Oh Snap! Chinese Hackers Pwned US Nukes in Wildfire Cyber Attack - Is Your SharePoint Safe?

This is your Red Alert: China's Daily Cyber Moves podcast.

Listeners, it's Ting here—your favorite cheeky cyber oracle, decoding Red Alert: China's daily moves in the great digital chessboard between D.C. and Beijing. So, plug in: the past five days have been a masterclass in high-stakes hacking, and today, July 23rd, 2025, the alarms are blaring. Let’s start with the big one—America’s National Nuclear Security Administration, yes, the folks who babysit our nuclear arsenal, found themselves targeted by Chinese hackers exploiting a fresh flaw in Microsoft SharePoint. According to Bloomberg, the compromised vector was a zero-day vulnerability, allowing remote code execution and, potentially, data theft. The Department of Energy says only a 'very small number' of systems were hit, and all were rapidly restored, but the fact that anyone got in is...well, the word ‘terrifying’ comes to mind.

Microsoft went straight on record—this was no random script kiddie. Their analysis pins the breach on three seasoned, state-directed adversaries: Linen Typhoon, Violet Typhoon, and Storm-2603. The attack wasn't limited to US government agencies—the UK's National Cyber Security Centre confirmed organizations in the UK got hit too. Charles Carmakal from Mandiant reports that victims run the gamut from critical infrastructure and finance to healthcare. Picture this breach as a global cyber wildfire, and every organization running on-prem SharePoint as a dry brush ready to burn.

Timeline? The exploit ignited overnight on Friday, July 18, triggered CISA’s cyber emergency playbook by Saturday, and by Monday, the FBI and CISA had both issued rapid-fire alerts demanding patches and providing IOC lists for threat hunting. Microsoft shipped mitigation scripts faster than you can say “reverse shell,” but proof-of-concept code dropped on Tuesday, spawning copycats and escalating risk.

Meanwhile, emergency monitoring hit a snag. Funding drama at Lawrence Livermore National Lab shuttered the advanced analytics arm of the DHS CyberSentry program. That means raw security sensor data from major infrastructure is piling up, unanalyzed—think water, energy, transportation, nuclear, even food supply chains. Chris Butera at CISA insists baseline monitoring is active, but Tatyana Bolton from the OT Cyber Coalition warned Congress that some breaches go undetected for years—and when it’s Chinese APTs, once they’re inside, it’s a nightmare to evict.

The potential for escalation? It’s real and it’s now. If Chinese groups pivot from espionage to sabotage, we could see core services frozen, hospitals disrupted, or transit crippled. Robert Lee at Dragos didn’t mince words—America isn’t ready for a major cyber hit to its OT systems, the backbone of our infrastructure.

Defensive actions—patch SharePoint on-prem yesterday, deploy Microsoft’s new indicators to hunt for active threats, isolate impacted segments, and, leaders at critical infrastructure operators: update your response runbook. And pray Congress funds cyber defense before the next gear-up.

And that’s today’s cyber pulse from Ting. Thanks for tuning in, and hey—subscribe for daily dispatches you’ll wish you didn’t need. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta