Chinese Cyber Siege: Feds Scramble as SharePoint Falls and Warlock Ransomware Rises

This is your Red Alert: China's Daily Cyber Moves podcast.

Red Alert, listeners! Ting here, and if you thought last week’s spike in Chinese cyber activity was intense, that’s old news—today’s action is off the charts. Let’s kick off with the biggest headline: Microsoft SharePoint is under siege. Microsoft just admitted ongoing attacks by Chinese-backed threat actors, right after releasing a patch for a zero-day exploit discovered by Vietnamese researcher Dinh Ho Anh Khoa. The initial fix, rolled out July 8, worked until July 7—yes, you heard that time paradox right—because attackers found a workaround almost instantly. By Monday last week, Microsoft was scrambling with a rapid-fire second patch, but security experts, including Dave Lee at Bloomberg, are still holding their breath to see if it holds.

Here’s why this is priority-one: the exploit allows adversaries unrestricted access to SharePoint servers—aka the heart of many U.S. agencies. Even the Nuclear Weapons Safety Agency found itself on the compromise list. Attackers not only snoop, but can detonate full code execution on those servers. Warlock ransomware, known from earlier Storm-2603 campaigns, is now spreading through exploited SharePoint setups, as Microsoft confirmed just this Wednesday.

Meanwhile, CISA and the FBI published emergency alerts last night, warning all federal and critical infrastructure agencies to urgently isolate SharePoint installations exposed to the internet. The feds are especially concerned after a breach on July 16 targeted Allianz Life Insurance’s cloud system—and tied it straight back to a state-backed group from China. U.S. cybersecurity agencies are on high alert, with incident response teams deployed, and the FBI forensics team, led by Special Agent Lorraine Hughes, is coordinating with Microsoft’s crisis unit.

Timeline check: July 7, patch released. By July 9, attackers bypassed it. July 16, Allianz Life CRM breach. July 21, Wave 2 of mass ransomware deploys. July 27—today—CISA’s Red Alert triggers, demanding shutdowns, system audits, and urgent patching, while the Department of Energy confirms attempted intrusions in nuclear networks.

Now, the wild card: escalation. If Chinese operators keep exploiting sleeper cells inside U.S. networks, expect a wave of double extortion—first data theft, then ransomware squeeze. Financial, education, and healthcare targets are seeing phishing and credential attacks spike, as the Center for Internet Security noted that 82% of K-12 organizations have already faced major incidents this year. If the offensive expands to critical infrastructure—think ports, power grid, water—U.S. retaliation could include coordinated takedowns of overseas servers or sanctions on key Chinese tech firms. The risk? We find ourselves lurching toward a new digital Cold War.

So, what should you do, besides panic-buying cyber insurance? If you’re running on-prem SharePoint servers, patch immediately, disable remote access, and audit every privileged account. Watch for phishing—especially posing as cloud vendors or EDU login portals. For the love of zero trust, don’t wait for the next CISA blast.

That’s your Red Alert wrap. I’m Ting—thanks for tuning in. Don’t forget to subscribe, and stay one step ahead in this cyber cat-and-mouse game.

This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta