Salt Typhoon Storms the National Guard: Pentagon Clouds Crumble in China Fiasco!

This is your Dragon's Code: America Under Cyber Siege podcast.

Listeners, it’s Ting here—your favorite cyber sleuth fluent in Mandarin, malware, and the mayhem of global hacking. Whew, what a week on Dragon’s Code: America Under Cyber Siege! If you thought last week felt tense, grab your firewalls because the past several days have shaken the U.S. cyber community.

Let’s jump straight into the code. The biggest red alert came when elite Chinese cyber group Salt Typhoon was revealed to have quietly infiltrated a U.S. Army National Guard network for nearly a year, from March to December 2024. According to a June DHS memo, these hackers didn’t just stumble in—they mapped out internal topography, snatched strategic operational maps, and made off with the personal data of Guard members. Salt Typhoon is notorious, already linked to the AT&T and Verizon breaches, federal offices, and even congressional leadership. This National Guard hit is on another level, especially since Guard units straddle state and federal authority, creating hybrid vulnerabilities you just don’t see in other branches.

Salt Typhoon’s playbook leaned heavily on exploiting obscure system integrations between the Guard, law enforcement, and state networks. Imagine a spider web laced with unpatched legacy nodes, old Microsoft SharePoint instances—yes, those again—plus lax segmentation between federal and local databases. ToolShell, a remote code exploit, featured heavily; it let the group snoop SharePoint directories, quietly exfiltrating configurations and files. Chris Butera from CISA stressed the real risk: once these attackers get that deep, they could knock out readiness or quietly prep for future sabotage.

Just as the Guard breach news broke, the Pentagon found itself in an equally awkward bind. A ProPublica investigation revealed Microsoft's Defense Department cloud services were—until this week—routinely maintained by China-based engineers, shuttling commands through American “digital escorts.” These escorts, while cleared, were often not cyber experts themselves. Talk about supply chain nightmares! Defense Secretary Pete Hegseth immediately banned all Chinese personnel from Pentagon cloud support and launched a two-week review. Microsoft had to scramble, with spokesperson Frank Shaw promising no China-based engineers are touching DoD systems moving forward.

Senator Tom Cotton pressed for a full reckoning—demanding lists of every contractor and escort used, warning that “meeting the letter of the law” wasn’t enough if escorts couldn’t spot injected malicious scripts. The lesson? Supply chains are only as strong as the geek at the keyboard, and digital babysitting is not cybersecurity.

Cybersecurity expert Dave Kennedy put it bluntly: U.S. adversaries like Salt Typhoon are no longer just lurking for secrets—they’re embedding to disrupt, flip switches, and hold the critical infrastructure hostage if conflict erupts. Think of it as the difference between a pickpocket and an armed hostage-taker. And, as he warns, Washington’s diplomatic wrist-slaps have finally worn thin. Real deterrence will require not just locking doors, but arming the guards with tools—and the greenlight—to strike back.

Cloud supply chain hardening, more aggressive patching for vulnerabilities like those plaguing SharePoint servers, and rewriting the old rules on defense—those are the defensive measures now. The big takeaway? If you’re depending on legacy architecture or hoping adversaries will respect unwritten rules, you’re just another node waiting to be pwned.

Thanks for tuning in, listeners. Don’t forget to subscribe for another byte of the world’s most tangled cyber showdowns. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals