Additional Coverage:
- Microsoft identifies Chinese hacking groups behind persistent SharePoint server attacks (foxbusiness.com)
Microsoft Identifies Chinese Hacking Groups in SharePoint Attack
Redmond, WA – Tech giant Microsoft announced on Tuesday that three China-based hacking groups are responsible for the ongoing cyberattack targeting its SharePoint file-sharing system. The company initially reported the attack on on-premises SharePoint servers on July 19th, describing vulnerabilities related to spoofing and remote code execution.
Microsoft identified two of the groups as state-sponsored actors: Linen Typhoon and Violet Typhoon. Linen Typhoon, active since 2012, has historically focused on intellectual property theft, particularly from organizations linked to government, defense, strategic planning, and human rights. Violet Typhoon, operating since 2015, has primarily engaged in espionage activities, targeting a range of organizations and individuals across the U.S., Europe, and East Asia, including former government and military personnel, NGOs, think tanks, media outlets, and financial and healthcare institutions.
The third group, Storm-2063, is also believed to be based in China, although Microsoft has not yet established definitive links to other known Chinese hacking groups. While Storm-2063 has been observed deploying ransomware in the past, Microsoft stated that its current objectives in this attack remain unclear.
Microsoft has released security updates to protect users across all SharePoint versions and urges customers to apply these updates immediately.