China's Cyber Ninjas: Lurking, Smishing & Chipping Away at US Security

This is your Cyber Sentinel: Beijing Watch podcast.

Hello listeners, this is Ting, your go-to cyber sentinel with fresh dispatches from the digital frontlines of Beijing Watch. If you think Chinese cyber operations have dialed things back this summer, you are in for a wild one. This week’s data points spell out a simple truth: when it comes to U.S. security, the PRC’s cyber playbook only gets more inventive—and more relentless.

Let’s kick off with the cyber melee around **critical infrastructure**. DEF CON just wrapped, and one key headline was U.S. water utilities. The Franklin Project revealed that Chinese groups like Volt Typhoon have burrowed deep not just into glitzy D.C. targets but hundreds of small-town systems. Why? These “little guys” often connect to military outposts or vital hospitals. We're talking stealth embedding—pre-positioning for possible future destruction or leveraging those networks as launch pads for other attacks.

The methodology’s evolved from smash-and-grab to patient lurking, with attackers hijacking operational tech—think pumps and pipelines—to route traffic, mask movement, and disrupt physical processes. With Federal funding for programs like MS-ISAC and the EPA slashed, hundreds of utilities are now exposed. That means even the humble water board in Nebraska is now part of U.S. national security calculus.

Turning the lens to **commercial cybercrime**, SecAlliance dropped a bomb reporting up to 115 million U.S. payment cards compromised via Chinese-speaking syndicates’ advanced smishing schemes. The real magic? These attackers are bypassing multi-factor authentication by provisioning digital wallets in real time, often using kits distributed on Telegram, like the “dy-tongbu” channel. Their leader, called Lao Wang, has industrialized credential theft—layering fake ecommerce and brokerage sites, monetizing through preloaded devices, and sprinkling in paid ads on Google and Meta. Traditional defenses, from SMS filters to firewalls, are simply not keeping up.

High-tech tensions added extra drama this week as Chinese watchdogs put Nvidia under a state-sponsored microscope. Beijing demanded explicit proof there are no backdoors in Nvidia’s H20 AI chips. According to Chinese state media, suspicions remain that these chips might allow “remote shutdown” or covert access—concerns further amplified by People's Daily asking Nvidia to show its homework. While Nvidia denies any hidden access, their chips are now a hot flashpoint in U.S.-China tech relations.

Meanwhile, Microsoft wrestled with high-profile SharePoint server breaches. The vulnerability, CVE-2025-53770, was actively exploited by China-nexus actors, prompting emergency U.S. government patching. This isn’t just patch-and-go—these attacks fit a strategic pattern: hit key business software, harvest data, then pivot to juicier targets. The U.S. Cybersecurity and Infrastructure Security Agency is now hammering agencies to update configs, reflecting how exploited business IT often becomes a backdoor into sensitive networks.

On the international stage, you’ve got ripple effects—states like New York forging ahead with new water sector cyber rules as federal leadership lags, and governments globally scrutinizing AI supply chains and critical tech investments. Even intel CEOs are fielding political grenades for their China links. The world is responding with a mix of regulatory sprints and public-private tech arms races.

For American defenders, here’s where the rubber meets the road. Tactically, stay relentless on patch management, rigorously segment operational tech from business networks, and invest in behavior-based anomaly detection. Strategically, the sector needs to double down on public-private trust, cross-industry threat sharing, and—my all-time favorite—tabletop exercises that actually replicate real-world pressure, not just cyber theater.

That’s...