Typhoons Hitting SharePoint Hard: China's Cyber Chess Moves Get Spicy! 🌶️🇨🇳🇺🇸

This is your Tech Shield: US vs China Updates podcast.

Hey listeners, Ting here, your resident China-cyber-hacking whisperer. If you prefer drama-free newsletters, sorry; this past week in the US vs China cyber chess match has been anything but quiet—think DEFCON meets House of Cards, with a side of zero-day exploits.

Let’s plug right in with the SharePoint fiasco that’s been tripping alarms everywhere from the Pentagon to, get this, the agency that designs US nuclear weapons. Microsoft just confirmed that two Chinese state-backed groups, Linen Typhoon and Violet Typhoon, have been exploiting big flaws in SharePoint on-premise software since early July. Microsoft’s own advisories and CISA say these aren’t just your average bugs—one is a nasty spoofing vulnerability and the other lets attackers run code remotely, which is like handing Chinese teams the keys to your filing cabinet and then going on holiday.

CISA, never one to miss a deadline, told all federal agencies—plus anyone who handles critical infrastructure, from utilities to health care—to patch up by today, July 23rd, or risk a cyber facepalm. According to Chris Butera at CISA, they’re working in lockstep with Microsoft and federal partners because, as of now, nearly 400 agencies, companies, and organizations have been compromised to some degree. So, if your org still thinks patching is like flossing (only when the pain hits), time to rethink that philosophy.

On the advisory front, the US government is also waving red flags for businesses working overseas, especially in China. Per the latest State Department alerts, travel to China now comes with a bonus side of increased cyber scrutiny and risk. Imagine clearing customs and your phone gets more attention than your passport. Yep, it’s 2025.

Meanwhile, industry is feeling the heat. The Department of Defense is fast-tracking the so-called AI and Autonomous Systems Virtual Proving Ground to test just how hack-resilient our military tech can be. President Trump’s newest AI Action Plan puts massive weight on AI reliability and domestic procurement, making it clear—if you’re not building with accountability, you’re out. There’s even talk of clawbacks if federal R&D ends up helping Beijing instead of Baltimore.

Ransomware hasn’t taken a breather either. The Feds, including the FBI and HHS, just released a joint advisory on Interlock—a ransomware gang that’s been using sneaky “drive-by download” tactics and double extortion on hospitals and critical networks. Their advice? Step up DNS filtering, web firewalls, and multi-factor authentication, and stop clicking every link your aunt forwards you.

But let’s not wrap this up with a cyber bow. Experts, like Jim Hansen and Michael Kratsios, point out the big gaps—many federal contractors still lack basic password hygiene, multifactor authentication, and network monitoring. The open global market remains a double-edged sword: innovation thrives, but espionage is almost baked in. Until public and private sectors enforce “true cyber due diligence,” we’re all just one spear-phishing email away from a headache—no amount of AI glitter can fix that.

Thanks for tuning in to this week’s Tech Shield: US vs China Updates. If you love staying patched and informed, subscribe and spread the word. This has been a quiet please production, for more check out quiet please dot ai.

For more http://www.quietplease.ai


Get the best deals https://amzn.to/3ODvOta