Silk Typhoon Strikes Again China Hacks the Planet While VPNs Leak Your Secrets to Beijing

This is your Cyber Sentinel: Beijing Watch podcast.

Listeners, it’s Ting, your eyes and ears on Beijing—welcome to Cyber Sentinel: Beijing Watch. Let’s ditch the preamble and get into the real action, because the Chinese cybersphere never sleeps and neither should your security postures. If your socks aren’t already knocked off, brace yourselves.

First up: the headline act is Silk Typhoon—the group formerly known as Murky Panda, but let’s be honest, the new name has more flair. Over the past few days, Silk Typhoon has been exploiting fresh zero-days in Citrix Netscaler (that’s CVE-2023-3519 for you patch lovers) and Commvault (CVE-2025-3928), breaching cloud environments used by North American tech firms and, gulp, government agencies. What’s wild is how they’re turning trusted cloud infrastructure into a playground, hopping through Entra ID service principals to move not just laterally, but diagonally, like that extra-creative chess piece. And it doesn’t stop with the pros—home office routers are getting pwned too, making grandma’s Wi-Fi a surprising launchpad for espionage.

Strategically, these attacks signify China’s ongoing shift toward supply-chain compromise. Instead of hammering down the front door, they’re sliding in through the ventilation system. Adam Meyers at CrowdStrike notes that Silk Typhoon’s latest tricks abuse SaaS relationships to pull off devastating downstream attacks—the equivalent of hacking the hotel so you can get every guest’s room key. Microsoft’s March report underlined the danger of trusted cloud linkages being weaponized. Think law firms, IT vendors, critical infrastructure—if you log in, you’re a target.

Let’s turn to the VPN mess, because if you like your privacy, this is migraine-inducing. Arizona State University and Citizen Lab uncovered Android VPN apps, downloaded by millions of Americans, that actually funnel their traffic through Qihoo 360-backed servers. If that sounds familiar, Qihoo 360 is on the US Commerce Department’s blacklist and the Defense Department’s “Chinese Military Company” roll call. The real kicker? These apps have gaping security flaws—weak encryption, hard-coded passwords, and bucketloads of privacy violations. Tech Transparency Project even found one of these VPNs advertised to TikTok-loving teens. Under Chinese law, these companies have to hand over data if asked. So imagine that: your “privacy” VPN is a one-way ticket to Beijing, courtesy of your own thumb.

But wait, ransomware is trending now, too, with groups like ChamelGang and Bronze Starlight, not to mention newcomer Dire Wolf, blending espionage and double extortion. CYFIRMA points out that these attackers are doing more than chasing bitcoin—they’re using big-ticket ransomware events to mask silent data theft. If you’re in healthcare, finance, or construction, congrats, you’re especially interesting right now.

Attribution is clearer than ever: after April’s Volt Typhoon admissions and last December’s hack of a US Treasury vendor (over 3,000 files accessed), US officials are increasingly blunt about calling out China. Even the DCSA director, Bill Cattler, just called China a “pacing threat” with an unprecedented global espionage campaign.

As for global response, the Open RAN push is strategic—forcing a move away from Huawei/ZTE’s lock-in hardware and making radio access networks modular, open, and much harder to compromise end-to-end. US policymakers are practically staple-gunning “patch, patch, patch” to every server room door while negotiating public-private alliances to adopt new standards.

So what’s the playbook? Patch every internet-facing appliance yesterday. Stop trusting default cloud settings and segregate permissions ruthlessly. Audit your supply chain vendors like your angry parents are coming to visit. For strategic defense, it’s all about shifting to open standards and diversifying away from Chinese kit. And...