Microsoft leak may have helped Chinese hackers exploit SharePoint vulnerabilities
Microsoft is checking if its own cybersecurity partner program accidentally tipped off Chinese hackers about serious SharePoint flaws before they were fully fixed in July 2023.
Even with patches rolling out, three China-linked groups—Linen Typhoon, Violet Typhoon, and Storm-2603—jumped on the vulnerabilities as soon as July 7, hitting government, telecom, and tech targets around the world with data theft and ransomware attacks.
MAPP leak suspected
The trouble started when Microsoft shared early warnings with partners through its MAPP system in late June and early July.
But hacking attempts began the very day of the last alert.
The original bug was spotted by Vietnamese researcher Dinh Ho Anh Khoa back in May.
Experts now think someone inside MAPP may have leaked details that sped up these attacks—a deja vu from a similar breach in 2012.
Attackers can plant ransomware without even logging in
This flaw let attackers break into SharePoint without even logging in, giving them access to sensitive files or letting them plant ransomware like Warlock.
Big US agencies—including multiple federal agencies—were targeted.
Microsoft is urging everyone to patch fast and is sharing extra tips to help spot or block these hacks.
```