Sign up to save your podcasts
Or
Share Chinese Hackers Gone Wild: Typhoons Blast US Gov via SharePoint Snafu
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Chinese Hackers Gone Wild: Typhoons Blast US Gov via SharePoint Snafu
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Listeners, Ting here with your latest dose of Digital Dragon Watch: Weekly China Cyber Alert. Let’s jack straight in—this week has been a virtual fireworks show in the world of cyber with Chinese state-backed hackers hitting US government agencies via Microsoft SharePoint. Not exactly the kind of sharing we had in mind.
Here’s the rundown. Microsoft, in a July 19 blog post, confirmed that not just one but three Chinese threat groups—Linen Typhoon, Violet Typhoon, and the enigmatic Storm-2603—blitzed internet-facing SharePoint servers. These folks aren’t dabblers; according to Eye Security, they compromised more than 400 organizations in at least four rapid-fire attack waves between July 17 and July 21. Government targets included the National Nuclear Security Administration, the Department of Health and Human Services, Education, and even the Rhode Island General Assembly. If you were betting on a slow week for cyber, bad odds.
The attack vector is classic but potent: exploiting an unpatched SharePoint vulnerability to seize credentials, plant ransomware, and burrow in. Ransomware deployed included the relatively new Warlock strain. Microsoft, rapid on the response, released a security update to shut the door, but not before several agencies—including the Defense Intelligence Agency—had their systems disrupted for hours. Imagine being mid-biosecurity research at the NIH and suddenly you’re locked out by a cyber dragon. Not ideal.
Here’s the kicker: SharePoint Online on Microsoft 365 was spared, but on-premises servers—kind of like that one old server nobody wanted to replace—were feast territory. Palo Alto Networks warns, if you’re a government, big business, or school with on-prem SharePoint, you’re a sitting duck unless patched pronto. Microsoft, CISA, and the White House all issued alerts, and emergency patching became the phrase of the week. CISA’s Tricia McLaughlin assured the press there’s no sign of data exfiltration at DHS, but let's be honest—absence of evidence isn’t evidence of absence when typhoons are swirling.
Meanwhile, the White House rolled out its much-touted AI Action Plan, with three Executive Orders targeting everything from accelerating data center builds to exporting the “full AI technology stack” and, pointedly, tightening security controls to counter China. The plan moves the spotlight to new technical standards for high-security data centers and calls for an AI Information Sharing and Analysis Center within DHS. Expect new tools, new frameworks, and new headaches for cyber lawyers everywhere.
Oh, and if you thought it was just the software under fire, think again. Following the uproar over Microsoft using China-based engineers to support US government cloud systems, Microsoft announced it’s ending that practice and will review all processes over the next month—cue nervous cloud admins everywhere.
Expert recommendations for anyone listening in the trenches: Patch fast and often, especially legacy on-prem shenanigans. Assess exposure to Chinese-manufactured networking gear. Follow updated CISA, DHS, and Microsoft guidance. Harden identity and access management, and don’t assume that only classified systems are targets—unclassified data can still be gold to adversaries.
That’s a wrap from Ting—thank you for tuning in to Digital Dragon Watch. Remember to subscribe for your weekly byte of China cyber action. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Listeners, Ting here with your latest dose of Digital Dragon Watch: Weekly China Cyber Alert. Let’s jack straight in—this week has been a virtual fireworks show in the world of cyber with Chinese state-backed hackers hitting US government agencies via Microsoft SharePoint. Not exactly the kind of sharing we had in mind.
Here’s the rundown. Microsoft, in a July 19 blog post, confirmed that not just one but three Chinese threat groups—Linen Typhoon, Violet Typhoon, and the enigmatic Storm-2603—blitzed internet-facing SharePoint servers. These folks aren’t dabblers; according to Eye Security, they compromised more than 400 organizations in at least four rapid-fire attack waves between July 17 and July 21. Government targets included the National Nuclear Security Administration, the Department of Health and Human Services, Education, and even the Rhode Island General Assembly. If you were betting on a slow week for cyber, bad odds.
The attack vector is classic but potent: exploiting an unpatched SharePoint vulnerability to seize credentials, plant ransomware, and burrow in. Ransomware deployed included the relatively new Warlock strain. Microsoft, rapid on the response, released a security update to shut the door, but not before several agencies—including the Defense Intelligence Agency—had their systems disrupted for hours. Imagine being mid-biosecurity research at the NIH and suddenly you’re locked out by a cyber dragon. Not ideal.
Here’s the kicker: SharePoint Online on Microsoft 365 was spared, but on-premises servers—kind of like that one old server nobody wanted to replace—were feast territory. Palo Alto Networks warns, if you’re a government, big business, or school with on-prem SharePoint, you’re a sitting duck unless patched pronto. Microsoft, CISA, and the White House all issued alerts, and emergency patching became the phrase of the week. CISA’s Tricia McLaughlin assured the press there’s no sign of data exfiltration at DHS, but let's be honest—absence of evidence isn’t evidence of absence when typhoons are swirling.
Meanwhile, the White House rolled out its much-touted AI Action Plan, with three Executive Orders targeting everything from accelerating data center builds to exporting the “full AI technology stack” and, pointedly, tightening security controls to counter China. The plan moves the spotlight to new technical standards for high-security data centers and calls for an AI Information Sharing and Analysis Center within DHS. Expect new tools, new frameworks, and new headaches for cyber lawyers everywhere.
Oh, and if you thought it was just the software under fire, think again. Following the uproar over Microsoft using China-based engineers to support US government cloud systems, Microsoft announced it’s ending that practice and will review all processes over the next month—cue nervous cloud admins everywhere.
Expert recommendations for anyone listening in the trenches: Patch fast and often, especially legacy on-prem shenanigans. Assess exposure to Chinese-manufactured networking gear. Follow updated CISA, DHS, and Microsoft guidance. Harden identity and access management, and don’t assume that only classified systems are targets—unclassified data can still be gold to adversaries.
That’s a wrap from Ting—thank you for tuning in to Digital Dragon Watch. Remember to subscribe for your weekly byte of China cyber action. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
View all episodes
By Quiet. PleaseThis is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Listeners, Ting here with your latest dose of Digital Dragon Watch: Weekly China Cyber Alert. Let’s jack straight in—this week has been a virtual fireworks show in the world of cyber with Chinese state-backed hackers hitting US government agencies via Microsoft SharePoint. Not exactly the kind of sharing we had in mind.
Here’s the rundown. Microsoft, in a July 19 blog post, confirmed that not just one but three Chinese threat groups—Linen Typhoon, Violet Typhoon, and the enigmatic Storm-2603—blitzed internet-facing SharePoint servers. These folks aren’t dabblers; according to Eye Security, they compromised more than 400 organizations in at least four rapid-fire attack waves between July 17 and July 21. Government targets included the National Nuclear Security Administration, the Department of Health and Human Services, Education, and even the Rhode Island General Assembly. If you were betting on a slow week for cyber, bad odds.
The attack vector is classic but potent: exploiting an unpatched SharePoint vulnerability to seize credentials, plant ransomware, and burrow in. Ransomware deployed included the relatively new Warlock strain. Microsoft, rapid on the response, released a security update to shut the door, but not before several agencies—including the Defense Intelligence Agency—had their systems disrupted for hours. Imagine being mid-biosecurity research at the NIH and suddenly you’re locked out by a cyber dragon. Not ideal.
Here’s the kicker: SharePoint Online on Microsoft 365 was spared, but on-premises servers—kind of like that one old server nobody wanted to replace—were feast territory. Palo Alto Networks warns, if you’re a government, big business, or school with on-prem SharePoint, you’re a sitting duck unless patched pronto. Microsoft, CISA, and the White House all issued alerts, and emergency patching became the phrase of the week. CISA’s Tricia McLaughlin assured the press there’s no sign of data exfiltration at DHS, but let's be honest—absence of evidence isn’t evidence of absence when typhoons are swirling.
