Three Chinese groups are attacking on-premises SharePoint servers using recently disclosed Microsoft vulnerabilities. Linen Typhoon, a government-backed group, primarily targets intellectual property in sectors related to government and human rights. Violet Typhoon, another government-affiliated crew, focuses on espionage aimed at a range of organizations including NGOs and think tanks. A third group, Storm-2603, may not be state-sponsored but employs ransomware tactics. Organizations are urged to implement security updates for SharePoint immediately to mitigate risks of exploitation by these threat actors.
Linen Typhoon typically steals intellectual property and primarily targets organizations related to government, defense, strategic planning, and human rights.
Violet Typhoon focuses on espionage and targets former government and military personnel, non-governmental organizations, think tanks, higher education, digital and print media, financial and health-related sectors.
Storm-2603 is likely China-based but not necessarily a nation-state gang, and is temporarily designated for a newly discovered or emerging cluster of malicious cyber activity.
If you have SharePoint on-prem exposed to the internet, you should assume that you have been compromised.
Collection
[
|
...
]