Sign up to save your podcasts
Or
Share Ninja'd by Beijing: Typhoons Breach US Army Guard, SharePoint Exploits, & Open-Source Traps Abound!
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Ninja'd by Beijing: Typhoons Breach US Army Guard, SharePoint Exploits, & Open-Source Traps Abound!
This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Listeners, lock down your headphones and prayers for your firewalls because Ting here, zipping through this week’s Digital Dragon Watch: Weekly China Cyber Alert! It’s been a caffeinated week on the China-cyber beat, and if you’d rather not get ninja’d by new attack vectors, you’re right where you should be.
Let’s start with the week’s most jaw-dropping breach: On July 15, NBC News confirmed that Salt Typhoon—a hacking group widely considered tied to Beijing—successfully broke into a U.S. state’s Army National Guard network. The Department of Homeland Security says those cyber ninjas poked around from March clear through last December, siphoning off sensitive data that could help them target National Guard units in other states. This wasn’t a drive-by; it was months of digital reconnaissance, and nobody noticed till much later. Raise your hand if you’re suddenly double-checking your endpoint alerting.
Next up: things not exactly sunny in Saint Paul, Minnesota. A city-wide cyberattack hit on July 25, causing officials to shut down their information systems—which led to a throwback era of pen, paper, and WiFi blackouts across government buildings. The FBI plus two national cyber firms were called in, but the operation was so precise Saint Paul actually called for National Guard assistance, according to Reuters. Welcome to 2025’s version of disaster recovery—complete with cots and clipboard checklists.
But wait, Microsoft again? July saw the revelation that Chinese-linked groups—Linen Typhoon, Violet Typhoon, and Storm-2603—were exploiting SharePoint flaws to gain access to US government systems. These vulnerabilities let hackers breach organizations like the Department of Education and the National Nuclear Security Administration, Bloomberg reported, before a patch was even available. Microsoft now suspects one of their own partners in China might have leaked those bugs to the bad guys. Also awkward: just days after ProPublica revealed Microsoft was using engineers in China to help maintain Defense Department systems, the tech giant quietly ended the practice.
On the US response front, the Cybersecurity and Infrastructure Security Agency just introduced new public tools with MITRE and Sandia National Labs, aimed at faster malware analysis and breach response. Meanwhile, the Senate is pushing the DoD to switch to post-quantum encryption and, as always, reminding agencies that multifactor authentication is as essential as your morning coffee.
Over in Beijing, regulators just summoned Nvidia CEO Jensen Huang, demanding explanations for rumored backdoor “safety risks” in their H20 AI chips—these are custom GPUs that US AI experts claim could be tracked or disabled remotely. Nvidia strongly denied putting backdoors in anything, but the move highlights the frantic tech trust issues between the US and China—and if you’re using imported chips, it’s time to review supply-chain due diligence.
The open-source world isn’t immune either. A new report rings alarm bells that state-backed actors from China and Russia are quietly slipping malicious code into open-source software—the very backbone of global IT infrastructure. Experts worry this could have ripple effects for both critical infrastructure and everyday business tech.
What can listeners do? NIST and the White House are urging rapid migration to post-quantum crypto, zero-trust networking, and phishing-resistant authentication. Monitor for SharePoint exploits, review your parts supply chain for foreign dependencies, and for the love of your SOC—rotate administrator credentials regularly.
That’s the circuit-breaking download for this week. Thanks for tuning in to Digital Dragon Watch. Don’t forget to subscribe for more insights, and remember—defense isn’t just a job, it’s an arms race. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Listeners, lock down your headphones and prayers for your firewalls because Ting here, zipping through this week’s Digital Dragon Watch: Weekly China Cyber Alert! It’s been a caffeinated week on the China-cyber beat, and if you’d rather not get ninja’d by new attack vectors, you’re right where you should be.
Let’s start with the week’s most jaw-dropping breach: On July 15, NBC News confirmed that Salt Typhoon—a hacking group widely considered tied to Beijing—successfully broke into a U.S. state’s Army National Guard network. The Department of Homeland Security says those cyber ninjas poked around from March clear through last December, siphoning off sensitive data that could help them target National Guard units in other states. This wasn’t a drive-by; it was months of digital reconnaissance, and nobody noticed till much later. Raise your hand if you’re suddenly double-checking your endpoint alerting.
