Salt Typhoon Sizzles! Chinese Hackers Scorch Global Telcos & Trump's Phone

This is your Cyber Sentinel: Beijing Watch podcast.

Today’s a scorcher in the Beijing Watch war room and wow, listeners, the cyber headlines from China have been even hotter! I’m Ting—your cyber sleuth—here to walk you through this week’s digital dragon dance between the US and Chinese hackers. Buckle in, because the espionage isn’t slowing down and neither are the puns.

You’ve heard the whispers about Salt Typhoon, but let’s make it crystal: according to FBI cyber whiz Michael Machtinger, Salt Typhoon, linked directly to Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong, and Sichuan Zhixin Ruijie, vacuumed up information from millions of Americans. Not just the usual suspects—think telcos like Verizon and AT&T, sure—but also geo-locating random mobile users, even hoovering up comms from VIPs, like President Trump and VP JD Vance. Machtinger didn’t dance around it: the scale is “reckless and unbounded”—80 countries hit, 200-plus US orgs compromised, and no, you’re not safe just because you don’t work for the government.

The Salt Typhoon gang doubled down on large backbone routers—those big telco arteries—leveraging trusted edge connections for lateral movement, persistence, and data exfiltration. The National Security Agency and CISA corralled international partners and blasted out a huge advisory, saying, “Hey, network defenders, get moving: patch, monitor, and secure those edges!” They were backed by cyber teams in Japan, Germany, New Zealand, and more—no international karaoke, just grim warnings and technical guides.

Let’s get tactical, because attackers sure did. The joint advisory detailed the threat actors’ favorite moves: exploiting zero-days—Citrix NetScaler got a starring role this week—weaponized fake NDAs and job offers, and most alarming, they modified routers to maintain very long-term access. For those of you sprinting to check your network logs: don’t forget centralized logging, routine patching, and always secure the perimeters.

Strategically, things just got spicy on the vendor front, too. Secretary of Defense Pete Hegseth dropped the hammer on that "digital escort" program—yes, the one where Chinese engineers were writing Defense Department cloud code. Hegseth’s words: “It’s over.” Microsoft is officially on the hot seat with a third-party audit, and all US vendors are being combed for foreign nationals with code commit privileges. That contract loophole is slammed shut, listeners, but the impact review? Still ongoing.

Here’s where it gets interesting from the FBI’s Jason Bilnoski: China’s reliance on domestic firms for these ops is a double-edged jian sword. When the cover’s blown, those same proxies create openings for counterintelligence. Sure, Beijing will spin up new shell companies and the cloak-and-dagger dance won’t stop, but every reveal weakens their veil.

Industries targeted the hardest? Telecommunications, government, transportation, and—curiously—lodging and logistics. Oh, and if you’re running a water or power utility, don’t think you escaped: Salt Typhoon and cousins like Volt Typhoon lingered in US operational networks for months, exfiltrating OT data before detection.

So what’s on Ting’s shortlist of must-do defenses, both tactical and strategic? Patch all exposed infrastructure, especially routers and perimeter devices. Enforce multi-factor authentication everywhere. Hunt for persistent lateral movement—and automate, automate, automate your detection. Don’t sleep on traffic analysis: bad actors thrive on stealthy pivots into “trusted” systems.

And at the strategic level? Vendors and contractors: zero trust’s not just a slogan, it’s the baseline. International collaboration is your firewall: intelligence sharing between Washington, Tokyo, Berlin, and beyond caught much of this week’s campaign. Stay plugged in, stay paranoid—and stay witty, of course.

Thanks for tuning...