A recent report by Microsoft has revealed a significant security breach, attributed to Chinese hacking groups targeting its SharePoint document software servers, with investigations into other potential threats still underway.
Microsoft Servers Compromised by Chinese Hackers, Firm Warns
Microsoft Servers Compromised by Chinese Hackers, Firm Warns
Chinese threat actors exploit vulnerabilities in Microsoft's SharePoint software to access sensitive business data.
Microsoft has confirmed that multiple Chinese state-backed groups, namely Linen Typhoon, Violet Typhoon, and the China-based Storm-2603, have successfully hacked into on-premises SharePoint servers—systems widely used by various businesses to manage documents and collaborative projects. The US technology giant has subsequently issued urgent security updates, urging all customers using on-site SharePoint servers to implement these patches immediately.
The firm expressed "high confidence" that the hackers will persist in their attempts to infiltrate systems that have yet to install the latest updates. Microsoft indicated that it has already observed attacks in which hackers manipulated SharePoint server requests, gaining unauthorized access to critical data.
Charles Carmakal, Chief Technology Officer at Mandiant Consulting, noted that several victims across diverse sectors and regions have been identified, suggesting that both governmental and corporate entities utilizing SharePoint are the primary targets in this sophisticated cyber campaign.
The nature of the breach allows adversaries to steal cryptographically coded material from the compromised SharePoint servers, leading to extended access to sensitive data for the attackers. Carmakal remarked on the opportunistic timing of the exploit, emphasizing the significance of swift actions in response to potential vulnerabilities.
Furthermore, Microsoft detailed the long-standing focus of these Chinese groups on stealing intellectual property, primarily from organizations linked to government, defense, and human rights sectors. Both Linen and Violet Typhoon have been active in espionage tactics for over a decade, targeting various organizations including NGOs, educational institutions, and media outlets.
In light of this breach, Microsoft continues to monitor the situation closely, pledging to provide timely updates on its blog as investigations progress.
The firm expressed "high confidence" that the hackers will persist in their attempts to infiltrate systems that have yet to install the latest updates. Microsoft indicated that it has already observed attacks in which hackers manipulated SharePoint server requests, gaining unauthorized access to critical data.
Charles Carmakal, Chief Technology Officer at Mandiant Consulting, noted that several victims across diverse sectors and regions have been identified, suggesting that both governmental and corporate entities utilizing SharePoint are the primary targets in this sophisticated cyber campaign.
The nature of the breach allows adversaries to steal cryptographically coded material from the compromised SharePoint servers, leading to extended access to sensitive data for the attackers. Carmakal remarked on the opportunistic timing of the exploit, emphasizing the significance of swift actions in response to potential vulnerabilities.
Furthermore, Microsoft detailed the long-standing focus of these Chinese groups on stealing intellectual property, primarily from organizations linked to government, defense, and human rights sectors. Both Linen and Violet Typhoon have been active in espionage tactics for over a decade, targeting various organizations including NGOs, educational institutions, and media outlets.
In light of this breach, Microsoft continues to monitor the situation closely, pledging to provide timely updates on its blog as investigations progress.
