In this episode of “Exploited: The Cyber Truth,” host Paul Ducklin returns with Joe Saunders, CEO and Founder of RunSafe Security, to dissect the alarming Salt Typhoon campaign that infiltrated major telecommunications companies across the United States and beyond. This Chinese state-sponsored group has been quietly harvesting sensitive communications data for at least two years, including potentially accessing conversations of high-profile political figures.

Joe explains how Salt Typhoon represents China’s long-term strategic approach to cyber espionage—playing the long game with well-funded teams operating globally. The discussion explores how attackers exploited vulnerabilities in Cisco routers to create their own backdoor access, compromising hundreds of thousands of devices simultaneously.

In this episode:

• How Salt Typhoon cleverly subverted “lawful intercept” infrastructure designed for legitimate government surveillance, turning it against its creators
• Why fileless malware like the “Demodex” rootkit makes detection nearly impossible by operating only in memory
• The surprising connection between video game cheating software and nation-state hacking tools
• Why metadata collection is a powerful intelligence tool, revealing critical patterns even without accessing conversation content
• Practical approaches to defense-in-depth security and the importance of memory safety in preventing these sophisticated attacks
• The need for systematic approaches to security rather than just patching individual vulnerabilities after discovery