Salt Typhoon Strikes Again: Chinas Cyber Crew Hacks US Telcos and the National Guard

This is your China Hack Report: Daily US Tech Defense podcast.

Hey listeners, Ting here, your cyber-sleuth with the latest China Hack Report: Daily US Tech Defense! Today is September 1st, 2025, and the digital storm from China is showing no signs of relenting, so let’s jump right in—skip the fanfare, grab your caffeine, and let’s scan today’s critical China-linked cyber moves.

Top headline? The ever-aggressive Salt Typhoon crew, those notorious hackers linked to China’s Ministry of State Security and the People’s Liberation Army, are back in the news. The National Security Agency just pulled the curtain on Salt Typhoon’s campaign, confirming global cyberattacks targeting critical US infrastructure—think telcos, internet backbones, even the Army National Guard’s networks, if you can believe it. According to new reports, Salt Typhoon is not just reading emails; they’re grabbing sensitive comms data, tracking personnel, and lifting intelligence that could aid future attacks. AT&T, T-Mobile, Verizon—they’ve all been targeted. No sector is immune: government agencies, defense contractors, transportation, lodging, you name it.

The FBI’s Brett Leatherman says Beijing is intentionally targeting private communications to gain broad access to backbone routers and, once inside, they’re branching out to other systems using trusted network connections. That threat’s been upgraded to a full-on national defense crisis, and international intelligence partners like the UK’s National Cyber Security Centre and Germany’s BND have echoed the urgency.

Let’s talk malware—yesterday saw a surge in Cobalt Strike beacon alerts, a favorite post-exploitation toolkit for advanced persistent threats. Alerts were flagged on cloud infrastructure hosted by Alibaba in China, with hosts lighting up in places like Beijing. Security firm RedPacket Security warns these beacons can go dormant, so don’t let down your guard.

Meanwhile, the software vulnerability du jour: Citrix NetScaler ADC and Gateway products. Over 28,000 instances are still exposed to the critical remote code execution flaw, CVE-2025-7775, that’s actively being exploited. CISA jumped in and added this flaw to the Known Exploited Vulnerabilities catalog, urging immediate patching, like yesterday. Quick reminder—if you’re running NetScaler, stop what you’re doing and patch now. Same goes for ICS advisories from CISA: new warnings this week for operators of Mitsubishi Electric Iconics and Tigo Energy products. Get those advisories, find your risk, and mitigate.

On the espionage front, Google and Mandiant have tracked another campaign—UNC6384, part of the Mustang Panda ecosystem, is now pushing custom malware through public Wi-Fi at US-visited hotels and embedding themselves in Southeast Asian diplomatic targets. These attackers use everything from hijacked update servers to fileless malware to stay invisible.

The current best defense? According to CISA, implement network segmentation, hunt for active beacons or abnormal lateral movement, and deploy multi-factor authentication everywhere. And if you see something odd—yes, even a ghostly denial of service at 2 AM—pull in your incident response team and report up to CISA immediately.

Listeners, thanks for tuning in to the frontline of cyber defense with Ting—don’t forget to subscribe to stay ahead of the next hack. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta