Connect with us

Sci & Tech

Microsoft Servers Hacked By Chinese Groups, Firm Says

Published

11 months ago

on

Chinese “threat actors” have hacked Microsoft’s SharePoint document software servers and targeted the data of the businesses using it, the firm has said.

China state-backed Linen Typhoon and Violet Typhoon as well as China-based Storm-2603 were said to have “exploited vulnerabilities” in on-premises SharePoint servers, the kind used by firms, but not in its cloud-based service.

The US tech giant has released security updates in response and has advised all on-premises SharePoint server customers to install them.

“Investigations into other actors also using these exploits are still ongoing,” Microsoft said in a statement.

The firm said it had “high confidence” the hackers would continue to target systems which have not installed its security updates.

It added that it would update its website blog with more information as its investigation continues.

Microsoft said it had observed attacks in which hackers had sent a request to a SharePoint server “enabling the theft of the key material by threat actors”.

Charles Carmakal, chief technology officer at Mandiant Consulting firm, a division of Google Cloud, told the BBC it was “aware of several victims in several different sectors across a number of global geographies”.

Carmakal said it appeared that governments and businesses that use SharePoint on their sites were the primary target.

A number of adversaries who stole material encoded by cryptography were then able to regain ongoing access to the victims’ SharePoint data, he said.

“This was exploited in a very broad way, very opportunistically before a patch was made available. That’s why this is significant,” Carmakal said.

Carmakal said the “China-nexus actor” was deploying techniques similar to previous campaigns associated with Beijing.

Related Content:  Hackers Breach Israeli’s Defense Ministry Computers, Steal Sensitive Information For Sale

Microsoft said Linen Typhoon had “focused on stealing intellectual property, primarily targeting organizations related to government, defence, strategic planning, and human rights” for 13 years.

It added that Violet Typhoon had been “dedicated to espionage”, primarily targeting former government and military staff, non-governmental organizations, think tanks, higher education, the media, the financial sector and the health sector in the US, Europe, and East Asia.

Meanwhile, Storm-2603 was “assessed with medium confidence to be a China-based threat actor”.

(BBC)

Kenya Insights allows guest blogging, if you want to be published on Kenya’s most authoritative and accurate blog, have an expose, news TIPS, story angles, human interest stories, drop us an email on [email protected] or via Telegram

Related Topics:

Got a Tip, Story, or Inquiry? We’re always listening. Whether you have a news tip, press release, advertising inquiry, or you’re interested in sponsored content, reach out to us! Email us at: [email protected] Your story could be the next big headline.

Advertisement

Facebook

Most Popular

error: Content is protected !!