Cyber Infiltration: Chinese Hackers Target Microsoft SharePoint Servers

Microsoft disclosed a serious security breach where Chinese threat actors hacked several SharePoint servers used by businesses, exploiting vulnerabilities that specifically affect on-premises servers. The hackers include state-backed groups such as Linen Typhoon, Violet Typhoon, and the China-based Storm-2603. Unlike cloud-based services, these targeted servers belong to firms that rely on their own infrastructure, indicating a significant risk for many organizations. In response, Microsoft has released security updates and emphasized the importance of installation to prevent further attacks.

A spokesman from the Chinese embassy in the US has asserted that China opposes cybercrime and denied the allegations, criticizing the lack of solid evidence behind these claims. However, Microsoft remains confident that cyber attackers will continue to exploit systems that have not updated their security measures. Observations made by Microsoft reveal that hackers have successfully sent requests to SharePoint servers, facilitating the theft of sensitive key materials.

The UK’s National Cyber Security Centre confirmed that several SharePoint customers in the UK were affected by the breaches. Charles Carmakal, chief technology officer at Mandiant, noted that the attacks targeted various sectors globally, including those in government and business. He highlighted the opportunistic nature of the attacks, occurring just before a patch was made available, marking this event as significant.

Historically, Linen Typhoon has focused on stealing intellectual property, targeting organizations involved in government and defense, while Violet Typhoon has primarily engaged in espionage, going after NGOs, educational institutions, media, and sectors like health and finance. The concerns raised by this incident underline the persistent threat posed by state-backed cyber actors and the importance of strengthening cybersecurity measures across all sectors.