Chinese Hackers Pwn US Nukes in Spicy SharePoint Smackdown!

This is your Dragon's Code: America Under Cyber Siege podcast.

I’m Ting, and things got spicy this week in cyberspace—so I hope you’re patched up and ready for the latest chapter of Dragon’s Code: America Under Cyber Siege. Right off the bat, Microsoft confirmed that three state-linked Chinese groups—Linen Typhoon, Violet Typhoon, and Storm-2603—engineered a multi-pronged attack on US infrastructure, capitalizing on zero-day gaps in on-premises Microsoft SharePoint servers. Now, SharePoint, that ubiquitous corporate file-sharing backbone, became a hacker’s dream after the discovery of CVE-2025-53770, a flaw so fresh not even Microsoft knew about it until hackers went to town.

By late last week, Google’s Mandiant team and Cisco both spotted these threat actors pounding away at vulnerable targets. Charles Carmakal, Mandiant’s CTO, explained that the primary attack trick was sending specially crafted requests to SharePoint, triggering the flaw and letting hackers execute their secret code remotely. With that foothold, they swiped credentials and pivoted across internal networks like old-school kung fu masters—except with PowerShell scripts instead of nunchucks.

Among dozens of compromised organizations was the National Nuclear Security Administration, which safeguards America’s nuclear arsenal. Luckily, the NNSA relied heavily on modern Microsoft 365 cloud setups rather than legacy on-prem servers, which limited the potential blast radius—even though an agency spokesperson admitted “minimal impacts,” no classified data breach was reported. Still, Barry Mainz of Forescout cautions that with about 80% of places patching up within a week, the lingering 20% of unpatched, especially at smaller firms, are sitting ducks.

On the attribution front, Microsoft, Google, and the US Cybersecurity and Infrastructure Security Agency (CISA) all pointed the finger squarely at these Chinese APT groups. However, the Chinese Embassy in Washington continues its usual routine: deny and deflect, calling the claims “smears without solid evidence.” Liu Pengyu, their spokesman, insists Beijing opposes all cybercrime—a line as familiar to listeners as a Phishing 101 email.

As for defense, CISA couldn’t have been louder: all federal agencies had until today—yes, July 23—to patch those SharePoint vulnerabilities, specifically the ToolShell chain CVE-2025-49704 and -49706, which allow spoofing and remote code execution. Chris Butera from CISA emphasized that their teams worked hand-in-hand with Microsoft and federal bodies to assess scope and contain fallout, but they’re still tallying up the affected agencies and partners—well over 400, by current count.

Cybersecurity pros like Vaisha Bernard at Eye Security and Kim Zetter, who testified at Congress, remind us that, even fifteen years post-Stuxnet, US critical infrastructure—power grids, water, you name it—remains too exposed. The lesson? Don’t just focus on IT; OT, the operational tech that runs the backbone of civilization, is also in the crosshairs now. Rapid patching, network segmentation, multi-factor authentication, better supply chain vigilance—these are today’s martial arts forms.

And to all my listeners: if you run your own servers, especially those vintage SharePoint relics, patch or perish. Don’t be the weakest link in America’s cyber chain.

Thanks for tuning in to Dragon’s Code. Don’t forget to subscribe! This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta