As the old saying goes, it never rains but it pours. And, seeing how we’re based in the UK, it would be fitting that the month this most accurately described in 2025 so far has been July.
In the past four weeks, two almighty security stories have broken, with far-reaching implications for the tech sector and beyond. First, we learned that the China-backed hacking group Salt Typhoon had critically breached the US National Guard for more than a year – and has potentially gone undetected in other US military networks.
Later in the month, Microsoft revealed a major vulnerability in on-premises Sharepoint servers, sounding the alarm for users to patch with urgency – but the days after have seen attack after successful attack carried out.
In this episode Jane welcomes back Ross Kelly, ITPro’s news and analysis editor, to explore what happened to make July such a bad month for cybersecurity.
Highlights
"The figures from the DoD report are quite concerning the exfiltrated network configuration files to "enable cyber intrusion elsewhere". And between January 2023 and March 2024, [they] stole 1400 plus configuration files – those are associated with 70 US government critical infrastructure, identities, 12 sectors. You know, that's devastating."
"We keep seeing incidents like this and there was a similar incident by a similarly named group, Volt Typhoon, which managed to stay under the radar in the US electric grid for around a year. So this is precisely what these state affiliated, I guess you could say, groups intend to do. They like to dig their claws into something and see how it, to put it very casually, see how it goes. "
"I think it's safe to say Microsoft said 'patch now, please, please patch'. It's worth noting as well that Microsoft admitted that it saw hackers trying to exploit this flaw as early as 7 July."
Footnotes
- ‘All US forces must now assume their networks are compromised’ after Salt Typhoon breach
- FCC orders telcos to sharpen up security after Salt Typhoon chaos
- UK cyber experts on red alert after Salt Typhoon attacks on US telcos
- Salt Typhoon hacker group recorded conversations of ‘very senior’ US political figures
- 300 days under the radar: How Volt Typhoon eluded detection in the US electric grid for nearly a year
- Microsoft’s new SharePoint vulnerability – everything you need to know
- NCSC says ‘limited number’ of UK firms affected by SharePoint attack as global impact spreads
- SharePoint flaw: Microsoft says hackers deploying ransomware
Subscribe
- Subscribe to The IT Pro Podcast on Apple Podcasts
- Subscribe to The IT Pro Podcast on Spotify
- Subscribe to the IT Pro newsletter
- Join us on LinkedIn
-
Let’s talk about digital sovereigntyIn the age of AI and cloud, where data resides is a key consideration
-
Can cyber group takedowns last?ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
Can the UK ban ransomware payments?ITPro Podcast Attempts to cut off ransomware group profits could instead harm businesses
-
We need to talk about operational technologyITPro Podcast Groups like Volt Typhoon are abusing poor hygiene in critical infrastructure to pre-position for attacks
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
April rundown: MITRE frights and Microsoft launches Recall (again)ITPro Podcast As CISA delivered an eleventh-hour reprieve for the CVE database, AWS reportedly began to pause some data center leases
-
The new era of cyber threatsITPro Podcast With AI-powered attacks and state-backed groups, security teams face face a new wave of sophisticated threats
-
Supply chain scares and Google’s AI codeITPro Podcast As the ransomware attack on Blue Yonder disrupts a wide range of firms, Google moves to lead by example on internal AI code
