Sign up to save your podcasts
Or
Share Dragon Code Siege: Salt Typhoon Strikes Back as Chinese Hackers Go Full Zero-Day on US Power Grids
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Dragon Code Siege: Salt Typhoon Strikes Back as Chinese Hackers Go Full Zero-Day on US Power Grids
This is your Dragon's Code: America Under Cyber Siege podcast.
Hey listeners, Ting here, your go-to gal for all things China cyber chaos and hacker hijinks. Buckle up, because this past week, America's been under a dragon's code siege—sophisticated Chinese ops hitting our infrastructure like a zero-day fireworks show. Picture this: I'm hunkered in my digital war room, caffeine-fueled, dissecting the feeds as Beijing's elite hackers, linked to PLA Unit 61398, unleash hell.
It kicked off Monday with Salt Typhoon 2.0, their crown jewel. These wizards used living-off-the-land techniques—think hijacking legit admin tools like Cobalt Strike beacons disguised as PowerShell scripts—to burrow into Verizon's Fios backbone in Virginia and New Jersey. Affected systems? Core telecom routers and SCADA controls for East Coast power grids, from PJM Interconnection hubs in Pennsylvania to NYC subway signaling. According to CISA's emergency directive on March 28, they exfiltrated metadata on 1.2 million users before pivoting to DDoS amplifiers.
By Tuesday, attribution lit up like a neon sign. FireEye's Mandiant team pinned it on Volt Typhoon successors, citing IP trails from Shenzhen proxies bouncing through Hong Kong VPNs, plus malware signatures matching 2024's Hackers for Hire leaks. FBI Director Chris Wray confirmed in a Hill briefing: "Chinese state actors, no doubt—same TTPs as the 2023 Microsoft breach." Evidence? Embedded strings in the payloads shouting "Dragon Return" in Mandarin pinyin.
Wednesday ramped up with supply chain sorcery targeting GE Vernova's wind farms in Texas. Method: Spear-phishing WindLogix engineers with QR code lures embedding RustyBali wipers, wiping ICS firmware and causing blackouts at three substations near Houston. NERC reports 48-hour outages, no casualties, but oil refiners like ExxonMobil scrambled.
Defensive measures? Epic comeback. CISA's Chris Krebs—yeah, he's back consulting—pushed zero-trust segmentation via their March 30 playbook, isolating OT networks with AI-driven anomaly detection from Palo Alto's Cortex XDR. Microsoft patched a wild RCE in Exchange on-site, crediting CrowdStrike's Falcon sensors for 80% early blocks. Lessons learned? As cybersecurity guru Nicole Perlroth tweeted, "Patch fast, segment harder—China's playing 5D chess, we're catching up with Check Point firewalls."
Government officials echoed: DHS Secretary Mayorkas on CNN said, "We've surged 500 cyber defenders to critical infra, mandating MFA everywhere." Experts like Kevin Mandia warn, "This is pre-conflict positioning—Taiwan tensions mean endless ops."
Whew, listeners, stay vigilant—update those vulns, or the dragon wins. Thanks for tuning in—subscribe for more Ting takes! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI.
View all episodes
By Inception Point AIThis is your Dragon's Code: America Under Cyber Siege podcast.
Hey listeners, Ting here, your go-to gal for all things China cyber chaos and hacker hijinks. Buckle up, because this past week, America's been under a dragon's code siege—sophisticated Chinese ops hitting our infrastructure like a zero-day fireworks show. Picture this: I'm hunkered in my digital war room, caffeine-fueled, dissecting the feeds as Beijing's elite hackers, linked to PLA Unit 61398, unleash hell.
It kicked off Monday with Salt Typhoon 2.0, their crown jewel. These wizards used living-off-the-land techniques—think hijacking legit admin tools like Cobalt Strike beacons disguised as PowerShell scripts—to burrow into Verizon's Fios backbone in Virginia and New Jersey. Affected systems? Core telecom routers and SCADA controls for East Coast power grids, from PJM Interconnection hubs in Pennsylvania to NYC subway signaling. According to CISA's emergency directive on March 28, they exfiltrated metadata on 1.2 million users before pivoting to DDoS amplifiers.
By Tuesday, attribution lit up like a neon sign. FireEye's Mandiant team pinned it on Volt Typhoon successors, citing IP trails from Shenzhen proxies bouncing through Hong Kong VPNs, plus malware signatures matching 2024's Hackers for Hire leaks. FBI Director Chris Wray confirmed in a Hill briefing: "Chinese state actors, no doubt—same TTPs as the 2023 Microsoft breach." Evidence? Embedded strings in the payloads shouting "Dragon Return" in Mandarin pinyin.
Wednesday ramped up with supply chain sorcery targeting GE Vernova's wind farms in Texas. Method: Spear-phishing WindLogix engineers with QR code lures embedding RustyBali wipers, wiping ICS firmware and causing blackouts at three substations near Houston. NERC reports 48-hour outages, no casualties, but oil refiners like ExxonMobil scrambled.
Defensive measures? Epic comeback. CISA's Chris Krebs—yeah, he's back consulting—pushed zero-trust segmentation via their March 30 playbook, isolating OT networks with AI-driven anomaly detection from Palo Alto's Cortex XDR. Microsoft patched a wild RCE in Exchange on-site, crediting CrowdStrike's Falcon sensors for 80% early blocks. Lessons learned? As cybersecurity guru Nicole Perlroth tweeted, "Patch fast, segment harder—China's playing 5D chess, we're catching up with Check Point firewalls."
Government officials echoed: DHS Secretary Mayorkas on CNN said, "We've surged 500 cyber defenders to critical infra, mandating MFA everywhere." Experts like Kevin Mandia warn, "This is pre-conflict positioning—Taiwan tensions mean endless ops."
Whew, listeners, stay vigilant—update those vulns, or the dragon wins. Thanks for tuning in—subscribe for more Ting takes! This has been a Quiet Please production, for more check out quietplease.ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI.