The cybersecurity breach highlights vulnerabilities in on-premises software and raises concerns over espionage and data security across various sectors.
**Microsoft's SharePoint Servers Breached by Chinese Hackers, Company Reports**
**Microsoft's SharePoint Servers Breached by Chinese Hackers, Company Reports**
Microsoft confirms that Chinese threat actors have infiltrated its SharePoint servers, targeting numerous businesses globally.
In a recent statement, Microsoft revealed that its SharePoint document software servers were compromised by Chinese hacking groups, including state-backed Linen Typhoon, Violet Typhoon, and the China-based Storm-2603. These threat actors exploited vulnerabilities in on-premises SharePoint servers, which are commonly used by private sector firms, but notably did not target Microsoft's cloud-based services.
In response to this breach, the tech giant has rolled out security updates and urged all clients utilizing on-premises SharePoint servers to implement these fixes promptly. Microsoft's warning stems from its "high confidence" that the attackers will persistently seek to exploit systems that remain unpatched. The investigation into other potential actors using these exploits continues as they monitor the situation closely.
Microsoft detailed a method where the hackers could make requests to SharePoint servers, facilitating the theft of encryption key materials. According to Charles Carmakal, the chief technology officer at Mandiant Consulting, the breach has impacted several victims across various sectors globally, highlighting governmental and business entities utilizing SharePoint as primary targets for these attacks.
Carmakal remarked on the broad and opportunistic nature of the exploits leading up to the introduction of the necessary patches, indicating the significance of the breach's timing. He emphasized the similarity of techniques employed by these China-linked actors to past campaigns attributed to Beijing.
Microsoft's report noted that Linen Typhoon has been engaged in intellectual property theft for over 13 years, primarily focusing on organizations involved in government, defense, strategic planning, and human rights. The firm stated that Violet Typhoon's activities are primarily espionage-driven, targeting former government and military personnel, NGOs, think tanks, educational institutions, media, financial, and healthcare sectors across the US, Europe, and East Asia. Storm-2603 is assessed to be a China-based threat actor with medium confidence.
This breach concludes another chapter in the ongoing battle between cybersecurity and global espionage, spotlighting the realities of digital vulnerabilities and international relations in technology.
In response to this breach, the tech giant has rolled out security updates and urged all clients utilizing on-premises SharePoint servers to implement these fixes promptly. Microsoft's warning stems from its "high confidence" that the attackers will persistently seek to exploit systems that remain unpatched. The investigation into other potential actors using these exploits continues as they monitor the situation closely.
Microsoft detailed a method where the hackers could make requests to SharePoint servers, facilitating the theft of encryption key materials. According to Charles Carmakal, the chief technology officer at Mandiant Consulting, the breach has impacted several victims across various sectors globally, highlighting governmental and business entities utilizing SharePoint as primary targets for these attacks.
Carmakal remarked on the broad and opportunistic nature of the exploits leading up to the introduction of the necessary patches, indicating the significance of the breach's timing. He emphasized the similarity of techniques employed by these China-linked actors to past campaigns attributed to Beijing.
Microsoft's report noted that Linen Typhoon has been engaged in intellectual property theft for over 13 years, primarily focusing on organizations involved in government, defense, strategic planning, and human rights. The firm stated that Violet Typhoon's activities are primarily espionage-driven, targeting former government and military personnel, NGOs, think tanks, educational institutions, media, financial, and healthcare sectors across the US, Europe, and East Asia. Storm-2603 is assessed to be a China-based threat actor with medium confidence.
This breach concludes another chapter in the ongoing battle between cybersecurity and global espionage, spotlighting the realities of digital vulnerabilities and international relations in technology.
