Ethical Hacking News
Microsoft has confirmed that at least 54 organizations have been breached in a series of attacks on its SharePoint server platform. The company believes that the attacks were carried out by hacking groups affiliated with the Chinese government, using a zero-day exploit to steal sensitive data and move across connected services. A patch update for impacted versions of SharePoint is now available, but Microsoft warns that threat actors will continue to use this exploit to attack unpatched server systems once it is widely known.
Micrsoft is investigating a series of attacks on its SharePoint server platform, affecting at least 54 organizations. The attacks are believed to be carried out by nation-state actors affiliated with the Chinese government, including Linen Typhoon and Violet Typhoon. A zero-day exploit was used to exploit vulnerabilities in Microsoft's SharePoint server platform. Another China-based threat actor, Storm-2603, is also believed to be involved in the attacks. A patch update has been released for affected versions of SharePoint to prevent exploitation of the vulnerability. The company is urging organizations to apply the patch update as soon as possible to protect themselves against these attacks.
Microsoft has announced that it is investigating a series of attacks on its SharePoint server platform, which have resulted in at least 54 organizations being breached. The company's security team believes that the attacks were carried out by hacking groups affiliated with the Chinese government.
According to Microsoft's latest security blog, two named nation-state actors, Linen Typhoon and Violet Typhoon, were identified as being responsible for the attacks. These actors are believed to have exploited vulnerabilities in Microsoft's SharePoint server platform using a zero-day exploit, which allows hackers to access certain on-premises versions of SharePoint to steal sensitive data, harvest passwords, and move across connected services.
In addition to Linen Typhoon and Violet Typhoon, another China-based threat actor, Storm-2603, was also identified as being involved in the attacks. Investigations into other actors who may be using these exploits are still ongoing.
The attacks were discovered after Microsoft released a patch update for SharePoint 2016 servers on Tuesday morning, which has now been applied to all versions of SharePoint that are impacted by the zero-day exploit. However, Microsoft warns that threat actors will continue to use this exploit to attack unpatched server systems once it is widely known.
One of the affected organizations was a private university, while another was a private energy operator in California. A federal government health organization also fell victim to the attacks. The Washington Post reported that anonymous sources working on the SharePoint intrusions identified connections between some attacks and IP addresses inside China.
The vulnerability at the heart of the attack was first published details about last week by researchers at Eye Security, who identified it as a zero-day exploit. This allowed hackers to access certain on-premises versions of SharePoint to steal sensitive data, harvest passwords, and move across connected services. Microsoft has now released a patch update for all impacted versions of SharePoint that are expected to prevent the vulnerability from being exploited.
Microsoft's latest security blog notes that threat actors will continue to use this exploit to attack unpatched server systems once it is widely known. As such, the company is urging organizations to apply the patch update as soon as possible to protect themselves against these attacks.
The implications of this attack are significant, highlighting the ongoing threat posed by nation-state actors and their sophisticated hacking tools. Microsoft's decision to release a patch update for SharePoint has helped to mitigate some of the damage, but it serves as a reminder that organizations must remain vigilant in protecting themselves against these types of attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-Confronts-Chinese-Hacking-Groups-Behind-SharePoint-Attacks-ehn.shtml
https://www.theverge.com/news/711522/microsoft-sharepoint-exploit-china-based-hackers
Published: Tue Jul 22 14:42:57 2025 by llama3.2 3B Q4_K_M
