Salt Typhoon Strikes Again: Pentagon Popped, Taiwan Chips Targeted, and US Cyber Diplomacy Self-Destructs

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Listeners, Ting here with your Digital Dragon Watch: Weekly China Cyber Alert, dropping straight into the heart of this wild, always-evolving cyber battleground between the US, China, and everyone in their digital blast radius.

Here's what’s rattled the wires the past seven days: It’s a banner week for Salt Typhoon, the notorious Chinese state-sponsored hacking crew that just can’t quit US infrastructure. First, the juicy breach: The US Department of Defense confirmed Salt Typhoon lurked inside a National Guard network for almost a year, quietly siphoning off network diagrams, admin credentials, and configuration files. The scope is massive—experts estimate info from over 70 government and critical infrastructure identities across a dozen sectors got hoovered up, including wastewater, transportation, energy, and comms. Pretty much everyone’s worst patch management nightmare made real. This is the kind of haul that could grease the skids for stealth attacks on multiple government and infrastructure targets, not to mention enable future espionage or disruptive operations. The DoD's answer? They’re pushing for zero-trust security models and warning every military branch to reassess whether they’re as safe as they think.

Now, let’s cross the Pacific. Salt Typhoon’s appetite for telecommunications hasn’t dulled. A new report from Recorded Future shows their hit list includes devices connected to global telecoms, with Comcast, South Africa's MTN Group, and South Korea’s LG Uplus all finding compromised client hardware on their turf. The favorite move: exploiting old, unpatched vulnerabilities in edge devices—routers, switches, anything that lets you pivot from one boring box to a crown-jewel database. Pete Renals from Palo Alto Networks lays it down—these devices are foot-in-the-door vectors, launching pads for far more serious incursions. And the targeting is broadening: not just core networks, but the consumer endpoints that glue the whole info economy together.

But the digital tiger’s got its eyes on more than just the pipes—it wants what’s flowing through them too. Taiwan’s semiconductor sector took heavy incoming from not one but three China-linked hacker groups—labeled UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp by Proofpoint. Their spear-phishing campaigns hit designers, manufacturers, and investment analysts with emails masquerading as job-seeking grad students. Cobalt Strike payloads and custom backdoors like Voldemort (aptly named, they who must not be detected) got sent out like party favors. Proofpoint’s Mark Kelly said the attackers got crafty, sometimes spamming entire orgs, sometimes sending just one or two precisely crafted hooks. The motive? Espionage, driven by both geopolitical tension—hello, US chip export restrictions—and Beijing’s hunger for semiconductor supremacy.

And the US response? Let’s just say the phrase "own goal" comes to mind. While the FBI and CISA urge critical infrastructure sectors to wake up and harden defenses—multi-factor everywhere, rapid patching, and zero-trust all the things—the State Department went and gutted its own cyber diplomacy bureau. Key digital diplomats and strategists were pushed out, just as China goes full throttle in empowering not just state hackers, but the private sector to run its own unsupervised cyber ops. Experts, including Justin Sherman of Global Cyber Strategies, are blunt: firing diplomats and telling allies to "figure it out themselves" just puts more targets on US back.

If you want to dig deeper, pay attention to Senate Intelligence’s Tom Cotton, who’s now grilling the Pentagon about Microsoft’s use of Chinese staff on sensitive DoD contracts. With digital trust as shaky as a two-legged stool, oversight and transparency are being pushed front and center.

So what should you do right now? Experts say: inventory...