Meanwhile, the White House rolled out its much-touted AI Action Plan, with three Executive Orders targeting everything from accelerating data center builds to exporting the “full AI technology stack” and, pointedly, tightening security controls to counter China. The plan moves the spotlight to new technical standards for high-security data centers and calls for an AI Information Sharing and Analysis Center within DHS. Expect new tools, new frameworks, and new headaches for cyber lawyers everywhere.
Oh, and if you thought it was just the software under fire, think again. Following the uproar over Microsoft using China-based engineers to support US government cloud systems, Microsoft announced it’s ending that practice and will review all processes over the next month—cue nervous cloud admins everywhere.
Expert recommendations for anyone listening in the trenches: Patch fast and often, especially legacy on-prem shenanigans. Assess exposure to Chinese-manufactured networking gear. Follow updated CISA, DHS, and Microsoft guidance. Harden identity and access management, and don’t assume that only classified systems are targets—unclassified data can still be gold to adversaries.
That’s a wrap from Ting—thank you for tuning in to Digital Dragon Watch. Remember to subscribe for your weekly byte of China cyber action. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Listeners, Ting here with your latest dose of Digital Dragon Watch: Weekly China Cyber Alert. Let’s jack straight in—this week has been a virtual fireworks show in the world of cyber with Chinese state-backed hackers hitting US government agencies via Microsoft SharePoint. Not exactly the kind of sharing we had in mind.
Here’s the rundown. Microsoft, in a July 19 blog post, confirmed that not just one but three Chinese threat groups—Linen Typhoon, Violet Typhoon, and the enigmatic Storm-2603—blitzed internet-facing SharePoint servers. These folks aren’t dabblers; according to Eye Security, they compromised more than 400 organizations in at least four rapid-fire attack waves between July 17 and July 21. Government targets included the National Nuclear Security Administration, the Department of Health and Human Services, Education, and even the Rhode Island General Assembly. If you were betting on a slow week for cyber, bad odds.
The attack vector is classic but potent: exploiting an unpatched SharePoint vulnerability to seize credentials, plant ransomware, and burrow in. Ransomware deployed included the relatively new Warlock strain. Microsoft, rapid on the response, released a security update to shut the door, but not before several agencies—including the Defense Intelligence Agency—had their systems disrupted for hours. Imagine being mid-biosecurity research at the NIH and suddenly you’re locked out by a cyber dragon. Not ideal.
Here’s the kicker: SharePoint Online on Microsoft 365 was spared, but on-premises servers—kind of like that one old server nobody wanted to replace—were feast territory. Palo Alto Networks warns, if you’re a government, big business, or school with on-prem SharePoint, you’re a sitting duck unless patched pronto. Microsoft, CISA, and the White House all issued alerts, and emergency patching became the phrase of the week. CISA’s Tricia McLaughlin assured the press there’s no sign of data exfiltration at DHS, but let's be honest—absence of evidence isn’t evidence of absence when typhoons are swirling.
Meanwhile, the White House rolled out its much-touted AI Action Plan, with three Executive Orders targeting everything from accelerating data center builds to exporting the “full AI technology stack” and, pointedly, tightening security controls to counter China. The plan moves the spotlight to new technical standards for high-security data centers and calls for an AI Information Sharing and Analysis Center within DHS. Expect new tools, new frameworks, and new headaches for cyber lawyers everywhere.
Oh, and if you thought it was just the software under fire, think again. Following the uproar over Microsoft using China-based engineers to support US government cloud systems, Microsoft announced it’s ending that practice and will review all processes over the next month—cue nervous cloud admins everywhere.
Expert recommendations for anyone listening in the trenches: Patch fast and often, especially legacy on-prem shenanigans. Assess exposure to Chinese-manufactured networking gear. Follow updated CISA, DHS, and Microsoft guidance. Harden identity and access management, and don’t assume that only classified systems are targets—unclassified data can still be gold to adversaries.
That’s a wrap from Ting—thank you for tuning in to Digital Dragon Watch. Remember to subscribe for your weekly byte of China cyber action. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta