EPISODE · Aug 20, 2025 · 4 MIN
Microsoft's China Shocker: Pentagon Secrets Exposed in Cloud Fiasco
from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. It’s Ting back with your Digital Dragon Watch: Weekly China Cyber Alert, and if you thought August was going to be a snooze, you’re in for a spicy surprise. Let’s dive right into the digital flames of the past seven days—no time for filler, because Microsoft and Beijing clearly didn’t get the memo on quiet summer months. Kicking off: the jaw-dropper. According to a deep-dive by ProPublica, Microsoft failed to disclose to the Pentagon that it used engineers based in China to work on ultra-sensitive Defense Department cloud systems. Not a great look when the Office of the Director of National Intelligence tags China as America’s “most active and persistent cyber threat.” They used a digital escort model—where U.S.-cleared personnel babysit the foreign engineers, but crucial risk details were omitted from security plans. After a government probe and subsequent outrage, Microsoft has allegedly cut off China-based engineers from these contracts. John Sherman, former DoD Chief Information Officer, called out Microsoft’s “digital escort” workaround as something that “doesn’t pass the common sense test.” The lesson for listeners: demand total supply chain transparency from your cloud vendors, especially for any government work. Now, new vectors. Cisco Talos spotted that a China-aligned group dubbed Salt Typhoon—also known as Operator Panda—weaponized an old Cisco IOS vulnerability (CVE-2018-0171) in cyberattacks late last year targeting major U.S. telecom firms. Vulnerabilities in legacy infrastructure keep showing up, making this a favorite playground for both Russian and Chinese actors. The recent FBI and Cisco warnings underline that patching isn’t optional—it’s existential. If you're still running ancient, unpatched routers, better make your next meeting with IT a priority. Targeted sectors? Critical infrastructure—energy, telco, water systems—remains firmly in Beijing’s crosshairs. The National Security Memorandum signed earlier this year doubled down on protecting these lifelines, with CISA now quarterbacking coordination, risk assessments, and the soon-to-drop National Infrastructure Risk Management Plan. Volt Typhoon, a Chinese actor, is still fresh in everyone’s mind for its deep, persistent targeting of U.S. utilities. The defensive playbook here: continuous vulnerability scanning, rigorous vendor due diligence (no surprise Chinese contractors!), and incident response plans that get blessed by red teams. Meanwhile, regulatory heat is rising on Beijing’s home turf. China’s National Cybersecurity Standardisation Technical Committee is tightening rules on “Minor Mode,” which now demands lower screen time limits for kids, age-appropriate controls, and mandatory parental oversight. There’s also a draft clampdown on AI—banning the fabrication of marketing content in e-commerce. U.S. policymakers should take notes. Regulation isn’t just reactive anymore; China is setting its own This content was created in partnership and with the help of Artificial Intelligence AI.
What this episode covers
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. It’s Ting back with your Digital Dragon Watch: Weekly China Cyber Alert, and if you thought August was going to be a snooze, you’re in for a spicy surprise. Let’s dive right into the digital flames of the past seven days—no time for filler, because Microsoft and Beijing clearly didn’t get the memo on quiet summer months. Kicking off: the jaw-dropper. According to a deep-dive by ProPublica, Microsoft failed to disclose to the Pentagon that it used engineers based in China to work on ultra-sensitive Defense Department cloud systems. Not a great look when the Office of the Director of National Intelligence tags China as America’s “most active and persistent cyber threat.” They used a digital escort model—where U.S.-cleared personnel babysit the foreign engineers, but crucial risk details were omitted from security plans. After a government probe and subsequent outrage, Microsoft has allegedly cut off China-based engineers from these contracts. John Sherman, former DoD Chief Information Officer, called out Microsoft’s “digital escort” workaround as something that “doesn’t pass the common sense test.” The lesson for listeners: demand total supply chain transparency from your cloud vendors, especially for any government work. Now, new vectors. Cisco Talos spotted that a China-aligned group dubbed Salt Typhoon—also known as Operator Panda—weaponized an old Cisco IOS vulnerability (CVE-2018-0171) in cyberattacks late last year targeting major U.S. telecom firms. Vulnerabilities in legacy infrastructure keep showing up, making this a favorite playground for both Russian and Chinese actors. The recent FBI and Cisco warnings underline that patching isn’t optional—it’s existential. If you're still running ancient, unpatched routers, better make your next meeting with IT a priority. Targeted sectors? Critical infrastructure—energy, telco, water systems—remains firmly in Beijing’s crosshairs. The National Security Memorandum signed earlier this year doubled down on protecting these lifelines, with CISA now quarterbacking coordination, risk assessments, and the soon-to-drop National Infrastructure Risk Management Plan. Volt Typhoon, a Chinese actor, is still fresh in everyone’s mind for its deep, persistent targeting of U.S. utilities. The defensive playbook here: continuous vulnerability scanning, rigorous vendor due diligence (no surprise Chinese contractors!), and incident response plans that get blessed by red teams. Meanwhile, regulatory heat is rising on Beijing’s home turf. China’s National Cybersecurity Standardisation Technical Committee is tightening rules on “Minor Mode,” which now demands lower screen time limits for kids, age-appropriate controls, and mandatory parental oversight. There’s also a draft clampdown on AI—banning the fabrication of marketing content in e-commerce. U.S. policymakers should take notes. Regulation isn’t just reactive anymore; China is setting its own This content was created in partnership and with the help of Artificial Intelligence AI.
NOW PLAYING
Microsoft's China Shocker: Pentagon Secrets Exposed in Cloud Fiasco
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.