Mic Drop: Pentagon's China Cloud Fail Sparks Cyber Chaos

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast.

Listeners, Ting here—your go-to dragon tamer for all things China, cyber, and chaos. Welcome to this week’s Digital Dragon Watch: Weekly China Cyber Alert, bringing you the biggest cyber shakedowns and sharpest defense moves straight from the land of the digital red dragon. Strap in, it’s been a week where cyber really got political, technical, and, honestly, a little wild.

Let’s rip the bandage off the big story: Microsoft’s bombshell cloud scandal. After a jaw-dropping ProPublica exposé, it turns out Microsoft had been letting Chinese engineers, monitored by US-based “digital escorts,” help patch the Pentagon’s cloud—yes, the one holding extremely sensitive military data. The digital escorts had clearances but frequently lacked the cyber chops to vett what was going into the most classified systems. Imagine hiring a bouncer who can’t spot a fake ID! Senator Tom Cotton absolutely erupted, demanding answers from Defense Secretary Pete Hegseth. In response, Hegseth yanked Chinese labor from all Pentagon cloud work “effective immediately," and he ordered a full-scope review of all Department of Defense cloud arrangements—with a two-week deadline and zero tolerance for further slip-ups. Microsoft, caught flat-footed, dropped its China-based teams for DoD systems in an instant, showing this was always about cost, not necessity. As Senator Cotton thundered, this is not the time for cyber amateur hour when facing America’s “most dangerous cyber threats.”

Pivoting to the latest attack vectors: Chinese state-affiliated threat actors set off alarms everywhere from Singapore to Africa. In Singapore, officials revealed ongoing breach campaigns by hacking group UNC3886, a crew previously spotlighted by Mandiant for planting custom backdoors in Juniper routers, VMware, and Fortinet appliances. The Singaporean minister for national security issued stark warnings about critical infrastructure and the ripple effects: compromised vendors and supply chains. Meanwhile, the Chinese embassy in Singapore called these accusations “groundless,” but experts—and the targeted firewalls—aren’t buying it.

Over in Africa, Kaspersky uncovered a fresh campaign from APT41, deploying stealthy malware that used compromised internal SharePoint servers as command-and-control hubs—an unusually covert tactic. They injected malicious C# code which only runs on non-Chinese and non-Asian language systems, a crafty move designed to evade detection at home and maximize foreign impact. APT41’s toolkit combined custom droppers and living-off-the-land techniques, using trusted IT services as attack pivots.

Let’s not forget India: CloudSEK found that over $580 million a year is being laundered by Chinese-controlled shadow banking circuits. The operation entices job-seekers via WhatsApp and Telegram, scooping up banking credentials to operate vast illegal payment networks tied to gambling, Ponzi schemes, and more. This isn’t a simple scam—it’s an economic attack undermining India’s digital financial trust.

The US government isn't just playing defense anymore. CyberScoop’s Dave Kennedy argues it’s time for America to invest in offensive cyber: new tools, elite operators, and a flexible legal framework. The old “respond with indictments” game is over; it’s time to show cyber force deters cyber aggression.

Expert recommendations? First, ditch legacy models that let foreign nationals anywhere near core infrastructure—even with “escorts.” Next, ramp up real-time monitoring for lateral movement, credential theft, and living-off-the-land attacks across all public-facing systems. Third, patch your network gear—especially Juniper, VMware, and Fortinet—like yesterday. And finally, raise the bar for detection, especially in critical infrastructure, by adopting behavioral analytics, not just signatures.

Thanks for tuning in to...