Microsoft's DoD Cloud Chaos: Is Your Fave Tech Giant Letting China Snoop?

This is your Cyber Sentinel: Beijing Watch podcast.

You’re listening to Cyber Sentinel: Beijing Watch — I’m Ting, and if you feel your data tingling, that’s not paranoia, it’s probably Beijing. Let’s break down what’s happened the past week. Spoiler: lots of cyber chaos with China’s digital fingerprint all over it.

First up, the Microsoft saga is throwing shadows over Pentagon cloud security. After a bombshell investigation by ProPublica, Microsoft vowed to stop using China-based engineers for Defense Department cloud services. The old model—where US “digital escorts” would manually relay commands from Chinese engineers to DoD systems—seemed clever, but turned out to be a digital game of whisper-down-the-lane, except the whispers could add backdoors right into military networks. Even Defense Secretary Pete Hegseth called the whole thing “obviously unacceptable,” and promised a deep-dive into whether any other contractors, like AWS or Google Cloud, may have had similar setups.

Senate Intelligence head Tom Cotton isn’t letting this go, demanding a full list of contractors and subcontractors with any Chinese involvement. For the techies out there, this is a classic supply chain risk dilemma. Remember, digital escorts might not know what dangerous code looks like, so the adversary’s malware could slip in unnoticed. File this under worst-case scenario for operational security, and that’s why Microsoft is now keeping all cloud support for DoD strictly stateside.

Turning to the offense-defense chessboard, security analyst Dave Kennedy argues it’s time for the US to go on the cyber offensive. Why? Because operations like Beijing’s Volt Typhoon don’t just spy, they actively pre-position in US critical infrastructure, ready to disrupt not just steal. The implication for US planners: escalation is not theoretical, it’s operational, and China’s risk appetite in cyberspace has grown bolder. Their new tactics even tolerate exposure, counting on the slow US response time.

Now, what are the tactics lighting up the logs this week? Singapore’s National Security Minister, K. Shanmugam, sounded the alarm over attacks by UNC3886—tagged by Mandiant as a China-nexus espionage outfit. This group has been prowling defense, technology, and telecoms from Southeast Asia to the US and beyond. They don’t just look for secrets—they go for disruption, often targeting critical infrastructure that could cripple a nation’s pulse overnight.

Let’s talk sectors: Chinese hacking isn’t picky, but Taiwan’s semiconductor industry is in the crosshairs. Major chip makers and their financial partners are living under near-constant assault. The method of choice? Decoy documents, fileless malware, living-off-the-land tactics—think: hijacking trusted systems like SharePoint for command-and-control, making threats blend in and evade signature-based detection, as observed in APT41’s new campaign in Africa.

International response is heating up. The FCC under Brendan Carr is doubling down to protect subsea cables—the Internet’s undersea lifeblood—from tampering. We’re seeing more countries call for decoupling supply chains and locking out high-risk foreign tech.

If you’re a decision-maker, what should you do beyond the basics? Audit all third-party access, enforce zero-trust architecture, and routinely review for “shadow IT.” Technically, watch for abnormal outbound traffic, unexpected SharePoint or SMB activity, and privilege escalations—the bread crumbs of advanced actors.

Tactically, keep patching—but strategically, advocate for transparency on cloud supply chains and push for international coalitions, because Beijing is playing the long game.

Listeners, thanks for tuning in and staying sharp with me, Ting, on Cyber Sentinel: Beijing Watch. Subscribe for the latest—because next week, the only thing more relentless than China’s hackers will be our coverage. This...