Silk Typhoon Slays Zero-Days: Chinese Hackers Gone Wild in US Clouds

This is your Dragon's Code: America Under Cyber Siege podcast.

Listeners, Ting here! I’m hyped to dive into what’s been a wild week in America’s cyber trenches—the dragons’ code of Chinese cyber operations hitting US infrastructure. Strap in, because if you blinked, you probably missed a heap of action, zero-days, and some serious expert sass.

First off, let’s talk about this week’s rockstar: Silk Typhoon, also known by CrowdStrike as Murky Panda. Picture this: hackers popping critical zero-days, like Citrix Netscaler ADC’s CVE-2023-3519 and Commvault’s juicy CVE-2025-3928, slithering right into cloud environments, and then pivoting into downstream customer domains. Adam Meyers at CrowdStrike called it “turning identity infrastructure into a launchpad.” That’s techie for taking over just enough cloud permissions to surf sideways and fetch the good stuff from other environments. One SaaS provider’s Entra ID secret got popped, and, boom—Murky Panda piggybacked into their customers’ data. Classic supply chain compromise, and it’s got US tech companies sweating so hard their password managers have trust issues.

Meanwhile, Microsoft’s SharePoint is trending for all the wrong reasons after “Linen Typhoon” and “Violet Typhoon”—yes, it’s Pokémon meets cybercrime—got called out by Microsoft’s Threat Intelligence team. They hammered two fresh zero-days (CVE-2025-53770 and CVE-2025-53771), hitting federal agencies, universities, and—wait for it—energy sector icons like the National Nuclear Security Administration. Microsoft didn’t just patch; they went DEFCON: booting Chinese partners out of their MAPP vulnerability sharing program. David Cuddy from MS says, if you’re required to report vulnerabilities to Beijing, you’re now in the penalty box.

Attribution? The government’s not mincing words. The latest Annual Threat Assessment from ODNI says China “almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including…rail systems.” Silk Typhoon’s favorite move is to exploit internet-facing appliances—think the routers in your office or grandma’s living room—and establish cozy little beachheads.

What’s Washington doing about it? Trump’s July AI Action Plan is all about “secure by design.” So, we got the AI Information Sharing and Analysis Center spinning up, DoD tightening its Responsible AI Toolkits, and DNI readying its AI Assurance standards. The kicker? Private sector gets official guidance on plugging AI-specific holes fast. Plus, US cyber strategy is leaning into “defend-forward”—basically, if you punch us, don’t be shocked if your command-and-control servers take a mysterious nap.

Experts say patching isn’t enough. Meyers tells us to “patch everything, patch it now,” but also monitor your cloud permissions. If you’re chilling with Entra ID, check for shady delegated access—Silk Typhoon loves that. There’s no single magic fix, only defense in depth, rapid detection, tight partnerships, and a roster of really tired SOC analysts.

Lesson learned? The dragons are crafting dazzling ops, exploiting trust as much as tech. US resilience depends on nimble AI, swift threat sharing, beefed-up supply chain hygiene, and occasionally, sending a not-so-subtle message back across the Great Firewall.

Stay hungry for updates, patch like you mean it, and tighten those permissions. Thanks for tuning in! Don’t forget to subscribe for the latest cyber intrigue. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta