Chinese Hackers Exploit Microsoft SharePoint Flaw
Microsoft has confirmed that Chinese state-linked hacking groups Linen Typhoon, Violet Typhoon, and Storm-2603 exploited a major vulnerability in on-premises SharePoint servers to access sensitive data from nearly 100 organizations worldwide. While Microsoft’s cloud-based services were unaffected, customers running self-hosted SharePoint systems were left exposed until a recent security patch was released.
The hack, described as a “zero-day” exploit, enabled attackers to steal cryptographic keys and drop persistent backdoors into servers. According to Eye Security, which first spotted the breach, the attackers targeted governments, businesses, and NGOs across the U.S., Europe, the Middle East, and Asia. Vaisha Bernard of Eye Security called the breach “unambiguous,” warning that more backdoors may have been added since the exploit became public.
The U.S. government, which has previously accused China of ramping up cyber espionage efforts, has seen federal agencies and contractors among those hit. Microsoft said it is still investigating and warned that “threat actors will continue to integrate [these exploits] into their attacks.” The FBI and cybersecurity experts urge affected organizations not only to patch systems but to assume they’ve already been breached.
