Salt Typhoon Shocker: Beijing's Hackers Hoovered Up Trump and JD Vance Data in Massive Cyber Heist

This is your China Hack Report: Daily US Tech Defense podcast.

Hello listeners, it's Ting here—your go-to for all things China, cyber, and hacking, reporting on the fast-moving saga of U.S. tech defense against China-linked cyber threats. Buckle up, because the past 24 hours have served us plenty of fireworks, not just in headlines but in critical defensive actions across government, industry, and the digital supply chain.

Let’s dive in, starting with the persistent boogeyman of U.S. cybersecurity this week: Salt Typhoon. FBI cyber official Michael Machtinger didn’t mince words—he says there's a good chance Salt Typhoon’s sprawling espionage campaign scooped up data from “nearly every American.” We’re not just talking about federal agencies and telecom titans like Verizon and AT&T; Machtinger describes intrusions affecting at least 200 American organizations across telecom, lodging, and even transportation. Salt Typhoon’s activities didn’t respect borders either—over 80 countries got swept up in this digital dragnet. Am I surprised the Chinese companies Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology are now called out as state proxies, funneling cyber services straight to China’s Ministry of State Security and the PLA? Not at all. Those names are officially burned into U.S. advisories now. According to Dutch intelligence and the NSA, these tech firms aren’t just innocent service providers; they’re pivot points for cross-border cyberattacks with a global reach.

What makes this striking is both the human and technical scale. Beijing’s hackers—helped by these so-called commercial entities—aren’t picky. They’ll geo-locate your mobile, tap your internet, maybe even record your calls. Officially, victims allegedly span everyone from hotel chains to government ministers, and yes, apparently even President Trump and Vice President JD Vance made the list.

With all that mayhem, CISA and NSA didn’t wait. CISA flashed an urgent advisory on August 27 warning that PRC-backed actors are laser-focused on massive routers—these are the digital heart valves for telecom, government, and military networks. Their weapon of choice: persistent malware that mods routers to guarantee long-term access for their spies. These hackers cleverly use valid credentials and trusted connections to sneak further into American enterprise and infrastructure. So, whether you’re running a coffee shop or an airbase, take note.

Onto the zero-days! CISA just added three new, actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalogue: two bugs in Citrix Session Recording, CVE-2024-8068 and CVE-2024-8069, plus a critical Git flaw. The patches are out, but federal agencies must get these installed by September 15—and CISA is almost shouting for everyone else, public and private, to follow suit. Exploiting these kinds of flaws is textbook Salt Typhoon tactics.

Don’t get too comfy thinking this only affects the tech sector. State-sponsored actors are the perpetrators in over half of all exploited vulnerabilities so far this year, with Chinese groups like UNC5221 outpacing everyone else. Their favorite targets? Network edge infrastructure and the core enterprise systems that keep the economy and national security humming.

So, what’s this mean for you, listeners? CISA, NSA, and friends are urgently pushing aggressive network audits, continuous monitoring, immediate patching of critical vulnerabilities, and—importantly—scrutiny of all vendors with potential China ties. If it can run code or move data, it needs checking, pronto. The era of digital escort contracts and under-vetted supply chains is over, according to Secretary Pete Hegseth at the Pentagon, who’s ordered investigations into every software vendor and demanded Microsoft face the music for its cloud governance miss.

That...