Microsoft identified several Chinese state-sponsored hacking groups exploiting security vulnerabilities in its SharePoint document-sharing software. The groups, including Linen Typhoon and Violet Typhoon, targeted internet-facing SharePoint servers utilized by businesses. These vulnerabilities permit attackers to spoof authentication credentials and execute remote malicious code. The attacks commenced on July 7, with Microsoft observing attempts to gain access and steal sensitive data. Microsoft has released security updates for on-premises SharePoint systems and urged users to implement them to protect against these threats.
Microsoft stated that vulnerabilities exist in on-premises SharePoint servers, which many large organizations use for document storage and collaboration, not in its cloud-based service.
The attacks were observed starting from July 7, where hackers exploited vulnerabilities to gain initial access, allowing them to spoof authentication credentials and execute malicious code.
Three Chinese state-sponsored hacking groups, including Linen Typhoon and Violet Typhoon, are actively targeting businesses using SharePoint to exploit these newly disclosed vulnerabilities.
Microsoft reported that the vulnerabilities enable attackers to spoof authentication and remotely execute malicious code, which can lead to significant data theft.
Collection
[
|
...
]