On July 22, Microsoft publicly accused a hacker organization supported by the Chinese Communist Party of exploiting vulnerabilities in its SharePoint document management software to launch large-scale cyber attacks on global government agencies and businesses, prompting an urgent response from the FBI and cybersecurity departments. Experts have warned that cyber attacks by the CCP are increasingly becoming “weaponized,” leading the international community to shift towards more collective response strategies, as the digital Cold War rapidly unfolds.
This wave of attacks, which began on July 18, has spread widely across government, telecommunications, energy, finance, and higher education sectors in the United States, Europe, the Middle East, and Asia. Some of the targeted entities are highly sensitive, with the U.S. Department of Energy confirming that its agencies, including the National Nuclear Security Administration responsible for nuclear weapon design, have also been infiltrated, though no classified information leaks have been reported.
Microsoft indicated that the CCP-backed hacker organizations involved in these attacks include “Linen Typhoon,” “Violet Typhoon,” and the threat actor identified as Storm-2603. The company released final patches for all affected versions of SharePoint on July 21 and cautioned customers to promptly update their systems, change digital keys, and check for potential breaches.
Dr. Hsieh Pei-hsueh, Deputy Research Fellow at the Network Security Research Institute of Taiwan’s Institute for National Defense Security, affirmed Microsoft’s swift attribution of the attacks, vulnerability disclosure, and release of patches. In an interview with Dajiyuan, he noted that compared to the 2021 Exchange Server intrusion incident, Microsoft has made significant improvements, demonstrating enhanced “threat intelligence integration speed.”
Dr. Hsieh stated, “In the past, technology companies tended to avoid making public accusations against China due to commercial relationships. However, they are now beginning to explicitly name attackers, which not only enhances defense and deterrence but also reflects a new trend in international cyber attribution.”
He further explained that such “public attribution” is actually a geopolitical action aimed at pressuring the CCP. Dr. Hsieh emphasized, “Not only the U.S., but the European Union and the United Kingdom are increasingly willing to coordinate with the U.S. in condemning the CCP’s cyber attacks collectively, which not only enhances credibility but also expands and strengthens pressure on the CCP.”
In response to Microsoft’s accusations, Chinese Foreign Ministry spokesperson Guo Jiakun on July 23, as usual, denied the charges and criticized the West for “smearing China.”
Taiwanese defense and security strategy expert Su Ziyun told Dajiyuan that the CCP consistently denies its cyber attacks, similar to previous revelations by the FBI of attacks on critical infrastructure in Guam and the United States mainland, which were also categorically denied. However, the statements from Microsoft and U.S. government agencies, subject to legal and media oversight, are far more credible than the CCP’s sophistry.
Michael Sikorski, Chief Technical Officer at Palo Alto Networks, revealed to Newsweek that hackers, once they penetrate a system, deploy long-term backdoors to steal sensitive data and encryption keys, creating ongoing risks. He believes that since SharePoint is deeply integrated into the Microsoft platform, a breach could potentially open the doors to an entire network.
Dr. Hsieh, during the interview, highlighted the qualitative shift in CCP hacker behavior. He cited the example of Xu Zewei, a Chinese national arrested in Italy in early July and charged with infiltrating U.S. research units to steal vaccine research secrets, suspecting him of being a member of the “Silk Typhoon” organization.
Dr. Hsieh stressed that CCP-backed Advanced Persistent Threat (APT) organizations have now advanced their infiltration tactics towards “weaponization.” He explained that these attacks no longer focus solely on espionage but involve pre-emptively infiltrating critical infrastructure of adversaries so that in times of crisis or conflict, they can escalate into substantial acts of sabotage.
According to a report from the U.S. National Security Agency (NSA), some Chinese hackers have been lurking in U.S. IT systems for years, with the capability to laterally move into operational technology systems (OT), a classic “pre-positioned attack surface.”
Su Ziyun also stated that the CCP’s “weaponization” of cyber attacks has been ongoing for years, and as the means become increasingly refined, it remains a major concern for the U.S. Congress and national security agencies.
Dr. Hsieh believes that passive measures alone are insufficient for effective Western defense against such threats. He said, “In the high anonymity and hard-to-find-evidence cyberspace, deterrence alone has limited effect. This is why President Trump gradually shifted towards a ‘pre-emptive’ cyber security strategy during his first term.”
Furthermore, the Microsoft cyber attack incident has exposed significant concerns regarding supply chain security. During the interview, Dr. Hsieh mentioned that these APT organizations not only directly attack primary targets but also infiltrate their supply chains or disguise themselves as cybersecurity products for infiltration.
“This also explains why the U.S. government has long banned federal agencies from using Russian cybersecurity antivirus products like Kaspersky and implemented the Cybersecurity Maturity Model Certification (CMMC) to strengthen security in defense supply chains.”
Recently, it was discovered that Chinese engineers were involved in Microsoft’s outsourced cloud equipment maintenance operations, prompting a comprehensive audit and dismissal upon request from the Pentagon. Bipartisan cooperation in Congress has led to legislation prohibiting the use of Chinese artificial intelligence (AI) products like “DeepSeek” on government equipment to mitigate potential infiltration risks.
Su Ziyun bluntly stated, “Such protective restrictions will continue to be enacted. While the responses of democratic countries may be slower, as seen with Trump’s attempted TikTok ban requiring legal processes, once societal consensus is reached, the effects will be very solid.”
Additionally, U.S. Treasury Secretary Janet Benson publicly announced on July 23 that she will formally raise the issue of this cyber attack in the upcoming third round of trade talks with Chinese Vice Premier He Lifeng in Sweden next week. She stated, “Such incidents will evidently be on the agenda for my discussions with my Chinese counterparts.”
Su Ziyun concluded by saying, “The digital warfare in cyberspace has become the norm, and if Beijing continues to exploit vulnerabilities in Western systems, it will only accelerate the integration of Western countries’ cybersecurity and technology fence strategies, digging pits for themselves to fall into, ultimately facing greater strategic resistance.” This cyber attack incident not only serves as a cybersecurity warning but also heralds the rapid escalation of the geopolitical digital Cold War.