China's Cyber Ping-Pong Party: Salt Typhoon Slams US Telecoms While SharePoint Burns and Iran Watches Quiet Please Studios production cover art

China's Cyber Ping-Pong Party: Salt Typhoon Slams US Telecoms While SharePoint Burns and Iran Watches Quiet Please Studios production

China's Cyber Ping-Pong Party: Salt Typhoon Slams US Telecoms While SharePoint Burns and Iran Watches Quiet Please Studios production

Listen for free

View show details

About this listen

 This is your Red Alert: China's Daily Cyber Moves podcast.

Hey listeners, Ting here, your go-to cyber sleuth on all things China hacks and digital drama. Buckle up, because over the past few days leading into this wild March 15, 2026, China's been dropping cyber grenades like it's a daily ping-pong match with Uncle Sam—and we're losing points fast.

It kicked off Monday when Palo Alto Networks Unit 42 lit up the wires with their takedown on CL-STA-1087, a sneaky China-backed espionage crew that's been prowling Southeast Asian military outfits since 2020, but ramped up hits on US-linked defense contractors this week. These pros showed "strategic operational patience," slipping into VMware appliances with Fire Ant malware, per Sygnia researchers, fully owning isolated networks before anyone blinked. By Wednesday, Microsoft dropped a bombshell: Chinese hackers exploiting CVE-2025-53770, a 9.8-severity zero-day in SharePoint, slurping data from US firms worldwide—think proprietary blueprints vanishing into Beijing's vaults.

Fast-forward to yesterday: CNCERT, China's own emergency squad, weirdly warned about OpenClaw AI agents' weak configs, but don't be fooled—that's cover while their ops probe deeper. Today's red flag? Security Affairs reports Salt Typhoon, that persistent Chinese giant, hammering US telecoms and phone networks, echoing hits on global internet backbone providers. No fresh CISA or FBI emergency alerts hit public feeds yet, but insiders whisper active IOCs for GlassWorm malware propagating via Open VSX registry, chaining extensions into transitive hell for US dev teams.

New patterns? These aren't smash-and-grabs; it's living-off-the-land with AI-assisted persistence, targeting unpatched Windows 11 hotpatch systems and FortiGate gear for network pivots. Compromised? Ericsson US confirmed a third-party breach spilling sensitive comms data, and Storm-2561's spoofed VPNs harvested creds from US zoning permit seekers, FBI-style phishing on steroids.

Defensive playbook, listeners: Patch SharePoint and VMware now—Microsoft's March updates fixed 84 bugs, including this mess. Segment networks, hunt for Fire Ant beacons with EDR like CrowdStrike, and enable MFA everywhere, per CISA's Known Exploited Vulnerabilities catalog adding Ivanti and SolarWinds flaws. Timeline screams escalation: if US-Iran strikes heat up—Trump's B-2s just obliterated Fordow, Natanz, Isfahan—China could proxy Iranian cyber retaliation, flooding Strait of Hormuz shipping nets or US bases with drone-synced DDoS. Worst case? Salt Typhoon flips to disruption, blacking out East Coast 5G mid-crisis.

Stay vigilant, rotate those keys, and air-gap crown jewels. Thanks for tuning in, listeners—subscribe for more cyber spice! This has been a Quiet Please production, for more check out quietplease.ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta

This content was created in partnership and with the help of Artificial Intelligence AI
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.