Next up: things not exactly sunny in Saint Paul, Minnesota. A city-wide cyberattack hit on July 25, causing officials to shut down their information systems—which led to a throwback era of pen, paper, and WiFi blackouts across government buildings. The FBI plus two national cyber firms were called in, but the operation was so precise Saint Paul actually called for National Guard assistance, according to Reuters. Welcome to 2025’s version of disaster recovery—complete with cots and clipboard checklists.
But wait, Microsoft again? July saw the revelation that Chinese-linked groups—Linen Typhoon, Violet Typhoon, and Storm-2603—were exploiting SharePoint flaws to gain access to US government systems. These vulnerabilities let hackers breach organizations like the Department of Education and the National Nuclear Security Administration, Bloomberg reported, before a patch was even available. Microsoft now suspects one of their own partners in China might have leaked those bugs to the bad guys. Also awkward: just days after ProPublica revealed Microsoft was using engineers in China to help maintain Defense Department systems, the tech giant quietly ended the practice.
On the US response front, the Cybersecurity and Infrastructure Security Agency just introduced new public tools with MITRE and Sandia National Labs, aimed at faster malware analysis and breach response. Meanwhile, the Senate is pushing the DoD to switch to post-quantum encryption and, as always, reminding agencies that multifactor authentication is as essential as your morning coffee.
Over in Beijing, regulators just summoned Nvidia CEO Jensen Huang, demanding explanations for rumored backdoor “safety risks” in their H20 AI chips—these are custom GPUs that US AI experts claim could be tracked or disabled remotely. Nvidia strongly denied putting backdoors in anything, but the move highlights the frantic tech trust issues between the US and China—and if you’re using imported chips, it’s time to review supply-chain due diligence.
The open-source world isn’t immune either. A new report rings alarm bells that state-backed actors from China and Russia are quietly slipping malicious code into open-source software—the very backbone of global IT infrastructure. Experts worry this could have ripple effects for both critical infrastructure and everyday business tech.
What can listeners do? NIST and the White House are urging rapid migration to post-quantum crypto, zero-trust networking, and phishing-resistant authentication. Monitor for SharePoint exploits, review your parts supply chain for foreign dependencies, and for the love of your SOC—rotate administrator credentials regularly.
That’s the circuit-breaking download for this week. Thanks for tuning in to Digital Dragon Watch. Don’t forget to subscribe for more insights, and remember—defense isn’t just a job, it’s an arms race. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
View all episodes
By Quiet. PleaseThis is your Digital Dragon Watch: Weekly China Cyber Alert podcast.
Listeners, lock down your headphones and prayers for your firewalls because Ting here, zipping through this week’s Digital Dragon Watch: Weekly China Cyber Alert! It’s been a caffeinated week on the China-cyber beat, and if you’d rather not get ninja’d by new attack vectors, you’re right where you should be.
Let’s start with the week’s most jaw-dropping breach: On July 15, NBC News confirmed that Salt Typhoon—a hacking group widely considered tied to Beijing—successfully broke into a U.S. state’s Army National Guard network. The Department of Homeland Security says those cyber ninjas poked around from March clear through last December, siphoning off sensitive data that could help them target National Guard units in other states. This wasn’t a drive-by; it was months of digital reconnaissance, and nobody noticed till much later. Raise your hand if you’re suddenly double-checking your endpoint alerting.
Next up: things not exactly sunny in Saint Paul, Minnesota. A city-wide cyberattack hit on July 25, causing officials to shut down their information systems—which led to a throwback era of pen, paper, and WiFi blackouts across government buildings. The FBI plus two national cyber firms were called in, but the operation was so precise Saint Paul actually called for National Guard assistance, according to Reuters. Welcome to 2025’s version of disaster recovery—complete with cots and clipboard checklists.
But wait, Microsoft again? July saw the revelation that Chinese-linked groups—Linen Typhoon, Violet Typhoon, and Storm-2603—were exploiting SharePoint flaws to gain access to US government systems. These vulnerabilities let hackers breach organizations like the Department of Education and the National Nuclear Security Administration, Bloomberg reported, before a patch was even available. Microsoft now suspects one of their own partners in China might have leaked those bugs to the bad guys. Also awkward: just days after ProPublica revealed Microsoft was using engineers in China to help maintain Defense Department systems, the tech giant quietly ended the practice.
On the US response front, the Cybersecurity and Infrastructure Security Agency just introduced new public tools with MITRE and Sandia National Labs, aimed at faster malware analysis and breach response. Meanwhile, the Senate is pushing the DoD to switch to post-quantum encryption and, as always, reminding agencies that multifactor authentication is as essential as your morning coffee.
