Salt Typhoon Snatches Guard Secrets, Pentagon's Fox Problem & Border Phone Snooping Bonanza!

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Welcome, cyber sleuths, to Digital Dragon Watch! I’m Ting, and if you wondered how much digital havoc China’s been up to this week, buckle up because the cyber weather forecast is…cloudy, with a chance of espionage.

Let’s leap straight into the week’s jaw-dropper: the Salt Typhoon breach. According to a Department of Defense report, this Chinese state-sponsored hacking group stealthily infiltrated a U.S. Army National Guard network and camped there for a whopping nine months, starting back in March of last year. Their vacation wasn’t for sightseeing—they hoovered up network configurations, admin credentials, and communications not just from the breached state, but from Army National Guard units across all fifty states and four territories. That’s like robbing one house and leaving with a map, the alarm codes, and spare keys to every other home on the block. The information snatched could enable follow-on attacks targeting state-level cyber defense, especially chilling since the Guard’s digital squads plug right into critical infrastructure defense across fourteen states. The FBI isn’t messing around either—they’re dangling a ten million dollar carrot for leads on Salt Typhoon’s masterminds—and frankly, they’ll need all the help they can get. Security experts stress this is one of the most damaging campaigns waged against U.S. military communications and state-level cyber resilience. The best defense right now, according to CISA and DoD guidance, is reinforcing least-privilege access, encrypting sensitive data, locking down old vulnerabilities, and watching admin accounts like a hawk.

Now, simultaneous to Salt Typhoon’s stealth, the crew from Volt Typhoon took their shot at U.S. critical infrastructure, especially on Guam—likely preparing digital beachheads for any future kerfuffle over Taiwan. The NSA confirmed they were detected and evicted before they could embed, but the failed attack is a loud reminder: these operations are not freelance. The Chinese Communist Party calls the plays, and their long-term strategy is out in the open.

That’s not all. Pull up your socks for this: ProPublica dropped a bombshell on Microsoft and the Pentagon. It turns out the U.S. Defense Department has allowed Microsoft-employed engineers, based in China, to help operate and troubleshoot Pentagon cloud systems for the past decade. These engineers are “supervised” by U.S. citizens called “digital escorts”—but here’s the twist: many escorts know more about securing a lunch break than scrutinizing code. The loophole? Pentagon guidelines let these engineers work with “high-impact” data that, if leaked, could cause catastrophic operational damage—all while Uncle Sam foots the bill. National security experts, like Harry Coker, have voiced scathing criticisms, calling this “like asking the fox to guard the henhouse.” Microsoft insists all staff are vetted, but as critics point out, vetting only works if the chaperone knows how to catch a trick. Lawmakers are now demanding oversight, and if ProPublica’s exposé holds water, there could be major legal and security repercussions on the horizon.

Finally, travelers, consider this your one-minute malware warning: mobile security researchers at Lookout just revealed Chinese authorities are rolling out an advanced mobile malware, Massistant, to extract data from any phones seized at Chinese borders. The malware gobbles up everything: texts (even from apps like Signal), contacts, locations, photos, and audio. Experts urge travelers: carry clean devices, avoid sensitive data, and assume any info on your phone may be collected.

Folks, China’s cyber strategy is coordinated, persistent, and opportunistic—and whether you’re state government, private sector, or a globetrotter, vigilance is non-negotiable. Double-down on vulnerability management, enforce strict privilege controls,...