Microsoft identified multiple Chinese-backed groups as key players in ongoing cyber threats, urging immediate security updates.
**Microsoft's SharePoint Servers Compromised by Chinese Hacking Groups**
**Microsoft's SharePoint Servers Compromised by Chinese Hacking Groups**
Chinese cyber espionage actors exploited vulnerabilities in Microsoft’s SharePoint, targeting businesses worldwide.
Chinese "threat actors" have reportedly breached Microsoft's SharePoint document software servers, putting the data of numerous businesses at risk, according to the tech giant. The offensive involved state-backed groups, including Linen Typhoon and Violet Typhoon, as well as the China-linked Storm-2603. These hackers exploited vulnerabilities specifically in on-premises SharePoint servers, which are typically used by organizations, but did not affect Microsoft's cloud-based services.
In response to the breaches, Microsoft has released necessary security updates and strongly advised all customers operating on-premises SharePoint servers to implement these updates promptly. "Investigations into other actors potentially exploiting these vulnerabilities are ongoing," Microsoft stated, emphasizing their "high confidence" that attackers would persist in targeting unprotected systems.
According to Mandiant's Chief Technology Officer, Charles Carmakal, various sectors across different global regions appear to be affected by these attacks. He indicated that governments and organizations using SharePoint on their infrastructure are the primary targets of these cyber incursions. Carmakal detailed how adversaries had been able to gain ongoing access to sensitive data after the theft of cryptographic key material from SharePoint servers.
"This exploitation was carried out opportunistically, prior to the release of a necessary patch, which underscores its significance," he noted. Furthermore, the patterns of attack suggest a connection to prior campaigns attributed to Beijing.
Microsoft stated that Linen Typhoon has concentrated on acquiring intellectual property, particularly from organizations aligned with government, defense, strategic planning, and human rights for over 13 years. Meanwhile, Violet Typhoon has been dedicated to espionage, targeting former government and military personnel, NGOs, think tanks, as well as sectors like finance and health across the US, Europe, and East Asia. Storm-2603 has been assessed with medium confidence as a China-based threat actor.
In related news, Microsoft is also facing potential workforce reductions and other legal challenges.
In response to the breaches, Microsoft has released necessary security updates and strongly advised all customers operating on-premises SharePoint servers to implement these updates promptly. "Investigations into other actors potentially exploiting these vulnerabilities are ongoing," Microsoft stated, emphasizing their "high confidence" that attackers would persist in targeting unprotected systems.
According to Mandiant's Chief Technology Officer, Charles Carmakal, various sectors across different global regions appear to be affected by these attacks. He indicated that governments and organizations using SharePoint on their infrastructure are the primary targets of these cyber incursions. Carmakal detailed how adversaries had been able to gain ongoing access to sensitive data after the theft of cryptographic key material from SharePoint servers.
"This exploitation was carried out opportunistically, prior to the release of a necessary patch, which underscores its significance," he noted. Furthermore, the patterns of attack suggest a connection to prior campaigns attributed to Beijing.
Microsoft stated that Linen Typhoon has concentrated on acquiring intellectual property, particularly from organizations aligned with government, defense, strategic planning, and human rights for over 13 years. Meanwhile, Violet Typhoon has been dedicated to espionage, targeting former government and military personnel, NGOs, think tanks, as well as sectors like finance and health across the US, Europe, and East Asia. Storm-2603 has been assessed with medium confidence as a China-based threat actor.
In related news, Microsoft is also facing potential workforce reductions and other legal challenges.
