Volt Typhoon is Back and They're Coming for Your VPN: Why Beijing is Mapping US Infrastructure Like a Heist Movie

This is your Digital Frontline: Daily China Cyber Intel podcast. Ting here on Digital Frontline: Daily China Cyber Intel, let’s jack straight into today’s China–US cyber storyline. Overnight, several threat intel shops, including Mandiant and Recorded Future, flagged renewed activity from China‑nexus groups tracking as Volt Typhoon and APT31, with infrastructure lighting up against US critical infrastructure and defense contractors. Analysts at CrowdStrike say the targeting pattern looks like “long‑term battlefield prep,” not smash‑and‑grab ransomware, with beacons quietly probing edge devices, VPNs, and managed routers servicing energy, water, and telecom networks in the United States. On the government side, people watching Pacific posture note that Defense One and the Defense Acquisition “Headlines” brief are tying this uptick in cyber reconnaissance to China’s more aggressive naval and air presence, suggesting the PLA is syncing physical patrols with digital mapping of US logistics, satellite links, and Air Force support systems. Commercial targets were busy too. Several US semiconductor and aerospace suppliers reported Indicators of Compromise shared via the Cybersecurity and Infrastructure Security Agency, or CISA, pointing to phishing waves using fake procurement emails that impersonate real US defense primes. Proofpoint researchers describe payload‑less emails that try to steal Okta, Microsoft Entra ID, and Google Workspace credentials, then pivot into Git repositories holding firmware and chip design data. Financial services did not get a pass. According to analysts cited by Cyber Security News, Chinese‑linked clusters are experimenting with living‑off‑the‑land tools inside US payment processors and regional banks, abusing PowerShell, WMI, and legitimate remote‑management agents. Their goal appears to be transaction visibility and long‑term intelligence, not quick theft, which matches Beijing’s broader economic‑espionage playbook. Defensive advisories came fast. CISA and the FBI reiterated earlier guidance on Volt Typhoon–style operations, emphasizing patching of edge appliances from vendors like Fortinet, Cisco, and Palo Alto Networks, enforcing strong authentication for remote admin, and enabling robust logging on VPNs and SD‑WAN devices. Microsoft’s security team urged US enterprises to review conditional access policies and disable legacy authentication, noting that Chinese operators are still finding “forgotten” protocols to brute‑force. Experts from SANS and MITRE reminded everyone that many of these campaigns map cleanly to familiar ATT&CK techniques: valid accounts, command‑and‑control over web protocols, and abuse of remote services. Their message to you: visibility beats vibes. If you cannot see authentication anomalies and outbound traffic, you are flying blind against nation‑state operators. So, what should you actually do today if you run a business or organization in the US? First, lock down identity: enable phishing‑resistant multifactor where possible, restrict admin accounts to hardened workstations, and audit every account with remote access. Second, harden the edge: inventory all internet‑facing devices, verify they are patched, and shut down unused services and ports. Third, monitor like you mean it: baseline normal VPN and admin behavior, and configure alerts on impossible travel, off‑hours logins from unusual ASNs, and sudden surges in data egress. Fourth, practice the “assume breach” mindset: run a tabletop exercise focused on Chinese APT lateral movement and see how quickly your team detects and contains a simulated intrusion. I’m Ting, your friendly China‑cyber nerd, reminding you that the PLA does not sleep, and neither should your logs. Thanks for tuning in, and don’t forget to subscribe so you stay ahead of tomorrow’s threat brief. This has been a quiet please production, for more check out quiet please dot ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta