This is your Dragon's Code: America Under Cyber Siege podcast.

Listeners, this is Ting—your cyber sherpa through the neon-lit underworld where firewalls meet the fury of Dragon’s Code. If you’ve felt a whiff of ozone in the air this week, that’s the scent of American infrastructure singed by some of the most sophisticated maneuvers yet out of China’s cyber arsenal.

First up, Salt Typhoon. Not just an evocative name, but a Chinese state-sponsored hacking campaign now flagged by US authorities as a national defense crisis. The group’s been active since 2019, building what Brett Leatherman of the FBI’s Cyber Division calls an “indiscriminate targeting” network. This week, Salt Typhoon ramped up operations, hammering more than US telecom giants like AT&T and Verizon—now, their crosshairs locked on government, transportation, even military infrastructure. The scale? Over 200 companies across 80 countries have been hit, but the US is feeling the heat most acutely. Their attack playbook is all about exploiting unpatched edge devices, disrupting entire swathes of the internet, and siphoning off the kind of comms and data you do not want in hostile hands.

And as if things weren't fraught enough, enter the Congressional Budget Office hack. Confirmed on November 6th, the CBO breach is reportedly riding on the back of a Cisco ASA firewall left fatally unpatched. TechCrunch and Federal News Network both point to a sophisticated, likely nation-state campaign—circumstantial evidence checks all the Chinese APT boxes. Imagine attackers slipping in using MITRE’s T1190—exploiting public-facing applications—then potentially cracking open Congress’s internal budget deliberations. That is tradecraft tailored to strategic economic espionage, right while the US and China are sabre-rattling over trade and critical tech. Responding, the CBO yanked offending systems, activated full-spectrum monitoring, and upped their game on segmentation—cybersecurity hygiene we should all aspire to.

But the week’s pièce de résistance was the aftershock from July’s SharePoint “ToolShell” hack. Chinese groups—Linen Typhoon, Violet Typhoon, and Storm-2603—ran wild through zero-days, with more than 400 organizations compromised, including the U.S. National Nuclear Security Administration. ToolShell’s genius? A multi-stage exploit chain started with precision POST requests, dropped bespoke webshells, and looted cryptographic keys. The campaign even survived Microsoft’s first patches, maintaining persistence and rolling out ransomware for a hybrid mix of espionage and financial blackmail. This hole in the dyke prompted Microsoft to restrict its own vulnerability sharing program, MAPP, especially locking out Chinese participants.

As for attribution, government officials like those at CISA note the telltale signs: exploitation of unpatched vulnerabilities, targeting of economic and legislative agencies, and the sheer persistence of these APTs. While the Chinese embassy in DC pushes denials, security researchers like Dustin Childs insist the technical forensic trail is hard to ignore.

The lessons here? According to Palo Alto Networks and CISA, the most critical are relentless patch management—no more letting Cisco firewalls or SharePoint servers rust on the edge of the network—and network segmentation as standard. Invest in early intrusion detection and zero-trust architectures. And government cyber chiefs warn: treat every external alert as a threat drill, not optional reading.

Listeners, the lines on this digital battlefield are only getting sharper—and wider. That’s all from Ting today; thanks for tuning in to Dragon’s Code: America Under Cyber Siege. Subscribe for more front-line exploits and deep dives. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai
Back to Episodes