Microsoft Says Chinese State-Backed Hackers Exploiting Flaws in Attacks

Asia Pacific|Microsoft Says Chinese State-Backed Hackers Exploiting Flaws in Attacks

Microsoft said that Chinese state-sponsored actors were exploiting vulnerabilities in one of its popular collaboration software products, SharePoint, which is used by U.S. government agencies and many companies worldwide.

Microsoft said in a notice on its security blog on Tuesday that it had identified at least two China-based groups linked to the Chinese government that it said had been taking advantage of security flaws in its SharePoint software. Such attacks aim to sneak into the computer systems of users.

Those groups, called Linen Typhoon and Violet Typhoon, were ones that Microsoft said it had been tracking for years, and which it said had been targeting organizations and personnel related to government, defense, human rights, higher education, media, and financial and health services in the United States, Europe and East Asia.

Microsoft said another actor, which it called Storm-2603, was also involved in the hacking campaign. It said it had “medium confidence” that Storm-2603 was a “China-based threat actor.”

The U.S. government’s Cybersecurity and Infrastructure Security Agency issued a notice that said it was aware of the hacking attack on SharePoint. It added that it had notified “critical infrastructure organizations” that were affected.

“While the scope and impact continue to be assessed,” the agency said, the vulnerabilities would enable “malicious actors to fully access SharePoint content, including file systems and internal configurations and execute code over the network.”