Tag Archives: Chinese cranes and cyberattack

Who Trusts Microsoft? The Locked-In

Leave a reply

In 2024, the Department of Homeland Security released a scathing report detailing Microsoft’s mistakes during a 2023 hack in which China stole thousands of emails from top government officials. Two years before that, China-linked cyberattackers compromised more than 250,000 Microsoft Exchange servers. In response to the 2024 report, Nadella, the CEO of Microsoft, promised to rededicate Microsoft to protecting its products and its customers from bad actors…

Shortly after Nadella took the reins, Microsoft eliminated the group that had companywide responsibility for Microsoft’s security work, pushing security decisions to the individual business units. Around the same time, Microsoft changed the way it developed software, laying off many of the test engineers charged with uncovering bugs before products ship to customers…

With regard to the July 2025 Microsoft hack, researchers said more than 400 SharePoint servers had been hacked—many of them belonging to government entities—and Microsoft had linked some of the attacks to the Chinese government

In previous episodes, such as the massive 2021 hack of the Microsoft Exchange email system, China pulled off impressive technical feats before being caught…

Regarding the 2025 SharePoint cyberattack, Eye Security researchers discovered, on July 18, 2025 an unauthorized script on a SharePoint server belonging to one of their customers. As the Eye team dug in, they started finding the same script on about 150 other SharePoint servers all over the internet…The script opened a back door to the SharePoint servers, creating an encryption key that could be used later to run commands on the machine. “It was just like a door key left on the street,” said Kerkhofs. “It was accessible for everybody. We just started scanning and we grabbed all the keys.”…Microsoft, learning that hackers were exploiting the bugs, called in its security team.

Eventually the Eye team discovered 80 infected organizations. European government agencies were compromised, as were U.S. federal agencies, municipalities and universities…

On July 20, 2025, the Energy Department confirmed that it was a victim… News of the compromise was reported by Bloomberg, which said that the National Nuclear Security Administration was specifically victimized.

Excerpt from Robert McMillan, A Failed Microsoft Security Patch Is the Latest Win for Chinese Hackers, WSJ, July 25, 2025

The Under-the-Hood Cyberattacks

Leave a reply

The Biden administration sanctioned a Chinese company in January 2025  it said was behind the vast cyber intrusions into U.S. telecommunications networks that swept up phone calls of scores of U.S. government officials as well as those of incoming President Donald Trump.

The U.S. Treasury Department said that Sichuan Juxinhe Network Technology Co. was directly involved in the deep compromises of the telecommunications firms, which U.S. officials and lawmakers have said is a historically damaging espionage campaign carried out on behalf of the Chinese government. The firm is based in the Sichuan province of China and advertises itself as a technology-services and cybersecurity company.

Separately, U.S. authorities sanctioned a Shanghai-based hacker, Yin Kecheng, whom they allege was involved in an unrelated breach of sensitive systems within the Treasury Department itself. Neither Sichuan Juxinhe nor Yin Kecheng could immediately be reached for comment.

The sanctions… are the most direct public response to the telecom hacks, which were first revealed by The Wall Street Journal in 2024 and have been attributed to a hacking group dubbed Salt Typhoon. The sanctions will block U.S. transactions with Sichuan Juxinhe and allow for the seizure of any property or interests the firm has within the U.S. It couldn’t be immediately established whether the firm, for which little information was available online, had any U.S.-held assets or property.

Hackers compromised at least nine American telecommunications firms, scooping up enormous amounts of call-log data and the unencrypted texts and call audio from several dozen specific high-value targets. They also accessed wiretap-surveillance systems at victim companies Verizon Communications and AT&T in an apparent effort to learn how much the FBI and others understood about Beijing’s spies operating in the U.S. and internationally, according to investigators.

In the Treasury Department hack, China is believed to have accessed unclassified files located on compromised work computers of a range of senior officials, including Secretary Janet Yellen… The intrusion occurred through a hacked third-party software vendor called BeyondTrust, which was able to remotely access virtually any Treasury work computer, the people said. The department’s sanctions office itself—the same one that imposed penalties—was breached in the hack, as were other offices that possess sensitive nonpublic information. 

Excerpt from The U.S. Sanctions Beijing Firm Behind Major ‘Salt Typhoon’ Telecom Hacks, WSJ, Jan. 17, 2025

Delete America: China’s Document 79

Leave a reply

A 2022 Chinese government directive aims to get US technology out of China—an effort some refer to as “Delete A,” for Delete America.  Document 79 was so sensitive that high-ranking officials and executives were only shown the order and weren’t allowed to make copies… It requires state-owned companies in finance, energy and other sectors to replace foreign software in their IT systems by 2027. 

American tech giants had long thrived in China as they hot-wired the country’s meteoric industrial rise with computers, operating systems and software. Chinese leaders want to sever that relationship, driven by a push for self-sufficiency and concerns over the country’s long-term security…Document 79, named for the numbering on the paper, targets companies that provide software—enabling daily business operations from basic office tools to supply-chain management. The likes of  Microsoft  and Oracle are losing ground in China

Excerpts from Liza Lin, China Intensifies Push to ‘Delete America’ From Its Technology, Mar. 7, 2024

Sinophobia or Rational Paranoia: the Cranes

Leave a reply

The Biden administration plans to invest billions in 2024 in the domestic manufacturing of cargo cranes, seeking to counter fears that the prevalent use of China-built cranes with advanced software at many U.S. ports poses a potential national-security risk. The move is part of a set of actions taken by the administration that is intended to improve maritime cybersecurity….Administration officials said more than $20 billion would be invested in port security, including domestic cargo-crane production, over the next five years. The money, tapped from the $1 trillion bipartisan infrastructure bill passed in 2021, would support a U.S. subsidiary of  Mitsui, a Japanese company, to produce the cranes, which officials said would be the first time in 30 years that they would be built domestically.

Cranes at some ports used by the U.S. military were flagged as surveillance threats. Officials also raised the concern that the software on the cranes could be manipulated by China to impede American shipping or, worse, temporarily disrupt the operation of the crane.  “By design these cranes may be controlled, serviced and programmed from remote locations,” said Rear Adm. John Vann, who leads the Coast Guard cyber command, during a press briefing….

The U.S. military has been concerned about the cranes for years and has made efforts to skirt ports with the China-made cranes as best as possible, according to the senior U.S. military commander who oversees the military’s logistics operations.The Chinese can track the origin, destination and other data of the U.S. military’s containerized materiel to determine exactly where the military is shipping it, Cranes made by China-based ZPMC contain sensors that can register and track the origin and destination of containers…

China’s military doctrine gives priority to targeting “systems that move enemy troops,” including harbors and airports, Craig Singleton, a senior fellow at the Foundation for Defense of Democracies, a Washington think tank, said during congressional testimony in February 2023…“Increasingly, the Chinese are not merely seeking access to our networks; they are pre-emptively positioning to compromise and control them,” Singleton said in his testimony. “As a result, China is poised to impede the mobilization of American military forces, foment a state of disarray, and redirect national attention and resources in both war and short-of-war scenarios.”

Excerpts from Dustin Volz, U.S. to Invest Billions to Replace China-Made Cranes at Nation’s Ports, WSJ, Feb. 21, 2024

The Under-Our-Noses Nasty Wars

Leave a reply

Christopher Wray warned in February 2023 that Beijing’s efforts to covertly plant offensive malware inside U.S. critical infrastructure networks is now at “a scale greater than we’d seen before,” an issue he has deemed a defining national security threat. Citing Volt Typhoon, the name given to the Chinese hacking network that was revealed in 2023 to be lying dormant inside U.S. critical infrastructure, Wray said Beijing-backed actors were pre-positioning malware that could be triggered at any moment to disrupt U.S. critical infrastructure. Officials have grown particularly alarmed at Beijing’s interest in infiltrating U.S. critical infrastructure networks, planting malware inside U.S. computer systems responsible for everything from safe drinking water to aviation traffic so it could detonate, at a moment’s notice, damaging cyberattacks during a conflict.

The Netherlands’ spy agencies said in February 2024 that Chinese hackers had used malware to gain access to a Dutch military network in 2023. The agency, considered to have one of Europe’s top cyber capabilities, said it made the rare disclosure to show the scale of the threat and reduce the stigma of being targeted so allied governments can better pool knowledge.

A report released in February 2024 by agencies including the FBI, the Cybersecurity and Infrastructure Agency and the National Security Agency said Volt Typhoon hackers had maintained access in some U.S. networks for five or more years, and while it targeted only U.S. infrastructure directly, the infiltration was likely to have affected “Five Eyes” allies…

Excerpts from  Joe Parkinson, BI Director Says China Cyberattacks on U.S. Infrastructure Now at Unprecedented Scale, WSJ, Feb. 19, 2024

Late Paranoia Better than None: US v. Chinese Cranes

Leave a reply

In recent years, U.S. national-security officials have pointed to a range of equipment manufactured in China that could facilitate either surveillance or disruptions in the U.S., including baggage-screening systems and electrical transformers, as well as broader concerns about China’s growing control of ports around the world through strategic investments. China makes almost all of the world’s new shipping containers and controls a shipping-data service. In that context, the giant ship-to-shore cranes have drawn new attention. The $850 billion defense policy bill lawmakers passed in December requires the Transportation Department’s maritime administrator, in consultation with the defense secretary and others, to produce an unclassified study by the end of this year on whether foreign-manufactured cranes pose cybersecurity or national-security threats at American ports.

ZPMC cranes entered the U.S. market around two decades ago, offering what industry executives described as good-quality cranes that were significantly cheaper than Western suppliers. In recent years, ZPMC has grown into a major player in the global automated-ports industry, working with Microsoft Corp. and others to connect equipment and analyze data in real time…Today, ZPMC says it controls around 70% of the global market for cranes and has sold its equipment in more than 100 countries. A U.S. official said the company makes nearly 80% of the ship-to-shore cranes in use at U.S. ports…

The huge cranes are generally delivered to U.S. ports fully assembled on ships and are operated through Chinese-made software. In some cases, U.S. officials said, they are supported by Chinese nationals working on two-year U.S. visas, factors they described as potential avenues through which intelligence could be collected…Early in the Trump administration, officials in the National Security Council’s strategic planning office came to consider cranes as a unique point of interest, said Sean Plankey, a former cybersecurity official who was involved in those discussions. “Where would someone attack first and how would they do it?” he asked, characterizing the discussion. He said the officials determined that if Beijing’s military could access the cranes, they could potentially shut down U.S. ports without drawing on their navy.

A National Maritime Cybersecurity Plan, released in December 2020, found that no single U.S. agency had responsibility for maritime network security, leaving port directors without enforceable standards on cybersecurity and generally free to buy equipment from any vendor.

Excerpts from Aruna Viswanatha, Pentagon Sees Giant Cargo Cranes as Possible Chinese Spying Tools, WSJ, Mar. 6, 2023.