Salt Typhoon Strikes Again: Chinese Hackers Breach US Military Secrets in Daring Heist

This is your Dragon's Code: America Under Cyber Siege podcast.

What a week to be a cyber analyst, and what a wild ride in the world of Dragon’s Code: America Under Cyber Siege. Yes, listeners, it’s Ting—your favorite expert on everything China, hacking, and, apparently, surviving on less sleep than a caffeinated bug bounty hunter. Buckle up; we’re diving straight in.

The headlines are ablaze with the exploits of Salt Typhoon, the Chinese APT group that’s become the stuff of sleepless nights for American cyber defenders. Between March and December last year, Salt Typhoon pulled off an audacious breach of a U.S. state’s Army National Guard network—a heist so sophisticated the DoD is still reeling. The hackers exfiltrated network configurations, administrator credentials, and intercepted communications with National Guard units across every U.S. state and even reached four U.S. territories. That means attacker access to a golden map of our military’s digital nervous system—potentially exposing critical infrastructure defenses in fusion centers scattered through 14 states, according to reports first seen by NBC News. Imagine the enemy having a skeleton key to every door in your digital house. Spooky, right?

How’d they pull it off? Let’s get geeky. Salt Typhoon, as detailed by the Department of Homeland Security and cloud security experts, leveraged a grab-bag of vulnerabilities—classic CVEs exploited through anonymized, rented IPs. Think of it as digital ninjas using forged passports at every border checkpoint. Once inside, they roamed for months, grabbing over 1,400 config files from 70+ government and infrastructure networks. This treasure trove included diagrams and access credentials ripe for future attacks. Their TTPs (that’s tactics, techniques, and procedures) were textbook nation-state: stealthy lateral movement, credential harvesting, and exfiltration hidden deep within legitimate network traffic.

Who’s behind the mask? Attribution is never 100%, but both the Pentagon and Microsoft’s internal teams point straight to state-sponsored actors with direct ties to the Chinese central government. Salt Typhoon has already made headlines hacking telecom giants like AT&T, Verizon, and global carriers, snagging everything from private call records to wiretap access. It’s not just defense: critical infrastructure—energy, water, government offices—are all in their crosshairs.

Let’s not ignore tech’s awkward moment on center stage. Microsoft has been roundly criticized for its “digital escort” cloud access model, which reportedly let China-based engineers—sometimes supervised by folks without full technical chops—potentially glimpse sensitive Pentagon operations data. While a Microsoft spokesperson insists there are platform-level controls and federal audits in place, national security experts like Michael Lucci have called for the Pentagon to rethink its reliance on any vendor with such lapses. As Michael Sobolik from the Hudson Institute quipped, it’s akin to arming the fox and expecting the henhouse to stay secure.

But it’s not all doom! Agencies like the NSA and DHS say lessons are being learned. Gary Barlet, former Air National Guard CIO, is blunt: “All U.S. forces must now assume their networks are compromised and will be degraded.” What’s happening? Tighter credential protections, moving to zero-trust architectures, boosting SMB encryption, and red-teaming every conceivable weak link.

Key takeaways? Legacy systems must die, security education at every level is essential, humans remain the softest targets, and continuous monitoring is our best hope against next-gen espionage.

Thanks for tuning in to Dragon’s Code: America Under Cyber Siege with Ting. Don’t forget to subscribe—more digital intrigue and fun is just a click away. This has been a quiet please production, for more check out quiet please dot ai.

For more