July 25, 2025 • 9 mins
Microsoft Corp. said a Chinese hacking group is exploiting security vulnerabilities in the company’s SharePoint servers to deploy ransomware, following a cyberattack discovered last week that has affected hundreds of entities around the world. The group, which Microsoft has named Storm-2603, has a history of waging ransomware attacks, which use malicious software to lock down computers and render them inoperable. Ransomware groups usually then demand payment from their victims to unlock the computers.
Jennifer Ewbank, a veteran CIA operations officer who rose to become Deputy Director for Digital Innovation, now advises companies and clients on cyber resilience, digital transformation, and geopolitical risk through her company, Andaman Strategic Advisors. Jennifer examines today's pressing national security and tech issues, including the Microsoft SharePoint breach, with Tim Stenovec and Carol Massar on Bloomberg Businessweek Daily.
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Bloomberg Audio Studios, Podcasts, radio News. You're listening to Bloomberg
BusinessWeek with Carol Masser and Tim Steneveek on Bloomberg Radio.
We begin this hour with the latest on the fallout
from the Microsoft SharePoint security issue. Microsoft saying that a
(00:21):
Chinese hacking group exploiting security vulnerabilities in the company's SharePoint
servers to deploy ransomware follows a cyber attack discovered last week. Carol,
this cyber attack has affected hundreds of entities around the world,
including about four hundred government agencies, corporations, and other groups.
That's according to estimates from the security firm I Security,
including the National Nuclear Security Administration.
Speaker 2 (00:43):
That's right, that USA agency is responsible for maintaining and
designing the nation's cash of nuclear weapons that was among
those breached. For more, let's bring in Jennifer Ubanks. She's
the founder of Adaman Strategic Advisors. They advised companies and
clients on cyber resilience, digital trends, information, and geopolitical risk.
She spent great background more than three decades and tech,
(01:05):
intelligence and national security, and served as the Deputy Director
of the CIA for Digital Innovation from twenty nineteen through
twenty twenty four. She joins us from Virginia. So great
to have you with us. We've been dying to kind
of do a little bit of a deeper dive into
this story. This was a serious attack. I am curious
about how you are seeing it and kind of the
(01:27):
level that it seemed to be able to penetrate.
Speaker 3 (01:31):
Yeah, it's a great question, and thanks for the invitation today, Carol.
You hit the high points in the introduction. I think
that's really important. But I'm going to just shape it
slightly differently and say that I think we'll look back
on this breach as one of those milestone ones that
where you measure the developments of strategic attempts to infiltrate
(01:51):
our networks and our systems. We'll look back on it
like solar winds, like the exchange server.
Speaker 4 (01:57):
Compromise in twenty twenty one.
Speaker 3 (02:00):
So what is most interesting to me here is that
this was looked like an espionage operation, classic espionage to
collect information, sensitive data, intellectual property, you name, it launched
by three government affiliated entities, and then, as you mentioned,
just about six days ago, about six days ago, it
(02:20):
has flipped to ransomware. One of those three entities has
started dropping ransomware on affected servers and then you know,
demanding ransom extortion.
Speaker 4 (02:30):
So this is really something new that we've not seen previously.
Speaker 2 (02:34):
Can I just ask you China, you know Microsoft accusing
hackers associated with the Chinese government of breaking into computer
systems from your work in the government, it's China, our friend,
And I asked that kind of instantly, naively, but I
kind of know the answer. But tell me from a
government perspective, how you look at China and how especially
(02:54):
didn't we just open up in video chips to go
back to China, Like, how do you look at what
is the right relationship, especially with advanced technology American technology,
how we should be.
Speaker 3 (03:06):
Yeah, that's a really complex question, and I'm going to
hit it first from the cyber perspective, since as we're
talking about this massive breach today and in terms of
cyber capabilities, the People's Republic of China is amongst the
most capable, most aggressive, most ambitious, most well resourced kind
of actors anywhere in the world. If you took and
(03:27):
there's a scale issue here, if you took all of
the cyber actors affiliated with the Chinese government, it probably
outnumbers everything in the US and all of our allies
could bring to the fight together. The scale is really huge.
And these three entities that have been identified by Microsoft
are two the names don't really matter to all the
(03:49):
viewers perhaps, but Linen Typhoon and Violet Typhoon they've been
seen for a long time. They're considered advanced persistent threats.
They have their own apt moniker numbers. The other is
Storm twenty six oh three, if I'm not mistaken, twenty
six oh three, and that's less visible, and it hints
at this ecosystem that has taken shape in the People's
(04:09):
Republic of China, where they have scaled their cyber operations
globally by tapping into contract hackers. So each of these
government entities in each province around the country can then
reach out to contractors in pretty large numbers. And then
the other interesting thing in that is that within that
(04:30):
contractor ecosystem are also criminal actors. So there's this weird
overlap between government contract entities and criminal entities such that
the lines are becoming blurred. And that's one of the
really interesting things about this particular breach, because we're seeing
what looked like classic espionage sort of government on government
(04:52):
or China of course, considers commercial espionage to be national
security operations, so collecting on commercial interests, but then flipping
to ransomware that starts to raise questions about what's going.
Speaker 1 (05:03):
On here, Jennifer. I've been doing this show with Carol
for almost five years at this point, so I can
steal a question from you that I know you're thinking about.
It's something that you remind us of all the time, Carol,
and that's the idea that, wait a second, doesn't the
United States do stuff like this as well?
Speaker 4 (05:21):
I'm going to say no, yes, and no.
Speaker 3 (05:24):
Okay, So there's an understanding that in the world today
and then world forever, espionage is a reality, and that's
generally governments seeking information of strategic value about the plans
and intentions of adversaries and competitors around the world. That
(05:45):
has generally been within the realm of allowable activity, if
you will.
Speaker 4 (05:50):
So if I.
Speaker 3 (05:51):
Wanted to understand what a hostile government plans do to
harm the United States, and I had the hacking capability
to do that, that would generally be, let's say, within
the boundaries. What's different is that the PRC has a
different approach they do, as you know, hack US companies
on a very large scale. It's the greatest illegal transfer
(06:12):
of wealth and human history has been through IP theft
by the People's Republic of China from the United States
and companies here.
Speaker 4 (06:19):
That's not something that the US does.
Speaker 3 (06:21):
And when we look at what's happening with this particular
breach where you have government sponsored activity that has now
in the last six days flipped to be ransomware, that's
a whole other area.
Speaker 4 (06:34):
That's definitely something that the US government has not would
not do.
Speaker 2 (06:38):
So I'm going to go back to the second part
of my question. Then you know, we have once again
and video is going to be selling chips right into China.
So I'm just wondering what, you know, the thinking is,
if they're going to build it, build it on US technology, right,
like the tech war is on. But what's what's your
observation on this?
Speaker 3 (06:59):
So this is a really interesting one, and I'll try
to be very quick about it because it could be
deep and weedy here. But in essence, what we're seeing
is the emergence of two parallel digital ecosystems around the world.
One that's US innovation and our partners and allies around
the world, and it's rooted in concepts around democracy. So privacy,
(07:21):
we try privacy, data, sovereignty, security, independence, our sovereignty, you
name it. Another model, more digital authoritarian, is really modeled
around monitoring, controlling societies, and maintaining state power. And that
model is disseminating around the world through the infrastructure that
(07:42):
the People's Republic of China is selling largely in the
Global South, but not exclusively there. And so it's a
long way of saying that I really appreciated the CEO
of Nvidia's comments yesterday about how he wanted America to
maintain that lead and be the stand because this issue
of digital standards is really a battlefield for the future
(08:05):
of technological leadership and technological leadership in this way, in
my opinion, is really about global leadership, about superpower status,
and we're going to have to lead in digital technology
if we want to maintain that global lead more broadly.
And so I can see the logic. I'm not saying
good or bad, but I can see the logic behind
(08:25):
promoting American innovation and standards so that we can weaken
the emergence of that, say parallel digital ecosystem could compete
with us.
Speaker 1 (08:35):
Jennifer Winy have ten seconds left? Can you just give
us one tip to stay safe in an environment such
as this.
Speaker 3 (08:41):
Oh yeah, apply all your patches, immediately, rotate your encryption
keys if you're affected, and hunt for anything that might
be on your systems and unplug your system if you
think you might be affected while you're taking these measures.
Speaker 1 (08:54):
Okay, I said one thing that's for, But it's okay.
