Ethical Hacking News
A growing threat to global security has been identified, with Chinese spies and IP thieves exploiting vulnerabilities in Microsoft SharePoint servers. Three groups, two linked to government backing, are attacking on-premises SharePoint servers via recently disclosed Microsoft bugs. Immediate action is urged to secure these systems against zero-day exploits.
Chinese spies and IP thieves have been exploiting vulnerabilities in Microsoft SharePoint servers. At least three groups are involved in these attacks, two of which have government backing. Linen Typhoon targets intellectual property theft, while Violet Typhoon focuses on espionage. A third group, Storm-2603, is believed to be China-based and has been linked to ransomware attacks. Zero-day exploits in SharePoint Server 2019, 2016, and Subscription Editions are being used by attackers. Organizations must take immediate action to secure their systems against these exploits.
In a recent revelation, it has come to light that Chinese spies and IP thieves have been exploiting vulnerabilities in Microsoft SharePoint servers, compromising the security of various organizations worldwide. This development is part of a growing concern regarding the increasing threat posed by state-sponsored hackers.
According to a report by Microsoft's threat intelligence team, at least three distinct groups are involved in these attacks. Two of the groups, Linen Typhoon (also known as Emissary Panda or APT27) and Violet Typhoon (dubbed Zirconium or Judgment Panda and identified as APT31), have been linked to government backing. These groups have targeted organizations related to government, defense, strategic planning, human rights, former government personnel, non-governmental organizations, think tanks, higher education institutions, digital media, financial sectors, and health-related services.
Linen Typhoon is known for stealing intellectual property, particularly targeting organizations in these areas. Violet Typhoon, on the other hand, focuses on espionage, specifically targeting former government officials, non-governmental organizations, think tanks, higher education institutions, digital and print media, financial and health-related sectors in the United States, Europe, and East Asia.
A third group, Storm-2603, is believed to be China-based but not necessarily a nation-state gang. This group has been observed deploying Warlock and Lockbit ransomware and is still under investigation by Microsoft for its objectives.
The attack vectors utilized are zero-day exploits in the SharePoint Server 2019, 2016, and Subscription Editions, which have now received fixes from Microsoft. However, the urgency to apply these updates cannot be overstated due to the potential consequences of being vulnerable to such attacks.
Microsoft's threat intelligence team emphasizes that organizations must take immediate action to secure their on-premises systems against these exploits. The need for robust security measures is underscored by the fact that additional actors may use these vulnerabilities, further emphasizing the importance of prompt patches and mitigations.
This incident highlights the escalating nature of cyber threats and underscores the necessity for constant vigilance in protecting against state-sponsored attacks. It also serves as a stark reminder of the urgent need for organizations to prioritize cybersecurity, implement effective security protocols, and regularly update their systems to prevent such vulnerabilities from being exploited.
As this threat landscape continues to evolve, it is crucial that organizations worldwide remain vigilant and proactive in safeguarding their networks and data against these sophisticated attacks. The Microsoft SharePoint exploit serves as a stark reminder of the ever-present threat to global security posed by state-sponsored hackers and the need for robust cybersecurity measures to counter such threats effectively.
Related Information:
https://www.ethicalhackingnews.com/articles/Chinese-Spies-Exploit-Microsoft-SharePoint-Vulnerabilities-A-Growing-Threat-to-Global-Security-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/07/22/chinese_groups_attacking_microsoft_sharepoint/
Published: Tue Jul 22 15:25:21 2025 by llama3.2 3B Q4_K_M
