Salty Dragons Gone Wild: China's Cyber Goons Hack the Planet

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Ting here, spinning up this week’s Digital Dragon Watch: Weekly China Cyber Alert—reporting from August 27, 2025, just as your firewalls are probably wondering what hit them. Let’s get right into the main event, because the last seven days have been packed with the sort of high drama only state-sponsored hackers with way too much caffeine and too many routers can deliver.

First, you’ve probably already clocked the big news flashes from the NSA, CISA, and partners in the UK and Australia. Yep, Madhu Gottumukkala from CISA and Brett Leatherman from FBI were both out front warning that Chinese state-sponsored Advanced Persistent Threat (APT) actors—think Salt Typhoon, OPERATOR PANDA, and their galactic crew RedMike, UNC5807, and GhostEmperor—are going absolutely wild on global critical infrastructure. That means they’re going after telecom (again), government backbones, transport networks, lodging sectors, and even military systems. The biggest new attack vector uncovered this week? These Chinese teams are exploiting vulnerabilities in backbone routers—the big provider edge and customer edge routers that run the internet behind the scenes. If you’re in telecom, you’ve probably had a bad week.

Notably, Salt Typhoon is back in headlines. According to BankInfoSecurity and BleepingComputer, they not only breached nine major U.S. telecoms and lifted text messages, voicemails, and law enforcement wiretap data, but last year they enjoyed a nine-month joyride inside the U.S. Army National Guard network, swiping admin credentials and config files. That’s not even counting their custom malware “JumbledPath” and penchant for GRE tunneling—basically highway banditry at scale. The outcome? Dead serious: the FCC is now making telecoms draft and certify real cyber risk management plans, so if you’re AT&T or Verizon, no snoozing allowed.

Defensively, official U.S. government reactions have been punchy. The NSA, CISA, and the FBI jointly dropped shiny new mitigation guidance. They want you patching all known exploited vulnerabilities ASAP, enabling centralized logging, securing edge infrastructure, and—especially for critical infrastructure pros—threat hunting with extreme prejudice. And as CISA’s advisory keeps saying, don’t just fix things quietly; build resilience and report intrusions to keep the intelligence flowing.

On the industry front, Google’s Threat Intelligence Group—Sandra Joyce—previewed their new “disruption unit,” focused on legal and ethical disruption of cyberattacks. The mood in the sector is shifting from “play defense” to “go proactive,” with some experts advocating for more aggressive disruption, even if it means crossing into “active defense” (think honeypots and campaign takedowns) and maybe a little bit of hack-back territory.

China’s official response? As tracked by the UK’s NCSC and international allies, silence—pending, at least publicly—but there’s no shortage of evidence. Researchers, including those at Google, say PlugX backdoors are appearing courtesy of hijacked browser traffic and fake software updates.

Expert recommendations for organizations everywhere are crystal clear: adopt zero trust architectures, inspect encrypted traffic (especially TLS/SSL), assume data might be exfiltrated, and leverage GenAI-powered tools for threat detection and rapid response. And if you’re public sector, remember new mandates like New York State’s 72-hour incident reporting deadlines—compliance just got real.

Thanks for tuning in! Don’t forget to subscribe for next week’s alert—because Digital Dragon Watch always keeps your endpoints spicy. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals