Tag Archives: ZPMC cranes and cyber-espionage

Who Trusts Microsoft? The Locked-In

Leave a reply

In 2024, the Department of Homeland Security released a scathing report detailing Microsoft’s mistakes during a 2023 hack in which China stole thousands of emails from top government officials. Two years before that, China-linked cyberattackers compromised more than 250,000 Microsoft Exchange servers. In response to the 2024 report, Nadella, the CEO of Microsoft, promised to rededicate Microsoft to protecting its products and its customers from bad actors…

Shortly after Nadella took the reins, Microsoft eliminated the group that had companywide responsibility for Microsoft’s security work, pushing security decisions to the individual business units. Around the same time, Microsoft changed the way it developed software, laying off many of the test engineers charged with uncovering bugs before products ship to customers…

With regard to the July 2025 Microsoft hack, researchers said more than 400 SharePoint servers had been hacked—many of them belonging to government entities—and Microsoft had linked some of the attacks to the Chinese government

In previous episodes, such as the massive 2021 hack of the Microsoft Exchange email system, China pulled off impressive technical feats before being caught…

Regarding the 2025 SharePoint cyberattack, Eye Security researchers discovered, on July 18, 2025 an unauthorized script on a SharePoint server belonging to one of their customers. As the Eye team dug in, they started finding the same script on about 150 other SharePoint servers all over the internet…The script opened a back door to the SharePoint servers, creating an encryption key that could be used later to run commands on the machine. “It was just like a door key left on the street,” said Kerkhofs. “It was accessible for everybody. We just started scanning and we grabbed all the keys.”…Microsoft, learning that hackers were exploiting the bugs, called in its security team.

Eventually the Eye team discovered 80 infected organizations. European government agencies were compromised, as were U.S. federal agencies, municipalities and universities…

On July 20, 2025, the Energy Department confirmed that it was a victim… News of the compromise was reported by Bloomberg, which said that the National Nuclear Security Administration was specifically victimized.

Excerpt from Robert McMillan, A Failed Microsoft Security Patch Is the Latest Win for Chinese Hackers, WSJ, July 25, 2025

A Spy in Plain Sight: Internet Cables

Leave a reply

U.S. officials are privately delivering an unusual warning to telecommunications companies: Undersea cables that ferry internet traffic across the Pacific Ocean could be vulnerable to tampering by Chinese repair ships. State Department officials said a state-controlled Chinese company that helps repair international cables, S.B. Submarine Systems (SSB), appeared to be hiding its vessels’ locations from radio and satellite tracking services, which the officials and others said defied easy explanation.

The warnings highlight an overlooked security risk to undersea fiber-optic cables, according to these officials: Silicon Valley giants, such as Google and Meta Platforms, partially own many cables and are investing in more. But they rely on specialized construction and repair companies, including some with foreign ownership that U.S. officials fear could endanger the security of commercial and military data.

Hundreds of thousands of miles of underwater fiber-optic cables carry almost all the world’s international internet traffic. Dozens of lines lace the Pacific Ocean floor, shuttling data between the Americas, Asia and many island chains. SBSS is part of a regional consortium of companies that provides ships to fix undersea cables, including some belonging to major U.S. companies, by winching them to the surface, resplicing broken fibers that carry internet data and returning the lines to the sea floor… Underwater cables are vulnerable to tampering when they are brought to the surface for repairs, U.S. officials say. Tapping global data flows is still far easier on land, industry experts say. But at-sea repair could still offer an opportunity to install a device to remotely disable a cable or to study the technology in advanced signal repeaters installed by other companies.

SBSS was formed in 1995 as a Chinese-British joint venture. State-owned China Telecom has long held 51% of the business and is in the process of buying the remainder from U.K.-based Global Marine Systems, according to people familiar with the matter. A member of the Chinese Communist Party serves on the SBSS management team, according to the company’s website.

Safeguarding underwater cables has been a focus of U.S. national-security officials since the Cold War, when fears of Soviet espionage were paramount. In the 1970s, the U.S. secretly placed wiretaps on underwater Soviet lines in an intelligence coup known as Operation Ivy Bells….

SubCom, a U.S. cable ship company owned by private-equity giant Cerberus Capital Management, receives $10 million in annual U.S. government payments for participating in the Cable Security Fleet, a program partly overseen by the Pentagon…

Overall, cable owners have few choices with regard to repairing damaged undersea cables, as most repairing is done by an aging fleet of roughly 50 ships around the world…


Excerpts from U.S. Fears Undersea Cables Are Vulnerable to Espionage From Chinese Repair Ships, WSJ, May 19, 2024

Late Paranoia Better than None: US v. Chinese Cranes

Leave a reply

In recent years, U.S. national-security officials have pointed to a range of equipment manufactured in China that could facilitate either surveillance or disruptions in the U.S., including baggage-screening systems and electrical transformers, as well as broader concerns about China’s growing control of ports around the world through strategic investments. China makes almost all of the world’s new shipping containers and controls a shipping-data service. In that context, the giant ship-to-shore cranes have drawn new attention. The $850 billion defense policy bill lawmakers passed in December requires the Transportation Department’s maritime administrator, in consultation with the defense secretary and others, to produce an unclassified study by the end of this year on whether foreign-manufactured cranes pose cybersecurity or national-security threats at American ports.

ZPMC cranes entered the U.S. market around two decades ago, offering what industry executives described as good-quality cranes that were significantly cheaper than Western suppliers. In recent years, ZPMC has grown into a major player in the global automated-ports industry, working with Microsoft Corp. and others to connect equipment and analyze data in real time…Today, ZPMC says it controls around 70% of the global market for cranes and has sold its equipment in more than 100 countries. A U.S. official said the company makes nearly 80% of the ship-to-shore cranes in use at U.S. ports…

The huge cranes are generally delivered to U.S. ports fully assembled on ships and are operated through Chinese-made software. In some cases, U.S. officials said, they are supported by Chinese nationals working on two-year U.S. visas, factors they described as potential avenues through which intelligence could be collected…Early in the Trump administration, officials in the National Security Council’s strategic planning office came to consider cranes as a unique point of interest, said Sean Plankey, a former cybersecurity official who was involved in those discussions. “Where would someone attack first and how would they do it?” he asked, characterizing the discussion. He said the officials determined that if Beijing’s military could access the cranes, they could potentially shut down U.S. ports without drawing on their navy.

A National Maritime Cybersecurity Plan, released in December 2020, found that no single U.S. agency had responsibility for maritime network security, leaving port directors without enforceable standards on cybersecurity and generally free to buy equipment from any vendor.

Excerpts from Aruna Viswanatha, Pentagon Sees Giant Cargo Cranes as Possible Chinese Spying Tools, WSJ, Mar. 6, 2023.