In This Issue

The China Threat: Cyberwarfare’s Opening Salvo

Imagine this. Just before dawn breaks over Taipei, China’s amphibious assault vehicles crash through the waves of the Taiwan Strait. Fighter jets scream overhead. And halfway across the globe, in cities like Houston, Chicago, and New York—everything goes dark.

Blackouts. Then brownouts. The power grid sputters and surges as substations overload. Ports freeze as crane control systems fail mid-lift. GPS-dependent cargo shipments stall. Water plants lose sensor feeds, triggering shutdowns. Across the U.S., communications stutter and fall. Cell towers blink out. Internet access collapses. Hospitals switch to backup generators—if they still work.

And none of it is a coincidence.

A war over Taiwan becomes something far more devastating. A new principle of warfare: one where the battlefield is digital, the front lines are hidden in code, and the first casualties are our own infrastructure. This is the world China has spent decades preparing for. And the United States is walking straight into it, exposed. 

“Everything, Everywhere, All at Once”

Over the past two years, China’s cyber warfare playbook has matured from espionage and theft into strategic battlefield preparation. Their approach is systematic and layered. China’s elite hacking units—grouped under the umbrella known as Typhoon—have infiltrated everything from power grids to water systems, telecom networks to shipping ports. And like time bombs waiting to be triggered, their malware lies in wait.

Volt Typhoon has focused its efforts on embedding malicious code in U.S. critical infrastructure and establishing a covert botnet of compromised routers and VPNs to maintain bridges from Asia-Pacific into North America. Their methods are subtle and surgical. They compromise outdated routers, install covert command-and-control servers, and slip into networks unnoticed. In 2023, intelligence services disclosed that Volt Typhoon had burrowed into hundreds of U.S. infrastructure networks. Their targets: energy, water, transportation—and communications.

While Volt Typhoon prepared the field, Salt Typhoon attacked the arteries—our telecoms. They breached nine major U.S. carriers, including Verizon and AT&T, compromising call logs, location data, and even the core switching systems of our communications grid. In short: they can now listen, track, and perhaps, when they choose, silence.

Then there’s Brass Typhoon, also known as APT41. This is China’s cyber-Swiss Army knife—part spy ring, part criminal enterprise. They’ve stolen source code from Taiwanese chipmakers, targeted U.S. logistics systems, and exploited software supply chains. Some of their malware is designed for military-grade systems. Other code is used to manipulate online games for profit. The common thread? Funding, support, and direction from China’s Ministry of State Security.

Minerals as Leverage, Spies as Retaliation

China’s cyber threat doesn’t end with code—it extends into minerals, manufacturing, and military readiness. The U.S. relies on China for over 80% of the rare earth elements critical to our defense systems: from fighter jets to missile guidance. In 2024, Beijing tightened its grip, pausing exports and requiring new licenses—a quiet move that sent a loud message.

These minerals aren’t just commodities—they’re leverage. And when the U.S. pushed back with tariffs, China pushed harder.

The U.S. cannot currently fill this gap. While the Department of Defense has pledged nearly half a billion dollars to rebuild the domestic rare earth supply chain by 2027, CSIS reports that we remain years behind China. Without these materials, our advanced weapons systems grind to a halt.

As the tariff war escalated, China raised the stakes. In April 2025, Beijing took an unprecedented step: it named three alleged NSA operatives, accusing them of hacking during the Asian Winter Games. For a regime that usually hides its hand, this was a warning shot. Cross us, and we’ll go beyond sabotaging systems—we’ll burn your cover. This wasn’t just economic warfare or espionage. It was precise, strategic and for me, personal.

As a former undercover operative, I spent years relying on my cover. My security depended on silence, secrecy, and trust. Outing names isn’t just a negotiating tactic—it’s an escalation. It puts lives at risk and disrupts the global balance of intelligence gathering. This is no longer espionage as usual. It’s personal. It’s dangerous. And it’s meant to intimidate.

Offense May be the Best Defense

For too long, we’ve been playing defense—building firewalls, issuing alerts, updating passwords. But while we patch, China plans. They map out our vulnerabilities. They test our response times. They stage and probe, preparing for a cyber Pearl Harbor. And we let them.

As Congressman Mike Waltz noted before becoming National Security Adviser:

“We need to start going on offense… [and] impose higher costs and consequences.”

He’s right. The only way to deter a nation like China is to show them that cyberattacks will be met with decisive retaliation. Not just sanctions or indictments—but real consequences. If they shut down our water supply, we shut down theirs. If they cripple our ports, we disable their factories. A modern version of Mutually Assured Destruction—not with nukes, but with cyber weapons.

Right now, all the weapons are pointed at the United States. We are the ones bleeding data, funding our adversaries through trade, and reacting instead of anticipating. That must change.

The China Threat isn’t coming. It’s here.

Cybersecurity Tip of the Week: The Brushing Scam

A friend recently called me when he received a package marked with his name but no return address. Curious, he opened it to find a cheap pair of wireless earbuds he didn’t remember ordering. Inside was a card offering him “bonus points” if he left a review—and a QR code to scan. The whole thing made him uneasy and he reached out for help.

