Sign up to save your podcasts
Or
Share China's Cyber Claws Out: Volt Typhoon Strikes Again, Targeting US Energy and Water
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
China's Cyber Claws Out: Volt Typhoon Strikes Again, Targeting US Energy and Water
This is your China Hack Report: Daily US Tech Defense podcast.
Hello everyone, it’s Ting from your go-to tech bunker, the China Hack Report: Daily US Tech Defense. Let’s skip the preamble—today is July 5, 2025, and the cyber claws are out. Grab your firewalls, because the last 24 hours have been spicy!
First, let’s talk about the headline grabber: **Volt Typhoon**—the Chinese-sponsored hacking crew that keeps CISA up at night—has made a return. Late-breaking analysis shows they’ve been probing US **energy and transportation networks** again, following their shocking admission last year in Geneva. Yes, China did admit they ran Volt Typhoon ops against us—aimed at critical sectors from communications to maritime. These aren’t old news phishing scams: they’re using zero-days and living-off-the-land tactics, still burrowed into some US electric grid control networks, according to sources. Remember, last time they went undetected for nearly 300 days, so expect continuity and deep persistence attempts.
Yesterday, a discovery out of the Midwest set off alarms: a variant of malware similar to “ShadowCrane” popped up in municipal water utility controls. The malware slipped in via previously unknown vulnerabilities in a widely used SCADA management tool—patches are in the works but not yet released. Officials say it’s got the hallmarks of Volt Typhoon, leveraging native Windows binaries to stay stealthy. CISA has shot out an emergency advisory: segment operational networks, disable all nonessential remote access, and force credential resets. If you’re running anything close to critical infrastructure—pay attention, patch what you can, and activate 24/7 monitoring.
On the ransomware front, a financial services supplier in San Francisco reported a China-linked group dubbed **Salt Typhoon** attempting to exfiltrate client data via a novel encrypted fileless loader. No successful ransom, but the group is clearly ramping up attacks on economic targets—especially entities connected to Treasury actions against Beijing. CISA and Treasury both issued a joint bulletin urging stricter endpoint monitoring for all institutions handling sensitive sanctions data.
Meanwhile, Congress isn’t sitting idle. The House Homeland Security Committee just grilled industry experts on how Beijing’s cyber operators are evolving—they’re not just snooping anymore, but aiming to control defense supply chains. As a direct response, lawmakers advanced the Strengthening Cyber Resilience Against State-Sponsored Threats Act, a mouthful, but one that mandates real-time threat sharing with private sector partners.
Last but not least, emergency patches just dropped for several PLC firmware lines and a popular enterprise VPN tool—if you haven’t updated, now is the time. CISA’s top recommendation: verify integrity of backups, audit privileged accounts for suspicious changes, and turn off unnecessary network shares.
Bottom line: whether you’re in IT, OT, or just want to keep the lights on, vigilance isn’t a weekend hobby anymore. Stay paranoid, patch often, and breathe easy—Ting’s watching the wires for you.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Hello everyone, it’s Ting from your go-to tech bunker, the China Hack Report: Daily US Tech Defense. Let’s skip the preamble—today is July 5, 2025, and the cyber claws are out. Grab your firewalls, because the last 24 hours have been spicy!
First, let’s talk about the headline grabber: **Volt Typhoon**—the Chinese-sponsored hacking crew that keeps CISA up at night—has made a return. Late-breaking analysis shows they’ve been probing US **energy and transportation networks** again, following their shocking admission last year in Geneva. Yes, China did admit they ran Volt Typhoon ops against us—aimed at critical sectors from communications to maritime. These aren’t old news phishing scams: they’re using zero-days and living-off-the-land tactics, still burrowed into some US electric grid control networks, according to sources. Remember, last time they went undetected for nearly 300 days, so expect continuity and deep persistence attempts.
Yesterday, a discovery out of the Midwest set off alarms: a variant of malware similar to “ShadowCrane” popped up in municipal water utility controls. The malware slipped in via previously unknown vulnerabilities in a widely used SCADA management tool—patches are in the works but not yet released. Officials say it’s got the hallmarks of Volt Typhoon, leveraging native Windows binaries to stay stealthy. CISA has shot out an emergency advisory: segment operational networks, disable all nonessential remote access, and force credential resets. If you’re running anything close to critical infrastructure—pay attention, patch what you can, and activate 24/7 monitoring.
On the ransomware front, a financial services supplier in San Francisco reported a China-linked group dubbed **Salt Typhoon** attempting to exfiltrate client data via a novel encrypted fileless loader. No successful ransom, but the group is clearly ramping up attacks on economic targets—especially entities connected to Treasury actions against Beijing. CISA and Treasury both issued a joint bulletin urging stricter endpoint monitoring for all institutions handling sensitive sanctions data.
Meanwhile, Congress isn’t sitting idle. The House Homeland Security Committee just grilled industry experts on how Beijing’s cyber operators are evolving—they’re not just snooping anymore, but aiming to control defense supply chains. As a direct response, lawmakers advanced the Strengthening Cyber Resilience Against State-Sponsored Threats Act, a mouthful, but one that mandates real-time threat sharing with private sector partners.
Last but not least, emergency patches just dropped for several PLC firmware lines and a popular enterprise VPN tool—if you haven’t updated, now is the time. CISA’s top recommendation: verify integrity of backups, audit privileged accounts for suspicious changes, and turn off unnecessary network shares.
