Microsoft's Loose Lips Sink Ships: Chinese Hackers Pounce on SharePoint Flaws

This is your China Hack Report: Daily US Tech Defense podcast.

Listeners, Ting here with your July 28th China Hack Report: Daily US Tech Defense, and if you thought last week’s cyber headlines were spicy, the last 24 hours have basically been a five-alarm fire for every sysadmin on this side of the Pacific.

Let’s get right to it. First, Microsoft and SharePoint have been in hot oil—again. According to Red Hot Cyber, a leak from the Microsoft Active Protections Program may have let state-sponsored Chinese hacking crews rush out exploits for a pair of newly discovered SharePoint vulnerabilities, CVE-2025-53770 and CVE-2025-53771, before any emergency patch dropped. Over 400 organizations—including our own National Nuclear Security Administration, no less—got hit. Microsoft even suspects someone inside their trusted circle tipped off these exploit writers. The speed at which these exploits were developed? Blistering. This is transparency in cybersecurity coming back to bite—hard. Meanwhile, China is officially denying everything, naturally.

On the stealthier side of the ring, Sygnia’s report on the Fire Ant group landed this morning. Fire Ant has been exploiting VMware ESXi and F5 load balancer vulnerabilities since January. They use attack chains that let them burrow into secure, segmented networks like digital ninjas. Once in, Fire Ant deploys persistence tools like the Medusa rootkit and leaves backdoors wide open, plus logs stolen SSH credentials for good measure. Their trick? They compromise appliances—like F5’s BIG-IP units—deploy webshells, and tunnel between trusted network zones. Translation: segmentation is nice, but if your VM host or load balancer is compromised, so are all your guest VMs.

And if you’re thinking only government and critical infra are targets, think again. Allianz Life, a massive US insurer, just confirmed data on nearly all 1.4 million North American customers leaked after an external breach. The breach is rumored to be part of broader China-linked campaigns targeting industries way beyond government: think finance, transportation, utilities, and, yes, even telcos.

Emergency patches are rolling out fast. Check Point Research listed a batch of urgent SharePoint hotfixes, and VMware is shouting from the rooftops for everyone to lock down vCenter and ESXi. The US Cybersecurity and Infrastructure Security Agency, CISA, has doubled down with an official “assume breach” mindset for all federal agencies. Translation: operate like China’s already inside your systems. Monitor for behavioral anomalies, block all but absolutely essential remote access, and isolate exposed appliances. If your team hasn’t reviewed lateral movement detection and backup integrity checks today, I’d consider calling them right now.

In the “awkward corporate reveal” department, Microsoft’s use of China-based staffers on US government cloud management has been lambasted in The Register, feeding even more suspicion around recent cloud breaches. Combine that with accelerating use of AI for attack automation and you get the picture: we’re not just in a chess match with APTs anymore, it’s 3D chess and the board lights up every hour.

That’s the pulse. If you work in US tech, energy, critical infra, or just like your data private, eyes open, patches ready, and remember: paranoia isn’t just encouraged, it’s now in the CISA playbook.

Thanks for tuning in! Hit subscribe for your next frontline cyber fix. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta