Feds Fume as China Hacks Hybrid, Submarine Snacks, and Shapeshifting Influence Packs

This is your Tech Shield: US vs China Updates podcast.

I’m Ting. Let’s jack in.

According to CISA’s emergency directive issued this week, federal agencies had to urgently assess and remediate a new Microsoft Exchange hybrid flaw that enables lateral movement from on‑prem to Microsoft 365, with a hard deadline of August 11—part of a push to block suspected state-backed tradecraft often attributed to Chinese operators leveraging identity pivoting in hybrid environments, per CISA and InsideCyberSecurity reporting. InsideCyberSecurity noted CISA’s directive timing and steps, underscoring identity hardening, conditional access checks, and isolation of compromised connectors. CYFIRMA’s weekly briefing also flagged the Exchange issue and linked it to compromises of federal electronic case filing systems—a reminder that email plumbing is still crown-jewel adjacency.

CISA also pushed 10 fresh ICS advisories covering Delta Electronics, Johnson Controls, and Rockwell Automation—critical for anyone running building automation, manufacturing, or process control where Volt Typhoon-style living-off-the-land techniques could convert IT footholds into OT disruption, per CYFIRMA’s roundup. Pair that with the FCC’s move to tighten submarine cable licensing to reflect national security realities, reported by InsideCyberSecurity, and you’ve got Washington shoring up both terrestrial and undersea routes that adversaries—China included—probe for persistence and data exfiltration.

On vulnerability patches and industry responses, Trend Micro rushed fixes for actively exploited Apex One zero-days that CYFIRMA says bear suspected Chinese threat actor fingerprints. Microsoft SharePoint CVEs were likewise under active exploitation with ransomware follow-on, prompting a CISA malware analysis—worth your weekend patch window. Meanwhile, StateScoop reported dwindling federal cybersecurity support to states and locals, which is bad news when Chinese operators increasingly target soft underbellies like water utilities; a DEF CON community initiative to furnish free resilience tools to under-resourced water orgs, highlighted by InsideCyberSecurity, is a bright spot but not a substitute for sustained federal muscle.

Government advisories this week also intersect with influence ops: Nextgov/FCW reported Vanderbilt researchers, including Brett Goldstein and former NSA Director Paul Nakasone, detailing a gray-zone surge in AI-driven propaganda by the Chinese firm GoLaxy, with dossiers on 117 U.S. lawmakers and thousands of influencers. That is driving a defensive tech pivot toward provenance, synthetic media detection, and rapid TTP attribution—areas where CISA, NSA, and the FBI have been issuing tradecraft notes like the fast-flux DNS advisory recently cataloged by CYFIRMA.

In the tech-industrial front, NPR reported President Trump announced a 15% revenue skim from Nvidia’s H20 sales to China tied to export licenses, with CNN noting parallel AMD terms and China’s state-linked pushback alleging “backdoors.” Whether or not you buy Beijing’s claim, it’s clear both sides are securitizing chips as cyber terrain, while Brookings argues Washington should upgrade norms work beyond IP theft to curb destabilizing behavior in AI and standards. Defense Opinion reminded us the supply chain remains riddled with “phone home” risk—from inverters to port cranes—fueling DoD moves to strip Chinese microelectronics from defense systems by 2027.

Emerging defensive tech worth your attention: provenance watermarks and model-level detection for influence ops, identity threat detection for hybrid Exchange and M365, OT segmentation and anomaly detection in ICS, and DNS telemetry tuned for fast-flux and DGA. The FCC’s submarine cable rules modernize a key choke point; New York’s proposed water sector cyber rules, cited by the Foundation for Defense of Democracies on InsideCyberSecurity, preview state-level...