Tech giant Microsoft on Tuesday said that three groups of China-based hackers were behind an ongoing cyberattack on its SharePoint file-sharing system.
The Microsoft Security Response Center first published a blog about the attack against on-premises SharePoint servers on July 19, explaining that the attackers exploited vulnerabilities related to spoofing and remote code execution. SharePoint is a document-sharing platform that aims to allow users to securely share information within an organization and boost collaboration.
In an update posted on Tuesday, Microsoft pointed to three China-based hacking groups as being responsible for the cyberattack.
“As of this writing, Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting these vulnerabilities targeting internet-facing Sharepoint servers,” Microsoft wrote. “In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities.”
CYBERSECURITY EXPERTS WARN OF INCREASINGLY ‘TREACHEROUS’ LANDSCAPE AS MAJOR BRANDS FALL VICTIM TO ATTACKS
Microsoft’s post noted that the Linen Typhoon hacking group has been active since 2012 and focused on intellectual property theft with a particular emphasis on organizations linked to the government, defense, strategic planning and human rights.
Linen Typhoon is known for what Microsoft described as “drive-by compromises and historically has relied on existing exploits to compromise organizations.”
| Ticker | Security | Last | Change | Change % |
|---|---|---|---|---|
| MSFT | MICROSOFT CORP. | 505.87 | +0.60 | +0.12% |
The Violet Typhoon group has been active in hacking operations since 2015 and has been more focused on espionage.
Microsoft said the group has targeted former government and military personnel, non-governmental organizations, think tanks, higher education, digital and print media, as well as the financial and healthcare sectors in the U.S., Europe and East Asia.
HACKERS TARGET INSURANCE GIANT IN ONGOING INDUSTRY CYBER SPREE
Microsoft said Violet Typhoon looks for vulnerabilities in the exposed web infrastructure of its target organizations to exploit weaknesses and install web shells.
It also identified Storm-2063 as participating in the breach, which it assessed as being a China-based threat actor with medium confidence and noted it hasn’t identified links between that group and other known Chinese hacking groups.
The company added that while it has observed the group deploying ransomware in the past, it isn’t currently able to confidently assess its objectives.
Microsoft said it has released security updates to fully protect customers using all versions of SharePoint and that customers should apply those updates immediately.
Read the full article here
