Microsoft has confirmed that several recent cyberattacks targeting SharePoint servers have been linked to Chinese state-affiliated hacking groups.
In a new security blog post, Microsoft identified two known threat actors, Linen Typhoon and Violet Typhoon, actively exploiting a vulnerability in internet-facing SharePoint servers. Another China-based group, tracked as Storm-2603, has also been observed leveraging the same exploit. Microsoft says investigations are still ongoing to determine the full scope of the activity.
According to cybersecurity firm Eye Security, at least 54 organizations have already been compromised, including a private university, an energy provider in California, and a federal health agency. Anonymous sources familiar with the attacks told The Washington Post that some intrusion attempts were traced back to IP addresses originating in China.
Microsoft has released a security patch for SharePoint 2016 and has now addressed all versions affected by the zero-day flaw. The company warned that it has “high confidence” attackers will continue exploiting unpatched systems now that details about the vulnerability are public.
Originally disclosed by Eye Security last week, the flaw enables hackers to access on-premises SharePoint servers, steal data, harvest credentials, and move laterally across connected networks.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
