This is your Red Alert: China's Daily Cyber Moves podcast.

Ting here, your favorite cyber detective with a dash of sass, fresh from another wild day in the trenches of digital warfare. Listeners, the past 72 hours have felt like chaos, but in cyber, that’s just Monday, right? In case you missed the sirens, today is October 31, 2025, and the folks behind China’s so-called Typhoon operations did not take Halloween off. If anything, these PRC-backed hackers brought more trick than treat as they spear-phished, scanned, and staged themselves across some of America’s most vital infrastructure.

First, the headline: According to the McCrary Institute’s engineer-heavy white paper, China’s ‘Typhoon’ cyber unit spent this week carpet-bombing U.S. energy grids, water facilities, telecom carriers, transportation hubs, and even our healthcare systems. I know, grab your pumpkin spice latte—this is going to be a ride. Microsoft dubbed these “Typhoon” campaigns, and their signature is evolving. It’s not just about stealing secrets anymore; they’re prepping to disrupt everything if tensions with Beijing boil over. Imagine the next hot conflict starting not with a bang but by knocking out your water, lights, and 5G.

Let’s get into specifics, because you know I love receipts. In telecom, Salt Typhoon went after giants like Verizon, AT&T, and Charter. According to McCrary, they pulled the details—call records and location data—for over a million Americans, including government officials. More alarming, they got into lawful intercept systems, which could compromise U.S. counterintelligence efforts. Not cute.

Meanwhile, on the east coast, Ribbon Communications announced a breach in early September, most likely by a China-linked group, and only now disclosed that access may have dated back almost a year. They were quick to contain, but at least some customer data got snagged—just what we need with election season heating up.

On the patch-and-pray front, CISA dropped emergency directives twice this week. The worst? A fresh vulnerability in Cisco firewalls and the F5 device supply chain, both actively exploited—yes, you guessed it, by China-nexus actors. Agencies had hours, not days, to slap on the updates or risk seeing federal networks shut down or worse, hijacked for lateral movement. And if you thought local governments got a break, sorry: fragmented systems are still the federal Achilles heel, and as one White House advisor bluntly said, the U.S. is now “stalling” and “slipping” on cyber defense.

Let’s do a quick forensic timeline. Wednesday: CISA’s red alert on F5 and Cisco. Thursday: Salt Typhoon caught skimming telecom traffic and Ribbon’s breach is outed. Friday: Microsoft and the FBI trace another round of Volt Typhoon “recon” across dozens of water utilities and airports. And today—Halloween—Salt tries to run spear-phishing ops with NATO and European Commission conference invitations. High drama, all week.

Potential escalation? One false move—like an outage that disrupts port traffic or air control systems—and we’re talking mass economic disruption or U.S. military readiness in the crosshairs. And let’s not forget, the same TTPs deployed here were trialed by Salt Typhoon last week against a telco in Central Europe. Practice makes perfect, I guess.

So! If you’re running critical infrastructure, CISA wants you eyeballing your logs, closing admin ports, patching everything yesterday, and sharing indicators of compromise with them directly. If you’re not patching? You’re basically inviting China over for dinner with your root password in neon lights. And for everyone else: this is your quarterly reminder—don’t click the weird Zoom invite.

Thanks for tuning in. If you dig this kind of cyber storytelling, don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.

For more Back to Episodes