China Hacks Gone Wild: Cyber Chaos, Zero-Days, and White House Fury

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Hey listeners, Ting here with another high-voltage episode of Digital Dragon Watch: Weekly China Cyber Alert. No long wind-up – let’s boot into the breach. The headline this week is all about the chaos unleashed by Chinese state-backed hackers flexing their muscle with new attack vectors, and US cyber-defense playing cat-and-mouse.

Top of the incident chart: Microsoft sounded the alarm about an ongoing onslaught exploiting unpatched SharePoint server flaws. In this fresh wave, veteran Chinese threat groups like Linen Typhoon and Violet Typhoon, plus the notorious Storm-2603, have been digging into government, defense, finance, health, and media organizations across the US, Europe, and East Asia. According to Microsoft, these actors are persistent – even after patches, they're able to pilfer cryptographic keys, impersonating users long after you think you’ve kicked them out. Cyber firm Eye Security counted over 400 compromised systems, with the advisory ringing especially loud for those running on-prem SharePoint. The origin of this mess? Shout out to Viettel Cyber Security, whose discovery at Pwn2Own Berlin back in May started the patch race – but the fix Microsoft dropped on July 8 wasn’t enough. Only last week did they finally squish the bug completely, so if you haven’t patched again, you might already be hosting uninvited guests.

It doesn’t end there. Sygnia revealed a campaign by the China-tied Fire Ant group targeting VMware ESXi and F5 systems. This crew’s advanced: they use host-to-guest commands, lateral movement, even Medusa rootkits, tunneling through network barriers that defenders thought were air-tight. The target list includes: large enterprise, government, and critical infrastructure. For anyone running segmented networks with virtualized platforms, take note: Fire Ant maintained footholds by adapting in real time, swapping up tactics and leaving stealth backdoors wherever they went.

Let’s zoom out. The sector hit hardest has been government – US agencies, National Guard units, and critical infrastructure from energy to telecoms. These hacks are part of larger campaigns like Salt Typhoon and Volt Typhoon, marking an escalation well beyond old-school economic espionage into campaigns that, as former UK NCSC chief Ciaran Martin puts it, run “everything, everywhere, all at once.” US military networks have now been told to assume breach and operate under a zero-trust mindset, according to recent advisories dragged out of the Department of Defense.

US response? The White House is on the offensive with the new AI Action Plan. This strategy, announced July 23, ramps up trade controls on advanced AI hardware and semiconductors, doubling down on export restrictions to prevent so-called countries of concern (yes, China makes the list) from acquiring sensitive tech. Expect tighter end-use monitoring and new controls on components not previously covered – the Department of Commerce is leading this charge.

So what’s the expert prescription for weary defenders? Get patching, obviously, but don’t trust patches alone. Wipe and replace any compromised keys, monitor for lateral movement with behavioral analytics, tighten privilege escalation paths, and revisit your segmentation strategy. Assume they might already be inside, living off the land. Deploy defense-in-depth, and bake incident response into your regular playbook. And if you haven’t thrown the latest zero-days into your threat-hunting cycles, better start now.

That’s the byte-packed download for this week. Thanks for tuning in to Digital Dragon Watch. Don’t forget to subscribe so you never miss the frontline reports from the cyber shadows. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai