Microsoft confirms Chinese hackers breached SharePoint servers
What's the story
Microsoft has confirmed that its SharePoint document software servers were hacked by Chinese "threat actors." The attack was carried out by state-backed groups 'Linen Typhoon' and 'Violet Typhoon,' as well as China-based 'Storm-2603.' They exploited vulnerabilities in on-premises SharePoint servers used by businesses. However, the cloud-based service of Microsoft remained unaffected.
Response measures
Microsoft has released security updates
In light of the breach, Microsoft has released security updates and urged all on-premises SharePoint server customers to install them. The tech giant said it has "high confidence" that the hackers will continue to target systems that have not installed its security updates. "Investigations into other actors also using these exploits are still ongoing," Microsoft said in a statement.
Attack details
Governments, businesses using SharePoint were the main targets
Microsoft observed that the hackers sent a request to a SharePoint server, enabling them to steal key material. Charles Carmakal, CTO at Mandiant Consulting firm (a division of Google Cloud), said they were "aware of several victims in several different sectors across a number of global geographies." He added that governments and businesses using SharePoint on their sites were the main targets.
Data breach
Flaw was exploited before a patch was released by Microsoft
Carmakal said several hackers who stole material encoded by cryptography were able to regain ongoing access to the victims' SharePoint data. "This was exploited in a very broad way, very opportunistically before a patch was made available. That's why this is significant," he added. He also noted that the "China-nexus actor" was using techniques similar to previous campaigns linked with Beijing.
Target sectors
Linen Typhoon and Violet Typhoon have been active for years
Microsoft revealed that Linen Typhoon has been "focused on stealing intellectual property, primarily targeting organizations related to government, defense, strategic planning, and human rights" for 13 years. Meanwhile, Violet Typhoon has been "dedicated to espionage," mainly targeting former government and military staff, NGOs, think tanks, higher education institutions as well as media outlets in the US, Europe, and East Asia.