Sign up to save your podcasts
Or
Share Cyber Crossover Chaos: Beijing's Threat Actors Join Forces in Epic Hacks
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cyber Crossover Chaos: Beijing's Threat Actors Join Forces in Epic Hacks
This is your Cyber Sentinel: Beijing Watch podcast.
Listeners, it’s Ting here with Cyber Sentinel: Beijing Watch, your wired-in, slightly sarcastic analyst for everything China, cyber, and hacking. No time for small talk because this week the digital chopsticks were flying—let’s get into how mainland threat actors have been making waves across US networks and why you should update your passwords right after this episode.
First, Salt Typhoon. It’s making every cybersecurity expert twitch. The Lawfare Institute and senior US officials have described Salt Typhoon’s campaign as the worst telecom hack in US history—a multiyear, multi-vector operation that infiltrated Verizon, AT&T, and T-Mobile. Nearly 400 million Americans could be affected. What’s especially devious is the targeting: Salt Typhoon snagged admin credentials, traffic diagrams, and even locations of US Army National Guard cyber personnel. Yes, that's as bad as it sounds—these guys can move laterally like it’s their morning exercise, hitting one government agency after another. Persistent access has become their signature move; US officials admit previous attempts to evict them were less “kicked-out-the-door” and more “please leave politely.”
But Salt Typhoon is not acting alone. Earth Estries and Earth Naga have joined forces in what’s basically a cyber villain crossover event. These two groups have targeted major telecoms in the US, APAC, and NATO countries this week. Large-scale coordinated supply chain attacks have made attribution trickier than ever. Evidence shows vulnerabilities like CVE-2025-5777 for Citrix devices and exploits on Cisco and Ivanti edge devices being popped from Taiwan to Latin America. Trend Micro’s recent research revealed how these groups share access infrastructure—a setup dubbed the “operational box”—to obscure who’s really behind the attacks. Attribution? If you like playing guess-who with malware authors, you’ll love this chaos.
Zero-day mania swept in after Symantec reported three prominent threat groups—Linen Typhoon, Violet Typhoon, and Storm-2603—weaponized a patched flaw in Microsoft SharePoint (CVE-2025-53770). Targets ranged from Middle East telecoms to US universities and South American finance outfits. The payload variety is classic: Zingdoor, ShadowPad, KrustyLoader, sometimes even LockBit and Babuk ransomware. The fact these exploits keep rolling out after public patches? That means someone, somewhere isn’t patching quickly enough—probably you, Steve, in IT.
Now, tactical versus strategic. Tactically, adversaries exploit authentication bypasses and remote code execution to snag credentials and plant backdoors. Strategically, the campaign’s focus is persistent espionage: tracking law enforcement wiretaps, monitoring political candidates, and mapping military personnel in real time. Strategic supply chain attacks undermine trust in core US infrastructure. The risk is clear—a fragmented response leaves the US exposed, as seen when Volt Typhoon, another Beijing-backed group, bounced back days after the FBI thought it had shut their botnet down.
International responses are a mixed bag of finger pointing and sanctions. OFAC in the Treasury Department has sanctioned attackers like Sichuan Juxinhe, Shanghai Heiying, and Beijing Huanyu Tianqiong. But Chinese officials have flipped the script, accusing NSA of hitting their National Time Service Center and calling the US the “real Matrix”—I wish I was making that up, listeners.
For mitigation, the experts are crystal clear: sanitize your networks and expand regular disruption ops. Think mass warrant-driven device takedowns, restrict access to IaaS and VPSs, and enforce supply-chain patch discipline. CISA’s threat-sharing and rapid vulnerability detection are a must. If you’re handling sensitive data and think buying a firewall from 2019 makes you secure, think again.
That’s the rundown of how cyber battles with Chinese APTs are playing out across American networks this week. Thanks for tuning in to Cyber Sentinel: Beijing Watch. Subscribe for more digital drama and stay safe out there—it’s wild in the wire. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Listeners, it’s Ting here with Cyber Sentinel: Beijing Watch, your wired-in, slightly sarcastic analyst for everything China, cyber, and hacking. No time for small talk because this week the digital chopsticks were flying—let’s get into how mainland threat actors have been making waves across US networks and why you should update your passwords right after this episode.
First, Salt Typhoon. It’s making every cybersecurity expert twitch. The Lawfare Institute and senior US officials have described Salt Typhoon’s campaign as the worst telecom hack in US history—a multiyear, multi-vector operation that infiltrated Verizon, AT&T, and T-Mobile. Nearly 400 million Americans could be affected. What’s especially devious is the targeting: Salt Typhoon snagged admin credentials, traffic diagrams, and even locations of US Army National Guard cyber personnel. Yes, that's as bad as it sounds—these guys can move laterally like it’s their morning exercise, hitting one government agency after another. Persistent access has become their signature move; US officials admit previous attempts to evict them were less “kicked-out-the-door” and more “please leave politely.”