Bottom line: whether you’re in IT, OT, or just want to keep the lights on, vigilance isn’t a weekend hobby anymore. Stay paranoid, patch often, and breathe easy—Ting’s watching the wires for you.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
View all episodes
By Quiet. PleaseThis is your China Hack Report: Daily US Tech Defense podcast.
Hello everyone, it’s Ting from your go-to tech bunker, the China Hack Report: Daily US Tech Defense. Let’s skip the preamble—today is July 5, 2025, and the cyber claws are out. Grab your firewalls, because the last 24 hours have been spicy!
First, let’s talk about the headline grabber: **Volt Typhoon**—the Chinese-sponsored hacking crew that keeps CISA up at night—has made a return. Late-breaking analysis shows they’ve been probing US **energy and transportation networks** again, following their shocking admission last year in Geneva. Yes, China did admit they ran Volt Typhoon ops against us—aimed at critical sectors from communications to maritime. These aren’t old news phishing scams: they’re using zero-days and living-off-the-land tactics, still burrowed into some US electric grid control networks, according to sources. Remember, last time they went undetected for nearly 300 days, so expect continuity and deep persistence attempts.
Yesterday, a discovery out of the Midwest set off alarms: a variant of malware similar to “ShadowCrane” popped up in municipal water utility controls. The malware slipped in via previously unknown vulnerabilities in a widely used SCADA management tool—patches are in the works but not yet released. Officials say it’s got the hallmarks of Volt Typhoon, leveraging native Windows binaries to stay stealthy. CISA has shot out an emergency advisory: segment operational networks, disable all nonessential remote access, and force credential resets. If you’re running anything close to critical infrastructure—pay attention, patch what you can, and activate 24/7 monitoring.
On the ransomware front, a financial services supplier in San Francisco reported a China-linked group dubbed **Salt Typhoon** attempting to exfiltrate client data via a novel encrypted fileless loader. No successful ransom, but the group is clearly ramping up attacks on economic targets—especially entities connected to Treasury actions against Beijing. CISA and Treasury both issued a joint bulletin urging stricter endpoint monitoring for all institutions handling sensitive sanctions data.
Meanwhile, Congress isn’t sitting idle. The House Homeland Security Committee just grilled industry experts on how Beijing’s cyber operators are evolving—they’re not just snooping anymore, but aiming to control defense supply chains. As a direct response, lawmakers advanced the Strengthening Cyber Resilience Against State-Sponsored Threats Act, a mouthful, but one that mandates real-time threat sharing with private sector partners.
Last but not least, emergency patches just dropped for several PLC firmware lines and a popular enterprise VPN tool—if you haven’t updated, now is the time. CISA’s top recommendation: verify integrity of backups, audit privileged accounts for suspicious changes, and turn off unnecessary network shares.
Bottom line: whether you’re in IT, OT, or just want to keep the lights on, vigilance isn’t a weekend hobby anymore. Stay paranoid, patch often, and breathe easy—Ting’s watching the wires for you.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Hello everyone, it’s Ting from your go-to tech bunker, the China Hack Report: Daily US Tech Defense. Let’s skip the preamble—today is July 5, 2025, and the cyber claws are out. Grab your firewalls, because the last 24 hours have been spicy!
First, let’s talk about the headline grabber: **Volt Typhoon**—the Chinese-sponsored hacking crew that keeps CISA up at night—has made a return. Late-breaking analysis shows they’ve been probing US **energy and transportation networks** again, following their shocking admission last year in Geneva. Yes, China did admit they ran Volt Typhoon ops against us—aimed at critical sectors from communications to maritime. These aren’t old news phishing scams: they’re using zero-days and living-off-the-land tactics, still burrowed into some US electric grid control networks, according to sources. Remember, last time they went undetected for nearly 300 days, so expect continuity and deep persistence attempts.
Yesterday, a discovery out of the Midwest set off alarms: a variant of malware similar to “ShadowCrane” popped up in municipal water utility controls. The malware slipped in via previously unknown vulnerabilities in a widely used SCADA management tool—patches are in the works but not yet released. Officials say it’s got the hallmarks of Volt Typhoon, leveraging native Windows binaries to stay stealthy. CISA has shot out an emergency advisory: segment operational networks, disable all nonessential remote access, and force credential resets. If you’re running anything close to critical infrastructure—pay attention, patch what you can, and activate 24/7 monitoring.
On the ransomware front, a financial services supplier in San Francisco reported a China-linked group dubbed **Salt Typhoon** attempting to exfiltrate client data via a novel encrypted fileless loader. No successful ransom, but the group is clearly ramping up attacks on economic targets—especially entities connected to Treasury actions against Beijing. CISA and Treasury both issued a joint bulletin urging stricter endpoint monitoring for all institutions handling sensitive sanctions data.
Meanwhile, Congress isn’t sitting idle. The House Homeland Security Committee just grilled industry experts on how Beijing’s cyber operators are evolving—they’re not just snooping anymore, but aiming to control defense supply chains. As a direct response, lawmakers advanced the Strengthening Cyber Resilience Against State-Sponsored Threats Act, a mouthful, but one that mandates real-time threat sharing with private sector partners.
Last but not least, emergency patches just dropped for several PLC firmware lines and a popular enterprise VPN tool—if you haven’t updated, now is the time. CISA’s top recommendation: verify integrity of backups, audit privileged accounts for suspicious changes, and turn off unnecessary network shares.
Bottom line: whether you’re in IT, OT, or just want to keep the lights on, vigilance isn’t a weekend hobby anymore. Stay paranoid, patch often, and breathe easy—Ting’s watching the wires for you.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta