China's Digital Dragons: Hacks, Spies, and a Pentagon Surprise

This is your Cyber Sentinel: Beijing Watch podcast.

Hey listeners, Ting here with a fresh episode of Cyber Sentinel: Beijing Watch, and trust me, the digital dragons of China have kept cybersecurity teams on red alert all week. Strap in, because the fusion of tech and espionage has rarely been this audacious—or consequential.

Let’s start with the bombshell out of Washington. Defense Secretary Pete Hegseth isn’t mincing words after the Pentagon discovered contractors using Chinese labor—yes, engineers in China—on Defense Department cloud architecture. Thanks to investigators at ProPublica, we learned that Microsoft had created a workaround using U.S.-based “digital escorts” to mediate fixes between Chinese engineers and military systems. Sounds secure? Think again. Key Impact Level 4 and 5 military data—just a notch below top secret—was exposed to potential mischief, especially considering that those so-called escorts were sometimes out of their technical depth. That’s enough to make anyone spill their coffee on their keyboard. Microsoft and Hegseth responded by booting all China-based teams from these contracts immediately and launching a full-blown supply chain reckoning. Senate Intelligence’s Tom Cotton isn’t stopping, demanding a roster of every DoD contractor who might have a whiff of Chinese tech hands in their supply chain.

On a broader threatscape, China’s hacking operations have been turbocharged. Remember Volt Typhoon and Salt Typhoon? They belong to a newly emboldened breed of state-sponsored actors, aiming less for spying and more for laying groundwork for infrastructure chaos. The strategic shift is clear: China is prepositioning in U.S. energy grids and telecom, brushing off detection risks, and essentially stockpiling cyber-weapons for future disruptions. The U.S. debate now pivots to not just shoring up defenses, but flipping the switch to offensive cyber operations. According to Dave Kennedy, military cyber offense needs to come out of the classified shadows and into real-time deployability. The goal? Deter China and anyone else who thinks American digital defenses are just paper tigers.

Meanwhile, FCC Chief Brendan Carr is all-in on a new “rip and replace” campaign for undersea cables—those critical arteries carrying 99% of global internet traffic. The concern? Chinese vendors like Huawei and ZTE lurking somewhere along the seabed, possibly tapping or sabotaging traffic. Carr’s preparing a vote in August to ensure the U.S. only uses trusted technology in its international data lifelines, a direct reaction to the industry quake after last year’s Salt Typhoon attack and Congress’ realization that “cheap” can mean “compromised.”

From a tradecraft perspective, APT41, one of China’s premier espionage crews, is out with a sophisticated new campaign. Their latest tactics involve hijacking trusted resources—think SharePoint servers within victim networks—to blend command-and-control traffic into the digital background noise. They’re leveraging malware-laced files and weaponized DLLs that sidestep signature-based defenses by riding on legitimate processes. This blending of living-off-the-land tactics with trojanized enterprise tools almost guarantees stealth, and it means no sector—from healthcare to telecom—is safe by default.

Weekly recommendation for defenders: double down on zero-trust models; scrutinize every third-party connection, especially hidden supply chain relationships; and, above all, get aggressive in red-teaming your own infrastructure. Consider endpoint monitoring for suspicious script execution, and insist that your SIEM is tuned for behavioral anomalies, not just signatures.

Strategically, these events highlight an arms race in cyberspace, pushing the U.S. to rethink both policy and posture. Expect increased investment in both defensive and offensive teams, tighter oversight on global suppliers, and a new era of cloud...