Good thing. What my friend didn’t know is that he had just become a target in a scam known as brushing—a tactic used by shady sellers to quietly collect personal data from victims. The real product being traded wasn’t the earbuds. It was his identity.

If You’re Targeted by a Brushing Scam, Here’s What to Do:

1. Do not scan QR codes, click links, or leave reviews—no matter how tempting the “bonus” offer seems.

2. File a report with USPS to document the scam and protect others.

3. Monitor bank and credit card statements closely for any suspicious activity that could signal identity theft.

4. Request a free credit report, and if concerned, consider placing a freeze on your credit with major bureaus.

5. Remind yourself that nothing in life is truly free—especially when it arrives uninvited at your door.

Cybersecurity Breach of the Week

Lights out in Spain, Portugal and France

Yesterday millions across Spain, Portugal, and parts of southern France were plunged into darkness after a massive, unexpected blackout. Homes, offices, airports, trains, hospitals — even the Madrid Open tennis tournament — ground to a halt. By late evening, most power was restored, but not before the chaos spread through daily life like wildfire.

What caused it? Good question. Officially, the answer is still unknown. Some blame a “rare atmospheric phenomenon” that caused high-voltage oscillations. Others aren’t so sure. Spain’s national court has already launched a preliminary investigation into possible cyber sabotage — and the judge has warned that cyber terrorism can’t be ruled out.

If this was a cyberattack, it would be the largest strike on critical infrastructure in history — bigger than Colonial Pipeline, bigger than Change Healthcare. We’re not talking about isolated systems being hit. We’re talking about entire countries going dark.

This is exactly the kind of nightmare scenario we just discussed in the opening story about The China Threat. A mass blackout doesn’t need to last days to wreak havoc; a few hours is enough to freeze cities, disrupt hospitals, and paralyze economies.

As of now, European officials stress there’s no proof of foul play. But the fact that the Spanish government declared multiple national emergencies, convened crisis meetings, and launched terrorism probes tells you how serious the potential threat is.

If this was cyber sabotage, it wouldn’t just be Europe’s problem. It would be a loud, flashing warning to the western world: our infrastructure isn’t nearly as safe as we like to believe.

Tech of the Week: Can AI Save Your Life?

Two people asked ChatGPT medical questions—and it told them to go to the hospital. Good thing they listened.

One woman had been misdiagnosed by doctors five times. But ChatGPT? It pieced together her symptoms and flagged a rare form of cancer her human physicians missed. Another user shared vague complaints of fatigue and pain—ChatGPT replied, “Go to the ER. Now.” Turned out he was in early organ failure.

AI isn’t a doctor, and it shouldn’t replace one. But when trained on mountains of medical literature, it can sometimes see what even professionals overlook. AI might not wear a lab coat, but it’s definitely scrubbing in, and in the future, may be our first stop for a diagnosis before speaking to a human doctor.

AI Image of the Week: Back In Time Trend

I’ve been having fun with the various AI image trends now that Chat GPT’s image generator is so exceptional. This week I decided to jump on the back in time trend, and since I was just speaking in NYC, I decided to put myself in Times Square in 1914. the left is the generated image and the right is my reference photo. How well do you think AI represented me back in time?

Want to be a Spy Hunter?

Check out my LinkedIn Training Course

Like What You're Reading?

Don’t miss a newsletter! Subscribe to Spies, Lies & Cybercrime for our top espionage, cybercrime and security stories delivered right to your inbox. Always weekly, never intrusive, totally secure.

Are you protected?

Recently nearly 3 billion records containing all our sensitive data was exposed on the dark web for criminals, fraudsters and scammers to data mine for identity fraud. Was your social security number and birthdate exposed? Identity threat monitoring is now a must to protect yourself? Use this affiliate link to get up to 60% off of Aura’s Cybersecurity, Identity monitoring and threat detecting software!

Want to start a newsletter?

Use this Link to get a 30 days trial + 2-% Beehiiv!

Ready for Next Week?

What do YOU want to learn about in my next newsletter? Reply to this email or comment on the web version, and I’ll include your question in next month’s issue!

Thank you for subscribing to Spies, Lies and Cybercrime. Please comment and share the newsletter. I look forward to helping you stay safe in the digital world.

Talk soon,
Eric

Let's make sure my emails land straight in your inbox.

Gmail users: Move this email to your primary inbox

On your phone? Hit the 3 dots at top right corner, click "Move to" then "Primary."

On desktop? Close this email then drag and drop this email into the "Primary" tab near the top left of your screen

Apple mail users: Tap on our email address at the top of this email (next to "From:" on mobile) and click “Add to VIPs”

For everyone else: follow these instructions

Partner Disclosure: Please note that some of the links in this post are affiliate links, which means if you click on them and make a purchase, I may receive a small commission at no extra cost to you. This helps support my work and allows me to continue to provide valuable content. I only recommend products that I use and love. Thank you for your support!