But Salt Typhoon is not acting alone. Earth Estries and Earth Naga have joined forces in what’s basically a cyber villain crossover event. These two groups have targeted major telecoms in the US, APAC, and NATO countries this week. Large-scale coordinated supply chain attacks have made attribution trickier than ever. Evidence shows vulnerabilities like CVE-2025-5777 for Citrix devices and exploits on Cisco and Ivanti edge devices being popped from Taiwan to Latin America. Trend Micro’s recent research revealed how these groups share access infrastructure—a setup dubbed the “operational box”—to obscure who’s really behind the attacks. Attribution? If you like playing guess-who with malware authors, you’ll love this chaos.
Zero-day mania swept in after Symantec reported three prominent threat groups—Linen Typhoon, Violet Typhoon, and Storm-2603—weaponized a patched flaw in Microsoft SharePoint (CVE-2025-53770). Targets ranged from Middle East telecoms to US universities and South American finance outfits. The payload variety is classic: Zingdoor, ShadowPad, KrustyLoader, sometimes even LockBit and Babuk ransomware. The fact these exploits keep rolling out after public patches? That means someone, somewhere isn’t patching quickly enough—probably you, Steve, in IT.
Now, tactical versus strategic. Tactically, adversaries exploit authentication bypasses and remote code execution to snag credentials and plant backdoors. Strategically, the campaign’s focus is persistent espionage: tracking law enforcement wiretaps, monitoring political candidates, and mapping military personnel in real time. Strategic supply chain attacks undermine trust in core US infrastructure. The risk is clear—a fragmented response leaves the US exposed, as seen when Volt Typhoon, another Beijing-backed group, bounced back days after the FBI thought it had shut their botnet down.
International responses are a mixed bag of finger pointing and sanctions. OFAC in the Treasury Department has sanctioned attackers like Sichuan Juxinhe, Shanghai Heiying, and Beijing Huanyu Tianqiong. But Chinese officials have flipped the script, accusing NSA of hitting their National Time Service Center and calling the US the “real Matrix”—I wish I was making that up, listeners.
For mitigation, the experts are crystal clear: sanitize your networks and expand regular disruption ops. Think mass warrant-driven device takedowns, restrict access to IaaS and VPSs, and enforce supply-chain patch discipline. CISA’s threat-sharing and rapid vulnerability detection are a must. If you’re handling sensitive data and think buying a firewall from 2019 makes you secure, think again.
That’s the rundown of how cyber battles with Chinese APTs are playing out across American networks this week. Thanks for tuning in to Cyber Sentinel: Beijing Watch. Subscribe for more digital drama and stay safe out there—it’s wild in the wire. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Cyber Sentinel: Beijing Watch podcast.
Listeners, it’s Ting here with Cyber Sentinel: Beijing Watch, your wired-in, slightly sarcastic analyst for everything China, cyber, and hacking. No time for small talk because this week the digital chopsticks were flying—let’s get into how mainland threat actors have been making waves across US networks and why you should update your passwords right after this episode.
First, Salt Typhoon. It’s making every cybersecurity expert twitch. The Lawfare Institute and senior US officials have described Salt Typhoon’s campaign as the worst telecom hack in US history—a multiyear, multi-vector operation that infiltrated Verizon, AT&T, and T-Mobile. Nearly 400 million Americans could be affected. What’s especially devious is the targeting: Salt Typhoon snagged admin credentials, traffic diagrams, and even locations of US Army National Guard cyber personnel. Yes, that's as bad as it sounds—these guys can move laterally like it’s their morning exercise, hitting one government agency after another. Persistent access has become their signature move; US officials admit previous attempts to evict them were less “kicked-out-the-door” and more “please leave politely.”
But Salt Typhoon is not acting alone. Earth Estries and Earth Naga have joined forces in what’s basically a cyber villain crossover event. These two groups have targeted major telecoms in the US, APAC, and NATO countries this week. Large-scale coordinated supply chain attacks have made attribution trickier than ever. Evidence shows vulnerabilities like CVE-2025-5777 for Citrix devices and exploits on Cisco and Ivanti edge devices being popped from Taiwan to Latin America. Trend Micro’s recent research revealed how these groups share access infrastructure—a setup dubbed the “operational box”—to obscure who’s really behind the attacks. Attribution? If you like playing guess-who with malware authors, you’ll love this chaos.
Zero-day mania swept in after Symantec reported three prominent threat groups—Linen Typhoon, Violet Typhoon, and Storm-2603—weaponized a patched flaw in Microsoft SharePoint (CVE-2025-53770). Targets ranged from Middle East telecoms to US universities and South American finance outfits. The payload variety is classic: Zingdoor, ShadowPad, KrustyLoader, sometimes even LockBit and Babuk ransomware. The fact these exploits keep rolling out after public patches? That means someone, somewhere isn’t patching quickly enough—probably you, Steve, in IT.
