Chinese hackers stole sensitive data and gained access to internal systems
Pro
Image: Shutterstock via Dennis
A wave of cyberattacks targeting Microsoft SharePoint servers has put hundreds of organisations worldwide at risk, including US government agencies.
Groups of Chinese hackers, reportedly state-sponsored, exploited vulnerabilities in on-premises SharePoint servers. This allowed them to steal sensitive data and gain access to internal systems. The attacks, which began on 7 July, affected more than 400 entities, mainly in the United States. Among the victims was the National Nuclear Security Administration, responsible for overseeing US nuclear weapons.
Microsoft has identified three groups involved in the attacks – Linen Typhoon and Violet Typhoon, both known as Chinese government actors with a history of intellectual property theft and espionage, and Storm-2603, which is suspected to be based in China.
Microsoft has released security updates and is urging all on-premises SharePoint users to install them immediately. The company warned that unpatched systems remain vulnerable to ongoing attacks from these and potentially other hacker groups.
The Dutch cyber security firm Eye Security confirmed the widespread nature of the attacks and reported dozens of compromised SharePoint servers after analyzing more than 8,000 publicly accessible systems. The company also observed unusual activity on a client’s server on 18 July, which led to further investigation into the coordinated campaign.
Business AM