We're going to let you encryption keys. I'm going to
google this stuff. Oh thank god encrypted setting.
Speaker 2 (09:01):
Jennifer, come back real soon. This was fabulous. Jennifer you Bank,
founder of and Aman Strategic Advisors, joining us right here
on Bloomberg Business Week Daily
Bloomberg Audio Studios, Podcasts, radio News. You're listening to Bloomberg
BusinessWeek with Carol Masser and Tim Steneveek on Bloomberg Radio.
We begin this hour with the latest on the fallout
from the Microsoft SharePoint security issue. Microsoft saying that a
(00:21):
Chinese hacking group exploiting security vulnerabilities in the company's SharePoint
servers to deploy ransomware follows a cyber attack discovered last week. Carol,
this cyber attack has affected hundreds of entities around the world,
including about four hundred government agencies, corporations, and other groups.
That's according to estimates from the security firm I Security,
including the National Nuclear Security Administration.
Speaker 2 (00:43):
That's right, that USA agency is responsible for maintaining and
designing the nation's cash of nuclear weapons that was among
those breached. For more, let's bring in Jennifer Ubanks. She's
the founder of Adaman Strategic Advisors. They advised companies and
clients on cyber resilience, digital trends, information, and geopolitical risk.
She spent great background more than three decades and tech,
(01:05):
intelligence and national security, and served as the Deputy Director
of the CIA for Digital Innovation from twenty nineteen through
twenty twenty four. She joins us from Virginia. So great
to have you with us. We've been dying to kind
of do a little bit of a deeper dive into
this story. This was a serious attack. I am curious
about how you are seeing it and kind of the
(01:27):
level that it seemed to be able to penetrate.
Speaker 3 (01:31):
Yeah, it's a great question, and thanks for the invitation today, Carol.
You hit the high points in the introduction. I think
that's really important. But I'm going to just shape it
slightly differently and say that I think we'll look back
on this breach as one of those milestone ones that
where you measure the developments of strategic attempts to infiltrate
(01:51):
our networks and our systems. We'll look back on it
like solar winds, like the exchange server.
Speaker 4 (01:57):
Compromise in twenty twenty one.
Speaker 3 (02:00):
So what is most interesting to me here is that
this was looked like an espionage operation, classic espionage to
collect information, sensitive data, intellectual property, you name, it launched
by three government affiliated entities, and then, as you mentioned,
just about six days ago, about six days ago, it
(02:20):
has flipped to ransomware. One of those three entities has
started dropping ransomware on affected servers and then you know,
demanding ransom extortion.
Speaker 4 (02:30):
So this is really something new that we've not seen previously.
Speaker 2 (02:34):
Can I just ask you China, you know Microsoft accusing
hackers associated with the Chinese government of breaking into computer
systems from your work in the government, it's China, our friend,
And I asked that kind of instantly, naively, but I
kind of know the answer. But tell me from a
government perspective, how you look at China and how especially
(02:54):
didn't we just open up in video chips to go
back to China, Like, how do you look at what
is the right relationship, especially with advanced technology American technology,
how we should be.
Speaker 3 (03:06):
Yeah, that's a really complex question, and I'm going to
hit it first from the cyber perspective, since as we're
talking about this massive breach today and in terms of
cyber capabilities, the People's Republic of China is amongst the
most capable, most aggressive, most ambitious, most well resourced kind
of actors anywhere in the world. If you took and
(03:27):
there's a scale issue here, if you took all of
the cyber actors affiliated with the Chinese government, it probably
outnumbers everything in the US and all of our allies
could bring to the fight together. The scale is really huge.
And these three entities that have been identified by Microsoft
are two the names don't really matter to all the
(03:49):
viewers perhaps, but Linen Typhoon and Violet Typhoon they've been
seen for a long time. They're considered advanced persistent threats.
They have their own apt moniker numbers. The other is
Storm twenty six oh three, if I'm not mistaken, twenty
six oh three, and that's less visible, and it hints
at this ecosystem that has taken shape in the People's
(04:09):
Republic of China, where they have scaled their cyber operations
globally by tapping into contract hackers. So each of these
government entities in each province around the country can then
reach out to contractors in pretty large numbers. And then
the other interesting thing in that is that within that
(04:30):
contractor ecosystem are also criminal actors. So there's this weird
overlap between government contract entities and criminal entities such that
the lines are becoming blurred. And that's one of the
really interesting things about this particular breach, because we're seeing
what looked like classic espionage sort of government on government
(04:52):
or China of course, considers commercial espionage to be national
security operations, so collecting on commercial interests, but then flipping
to ransomware that starts to raise questions about what's going.
Speaker 1 (05:03):
On here, Jennifer. I've been doing this show with Carol
for almost five years at this point, so I can
steal a question from you that I know you're thinking about.
It's something that you remind us of all the time, Carol,
and that's the idea that, wait a second, doesn't the
United States do stuff like this as well?
Speaker 4 (05:21):
I'm going to say no, yes, and no.
Speaker 3 (05:24):
Okay, So there's an understanding that in the world today
and then world forever, espionage is a reality, and that's
generally governments seeking information of strategic value about the plans
and intentions of adversaries and competitors around the world. That
(05:45):
has generally been within the realm of allowable activity, if
you will.
Speaker 4 (05:50):
So if I.
Speaker 3 (05:51):
Wanted to understand what a hostile government plans do to
harm the United States, and I had the hacking capability
to do that, that would generally be, let's say, within
the boundaries. What's different is that the PRC has a
different approach they do, as you know, hack US companies
on a very large scale. It's the greatest illegal transfer
(06:12):
of wealth and human history has been through IP theft
by the People's Republic of China from the United States
and companies here.
Speaker 4 (06:19):
That's not something that the US does.
Speaker 3 (06:21):
And when we look at what's happening with this particular
breach where you have government sponsored activity that has now
in the last six days flipped to be ransomware, that's
a whole other area.
Speaker 4 (06:34):
That's definitely something that the US government has not would
not do.
Speaker 2 (06:38):
So I'm going to go back to the second part
of my question. Then you know, we have once again
and video is going to be selling chips right into China.
So I'm just wondering what, you know, the thinking is,
if they're going to build it, build it on US technology, right,
like the tech war is on. But what's what's your
observation on this?
Speaker 3 (06:59):
So this is a really interesting one, and I'll try
to be very quick about it because it could be
deep and weedy here. But in essence, what we're seeing
is the emergence of two parallel digital ecosystems around the world.
One that's US innovation and our partners and allies around
the world, and it's rooted in concepts around democracy. So privacy,
(07:21):
we try privacy, data, sovereignty, security, independence, our sovereignty, you
name it. Another model, more digital authoritarian, is really modeled
around monitoring, controlling societies, and maintaining state power. And that
model is disseminating around the world through the infrastructure that
(07:42):
the People's Republic of China is selling largely in the
Global South, but not exclusively there. And so it's a
long way of saying that I really appreciated the CEO
of Nvidia's comments yesterday about how he wanted America to
maintain that lead and be the stand because this issue
of digital standards is really a battlefield for the future
(08:05):
of technological leadership and technological leadership in this way, in
my opinion, is really about global leadership, about superpower status,
and we're going to have to lead in digital technology
if we want to maintain that global lead more broadly.
And so I can see the logic. I'm not saying
good or bad, but I can see the logic behind
(08:25):
promoting American innovation and standards so that we can weaken
the emergence of that, say parallel digital ecosystem could compete
with us.
Speaker 1 (08:35):
Jennifer Winy have ten seconds left? Can you just give
us one tip to stay safe in an environment such
as this.
Speaker 3 (08:41):
Oh yeah, apply all your patches, immediately, rotate your encryption
keys if you're affected, and hunt for anything that might
be on your systems and unplug your system if you
think you might be affected while you're taking these measures.
Speaker 1 (08:54):
Okay, I said one thing that's for, But it's okay.
We're going to let you encryption keys. I'm going to
google this stuff. Oh thank god encrypted setting.
Speaker 2 (09:01):
Jennifer, come back real soon. This was fabulous. Jennifer you Bank,
founder of and Aman Strategic Advisors, joining us right here
on Bloomberg Business Week Daily
Hosts And Creators
Tim Stenovec
Carol Massar
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Special Summer Offer: Exclusively on Apple Podcasts, try our Dateline Premium subscription completely free for one month! With Dateline Premium, you get every episode ad-free plus exclusive bonus content.
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.