EPISODE · Jul 23, 2025 · 4 MIN
SharePoint Meltdown: China's Cyber Typhoons Wreak Havoc on Microsoft, Nukes, and Banks!
from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Ting here, and believe me, these last seven days have felt like the cyber equivalent of trying to eat hot pot with a leaky chopstick—messy, spicy, and, if you’re not careful, professionally hazardous. Let’s dive straight into the latest, starting with Microsoft’s SharePoint mayhem, which has been the hottest ticket on the China cyber scene this week. Microsoft confirmed that not just one, but three Chinese state-sponsored groups—Linen Typhoon, Violet Typhoon, and the newly tracked Storm-2603—have been exploiting a zero-day flaw in their SharePoint servers, dubbed ToolShell. The bug affects on-premises deployments, not the cloud, which, let’s be blunt, has left government agencies and enterprises globally sweating bullets. These attackers have been targeting everything from North American governments to European telecom giants, and, get this, the US agency that designs nuclear weapons itself got breached. I’m not saying we should panic, but if you saw any security team in lead-lined hazmat suits recently, now you know why. How did they do it? With a classic remote code execution exploit—think sending booby-trapped data to the SharePoint server, which obligingly lets them run whatever code they want. Attackers can steal data, move across networks, and generally make Mondays worse for IT admins everywhere. Microsoft scrambled to patch—CVE-2025-53770 and CVE-2025-53771 are your new favorite acronyms—but the situation is extra spicy since a public exploit surfaced online. In other words, script kiddies, cybercriminals, and nation-state operators now have party invitations. The US government’s response was swift—CISA issued a July 23 patch deadline for federal agencies, adding these vulnerabilities to its Known Exploited Vulnerabilities list. Chris Butera, CISA’s acting director for cybersecurity, confirmed around 400 organizations, including multiple government agencies, had already been compromised or were under active threat. Meanwhile, Secretary of Defense Pete Hegseth demanded tightened supply chain reviews for the entire Department of Defense, following reports that Microsoft had been outsourcing cloud engineering to China-based teams. Microsoft, perhaps feeling the digital equivalent of being caught with a hand in the Great Firewall cookie jar, quickly swore off China-based engineering for US defense systems. The news isn’t all code and command prompts, though. Hong Kong’s financial sector was lit up by a Mandarin-language SquidLoader campaign, targeting banks with hyper-obfuscated spear-phishing attacks that drop Cobalt Strike post-exploit. These emails spoof official documents, and the loader can evade sandboxes, antivirus, and even run fake errors if it senses it’s being watched. If your bank’s IT staff looks extra caffeinated this week, you know why. As a cherry on top, analysts sounded alarms about US critical infrastructure exposure after advanced monitoring by the This content was created in partnership and with the help of Artificial Intelligence AI.
What this episode covers
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Ting here, and believe me, these last seven days have felt like the cyber equivalent of trying to eat hot pot with a leaky chopstick—messy, spicy, and, if you’re not careful, professionally hazardous. Let’s dive straight into the latest, starting with Microsoft’s SharePoint mayhem, which has been the hottest ticket on the China cyber scene this week. Microsoft confirmed that not just one, but three Chinese state-sponsored groups—Linen Typhoon, Violet Typhoon, and the newly tracked Storm-2603—have been exploiting a zero-day flaw in their SharePoint servers, dubbed ToolShell. The bug affects on-premises deployments, not the cloud, which, let’s be blunt, has left government agencies and enterprises globally sweating bullets. These attackers have been targeting everything from North American governments to European telecom giants, and, get this, the US agency that designs nuclear weapons itself got breached. I’m not saying we should panic, but if you saw any security team in lead-lined hazmat suits recently, now you know why. How did they do it? With a classic remote code execution exploit—think sending booby-trapped data to the SharePoint server, which obligingly lets them run whatever code they want. Attackers can steal data, move across networks, and generally make Mondays worse for IT admins everywhere. Microsoft scrambled to patch—CVE-2025-53770 and CVE-2025-53771 are your new favorite acronyms—but the situation is extra spicy since a public exploit surfaced online. In other words, script kiddies, cybercriminals, and nation-state operators now have party invitations. The US government’s response was swift—CISA issued a July 23 patch deadline for federal agencies, adding these vulnerabilities to its Known Exploited Vulnerabilities list. Chris Butera, CISA’s acting director for cybersecurity, confirmed around 400 organizations, including multiple government agencies, had already been compromised or were under active threat. Meanwhile, Secretary of Defense Pete Hegseth demanded tightened supply chain reviews for the entire Department of Defense, following reports that Microsoft had been outsourcing cloud engineering to China-based teams. Microsoft, perhaps feeling the digital equivalent of being caught with a hand in the Great Firewall cookie jar, quickly swore off China-based engineering for US defense systems. The news isn’t all code and command prompts, though. Hong Kong’s financial sector was lit up by a Mandarin-language SquidLoader campaign, targeting banks with hyper-obfuscated spear-phishing attacks that drop Cobalt Strike post-exploit. These emails spoof official documents, and the loader can evade sandboxes, antivirus, and even run fake errors if it senses it’s being watched. If your bank’s IT staff looks extra caffeinated this week, you know why. As a cherry on top, analysts sounded alarms about US critical infrastructure exposure after advanced monitoring by the This content was created in partnership and with the help of Artificial Intelligence AI.
NOW PLAYING
SharePoint Meltdown: China's Cyber Typhoons Wreak Havoc on Microsoft, Nukes, and Banks!
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.