Microsoft has disclosed a serious security breach involving its SharePoint servers, attributed to Chinese hacking groups, impacting numerous businesses across various sectors.
Microsoft Reveals Chinese Hackers Targeting SharePoint Servers
Microsoft Reveals Chinese Hackers Targeting SharePoint Servers
Security breach affects businesses as Microsoft uncovers infiltration by Chinese state-backed groups.
Chinese "threat actors" have successfully infiltrated Microsoft's SharePoint document software servers, posing a significant risk to the data of various businesses utilizing the platform. As confirmed by Microsoft, state-backed groups including Linen Typhoon and Violet Typhoon, along with the China-based Storm-2603, have exploited existing vulnerabilities in on-premises SharePoint servers, which are widely used by enterprise customers, though their cloud-based services remain unaffected.
In response to the breach, the tech giant has released crucial security updates and advised all on-premises SharePoint server users to implement them immediately. "Our investigations are ongoing as we assess other potential actors who may be utilizing these exploits," Microsoft noted. The firm expressed "high confidence" that the hack would continue to pose a threat to systems where these security updates are not applied.
Microsoft detailed a troubling trend where hackers were able to send requests to SharePoint servers, thereby facilitating the theft of key materials from their victims. Charles Carmakal, Chief Technology Officer at Mandiant, a Google Cloud subsidiary, revealed that multiple victims across varied sectors and global regions had been targeted, suggesting that both governmental and business entities using SharePoint were under threat.
Carmakal also indicated that adversaries stole encrypted material, allowing them to maintain ongoing access to compromised SharePoint data. "This has been exploited broadly and opportunistically before patches were available, underscoring its significance," he emphasized.
According to Microsoft, Linen Typhoon has spent 13 years focusing on intellectual property theft, specifically targeting organizations linked to government, defense, strategic planning, and human rights. Meanwhile, Violet Typhoon has concentrated on espionage efforts, predominantly at past government and military personnel, NGOs, think tanks, academic institutions, media organizations, the financial sector, and healthcare in the US, Europe, and East Asia. Additionally, Storm-2603 has been assessed as a medium-confidence China-based threat actor.
