Attacks linked to Chinese government-affiliated hacking groups have targeted vulnerabilities in Microsoft's SharePoint server platform. Specifically, two named actors, Linen Typhoon and Violet Typhoon, along with a third actor, Storm-2603, have been observed exploiting these weaknesses. Investigations have identified 54 breached organizations, including a California university and a federal health organization. Microsoft has released patches for all affected SharePoint versions and believes that threat actors will likely continue targeting unpatched systems to steal data and harvest credentials.
Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. Another China-based threat actor, tracked as Storm-2603, is also exploiting these vulnerabilities.
54 organizations have been breached, including a private university, a private energy operator in California, and a federal government health organization.
Microsoft has released a patch update for SharePoint 2016 servers and has now patched all impacted versions of SharePoint. The vulnerability allows hackers to access certain on-premises versions to steal sensitive data.
Investigations into other actors using these exploits are ongoing. Microsoft assessed with high confidence that threat actors will continue exploiting unpatched server systems.
Collection
[
|
...
]