Sign up to save your podcasts
Or
Share Beijing's Typhoon Hackers: Holding US Lifelines Hostage in Cyberspace
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Beijing's Typhoon Hackers: Holding US Lifelines Hostage in Cyberspace
This is your Cyber Sentinel: Beijing Watch podcast.
Listeners, it’s Ting here on Cyber Sentinel: Beijing Watch, and wow, this week’s Chinese cyber activity was like a Typhoon—literally and figuratively. If you’re picturing a couple of script kiddies poking around, forget it. Beijing’s state-linked ‘Typhoon’ operations have gone full spectrum, and the McCrary Institute’s latest “Code Red” report is practically bedtime reading for anyone responsible for US critical infrastructure. I’m talking energy, water, telecom, transport, and healthcare—all on the digital chopping block, all under intensifying siege.
Let’s start with the big baddies: Volt Typhoon has been busy nosing into industrial control systems and SCADA networks for US energy providers. The tactics? Quiet, persistent access, the kind that can let the PRC pull the plug whenever the mood strikes. Imagine Russia’s Ukraine grid takedown in 2015, but across multiple US states, impacting everything from power to hospitals to military logistics. Even a temporary outage could be a disaster during a crisis, and that’s clearly the intent—preposition capabilities for maximum leverage.
Meanwhile, the Salt Typhoon crew did some deep dives on US telecom, proving they could sneak into the likes of Verizon and AT&T to surveil call records, snatch geolocation data, and maybe even peek at law enforcement intercepts. Ribbon Communications—a major US provider—just disclosed a China-linked breach that, while financially contained, shows these actors can persist for months, undetected, pilfering sensitive files from endpoints in ways that blur traditional security perimeters.
Transportation? Beijing knows that disruption here throws logistical wrenches at scale. The mere threat of airport system hacks or interference at maritime chokepoints like the Port of Los Angeles could stall military deployments, cripple supply lines, and send shipping rates through the stratosphere. For healthcare, those same Typhoon actors see our hospitals as not just soft targets, but strategic pressure points—ransomware in a crisis could mean lives lost and public panic amplified.
Let’s talk tactics. Spear phishing remains king—this month, European diplomats got stung when UNC6384 (part of the infamous Mustang Panda family) deployed PlugX RAT, exploiting a Windows shortcut vulnerability, CVE-2025-9491, for stealth remote access. They weaponized an unpatched flaw, leveraged old but trusted Canon binaries for side-loading, and used convincing conference PDFs to lure their prey. These folks are fast—rolling out weaponized exploits just months after public disclosure, and bundling them in multi-stage payloads that demonstrate serious R&D investment.
Strategically, China prefers obscurity—using third-party cutouts and legal gray zones to delay attribution, as seen in the long dwell times like the Ribbon breach. US and allied countermeasures—joint advisories, sanctions, even indictments—raise costs but haven’t changed Beijing’s beha
This content was created in partnership and with the help of Artificial Intelligence AI.
View all episodes
By Inception Point AIThis is your Cyber Sentinel: Beijing Watch podcast.
Listeners, it’s Ting here on Cyber Sentinel: Beijing Watch, and wow, this week’s Chinese cyber activity was like a Typhoon—literally and figuratively. If you’re picturing a couple of script kiddies poking around, forget it. Beijing’s state-linked ‘Typhoon’ operations have gone full spectrum, and the McCrary Institute’s latest “Code Red” report is practically bedtime reading for anyone responsible for US critical infrastructure. I’m talking energy, water, telecom, transport, and healthcare—all on the digital chopping block, all under intensifying siege.
Let’s start with the big baddies: Volt Typhoon has been busy nosing into industrial control systems and SCADA networks for US energy providers. The tactics? Quiet, persistent access, the kind that can let the PRC pull the plug whenever the mood strikes. Imagine Russia’s Ukraine grid takedown in 2015, but across multiple US states, impacting everything from power to hospitals to military logistics. Even a temporary outage could be a disaster during a crisis, and that’s clearly the intent—preposition capabilities for maximum leverage.
Meanwhile, the Salt Typhoon crew did some deep dives on US telecom, proving they could sneak into the likes of Verizon and AT&T to surveil call records, snatch geolocation data, and maybe even peek at law enforcement intercepts. Ribbon Communications—a major US provider—just disclosed a China-linked breach that, while financially contained, shows these actors can persist for months, undetected, pilfering sensitive files from endpoints in ways that blur traditional security perimeters.
Transportation? Beijing knows that disruption here throws logistical wrenches at scale. The mere threat of airport system hacks or interference at maritime chokepoints like the Port of Los Angeles could stall military deployments, cripple supply lines, and send shipping rates through the stratosphere. For healthcare, those same Typhoon actors see our hospitals as not just soft targets, but strategic pressure points—ransomware in a crisis could mean lives lost and public panic amplified.
Let’s talk tactics. Spear phishing remains king—this month, European diplomats got stung when UNC6384 (part of the infamous Mustang Panda family) deployed PlugX RAT, exploiting a Windows shortcut vulnerability, CVE-2025-9491, for stealth remote access. They weaponized an unpatched flaw, leveraged old but trusted Canon binaries for side-loading, and used convincing conference PDFs to lure their prey. These folks are fast—rolling out weaponized exploits just months after public disclosure, and bundling them in multi-stage payloads that demonstrate serious R&D investment.
Strategically, China prefers obscurity—using third-party cutouts and legal gray zones to delay attribution, as seen in the long dwell times like the Ribbon breach. US and allied countermeasures—joint advisories, sanctions, even indictments—raise costs but haven’t changed Beijing’s beha
This content was created in partnership and with the help of Artificial Intelligence AI.