EPISODE · Jul 21, 2025 · 5 MIN
Mic Drop: Pentagon's China Cloud Fail Sparks Cyber Chaos
from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Listeners, Ting here—your go-to dragon tamer for all things China, cyber, and chaos. Welcome to this week’s Digital Dragon Watch: Weekly China Cyber Alert, bringing you the biggest cyber shakedowns and sharpest defense moves straight from the land of the digital red dragon. Strap in, it’s been a week where cyber really got political, technical, and, honestly, a little wild. Let’s rip the bandage off the big story: Microsoft’s bombshell cloud scandal. After a jaw-dropping ProPublica exposé, it turns out Microsoft had been letting Chinese engineers, monitored by US-based “digital escorts,” help patch the Pentagon’s cloud—yes, the one holding extremely sensitive military data. The digital escorts had clearances but frequently lacked the cyber chops to vett what was going into the most classified systems. Imagine hiring a bouncer who can’t spot a fake ID! Senator Tom Cotton absolutely erupted, demanding answers from Defense Secretary Pete Hegseth. In response, Hegseth yanked Chinese labor from all Pentagon cloud work “effective immediately," and he ordered a full-scope review of all Department of Defense cloud arrangements—with a two-week deadline and zero tolerance for further slip-ups. Microsoft, caught flat-footed, dropped its China-based teams for DoD systems in an instant, showing this was always about cost, not necessity. As Senator Cotton thundered, this is not the time for cyber amateur hour when facing America’s “most dangerous cyber threats.” Pivoting to the latest attack vectors: Chinese state-affiliated threat actors set off alarms everywhere from Singapore to Africa. In Singapore, officials revealed ongoing breach campaigns by hacking group UNC3886, a crew previously spotlighted by Mandiant for planting custom backdoors in Juniper routers, VMware, and Fortinet appliances. The Singaporean minister for national security issued stark warnings about critical infrastructure and the ripple effects: compromised vendors and supply chains. Meanwhile, the Chinese embassy in Singapore called these accusations “groundless,” but experts—and the targeted firewalls—aren’t buying it. Over in Africa, Kaspersky uncovered a fresh campaign from APT41, deploying stealthy malware that used compromised internal SharePoint servers as command-and-control hubs—an unusually covert tactic. They injected malicious C# code which only runs on non-Chinese and non-Asian language systems, a crafty move designed to evade detection at home and maximize foreign impact. APT41’s toolkit combined custom droppers and living-off-the-land techniques, using trusted IT services as attack pivots. Let’s not forget India: CloudSEK found that over $580 million a year is being laundered by Chinese-controlled shadow banking circuits. The operation entices job-seekers via WhatsApp and Telegram, scooping up banking credentials to operate vast illegal payment networks tied to gambling, Ponzi schemes, and more. This is This content was created in partnership and with the help of Artificial Intelligence AI.
What this episode covers
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Listeners, Ting here—your go-to dragon tamer for all things China, cyber, and chaos. Welcome to this week’s Digital Dragon Watch: Weekly China Cyber Alert, bringing you the biggest cyber shakedowns and sharpest defense moves straight from the land of the digital red dragon. Strap in, it’s been a week where cyber really got political, technical, and, honestly, a little wild. Let’s rip the bandage off the big story: Microsoft’s bombshell cloud scandal. After a jaw-dropping ProPublica exposé, it turns out Microsoft had been letting Chinese engineers, monitored by US-based “digital escorts,” help patch the Pentagon’s cloud—yes, the one holding extremely sensitive military data. The digital escorts had clearances but frequently lacked the cyber chops to vett what was going into the most classified systems. Imagine hiring a bouncer who can’t spot a fake ID! Senator Tom Cotton absolutely erupted, demanding answers from Defense Secretary Pete Hegseth. In response, Hegseth yanked Chinese labor from all Pentagon cloud work “effective immediately," and he ordered a full-scope review of all Department of Defense cloud arrangements—with a two-week deadline and zero tolerance for further slip-ups. Microsoft, caught flat-footed, dropped its China-based teams for DoD systems in an instant, showing this was always about cost, not necessity. As Senator Cotton thundered, this is not the time for cyber amateur hour when facing America’s “most dangerous cyber threats.” Pivoting to the latest attack vectors: Chinese state-affiliated threat actors set off alarms everywhere from Singapore to Africa. In Singapore, officials revealed ongoing breach campaigns by hacking group UNC3886, a crew previously spotlighted by Mandiant for planting custom backdoors in Juniper routers, VMware, and Fortinet appliances. The Singaporean minister for national security issued stark warnings about critical infrastructure and the ripple effects: compromised vendors and supply chains. Meanwhile, the Chinese embassy in Singapore called these accusations “groundless,” but experts—and the targeted firewalls—aren’t buying it. Over in Africa, Kaspersky uncovered a fresh campaign from APT41, deploying stealthy malware that used compromised internal SharePoint servers as command-and-control hubs—an unusually covert tactic. They injected malicious C# code which only runs on non-Chinese and non-Asian language systems, a crafty move designed to evade detection at home and maximize foreign impact. APT41’s toolkit combined custom droppers and living-off-the-land techniques, using trusted IT services as attack pivots. Let’s not forget India: CloudSEK found that over $580 million a year is being laundered by Chinese-controlled shadow banking circuits. The operation entices job-seekers via WhatsApp and Telegram, scooping up banking credentials to operate vast illegal payment networks tied to gambling, Ponzi schemes, and more. This is This content was created in partnership and with the help of Artificial Intelligence AI.
NOW PLAYING
Mic Drop: Pentagon's China Cloud Fail Sparks Cyber Chaos
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.