Silk Typhoon Hackers Run Wild as Chinas Great Firewall Glitches Out

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Listeners, Ting here on your Digital Dragon Watch, and if you thought China cyber news was going to slow down in late August, strap in because the virtual fireworks sparked, crashed, and detonated across cyberspace this week.

Let’s get right to the biggest headline: For an electrifying 74 minutes on August 20, the Great Firewall of China went rogue and blocked all TCP port 443 traffic—yes, that’s HTTPS, the security protocol for pretty much every modern website. Overnight, China’s internet was nearly cut off from the rest of the world. Apple services, Tesla’s cloud, and countless international systems went dark for Chinese users. The kicker? Researchers from the Great Firewall Report team found strange device fingerprints that didn’t match any known parts of the Firewall. Was this a wild test run, or a government oops? It could have been a trial for blocking connections on demand or just a misconfigured upgrade that got quickly reversed. The mystery lingers like yesterday’s takeout, with security analysts speculating and Beijing silent.

But that Firewall glitch isn’t all. This week’s real cyber dragon is Silk Typhoon—also known as Murky Panda—China’s state-linked hacker set running wild through North American cloud environments. CrowdStrike and The Hacker News tracked these folks breaking into cloud providers and abusing trusted SaaS relationships to leak into downstream customer networks. Their tactics? Weaponizing both zero-day and n-day flaws—think Citrix NetScaler (CVE-2023-3519) and Commvault (CVE-2025-3928). Once inside, they drop webshells like Neo-reGeorg and stealthy Linux malware called CloudedHope. Oh, and they’re hijacking small office/home office routers geolocated inside target countries to make attacks look local. Government agencies, tech firms, academic and legal services—you’re all dancing on their hit list this week. CrowdStrike’s Adam Meyers flags the worrying new attack vector: Silk Typhoon burrowing into cloud identity infrastructure, especially Entra ID service principals and delegated admin access. That means your supposedly trusted cloud relationships are now the launchpad for attackers, not just a juicy target.

What has the US government done in response? Several fronts are active. The FBI joined CISA, NSA, and DC3 to put a flashlight on the surge in cyber operations, especially espionage. Their Salt Typhoon attribution campaign shows international teamwork is now essential—it’s not just about defending the perimeter, but sharing intelligence globally. There’s also a tidal wave of investment—the cybersecurity industry is projected to smash $212 billion in spending by the year’s end, with defense contractors and healthcare firms scrambling to integrate zero-trust architectures and AI-driven threat detection. If your company hasn’t set up a cyber incident response playbook, you’re playing Russian roulette with ransomware and supply chain attacks.

The White House, under the Trump administration, rolled out its “Winning the Race: America’s AI Action Plan” last month. The plan sets secure-by-design AI as national ethos, pushes creation of an AI Information Sharing Center, and demands rapid sharing of AI-specific vulnerabilities. The Department of Defense is now refining its Responsible AI frameworks, and the Director of National Intelligence has published new standards for AI assurance. Add to that a $14.75 million False Claims Act settlement for government procurement fraud and you get the message—Washington is dead serious about holding contractors accountable and tightening the screws on public sector cyber hygiene.

So, what are the expert recommendations for your own protection, dear listeners? First, patch those edge appliance vulnerabilities—Citrix and Commvault, you heard me. Second, audit all your SaaS and cloud environment identities, because attackers love to...