China's Cyber Mischief: From Slow-Drip Espionage to Digital Trojan Horses, Beijing's Hacking Up a Storm!

This is your Cyber Sentinel: Beijing Watch podcast.

Welcome back, listeners—Ting here for Cyber Sentinel: Beijing Watch, your weekly chronicle of China’s cyber high jinks and how they’re rattling the American security scene. I’ll get right into the data-stream because the last week’s been hotter than a compromised geothermal plant.

Let’s talk fresh attack vectors. On July 15, Salt Typhoon, a Chinese state-backed hacking crew, breached an unnamed U.S. state's Army National Guard network, quietly siphoning sensitive documents for months. What’s notable here isn’t just the persistence; it’s the focus. Instead of smash-and-grab, this was slow-drip cyber espionage, collecting credentials and mapping the network for lateral moves into other state and federal systems. It’s the cyber equivalent of learning every entrance to a fortress before making a single move.

Attorneys weren’t spared. Wiley Rein, a D.C. law firm with ties to trade negotiations, got hit for the second time, suggesting China’s playbook now leans heavily on legal and policy reconnaissance—excellent for business and bargaining intelligence.

Meanwhile, Microsoft’s been caught in the geo-cyber crossfire again. Their SharePoint platforms were hammered by groups like Linen Typhoon and Storm-2603, with attackers chaining together previously unknown bugs—aka zero-days—just ahead of patch releases. That gave them a window to snag data from government agencies, like the Education Department and the National Nuclear Security Administration. Experts are even probing if insiders from Microsoft’s China-based engineering team leaked these vulnerabilities to threat groups before the patches dropped.

On the supply chain side, U.S. officials have detected so-called 'suspicious' code—think digital Trojan horses—embedded in Chinese-made batteries, EV chargers, and even power inverters. The headline risk is a “killswitch” in critical infrastructure. If triggered, it could flip the lights or gas off from afar. Arnie Bellini, formerly of ConnectWise, warns that we’re rolling out China’s digital welcome mat ourselves by importing these products. DHS now keeps a running tally of recalls and compromised gear, but remediation is a cat-and-mouse game.

In international cyber-diplomacy, China just summoned Nvidia over its H20 AI chips—designed for legal export after a U.S. ban—alleging they contain backdoors, remote shutdown features, and tracking. China’s Cyberspace Administration demands proof these chips aren’t U.S. espionage tools, right as Washington debates a bill to mandate similar security “features” in future chip exports. Reciprocal paranoia, anyone?

Attribution gets messier every week. China claims the U.S. hacked its military suppliers via the same Microsoft Exchange flaws blamed on PRC-linked actors back in 2021. The U.S. sticks to its line: China is still the most persistent nation-state cyber threat—citing Salt Typhoon, Volt Typhoon, and other suspects.

International response? U.S. Treasury just sanctioned a major supra-national scam infrastructure, Funnull, based in the Philippines and reportedly operated by Chinese nationals with friendly nods from Beijing. Agencies like the FBI and partners at Silent Push now track hundreds of thousands of attack domains, yet find themselves locked in an endless loop: disrupt, adapt, repeat.

Tactical recommendations for defenders: Patch early, patch often, and never trust supply-chain hardware without thorough inspection. Strategic play? Accelerate post-quantum cryptography, enforce phishing-resistant multifactor authentication, and double down on zero trust, per the latest NIST and DHS guidance.

That’s it for this week’s Cyber Sentinel: Beijing Watch—Thanks for diving into the digital trenches with me, Ting. Don’t forget to subscribe and stay a byte ahead. This has been a quiet please production, for more check out quiet please dot...