Sign up to save your podcasts
Or
Share Beijing's Typhoon Hackers: Holding US Lifelines Hostage in Cyberspace
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Beijing's Typhoon Hackers: Holding US Lifelines Hostage in Cyberspace
This is your Cyber Sentinel: Beijing Watch podcast.
Listeners, it’s Ting here on Cyber Sentinel: Beijing Watch, and wow, this week’s Chinese cyber activity was like a Typhoon—literally and figuratively. If you’re picturing a couple of script kiddies poking around, forget it. Beijing’s state-linked ‘Typhoon’ operations have gone full spectrum, and the McCrary Institute’s latest “Code Red” report is practically bedtime reading for anyone responsible for US critical infrastructure. I’m talking energy, water, telecom, transport, and healthcare—all on the digital chopping block, all under intensifying siege.
Let’s start with the big baddies: Volt Typhoon has been busy nosing into industrial control systems and SCADA networks for US energy providers. The tactics? Quiet, persistent access, the kind that can let the PRC pull the plug whenever the mood strikes. Imagine Russia’s Ukraine grid takedown in 2015, but across multiple US states, impacting everything from power to hospitals to military logistics. Even a temporary outage could be a disaster during a crisis, and that’s clearly the intent—preposition capabilities for maximum leverage.
Meanwhile, the Salt Typhoon crew did some deep dives on US telecom, proving they could sneak into the likes of Verizon and AT&T to surveil call records, snatch geolocation data, and maybe even peek at law enforcement intercepts. Ribbon Communications—a major US provider—just disclosed a China-linked breach that, while financially contained, shows these actors can persist for months, undetected, pilfering sensitive files from endpoints in ways that blur traditional security perimeters.
Transportation? Beijing knows that disruption here throws logistical wrenches at scale. The mere threat of airport system hacks or interference at maritime chokepoints like the Port of Los Angeles could stall military deployments, cripple supply lines, and send shipping rates through the stratosphere. For healthcare, those same Typhoon actors see our hospitals as not just soft targets, but strategic pressure points—ransomware in a crisis could mean lives lost and public panic amplified.
Let’s talk tactics. Spear phishing remains king—this month, European diplomats got stung when UNC6384 (part of the infamous Mustang Panda family) deployed PlugX RAT, exploiting a Windows shortcut vulnerability, CVE-2025-9491, for stealth remote access. They weaponized an unpatched flaw, leveraged old but trusted Canon binaries for side-loading, and used convincing conference PDFs to lure their prey. These folks are fast—rolling out weaponized exploits just months after public disclosure, and bundling them in multi-stage payloads that demonstrate serious R&D investment.
Strategically, China prefers obscurity—using third-party cutouts and legal gray zones to delay attribution, as seen in the long dwell times like the Ribbon breach. US and allied countermeasures—joint advisories, sanctions, even indictments—raise costs but haven’t changed Beijing’s behavior. The international legal toolkit? Still lagging, since the Tallinn Manual remains non-binding and China keeps pushing state sovereignty online.
So what should we do? The McCrary Institute suggests it’s time to think beyond band-aid advisories. We need to build infrastructure resilience—think segmentation, industrial protocol hardening, disciplined patching (looking at you, VMware admins—patch those CVE-2025-41244 flaws now), and a “defend forward” strategy as per US Cyber Command to disrupt attacks before they hit stateside. And, crucially, harmonize legal frameworks across allies. Sanctions and attributions work best when we’re all in, all at once.
The bottom line is chilling. Typhoon actors want access everywhere, not just for espionage, but for maximal disruption at a time and place of Beijing’s choosing. The goal is to hold US lifelines hostage in any future gray zone or hot conflict. For security pros, it’s not just about catching intrusions; it’s about rethinking resilience, forging coalitions, and outpacing Beijing’s playbook—not just this week, but every week from here out.
Thanks for tuning in, listeners. Don’t forget to subscribe, and stay sharp out there. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Listeners, it’s Ting here on Cyber Sentinel: Beijing Watch, and wow, this week’s Chinese cyber activity was like a Typhoon—literally and figuratively. If you’re picturing a couple of script kiddies poking around, forget it. Beijing’s state-linked ‘Typhoon’ operations have gone full spectrum, and the McCrary Institute’s latest “Code Red” report is practically bedtime reading for anyone responsible for US critical infrastructure. I’m talking energy, water, telecom, transport, and healthcare—all on the digital chopping block, all under intensifying siege.
Let’s start with the big baddies: Volt Typhoon has been busy nosing into industrial control systems and SCADA networks for US energy providers. The tactics? Quiet, persistent access, the kind that can let the PRC pull the plug whenever the mood strikes. Imagine Russia’s Ukraine grid takedown in 2015, but across multiple US states, impacting everything from power to hospitals to military logistics. Even a temporary outage could be a disaster during a crisis, and that’s clearly the intent—preposition capabilities for maximum leverage.
Meanwhile, the Salt Typhoon crew did some deep dives on US telecom, proving they could sneak into the likes of Verizon and AT&T to surveil call records, snatch geolocation data, and maybe even peek at law enforcement intercepts. Ribbon Communications—a major US provider—just disclosed a China-linked breach that, while financially contained, shows these actors can persist for months, undetected, pilfering sensitive files from endpoints in ways that blur traditional security perimeters.
Transportation? Beijing knows that disruption here throws logistical wrenches at scale. The mere threat of airport system hacks or interference at maritime chokepoints like the Port of Los Angeles could stall military deployments, cripple supply lines, and send shipping rates through the stratosphere. For healthcare, those same Typhoon actors see our hospitals as not just soft targets, but strategic pressure points—ransomware in a crisis could mean lives lost and public panic amplified.
Let’s talk tactics. Spear phishing remains king—this month, European diplomats got stung when UNC6384 (part of the infamous Mustang Panda family) deployed PlugX RAT, exploiting a Windows shortcut vulnerability, CVE-2025-9491, for stealth remote access. They weaponized an unpatched flaw, leveraged old but trusted Canon binaries for side-loading, and used convincing conference PDFs to lure their prey. These folks are fast—rolling out weaponized exploits just months after public disclosure, and bundling them in multi-stage payloads that demonstrate serious R&D investment.
Strategically, China prefers obscurity—using third-party cutouts and legal gray zones to delay attribution, as seen in the long dwell times like the Ribbon breach. US and allied countermeasures—joint advisories, sanctions, even indictments—raise costs but haven’t changed Beijing’s behavior. The international legal toolkit? Still lagging, since the Tallinn Manual remains non-binding and China keeps pushing state sovereignty online.
So what should we do? The McCrary Institute suggests it’s time to think beyond band-aid advisories. We need to build infrastructure resilience—think segmentation, industrial protocol hardening, disciplined patching (looking at you, VMware admins—patch those CVE-2025-41244 flaws now), and a “defend forward” strategy as per US Cyber Command to disrupt attacks before they hit stateside. And, crucially, harmonize legal frameworks across allies. Sanctions and attributions work best when we’re all in, all at once.
The bottom line is chilling. Typhoon actors want access everywhere, not just for espionage, but for maximal disruption at a time and place of Beijing’s choosing. The goal is to hold US lifelines hostage in any future gray zone or hot conflict. For security pros, it’s not just about catching intrusions; it’s about rethinking resilience, forging coalitions, and outpacing Beijing’s playbook—not just this week, but every week from here out.
Thanks for tuning in, listeners. Don’t forget to subscribe, and stay sharp out there. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Cyber Sentinel: Beijing Watch podcast.
Listeners, it’s Ting here on Cyber Sentinel: Beijing Watch, and wow, this week’s Chinese cyber activity was like a Typhoon—literally and figuratively. If you’re picturing a couple of script kiddies poking around, forget it. Beijing’s state-linked ‘Typhoon’ operations have gone full spectrum, and the McCrary Institute’s latest “Code Red” report is practically bedtime reading for anyone responsible for US critical infrastructure. I’m talking energy, water, telecom, transport, and healthcare—all on the digital chopping block, all under intensifying siege.
Let’s start with the big baddies: Volt Typhoon has been busy nosing into industrial control systems and SCADA networks for US energy providers. The tactics? Quiet, persistent access, the kind that can let the PRC pull the plug whenever the mood strikes. Imagine Russia’s Ukraine grid takedown in 2015, but across multiple US states, impacting everything from power to hospitals to military logistics. Even a temporary outage could be a disaster during a crisis, and that’s clearly the intent—preposition capabilities for maximum leverage.
Meanwhile, the Salt Typhoon crew did some deep dives on US telecom, proving they could sneak into the likes of Verizon and AT&T to surveil call records, snatch geolocation data, and maybe even peek at law enforcement intercepts. Ribbon Communications—a major US provider—just disclosed a China-linked breach that, while financially contained, shows these actors can persist for months, undetected, pilfering sensitive files from endpoints in ways that blur traditional security perimeters.
Transportation? Beijing knows that disruption here throws logistical wrenches at scale. The mere threat of airport system hacks or interference at maritime chokepoints like the Port of Los Angeles could stall military deployments, cripple supply lines, and send shipping rates through the stratosphere. For healthcare, those same Typhoon actors see our hospitals as not just soft targets, but strategic pressure points—ransomware in a crisis could mean lives lost and public panic amplified.
Let’s talk tactics. Spear phishing remains king—this month, European diplomats got stung when UNC6384 (part of the infamous Mustang Panda family) deployed PlugX RAT, exploiting a Windows shortcut vulnerability, CVE-2025-9491, for stealth remote access. They weaponized an unpatched flaw, leveraged old but trusted Canon binaries for side-loading, and used convincing conference PDFs to lure their prey. These folks are fast—rolling out weaponized exploits just months after public disclosure, and bundling them in multi-stage payloads that demonstrate serious R&D investment.
