Cyber Siege: China's Sneaky Spy Games Infiltrate US Military Networks!

This is your Dragon's Code: America Under Cyber Siege podcast.

Listeners, Ting here, your favorite playful cyber sleuth serving up this week’s blockbuster in “Dragon's Code: America Under Cyber Siege.” If you’ve been following the chaos, you already know: what happens inside our data centers doesn’t stay inside. This week, the red-hot spotlight is on Salt Typhoon, the elite Chinese cyberespionage group that spent nearly a year hitchhiking inside a U.S. state’s Army National Guard network, as revealed by a Department of Homeland Security memo. These folks weren’t browsing memes—they nabbed everything from internal network maps to sensitive personnel data and maybe even blueprints of our operational infrastructure. This is a big deal because the National Guard isn’t just a federal gig—these networks hook into state law enforcement and local government systems, giving Salt Typhoon potential pivot points straight into emergency services if things really hit the fan, and the DHS now warns that the breach could let Beijing pull off similar feats in other states.

This attack wasn’t about a quick smash-and-grab. Salt Typhoon used persistence tricks, moving stealthily through interconnected civilian-military systems, suggesting they studied our hybrid governance for months to pinpoint exactly where we were softest. The attack methodology? Both classic and cutting-edge: credential theft, webshell deployment, living-off-the-land tactics, and stealthy lateral movement between segmented networks. Makes you wish your password was something better than “GoArmy123.”

Meanwhile, the plot thickened after ProPublica dropped its bombshell about Microsoft employing China-based engineers—yes, you heard it right—to support U.S. military cloud systems. These engineers didn’t directly touch Pentagon computers, but their code was relayed in by stateside “digital escorts.” As Senator Tom Cotton bluntly pointed out, most “digital escorts” didn’t have the chops to spot malicious code, so the risk was glaring: imported patches and support could easily become supply chain attack vectors. Defense Secretary Pete Hegseth, not one for half-measures, ordered an immediate halt, promised a government-wide review, and publicly declared, “China will have zero involvement in our cloud services.” Microsoft’s about-face sent shockwaves across every cloud provider with an international support team.

If that wasn’t enough, Mandiant and CrowdStrike spent the weekend flagging active exploitation of a Microsoft SharePoint vulnerability by China-linked hackers—specifically, deploying webshells to exfiltrate cryptographic secrets from government servers. “This isn’t a one-and-done patch,” warned Charles Carmakal, Mandiant’s CTO, meaning federal and private networks are now in emergency triage mode—assume you’re breached first, ask questions later.

With adversaries getting bolder, American policy is shifting hard: cybersecurity strategists like Dave Kennedy say it’s time the U.S. take an offensive stance, not just play defense. China’s approach is clear: embed, wait, disrupt, and exploit every gap—especially in the systems our lives depend on. As government officials scramble to audit supply chains and the FCC eyes strict new rules against foreign access in undersea cables and cloud infrastructure, the lesson ringing loudest is this: securing America takes world-class tech, real expertise—not budget shortcuts or a patchwork of “good enough” fixes.

So, listeners, thanks for tuning into this wild ride. If your password is still “123456”—change it, and subscribe for next week’s deep dive. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta