Microsoft announced that SharePoint document software servers were hacked by Chinese “threat actors,” resulting in the targeting of businesses’ data.
It was reported that the Chinese state-backed Linen Typhoon and Violet Typhoon and China-based Storm–2603 groups exploited vulnerabilities in local SharePoint servers used by companies.
However, these attacks did not affect Microsoft’scloud-based service.The US technology giant released security updates in response to this situation and urged all local SharePoint server users to install these updates.
Microsoft stated, “Investigations are ongoing into whether other actors have also exploited these vulnerabilities.” Microsoft indicated that it is highly likely that attackers will continue to target systems that have not installed security updates and announced that it will update its blog with more information. The company stated that it observed that “key materials were stolen” through a request sent by hackers to SharePoint servers. Charles Carmakal, the head of technology at Mandiant Consulting, a Google Cloud company, told the BBC, “Many victims across many different sectors and geographies have been affected.” He stated that “that it is”. Carmakal stated that governments and companies using SharePoint were the primary targets.He added that after stealing the encrypted materials, the attackers gained persistent access to the victims’ SharePoint data.
Carmakal said the attack was “very widespread, opportunistic, and therefore significant.”
Microsoft stated that the Linen Typhoon group had been “targeting government, defense, strategic planning, and human rights organizations for 13 years to steal intellectual property.” It was stated that Violet Typhoon was spying by targeting former government and military personnel, NGOs, think tanks, higher education, media, finance and health sectors.
Storm-2603 was assessed as a China-based threat actor with moderate confidence.
