Salt Typhoon Shocks the World: Chinas Boldest Hack Yet Rocks 80 Countries

This is your China Hack Report: Daily US Tech Defense podcast.

It’s Ting here, your slightly caffeinated, always-wired China cyber sleuth, breaking down the whirlwind of China-linked cyber madness from the last 24 hours—so brace yourselves, listeners, because today’s digital drama is truly next-gen espionage.

Let’s kick it off with the absolute showstopper: Salt Typhoon. According to The New York Times, Salt Typhoon is, in the words of US officials, Beijing’s most ambitious hacking attempt to date—spanning over 80 countries and slurping up data from global telcos with all the restraint of me at an all-you-can-eat Sichuan hotpot. Investigators report that nearly every American, including the political A-list like President Donald Trump and VP JD Vance, could have had their call data, messages, and contacts compromised. Salt Typhoon’s operation was turbocharged by a barrage of over 10,000 custom-crafted malicious emails targeting politicians, journalists, and academics worldwide. The campaign's scale allowed China’s Ministry of State Security’s cyber mercenaries to track everyone from Beltway powerbrokers in DC to dissidents and activists—big yikes for privacy and a masterclass in digital surveillance.

On the sector side, the critical infrastructure crowd’s hair is on end. Yesterday, CISA dropped five urgent ICS advisories targeting hardware by Honeywell, Mitsubishi Electric, and Delta Electronics. The spotlight was on the OneWireless Wireless Device Manager and some old-school rail communication protocols. Get this: the flaws scored a nasty 9.4 on the CVSS scale, meaning they could let bad actors remotely hijack critical systems—think energy grids or chemical plants. Rail operators got a particular scare because a broken train protocol could, in theory, let a hacker fake brake-control commands. Wabtec, Siemens, and DPS Electronics were all named as impacted, so if you’re in rail or OT—patch or perish!

Speaking of patching, CISA hammered home the point by adding several TP-Link router flaws to its Known Exploited Vulnerabilities catalog. Chinese actor Quad7 allegedly chained authentication bypass and remote code execution bugs in end-of-life TP-Link routers to turn them into botnet slaves and hammer Microsoft 365 accounts. Firmware updates landed, but my advice: if your router is old enough to legally rent a car, retire it!

And just in: CISA released a critical alert on a zero-day “use-after-free” Android vulnerability—CVE-2025-48543. This bug could let attackers break out of Chrome’s sandbox and grab full control of your phone or tablet. Android powers everything from enterprise tablets and mobile payment pads to grandma’s Solitaire app, so the blast radius is… global. CISA set a patching deadline for September 25, 2025, cementing proactive patching as the difference between digital survival and another cautionary tale.

Meanwhile, hot debate rages in Washington over the fate of the Cybersecurity Information Sharing Act, or CISA 2015. Experts like Cynthia Kaiser warn that if it lapses, intel sharing will nosedive and bulletins about actors like Salt Typhoon could dry up just when they’re most needed.

If you're the “ain’t broke, don’t fix it” type, time to reconsider: CISA’s latest reminders stress isolating vulnerable networks, applying least privilege, and scanning for dodgy logins—especially since attackers love simple initial entry points like default passwords and phishing.

Thanks for tuning into my cyber whirlwind. If you want more wit and wisdom on the wild world of China and hacking, make sure to subscribe. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta