Sign up to save your podcasts
Or
Share Cyber Sentinel Bombshell: Chinas Brazen Spy Firms Breach US Telcos in Salt Typhoon Attack
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cyber Sentinel Bombshell: Chinas Brazen Spy Firms Breach US Telcos in Salt Typhoon Attack
This is your Cyber Sentinel: Beijing Watch podcast.
Welcome back, listeners, to Cyber Sentinel: Beijing Watch! I’m Ting, your favorite China cyber sleuth—think Sun Tzu meets Silicon Valley with a side of Bilibili memes. Let’s leap right into the digital dragon’s den, because this week has been a firestorm of innovation, infiltration, and international critique coming straight from Beijing’s cyber operatives.
First, the headliner: "Salt Typhoon" is the name echoing down every cyber operations corridor. According to a new multinational technical report involving the FBI, NSA, and intelligence partners from the UK, Australia, Japan, and beyond, China’s Ministry of State Security recruited three legitimate private companies—Beijing Huanyu Tianqiong, Sichuan Zhixin Ruijie, and Sichuan Juxinhe—to launch what might be the boldest cyber operation yet. They successfully broke into giant U.S. telecoms like AT&T and Verizon, granting China eyes and ears on not just government officials but potentially millions of D.C. area cell users. Picture Kamala Harris and Donald Trump’s campaigns, National Guard units, even military logistics networks—Salt Typhoon’s fingerprints are everywhere. It’s no longer about anonymous malware hidden in the shadows; it’s about full-featured Chinese firms operating as spies for hire, and analysts at SentinelOne are shaking their heads at just how brazen this outsourcing has become.
But Salt Typhoon didn’t stop at phone records. Their methods went low and slow—living off the land, using legitimate routers and vendor hardware, making the attacks nearly invisible. Gloria Glaubman, a former Senior Cyber Advisor at the U.S. Embassy in Tokyo, says this trend of using normal enterprise gear, rather than wild, custom malware, ups the detection difficulty by an order of magnitude. So when you’re patching your network this weekend, think twice—because that firmware update could be the spy.
Meanwhile, the spear-phishing scene is getting its own Chinese flavor. Just this month, hackers linked to China impersonated none other than Representative John Moolenaar, chair of the House Select Committee on the Strategic Competition with the CCP, sending out emails to law firms, think tanks, and foreign diplomats. It’s not about busting through firewalls; it’s about exploiting American routine, trust, and bureaucracy. The lesson: Trust, but definitely verify—even if the “Congressional request” drops during your fourth Zoom call.
Internationally, the U.S. is firing back with policy. Senators Cortez Masto and Ted Budd introduced the China Military Power Transparency Act to mandate expanded, annual Pentagon reviews of Chinese cyber and biotech capabilities right through 2030. The goal? Never let the dragon’s tail sweep under the radar, especially when the People’s Liberation Army might deploy cyber to disrupt American infrastructure during a conflict.
So what’s the action plan? U.S. companies need to up their detection game—now. The reauthorization
This content was created in partnership and with the help of Artificial Intelligence AI.
View all episodes
By Inception Point AIThis is your Cyber Sentinel: Beijing Watch podcast.
Welcome back, listeners, to Cyber Sentinel: Beijing Watch! I’m Ting, your favorite China cyber sleuth—think Sun Tzu meets Silicon Valley with a side of Bilibili memes. Let’s leap right into the digital dragon’s den, because this week has been a firestorm of innovation, infiltration, and international critique coming straight from Beijing’s cyber operatives.
First, the headliner: "Salt Typhoon" is the name echoing down every cyber operations corridor. According to a new multinational technical report involving the FBI, NSA, and intelligence partners from the UK, Australia, Japan, and beyond, China’s Ministry of State Security recruited three legitimate private companies—Beijing Huanyu Tianqiong, Sichuan Zhixin Ruijie, and Sichuan Juxinhe—to launch what might be the boldest cyber operation yet. They successfully broke into giant U.S. telecoms like AT&T and Verizon, granting China eyes and ears on not just government officials but potentially millions of D.C. area cell users. Picture Kamala Harris and Donald Trump’s campaigns, National Guard units, even military logistics networks—Salt Typhoon’s fingerprints are everywhere. It’s no longer about anonymous malware hidden in the shadows; it’s about full-featured Chinese firms operating as spies for hire, and analysts at SentinelOne are shaking their heads at just how brazen this outsourcing has become.
But Salt Typhoon didn’t stop at phone records. Their methods went low and slow—living off the land, using legitimate routers and vendor hardware, making the attacks nearly invisible. Gloria Glaubman, a former Senior Cyber Advisor at the U.S. Embassy in Tokyo, says this trend of using normal enterprise gear, rather than wild, custom malware, ups the detection difficulty by an order of magnitude. So when you’re patching your network this weekend, think twice—because that firmware update could be the spy.
Meanwhile, the spear-phishing scene is getting its own Chinese flavor. Just this month, hackers linked to China impersonated none other than Representative John Moolenaar, chair of the House Select Committee on the Strategic Competition with the CCP, sending out emails to law firms, think tanks, and foreign diplomats. It’s not about busting through firewalls; it’s about exploiting American routine, trust, and bureaucracy. The lesson: Trust, but definitely verify—even if the “Congressional request” drops during your fourth Zoom call.
Internationally, the U.S. is firing back with policy. Senators Cortez Masto and Ted Budd introduced the China Military Power Transparency Act to mandate expanded, annual Pentagon reviews of Chinese cyber and biotech capabilities right through 2030. The goal? Never let the dragon’s tail sweep under the radar, especially when the People’s Liberation Army might deploy cyber to disrupt American infrastructure during a conflict.
So what’s the action plan? U.S. companies need to up their detection game—now. The reauthorization
This content was created in partnership and with the help of Artificial Intelligence AI.