Typhoons Tangled in Microsoft's SharePoint Scandal: US Gov Fuming, AI Action Plan Sparks

This is your Tech Shield: US vs China Updates podcast.

Listeners, Ting here with your Tech Shield: US vs China cyber update for the week ending July 25, 2025. Let’s plug into this circuit—no need for a long intro, because the past few days in cyberland have been an electrifying sprint.

The week kicked off with a Chinese hacking spree targeting on-premises Microsoft SharePoint servers across hundreds of US sites. Eye Security reported over 400 organizations compromised thanks to warlock ransomware unleashed by storm-2603, storming right through government and industry—from the National Nuclear Security Administration to the Rhode Island General Assembly. Microsoft confirmed in a packed blog post, and CBS News covered it, that not one but two Chinese state-backed groups—Linen Typhoon and Violet Typhoon—were having a wicked party on internet-facing SharePoint, dropping ransomware and scooping up whatever unpatched vulnerabilities they could find.

The Department of Homeland Security and the National Institutes of Health both felt the sting. The Defense Intelligence Agency even saw SharePoint access flatline for hours. Here comes the government response: the Cybersecurity and Infrastructure Security Agency (CISA) issued immediate advisories. Tricia McLaughlin at DHS said they’re “working around the clock” with Microsoft to slam every digital door after the intrusions. So far, CISA is reporting no evidence of data theft at DHS, but as every cyber pro knows—no evidence is not always the same as no breach.

Microsoft scrambled, issuing security patches and promising to cut further ties with its China-based support teams for its Government Community Cloud—after ProPublica’s eye-popping report revealed foreign tech workers with advanced access had been maintaining sensitive US DoD systems for years. This has Washington fuming, with Defense Secretary Pete Hegseth ordering a full review and warning that foreign engineers—China included—should never touch US defense systems.

But here’s what’s really charging the firewall: On July 23, the White House lit up its “Winning the Race: America’s AI Action Plan.” The playbook connects cyber defense straight to AI innovation: think an AI Information Sharing and Analysis Center within DHS, rapid updates to CISA protocols, and “secure-by-design” mandates for any new AI tech deployed on US soil. Robert Huber, Tenable’s CSO, wasn’t pulling any punches when he called unsecured AI a “liability”—which is why the plan mandates high-security data centers, tight semiconductor supply, and real teeth for AI export controls to keep advanced US tech from, let’s be honest, getting reverse-engineered in a Shanghai suburb.

Alongside these steps, President Trump’s Executive Order 14306 doubles down on secure software development and sharper sanctions against foreign cyber threat actors, with China right at the top of the US “do not trust” list, as outlined by PilieroMazza and the Morgan Lewis briefings. NIST has their hands full updating federal software standards, and the Department of Defense is cranking out new protocols for AI incident response and assurance.

Here’s the expert kicker: our new layers of defense are faster, with more public-private teaming, a bigger emphasis on rapid patching, and a clear path to AI-resilient systems. But the glaring gap? If vendors and agencies lag on patches or leave those “temporary” foreign support arrangements in place, China’s cyber operators will keep knocking until something gives. And with AI-driven attacks moving at machine speed, falling behind on talent and infrastructure could still leave us exposed.

Listeners, that’s the download. Thanks for tuning in to Tech Shield—if you want to stay two steps ahead, don’t forget to subscribe. This has been a Quiet Please production, for more check out quiet please dot ai.

For more