Salt Typhoon Strikes Again: 9-Month Breach Bombshell Rocks National Guard

This is your Digital Frontline: Daily China Cyber Intel podcast.

Listeners, welcome to another pulse-pounding edition of Digital Frontline: Daily China Cyber Intel, where I, Ting, your punctilious but playful cyber sleuth, break down the latest in PRC cyber shenanigans and how you can keep out of their digital crosshairs. No nonsense—let’s punch straight into the breach.

The biggest bombshell? The infamous Chinese APT group Salt Typhoon has been confirmed by the Department of Defense to have burrowed deep into a major U.S. state’s Army National Guard network for a staggering nine months. This group didn’t just sneak in—they moved laterally, mapped network topologies, scooped up personal info on service members, even diagrammed sensitive backend architectures, all thanks to a clever cocktail of misconfigurations and, possibly, zero-day exploits according to a recent memo from the Department of Homeland Security. While officials aren’t naming the state, the intrusion hit especially hard since National Guard units plug right into state law enforcement “fusion centers” in 14 states, which basically means Salt Typhoon potentially positioned itself for access to more networks via shared intelligence pipelines.

Salt Typhoon’s claim to infamy isn’t new. Remember last year’s AT&T and Verizon breaches? That was them, too. They wiretapped presidential campaign comms and legislative offices, showing they’re as comfortable spying on politicians as they are slicing through infrastructure. This time, their tools included chaining old CVEs from brands like Cisco and Palo Alto, while their evasion game stayed strong with modular malware, credential dumps, and good old privilege escalation.

On the prevention side, experts are adamant: PATCH. YOUR. DEVICES. Now. Especially Chrome—CVE-2025-6558 is out there, so make patching a dinner date with your IT team. Segment your network, audit edge devices, and if you run any telecom, start watching logs like a hawk. Bixleap and other AI platforms proved invaluable for early threat hunting this week—if you’re still hunting bad actors manually, it’s time to try machine help.

Not to be outdone in the news, the infamous “digital escort” plot twist surfaced when it was uncovered that Microsoft let China-based engineers assist with Pentagon cloud systems—the catch? Their U.S.-based supervisors often lacked the right technical chops, making the set-up comically vulnerable. Security pros are calling it a national embarrassment; this is sensitive “Impact Level 4 and 5” data, which supports frontline military operations. Both Microsoft and government spokespeople are defending their frameworks, but national security experts are demanding Congressional investigations, with some, like Michael Lucci at State Armor Action, demanding criminal penalties if the worst supervision fears are confirmed.

Meanwhile, advanced persistent threats weren’t limited to just operational networks. Congress is weighing the controversial new Chip Security Act, which could backfire by making U.S. semiconductors even more traceable (read: hackable). Critics are fuming that location-verification tech, if compromised, would be a goldmine for foreign adversaries looking to jack critical hardware.

Here are your quick and dirty recommendations: Patch all edge devices, especially Cisco and Palo Alto. Verify developer dependencies to combat NPM supply chain threats. If you’re still relying on end-of-life hardware, like SonicWall SMA 100 appliances, upgrade—active campaigns exploiting these persist, according to Google and Rapid7. Test DDoS resilience frequently; attacks are up this quarter. Harden NAS systems, especially if they’re connected to the public internet. And for telecoms folks, Ericsson’s just announced a holistic, security-first network defense overhaul aligning with CISA directives, so keep your eyes peeled for those guidelines.

That’s your...