This is your Dragon's Code: America Under Cyber Siege podcast.

Listeners, let’s dive right into America’s wildest cyber week yet—Dragon’s Code: America Under Cyber Siege! I’m Ting, your guide through the shadiest server rooms, and this time the headline reads: the most sophisticated, relentless attacks we’ve ever seen, with all digital arrows pointing straight back to China.

This week, “Operation Slipstream” hit the U.S. power grid and water utilities in Texas and Florida—no, really, I’m talking actual ransomware-for-hire groups flagged by Mandiant and Palo Alto Networks who blended living-off-the-land tactics with zero-day exploits. The attackers mimicked legitimate administrator traffic, making it a nightmare to spot their handprints until the lights started flickering in real homes. Cybersecurity researcher Katie Nickels told Reuters these intrusions screamed PLA tradecraft: they used obfuscated command-and-control channels routed via hijacked Japanese edge servers and, get this, cranked out customized ALPHA RAT payloads that slipped past baseline EDR.

As for affected systems, the campaign targeted ICS and SCADA controls—the backbone of power and water infrastructure. Forensics indicated the bad actors exploited unpatched PLC firmware and pivoted through legacy VPNs that hadn’t seen a patch since “Baby Shark” was a hit. According to the Department of Homeland Security, at least two municipal systems suffered data exfiltration: schematic layouts and incident-response playbooks wound up on dark web forums within hours.

Now, why point the finger at Beijing? The assembled evidence is damning. Jared Maeda from CISA highlighted overlapping infrastructure with the infamous Volt Typhoon group—yes, the ones who popped Guam power last year. The attackers’ tools matched malware families previously tied to PLA Unit 61398: specifically, the signature handshake in the beacon packets and Mandarin-language code comments referencing State Grid protocols. Also, threat intelligence flagged some C2 servers registering traffic patterns during Chinese business hours—almost like they’re clocking in.

How did America counter this onslaught? The Cybersecurity and Infrastructure Security Agency, CISA, launched rapid-response teams, deploying traffic segmentation and rolling out emergency Yara rules across critical sectors. National Cyber Director Sean Cairncross told SC Media they fast-tracked multi-factor authentication and “network enclaving” at providers that had brushed off CISA’s security advisories for months. Plus, DOE’s OT Defender program got every utility on secure-boot updates by Friday morning, which, for government, is warp speed.

So, what are the takeaways? According to Jen Easterly of CISA, this operation exposed how slow patch management and ignored advisories crack the door wide open. Experts call for a “whole-of-nation” approach: not just tech fixes, but restoring funding, leadership, and real authority to CISA and the State Department’s cyber-diplomacy team. The FDD’s new report says the U.S. needs bipartisan resolve, industry-government trust, and resources that match the threat—because deterrence is failing if adversaries don’t pay a price.

In pure Ting fashion: don’t sleep on Huawei’s shadow here—several compromised endpoints ran HarmonyOS, that’s right, possibly giving Chinese actors an insider edge. American bans pushed Huawei deeper into its own, global tech stack, creating fresh headaches. Meanwhile, the experts I talked to don’t mince words: expect China’s attack playbook to get even slicker, especially after new cyber incident reporting laws go live in China next week, turbocharging their state-supervised hacker-forces.

Thanks for tuning in, listeners. Hit that subscribe, stay patched up, and keep your logs rolling; you don’t want to miss what Dragon’s Code brings next. This has been a quiet please production, for more check out...