned off for espionage. The FBI and Canadian Centre for Cyber Security are waving red flags, warning this isn’t just telecoms—it’s anyone relying on edge network devices: internet providers, datacenters, and probably the pizza place that just upgraded its Wi-Fi. Their main goal? Persistent access for long-term surveillance, leveraging compromised routers to leapfrog deeper into critical networks. If you think that’s old news, think again. Despite public claims, US agencies believe the Salt Typhoon crew is still lurking inside major infrastructure, including Comcast’s vast broadband empire and datacenter behemoth Digital Realty. As Ryan Hanselman from Recorded Future put it, “We can reasonably assume attackers already have sufficient access into internet infrastructure and are looking to expand the ways they monitor datacenter activities.” Translation: they’re not just in the front door—they’re wandering room to room, peeking into every closet and cabinet. And it’s not just about the network plumbing. Meanwhile, infostealer malware is surging, quietly harvesting credentials through browser autofills, phishing links, and malicious downloads. It’s the perfect partner-in-crime for APT operators, giving them the fresh, tailored logins they need for deeper incursions, business email compromises, and more convincing social engineering[2]. So what’s the best defense for businesses and organizations, whether you’re a giant ISP or a ten-person marketing firm? Here’s Ting’s Greatest Hits, straight from expert advisories: Reset reused or weak passwords everywhere, especially for shared accounts and admin consoles. Enable two-factor authentication—preferably using app-based or passkey solutions. Audit your shared accounts. If passwords live in shared spreadsheets or email threads, move them into a password manager, stat. Train staff: The next wave of phishing will be hyper-personalized. Don’t trust—verify. That “urgent contract” from a client might be a Salt Typhoon plant. Patch, patch, patch. If you’ve got Cisco IOS XE anywhere in your network, drop everything and update now. Assume compromise until proven safe. On the big-picture front, the US Office of the Director of National Intellig This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Frontline: Daily China Cyber Intel podcast. Hey all, Ting here—your digital vanguard and resident China-cyber-sleuth—bringing you the latest from the Digital Frontline: Daily China Cyber Intel, reporting as of July 1st, 2025. Let’s jump right into the thick of it: in the past 24 hours, US cyber defenders have been on high alert following fresh activity by Salt Typhoon, a China-linked APT group that’s become the stuff of cybersecurity nightmares. These folks are the ones who just exploited the infamous Cisco IOS XE vulnerability, tracked as CVE-2023-20198, scoring a perfect 10.0 on the CVSS chart. Unnamed telecom giants in Canada—and, by extension, the US—have seen their network configuration files pillaged, GRE tunnels spun up, and traffic siphoned off for espionage. The FBI and Canadian Centre for Cyber Security are waving red flags, warning this isn’t just telecoms—it’s anyone relying on edge network devices: internet providers, datacenters, and probably the pizza place that just upgraded its Wi-Fi. Their main goal? Persistent access for long-term surveillance, leveraging compromised routers to leapfrog deeper into critical networks. If you think that’s old news, think again. Despite public claims, US agencies believe the Salt Typhoon crew is still lurking inside major infrastructure, including Comcast’s vast broadband empire and datacenter behemoth Digital Realty. As Ryan Hanselman from Recorded Future put it, “We can reasonably assume attackers already have sufficient access into internet infrastructure and are looking to expand the ways they monitor datacenter activities.” Translation: they’re not just in the front door—they’re wandering room to room, peeking into every closet and cabinet. And it’s not just about the network plumbing. Meanwhile, infostealer malware is surging, quietly harvesting credentials through browser autofills, phishing links, and malicious downloads. It’s the perfect partner-in-crime for APT operators, giving them the fresh, tailored logins they need for deeper incursions, business email compromises, and more convincing social engineering[2]. So what’s the best defense for businesses and organizations, whether you’re a giant ISP or a ten-person marketing firm? Here’s Ting’s Greatest Hits, straight from expert advisories: Reset reused or weak passwords everywhere, especially for shared accounts and admin consoles. Enable two-factor authentication—preferably using app-based or passkey solutions. Audit your shared accounts. If passwords live in shared spreadsheets or email threads, move them into a password manager, stat. Train staff: The next wave of phishing will be hyper-personalized. Don’t trust—verify. That “urgent contract” from a client might be a Salt Typhoon plant. Patch, patch, patch. If you’ve got Cisco IOS XE anywhere in your network, drop everything and update now. Assume compromise until proven safe. On the big-picture front, the US Office of the Director of National Intellig This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

Salt Typhoon Strikes Again: Cisco Backdoors, Infostealers & More! Your Cyber Gossip Fix with Ting

0:00 4:29

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Darknet Discussions Darknet Discussions Welcome to "Darknet Discussions," the podcast that gets into the shadows of the internet to bring you the most intriguing, enlightening, and sometimes unsettling stories from the dark web. Hosted by seasoned darknet aficionados, each episode of "Darknet Discussions" explores the intricate dynamics of darknet markets, cybersecurity threats, and the digital underworld. Join us as we interview experts, discuss the latest trends in cybercrime, and shed light on the technologies that operate beneath the surface of everyday internet use. Also, we occasionally go off on a tangent about something completely unrelated. The Digital Experience Show by Enonic Enonic All you need to know about digital strategy, digital experiences, and CMS are covered in this podcast. Powered by NotebookLM. Christadelphian Encouragements CE.captivate.fm Christadelphian Encouragements provides sermons, exhortations, bible studies, memorials, and daily readings from around the world. Please visit ChristadelphianEncouragements.Com and our content creators websites for more information and Christian audio content. CISO Perspectives (public) N2K Networks This season on CISO Perspectives, host Kim Jones explores some of the challenges of leading through uncertainty. We explore the complexity of the changing nature of regulation and working with the federal government, the evolution of privacy and fraud, and how emerging technologies like AI and quantum computing are changing cyber. When you don’t know what questions to ask, you’re afraid to ask, or don’t know who to ask, CISO Perspectives provides the foundation for learning in this brave new world.

Frequently Asked Questions

How long is this episode of Digital Frontline: Daily China Cyber Intel?

This episode is 4 minutes long.

When was this Digital Frontline: Daily China Cyber Intel episode published?

This episode was published on July 1, 2025.

What is this episode about?

This is your Digital Frontline: Daily China Cyber Intel podcast. Hey all, Ting here—your digital vanguard and resident China-cyber-sleuth—bringing you the latest from the Digital Frontline: Daily China Cyber Intel, reporting as of July 1st,...

Can I download this Digital Frontline: Daily China Cyber Intel episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!