Now, tactical versus strategic. Tactically, adversaries exploit authentication bypasses and remote code execution to snag credentials and plant backdoors. Strategically, the campaign’s focus is persistent espionage: tracking law enforcement wiretaps, monitoring political candidates, and mapping military personnel in real time. Strategic supply chain attacks undermine trust in core US infrastructure. The risk is clear—a fragmented response leaves the US exposed, as seen when Volt Typhoon, another Beijing-backed group, bounced back days after the FBI thought it had shut their botnet down.
International responses are a mixed bag of finger pointing and sanctions. OFAC in the Treasury Department has sanctioned attackers like Sichuan Juxinhe, Shanghai Heiying, and Beijing Huanyu Tianqiong. But Chinese officials have flipped the script, accusing NSA of hitting their National Time Service Center and calling the US the “real Matrix”—I wish I was making that up, listeners.
For mitigation, the experts are crystal clear: sanitize your networks and expand regular disruption ops. Think mass warrant-driven device takedowns, restrict access to IaaS and VPSs, and enforce supply-chain patch discipline. CISA’s threat-sharing and rapid vulnerability detection are a must. If you’re handling sensitive data and think buying a firewall from 2019 makes you secure, think again.
That’s the rundown of how cyber battles with Chinese APTs are playing out across American networks this week. Thanks for tuning in to Cyber Sentinel: Beijing Watch. Subscribe for more digital drama and stay safe out there—it’s wild in the wire. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Listeners, it’s Ting here with Cyber Sentinel: Beijing Watch, your wired-in, slightly sarcastic analyst for everything China, cyber, and hacking. No time for small talk because this week the digital chopsticks were flying—let’s get into how mainland threat actors have been making waves across US networks and why you should update your passwords right after this episode.
First, Salt Typhoon. It’s making every cybersecurity expert twitch. The Lawfare Institute and senior US officials have described Salt Typhoon’s campaign as the worst telecom hack in US history—a multiyear, multi-vector operation that infiltrated Verizon, AT&T, and T-Mobile. Nearly 400 million Americans could be affected. What’s especially devious is the targeting: Salt Typhoon snagged admin credentials, traffic diagrams, and even locations of US Army National Guard cyber personnel. Yes, that's as bad as it sounds—these guys can move laterally like it’s their morning exercise, hitting one government agency after another. Persistent access has become their signature move; US officials admit previous attempts to evict them were less “kicked-out-the-door” and more “please leave politely.”
But Salt Typhoon is not acting alone. Earth Estries and Earth Naga have joined forces in what’s basically a cyber villain crossover event. These two groups have targeted major telecoms in the US, APAC, and NATO countries this week. Large-scale coordinated supply chain attacks have made attribution trickier than ever. Evidence shows vulnerabilities like CVE-2025-5777 for Citrix devices and exploits on Cisco and Ivanti edge devices being popped from Taiwan to Latin America. Trend Micro’s recent research revealed how these groups share access infrastructure—a setup dubbed the “operational box”—to obscure who’s really behind the attacks. Attribution? If you like playing guess-who with malware authors, you’ll love this chaos.
Zero-day mania swept in after Symantec reported three prominent threat groups—Linen Typhoon, Violet Typhoon, and Storm-2603—weaponized a patched flaw in Microsoft SharePoint (CVE-2025-53770). Targets ranged from Middle East telecoms to US universities and South American finance outfits. The payload variety is classic: Zingdoor, ShadowPad, KrustyLoader, sometimes even LockBit and Babuk ransomware. The fact these exploits keep rolling out after public patches? That means someone, somewhere isn’t patching quickly enough—probably you, Steve, in IT.
Now, tactical versus strategic. Tactically, adversaries exploit authentication bypasses and remote code execution to snag credentials and plant backdoors. Strategically, the campaign’s focus is persistent espionage: tracking law enforcement wiretaps, monitoring political candidates, and mapping military personnel in real time. Strategic supply chain attacks undermine trust in core US infrastructure. The risk is clear—a fragmented response leaves the US exposed, as seen when Volt Typhoon, another Beijing-backed group, bounced back days after the FBI thought it had shut their botnet down.
International responses are a mixed bag of finger pointing and sanctions. OFAC in the Treasury Department has sanctioned attackers like Sichuan Juxinhe, Shanghai Heiying, and Beijing Huanyu Tianqiong. But Chinese officials have flipped the script, accusing NSA of hitting their National Time Service Center and calling the US the “real Matrix”—I wish I was making that up, listeners.
For mitigation, the experts are crystal clear: sanitize your networks and expand regular disruption ops. Think mass warrant-driven device takedowns, restrict access to IaaS and VPSs, and enforce supply-chain patch discipline. CISA’s threat-sharing and rapid vulnerability detection are a must. If you’re handling sensitive data and think buying a firewall from 2019 makes you secure, think again.
That’s the rundown of how cyber battles with Chinese APTs are playing out across American networks this week. Thanks for tuning in to Cyber Sentinel: Beijing Watch. Subscribe for more digital drama and stay safe out there—it’s wild in the wire. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI