Recent attacks by China-based hacking groups have exploited vulnerabilities in SharePoint servers, compromising over 400 systems. Attackers managed to steal machine keys, enabling them to regain access post-patching without admin intervention. Chinese state-linked hackers have increasingly targeted technology and software providers, focusing on maintaining persistent access to U.S. critical infrastructure, such as pipelines and utilities. The number of cyberattacks related to China doubled last year, with various known groups like Volt Typhoon and Salt Typhoon engaging in espionage and targeting government officials.
Researchers at Eye Security estimate that over 400 systems were compromised due to SharePoint attacks, highlighting the vulnerabilities that hackers exploited.
Chinese state-linked hackers have developed greater sophistication over recent years, concentrating efforts on technology and software providers with extensive client bases.
Volt Typhoon targets U.S. critical infrastructure by breaking into endpoint detection tools and aims to maintain access for potential destructive attacks during contingencies.
Data from CrowdStrike indicates that cyberattacks linked to China increased significantly, with more than 330 reported last year, doubling the previous year's total.
Collection
[
|
...
]