Cyberattacks are becoming disturbingly frequent, especially those targeting large corporations by exploiting their security weaknesses. Recently, Microsoft accused Chinese state-sponsored groups of identifying and exploiting vulnerabilities in SharePoint document management software as part of a global hacking campaign. The primary targets are businesses and government agencies, which include sensitive infrastructure. Although the Chinese Embassy has denied these allegations, calling them baseless, Microsoft insists that its clients were specifically targeted and is now rolling out security patches to counteract the threat.
Microsoft claims that these Chinese hackers found loopholes in SharePoint and launched a worldwide cyberattack. The tech giant disclosed their findings, pointing fingers at two state-backed groups, Linen Typhoon and Violent Typhoon, for utilizing vulnerabilities in on-premises SharePoint setups, sparing the cloud version. Another group, Storm-2603, was also mentioned in relation to the exploit. Microsoft highlighted that these threat actors have a history of ransomware attacks.
A zero-day vulnerability was discovered in the self-managed SharePoint servers, allowing attackers to bypass authentication by impersonating legitimate users. Microsoft confirmed that their cloud-hosted counterpart remained unaffected. The attacks commenced on July 7th, well before any public dissemination of the issue.
Microsoft cautioned users that additional threat actors might exploit the flaw. Google’s CTO corroborated that at least one group involved had connections to China, and more groups were attempting to exploit the vulnerability. Microsoft assessed with high confidence that these threats would persist in future attacks.
The Chinese Embassy quickly denied the accusations, emphasizing their opposition to cyber crimes and stated, “China firmly opposes all forms of cyberattacks and cybercrime. At the same time, we also firmly oppose smearing others without solid evidence.”
While it remains uncertain if Chinese hacking groups are involved, Microsoft has proactively released emergency patches to address the issue and is preparing further security updates to protect against potential exploits.
