Sign up to save your podcasts
Or
Share Cyber Crossover Chaos: Beijing's Threat Actors Join Forces in Epic Hacks
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cyber Crossover Chaos: Beijing's Threat Actors Join Forces in Epic Hacks
This is your Cyber Sentinel: Beijing Watch podcast.
Listeners, it’s Ting here with Cyber Sentinel: Beijing Watch, your wired-in, slightly sarcastic analyst for everything China, cyber, and hacking. No time for small talk because this week the digital chopsticks were flying—let’s get into how mainland threat actors have been making waves across US networks and why you should update your passwords right after this episode.
First, Salt Typhoon. It’s making every cybersecurity expert twitch. The Lawfare Institute and senior US officials have described Salt Typhoon’s campaign as the worst telecom hack in US history—a multiyear, multi-vector operation that infiltrated Verizon, AT&T, and T-Mobile. Nearly 400 million Americans could be affected. What’s especially devious is the targeting: Salt Typhoon snagged admin credentials, traffic diagrams, and even locations of US Army National Guard cyber personnel. Yes, that's as bad as it sounds—these guys can move laterally like it’s their morning exercise, hitting one government agency after another. Persistent access has become their signature move; US officials admit previous attempts to evict them were less “kicked-out-the-door” and more “please leave politely.”
But Salt Typhoon is not acting alone. Earth Estries and Earth Naga have joined forces in what’s basically a cyber villain crossover event. These two groups have targeted major telecoms in the US, APAC, and NATO countries this week. Large-scale coordinated supply chain attacks have made attribution trickier than ever. Evidence shows vulnerabilities like CVE-2025-5777 for Citrix devices and exploits on Cisco and Ivanti edge devices being popped from Taiwan to Latin America. Trend Micro’s recent research revealed how these groups share access infrastructure—a setup dubbed the “operational box”—to obscure who’s really behind the attacks. Attribution? If you like playing guess-who with malware authors, you’ll love this chaos.
Zero-day mania swept in after Symantec reported three prominent threat groups—Linen Typhoon, Violet Typhoon, and Storm-2603—weaponized a patched flaw in Microsoft SharePoint (CVE-2025-53770). Targets ranged from Middle East telecoms to US universities and South American finance outfits. The payload variety is classic: Zingdoor, ShadowPad, KrustyLoader, sometimes even LockBit and Babuk ransomware. The fact these exploits keep rolling out after public patches? That means someone, somewhere isn’t patching quickly enough—probably you, Steve, in IT.
Now, tactical versus strategic. Tactically, adversaries exploit authentication bypasses and remote code execution to snag credentials and plant backdoors. Strategically, the campaign’s focus is persistent espionage: tracking law enforcement wiretaps, monitoring political candidates, and mapping military personnel in real time. Strategic supply chain attacks undermine trust in core US infrastructure. The risk is clear—a fragmented response leaves the US exposed, as seen when Volt Typhoon,
This content was created in partnership and with the help of Artificial Intelligence AI.
View all episodes
By Inception Point AIThis is your Cyber Sentinel: Beijing Watch podcast.
Listeners, it’s Ting here with Cyber Sentinel: Beijing Watch, your wired-in, slightly sarcastic analyst for everything China, cyber, and hacking. No time for small talk because this week the digital chopsticks were flying—let’s get into how mainland threat actors have been making waves across US networks and why you should update your passwords right after this episode.
First, Salt Typhoon. It’s making every cybersecurity expert twitch. The Lawfare Institute and senior US officials have described Salt Typhoon’s campaign as the worst telecom hack in US history—a multiyear, multi-vector operation that infiltrated Verizon, AT&T, and T-Mobile. Nearly 400 million Americans could be affected. What’s especially devious is the targeting: Salt Typhoon snagged admin credentials, traffic diagrams, and even locations of US Army National Guard cyber personnel. Yes, that's as bad as it sounds—these guys can move laterally like it’s their morning exercise, hitting one government agency after another. Persistent access has become their signature move; US officials admit previous attempts to evict them were less “kicked-out-the-door” and more “please leave politely.”
But Salt Typhoon is not acting alone. Earth Estries and Earth Naga have joined forces in what’s basically a cyber villain crossover event. These two groups have targeted major telecoms in the US, APAC, and NATO countries this week. Large-scale coordinated supply chain attacks have made attribution trickier than ever. Evidence shows vulnerabilities like CVE-2025-5777 for Citrix devices and exploits on Cisco and Ivanti edge devices being popped from Taiwan to Latin America. Trend Micro’s recent research revealed how these groups share access infrastructure—a setup dubbed the “operational box”—to obscure who’s really behind the attacks. Attribution? If you like playing guess-who with malware authors, you’ll love this chaos.
Zero-day mania swept in after Symantec reported three prominent threat groups—Linen Typhoon, Violet Typhoon, and Storm-2603—weaponized a patched flaw in Microsoft SharePoint (CVE-2025-53770). Targets ranged from Middle East telecoms to US universities and South American finance outfits. The payload variety is classic: Zingdoor, ShadowPad, KrustyLoader, sometimes even LockBit and Babuk ransomware. The fact these exploits keep rolling out after public patches? That means someone, somewhere isn’t patching quickly enough—probably you, Steve, in IT.
Now, tactical versus strategic. Tactically, adversaries exploit authentication bypasses and remote code execution to snag credentials and plant backdoors. Strategically, the campaign’s focus is persistent espionage: tracking law enforcement wiretaps, monitoring political candidates, and mapping military personnel in real time. Strategic supply chain attacks undermine trust in core US infrastructure. The risk is clear—a fragmented response leaves the US exposed, as seen when Volt Typhoon,
This content was created in partnership and with the help of Artificial Intelligence AI.