Sign up to save your podcasts
Or
Share China's SharePoint Snafu: Hackers Hijack Nuclear Secrets and More!
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
China's SharePoint Snafu: Hackers Hijack Nuclear Secrets and More!
This is your China Hack Report: Daily US Tech Defense podcast.
It’s Ting here, your favorite cyber whisperer, reporting in: it’s July 23, 2025, and today’s China Hack Report is so packed, you might want to lock your digital doors and put a fresh pot of coffee on. The past 24 hours have been—let’s call it—eventful, thanks to a sweeping campaign tied to at least three elite Chinese state-backed hacking groups: Linen Typhoon, Violet Typhoon, and Storm-2603. Microsoft dropped the bombshell last night: these groups exploited not one, not two, but four zero-day vulnerabilities in Microsoft’s on-premise SharePoint servers, the backbone for everything from the National Nuclear Security Administration to state and local governments running their day-to-day on Redmond’s legacy. The two flagship vulnerabilities—CVE-2025-49706 and CVE-2025-49704, collectively known as “ToolShell”—allow attackers to bypass authentication and execute their payloads as if they had the keys to the SharePoint kingdom.
Over 400 government agencies and corporations are confirmed compromised, with the tally climbing each hour. Bloomberg and Shadowserver estimate more than 10,700 SharePoint servers are still exposed, and 1,100 of those are on U.S. state and federal networks. Microsoft scrambled out emergency patches on July 19, but the wolf’s already in the henhouse: according to Mandiant, at least one attacker is “China-nexus.” What’s worse, Chinese groups are using post-exploitation techniques, burrowing further into networks—think data theft, credential harvesting, and maybe persistence for future mischief.
Critical sectors under fire? Energy, including our nuclear design brain trust, government agencies at every level, even state legislatures and tax departments. Security researchers at Eye Security and Censys confirmed the first attacks began July 17, with follow-ups targeting known vulnerable installations. SentinelOne and CISA are calling it a prototype playbook for supply-chain style government compromise.
CISA isn’t sitting idle: their emergency directive requires federal agencies patch by midnight tonight or yank exposed SharePoint servers off the public internet. They’re urging everyone—including our lovely financial outfits and healthcare vendors—to install security updates, rotate your ASP.NET machine keys, fully enable AMSI (that’s the Antimalware Scan Interface), and until you’ve done all that, disconnect your SharePoint from the internet entirely. Monitor your logs for suspicious POST requests and watch for the Chinese actor-linked IP addresses—yeah, I see you 107.191.58.76!
And don’t think the cloud is safe just yet—though this zero-day didn't hit Microsoft 365, the fallout shows adversaries love riding on American software monoculture. Fox Business highlighted the risk of relying on China-based engineers for DOD systems. The Pentagon has launched its own review, and the FBI is coordinating internationally.
To sum it up: Patch fast. Audit everything. Get those defense playbooks ready, because as Microsoft put it, there’s “high confidence” these vulnerabilities will fuel more attacks if left unfixed. I’m Ting—thanks for tuning in. Subscribe if you want your digital life to outlast the next zero-day, and remember, this has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
It’s Ting here, your favorite cyber whisperer, reporting in: it’s July 23, 2025, and today’s China Hack Report is so packed, you might want to lock your digital doors and put a fresh pot of coffee on. The past 24 hours have been—let’s call it—eventful, thanks to a sweeping campaign tied to at least three elite Chinese state-backed hacking groups: Linen Typhoon, Violet Typhoon, and Storm-2603. Microsoft dropped the bombshell last night: these groups exploited not one, not two, but four zero-day vulnerabilities in Microsoft’s on-premise SharePoint servers, the backbone for everything from the National Nuclear Security Administration to state and local governments running their day-to-day on Redmond’s legacy. The two flagship vulnerabilities—CVE-2025-49706 and CVE-2025-49704, collectively known as “ToolShell”—allow attackers to bypass authentication and execute their payloads as if they had the keys to the SharePoint kingdom.
