Chinese hackers appear to be having a field day exploiting the newly discovered flaw in Microsoft’s SharePoint software, which is widely used among businesses and governments.
Despite rolling out a fix, Microsoft is warning that at least three China-based hacking groups are exploiting the vulnerability to access internal SharePoint servers run by customers.
According to Microsoft, two of the groups are “Chinese nation-state actors,” called Linen Typhoon and Violet Typhoon, which focus on espionage and stealing intellectual property. “In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities. Investigations into other actors also using these exploits are still ongoing,” the company added.
This Tweet is currently unavailable. It might be loading or has been removed.
Microsoft issued the warning as it’s been urging customers to patch their internal SharePoint servers, which can host confidential files and connect to email inboxes through Outlook. Other cybersecurity vendors, such as Check Point, have detected “dozens of compromise attempts on servers across government, telecommunications, and software sectors in North America and Western Europe.”
The vulnerability can let an attacker execute rogue computer code on a SharePoint server to load a backdoor, hijacking access. In more bad news, Microsoft has uncovered evidence that the three Chinese hacking groups at least tried to exploit the flaws as early as July 7, about 11 days before the security community discovered the vulnerability was facing mass exploitation. Researchers uncovered over 9,000 SharePoint-related IP addresses susceptible to the threat.
Recommended by Our Editors
Microsoft initially issued a patch only for SharePoint Subscription Edition and SharePoint 2019. But later on Monday, Redmond also released a patch for SharePoint 2016. The good news is that SharePoint Online in Microsoft 365 is not affected. The company’s advisory goes on to list “indicators of compromise” to help customers detect if their servers have been hacked.
Security researchers discovered the flaw as a pair of software bugs back in May, but only as a proof of concept. Although Microsoft patched the bugs earlier this month, hackers were able to develop a bypass, according to the US Cybersecurity and Infrastructure Security Agency (CISA).
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Michael Kan
Senior Reporter
