Salt Typhoon Strikes Again: Chinese Hackers Lurk in US Networks and Beyond

This is your Dragon's Code: America Under Cyber Siege podcast.

Today’s Dragon’s Code update comes to you live from the digital trenches—it’s Ting here, your cyber sleuth with all the wit, none of the lag, and just enough paranoia to keep the firewall humming. Listen up, because the past few days have been a masterclass in Chinese cyber operations, and the plot is thicker than malware in an old printer.

Salt Typhoon, everyone’s favorite state-backed menace, was caught red-handed prowling U.S. critical infrastructure again. The Department of Defense discovered Salt Typhoon embedded inside a National Guard network, using classic methods—breaching through old, unpatched routers and firewalls. These devices don’t just hang on perimeters; they often talk with local law enforcement, emergency management, even school districts, meaning the impact can ripple from a state’s Guard all the way down to city hall. A senior Pentagon official said, “Their persistence is their weapon of choice. The risk isn’t just espionage—it’s long-term sabotage readiness.”

But the attacks didn’t stop there. Salt Typhoon shifted from picking targets to blanket-spraying vulnerable edge devices worldwide. According to Pete Renals from Palo Alto Networks, this scattershot approach is about building a deep, quiet presence in telecom infrastructure. And it isn’t just the U.S. on the menu—big names like Comcast, MTN Group in South Africa, and LG Uplus in South Korea found compromised devices among their networks. Even if the telcos themselves weren’t breached directly, their clients’ exposed gadgets became backdoor highways into all kinds of sensitive communications.

Meanwhile, in the semiconductor sector, RedMike (also known as another flavor of Salt Typhoon) kicked off multiple waves of attacks, slurping credentials from Taiwanese chipmakers and American analysts using spear-phishing, exploiting zero-days in Cisco equipment, and deploying custom malware like Voldemort—a backdoor even Dumbledore would find troublesome. Proofpoint and Recorded Future both flagged a hunt for proprietary tech and trade secrets, with phishing emails dressed up as job offers or investment proposals landing in inboxes from MIT to Mexico City. The game? Patent theft and strategic leverage during ongoing geopolitical drama.

Here’s a spicy subplot: a ProPublica investigation uncovered that Microsoft, managing Pentagon cloud infrastructure, often tasks Chinese engineers with high-impact maintenance—under the watchful eyes of so-called digital escorts (Americans with clearances but not always deep technical chops). Senator Tom Cotton called for a full audit of every military contractor using Chinese nationals in the supply chain, warning Congress that a lack of expertise means malicious code could slip past unnoticed. “We’re begging for zero-days,” grumbled one congressional aide.

On the defense side, CISA amped up threat monitoring and recommended forced patching in critical infrastructure. Some telecoms, already scarred by last year’s Silk Typhoon rampage, rolled out multi-factor authentication for admin panels and set up persistent network anomaly detection, hoping to finally squeeze these intruders out.

But there are lessons: Don’t just patch—hunt for persistence. Human vigilance is as crucial as technological. And—this from Laura Galante, principal at WestExec Advisors—“Cyberspace is where Xi Jinping bets on risk and surprise. If we’re not coordinated, we’re outplayed.” Especially after the State Department splintered its cyber diplomacy bureau, experts worry that the U.S. is losing its unified voice abroad, making both incident response and international cyber defense more chaotic than ever.

To all you listeners: stay patched, stay sharp, and remember that behind every blinking server light is a chance for trouble or triumph. Thanks for tuning in! Don’t forget to subscribe. This has been a...