Over 400 government agencies and corporations are confirmed compromised, with the tally climbing each hour. Bloomberg and Shadowserver estimate more than 10,700 SharePoint servers are still exposed, and 1,100 of those are on U.S. state and federal networks. Microsoft scrambled out emergency patches on July 19, but the wolf’s already in the henhouse: according to Mandiant, at least one attacker is “China-nexus.” What’s worse, Chinese groups are using post-exploitation techniques, burrowing further into networks—think data theft, credential harvesting, and maybe persistence for future mischief.
Critical sectors under fire? Energy, including our nuclear design brain trust, government agencies at every level, even state legislatures and tax departments. Security researchers at Eye Security and Censys confirmed the first attacks began July 17, with follow-ups targeting known vulnerable installations. SentinelOne and CISA are calling it a prototype playbook for supply-chain style government compromise.
CISA isn’t sitting idle: their emergency directive requires federal agencies patch by midnight tonight or yank exposed SharePoint servers off the public internet. They’re urging everyone—including our lovely financial outfits and healthcare vendors—to install security updates, rotate your ASP.NET machine keys, fully enable AMSI (that’s the Antimalware Scan Interface), and until you’ve done all that, disconnect your SharePoint from the internet entirely. Monitor your logs for suspicious POST requests and watch for the Chinese actor-linked IP addresses—yeah, I see you 107.191.58.76!
And don’t think the cloud is safe just yet—though this zero-day didn't hit Microsoft 365, the fallout shows adversaries love riding on American software monoculture. Fox Business highlighted the risk of relying on China-based engineers for DOD systems. The Pentagon has launched its own review, and the FBI is coordinating internationally.
To sum it up: Patch fast. Audit everything. Get those defense playbooks ready, because as Microsoft put it, there’s “high confidence” these vulnerabilities will fuel more attacks if left unfixed. I’m Ting—thanks for tuning in. Subscribe if you want your digital life to outlast the next zero-day, and remember, this has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
View all episodes
By Quiet. PleaseThis is your China Hack Report: Daily US Tech Defense podcast.
It’s Ting here, your favorite cyber whisperer, reporting in: it’s July 23, 2025, and today’s China Hack Report is so packed, you might want to lock your digital doors and put a fresh pot of coffee on. The past 24 hours have been—let’s call it—eventful, thanks to a sweeping campaign tied to at least three elite Chinese state-backed hacking groups: Linen Typhoon, Violet Typhoon, and Storm-2603. Microsoft dropped the bombshell last night: these groups exploited not one, not two, but four zero-day vulnerabilities in Microsoft’s on-premise SharePoint servers, the backbone for everything from the National Nuclear Security Administration to state and local governments running their day-to-day on Redmond’s legacy. The two flagship vulnerabilities—CVE-2025-49706 and CVE-2025-49704, collectively known as “ToolShell”—allow attackers to bypass authentication and execute their payloads as if they had the keys to the SharePoint kingdom.
Over 400 government agencies and corporations are confirmed compromised, with the tally climbing each hour. Bloomberg and Shadowserver estimate more than 10,700 SharePoint servers are still exposed, and 1,100 of those are on U.S. state and federal networks. Microsoft scrambled out emergency patches on July 19, but the wolf’s already in the henhouse: according to Mandiant, at least one attacker is “China-nexus.” What’s worse, Chinese groups are using post-exploitation techniques, burrowing further into networks—think data theft, credential harvesting, and maybe persistence for future mischief.
Critical sectors under fire? Energy, including our nuclear design brain trust, government agencies at every level, even state legislatures and tax departments. Security researchers at Eye Security and Censys confirmed the first attacks began July 17, with follow-ups targeting known vulnerable installations. SentinelOne and CISA are calling it a prototype playbook for supply-chain style government compromise.
CISA isn’t sitting idle: their emergency directive requires federal agencies patch by midnight tonight or yank exposed SharePoint servers off the public internet. They’re urging everyone—including our lovely financial outfits and healthcare vendors—to install security updates, rotate your ASP.NET machine keys, fully enable AMSI (that’s the Antimalware Scan Interface), and until you’ve done all that, disconnect your SharePoint from the internet entirely. Monitor your logs for suspicious POST requests and watch for the Chinese actor-linked IP addresses—yeah, I see you 107.191.58.76!
And don’t think the cloud is safe just yet—though this zero-day didn't hit Microsoft 365, the fallout shows adversaries love riding on American software monoculture. Fox Business highlighted the risk of relying on China-based engineers for DOD systems. The Pentagon has launched its own review, and the FBI is coordinating internationally.
To sum it up: Patch fast. Audit everything. Get those defense playbooks ready, because as Microsoft put it, there’s “high confidence” these vulnerabilities will fuel more attacks if left unfixed. I’m Ting—thanks for tuning in. Subscribe if you want your digital life to outlast the next zero-day, and remember, this has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
It’s Ting here, your favorite cyber whisperer, reporting in: it’s July 23, 2025, and today’s China Hack Report is so packed, you might want to lock your digital doors and put a fresh pot of coffee on. The past 24 hours have been—let’s call it—eventful, thanks to a sweeping campaign tied to at least three elite Chinese state-backed hacking groups: Linen Typhoon, Violet Typhoon, and Storm-2603. Microsoft dropped the bombshell last night: these groups exploited not one, not two, but four zero-day vulnerabilities in Microsoft’s on-premise SharePoint servers, the backbone for everything from the National Nuclear Security Administration to state and local governments running their day-to-day on Redmond’s legacy. The two flagship vulnerabilities—CVE-2025-49706 and CVE-2025-49704, collectively known as “ToolShell”—allow attackers to bypass authentication and execute their payloads as if they had the keys to the SharePoint kingdom.
Over 400 government agencies and corporations are confirmed compromised, with the tally climbing each hour. Bloomberg and Shadowserver estimate more than 10,700 SharePoint servers are still exposed, and 1,100 of those are on U.S. state and federal networks. Microsoft scrambled out emergency patches on July 19, but the wolf’s already in the henhouse: according to Mandiant, at least one attacker is “China-nexus.” What’s worse, Chinese groups are using post-exploitation techniques, burrowing further into networks—think data theft, credential harvesting, and maybe persistence for future mischief.
Critical sectors under fire? Energy, including our nuclear design brain trust, government agencies at every level, even state legislatures and tax departments. Security researchers at Eye Security and Censys confirmed the first attacks began July 17, with follow-ups targeting known vulnerable installations. SentinelOne and CISA are calling it a prototype playbook for supply-chain style government compromise.
CISA isn’t sitting idle: their emergency directive requires federal agencies patch by midnight tonight or yank exposed SharePoint servers off the public internet. They’re urging everyone—including our lovely financial outfits and healthcare vendors—to install security updates, rotate your ASP.NET machine keys, fully enable AMSI (that’s the Antimalware Scan Interface), and until you’ve done all that, disconnect your SharePoint from the internet entirely. Monitor your logs for suspicious POST requests and watch for the Chinese actor-linked IP addresses—yeah, I see you 107.191.58.76!
And don’t think the cloud is safe just yet—though this zero-day didn't hit Microsoft 365, the fallout shows adversaries love riding on American software monoculture. Fox Business highlighted the risk of relying on China-based engineers for DOD systems. The Pentagon has launched its own review, and the FBI is coordinating internationally.
To sum it up: Patch fast. Audit everything. Get those defense playbooks ready, because as Microsoft put it, there’s “high confidence” these vulnerabilities will fuel more attacks if left unfixed. I’m Ting—thanks for tuning in. Subscribe if you want your digital life to outlast the next zero-day, and remember, this has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta