EPISODE · Aug 3, 2025 · 4 MIN
Ninja'd by Beijing: Typhoons Breach US Army Guard, SharePoint Exploits, & Open-Source Traps Abound!
from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Listeners, lock down your headphones and prayers for your firewalls because Ting here, zipping through this week’s Digital Dragon Watch: Weekly China Cyber Alert! It’s been a caffeinated week on the China-cyber beat, and if you’d rather not get ninja’d by new attack vectors, you’re right where you should be. Let’s start with the week’s most jaw-dropping breach: On July 15, NBC News confirmed that Salt Typhoon—a hacking group widely considered tied to Beijing—successfully broke into a U.S. state’s Army National Guard network. The Department of Homeland Security says those cyber ninjas poked around from March clear through last December, siphoning off sensitive data that could help them target National Guard units in other states. This wasn’t a drive-by; it was months of digital reconnaissance, and nobody noticed till much later. Raise your hand if you’re suddenly double-checking your endpoint alerting. Next up: things not exactly sunny in Saint Paul, Minnesota. A city-wide cyberattack hit on July 25, causing officials to shut down their information systems—which led to a throwback era of pen, paper, and WiFi blackouts across government buildings. The FBI plus two national cyber firms were called in, but the operation was so precise Saint Paul actually called for National Guard assistance, according to Reuters. Welcome to 2025’s version of disaster recovery—complete with cots and clipboard checklists. But wait, Microsoft again? July saw the revelation that Chinese-linked groups—Linen Typhoon, Violet Typhoon, and Storm-2603—were exploiting SharePoint flaws to gain access to US government systems. These vulnerabilities let hackers breach organizations like the Department of Education and the National Nuclear Security Administration, Bloomberg reported, before a patch was even available. Microsoft now suspects one of their own partners in China might have leaked those bugs to the bad guys. Also awkward: just days after ProPublica revealed Microsoft was using engineers in China to help maintain Defense Department systems, the tech giant quietly ended the practice. On the US response front, the Cybersecurity and Infrastructure Security Agency just introduced new public tools with MITRE and Sandia National Labs, aimed at faster malware analysis and breach response. Meanwhile, the Senate is pushing the DoD to switch to post-quantum encryption and, as always, reminding agencies that multifactor authentication is as essential as your morning coffee. Over in Beijing, regulators just summoned Nvidia CEO Jensen Huang, demanding explanations for rumored backdoor “safety risks” in their H20 AI chips—these are custom GPUs that US AI experts claim could be tracked or disabled remotely. Nvidia strongly denied putting backdoors in anything, but the move highlights the frantic tech trust issues between the US and China—and if you’re using imported chips, it’s time to review supply-chain due di This content was created in partnership and with the help of Artificial Intelligence AI.
What this episode covers
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Listeners, lock down your headphones and prayers for your firewalls because Ting here, zipping through this week’s Digital Dragon Watch: Weekly China Cyber Alert! It’s been a caffeinated week on the China-cyber beat, and if you’d rather not get ninja’d by new attack vectors, you’re right where you should be. Let’s start with the week’s most jaw-dropping breach: On July 15, NBC News confirmed that Salt Typhoon—a hacking group widely considered tied to Beijing—successfully broke into a U.S. state’s Army National Guard network. The Department of Homeland Security says those cyber ninjas poked around from March clear through last December, siphoning off sensitive data that could help them target National Guard units in other states. This wasn’t a drive-by; it was months of digital reconnaissance, and nobody noticed till much later. Raise your hand if you’re suddenly double-checking your endpoint alerting. Next up: things not exactly sunny in Saint Paul, Minnesota. A city-wide cyberattack hit on July 25, causing officials to shut down their information systems—which led to a throwback era of pen, paper, and WiFi blackouts across government buildings. The FBI plus two national cyber firms were called in, but the operation was so precise Saint Paul actually called for National Guard assistance, according to Reuters. Welcome to 2025’s version of disaster recovery—complete with cots and clipboard checklists. But wait, Microsoft again? July saw the revelation that Chinese-linked groups—Linen Typhoon, Violet Typhoon, and Storm-2603—were exploiting SharePoint flaws to gain access to US government systems. These vulnerabilities let hackers breach organizations like the Department of Education and the National Nuclear Security Administration, Bloomberg reported, before a patch was even available. Microsoft now suspects one of their own partners in China might have leaked those bugs to the bad guys. Also awkward: just days after ProPublica revealed Microsoft was using engineers in China to help maintain Defense Department systems, the tech giant quietly ended the practice. On the US response front, the Cybersecurity and Infrastructure Security Agency just introduced new public tools with MITRE and Sandia National Labs, aimed at faster malware analysis and breach response. Meanwhile, the Senate is pushing the DoD to switch to post-quantum encryption and, as always, reminding agencies that multifactor authentication is as essential as your morning coffee. Over in Beijing, regulators just summoned Nvidia CEO Jensen Huang, demanding explanations for rumored backdoor “safety risks” in their H20 AI chips—these are custom GPUs that US AI experts claim could be tracked or disabled remotely. Nvidia strongly denied putting backdoors in anything, but the move highlights the frantic tech trust issues between the US and China—and if you’re using imported chips, it’s time to review supply-chain due di This content was created in partnership and with the help of Artificial Intelligence AI.
NOW PLAYING
Ninja'd by Beijing: Typhoons Breach US Army Guard, SharePoint Exploits, & Open-Source Traps Abound!
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.