Over in Beijing, regulators just summoned Nvidia CEO Jensen Huang, demanding explanations for rumored backdoor “safety risks” in their H20 AI chips—these are custom GPUs that US AI experts claim could be tracked or disabled remotely. Nvidia strongly denied putting backdoors in anything, but the move highlights the frantic tech trust issues between the US and China—and if you’re using imported chips, it’s time to review supply-chain due diligence.
The open-source world isn’t immune either. A new report rings alarm bells that state-backed actors from China and Russia are quietly slipping malicious code into open-source software—the very backbone of global IT infrastructure. Experts worry this could have ripple effects for both critical infrastructure and everyday business tech.
What can listeners do? NIST and the White House are urging rapid migration to post-quantum crypto, zero-trust networking, and phishing-resistant authentication. Monitor for SharePoint exploits, review your parts supply chain for foreign dependencies, and for the love of your SOC—rotate administrator credentials regularly.
That’s the circuit-breaking download for this week. Thanks for tuning in to Digital Dragon Watch. Don’t forget to subscribe for more insights, and remember—defense isn’t just a job, it’s an arms race. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
Listeners, lock down your headphones and prayers for your firewalls because Ting here, zipping through this week’s Digital Dragon Watch: Weekly China Cyber Alert! It’s been a caffeinated week on the China-cyber beat, and if you’d rather not get ninja’d by new attack vectors, you’re right where you should be.
Let’s start with the week’s most jaw-dropping breach: On July 15, NBC News confirmed that Salt Typhoon—a hacking group widely considered tied to Beijing—successfully broke into a U.S. state’s Army National Guard network. The Department of Homeland Security says those cyber ninjas poked around from March clear through last December, siphoning off sensitive data that could help them target National Guard units in other states. This wasn’t a drive-by; it was months of digital reconnaissance, and nobody noticed till much later. Raise your hand if you’re suddenly double-checking your endpoint alerting.
Next up: things not exactly sunny in Saint Paul, Minnesota. A city-wide cyberattack hit on July 25, causing officials to shut down their information systems—which led to a throwback era of pen, paper, and WiFi blackouts across government buildings. The FBI plus two national cyber firms were called in, but the operation was so precise Saint Paul actually called for National Guard assistance, according to Reuters. Welcome to 2025’s version of disaster recovery—complete with cots and clipboard checklists.
But wait, Microsoft again? July saw the revelation that Chinese-linked groups—Linen Typhoon, Violet Typhoon, and Storm-2603—were exploiting SharePoint flaws to gain access to US government systems. These vulnerabilities let hackers breach organizations like the Department of Education and the National Nuclear Security Administration, Bloomberg reported, before a patch was even available. Microsoft now suspects one of their own partners in China might have leaked those bugs to the bad guys. Also awkward: just days after ProPublica revealed Microsoft was using engineers in China to help maintain Defense Department systems, the tech giant quietly ended the practice.
On the US response front, the Cybersecurity and Infrastructure Security Agency just introduced new public tools with MITRE and Sandia National Labs, aimed at faster malware analysis and breach response. Meanwhile, the Senate is pushing the DoD to switch to post-quantum encryption and, as always, reminding agencies that multifactor authentication is as essential as your morning coffee.
Over in Beijing, regulators just summoned Nvidia CEO Jensen Huang, demanding explanations for rumored backdoor “safety risks” in their H20 AI chips—these are custom GPUs that US AI experts claim could be tracked or disabled remotely. Nvidia strongly denied putting backdoors in anything, but the move highlights the frantic tech trust issues between the US and China—and if you’re using imported chips, it’s time to review supply-chain due diligence.
The open-source world isn’t immune either. A new report rings alarm bells that state-backed actors from China and Russia are quietly slipping malicious code into open-source software—the very backbone of global IT infrastructure. Experts worry this could have ripple effects for both critical infrastructure and everyday business tech.
What can listeners do? NIST and the White House are urging rapid migration to post-quantum crypto, zero-trust networking, and phishing-resistant authentication. Monitor for SharePoint exploits, review your parts supply chain for foreign dependencies, and for the love of your SOC—rotate administrator credentials regularly.
That’s the circuit-breaking download for this week. Thanks for tuning in to Digital Dragon Watch. Don’t forget to subscribe for more insights, and remember—defense isn’t just a job, it’s an arms race. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta