China-linked hackers hit Southeast Asian diplomats | Microsoft staff protest Israel ties, occupy president’s office | Whistleblower warns US Social Security records uploaded to insecure cloud
Summary
Three major items dominate this briefing: Google attributes a targeted cyber-espionage campaign against Southeast Asian diplomats to a China-linked group; current and former Microsoft employees staged a sit-in inside the company president’s office to demand cutting ties with the Israeli government; and a Social Security Administration whistleblower alleges a live copy of US Social Security records was uploaded to a vulnerable cloud server, exposing hundreds of millions of records.
Key Points
- Google’s Threat Intelligence Group links a campaign against Southeast Asian diplomats to UNC6384, using social engineering and malicious updates to steal data.
- The attacks appear geopolitically motivated, aligning with interests attributed to China in the region.
- Microsoft temporarily locked down Building 34 after staff protesters entered Brad Smith’s office and livestreamed a sit-in demanding the company sever ties with the Israeli government.
- Charles Borges, former SSA chief data officer, filed a whistleblower complaint saying a live copy of the Social Security database was uploaded to a cloud environment that bypassed oversight.
- That alleged upload — by the Department of Government Efficiency (DOGE) — could put personal data for most Americans at risk if the cloud server was insecure.
- Related alerts in the newsletter highlight ongoing threats: targeted Dire Wolf ransomware warnings and widespread data-theft campaigns against Salesforce customers using stolen OAuth tokens.
Content summary
Google says a China-linked actor, tracked as UNC6384, ran a targeted espionage campaign earlier this year against diplomats in Southeast Asia. The operation employed social-engineering and malware disguised as software updates to gain footholds and exfiltrate information.
At Microsoft’s Redmond campus, current and former employees organised a sit-in inside the office of company president Brad Smith. Protesters livestreamed their entry into Building 34, unfurled banners and demanded that Microsoft cut ties with the Israeli government. The company temporarily locked down the building while security and management responded.
In Washington, a high-level Social Security Administration official turned whistleblower alleges that members of the Department of Government Efficiency uploaded a live copy of Social Security records to a cloud server that circumvented normal oversight and left the data vulnerable. The complaint says this affected hundreds of millions of records, potentially exposing sensitive personal information.
Context and relevance
These stories tie into three broader trends: state-aligned cyber-espionage targeting diplomats and regional influence; rising employee activism inside Big Tech over political ties and contracts; and growing concerns about how governments handle sensitive citizen data in commercial cloud environments. Each story underscores the intersection of geopolitics, corporate governance and data security that is shaping policy and incident response worldwide.
Why should I read this?
Short version — because it’s where geopolitics, corporate power and everyday data security collide. If you care about regional security, tech company behaviour, or whether your personal data is being handled sensibly by governments, these three items give you a quick, useful snapshot of risks and flashpoints to watch.
Author style
Punchy: these are not niche briefs. The China-linked espionage claim and the Social Security whistleblower alone demand attention from policymakers, security teams and anyone running or relying on cloud-hosted data. The Microsoft protest signals growing internal pressure on tech firms — another factor that will shape corporate decisions and public policy.
Source
Source: https://aspicts.substack.com/p/china-linked-hackers-hit-southeast
