The tech giant urges on-premises server customers to install security updates while investigations continue into other potential actors exploiting these vulnerabilities.
**Chinese Hacking Groups Target Microsoft SharePoint Servers, Company Confirms**
**Chinese Hacking Groups Target Microsoft SharePoint Servers, Company Confirms**
In a recent disclosure, Microsoft reveals that Chinese state-backed groups have breached its SharePoint servers, posing threats to business data.
Microsoft has officially reported that its SharePoint document software servers have been compromised by Chinese hacking groups, including state-backed Linen Typhoon and Violet Typhoon, as well as the China-based group Storm-2603. These actors have taken advantage of specific vulnerabilities in the on-premises version of SharePoint, which many businesses still use, although the cloud-based services were not affected.
To mitigate the impact of these breaches, Microsoft has rolled out essential security updates and strongly encourages all users of on-premises SharePoint servers to implement them. The organization expressed "high confidence" that these hackers would maintain persistent attempts to exploit systems that are not yet secured with the latest updates.
According to Microsoft, the intrusions involved sending requests to the SharePoint server that enabled the theft of critical cryptographic keys. Charles Carmakal, the chief technology officer at Mandiant Consulting, noted that several sectors globally have fallen victim to these attacks, predominantly affecting organizations related to governmental and defense operations.
The modus operandi of the attackers appears to mirror prior campaigns linked to China, primarily aimed at stealing intellectual property. Notably, Linen Typhoon has allegedly targeted various sectors for 13 years, focusing on government-related entities, strategic organizations, and advocates for human rights.
In contrast, Violet Typhoon is reported to have centered its espionage activities on former military personnel, NGOs, and multiple educational and financial institutions across the United States, Europe, and East Asia. While Storm-2603's activities have been assessed with medium confidence to be linked to China, ongoing investigations aim to uncover more about the breadth and nature of these cyber threats.
To mitigate the impact of these breaches, Microsoft has rolled out essential security updates and strongly encourages all users of on-premises SharePoint servers to implement them. The organization expressed "high confidence" that these hackers would maintain persistent attempts to exploit systems that are not yet secured with the latest updates.
According to Microsoft, the intrusions involved sending requests to the SharePoint server that enabled the theft of critical cryptographic keys. Charles Carmakal, the chief technology officer at Mandiant Consulting, noted that several sectors globally have fallen victim to these attacks, predominantly affecting organizations related to governmental and defense operations.
The modus operandi of the attackers appears to mirror prior campaigns linked to China, primarily aimed at stealing intellectual property. Notably, Linen Typhoon has allegedly targeted various sectors for 13 years, focusing on government-related entities, strategic organizations, and advocates for human rights.
In contrast, Violet Typhoon is reported to have centered its espionage activities on former military personnel, NGOs, and multiple educational and financial institutions across the United States, Europe, and East Asia. While Storm-2603's activities have been assessed with medium confidence to be linked to China, ongoing investigations aim to uncover more about the breadth and nature of these cyber threats.