Strategically, China prefers obscurity—using third-party cutouts and legal gray zones to delay attribution, as seen in the long dwell times like the Ribbon breach. US and allied countermeasures—joint advisories, sanctions, even indictments—raise costs but haven’t changed Beijing’s behavior. The international legal toolkit? Still lagging, since the Tallinn Manual remains non-binding and China keeps pushing state sovereignty online.
So what should we do? The McCrary Institute suggests it’s time to think beyond band-aid advisories. We need to build infrastructure resilience—think segmentation, industrial protocol hardening, disciplined patching (looking at you, VMware admins—patch those CVE-2025-41244 flaws now), and a “defend forward” strategy as per US Cyber Command to disrupt attacks before they hit stateside. And, crucially, harmonize legal frameworks across allies. Sanctions and attributions work best when we’re all in, all at once.
The bottom line is chilling. Typhoon actors want access everywhere, not just for espionage, but for maximal disruption at a time and place of Beijing’s choosing. The goal is to hold US lifelines hostage in any future gray zone or hot conflict. For security pros, it’s not just about catching intrusions; it’s about rethinking resilience, forging coalitions, and outpacing Beijing’s playbook—not just this week, but every week from here out.
Thanks for tuning in, listeners. Don’t forget to subscribe, and stay sharp out there. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Listeners, it’s Ting here on Cyber Sentinel: Beijing Watch, and wow, this week’s Chinese cyber activity was like a Typhoon—literally and figuratively. If you’re picturing a couple of script kiddies poking around, forget it. Beijing’s state-linked ‘Typhoon’ operations have gone full spectrum, and the McCrary Institute’s latest “Code Red” report is practically bedtime reading for anyone responsible for US critical infrastructure. I’m talking energy, water, telecom, transport, and healthcare—all on the digital chopping block, all under intensifying siege.
Let’s start with the big baddies: Volt Typhoon has been busy nosing into industrial control systems and SCADA networks for US energy providers. The tactics? Quiet, persistent access, the kind that can let the PRC pull the plug whenever the mood strikes. Imagine Russia’s Ukraine grid takedown in 2015, but across multiple US states, impacting everything from power to hospitals to military logistics. Even a temporary outage could be a disaster during a crisis, and that’s clearly the intent—preposition capabilities for maximum leverage.
Meanwhile, the Salt Typhoon crew did some deep dives on US telecom, proving they could sneak into the likes of Verizon and AT&T to surveil call records, snatch geolocation data, and maybe even peek at law enforcement intercepts. Ribbon Communications—a major US provider—just disclosed a China-linked breach that, while financially contained, shows these actors can persist for months, undetected, pilfering sensitive files from endpoints in ways that blur traditional security perimeters.
Transportation? Beijing knows that disruption here throws logistical wrenches at scale. The mere threat of airport system hacks or interference at maritime chokepoints like the Port of Los Angeles could stall military deployments, cripple supply lines, and send shipping rates through the stratosphere. For healthcare, those same Typhoon actors see our hospitals as not just soft targets, but strategic pressure points—ransomware in a crisis could mean lives lost and public panic amplified.
Let’s talk tactics. Spear phishing remains king—this month, European diplomats got stung when UNC6384 (part of the infamous Mustang Panda family) deployed PlugX RAT, exploiting a Windows shortcut vulnerability, CVE-2025-9491, for stealth remote access. They weaponized an unpatched flaw, leveraged old but trusted Canon binaries for side-loading, and used convincing conference PDFs to lure their prey. These folks are fast—rolling out weaponized exploits just months after public disclosure, and bundling them in multi-stage payloads that demonstrate serious R&D investment.
Strategically, China prefers obscurity—using third-party cutouts and legal gray zones to delay attribution, as seen in the long dwell times like the Ribbon breach. US and allied countermeasures—joint advisories, sanctions, even indictments—raise costs but haven’t changed Beijing’s behavior. The international legal toolkit? Still lagging, since the Tallinn Manual remains non-binding and China keeps pushing state sovereignty online.
So what should we do? The McCrary Institute suggests it’s time to think beyond band-aid advisories. We need to build infrastructure resilience—think segmentation, industrial protocol hardening, disciplined patching (looking at you, VMware admins—patch those CVE-2025-41244 flaws now), and a “defend forward” strategy as per US Cyber Command to disrupt attacks before they hit stateside. And, crucially, harmonize legal frameworks across allies. Sanctions and attributions work best when we’re all in, all at once.
The bottom line is chilling. Typhoon actors want access everywhere, not just for espionage, but for maximal disruption at a time and place of Beijing’s choosing. The goal is to hold US lifelines hostage in any future gray zone or hot conflict. For security pros, it’s not just about catching intrusions; it’s about rethinking resilience, forging coalitions, and outpacing Beijing’s playbook—not just this week, but every week from here out.
Thanks for tuning in, listeners. Don’t forget to subscribe, and stay sharp out there. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI