Sign up to save your podcasts
Or
Share China Hacks Gone Wild: SharePoint Zero-Day Sparks CISA Red Alert!
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
China Hacks Gone Wild: SharePoint Zero-Day Sparks CISA Red Alert!
This is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here with your Daily US Tech Defense — and over the past 24 hours, it’s felt like the cyber equivalent of DEFCON 2. State-backed Chinese hacking crews are on a tear, targeting American interests from energy grids to government SharePoint servers, and even undersea internet cables. Buckle up — let’s break this blizzard of cyber action down.
Front and center: the big, bad **Microsoft SharePoint zero-day** — CVE-2025-53770. First mass exploitation wave? July 18. Then on July 19, Microsoft finally blew the whistle, and by July 20, CISA was waving red flags and issuing emergency alerts. This bug is a deserialization of untrusted data flaw that lets attackers run code — remotely — on any on-premises SharePoint Server, no password required. Basically, hackers can hijack a server and rummage through files, configurations, the works. According to CISOPlatform and HelpNetSecurity, over 85 organizations across the US and Europe got hit — including energy, education, and government agencies. Dutch firm Eye Security spotted at least 50 successful breaches, and US federal and state agencies got nailed. At least one eastern state government’s SharePoint was completely compromised.
Immediate action? CISA is not messing around. July 21 was the official drop-everything-and-patch deadline. Agencies are told to update to the latest SharePoint patches, crank up Anti-Malware Scan Interface integration, and deploy Microsoft Defender — those steps help block malicious code execution. This alert is in the Known Exploited Vulnerabilities Catalog, which is government code for “deal with this yesterday.”
Meanwhile, Kaspersky’s researchers just traced new malware from the infamous Chinese group **APT41** — these folks are practically cyber royalty. Their campaign in Africa used hacked SharePoint servers as covert communications nodes. The malware, written in C#, runs command-and-control from compromised SharePoint web shells like CommandHandler.aspx and spreads trojans through files like agents.exe. The payloads meticulously avoid Chinese and several East Asian computer languages, probably to dodge local scrutiny.
Now, get this: Microsoft announced they’re ending all use of China-based engineers to patch DOD systems. This after a ProPublica scoop revealed that US “escorts” (think: cyber chaperones) were relaying commands from China-based techs to apply patches to Pentagon clouds — potentially allowing Chinese engineers indirect access to America’s bleeding-edge secrets. Defense Secretary Pete Hegseth called it “obviously unacceptable” and ordered a sweep of every similar supply chain process. Expect other cloud providers like AWS and Oracle to come under new scrutiny.
As if that wasn’t spicy enough, the House Homeland Security and Foreign Affairs Committees are demanding Big Tech explain how Chinese state-backed companies are embedding themselves in the subsea cable supply chain. The FCC is on the verge of banning PRC tech from all undersea cable builds. This is about Beijing’s dual strategy — legally investing in cable projects while allegedly running sabotage operations at sea.
CISA keeps pounding the table: patch, monitor, and segment any exposed system, and expect phishing attacks leveraging the SharePoint bug. The Multi-State ISAC, which warns local governments, reported over 1,100 at-risk servers at US city halls and schools. And remember, MS-ISAC just took budget cuts, so local governments are more exposed than ever.
That wraps your whirlwind sprint through the latest China-linked cyber assaults. Ting signing off — thanks for tuning in! Be sure to subscribe for more and protect your data like you protect your dignity on a Zoom call. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Hey listeners, Ting here with your Daily US Tech Defense — and over the past 24 hours, it’s felt like the cyber equivalent of DEFCON 2. State-backed Chinese hacking crews are on a tear, targeting American interests from energy grids to government SharePoint servers, and even undersea internet cables. Buckle up — let’s break this blizzard of cyber action down.
Front and center: the big, bad **Microsoft SharePoint zero-day** — CVE-2025-53770. First mass exploitation wave? July 18. Then on July 19, Microsoft finally blew the whistle, and by July 20, CISA was waving red flags and issuing emergency alerts. This bug is a deserialization of untrusted data flaw that lets attackers run code — remotely — on any on-premises SharePoint Server, no password required. Basically, hackers can hijack a server and rummage through files, configurations, the works. According to CISOPlatform and HelpNetSecurity, over 85 organizations across the US and Europe got hit — including energy, education, and government agencies. Dutch firm Eye Security spotted at least 50 successful breaches, and US federal and state agencies got nailed. At least one eastern state government’s SharePoint was completely compromised.
Immediate action? CISA is not messing around. July 21 was the official drop-everything-and-patch deadline. Agencies are told to update to the latest SharePoint patches, crank up Anti-Malware Scan Interface integration, and deploy Microsoft Defender — those steps help block malicious code execution. This alert is in the Known Exploited Vulnerabilities Catalog, which is government code for “deal with this yesterday.”
Meanwhile, Kaspersky’s researchers just traced new malware from the infamous Chinese group **APT41** — these folks are practically cyber royalty. Their campaign in Africa used hacked SharePoint servers as covert communications nodes. The malware, written in C#, runs command-and-control from compromised SharePoint web shells like CommandHandler.aspx and spreads trojans through files like agents.exe. The payloads meticulously avoid Chinese and several East Asian computer languages, probably to dodge local scrutiny.
Now, get this: Microsoft announced they’re ending all use of China-based engineers to patch DOD systems. This after a ProPublica scoop revealed that US “escorts” (think: cyber chaperones) were relaying commands from China-based techs to apply patches to Pentagon clouds — potentially allowing Chinese engineers indirect access to America’s bleeding-edge secrets. Defense Secretary Pete Hegseth called it “obviously unacceptable” and ordered a sweep of every similar supply chain process. Expect other cloud providers like AWS and Oracle to come under new scrutiny.
As if that wasn’t spicy enough, the House Homeland Security and Foreign Affairs Committees are demanding Big Tech explain how Chinese state-backed companies are embedding themselves in the subsea cable supply chain. The FCC is on the verge of banning PRC tech from all undersea cable builds. This is about Beijing’s dual strategy — legally investing in cable projects while allegedly running sabotage operations at sea.
CISA keeps pounding the table: patch, monitor, and segment any exposed system, and expect phishing attacks leveraging the SharePoint bug. The Multi-State ISAC, which warns local governments, reported over 1,100 at-risk servers at US city halls and schools. And remember, MS-ISAC just took budget cuts, so local governments are more exposed than ever.
That wraps your whirlwind sprint through the latest China-linked cyber assaults. Ting signing off — thanks for tuning in! Be sure to subscribe for more and protect your data like you protect your dignity on a Zoom call. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
View all episodes
By Quiet. PleaseThis is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here with your Daily US Tech Defense — and over the past 24 hours, it’s felt like the cyber equivalent of DEFCON 2. State-backed Chinese hacking crews are on a tear, targeting American interests from energy grids to government SharePoint servers, and even undersea internet cables. Buckle up — let’s break this blizzard of cyber action down.
Front and center: the big, bad **Microsoft SharePoint zero-day** — CVE-2025-53770. First mass exploitation wave? July 18. Then on July 19, Microsoft finally blew the whistle, and by July 20, CISA was waving red flags and issuing emergency alerts. This bug is a deserialization of untrusted data flaw that lets attackers run code — remotely — on any on-premises SharePoint Server, no password required. Basically, hackers can hijack a server and rummage through files, configurations, the works. According to CISOPlatform and HelpNetSecurity, over 85 organizations across the US and Europe got hit — including energy, education, and government agencies. Dutch firm Eye Security spotted at least 50 successful breaches, and US federal and state agencies got nailed. At least one eastern state government’s SharePoint was completely compromised.
Immediate action? CISA is not messing around. July 21 was the official drop-everything-and-patch deadline. Agencies are told to update to the latest SharePoint patches, crank up Anti-Malware Scan Interface integration, and deploy Microsoft Defender — those steps help block malicious code execution. This alert is in the Known Exploited Vulnerabilities Catalog, which is government code for “deal with this yesterday.”
Meanwhile, Kaspersky’s researchers just traced new malware from the infamous Chinese group **APT41** — these folks are practically cyber royalty. Their campaign in Africa used hacked SharePoint servers as covert communications nodes. The malware, written in C#, runs command-and-control from compromised SharePoint web shells like CommandHandler.aspx and spreads trojans through files like agents.exe. The payloads meticulously avoid Chinese and several East Asian computer languages, probably to dodge local scrutiny.
Now, get this: Microsoft announced they’re ending all use of China-based engineers to patch DOD systems. This after a ProPublica scoop revealed that US “escorts” (think: cyber chaperones) were relaying commands from China-based techs to apply patches to Pentagon clouds — potentially allowing Chinese engineers indirect access to America’s bleeding-edge secrets. Defense Secretary Pete Hegseth called it “obviously unacceptable” and ordered a sweep of every similar supply chain process. Expect other cloud providers like AWS and Oracle to come under new scrutiny.
As if that wasn’t spicy enough, the House Homeland Security and Foreign Affairs Committees are demanding Big Tech explain how Chinese state-backed companies are embedding themselves in the subsea cable supply chain. The FCC is on the verge of banning PRC tech from all undersea cable builds. This is about Beijing’s dual strategy — legally investing in cable projects while allegedly running sabotage operations at sea.
CISA keeps pounding the table: patch, monitor, and segment any exposed system, and expect phishing attacks leveraging the SharePoint bug. The Multi-State ISAC, which warns local governments, reported over 1,100 at-risk servers at US city halls and schools. And remember, MS-ISAC just took budget cuts, so local governments are more exposed than ever.
That wraps your whirlwind sprint through the latest China-linked cyber assaults. Ting signing off — thanks for tuning in! Be sure to subscribe for more and protect your data like you protect your dignity on a Zoom call. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Hey listeners, Ting here with your Daily US Tech Defense — and over the past 24 hours, it’s felt like the cyber equivalent of DEFCON 2. State-backed Chinese hacking crews are on a tear, targeting American interests from energy grids to government SharePoint servers, and even undersea internet cables. Buckle up — let’s break this blizzard of cyber action down.
Front and center: the big, bad **Microsoft SharePoint zero-day** — CVE-2025-53770. First mass exploitation wave? July 18. Then on July 19, Microsoft finally blew the whistle, and by July 20, CISA was waving red flags and issuing emergency alerts. This bug is a deserialization of untrusted data flaw that lets attackers run code — remotely — on any on-premises SharePoint Server, no password required. Basically, hackers can hijack a server and rummage through files, configurations, the works. According to CISOPlatform and HelpNetSecurity, over 85 organizations across the US and Europe got hit — including energy, education, and government agencies. Dutch firm Eye Security spotted at least 50 successful breaches, and US federal and state agencies got nailed. At least one eastern state government’s SharePoint was completely compromised.
Immediate action? CISA is not messing around. July 21 was the official drop-everything-and-patch deadline. Agencies are told to update to the latest SharePoint patches, crank up Anti-Malware Scan Interface integration, and deploy Microsoft Defender — those steps help block malicious code execution. This alert is in the Known Exploited Vulnerabilities Catalog, which is government code for “deal with this yesterday.”
Meanwhile, Kaspersky’s researchers just traced new malware from the infamous Chinese group **APT41** — these folks are practically cyber royalty. Their campaign in Africa used hacked SharePoint servers as covert communications nodes. The malware, written in C#, runs command-and-control from compromised SharePoint web shells like CommandHandler.aspx and spreads trojans through files like agents.exe. The payloads meticulously avoid Chinese and several East Asian computer languages, probably to dodge local scrutiny.
Now, get this: Microsoft announced they’re ending all use of China-based engineers to patch DOD systems. This after a ProPublica scoop revealed that US “escorts” (think: cyber chaperones) were relaying commands from China-based techs to apply patches to Pentagon clouds — potentially allowing Chinese engineers indirect access to America’s bleeding-edge secrets. Defense Secretary Pete Hegseth called it “obviously unacceptable” and ordered a sweep of every similar supply chain process. Expect other cloud providers like AWS and Oracle to come under new scrutiny.
As if that wasn’t spicy enough, the House Homeland Security and Foreign Affairs Committees are demanding Big Tech explain how Chinese state-backed companies are embedding themselves in the subsea cable supply chain. The FCC is on the verge of banning PRC tech from all undersea cable builds. This is about Beijing’s dual strategy — legally investing in cable projects while allegedly running sabotage operations at sea.
CISA keeps pounding the table: patch, monitor, and segment any exposed system, and expect phishing attacks leveraging the SharePoint bug. The Multi-State ISAC, which warns local governments, reported over 1,100 at-risk servers at US city halls and schools. And remember, MS-ISAC just took budget cuts, so local governments are more exposed than ever.
That wraps your whirlwind sprint through the latest China-linked cyber assaults. Ting signing off — thanks for tuning in! Be sure to subscribe for more and protect your data like you protect your dignity on a Zoom call. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta