Digital Landmines: Beijing’s Quiet Invasion | The American Spectator

Weeks earlier, Volt Typhoon — a sister outfit with suspected PLA ties — was found embedded in the operational control systems of a Massachusetts utility company. According to Dragos, they sat undetected for 10 months, quietly cataloging grid layouts and SCADA protocols. They weren’t there to steal. They were there to prepare — to turn out the lights when it counts.

This isn’t the PLA in bunkers. This is cyber-mercenary outsourcing. Beijing contracts firms like iSoon, Sichuan Juxinhe, and Shanghai Powerock to handle the dirty work. In early 2025, leaked iSoon internal chats showed hackers bidding for U.S. access like it was a government eBay. Recorded Future reported $10,000 bounties for federal login credentials, $900 for grid access.

In March, Milan police arrested Xu Zewei, a senior engineer at Powerock, tied to the HAFNIUM Exchange server attacks that compromised thousands of networks globally. Xu allegedly worked under direct orders from the Ministry of State Security. His role: compromise, linger, report.

The real problem? We’re numb to breach. What once triggered national panic now barely scratches the news cycle. But intent has changed. Today’s attacks aren’t about stolen trade secrets — they’re about planting latent explosives in our infrastructure, dormant yet deadly, waiting for political ignition. Volt Typhoon didn’t hack Massachusetts to observe. It nested, silently, ready to flip switches. TechRadar cited government sources warning this is not the endgame. It’s the staging ground.

Two telecom providers compromised by Salt Typhoon reportedly declined to probe deeper after legal advice — fearing confirmation would trigger liability. Wired revealed internal compliance teams were told not to initiate forensic reviews. Willful blindness now counts as national policy.

The breach of a National Guard system isn’t symbolic — it’s strategic. Guard units coordinate disaster response, cybersecurity, and emergency communications. Disrupting their networks undermines every layer of domestic resilience. DHS documents cited by Industrial Cyber confirm that Chinese actors had access to live channels used by Guard units in multiple states.

What’s needed now is doctrine. Treat foreign cyber intrusions as acts of aggression, not IT issues. Enforce mandatory breach disclosure for critical infrastructure operators. Penalize any firm that fails to patch known vulnerabilities or delays mitigation. And above all, empower Cyber Command to strike first: neutralize command-and-control centers, disrupt attacker infrastructure, and inject cost into breach attempts.

The Chinese model is disturbingly efficient. It disperses risk, removes attribution, and ensures persistent access. As the Washington Post detailed, Salt Typhoon exploited vulnerabilities in common networking hardware to establish long-term presence in U.S. telecom backbones. They didn’t knock. They mined the hallway, rigged the wiring, and left the lights on — for now.

We are already living in a contested digital battlespace. Every day we delay action is another day malware lingers, undetected, patient. We’ve allowed infrastructure breaches to become white noise. And China has noticed. The game is no longer denial. It’s readiness. And right now, we’re behind.