The tech giant has issued security updates while investigations continue into the incidents affecting various sectors globally.
**Chinese Hackers Target Microsoft SharePoint Servers, Firm Reveals**
**Chinese Hackers Target Microsoft SharePoint Servers, Firm Reveals**
Microsoft reports that Chinese cyber groups have exploited vulnerabilities in their on-premises SharePoint.
Chinese threat actors have successfully infiltrated Microsoft's SharePoint document software servers, specifically targeting on-premises systems used by a range of businesses, according to the company. Among those identified are state-sponsored groups Linen Typhoon and Violet Typhoon, alongside a third group known as Storm-2603. These actors took advantage of specific vulnerabilities before Microsoft was able to issue a patch for its servers.
As a response, Microsoft has urged all organizations using the affected on-premises SharePoint servers to apply the newly released security updates promptly. The company noted its "high confidence" that hackers would likely continue to exploit systems lacking the necessary updates.
In a statement, Microsoft mentioned that investigations remain underway to identify other potential parties utilizing these same exploitations. Notably, the firm observed malicious activities whereby hackers sent requests to SharePoint servers, leading to the theft of sensitive information.
Cybersecurity experts are aware of numerous victims across different industries and regions, many of which include various governments and enterprises utilizing SharePoint. Mandiant Consulting's CTO, Charles Carmakal, emphasized the opportunistic nature of these attacks occurring just before a patch was made available.
The report elaborated on the activities of the Chinese-backed Linen Typhoon, which for more than a decade has been focused on intellectual property theft, particularly from organizations involved in government and defense. Similarly, Violet Typhoon has concentrated on espionage, targeting a wide network, including nonprofit organizations, media, and various sectors across the US, Europe, and East Asia. Storm-2603 has been classified with medium confidence as a Chinese-linked cyber threat.
As these developments unfold, Microsoft plans to continuously update its blog with further details stemming from their ongoing investigation.
As a response, Microsoft has urged all organizations using the affected on-premises SharePoint servers to apply the newly released security updates promptly. The company noted its "high confidence" that hackers would likely continue to exploit systems lacking the necessary updates.
In a statement, Microsoft mentioned that investigations remain underway to identify other potential parties utilizing these same exploitations. Notably, the firm observed malicious activities whereby hackers sent requests to SharePoint servers, leading to the theft of sensitive information.
Cybersecurity experts are aware of numerous victims across different industries and regions, many of which include various governments and enterprises utilizing SharePoint. Mandiant Consulting's CTO, Charles Carmakal, emphasized the opportunistic nature of these attacks occurring just before a patch was made available.
The report elaborated on the activities of the Chinese-backed Linen Typhoon, which for more than a decade has been focused on intellectual property theft, particularly from organizations involved in government and defense. Similarly, Violet Typhoon has concentrated on espionage, targeting a wide network, including nonprofit organizations, media, and various sectors across the US, Europe, and East Asia. Storm-2603 has been classified with medium confidence as a Chinese-linked cyber threat.
As these developments unfold, Microsoft plans to continuously update its blog with further details stemming from their ongoing investigation.
