11 hours ago
3
Microsoft says Chinese “threat actors”, including state-sponsored hackers, have exploited security vulnerabilities in its SharePoint document-sharing software servers and are targeting the data of businesses that use it.
The US technology company said it had observed three groups – the Chinese state-backed Linen Typhoon and Violet Typhoon, and Storm-2603, which is believed to be China-based – using “newly disclosed security vulnerabilities” to target internet-facing servers hosting the platform.
The announcement came amid reports in the Financial Times that Amazon was shutting down its artificial intelligence lab in Shanghai, while the consultancy McKinsey has stopped its China business from taking on work related to AI, amid worsening geopolitical tensions between Washington and Beijing.
Microsoft and IBM have recently scaled back China-based research and development projects, as US officials are stepping up their scrutiny of US companies working in AI in China.
Microsoft said in a blogpost that the vulnerabilities were in on-premises SharePoint servers, which are commonly used by companies, but not in its cloud-based service.
Many large organisations and businesses use SharePoint as a platform for storing documents and allowing colleagues to collaborate on them, and it is regarded as working well alongside other Microsoft products including Office and Outlook.
Microsoft said the attacks had begun as early as 7 July, and said the hackers were trying to exploit vulnerabilities to “gain initial access to target organisations”.
The vulnerabilities allow attackers to spoof authentication credentials and execute malicious code remotely on servers. Microsoft said it had observed attacks where the attackers had sent a request to a SharePoint server “enabling the theft of the key material”.
Microsoft said it had released security updates and advised all users of on-premises SharePoint systems to install them. It warned that it assessed with “high confidence” that the hacking groups would continue to attack unpatched on-premises SharePoint systems.
Microsoft said Linen Typhoon had been “focused on stealing intellectual property, primarily targeting organisations related to government, defence, strategic planning, and human rights” since 2012.
after newsletter promotion
It added that since 2015, Violet Typhoon had been “dedicated to espionage, primarily targeting former government and military personnel, non-governmental organisations, thinktanks, higher education, digital and print media, financial and health related sectors in the United States, Europe, and east Asia”.
Microsoft said it had “medium confidence” that the third group, Storm-2603, was based in China, but said it had not established links between the group and other Chinese threat actors. It warned that “additional actors” may also target on-premises SharePoint systems to exploit their vulnerabilities, if its security updates were not installed.
