Salt Typhoon Shatters Cyber Norms: Beijing's Boldest Hack Yet Rocks the Globe

This is your Cyber Sentinel: Beijing Watch podcast.

Flash update from your favorite cyber sleuth Ting reporting for Cyber Sentinel: Beijing Watch. Fasten your seatbelts, listeners, because Beijing’s fingers haven’t just been busy; they’ve practically written a cyber novel over the past week.

Front and center is “Salt Typhoon”—China’s newest marquee espionage campaign. US officials and The New York Times both called it Beijing’s most ambitious attempt yet, with American telecoms as the main character in this drama. Salt Typhoon slurped up data from everyone, from regular folks up to heavyweights like President Donald Trump and Vice President JD Vance. The campaign touched over 80 countries, but the DC area and the telecoms that keep government and military calls humming were in Beijing’s crosshairs. This is a major escalation in both scope and technical finesse. Previous Chinese cyber ops targeted specific scientific or defense researchers, but Salt Typhoon just went for everyone’s call records and messages. That’s like hacking the entire chessboard instead of just the queen. Investigators revealed over 10,000 malicious emails targeting politicians, journalists, and academics around the globe. Attorney General Merrick Garland didn’t mince words—the US will not tolerate the Chinese government silencing dissidents or stealing American business secrets, and the FBI’s Chris Wray flagged Beijing’s “brash efforts” to undermine US security.

Industry impact? The main strike zones were big telecoms—think AT&T, Verizon, and their global cousins. But the attacks branched into military, government, transport, and even lodging networks. From Trustwave and Tenable’s research, these groups—OPERATOR PANDA, RedMike, UNC5807, GhostEmperor, and the ever-present Salt Typhoon—went after backbone routers and used hijacked edge devices as springboards. This is how you leap from carrier traffic into sensitive military systems. There are even fresh reports of suspected Chinese hackers hammering Windows servers, with a worrying chunk of that in American manufacturing. Fake domains and week-long email lures are the new norm, according to SecurityWeek, making the phishing game more patient and more perilous than ever.

Now, let’s nerd out on attribution, because cyber whodunnits never get old. All signs point to China’s Ministry of State Security orchestrating the Salt Typhoon op—backed by both Western intelligence and private-sector forensics. Internationally, nearly two dozen cybersecurity agencies, including the NSA, issued a joint advisory, showing rare global unity. Meanwhile, Congress and the Pentagon are realizing their own research dollars have fed the Chinese military: over a thousand Pentagon-backed university projects ended up in the hands of researchers connected to China’s defense industry. House GOP is pushing new legislation to cut off these collaborations, while education chiefs are finally calling for full transparency.

So what to do? CISA and top partners say patch all known flaws yesterday—not just the newest ones. Centralize your logs so you actually know when someone’s knocking. Lock down edge and customer site routers. For the boardroom: it’s time to treat telecom and critical infrastructure like national security assets, not just utilities. At a national strategy level, CSIS reminds us that America’s hesitation to retaliate in the cyber domain opens the door to bolder adversaries.

Tactically, shore up your defenses and never trust an email at first glance. Strategically, invest in alliances and start treating cyber as more than an IT issue—it’s foreign policy and economic survival all rolled into one. Thanks for tuning in to Cyber Sentinel: Beijing Watch. Don’t forget to subscribe, and remember: This has been a Quiet Please production, for more check out quietplease dot ai.

For more